Less Frequently Asked Questions

People often send me questions via the contact page. They aren’t frequently asked questions, so I’m not adding them to the FAQ page. However, I do my best to answer these and thought that they might be valuable to others so I’m going to start posting some of the answers here.

They’re organized in the following sections.

Technical Questions

  • I have a couple of questions about the firewall rules answer you gave.
  • I have a question, what is a better way to secure a password? Salting it, or encrypting it with a stronger algorithm ???
  • Security+ : GCGA | Chapter 8, question 16

I Failed – Any Advice?

  • 5th time fail. respectfully seeking help
  • I just failed. Can you give me some advice?
  • Trying pass SY0-401 Exam, 3rd try

Braindumps

  • Should I use xxx?
  • Are the practice test questions exactly like the real exam?

Am I Missing Something?

  • Do you provide something to unzip the files?
  • Does 30 days mean 30 days?

 


 

Technical Questions

I have a couple of questions about the firewall rules answer you gave.

Hi Darril

I’m working my way through your study guide using the Kindle version bought from Amazon.

I have a couple of questions about the firewall rules answer you gave:

1. Rules 1 and 2 are identical. Why do you list both?

2. Most firewalls would allow you to group http and https to a particular webserver so I would say that is 1 rule. Do you disagree?

3. I think any competent admin would not clutter his firewall rules up with rules 4 and 5. It makes a long rule list hard to read. I guess that’s basically what you wrote. I think you should also clearly state how many rules are actually needed. I would say 3. Do you disagree?


Here’s my response.

First and foremost, the book is designed to help people take and pass the Security+ exam. With that in mind, I’m presenting the material in such a way that readers can understand the concepts.

> 1. Rules 1 and 2 are identical. Why do you list both?

Without a page number or section title, I’m having to guess what you’re asking about.

I’m thinking that you are referring to Table 3.3 on page 168 in the “Firewall Rules Solution” section. Note that the first column indicates the requirements listed on page 158 (not a rule number). There are six requirements.

The first line identifies the rule you would use to meet requirement 1. The second and third lines identify the rules you would use to meet requirement 2.

Your email indicates you probably have more expertise with firewall rules then most people.

In contrast, imagine that Homer doesn’t have your level of experience. While studying, he really wants to know what rule(s) he would use to meet requirement 2 and he can exactly what they are in Table 3.3.

> 2. Most firewalls would allow you to group http and https to a particular > webserver so I would say that is 1 rule. Do you disagree?

Again, the goal of the book is to help you pass the test. For the test, it’s important that you know the ports. If a question asks you to block both HTTP and HTTPS but you answer with only 80 or 443, you will not answer it correctly.

> 3. I think any competent admin would not clutter his firewall rules up with > rules 4 and 5.

I’m assuming you mean column 1 in Table 3.3 listing requirements (not rules). They are:

4. Block DNS zone transfer traffic from any source to any destination. 5. Block all DNS traffic from any source to any destination.

Table 3.3 shows the rules you’d create to meet these requirements. If a question asks you to create a rule based on a requirement, you won’t find an answer like B. A. … B. Any competent admin would not clutter his firewall rules up with these requirements C. …

> I think you should also clearly state how many > rules are actually needed. I would say 3. Do you disagree?

Yes. To meet the six requirements, you need six rules. Admittedly, one of the rules is repeated twice in Table 3.3 so the table has seven lines, but it is six rules.

Hope this helps.

I have a question, what is a better way to secure a password? Salting it, or encrypting it with a stronger algorithm ??

Hello Darril, I have a question, what is a better way to secure a password? Salting it, or encrypting it with a stronger algorithm ???


This question was difficult to answer on many levels so I responded with this:

What’s your context? What is prompting you to ask? What is the goal? What has your research indicated to you?

Which of these is the better color? Blue or green?


The answer was:

Thank you for your reply. I was talking to a friend who has been attending a boot camp and he mentioned this topic. We both had no idea and I am not sure that his boot camp was very helpful. I have done research and I am not sure which one would be a better choice.


I asked again:

Can you answer this question? Which of these is the better color? Blue or green?


And the response was:

Truthfully, I can’t. Now, I understand your point. It was just a weird topic and that is why we were confused.


I ultimately gave a fuller answer that included this text:

Which of these is the better color? Blue or green?

Yes, there simply isn’t a good answer. I asked my wife this, and she gave the perfect response “for what?”

That said, it’s always great when I can help someone understand a concept with a metaphor.

What’s the best color to use when painting the sky? Blue or green?

What’s the best color to use when painting grass? Blue or green?

These are much different questions and the answers are much easier to understand.

> >>> I have a question, what is a better way to secure a password?

> >>> Salting it, or encrypting it with a stronger algorithm ???

Does a hash encrypt? Yes, it’s one-way encryption.

Because of this, your original question doesn’t really make sense.

What algorithms use salts? Hashing algorithms.

So what hashing algorithms are you comparing against a stronger encryption algorithm?

Is it a bluer blue? Or a greener green?

What’s your goal? Where would you store the password? Typically a database.

How much space do you want to use to store each password within the database?

How much space does it take to store a salted SHA-2 database? (Hint, it’s always the same.)

Try it here:

A password of password is

5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8

A password of IL34ILaisoeve24$#

edaf8a9e807e5128e831c350b2984121836ead50934b52d5b05e112bf668b759

How much space does it take to store a password encrypted with AES?

Try it here:

Enter a password of password. How big is the result?

Enter a password of IL34ILaisoeve24$#. How big is the result?

How much space does it take? (Hint, it’s not always the same.)

Is a larger database an acceptable side effect of using traditional encryption rather than hashing?

It depends. Do you want a bluer blue? Or do you want a greener green.

