+ Reply to Thread
Results 1 to 9 of 9
  1. Member
    Join Date
    Sep 2012
    Posts
    32

    Certifications
    Security+, eCPPT Silver & Gold.
    #1

    Default new performance based qestions?

    hey i am currently studying for my security+ exam and i really don't have much hands on experience as i am in high school i was wondering how can i pass the security+ exam with there new performance based questions, and how i can get hands on experience on the material?

    thanks
    Reply With Quote Quote  

  2. SS -->
  3. Registered Member Darril's Avatar
    Join Date
    May 2009
    Location
    Virginia Beach, VA
    Posts
    1,569

    Certifications
    MCT, A+, Net+, Security+, CASP, SSCP, CISSP, MCSE, MCITP...
    #2
    When the performance based questions on the Security+ exam start appearing in 2013, you're very likely to see some command prompt questions. These are the easiest for programmers to create.

    I imagine that some of these will be similar to the performance based questions on the CASP. When I took the beta (CompTIA Advanced Security Practitioner (Beta Exam) My Experience) all of the performance based questions were from the command prompt.

    The best way to prepare is to become very familiar with the command prompt. Learning the command prompt and basic commands from the A+ and Network+ exams is helpful. People that typed in all the commands to see how they worked while preparing for those exams will have the basics needed for the Security+. If you're not familiar with the command prompt, the Windows 7 Portable Command Guide (ISBN-13: 978-0789747350 ) shows basic usage with the purpose of giving you just what you need to know for most situations rather than how to use every possible switch in every possible combination. If you type the commands in this book, you'll have typos and be able to fix them and that will give you some good hands on experience with the command prompt.

    You don't necessarily have to use Windows 7 to learn the command prompt. Many commands will work similarly from one operating system to another. Discovering these differences is also a good way to build your hands on experience.

    Beyond knowing the basics of the command prompt, I'd recommend knowing how to check integrity using basic tools such as md5sum or sha1. I did cover this in-depth in Chapter 10 of the CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide (ISBN-13: 978-1463762360).

    Good luck.
    Reply With Quote Quote  

  4. Member
    Join Date
    Sep 2012
    Posts
    32

    Certifications
    Security+, eCPPT Silver & Gold.
    #3
    thanks Derril i am using your book already(great book btw),when you say questions using the command prompt do you mean as in like how to move around in it or like pinging? can u give me an example qestion? and are they hard? i didnt do the a+ or net+ but i did study for the 700 series but never took the test do you think i will be able to pass easily with using your book and the proffesormesser.com website?


    thanks!
    Reply With Quote Quote  

  5. Registered Member Darril's Avatar
    Join Date
    May 2009
    Location
    Virginia Beach, VA
    Posts
    1,569

    Certifications
    MCT, A+, Net+, Security+, CASP, SSCP, CISSP, MCSE, MCITP...
    #4
    Example question: "Verify the downloaded file is valid."
    Screenshot: IPassed.exe 367f0ed4ecd70aefc290d1f7dcb578ab
    Performance based environment: Command prompt.

    Would this be hard for you?

    If you studied for an A+ exam but did not take and pass it, I can't determine what your knowledge is. Without following it through to completion, it's common for people to have holes in their knowledge.

    Without experience or the A+ and Network+ certifications as background, I would not say that you can "pass easily". However, if you're willing to put the time in and to build some experience, I'd say it's possible.

    Did you look at this blog? CompTIA Performance Based Testing
    Reply With Quote Quote  

  6. Member
    Join Date
    Sep 2012
    Posts
    32

    Certifications
    Security+, eCPPT Silver & Gold.
    #5
    provided they gave me the md5sum program i dont think it would be hard for me....

    and well as for experience: i worked as a technician for a year+ a couple years back and
    i have read "The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy (Syngress Basics Series" and actually done all the stuff in that book on a VM, and the web pen testing on a web site i got permission to pen-test on.
    Reply With Quote Quote  

  7. Registered Member Darril's Avatar
    Join Date
    May 2009
    Location
    Virginia Beach, VA
    Posts
    1,569

    Certifications
    MCT, A+, Net+, Security+, CASP, SSCP, CISSP, MCSE, MCITP...
    #6
    Quote Originally Posted by naftalir View Post
    provided they gave me the md5sum program i dont think it would be hard for me....
    How would you know if they gave you the md5sum program?

    In other words, how would you solve this? You won't be able to pick commands from a list of multiple choice answers but instead, you'd need to enter commands into the command prompt yourself. What commands would you enter?
    Reply With Quote Quote  

  8. Member
    Join Date
    Sep 2012
    Posts
    32

    Certifications
    Security+, eCPPT Silver & Gold.
    #7
    i would first navigate to the file by using the cd and dir commands and then when im in the directory/folder of the file i would type "md5sum IPassed.exe" then compare the hashs manualy.
    im more afraid if they ask me to make like a rbac role/group and set up rules for them and make group policy's and stuff like that.
    Reply With Quote Quote  

  9. Registered Member Darril's Avatar
    Join Date
    May 2009
    Location
    Virginia Beach, VA
    Posts
    1,569

    Certifications
    MCT, A+, Net+, Security+, CASP, SSCP, CISSP, MCSE, MCITP...
    #8
    Good. Knowledge of basic commands such as cd and dir are needed. In this case, you needed to recognize that 367f0ed4ecd70aefc290d1f7dcb578ab is an MD5 hash and then find an application (with dir) that can calculate an MD5 hash. I don't know if you had all that knowledge before you started the topic, or you gained it during the thread but it is valuable information I expect you'll need when taking the exam after Jan 1, 2013.

    Is it possible you'll need to create a group? Yes, but not likely. Even less likely that you'll need to create a group policy because this is Microsoft centric and the exam tries to be vendor neutral. However, you might need to drag and drop users into given groups to give them appropriate permissions.

    Hope this helps.
    Reply With Quote Quote  

  10. Member
    Join Date
    Sep 2012
    Posts
    32

    Certifications
    Security+, eCPPT Silver & Gold.
    #9
    was very helpful.

    thanks!!
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks