 |
|
 |
|
|
 |
 |
Security+: What a Disappointment! |
| Greg takes CompTIA's Security+ exam and comes away wishing he'd spent the fee on expanding his CD collection. |
| by Greg Neilson |
|
4/6/2004 -- If you've read my earlier column on my plans for 2004, or my comments featured as part of CertCities' 10 Hottest Certifications for 2004, you would know that I am pretty bullish on CompTIA's Security+ certification. Actually, that should read was bullish. You see, I finally took the Security+ exam, and I must say I was very disappointed by it.
I'll say up front that I failed the exam by a couple of questions. But this is not about my score: I don't need Security+ title for my job or any future career plans. I took the exam because I was excited about the title; I thought it would be useful to broaden my security knowledge in areas that I don't deal with on a regular basis.
From my experience in taking more than 100 other certification exams, I expected Security+ to ask unambiguous questions with varying levels of difficulty that when combined -- and let's face it, there are 100 questions here today, so there's lots of scope for this variation -- would give a reliable indication of whether someone has acquired basic security skills in a broad range of areas. And I don't think that's an unreasonable expectation to have, especially considering this exam's $225 (U.S.) price tag. (Even worse, in Australia the cost in local currency was $415, which equates to $312!).
Unfortunately, this is NOT the exam we have today.
Much of Security+ consists of pretty easy questions about security, which probably accounts for the relatively high percentage needed to pass (83 percent). -- not unreasonable considering how many easy questions there are. However, there's two other types of questions on this exam: a handful covering content so obscure that only an expert can answer, and -- here's the kicker! -- others that are so poorly worded that you are unable to determine what you are being asked, let alone which is the correct response! In fact, before I took the test, I had seen comments posted in forums complaining about the quality of the Security+ exam questions, and I pretty much dismissed those posters as whiners. But now I know they were on to something. I wish I could put detailed examples of these questions here; but that, of course, would be giving away exam questions, which I can't do.
Now, I'm not a psychometrician, so I can't say that the Security+ exam doesn't confirm to this testing standard or that one. But considering the quality of the questions asked and the imbalance of the question difficulty levels, I can say that I simply don't believe that this exam does what it sets out to do: truly test one's knowledge of the subject at hand.
I have a number of other CompTIA certifications: Network+, Server+, Linux+ and IT Project+. Security+ simply doesn't conform to the same standard. Therefore, until CompTIA does some work to fix the problems with this exam, I can't recommend that anyone else take it, and I will no longer recommend the program to others. I did learn a great deal about security in my preparation, but as far as the exam itself goes, I would have been much better off spending the cash on expanding my CD collection.
I'd like to hear back from those of you out there that have taken this exam. What do you think? Let me know by posting your comments below.
|
Greg Neilson, MCSE+Internet, MCNE, PCLP, is a Contributing Editor for Microsoft Certified Professional Magazine and a manager at a large IT services firm in Australia. He's the author of Lotus Domino Administration in a Nutshell (O'Reilly and Associates, ISBN 1-56592-717-6). You can reach him at Attn: Greg.
|
|
| |
|
There are 69  user Comments for “Security+: What a Disappointment!”
