2021-06-01 19:08:00
It's a bit late, but people studying for the Pentest+ PT0-002 beta exam can probably use a list of all the differences between versions 001 and 002 of the objectives. I reckon the list could also be useful for students who want to give it a shot in October / November, because very few study materials will be available.
I've done a quick cross-reference of the objectives documents (also linked below), to make an Excel / CSV with the differences between the objectives. Careful, they're probably not 100% on the money.
CompTIA trainers get a licensed document that does a better job at explaining the differences, but we can hardly share that, right? My comparison document was made the hard way, literally cross-matching both objective documents. Hence why I may have made a few mistakes.
The official objective documents:
And here's CompTIA's official blog about the two exam versions.
kilala.nl tags: studies,
View or add comments (curr. 0)
2021-05-29 21:07:00
It's odd that I've never had much of a use for dynamic DNS solutions, but now that I'm testing VPN to my homelab I've also taken a look at AFraid's FreeDNS.
So far I'm enjoying the late 90s, early 2000s look-and-feel of their management interface. It's endearing!
kilala.nl tags: studies,
View or add comments (curr. 0)
2021-05-29 20:39:00
Well darn. The "slmgr -rearm" trick will no longer work, after renewing the trial licenses on my WinSrv 2012 boxen a few times. This means I'll have to rebuild my Active Directory and Certificate Services infrastructure on short notice. Better yet, it's time to do something with my/our partnership contract with Microsoft, to get official licenses for Win2016.
Oddly, Nicola's instructions on making the iDRAC6 remote console work on MacOS now fail for me. The connection that worked a month ago now reliably fails as "Connection failed".
Luckily, Github user DomiStyle is awesome! They've prepared a Docker container that runs the iDRAC connection software and makes two local ports available: 5900 for VNC and 5800 for the web interface. It's excellent!
kilala.nl tags: work, studies,
View or add comments (curr. 0)
2021-05-27 10:55:00
I don't know if my old classmate René is still reading along. If he is, he'll nod approvingly and think to himself: "told you so". :)
I feel very heavy-hearted, because I feel that I’m letting a few awesome people (Stephen, Thomasina, Rick B. at CompTIA) down.
I'm backing down from teaching the Pentest+ TTT. It seems that I’ve been harboring a lot of stress, piling on way too much for myself, without really noticing it. To make sure that I can still pay full attention to my family, my primary customer, my students at IT Vitae and my own studies, I have to drop this responsibility.
I was very much looking forward to helping CompTIA with Pentest+, but right now it would not be a smart thing to continue with.
kilala.nl tags: work, studies,
View or add comments (curr. 0)
2021-05-17 06:56:00
After completing PDSO's CDP (Certified DevSecOps Professional) two months ago, I was left wanting more. More CI/CD, more pipelines, more automation. That's when, via-via, I met Andrey Adamovich via LinkedIn. Andrey works with a collective of DevOps trainers, to teach his XA: Extreme Automation training.
To sum it up: I was looking for a little extra fun, to expand upon what I'd learned in the past two years and the price was right at €700 for a three-day training with all the labs neatly arranged for students.
To summarize my impressions:
Would I recommend Andreys class? Yes, especially to folks in my shoes (security engineer) who need a quick introduction to modern-day IT infrastructure.
As to what I've learned during class? Well, Ansible and Docker weren't new to me, but that's perfectly okay. Terraform was very nice to get to know better, while Packer and Kubernetes were eye-opening.
My biggest take-away is that I'm behind the times on modern-day infrastructure. This class has helped me recognize some of my bigger knowledge-gaps, which means I can now address them.
My first order of business in my homelab should be to attempt a complete rebuild, using Packer to create golden images and using Terraform to drive VMWare ESXi, instead of using Vagrant. From there on out, I should try to use my Gitlab instance together with K8s and Docker to run many of my services. Luckily I have two Dell servers for my lab, so I can repurpose an old laptop as Terraform+Packer box while using the smaller Dell to first test-run my configs.
The sad part is, as Andrey mentioned halfway through day 3: he expects that within a few years many apps and services will move to a server-less model, like Lambda or Azure Functions. That means that >60% of what we learned in XA will become much less useful.
kilala.nl tags: studies, work,
View or add comments (curr. 0)
2021-05-13 10:33:00
CompTIA often have beta releases for new versions of their exams. You'll notice my blog has articles dating back a few years, where I keep doing these beta tests, "for fun and profit". Most betas are open to all takers, but the CASP+ (advanced security practitioner) is "closed". With thanks to some very nice people at CompTIA I managed to get accepted into the closed beta.
Took the test this morning, at home via the OnVue testing solution. As before my experiences with OnVue were decent.
However! In a not-so-fun move, PearsonVue decided to do a big and unannounced IAM change! Anyone who's testing via PearsonVue for CompTIA, whom also has tested for other companies (such as Microsoft) has now been forced to take a new username. They literally changed everybody's login names, without warning them up front. And no, you also don't get an email. Now they have a warning on their login page, but last night I got a big fright because there was zero information!
Here's a few things I took away from the CAS-004 beta.
The exam gave me three hours time and took me between a bit less than two hours to power through without going back to any questions. There were plenty "bad" questions in there (see above) and a few where I honestly would not know the answer. Since this is a beta I decided to pludge it without studying any of the books or materials.
kilala.nl tags: studies,
View or add comments (curr. 0)
2021-05-02 09:12:00
Wow, it looks like this is really happening! Amazing! :D
I was recently contacted by Stephen, from CompTIA's CIN. They wondered whether I'd be interested in teaching the TTT (train the trainer) for PT0-002 Pentest+ in October.
It's daunting! It's exciting! It's gonna be a lot of fun! :)
kilala.nl tags: work,
View or add comments (curr. 0)
2021-04-30 09:41:00
Earlier this year I completed CIN's TTT (train-the-trainer) for Security+, CompTIA's entry-evel InfoSec certification. I hope to teach the subject matter at ITVitae or elsewhere in the near future, so I'd better prepare myself on the exam objectives.
Overall I'm pleased with the body of knowledge covered by Security+; there's a reason why I frequently recommend the learning path to colleagues starting out in IT security. The BoK covers security fundamentals which I feel should be understood by anyone in IT: developer, engineer, risk management, I don't care. Everybody in IT should know this stuff. :)
Paul Jerimy's excellent security certification roadmap places Sec+ at the foundational level. There's no shortness of comparisons between Security+, SSCP, CISSP, GSEC, CEH and others on the Internet, for example this one. Most of us agree: Sec+ is foundational knowledge for those starting in IT.
I sat the exam this morning, version 601, and I passed. Would've been worrisome if I hadn't! ;)
I'm pretty happy with the exam's contents: there's a decent spread of topics covered and only two out of my 82 questions were worded sub-optimally. The PBQs actually were pretty good!
kilala.nl tags: work, studies,
View or add comments (curr. 0)
All content, with exception of "borrowed" blogpost images, or unless otherwise indicated, is copyright of Tess Sluijter. The character Kilala the cat-demon is copyright of Rumiko Takahashi and used here without permission.