+ Reply to Thread
Page 1 of 2 1 2 Last
Results 1 to 25 of 33
  1. Junior Member
    Join Date
    May 2003
    Posts
    6
    #1

    Default CompTIA Can Bite My @$$

    Took the Security+ Exam yesterday and failed with a score of 708. The exam was the most poorly written piece of crap I've ever seen. Someone find me someone from CompTIA so I can punch them in the face. Not only did I read the Sybex "Authorized Curriculum" book from cover to cover TWICE, I also read the Syngress book from cover to cover as well as Chris Crayton's Exam Guide. Not to mention my profession is as an Information Security Analyst and I've been doing it for quite some time now! My day to day job is hardening networks and servers/workstations. They can kiss my @$$!!

    Bottom line is they're testing someone on their ability to guess for a good 20% of the questions. "Here's 4 right answers, which one do WE think is right?". I could have just as easily passed as I could have failed, provided I guess differently on a good portion of the questions. It's just sad to think that they're certifying people that are fully qualified in anything except taking CompTIA's bullshit exams. This was the first CompTIA exam I ever took and it was the last. They got a nice little disgruntled email from me.

    -Kyle
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Aug 2002
    Location
    N. Ireland
    Posts
    1,040

    Certifications
    A+, N+
    #2
    microsoft have a similar reputation for seeking their version of an answer, sometimes conflicting with that of cisco in matters relating to networking. so i am looking forward to my brainwashing

    i sympathise with you and the effort that you believed should have gotten you that pass. from the horror stories i have heard of other security+ candidates, i have come to the comclusion that people could stand as good a chance as somebody who has studied by merely ansering the questions at random (or the all-c's system perhaps).
    Reply With Quote Quote  

  4. Member
    Join Date
    Apr 2003
    Location
    Newmarket, ON
    Posts
    51

    Certifications
    MCSE, MCSA, A+, Network+, Server+, i-Net+, Security+
    #3
    Although it is unfortunate that the "right" answer is always what CompTIA thinks it is, remember that the answers are chosen by subject matter experts. I notice with CompTIA exams they test more on scenarios rather then whether you know what this term means or what this does. I know my Network+ exam was littered with scenario questions up the whazoo. When you think about it, it's the only way to test someone's ability to apply everything they know and solve a problem rather than whether they know what something does.

    I haven't taken the Security+ exam yet but that is the last on my list of "to do" certifications before I head back to school.
    Reply With Quote Quote  

  5. Johan Hiemstra Forum Admin Webmaster's Avatar
    Join Date
    Jun 2002
    Location
    52n31, 6e06
    Posts
    10,383
    Blog Entries
    3

    Certifications
    MCSE NT4 MCSA 2000/2003 Security+ (expired: CWNA, CNA, CCNA)
    #4
    The thing with the Sec+ exam (I didn't take it yet, but from what I heard) is that the questions are so terribly worded that even if they ask you about something you know everything about and/or you would be able to perform in real-life situations, they can still make it darn hard to find/choose the right answer. More than 1 seems correct, or none of them seem correct.

    Quote Originally Posted by bellboy
    microsoft have a similar reputation for seeking their version of an answer, sometimes conflicting with that of cisco in matters relating to networking.
    True, but the main difference with CompTIA is that their are several sources where you can find out the answer MS will be looking for. MS press books, the resource kits, technet, knowledge base are the authority on MS topics. Not to forget the help files... A reference for every question MS has can be found in one of these resources.

    i.o.w. CompTIA should produce their own study guides...
    Reply With Quote Quote  

  6. Junior Member
    Join Date
    May 2003
    Posts
    6
    #5
    Quote Originally Posted by Webmaster
    i.o.w. CompTIA should produce their own study guides...
    well...the thing is....that the Sybex book was the one which I figured would be the most acurate portrayel of the exam content. this is based on the fact that right on the front of the book it says 'Authorized CompTIA Curriculum'. i checked CompTIA's website where they list the 5 authorized curriculums for the security+ cert, the Sybex book being one. that to me means they've reviewed the book and said "yep, this covers everything, and in the depth and manner we feel is needed". to me thats as good as them writing their own book. (quite frankly i wouldn't want those clowns writing their own books.

