 |
|
 |
|
 |
Greg Neilson
|
|
|
|
 |
 |
Security+: What a Disappointment! |
| Greg takes CompTIA's Security+ exam and comes away wishing he'd spent the fee on expanding his CD collection. |
| by Greg Neilson |
|
4/6/2004 -- If you've read my earlier column on my plans for 2004, or my comments featured as part of CertCities' 10 Hottest Certifications for 2004, you would know that I am pretty bullish on CompTIA's Security+ certification. Actually, that should read was bullish. You see, I finally took the Security+ exam, and I must say I was very disappointed by it.
I'll say up front that I failed the exam by a couple of questions. But this is not about my score: I don't need Security+ title for my job or any future career plans. I took the exam because I was excited about the title; I thought it would be useful to broaden my security knowledge in areas that I don't deal with on a regular basis.
From my experience in taking more than 100 other certification exams, I expected Security+ to ask unambiguous questions with varying levels of difficulty that when combined -- and let's face it, there are 100 questions here today, so there's lots of scope for this variation -- would give a reliable indication of whether someone has acquired basic security skills in a broad range of areas. And I don't think that's an unreasonable expectation to have, especially considering this exam's $225 (U.S.) price tag. (Even worse, in Australia the cost in local currency was $415, which equates to $312!).
Unfortunately, this is NOT the exam we have today.
Much of Security+ consists of pretty easy questions about security, which probably accounts for the relatively high percentage needed to pass (83 percent). -- not unreasonable considering how many easy questions there are. However, there's two other types of questions on this exam: a handful covering content so obscure that only an expert can answer, and -- here's the kicker! -- others that are so poorly worded that you are unable to determine what you are being asked, let alone which is the correct response! In fact, before I took the test, I had seen comments posted in forums complaining about the quality of the Security+ exam questions, and I pretty much dismissed those posters as whiners. But now I know they were on to something. I wish I could put detailed examples of these questions here; but that, of course, would be giving away exam questions, which I can't do.
Now, I'm not a psychometrician, so I can't say that the Security+ exam doesn't confirm to this testing standard or that one. But considering the quality of the questions asked and the imbalance of the question difficulty levels, I can say that I simply don't believe that this exam does what it sets out to do: truly test one's knowledge of the subject at hand.
I have a number of other CompTIA certifications: Network+, Server+, Linux+ and IT Project+. Security+ simply doesn't conform to the same standard. Therefore, until CompTIA does some work to fix the problems with this exam, I can't recommend that anyone else take it, and I will no longer recommend the program to others. I did learn a great deal about security in my preparation, but as far as the exam itself goes, I would have been much better off spending the cash on expanding my CD collection.
I'd like to hear back from those of you out there that have taken this exam. What do you think? Let me know by posting your comments below.
|
Greg Neilson, MCSE+Internet, MCNE, PCLP, is a Contributing Editor for Microsoft Certified Professional Magazine and a manager at a large IT services firm in Australia. He's the author of Lotus Domino Administration in a Nutshell (O'Reilly and Associates, ISBN 1-56592-717-6). You can reach him at Attn: Greg.
|
|
| |
|
More articles by Greg Neilson:
|
There are 85  user Comments for “Security+: What a Disappointment!”
|
|
Page 3 of 9
|
| 4/8/04: Scott W. from Hagerstown Md. says: |
I took the test failed the first one, by 2 or so questions, then retook it 10 days later and passed by the same margin. I have to agree that a number of the questions are poorly written. That is the last Comptia test I ever intend on taking. No value for the money. Scott W. MCSE, CCNA, Network;Security and A plus |
| 4/8/04: Mike from Washington says: |
I took the Security-plus exam cold (no preperation) and passed. Any experienced security professional should be able to do the same. Any security professional at an entty level should be able to pass with standard prep techniques. I would not expect someone with no security experience to pass, even with fairly heavy preparation. Yes, some of the questions are vague or poorly worded. Yet there are no more of these than on any Microsoft or other vendor certification. All tests have some vague questions, and if missing a few of the vague questions caused you to fail, you probably didn't have the requisite knowledge. Again, I am a CISSP and MCSE:Security, and I passed the Security-plus with no prep at all. It is all basic-level knowledge, nothing advanced at all. If you don't pass it, take it as a sign that you need more security EXPERIENCE, not more exam prep, and definitely not that the exam is poor. |
| 4/8/04: EW from Seattle, WA says: |
I've been in the business for 12 years and I can hardly believe some of the dialog that has sputtered from others in response to this article. There is never an excuse for unprofessional verbiage and name calling. Bottom line: Passing or Failing an exam doesn't validate or void ones opinion of an exam. It's an opinion, an observation and that's what makes this country great, that we can all have one. Certifications and degrees are measuring referenced points, but mean nothing without the experience to go with them. I've seen plenty of IT infrastructures that were designed by people with degrees and certifications, and they were all flawed in one way or another from the ground up. I hold 5 certifications (which I won't list) and who cares? Studying for them has cost me some of the best years of my life, time I can't ever get back and 5 years from now, they won't mean a thing. However, I have 12 years of experience and that goes a long way when functioning in the role as a Network and Systems Engineer/Administrator. |
| 4/8/04: Nick from Phoenix, AZ says: |
I passed it on the first try 2 weeks ago. I thought some questions were difficult and some way too easy. Some were poorly worded and some were out of left field, nowhere to be found in my books. I was sweating it out when I clicked to grade it. I wasn't very confident that I'd passed. Would I recommend it? I guess I would, simply because preparing for it was worth it. Not passing the test, necessarily. I'm not a big fan of certification exams in the first place as I feel they're a money making scam for the most part. But, sadly, if you don't have these acronyms on your resume, it won't even get looked at! |
| 4/8/04: TomL says: |
My experience mirrors your experience. A good number of the questions were poorly worded and ambiguous. |
| 4/8/04: Greg Neilson says: |
Wow! Some very interesting feedback. In response to the suggestion that I am venting here because I have failed, unfortunately this is not the first cert exam I have failed (I wrote a column a while back at http://certcities.com/editorial/columns/story.asp?EditorialsID=60 that included handling an exam resit after a failure, based on on my own experiences), but I have to tell you that the other times I really felt that it was my fault for being underdone in my preparations. When I came out of this exam I was so disappointed with the content of the exam itself that there was no way I was going to waste more money taking it again in its current form. |
| 4/8/04: Anonymous from Mid-West says: |
I took the exam also, and I know the material exceptionally well. I did not pass the exam! I also have several networking and security certifications. I considered many questions to be confusing. I am recommending to those I work with to wait until the exam is revised. Most of the people I know did not pass the exam and relate the same concerns, that of poorly worded questions. |
| 4/8/04: Technical Editor says: |
The CompTIA Security plus exam may include poorly written questions but it does test the candidate's basic knowledge of computer and network security. I passed the beta version of the exam, which was offered within 30 days of passing the CISSP exam. Of course I felt the Security plus exam was easy at that time but it is one of the more difficult CompTIA exams currently available. |
| 4/9/04: Anonymous from Dallas says: |
The test is a preparation for another security exam, i.e. CISSP and some other deep security certs. Security plus exam is OK, get you a basic idea on hows securiyt is all about. |
| 4/9/04: Anonymous says: |
All CompTia certs are worthless and will be of no help in landing a job. Besides when was the last time you saw a "entry level" security job that didn't require atleast 5 years exp and a toolbox full of other skills. People shelling out the 200 quid in hopes of a job offer will be sadly disappointed. |
First Page Previous Page Next Page Last Page
|
|
|
|
