Certification Questions on Information Systems Security
written by: Steve Mallard•edited by: Bill Fulks•updated: 5/23/2011
What questions are on the certification exams for information security? What do students and personnel need to know to pass the exams so they can earn a professional certification?
slide 1 of 5
In today's world of malicious activities on the web and with network breaches, it is important that organizations and businesses prepare their information technology and information systems personnel. One of the best ways to prepare is to have these personnel attend classes to obtain certifications. With the vast amount of technology that exists, training these personnel is imperative to keep your data safe and secure.
While there are many vendor and vendor neutral organizations that certify personnel, self-study is good for experienced personnel but a classroom environment is good for networking with peers and the class mentor.
slide 2 of 5
Major Certification Vendors
CompTIA offers several certifications that cover a broad range of areas. CompTIA offers Security+ which has become the entry level certification for personnel wanting credentials in security. One of the better policies CompTIA has recently implemented is the expiration of certifications after a period of time. This insures personnel remain up-to-date on security.
Microsoft offers certifications that focus on Microsoft products and the engineering behind networking and security. Because Microsoft is the number one used product in business and industry, the IT personnel in your organization will reap the rewards of certification with Microsoft exams.
CWNP is an organization that specializes in wireless technology. The CWSP certification is a certification for professionals that have the skills to secure Wi-Fi networks in the enterprise.
ECCouncil offers multiple certifications in the security arena. While ECCouncil is best known for their CEH (Certified Ethical Hacker) certification, advanced certs such as Licensed Penetration Tester, Certified Security Officer and other high end certifications are available. ECCouncil also offers entry level certifications such as Security5, Wireless5 and Network5. With this assortment of certifications, all personnel within an organization can certify.
SANS offers information security training by industry leading expert. SANS covers many fields that include auditing, leadership, programming (application), networking and forensics.
Cisco technology helps to run the internet and world. Cisco offers the CCNA Security certification that verifies the skills required to secure Cisco networks.
While there are many other vendors that offer certifications, these are some of the larger organizations that are trusted in the information technology industry.
slide 3 of 5
Practice Certification Tests
In order to understand the curriculum (self-study or instructor lead), anyone wanting to obtain their certification should look over the objectives of each vendor.
CompTIA offers downloadable objectives from their website. TheSecurity+ overviewis located on their website You can download the Security+ objectiveshere.
Microsoft gives a breakdown of eachcertificationon their website. Study guides and recommended reading is also categorized on the site.Student,ProfessionalandIT Managerportals are available thus making career guidance easier for anyone wanting to take an exam.
SANS providescourse outlines, dates, class times and exam breakdown information.
By purchasing courseware and reviewing the objectives along with self-paced study kits, IT personnel can gather what is on the exams through studying the materials required for the exam. Official courseware with these organizations provides the questions and information to pass the individual courses.
slide 4 of 5
Questions and Ethics
Being a security analyst, I could easily give out the questions I have seen on exams but I won't. So what information is on the exams?
This clearly depends on the exam. All security exams regardless of their level ask basic security questions involving the operating system, internet security, information on patches, updates and service packs, user login information, networking, physical security, auditing and other common security topics. Furthermore, the exams often pull questions from a bank of questions so that no two tests will have exactly the same questions.
Should you or your personnel use DVD, CD or other study guides? My personal recommendation is to stick with official courseware of the certifying vendor. This insures you will see the information that will be on the exam and all topics will be covered. Official courseware offers sample questions, exams and some offer exam portals.