    here's my current predicament. my employer pays for the cost of the exam IF I PASS. so as it stands right now, i'm out $225. my boss has told me that if i take it again and pass, they'll reimburse me for both, $450. if i fail again, i'm out $450. $450 is a LOT of money to my family, my wife and I have a 3yr old son and a baby girl due in August. do you know how many diapers $450 dollars buys? ...about 2 weeks worth..heheheh. to be quite honest, i'm not that confident i'll pass. and it has NOTHING to do with re-reading the books or reviewing the material again. its pretty much a crapshoot.

    am i that confident in my luck? hmmm....
    Reply With Quote Quote  

  7. Grumpy old bugger RussS's Avatar
    Join Date
    Sep 2002
    Location
    Hamilton - New Zealand
    Posts
    2,109
    #6
    Any book that is CompTIA authorized means it "addresses at least two learning styles."

    That is interpted as text and a Q&A section. It also means you paid the CompTIA fee, and the review fee. I have seen another CompTIA authorized piece that addresses the requirement to hit the domain objectives. Well what that work did was have an index in the back of the book that pointed to the Major domain, X. and the first tenth .X There was no indexing to the X.x.x because the material didn't hit all the points!

    This is one exam where if the publisher has money, the work gets blessed.
    Personally, I will be *very interested* in you're thoughts on the MS Press book. My rational is the MOC covers about 25% of what is required. No mention of MAC for example. That is because there is no MS O/S that uses either RBAC or MAC.
    I think that just about sums it up .... lol
    Reply With Quote Quote  

  8. Junior Member
    Join Date
    May 2003
    Location
    Texas
    Posts
    1

    Certifications
    A+, Net+, CNA, CCNA, MCP, MCSA, MCSE
    #7

    Default Suckurity+

    I had a similiar experience with this test. I used Cisco's Security + Guide to Network Security Fundamentals text and read it twice. This text holds Comptias lable on the front as certified material. I also used SelfTest Software test bank to study for the exam and had been consistantly getting 100%. I was sure I was ready for this exam.

    There wasn't just trouble finding the best answer, it was which was the least worst answer. IMHO this test sucked not just because it was poorly worded but because it cost so much. I have been woking with firewalls an internet security for more than three years. Maybe I just don't get it.
    Reply With Quote Quote  

  9. Junior Member
    Join Date
    May 2003
    Posts
    6
    #8

    Default I dont know what I'm gonna do...

    I honestly don't know what I'm gonna do. I'm stuck. I want this certification done with, I need that closure. If it wasn't a lifetime cert. I wouldn't even bother with it cuz theres no way I'm going through this crap every 2-4 years or whatever. I just feel like I've put too much time and effort into it to give up now. My employer has said that if I take it again and pass they'll reimburse me for both tests, putting me out $0. But if I take it and fail again I'm out $450. arrrrgghhhh. I feel like I'm in Vegas. Should I quite while I'm only down $250 or go for the glory and either come out on top or come out even more in the hole? $450 to be exact.

    God I wish I was rich. Then again, if I was rich I probably wouldn't be wasting my time with certifications. I'd be laying on a chez lounge while Playboy Playmates fed me grapes and gave me pedicures all day. Or not.

    -Kyle
    Reply With Quote Quote  

  10. Member
    Join Date
    Apr 2003
    Posts
    31

    Certifications
    CISSP, CCNA, CEH, Security+, MCP-Win2k Server
    #9
    Okay guys (gals if any) disgruntled I know. I took this exam and yes it was hard with the scenario like questions but it wasn't unfair. I have seen and been working in the field as some of you stated, and know that security work involves intricate details and knowledge. These intricacies are what comptia is using to bump the difficulty level.

    Like one person I collaborated with about the digital signing of a message. That particular person stated it was the encryption of the message that provided the signature, yes it can be--but the actual signing of message in a production environment is the encryption of a hash of the message. This has been incorporated to speed up the process of integrity checks.

    that can go into a lot more detail but is just an example of how some students of the Security+ exam are thinking. Top level and basic. The exam is targeted for experienced (~2years) and detailed security practitioners.

