Our Free Study Guides and Practice Exams Will Make You Certifiable!
  Home

HOME | EXAM DETAILS | FREE TESTS | STUDY GUIDES | GLOSSARY | ARTICLES | BOOKS & TRAINING | FORUMS | CAREER & JOBS
 MICROSOFT
 COMPTIA
 CISCO
 CIW
 LPI
 RED HAT
 IBM
 FREE MAGAZINES
 WHITE PAPERS
 TOPSITES
 CONTRIBUTORS
 SITE MAP
 SITE FAQ
 

Users online
total users: 1026
Last Post
Certification details ?
by I Want More CowBell
Jul. 23, 2008 21:01
Board statistics
We have a total of 80710 posts!
 TechTutorials
 CertifyPro
 Certnotes
 Web Host Reviews
 CBT Training
 MCSE Boot Camp
 MCSE Training

Introduction to Security+
By Jason Zandri

Welcome to this introductory article on the new CompTIA Security+ Certification and Exam.

Security+ (SY0 - 101) is a vendor-neutral certification exam developed by CompTIA that covers the foundations of information security.

Recently there had been a Beta test available of the Security+ exam from August 26, 2002 through September 30, 2002. Candidates that passed the Beta exam will receive the Security+ certification when the exam is formally released "live" on December 2, 2002.

Some of the scores for the exam have just begun to be released to the candidates and there is not yet a full count of the number of people that have taken the exam and passed against the total number of test takers to have a passing percentage doled out at this time.

[NOTES FROM THE FIELD] - You can register for this exam after December 2, 2002 by going to the Prometric or VUE websites or by telephoning them. The Security+ exam code is SY0 - 101.

Prometric: (800) 755-EXAM (800-755-3926).

VUE: 800 TEST Registration (800-837-8734).

CompTIA corporate members receive a discount on CompTIA exams and as of right now that amount for the Secuirty+ exam is listed at $175.00. Non-members, and I would assume this would mean the general public as well, are charged $225.00 according to the website.

The Security+ exam is available in English only at this time and is presented as a 100 question, multiple choice exam to be completed in 90 minutes. Candidates sitting the test need a score of 764 in order to pass the exam, and that score is derived from a 100 - 900 scale. Test results are displayed as soon as you complete the exam and scores are denoted as PASS/FAIL, there is no actual score presented.

[NOTES FROM THE FIELD] - I was a BETA test taker and only received a notice of PASS and no score and this was mailed to me several weeks after I took the exam. This is typical for a BETA exam. There is nothing I have been able to find on the CompTIA site that states actual scores will be handed out at the end of the exam, all it states is "The Security+ exam consists of 100 questions to be completed in 90 minutes. The minimum passing score is 764, graded on a scale of 100 - 900. Test results are displayed as soon as you complete the exam".

The way I read this is that no scores will be handed out, as I read the term "results" as PASS/FAIL, but this may not be the case or if it is the case at the present time, this fact may well change.

The Security+ Certification Exam is tailored for network professionals and system administrators with at least 2 years of networking and systems experience. CompTIA recommends that the Security+ test candidates have a solid base of knowledge and a skill level at or exceeding the CompTIA A+ and Network+ certification exam requirements combined.

The Security+ certification exam tests in five domain areas. The table below has links to the details of the domains themselves on the CompTIA website and also outlines their weighted percentage as part of the exam whole.

Domain
% of Exam
1.0 General Security Concepts 30%
2.0 Communication Security 20%
3.0 Infrastructure Security 20%
4.0 Basics of Cryptography 15%
5.0 Operational/Organizational Security 15%
Total 100%
The full details for all of the Objectives for the CompTIA Security+ Certification Exam can be found on the CompTIA website.

[NOTES FROM THE FIELD] - The full detail objectives are in Adobe Acrobat format and you will need at least the Acrobat Reader or plug in for your browser installed to view the page.

CompTIA has a few rules about their tests and retake policies:

  • If you fail your 1st attempt to pass any CompTIA exam you are not required to wait any period of time to attempt a retake.

  • If you fail the same exam a second time, (and each time after that second failure,) you are required to wait 30 days before sitting the exam again, each and every time from this point forward.

  • If you pass any CompTIA exam and have a need to recertify for it again for any reason, other than a requirement as laid out by CompTIA, you need to wait 12 calendar months to sit the exam again.

[NOTES FROM THE FIELD] - The main reason for the wait periods are due to the fact that there are certain individuals that will intentionally fail an exam to sit it again and again in an attempt to memorize as many of the questions as they can in order to sell the questions.

Also, most people will eventually pass an exam if they sit it often enough, as they will eventually remember questions they were given on the test and study up on those topics only. This is not the best way to gauge who actually knows the material and is certifiable.

If you hand a poor shot enough rounds they will eventually hit the target. This does not make them a marksman.