|
|
Page 5 of 7
|
| 4/12/04: Dave F from Stuttgart GE says: |
I took the Security+ test the month it came out and passed it. It was hard, and I studies a lot. I've read lots of the same complaints about the CISSP test. Vague questions, two possible answers. I studied a lot for that one also. Maybe the study and 3 years doing computer security helped. I found very few questions in either thest with two good answers. I found a number of questions where I understood that 'if they were looking at X, then 1 would be the answer, but they are looking at Y and the answer has to be 2'. Again, maybe a lot of study and doing the job made it easy. I think that it was meant to be that way. I do believe that you can't do good computer security without a solid computer technical background. But, I do not believe that a solid computer technical background makes you an adequate computer security dude. I think that if you really knew the field, you would find most all the questions pretty answerable. I think that if you were honest with yourself, you would find the problem within. |
| 4/13/04: Anonymous says: |
Back to the point of the article: CompTIA's item-writing procedure has always been flawed. They get SME's from the early sponsors and elsewhere, but they don't get good item (question) writers. A while back they eliminated the possibility that anyone who writes professionally could participate. So, they end up with tons of: bad, stupidly-easy, impossibly hard, and ambiguous questions, relying on the psychometricians to fix them...but those dudes don't touch words and letters...they simply measure and disqualify questions. If a question passes their measurement, whomever sets the bar, it must be good. Lately the measurement and analysis of CompTIA's exams has been rather poor, IMO, probably because of limited budgets. Greg, if you really want to see the results of what I just wrote, go take the A+ exam. You think Sec+ is bad? Hold onto your head...LOL |
| 4/14/04: SUCKED IN!!! from Australia says: |
Quote: "I don't need Security+ title for my job or any future career plans. I took the exam because I was excited about the title" This fail serves you right. You don’t care for the cert, but you still will spend endless nights and $415 AUD just to prove to yourself that you can pass an entry level exam. In all seriousness, you should forget all those stupid certs that nobody cares about, and only focus on what is important to you. My question to you, Greg Neilson... What’s are the pro's of doing a Security + cert for YOUR job? If you just wanted some security knowledge...cross skilling...why not read the wonderful resources on the web...for free. PS: I do not do exams because they excite me ….Greg (and to all other Aussies) do you remember that bloke that had those product/s, and his line was “IM EXCITED!!!!” What is the moral of this... "If it’s not worth doing, it’s not worth doing" |
| 4/14/04: Nick from Silicon Valley says: |
If you think the Security+ exam is bad in terms of wording...you should check out the CISSP. Some of the questions (and answers) make you scratch your head and wonder if it's actually written in English... |
| 4/15/04: Bryan J. Smith from Orlando, FL says: |
I took the Security-plus "cold turkey" (0 study) within the first few weeks of being released and I DID PASS! But I DO have to say that the asymetric cryptography and other KEY sections had some DEAD WRONG or downright AMBIGUOUS questions, so I can see how others COULD fail. |
| 4/16/04: gERALD from Columbia, SC says: |
Why does this not surprise me? 1. He failed. Do you expect a glowing review? 2. CompTIA exams are ALL garbage, poorly worded, ambigious, and therefore extremely difficult. 3. CompTIA exams are useless INSIDE the industry, but are great to list on your resume for a customer. 4. Time to unzip - I have MCP, MCSA, MSCE, MCDBA, A+, iNet+, Network+, Server+, and that elusive, highly malaigned, Security+, so I am somewhat qualified to speak. Oh yea, I intend to sit for 70-214 to add "Security" to the MS exams. |
| 4/18/04: David from Atlanta, GA says: |
I am disappointed at the article. I am getting ready to take the Security plus exam and have read one book on the subject and taken over 500 sample test questions. I find the material extremely relevant to my position as a Security Analyst for a Managed Security Service Provider. Knowledge of ports, protocols, encryption methodologies, physical safeguards and polices are subjects that my company deals with on a DAILY basis. I am discrediting this article and moving forward to a positive review of the certification. Regards, |
| 4/18/04: Jacko from Santa Barbara, CA says: |
I think whatever comments Greg has about the exam are negated by his failure to pass the exam in the first place. If you didn't pass it, then how can you realistically pass judgement on it? If nothing else, it all comes off as sour grapes. And, let's be candid here: the Security Plus exam isn't all that difficult. If you know TCP IP, there isn't any reason the author shouldn't have passed it with any sort of mild studying. |
| 4/19/04: SUCKED IN!!! from Australia says: |
SPOT ON JACKO |
| 4/19/04: RaoulPorfavorny from Atlanta, Georgia says: |
Hey Greg - too bad you failed. Wah Wah! I find it hard to take your eval seriously. Your comments about poorly worded questions are probably valid - but I find it's not only in the context of compTIA exams. Microsoft, CIW, ALL have poorly worded questions on their exams too. That's part of the game. So big guy, try studying smarter - not harder. |
First Page Previous Page Next Page Last Page
|
|
|
|