    Also the books don't provide the knowledge needed to pass. The books explain the domains and hit the basics, the test hits the details. Being in the field you should realize that the book isn't good enough. If you are going to attempt the test I suggest picking up one of William Stallings Network Security books. His older books (almost 5-7 yrs) are still being referenced in security policies for companies. I have seen a number of them when reviewing. I have read one of them which I though was fantastic and maybe a little too detailed. If interested it is called "Network Security Essentials-Applications and Standards" - By William Stallings

    the Sec+ exam is an excellent stepping stone test. I will admit some questions got a raised eyebrow for the answer choice (being so similar) but we need to be able to distinguish between all of the security practices and features available-not just what a hash function is.

    ucan
    Reply With Quote Quote  

  11. Junior Member
    Join Date
    May 2003
    Posts
    6
    #10
    Quote Originally Posted by ucanbreached

    Also the books don't provide the knowledge needed to pass. The books explain the domains and hit the basics, the test hits the details.

    ucan
    what is an "Authorized Curriculum" then? something that just "hit the basics". I wouldn't think so.
    Reply With Quote Quote  

  12. Member
    Join Date
    Apr 2003
    Posts
    31

    Certifications
    CISSP, CCNA, CEH, Security+, MCP-Win2k Server
    #11
    What I was trying to say (understand that maybe I didn't make it to clear) is that basically, the "authorized curriculums" aren't the best and only source needed for this exam (like a Cisco book-(not puttin Cisco down)), but the test does meet expectations.

    If you want to read the 'authorized curriculum', I'm tellin you from experience - it is not enough. You should pick up other books and RFC's and Security policy examples and Commom Criteria standards and levels, detail IPSec descriptions of the protocol, additional texts etc. Reading these to the point of understanding and not just reviewing will give you what you need to pass the exam. Reading the book by itself is not enough.

    As an example I used the Microsoft text for my study. However, the Microsoft text includes like 20 RFC's (about 100 pages each), the whole Common Criteria (~100pages) and policy statements (~100pages) and different references (?pages) that they recommend to read before attempting the test, all included on the CD. In addition they refer to other sources outside the CD and text to supplement.

    Again the test is great in its context,yeah it has some flaws with similar questions being too similar (due to its maturity level), but very justified. This goes for both the context of network security and information security and physical security (and more), which all three are seperate issues for the exam.

    I just suggest read some more man . It will go a long way (but painful). It just sums up the test isn't as easy as some expect especially with the stress factor of $225 bones, and 100 questions in 90 minutes.

    I vote you give it another try after some additional study.
    Reply With Quote Quote  

  13. Junior Member
    Join Date
    May 2003
    Posts
    6
    #12
    yeah..i hear you. i did read three different books all focused on the security+ exam. the syngress book did go in depth on a lot of different things, including RFC's etc. IMHO its not an issue of me not knowing the material, its an issue of me needing to guess better.

    "here's 4 right answers, which one do WE think is the most right?"

    also, i think that stuffing your head full of RFC's and IEEE standards and common criteria and what not is pointless. i've been an information security analyst for over 2 years now and i cant think of one time where i've been working on a firewall issue or hardening a windows 2000 server and been like "OH CRAP!! looks like we've got an unnecessary port open here, what did that RFC say about locking that down?!!" i think knowing what a RFC addresses is a great idea, but reading the entire thing? ahhhh.....

    i personally think that SANS has a better exam structure. not only do you have to write a practical essay for most of their GIAC certs you also have to take a multiple choice exam that is open book. because they realize that this day in age having access to online materials as well as print materials is essential. they know that nobody in their right mind is gonna remember all the different standards and RFC's and common criteria. the essay is a good way to gauge someone's grasp of the subject matter and their knowledge on the subject.

    but that is me, i'm not a CompTIA subject matter expert who knows exactly what questions to ask to test someone's ability on a subject. i just speak from real world experience. i mean with something like the internet at your fingertips are we as IT security professionals not expected to use it as a resource? for crying out loud, i cant even tell you how many times i do a port scan and see a port and cant remember what is assigned too. you better believe i jump on the IANA website and look it up. does that make me any less competent because i dont have all 1,023 some odd registered ports memorized? no. granted, if i lose all internet connectivity i'm screwed...hahahaha.

    i think the exam should be more scenario based questions than anything else. but thats me.
    Reply With Quote Quote  