CompTIA does not require candidates to retake their certification exams. For example, my A+ certification was taken in 1998 when it was 220-101 and 102. It then was 121 and 122 and then 201 and 202 and now the versions are 220-221 for the A+ Core Hardware Exam and 220-222 for the A+ OS Technologies Exam.

I am still certified and do not need to sit the exams again.

This line of thinking may change in the future but currently is the way it is laid out. The only reason a candidate may need to sit an exam again at an official center might be in the case of job requirement or review and this is why CompTIA limits these individuals to once a year, based on 12 calendar months.

CompTIA is pretty strict and straightforward about their policies and if they determine that a test taker has violated the retake policy or any general policies as laid out, they will review the situations which lead up to the violation and may, based upon the seriousness of the incident or violation:

  • Deny that person the CompTIA certification for that test for a minimum period of twelve (12) calendar months, regardless of their current status of having passed or failed the exam

  • If the situation is such that the test taker was already certified in that exam and they were taking it again in violation of the agreement, CompTIA reserves the right to revoke the certification.

  • CompTIA may also revoke all other certifications previously granted to the test taker under the CompTIA program.

  • CompTIA may also disallow that person from taking further exams over the next 12 calendar months or perhaps longer.

Any question of how serious CompTIA takes these matters would be answered by reading up on some of the actions that the company has taken against the organized sites of would-be braindump collages.

One that sticks out in my mind well is this one - CompTIA Settles Suit Against Cheet-Sheets.com; Launches Industry "Security Council".

A number of other sites have been shutdown as well.

The CompTIA Security+ exam joins a small family of established and up and coming certification exams such as the International Information Systems Security Certifications Consortium's pair of exams, the Systems Security Certified Practitioner (SSCP) and the Certified Information Systems Security Professional (CISSP), both of which are considered THE security certification exams.

There is also the pair of exams (one live, one in development) from the Information Systems Audit and Control Association and Foundation (ISACA). Since 1978 the Certified Information Systems Auditor (CISA) has been ISACA's cornerstone certification. They are also developing the new Certified Information Security Manager (CISM) certification, which is geared toward experienced information security managers and those who have information security management responsibilities. Currently, this certification is due to be released in June 2003.

The Security Certified Program is a two-part, two-level, vendor-neutral certification program for IT professionals. The Security Certified Network Professional (SCNP) program is designed with defense in mind and centers on topics such as firewalls, intrusion detection, VPNs, SSL, Risk Analysis, Linux & Windows security, attack methodology, and internet security. The certification is broken down under two different exams, the first one is Exam SC0-401 Network Security Fundamentals and the second is Exam SC0-402 Network Defense and Countermeasures. Both are required to be passed for the Security Certified Network Professional certification.

The Security Certified Network Architect (SCNA) focuses on topics such as cryptography, biometrics, PKI Concepts, PKI Planning, PKI Implementation, HIPAA, security response, smart cards, legal and physical security issues, and network forensics. This too is a two part certification, the Advanced Security Implementation

Exam (SC0-501) and the second exam, Exam SC0-502, The Solution Exam, which centers its material on security scenarios. Both are required to be passed for the Security Certified Network Architect certification.

Microsoft is also getting into the security certification game to a degree with the upcoming release of its Exam 70-214 Implementing and Administering Security in a Microsoft Windows 2000 Network in January 2003. While there is no official talk of a stand alone security certification from Microsoft or an addition to their MCSA or MCSE tracks with an additional denominator such as +Security (as they had done in the past with +Internet), there is some unofficial, water-cooler talk coming from Redmond so the best I can add here at this time is "stay tuned".

Well, that's a wrap for this article, I hope you found it informative and will return in the future for additional reading.

Best of luck in your studies and please feel free to contact me with any questions or comments on my columns and remember,

“Security vulnerabilities are an unavoidable part of software.”

Jason Zandri




 CareerAcademy
Certification training videos with private instructors. Topics cover Microsoft MCSE, CompTIA, CISSP & Cisco exams. Courses also come with official practice exams with 7x24 mentors.
more products...
 Netwind Learning
Free Demo. Certification Training for A+, MCSE, MCTS Microsoft.NET, Cisco CCNA, CCNP, CCVP, CCSP, Java, Oracle, Linux, PMP and 100's of other courses.
more products...
 EDULEARN
Certification Training on CD-ROMs & Videos: Microsoft MCSE Training, A+ Certification, Windows 2003, & Free demos. MCSE certification training includes videos and labs.
more products...
 Training Planet
Nationwide Computer Training Boot Camp Classes and also CD based training courses A+ Certification, Cisco Training, MCSE, CISSP, Autocad, Office, PMP, SOX, PC Diagnostics
more products...


ADVERTISE | PARTNERSHIPS | PRIVACY POLICY | DISCLAIMER | | CONTACT


IT Showcase