CertCities.com -- The Ultimate Site for Certified IT Professionals
Keep on Top of the Latest Certification News: Subscribe to CertCities.com Newsletter Share share | bookmark | e-mail
  Microsoft®
  Cisco®
  Security
  Oracle®
  A+/Network+"
  Linux/Unix
  More Certs
  Newsletters
  Salary Surveys
  Forums
  News
  Exam Reviews
  Tips
  Columns
  Features
  PopQuiz
  RSS Feeds
  Press Releases
  Contributors
  About Us
  Search
 

Advanced Search
  Free Newsletter
  Sign-up for the #1 Weekly IT
Certification News
and Advice.
Subscribe to CertCities.com Free Weekly E-mail Newsletter
CertCities.com

See What's New on
Redmondmag.com!

Cover Story: IE8: Behind the 8 Ball

Tech-Ed: Let's (Third) Party!

A Secure Leap into the Cloud

Windows Mobile's New Moves

SQL Speed Secrets

CertCities.com
Let us know what you
think! E-mail us at:
 
 
...Home ... Editorial ... Columns ..Column Story Wednesday: February 29, 2012


Certification Advisor  
Greg Neilson
Greg Neilson
Security+: What a Disappointment!
Greg takes CompTIA's Security+ exam and comes away wishing he'd spent the fee on expanding his CD collection.
by Greg Neilson  
4/6/2004 -- If you've read my earlier column on my plans for 2004, or my comments featured as part of CertCities' 10 Hottest Certifications for 2004, you would know that I am pretty bullish on CompTIA's Security+ certification. Actually, that should read was bullish. You see, I finally took the Security+ exam, and I must say I was very disappointed by it.

I'll say up front that I failed the exam by a couple of questions. But this is not about my score: I don't need Security+ title for my job or any future career plans. I took the exam because I was excited about the title; I thought it would be useful to broaden my security knowledge in areas that I don't deal with on a regular basis.

From my experience in taking more than 100 other certification exams, I expected Security+ to ask unambiguous questions with varying levels of difficulty that when combined -- and let's face it, there are 100 questions here today, so there's lots of scope for this variation -- would give a reliable indication of whether someone has acquired basic security skills in a broad range of areas. And I don't think that's an unreasonable expectation to have, especially considering this exam's $225 (U.S.) price tag. (Even worse, in Australia the cost in local currency was $415, which equates to $312!).

Unfortunately, this is NOT the exam we have today.

Much of Security+ consists of pretty easy questions about security, which probably accounts for the relatively high percentage needed to pass (83 percent). -- not unreasonable considering how many easy questions there are. However, there's two other types of questions on this exam: a handful covering content so obscure that only an expert can answer, and -- here's the kicker! -- others that are so poorly worded that you are unable to determine what you are being asked, let alone which is the correct response! In fact, before I took the test, I had seen comments posted in forums complaining about the quality of the Security+ exam questions, and I pretty much dismissed those posters as whiners. But now I know they were on to something. I wish I could put detailed examples of these questions here; but that, of course, would be giving away exam questions, which I can't do.

Now, I'm not a psychometrician, so I can't say that the Security+ exam doesn't confirm to this testing standard or that one. But considering the quality of the questions asked and the imbalance of the question difficulty levels, I can say that I simply don't believe that this exam does what it sets out to do: truly test one's knowledge of the subject at hand.

I have a number of other CompTIA certifications: Network+, Server+, Linux+ and IT Project+. Security+ simply doesn't conform to the same standard. Therefore, until CompTIA does some work to fix the problems with this exam, I can't recommend that anyone else take it, and I will no longer recommend the program to others. I did learn a great deal about security in my preparation, but as far as the exam itself goes, I would have been much better off spending the cash on expanding my CD collection.

I'd like to hear back from those of you out there that have taken this exam. What do you think? Let me know by posting your comments below.

Greg Neilson, MCSE+Internet, MCNE, PCLP, is a Contributing Editor for Microsoft Certified Professional Magazine and a manager at a large IT services firm in Australia. He's the author of Lotus Domino Administration in a Nutshell (O'Reilly and Associates, ISBN 1-56592-717-6). You can reach him at Attn: Greg.
 