  14. Johan Hiemstra Forum Admin Webmaster's Avatar
    Join Date
    Jun 2002
    Location
    52n31, 6e06
    Posts
    10,383
    Blog Entries
    3

    Certifications
    MCSE NT4 MCSA 2000/2003 Security+ (expired: CWNA, CNA, CCNA)
    #13
    I've been preparing for this exam on and off for about 2 months now, I read half the Sybex guide, Tcat and Helen's Security+ PDF and some additional reading on the web. I was planning on taking the exam a couple of weeks ago, but because of the comments I hear about the exam I decided to put it off for another month at least. I want to be sure I'm ready to pass it, simply can't afford paying for it twice. I am only taking it out of curiosity and to increase my credibilty as a tech writer.

    "here's 4 right answers, which one do WE think is the most right?"
    They surely are not wrong either. They are not just making things up, a lot of companies and organizations have worked together to develop this exam. The goal is to understand what they think is most right, there must be some logic behind it justifying the answer.

    I was looking into the CompTIA Technical Trainer exam a while back and downloaded some demo questions from Boson. There were questions like: "What would you do when a user makes a remark that might be insulting for some people?" Kick him out of the classroom, warn him, wait until the next break and warn him, wait until he does it again and then warn him...
    What would you do? There's no incorrect answer really, some people may respond differently than others, and any response might be justified by company policies (created by someone that doesn't think CompTia), or many other factors depending on the precise situation...
    But, that really doesn't matter. If I'm going to take that exam, I'll do it because I want to do/know it the CompTia way. And there's not much you can do besides relying on those approve by CompTIA resources. Obviously, 1 resource is not enough.

    You don't have to read entire RFCs, but reading parts can be very enlightening
    Reply With Quote Quote  

  15. Member
    Join Date
    Apr 2003
    Posts
    31

    Certifications
    CISSP, CCNA, CEH, Security+, MCP-Win2k Server
    #14
    Real World experience example: your in a meeting, the Vice Pres on Information Security and Architecture asks a question, and you reply with "Oh I'll be right back, I'll have to look that up on the internet", I don't think so.
    I do believe the internet can be useful in a situation such as your description
    Quote Originally Posted by kbfromvt
    i cant even tell you how many times i do a port scan and see a port and cant remember what is assigned too. you better believe i jump on the IANA website
    However, being able to recall information and use it to design, tailor and develop it to a situation b/c you know the in's and out's and how it can be manipulated goes a lot further than just being able remember the IANA site can give you some answers. Reading texts and articles and RFC's (if you wish) collectively, gives you this skill to perform standalone if needed.

    Security is a "learned" skill and an art. It uses intuition, investigation, methodologies, and application in order to create a solution. Sure Analyzing (Capitalized for Respect-I've been there) some data can be tedious and formidable but there is a lot larger picture. The security+ study attempts to expose you this larger picture. This is why the largest chapters in the texts are usually the Policy chapters. The policy puts "everything" on the table for an Enterprise Security Solution to begin.

    Look at it from this perspective: You have to submit a paper to someone (Maybe the VP) describing the VPN solution. What technologies are available what are the Pros and Cons how are they implemented, etc? Do you think you are going to get that from one source or overnight. You will probably have to reference some. And my suggestion is to look at RFC's for pros and cons and technologies (because a short description from a website isn't going to be enough-do you think that authors and instructors have never read RFC's-) You will have to let them know (even if they are in Mgmt and not a super tech) what is involved and why and where that info came from and how it supports your recommendation, (that's where the art comes in).

    Third Example (short but descriptive):
    What is the difference between Script Kiddies and Black Hats (White hats too-if you wish)?
    Script Kiddies:
    -don't usually do anything very damaging, except if they get a good malicious script written by a good black hat (others also)
    -don't spend to much time reading about the in's and out's
    Black Hats:
    -Very detailed and selective-Because they know the technology and how to manipulate it
    -Not for sure but probably safe to say a real Black Hat has read many many RFCs

    No, RFC's are not the one and only answer, I am only using them for examples since they seem to be picked on in your previouse statment.
    I did use the statement
    Quote Originally Posted by ucanbreached
    different references (?pages) that they recommend to read before attempting the test
    but I never suggested to read RFC's in their entirety. It is a good idea to read the foundations (even if painful). I was in the Marine Corps, so I believe "pain makes you remember" ...HaHaHa, in whatever context you put it.

