 |
|
 |
|
 |
Greg Neilson
|
|
|
|
 |
 |
Security+: What a Disappointment! |
| Greg takes CompTIA's Security+ exam and comes away wishing he'd spent the fee on expanding his CD collection. |
| by Greg Neilson |
|
4/6/2004 -- If you've read my earlier column on my plans for 2004, or my comments featured as part of CertCities' 10 Hottest Certifications for 2004, you would know that I am pretty bullish on CompTIA's Security+ certification. Actually, that should read was bullish. You see, I finally took the Security+ exam, and I must say I was very disappointed by it.
I'll say up front that I failed the exam by a couple of questions. But this is not about my score: I don't need Security+ title for my job or any future career plans. I took the exam because I was excited about the title; I thought it would be useful to broaden my security knowledge in areas that I don't deal with on a regular basis.
From my experience in taking more than 100 other certification exams, I expected Security+ to ask unambiguous questions with varying levels of difficulty that when combined -- and let's face it, there are 100 questions here today, so there's lots of scope for this variation -- would give a reliable indication of whether someone has acquired basic security skills in a broad range of areas. And I don't think that's an unreasonable expectation to have, especially considering this exam's $225 (U.S.) price tag. (Even worse, in Australia the cost in local currency was $415, which equates to $312!).
Unfortunately, this is NOT the exam we have today.
Much of Security+ consists of pretty easy questions about security, which probably accounts for the relatively high percentage needed to pass (83 percent). -- not unreasonable considering how many easy questions there are. However, there's two other types of questions on this exam: a handful covering content so obscure that only an expert can answer, and -- here's the kicker! -- others that are so poorly worded that you are unable to determine what you are being asked, let alone which is the correct response! In fact, before I took the test, I had seen comments posted in forums complaining about the quality of the Security+ exam questions, and I pretty much dismissed those posters as whiners. But now I know they were on to something. I wish I could put detailed examples of these questions here; but that, of course, would be giving away exam questions, which I can't do.
Now, I'm not a psychometrician, so I can't say that the Security+ exam doesn't confirm to this testing standard or that one. But considering the quality of the questions asked and the imbalance of the question difficulty levels, I can say that I simply don't believe that this exam does what it sets out to do: truly test one's knowledge of the subject at hand.
I have a number of other CompTIA certifications: Network+, Server+, Linux+ and IT Project+. Security+ simply doesn't conform to the same standard. Therefore, until CompTIA does some work to fix the problems with this exam, I can't recommend that anyone else take it, and I will no longer recommend the program to others. I did learn a great deal about security in my preparation, but as far as the exam itself goes, I would have been much better off spending the cash on expanding my CD collection.
I'd like to hear back from those of you out there that have taken this exam. What do you think? Let me know by posting your comments below.
|
Greg Neilson, MCSE+Internet, MCNE, PCLP, is a Contributing Editor for Microsoft Certified Professional Magazine and a manager at a large IT services firm in Australia. He's the author of Lotus Domino Administration in a Nutshell (O'Reilly and Associates, ISBN 1-56592-717-6). You can reach him at Attn: Greg.
|
|
| |
|
More articles by Greg Neilson:
|
There are 85  user Comments for “Security+: What a Disappointment!”
