 |
|
 |
|
 |
Greg Neilson
|
|
|
|
 |
 |
Security+: What a Disappointment! |
| Greg takes CompTIA's Security+ exam and comes away wishing he'd spent the fee on expanding his CD collection. |
| by Greg Neilson |
|
4/6/2004 -- If you've read my earlier column on my plans for 2004, or my comments featured as part of CertCities' 10 Hottest Certifications for 2004, you would know that I am pretty bullish on CompTIA's Security+ certification. Actually, that should read was bullish. You see, I finally took the Security+ exam, and I must say I was very disappointed by it.
I'll say up front that I failed the exam by a couple of questions. But this is not about my score: I don't need Security+ title for my job or any future career plans. I took the exam because I was excited about the title; I thought it would be useful to broaden my security knowledge in areas that I don't deal with on a regular basis.
From my experience in taking more than 100 other certification exams, I expected Security+ to ask unambiguous questions with varying levels of difficulty that when combined -- and let's face it, there are 100 questions here today, so there's lots of scope for this variation -- would give a reliable indication of whether someone has acquired basic security skills in a broad range of areas. And I don't think that's an unreasonable expectation to have, especially considering this exam's $225 (U.S.) price tag. (Even worse, in Australia the cost in local currency was $415, which equates to $312!).
Unfortunately, this is NOT the exam we have today.
Much of Security+ consists of pretty easy questions about security, which probably accounts for the relatively high percentage needed to pass (83 percent). -- not unreasonable considering how many easy questions there are. However, there's two other types of questions on this exam: a handful covering content so obscure that only an expert can answer, and -- here's the kicker! -- others that are so poorly worded that you are unable to determine what you are being asked, let alone which is the correct response! In fact, before I took the test, I had seen comments posted in forums complaining about the quality of the Security+ exam questions, and I pretty much dismissed those posters as whiners. But now I know they were on to something. I wish I could put detailed examples of these questions here; but that, of course, would be giving away exam questions, which I can't do.
Now, I'm not a psychometrician, so I can't say that the Security+ exam doesn't confirm to this testing standard or that one. But considering the quality of the questions asked and the imbalance of the question difficulty levels, I can say that I simply don't believe that this exam does what it sets out to do: truly test one's knowledge of the subject at hand.
I have a number of other CompTIA certifications: Network+, Server+, Linux+ and IT Project+. Security+ simply doesn't conform to the same standard. Therefore, until CompTIA does some work to fix the problems with this exam, I can't recommend that anyone else take it, and I will no longer recommend the program to others. I did learn a great deal about security in my preparation, but as far as the exam itself goes, I would have been much better off spending the cash on expanding my CD collection.
I'd like to hear back from those of you out there that have taken this exam. What do you think? Let me know by posting your comments below.
|
Greg Neilson, MCSE+Internet, MCNE, PCLP, is a Contributing Editor for Microsoft Certified Professional Magazine and a manager at a large IT services firm in Australia. He's the author of Lotus Domino Administration in a Nutshell (O'Reilly and Associates, ISBN 1-56592-717-6). You can reach him at Attn: Greg.
|
|
| |
|
More articles by Greg Neilson:
|
There are 111  user Comments for “Security+: What a Disappointment!”