    Anyway, there is something to say for accredited and published works that spell the foundations or reference them for instruction.

    I hope you follow through with the test and pass it the next time around. I am sure your methods have worked for you in past, I am only suggesting that the 'painful' supplemental reading will facilitate your passing of the exam.
    Reply With Quote Quote  

  16. Junior Member
    Join Date
    May 2003
    Posts
    6
    #15
    Well I'll definitely attempt the exam again, I'm just waiting till I'm done with my vacation in mid-june. I dont have the money to attempt it again right now. And I'm not about to tell my 3yrd old son that we're not going to the beach this year because daddy has to take an exam again.
    Reply With Quote Quote  

  17. Member
    Join Date
    Apr 2003
    Posts
    31

    Certifications
    CISSP, CCNA, CEH, Security+, MCP-Win2k Server
    #16
    Sounds like a plan. I hear ya, it is one of the most expensive exams.
    Talk to you later

    Brightdays and Good health,
    ucan
    Reply With Quote Quote  

  18. Junior Member
    Join Date
    Aug 2003
    Posts
    2

    Certifications
    A+, Network+, I-Net+, CCNA
    #17

    Default CompTIA Exams

    I will preface this post with, it is not my intention to offend anyone...just opinion/advice! XXXXXXXXXXXXXXX

    You know, I have taken 2 relatively recent CompTIA exams.

    Network+: Studied every day for 2 weeks (Exam Cram), passed 1st time, got 97% score.
    I-Net+: Studied for a weekend (Exam Cram), passed 1st time (barely, but hey, it was only a weekend).

    I also took Cisco's CCNA exam after studying every day for 2 weeks (Exam Cram). I got about an 83% score.

    I partly agree that you just have to know how to answer CompTIA's questions. I have yet to take the Security+ exam, and I may be proven wrong with the Security+, but CompTIA tests aren't difficult. In fact, they are a [bad] joke. If I were a hiring manager, I would much rather hire an individual who only holds a CCNA, than a CompTIA Whore. (yes, with 3 CompTIA certs, I am an official "CompTIA Whore" hehe) But, I use CompTIA certs as a "get-my-feet-wet" and "might-as-well-get-another-cert-while-I'm-at-it" study approach to other, more respectable certs that I have my eyes on.

    I do think, however, that the less you have worked with the CompTIA exam's content in real-life, the better you do on CompTIA's exams. If you are currently a security professional, what the [expletive] are you doing?? You should be taking the CISSP, SCP, or Cisco's CCSP, not the pathetic CompTIA Security+ exam! They are too expensive to muck with, if you already have your feet wet with the material.

    (Of course, I will let you all know when I pass...this time, my study has been off and on for 1 month using Exam Cram 2.)

    One more thing: I know what you are thinking...he's the "script kiddie" type, a "paper-CCNA", or a "paper-Network+". I am an extremely quick learner. I have all the stupid ports comitted to memory, most of them before studying for Sec+. CompTIA does not require me to review RFC's or read ten books to get the cert. I get the introductory technical info I need to fully understand the next more difficult cert. I pass their (CompTIA's) little cert, then move on to the GOOD STUFF---> I'm also studying for the CWNA (Planet3's entry-level wireless cert). Let me tell you, this is a XXXXXXX certification track. I love it...it has formulas, physics, all the in's and out's of wireless...and it's their entry cert! All I'm saying is, why should I spend more time on CompTIA's certs...they are just leading up to other certs that are actually rich with information....now that's where I should spend my time.

    That's just my take-- I could be wrong, and it would be a terrible tragedy.
    Reply With Quote Quote  

  19. Member
    Join Date
    Apr 2003
    Posts
    31

    Certifications
    CISSP, CCNA, CEH, Security+, MCP-Win2k Server
    #18
    I love this forum.

    You will find out when you attempt the test it is more difficult than your typical CompTIA networking exam. Security is a different breed and the practitioner needs to have more of an indepth understanding, even with the intro material. Yes paper cert script kiddies are a no no.

    Sec+ questions can seem confusing. But if you really think about the question content you will be able to determine (not guess) the correct answer. Of course, the caveat to this is you must know the introductory security information in-an-out!! This is where CompTIA has stepped up to the plate with Sec+.