|
|
Page 8 of 9
|
| 7/16/04: Anonymous says: |
First things first, this test requires some thinking, not because of it's complexity, but because of the wording of the questions which CompTia needs to evaluate. I've taken the test twice and failed both times. The first time was entirely my fault for not being properly prepared for it (thought it would be a walk in the park). But even after reviewing about 800 questions , some from real-exams.com ( in which some questions were word for word), I still could not pass it. I got a 732, a 764 is required to pass. I'll give it one more try but I have to wait a month. Third times a charm. |
| 9/16/04: alekzpogi from Not that hard says: |
I beg to disagree but the exam is not disappointment! It needs careful understanding of the questions to find what they are really asking. It is not some MCP exams that reading it at a glance, you can immediately answer the question. It needs a lot of studying and patience. I used the Syngress book, ExamCram2, TCat's PDF and Sybex. Passed it 2 weeks ago with a score of 820. |
| 11/24/04: Anonymous from UK says: |
I gained this cert earlier this year and share a number of views already mentioned here. The exam is not one of CompTIA's best, I have taken a couple of their other certs and found the quality of questions and exam much better which makes the price of this exam even harder to accept. Like others I gained most benefit from this cert in the preparation phase, learning a good deal about security practices etc. Having done a fair amount of study I rattled through most of the questions on the exam but then came the ambiguous ones. Luckily time is not an issue on this exam so I found myself re-reading the short 15-30 word sentence again and again but often to no avail. Irrespective of this there are enough good questions to allow you to pass if you have prepared and done the work! And yes it is a good stepping stone to other more specific security certs CISSP etc. At the end of the day I got out of it what I wanted, to broaden my knowledge of Security and add a cert to my resume. I decided not to head further down the security track but it gave me a good heads up. |
| 12/23/04: mikeeec from Modesto says: |
I am not sure why anyone would be disappointed with a CompTIA exam - I have taken five of their exams, and found every one of them to be a joke - they test you on worthless trivia, not real-world knowledge. Server is supposed to be a "premier" exam - it took all of 15 minutes to get a 942 - and with no braindumps. |
| 2/11/05: Anonymous from Michigan, USA says: |
I took the exam yesterday and failed with a 732... Although a large number of the questions were word-for-word from the testing/review materials I used, the rest was lacking. Unfortunately, some of the questions have the book answer and the real world answer. If this was a useful exam, it would be looking for the real world answer. I spent 2-3 weeks reviewing and was sure that I had passed when I finished question 100. I'm not sure that I'll be going back to take the test again. I've passed A plus without a problem as well as Microsoft exams. This one was a joke at best... |
| 2/13/05: William from NC says: |
I took the exam first a week ago and made a 704. I retook the test on Friday and passed by two questions. I used two different study books and five different practice exams over a period of four months. I took a computer security class in college, but I am a recent graduate and have little real world experience in Computer Security. The exam is definately not the end all for Computer Security, but a great stepping stone. I like the fact that it has no recertification requirement. I don't think entry level exams should. It would be too much to ask someone to do hours of training to keep this one up. It was a great exam to take, and it was challenging and a good way to learn more. |
| 3/7/05: ozmo from KC says: |
I finished the test a little over an hour ago. My first Cert ever attempted. I failed with 748. I have an IT BS and 2 years in infosec. It is my opinion that the test itself is good and relevant, but the prep materials were horrid. Interestingly the prep materials, I felt, more than adequately covered the CompTIA objectives. Of the questions tested I felt 25% were from left field. Unfortunately, 25% wrong is too much to pass. If all the questions were based on what my study guides contained I expect to have passed with +90% correct. I will buy Tcat's PDF (uggg PDFs) and try again. |
| 6/3/05: Thomas P. from SE WI, USA says: |
I've taken CompTIA's Network+ Certification, and felt it did a good job of evaluating networking knowledge. I also agree that CompTIA generally does a good job with it's exams. However, I've taken Security+ twice now, and failed both times. If so many of the questions had not been so ambiguous, I know I would have passed, but many of them are just as Mr. Neilson said - ambiguous, and poorly worded. |
| 12/7/05: James from Miami says: |
While I can understand Mr. Neilson’s disappointment at failing the Security+ exam, I do not share his sentiments about the test. The exam is not difficult, and I passed it easily. Here’s how. I prepared myself adequately, devoting a month to exam preparation. I chose the excellent All-in-One book by Gregory White as my main study text, along with the Cramsession guide, the Transcender practice tests, and Boson Exam #3. I supplemented these resources with free online information, especially from wikipedia.org. I took the exam on Monday and completed it in 45 minutes, achieving a score of 868 (96.4%). I certainly don’t think that I’m smarter than Mr. Neilson, but I probably just prepared better, and preparation is the key. |
| 1/9/06: Dan from New York says: |
"However, there's two other types of questions on this exam:a handful covering content so obscure that only an expert can answer, and -- here's the kicker! -- others that are so poorly worded that you are unable to determine what you are being asked, let alone which is the correct response!" "But considering the quality of the questions asked and the imbalance of the question difficulty levels, I can say that I simply don't believe that this exam does what it sets out to do: truly test one's knowledge of the subject at hand." BINGO! ; you hit the nail right on the head. However, some of these questions did seem very obscure and expert oriented to say the least. I thought it was just me. My knowledge was not truly tested, I spent a lot of the time trying figure out what the question was asking. I can appreciate other argumetns that these exams can't be easy for obvious reasons. I'm sure none of us wants to skip/ slide their way through something like this or there would be no accomplishent. But there are some things in life we all have to agree on as being broken. It helps to hear that Server Plus and Linux Plus are of better quality - what I have left. |
First Page Previous Page Next Page Last Page
|
|
|
|
