2023-12-31 13:29:00
On Discord someone asked why it's so hard for vendors to "just" make practice exams that are just like the real thing? To them, it seemed like an obvious market gap! And to be honest, who wouldn't want a proper test run while prepping for Security+, LPIC1 or even CISSP?!
Now, I'm no expert, but here's what I told'm...
Most importantly it's because you absolutely have to blackbox the practice exam creation. There can never be any doubt whatsoever that you as vendor stole copyrighted materials or that you lifted questions and concepts from the official materials.
You have to have proof of your process and show that none of your personnel have ever taken the real exam. This means you have to hire a group of SMEs (subject matter experts) and have them create a testbank of 2000+ questions which cover all of the exam objectives for that one exam. But they're not allowed to look at official materials ever; possibly not even the objectives themselves.
And then you have to do that ten-or-so times, to cover all the exams. So basically at that point, you are making a brand new exam and you're competing with Linux Foundation, LPI, ISC2, CompTIA, etc.
It costs a huge amount of money.
Since we're in an IT forum I can safely point you towards this, which is strikingly comparable... Look into how Compaq reverse engineered the IBM PC BIOS, so they could make IBM PC compatible devices. Very similar.
For the exam questions, taking the Compaq analogy, it would mean that you need to have a team that creates a very precise set of requirements and design decisions. Theoretically they could look at what CompTIA and other vendors do.
Then you would need that second team of actual SMEs to write those hundreds or thousands of questions, based on the specifications written by the first team.
And then possibly, you could get exams which are very close to what CompTIA does.
kilala.nl tags: studies,
View or add comments (curr. 0)
2023-12-27 20:33:00
OAuth is a topic that has popped up a few times in my certification studies (Security+, CISSP, CSC210), but in none of those cases the curriculum went in-depth on how it works. As in really, how do you implement it, what does it look like in action?
I'm currently going through PDSO's API security training, preparing for the exam. OAuth gets about twenty minutes of video in there and they do a relatively good job of explaining. But yet again, there's still a lot of details missing.
Today I spent five or six hours reading through the resources below, making a huge stack of flash cards so I can refresh what I learned at a later point in time.
For those who might struggle a bit with OAuth and how it would be implemented in code, here's an absolutely great example of a Javascript SPA (single-page app).
I then also read:
I also had no clue whatsoever about how those links worked, where you do something in a browser and it pops up an app on your smartphone, tablet or computer. I learned that's called app deep linking and it's something that's both really cool and that's had its share of vulnerabilities as well. This was a great read which taught me how the URI schema for app deep links work and how they can be attacked.
EDIT:
Oh my gosh, the folks at Curity made a great 8-part mini training that introduces OIDC and OAuth. Parts 7 and 8 perfectly explain 90% of what I wanted to know when I started my research.
kilala.nl tags: studies,
View or add comments (curr. 0)
2023-12-03 11:01:00
After my frustrating start with the exam check-in (started at 08:15, finished at 09:00), I did get to do the CompTIA ITF+ (IT Fundamentals) exam.
Tess? Why do this most entry-level of junior exams? Two reasons:
So what did I think?
I like the curriculum / objectives. They cover a wide range of topics, which I feel most people in IT should really be familiar with.
The exam itself was decent, though I'm not a huge fan of how a lot of the questions were worded. In some cases the grammar felt a lot more clunky than I'm used to from Linux+, Pentest+, etc.
I scored much lower than I'd expected! The range is 100 - 900 points, with a pass at 650. I scored 730, which suggests that I misread questions or that CompTIA wanted me to think about a question differently. Plus, I do believe that one or two questions, I got tripped up by the very weird wording.
Do I think ITF+ is worth it for the most junior students I will be teaching? Yes, the curriculum is worth it. But I do feel that the exam might be a bit frustrating for them.
kilala.nl tags: studies,
View or add comments (curr. 0)
2023-12-03 10:46:00
Today I took CompTIA's ITF+ exam at my office, using PearsonVue's OnVue testing software. This has gone wel for me 10+ times, but today it didn't.
What changed? I used a desktop Mac instead of my usual laptop. What else went wrong? The check-in process.
Let's start with that last one: the check-in process.
This has gone perfectly well for me 10+ times. You visit https://mobile.onvue.com on your smartphone, you enter the exam ID and you go through the wizard to take photographs of yourself, your ID and the room.
The big problem is that the "shutter" button to take the photograph went missing. It was impossible to take the photo.
In the screenshot above, you will see that:
This made it impossible to photograph my ID and to proceed with the check-in.
I contacted the PearsonVue support team via chat and they did not understand my problem. They asked for error messages, or told me to use my phone (I was), or told me to try my laptop (I didn't have one).
Why use a laptop? There is a secondary method of taking the photos inside the OnVue exam app itself. It uses your computer's camera for the photographs. This would have worked to some degree, were it not that I was using a desktop PC with a wired camera.
Plus it turns out that the Logitech 720p camera I have is not good enough to take these pictures as it has fixed focus.
After a lot of back and forth with support, I accidentally found out (by flicking the screen on my phone) that the camera shutter button is in fact on the ID page, but it's out of view. You have to scroll the layer with the overlay. That was 200% un-intuitive.
Later on I was also informed that my Wacom pen-tablet is not a permitted peripheral; that was on me, I should have know. Quickly switched to an old mouse.
Lessons learned from todays OnVue exam:
The rest of the exam, after checkin? Zero technical problems. I'll write about ITF+ separately.
kilala.nl tags: studies,
View or add comments (curr. 0)
2023-12-01 20:11:00
A few weeks ago my company become official Delivery Partner of CompTIA's, which means that I can now officially also teach classes on their behalf. I've already taught Linux+ for a few years, at ITVitae, but that's using my own materials and the Bresnahan/Blum book.
One other benefit to this partner status, is that we can purchase exam vouchers at a 20% discount. In this, I see the opportunity to help struggling newbies who want to break into IT, even if it's just a little.
In my life, I've was helped by a great number of people and thus I firmly believe in "lifting up" and in "paying it forward". If I can take a small financial hit, in order to help people take their exams at a cheaper rate, I'll gladly do it.
Having no prior experience in running a webshop (aside from a few internship projects 25 years ago!), I looked for the nicest-yet-low-barrier solution.
The Unixerius site is built using Rapidweaver, a MacOS WYSIWYG editor which has made it very easy to quickly whip up a decent looking site. I spent about an hour research options of affordable webshops, only to be happily surprised by Ecwid.
Ecwid are a webshop SaaS provider who offer a full frontend + backend system. They integrate with the payment providers I would need for the European market (Paypal, SEPA and Stripe, which offers iDeal). Their management system is excellent. And their frontend nativel integrates with Rapidweaver.
It took me roughly three hours to set everything up, from A to Z. And it all works very well, I was my own first customer by test-purchasing an ITF+ voucher.
I will not be doing any big marketing for this shop. It's intended to be a small way to help out struggling students. I'm not looking to piss off the big CompTIA partners by severly undercutting them on large amounts of sales.
Heck, I'm restricting voucher purchases to one-per-person, to prevent pissing off CompTIA themselves. :)
kilala.nl tags: work,
View or add comments (curr. 0)
All content, with exception of "borrowed" blogpost images, or unless otherwise indicated, is copyright of Tess Sluijter. The character Kilala the cat-demon is copyright of Rumiko Takahashi and used here without permission.