    On your CISSP, CCSP, SCP instead of Sec+ comment you should analyze your current capabilities and career direction, instead of making a passionate and rash decision on what career cert you take. Studying and passing a particular test could land you a over qualified or under qualified response to an interview. Some of us actually try to pace and build a career instead taking any job that comes along.

    Ex.

    CISSP - Almost purely management knowledge, probably about 10% Technical information. However, if you do get this you will be hired for almost any job applied for but you need to meet requirements --> Need 4 years experience and a Bachelors to take test or 5 years experience in anyone of the 10 CBK's (common body of knowledge) almost 1 year of study needed for 1 six hour exam. recert need to attend professional meetings in industry, trade shows, training seminars, certain work projects, publications qualify to earn you credits for a recert. No more test.

    CCSP - Almost purely technical knowledge and proprietary (Cisco), probably only about 10% management knowledge information (network administration is not management) Need to have CCNA cert currently valid at time of last test of 5. Yes 5 Tests. Need to recert every 3 years except for DoD InfoSec cert that the CCSP qualifies you for. Only one recert test. Doesn't touch management or interoperability with other technologies b/c it is so proprietary

    Sec+ - Entry to Mid level career cert. Mostly management about 30%technical information. no recert. Cert shows a common body of knowledge for Security that can be used in any security position, including physical.

    One must weigh these variables,
    (Only using my history for example not to weigh against any others thought process or credentials)

    CISSP - no b/c I need 1 more year of experience
    CCSP - Yes but gradually b/c of 5 tests. Awful lot of study material and pages
    Sec+ - Yes, today b/c It is permanent once I get it, it is reputable enough to get my foot in the door, and I can use the information for technical and Management positions

    In response to reading additional material (RFC's and Books), as before I recommend it. Some good titles will be "The Risk Equation - by Peter Tippet available on TruSecures site; Some Common Criteria on DoD standards and classification, maybe one of the NIST manuals. And last but not least Network Security Essentials by Williams Stallings (A premier security text book author)

    One last comment, you suggested your cert methodology is to take the little guy certs (CompTIAs) with intro information scan and pass strategy and use that information to pass the more difficult certs. I don't see any difficult certs (the ones you mentioned earlier in your statement) listed for you. How do you know this method will work for your quoted "more difficult certs" if you haven't attempted to test your strategy? Sounds like a
    Quote Originally Posted by domoii
    "script kiddie" type, a "paper-CCNA", or a "paper-Network+" theory.
    --This comment is not meant to be sarcastic--
    Hope it works for you
    Reply With Quote Quote  

  20. Senior Member
    Join Date
    Aug 2003
    Location
    Pittsburgh
    Posts
    1,948

    Certifications
    MCSE (old), SSCP, CCA, Sec+, P+, L+, and N+
    #19
    Quote Originally Posted by kbfromvt
    Well I'll definitely attempt the exam again, I'm just waiting till I'm done with my vacation in mid-june. I dont have the money to attempt it again right now. And I'm not about to tell my 3yrd old son that we're not going to the beach this year because daddy has to take an exam again.
    Did you pay the full price, $225, for the first exam? www.getcertified4less.com has a voucher for $195. I know it is not much of a differences but, $30 is $30.
    Andy

    2017 Goals: 1 of 5 courses complete, 0 of 2 exams complete
    Reply With Quote Quote  

  21. Member
    Join Date
    Jul 2003
    Location
    London, England
    Posts
    76

    Certifications
    MCSA:Shafted, MCP (70-270, 70-218, 70-215), A+, Security+, Network+, i-Net+
    #20

    Default Four right answers

    That's not the exam I took.
    I would say most (90%) questions had 2 stupid answers that could't even be considered, one that was in a similar area to the correct choice and the one right answer. Some of the others were slightly more teasing but had still only 2 possibles which could only be seperated by a word in the question - i.e someone downloads a program and runs it the program makes a keylog and sends it off each time they log on - this is an example of what?
    might include a virus, worm, trojan and a logic bomb.
    It is possibly a trojan and definitely a logic bomb - there is nothing in the question that says it's a trojan though is there? Perhaps it is doing exactly what it said it would do.
    Reply With Quote Quote  

  22. Grumpy old bugger RussS's Avatar
    Join Date
    Sep 2002
    Location
    Hamilton - New Zealand
    Posts
    2,109
    #21
    How do you figure that to be a Logic Bomb?