|
|
Page 1 of 12
|
| 4/7/04: WildcatDude from USA says: |
I had suspected something wasn't right but I was a ways off from taking it and I had wanted to do so prior to taking MS security exams but after reading this review, I know now waiting was for my benefit. I believe CompTIA needs to start dropping prices dramatically or they'll eventually go without any funds as people will start realizing they are no longer of value to anyone. It was suppose to be generic and entry level, not a money making scheme. Kinda like the MCDST, I'm sorta leaning to taking it but after I've seen comments that it was so easy, what's the point other than feeding MS more money. |
| 4/7/04: IT Pro from My desk says: |
One time I failed a certification exam. I felt the questions were so unfair and a waste of time. I decided to take the exam again a few weeks later and passed. When I passed I felt the same exam was worth while and the questions were fair. That is probably why Greg wrote this article, because he failed. I do agree with WildcatDude about the MCDST being to easy. I mean Desktop support is really rocket science. MS should have added questions about Server troubleshooting and Administration as well. Give me a break! |
| 4/7/04: jackass from a box says: |
I don't mind paying a one time fee of $225. It beats paying over $100 bucks every two or three years to renew your certs. |
| 4/7/04: Anonymous says: |
It's hard to take this review seriously when the reviewer explains that he failed the exam. Would you expect a glowing review? |
| 4/7/04: Anonymous says: |
I tooked and passed the exam. I would agree that the wording of some questions was less than ideal. That said, if you study enough this exam can be passed. I would rather have a difficult exam that weeds out poor candidates than one that is too easy. |
| 4/7/04: Silurian from Colorado says: |
I agree that some of the test questions were vague. I barely passed the test when I took it. I'm still not sure about the value of this test. It does appear to be a stepping stone to other certifications, but no real purpose by itself. |
| 4/7/04: Raj from Singapore says: |
I took the beta exam during september 2003. Surprisly I got morethan 10 question twice. Quality of questions is very poor. |
| 4/7/04: Anonymous says: |
It does not surprise me that someone who is not a security professional did not pass this exam. It took me months of preparation and I have worked in security for several years. Does the Neilson think that just because he has passed Network+ and Linux+ he should be able to pass Security+? Maybe the fact that he and others like him couldn’t pass with books study alone proves the exam is good measure. |
| 4/7/04: Brian P. from Issaquah, WA says: |
Let it be said first, I passed this exam, so according to some of the comments previous, I should like it. No, I was not impressed. Greg's comments were pretty-much spot-on. The Security Plus exam did have a significant number of vague questions. I also felt there were several where there were multiple "correct" answers, with insufficient information to identify the "best." Note also, regarding the comment that it is hard to take a review seriously if he failed the exam. HUH? The best way for a columnist to lose a thinking audience is to allow too much personal baggage to intervene. Personally, of about 30 I've taken, I failed two. Maybe they were tough exams (they were), maybe I was insufficiently prepared (perhaps), maybe I was not in the right emotional shape to take (definitely, in one case.) It was NOT the exams' fault- it was mine. I would hope that Greg is keeping the same intellectual honesty. Finally, Comptia exams may be more expensive, simply because they are one-time. Good or bad because of that? Yes- good AND bad. Face facts- the field changes, and keeping up with it (and therefore paying for more certs to document that progress) is part of the biz. I wonder just how valid the Comptia cert that someone gained four years ago is today? |
| 4/7/04: Headin2thehall from NY, NY says: |
Ok, enough about the validity of this review... everyone goes into an exam with expectations and most come out with a completly different outlook than they went in with, some good & some bad ! I am Security Plus certified as well as CTT Plus, A Plus, Network Plus and Linux Plus. I'm also an MCT, MCSE, MCSA & MCDST, CNI, CNE and CLE. I believe that the courses to prep you for this exam and the MCDST that was mentioned are very valuable, much more so than the certifications themselves. I understand that CompTIA doesn't want this to be "platform specific" and that's a good thing, but I seriously believe they need to rethink their questions and move to something that tests the examanee's ability to apply security measures, rather than just knowing the obscure security concepts... they could have made this a much more valid exam with more questions directed towards performance rather than memory ! As for the MCDST exams... way too basic, I can't see them being of much value in this industry unless they are updated to also be performance-based... Identifying the methods of correcting real-life problems correctly rather than just generically identifying types of problems, or identifying solutions that are so obscure that no one would ever resolve that particular problem without the knowledge base in the first place. I only missed 1 question on the Security exam, not because I am an ACE on security, but because I spent countless hours studying the obscure info necessary to deliver the course. I never even studied for the MCDST, I took and passed both exams based on prior knowledge. The MCDST to me is a step backwards for anyone who is already Microsoft certified and is lacking so much for anyone who isn't yet certified, and is hoping to use this certification to break into the field. In my opinion: Microsoft, CompTIA and all the other companies offerring these certifications need to re-exam their testing process... Make them more difficult, but also more realistic and they'll hold their value to those of us in the industry ! |
First Page Next Page Last Page
|
|
|
|
