I have finally begun the road of post-college continuing education (way behind schedule!). Today I passed what I consider my warm-up certification: Security+. Go me!
I was surprised by some of the questions on the exam, for instance what protocol does the ESP portion of IPSec run over? I had no idea (heck, I don’t think I really knew what they meant by that!). Interestingly, Wikipedia knows! I think if I have any advice on this test, look up the objectives not just in books but also Wikipedia.
Some other questions I see as rather tough for someone who has been in IT a while. “What is the first thing to do in XYZ?” You can easily overthink some of the questions and/or argue the subjectivity of some of the answers. There was another rather technical question that I wish I had the answer to (or even how to look it up!). If an unauthorized user got hold of a Linux /etc/passwd file, what would likely be the cause? SSH 0.9.4 (I might have that # wrong) installed and configured; Sendmail set up with access to administrator’s web mail; SSL something using the Apache account without virtual hosts defined; FTP server with anonymous access configured. I was like, “huh?” I could maybe pop SSH if that version is vulnerable to something, maybe that sendmail answer is referring to being able to remote in as root, maybe that Apache account has root level permissions, or maybe that FTP server somehow allows access to the otherwise normally protected /etc/passwd location? I think I answered the SSH one…no clue if that was correct.
I’m pretty sure the exam is taken from a pool of questions so I don’t see them all, but I was surprised by the number of MAC (Mandatory Access Control) questions I had (at least 5!), some of which were almost word-for-word like others. Anyway, I don’t want to go over too many questions from the exam, but suffice to say it is a nice mix of technical and conceptual questions dealing with security.