Network Security Library
Javascript Feeds    RSS Feed    Security Dashboard    SearchSecurity.com
About | Contact | Advertise | Site Map
Print Printer Friendly      PDF PDF Version
intrusion detection E-mail      Save Save This

Decrypting the Different Exam and Certification Models


{LANG_NAVORIGIN} Certifications
By: Derek Melber, 04/21/2005



[Editor’s Note: The following excerpt is from Chapter 2 of the free eBook The ExamPrep Guide to Security Certifications (Realtimepublishers.com) written by Derek Melber and available from a link at http://cc.realtimepublishers.com/portal.aspx?pubid=325.]

Certification exams come in many formats, packages, and venues. Some are considered to be very easy; others are considered to be nearly impossible to pass. In this chapter, we will look at the different exam formats that you might encounter in your quest for security certifications. As exams develop, the format might change over time as a result of new OS and product versions. The exam formats that we will investigate in this chapter include: Most exams in the technology space use the conceptual exam format. These exams are the easiest and least expensive to develop. Conceptual exams are often used for standardized testing for grade school children; thus, you have likely been taking these types of exams since you were a child and they are very familiar to you. In this chapter, we’ll delve a little deeper into this exam format to give you a better understanding of the exams that fit into this category as you pursue your certification.

As we will explore, the virtual and hands-on exams are the rarest of all of the exam formats. These exams pose unique problems for development and distribution, pushing the development budget into a higher bracket than for other exam formats. These high exam development costs are then pushed to the candidate. These limitations make these types of exams less popular than conceptual exams.

This chapter will also discuss the idea that some certifications require a single exam; others can require multiple exams—as many as eight exams in some cases. As you investigate your certification options, you will need to consider whether you want to pursue certifications that require multiple exams. There is a perception that more exams per certification make the certification more valuable. Although this idea holds some validity, some of the more sought- after security certifications require only one or two exams to obtain certification.

In some cases, certification can be obtained without taking any exams—well, at least not any that are on the track for the certification. Through a process called grandfathering, IT professionals can obtain a certification by proving knowledge and experience and having other related certifications. In the section on grandfathering, you can determine whether you agree with critics who feel that this process is not valid.

This chapter will finish up by talking about how to choose a certification and certification track that is best suited for you and your goals. You will need to consider why you are driving towards a certification and for which area in the security field you are aiming. There are certifications for every level, job description, and responsibility. You will need to get your road map organized so that you don’t waste time on certifications that don’t help you succeed.


Conceptual Exams



As you might remember from grade school, conceptual exams provide a short scenario with four or more possible answers. These exams are by far the most popular of any of the exam types, as they are easiest to create and deliver. The following question provides an example of conceptual exam content:

What is the popular name for an attack in which the attacker spoofs the source IP address in an ICMP ECHO broadcast packet so that the packet seems to have originated at the target computer in an attempt to flood the system with REPLY packets?
  1. SYN Flood attack
  2. Smurf attack
  3. Trojan Horse attack
  4. Ping of Death attack
This example shows a typical conceptual question that you might see on any of the security exams that are delivered in this format. Notice that the scenario is not very deep and is kept very generic. There is no mention of the OS of the attacking computer or the target computer. There is also no mention of the tools that are used for the attack. The generic nature of this item makes it easier in one sense—you don’t need to know specifics about any one tool or OS—but the lack of detail might also make it difficult to answer.

These exams are more popular than the other types of exams as a result of the low overhead to produce, manage, and deliver them. There is no need to develop an OS interface or simulate how an OS might act or react for anything in the scenario or the answer choices. In essence, there simply needs to be a subject matter expert (SME) and an editor to produce an exam of this caliber.

What is the typical experience for the candidate taking one of these exams? Many of the exam questions have answers that can be looked up in a dictionary or a technical glossary in any of the technical guides that are sold at your local book store. The format does not really make for a highly complex exam, but it does require that the candidate know about many different areas related to the exam topic and scenario.

In the previous example, the candidate must first understand the lingo being used. Words such as “spoof”, ICMP ECHO, and packets must be understood before the answers can be investigated. Without the knowledge of the base terminology in the question, the answers will be nearly meaningless. When it comes to the answer choices, the example forces the candidate to know about four totally different technologies and attacks. Only those that have experienced these forms of attacks or have studied about the attacks will know the answer to the question.

Multiple Select Item Questions


Another type of conceptual exam question that you might see is the multiple select item, which has a similar format to the multiple choice format. The difference between a multiple select and a multiple choice is that a multiple choice requires you to choose “the best answer” of the possible answer choices, whereas the multiple select has you select at least one of the answer choices. The following example illustrates a multiple select question:

You want to increase the security of your communications and data. You decide to purchase one or more certificates from a Web-based Certification Authority. Which of the following can result in increased security with the use of a certificate (choose all that apply)?
  1. Web pages
  2. Email
  3. E-commerce transactions
  4. File transfers
  5. User authentication
Although this question looks very similar to the previous sample question, it is radically different. The difference comes in the level of knowledge that the candidate must know. In the multiple choice example, the candidate could have answered the question by knowing information about the correct answer; the format doesn’t require the candidate to know about the distracter (incorrect) answer choices. In the multiple select example, the candidate will successfully answer the question only if all of the correct answers are selected. This format requires the candidate to be fully aware of the technology that drives every answer choice. If the candidate knows that answer choice 1 and 3 are absolutely correct, the candidate must still make decisions about 2, 4, and 5. As you can see, the multiple select item raises the complexity of the question.

Format and Style of Conceptual Exam Questions


So far for the conceptual exam discussion, we have been focusing on the exam questions themselves. I also want to talk a bit about the format and style of the questions. There can be great disparity in exam question complexity with just a change of few words in the question. Take a look at the following two examples:

Which remote access protocol can use IP Security (IPSec)?
  1. PAP
  2. CHAP
  3. PPTP
  4. L2TP
You need to configure remote access to provide non-repudiation and integrity of all communications. Which protocol should you select?
  1. PAP
  2. CHAP
  3. PPTP
  4. L2TP/IPSec
The change in language and tone is different, but the words are not much different between the two examples. The result for the candidate is much different. Using psychometric terms, the second example will discriminate between qualified and unqualified candidates better than the first example. The reason is that the second example requires that the candidate know two levels of knowledge, whereas the first example can simply be looked up in a glossary.

Conceptual exams are typically more difficult when the candidate is required to analyze and/or troubleshoot information in the question. Questions that require this analysis or troubleshooting skills indicate more about the candidates’ knowledge and experience than questions that can be looked up in a dictionary or glossary.
















E-Mail Link

Your IP address will be sent with this e-mail
From e-mail to e-mail



Stats
9214 Views
4.4/5 Rating
5 Votes
Papers
Newest
Highest Rated
Most Viewed
Reference

Services
Javascript Feeds
RSS (New Papers)
Security Dashboard

Our Stuff
About SecurityDocs
Advertise
Contact

Valid HTML 4.01!
Valid CSS!


Unless otherwise noted, all paper copyrights are owned by the author. The rest copyright 2003-2005 TechTarget

Privacy : Contact