More articles by Greg Neilson:

-- advertisement --


There are 86 CertCities.com user Comments for “Security+: What a Disappointment!”
Page 9 of 9
2/9/06: Keith from Iowa says: Dan and Greg could not have said it any better. I have taken this exam twice now and did not pass either time. This last time I missed it by 1. I will take it one more time but this has to be the worst written exam I have taken to date. Even if I passed I would be making these same comments because during some of it, it would get to the point that I would cover the question up and answer based on the best answer I recognized, instead. I am very disappointed with this exam and even when I do pass, after taking it, I believe this exam has not helped me in anyway.
7/7/06: duped from florida says: OK, here's my take on this. I'm a CCNA & CCNP (high 90s on all tests) with twelve years of extensive packet level troubleshooting, firewall management, and system wide experience (Snort, PIX, SonicWall, Raptor, NetScreen, server admin, wifi - FCC licensed, ) and this test was graded incorrectly. I took the test twice and failed both times and I am sure there's something seriously flawed (besides my reasoning). Whoever the idiot is who wrote the questions and determines the correct answers is from some other discipline; definetly not from a security background.
10/21/06: lpi guy from chicago says: Greg. I wish I listened to you. I sat for this test this afternoon and failed by a question or two. I can not tell you how disappointed I am at the quality of this test. I did not fail it. It failed me. There is no reason for a ambiguous question, poor written question, poor grammar, and multiple answers. Many of the questions were benign in nature and needed to be quantified to answer them properly. Keep in mind questions are taken from a pool. That is why you read reviews of people stating it was easy and others saying it was horrible. Many of the questions had no technical relevance what-so-ever and were strictly theoretical and you could make up a scenario where any of the 4 are correct. I can go on but why bother. I will continue down the LPI track. You have been warned people. Don't waste your money. I dint fail the test. The test failed me.
1/26/07: Anonymous says: The Security+ exam lacks quality control. The majority of the exam questions are acceptable but a portion of those questions are either vague or outright wrong. For example, one of my questions regarded SMIME and asked about what type of encryption it uses. The answers were between Asymmetric, Symmetric, and two decoy answers. The true answer should have been BOTH asymmetric AND Symmetric. The sad thing is that the book "Cram Exam" (ISBN 0789729105) states asymmetric. It's the very first book recommended on CompTIA's website. I think the test writers read the book and created the question based on that book. They should have read RFC 2633 (DES and 3DES are symmetric algorithms). The symmetric key is going to be encryped by using asymmetric encryption.
7/9/07: Anonymous says: yeah, sounds like a whiner and a liar to me. 100 certificates my a**.
10/7/08: Anonymous says: laughable, no one should take a cert test to expand thier knowledge, perhaps if you had actual security knowledge and principal you would not have the perspective you show in your review. Fact is YOU were not prepared to take the test!
First Page   Previous Page     Last Page
Your comment about: “Security+: What a Disappointment!”
Name: (optional)
Location: (optional)
E-mail Address: (optional)
Comment:
   

-- advertisement (story continued below) --

top
Home | Microsoft® | Cisco® | Oracle® | A+/Network+" | Linux/Unix | MOS | Security | List of Certs
Advertise | Contact Us | Contributors | Features | Forums | News | Pop Quiz | Tips | Press Releases | RSS Feeds RSS Feeds from CertCities.com
Search | Site Map | Redmond Media Group | TechMentor Conferences | Tech Library Webcasts
This Web site is not sponsored by, endorsed by or affiliated with Cisco Systems, Inc., Microsoft Corp., Oracle Corp., The Computing Technology Industry Association, Linus Torvolds, or any other certification or technology vendor. CiscoÆ and Cisco SystemsÆ are registered trademarks of Cisco Systems, Inc. Microsoft, Windows and Windows NT are either registered trademarks or trademarks of Microsoft Corp. OracleÆ is a registered trademark of Oracle Corp. A+Æ, i-Net+T, Network+T, and Server+T are trademarks and registered trademarks of The Computing Technology Industry Association. (CompTIA). LinuxT is a registered trademark of Linus Torvalds. All other trademarks belong to their respective owners.
Reprints allowed with written permission from the publisher. For more information, e-mail
Application Development Trends | Campus Technology | CertCities.com | The Data Warehousing Institute
E-Gov | EduHound | ENTmag.com | Enterprise Systems | Federal Computer Week | FTPOnline.com | Government Health IT
IT Compliance Institute | MCPmag.com | Recharger | Redmond Developer News | Redmond | Redmond Events | Redmond Channel Partner | Redmond Report
TCPmag.com | T.H.E. Journal | Virtualization Review | Visual Studio Magazine | VSLive!
Copyright 1996-2009 1105 Media, Inc. See our Privacy Policy.
1105 Redmond Media Group