    Looking at that question you are referring to a keylog, so I would consider it a Trojan. Most key loggers come attached to something else, which by definition makes them a Parasite and mostly considered a Trojan, where a Logic Bomb by definition delivers a payload.

    I guess it depends on how you look at things, however a quick ask around my local IT dept has a definite bent to KeyLoggers being considered Trojans, but looking in my various reference books and I get roughly a 50/50 split. I think perhaps another case of a subject that has so many different perspectives that it makes more questions than answers
    Reply With Quote Quote  

  23. Johan Hiemstra Forum Admin Webmaster's Avatar
    Join Date
    Jun 2002
    Location
    52n31, 6e06
    Posts
    10,383
    Blog Entries
    3

    Certifications
    MCSE NT4 MCSA 2000/2003 Security+ (expired: CWNA, CNA, CCNA)
    #22
    sends it off each time they log on
    This indicates it is a Logic Bomb, which is "executed when a certain event occurs" (which does not necessarily mean it can't run in the back ground already...). E.g. when a user log on it logs the key strokes and sends it nicely packed to the attacker.

    however a quick ask around my local IT dept has a definite bent to KeyLoggers being considered Trojans
    This is not correct, a Trojan Horse is the software (usually seemingly legitimit software such as a screen saver or flash game) that could carry a logic bomb (or virus etc.) inside, but is never the logic bomb itself.

    Like the soldiers in the horse did the damage, the horse itself was just a gift.
    Reply With Quote Quote  

  24. Member
    Join Date
    Jul 2003
    Location
    London, England
    Posts
    76

    Certifications
    MCSA:Shafted, MCP (70-270, 70-218, 70-215), A+, Security+, Network+, i-Net+
    #23

    Default keyloggers

    I am not a question writer and that isn't in any way a dump but if you really think that the answer can be any choice other than the logic bomb I worry for you in the exam. A trojan has to pretend it is something else - what in the question indicates that? There are keyloggers that are not trojans therefore you can't say something is trojanned because of key logging I believe there is a proggy called boss everywhere (or similar)which does logging. However if it does something triggered by an event or action then that is the definition of a logic bomb.
    Reply With Quote Quote  

  25. Senior Member
    Join Date
    Apr 2003
    Location
    Phoenix, Arizona
    Posts
    291

    Certifications
    CCNP, CCNA, DCSE, MCSA, A+, Network+, Security+, Server+
    #24
    Yeah, I think curio is right, as long as the question didn't mention that you download a program, and it does not function the way it is intended. Say you download an MP3 ripping program, and it runs a key logger. It functions the same way as the other key logger in your example. Now, in that case it is Trojan first and a logic bomb second. The program is running something other than what it was intended to run by the user. Now if the question said that you download a program and it's supposed to be a key logger, then it's a logic bomb and only that. This is my understanding of the situation.

    Cheeblie [/b]
    Reply With Quote Quote  

  26. Member
    Join Date
    Jul 2003
    Location
    London, England
    Posts
    76

    Certifications
    MCSA:Shafted, MCP (70-270, 70-218, 70-215), A+, Security+, Network+, i-Net+
    #25

    Default Question me up scotty

    OK now don't think this has anything to do with security+ - it doesn't. But.....
    There is a program called EliteWrap which can be used to tag a backdoor (like subseven, netbus, back orifice...etc..etc) onto another program's setup file and run it in a stealth (or quiet) manner after the legitimate program installation. Incidentally SubSeven 2.2 client includes this functionality when creating servers. Now say you get EliteWrap (that's 733T\/\/R4p for the haxors) and you use it to tag a back orifice server installation onto for instance (typical and very likely instance) an enterprise copy of Winzip 8.1 - that's the one that doesn't need registration. You now have one proggy - the setup for Winzip 8.1 Corporate.

    Q) Which is the trojan?

    1) Winzip 8.1 Corporate
    2) EliteWrap
    3) Back orifice
    4) None of them, this is a R.A.T.
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 2 1 2 Last

Social Networking & Bookmarks