Security+ : GCGA | Chapter 8, question 16

In Chapter 8 Practice Questions, question 16 asks what does this packet capture log means:

16:12:50, src 10.80.1.5:3389, dst 192.168.1.100:8080,syn/ack

In the answer section, it’s written that it concernes an RDP connection attempt. My question: While a RDP server listens on port 3389, shouldn’t the source have initiated a communication on a random high port and the destination would have been 3389 without a proxy and 8080 with a proxy (in this situation, there seems to have a proxy involved).


Here’s part of my response.

Think about a TCP three-way handshake (chapter 3, Figure 3.1).

1) Syn 2) Syn/Ack 3) Ack

Which packet (1, 2, 3) in the TCP three-way handshake is referenced in the question?

> shouldn’t the source > have initiated a communication on a random high port and the destination > would have been 3389

That makes sense. However, which packet (1,2,3) in the TCP three-way handshake is the communication initiated?

 

Hopefully, you can answer my questions and figure this out on your own. However, if you need a blunt answer, you can see it at the bottom of this page in the section titled “Blunt Answer on TCP Handshake query.”


 

I Failed – Any Advice?

I understand how devastating it can feel when you fail an exam. However, I also know the steps to turn this into a pass are often the same. Check out this advice that I’ve offered to others.

Update: Do this study self-assessment to evaluate your study habits.

 

5th time fail. respectfully seeking help

Darril,

5th time fail. Scoring 720-730 consistently. Outside of me just being stupid, I have read your book, Messers book, Comptia book, listened to Messer vids, Nugget vids at least 3 times over. I memorized your “performance” section. I ace the comptia bundle questions yet test time I get so confused on these scenario questions. What it is and definition no problem, putting it all together… problem. This is so nerve racking. Need some advice please or another study avenue. Is there online tutoring ?

respectfully seeking help…


Here’s my response.

First, check out this blog post: Reject Rejection.

Check out the snippet of my response to someone else related to the test printout.

> I ace the comptia bundle questions

Acing the questions isn’t the only goal. Ideally, you should ensure you know why the correct answers are correct and why the incorrect answers are incorrect. This way you can correctly interpret the questions no matter how they are worded. Check out this post on interpreting security questions.

> I memorized your “performance” section. Memorizing isn’t the key. Understanding it is. I looked at your scores for Set 10 of the performance-based questions and the extras quiz and don’t see a single time you received a passing score. I also don’t see any record of you taking the Test Your Readiness quiz.

  • Quiz: Security+ Performance-Based Questions – 17.81% Score 3 out of 22 question(s) . Points: 13/73
  • Quiz: Security+ Performance-Based Questions – 61.64% Score 10 out of 22 question(s) . Points: 45/73
  • Quiz: Security+ (SY0-401) Extras Test Mode – 30.77% Score 4 out of 13 question(s) . Points: 4/13

Check out this blog post: Are You Willing to Pay the Price?

You haven’t accessed the online quizzes since March. We’ve added content since then and you can see a listing of what we’ve added here.

I hear from people almost every day telling me that they’ve passed the exam after using the book and/or materials on the premium site. You can too. A score of 720-730 indicates you are only a few questions away.

If you access the online materials again, ensure you’re scoring at least 90% on the following quizzes:

  • Test Your Readiness quiz (Titled Think You Are Ready? Try This Random Quiz)
  • Extras test quiz (currently has 24 questions)
  • Set 10 of the performance-based questions (currently has 24 questions)

Note that a passing score is 750 out of 900, which equates to about 83% as a passing score. Getting 90% using the online materials helps give you some wiggle room.

While passing scores of 90% on these important quizzes is important, it isn’t the only indicator of success. You are.

Ideally, you should ensure you know why the correct answers are correct and why the incorrect answers are incorrect. This way you can correctly interpret the questions and answer them correctly no matter how CompTIA words them.

Good luck,

Darril

I just failed. Can you give me some advice?

Hi Darril,

I just failed my SYO-401 Exam …. The performance based questions had some terms and concepts, such as sensitive-enclave, confidential-enclave, or paradigm…that I could not understand them. I have to retake the test until I can pass it because it is a “must” for my current job. I don’t feel confident for my next attempts. Can you give me some advises? Or do you know what training course I can take to help me pass the SYO-401 exam? Thank you very much for your help.


Here’s my response.

Sorry to hear you dropped the exam.

Check out this blog post for some clear directions.

I hear from people almost every day telling me that they passed using the study guide and/or packages on the site. However, I also know that CompTIA has modified the exam making it more difficult. Additionally, they often add beta questions from other exams and I suspect they’ve been adding beta questions for their next certification Cyber Security+ (CSA+).

If you come across something that is completely foreign on the exam, the best thing to do is just skip it and come back to it after finishing the remaining questions.

The terms “sensitive-enclave and confidential-enclave” aren’t familiar to me either. However, understanding English, I can put them into context.

That said, if I saw a question with those phrases I would leave it until last and then take the time to try to interpret what it asking.

– The dash indicates it is combining two words to create another term. For example, “three-sentence” as in “three-sentence paragraph” simply combines the words three and sentence. If you can define the words “three” and “sentence,” you can figure it out. It’s a paragraph with three sentences.

– An enclave is simply a protected or isolated area or group.

– Terms such as sensitive and confidential are classifications.

– Combined it indicates some type of protected area or group based on classifications.

Access control models provide different ways of doing this so my guess is that the question is probably asking something about an access control model. If you understand the access control models (DAC, MAC, Role-BAC) you should be able to answer the question. Then again, if the access control models aren’t clear, this could be completely foreign.

Note that my intention here is not to give you the answer to an actual question. Instead, my intention is to help you understand how to interpret a question.

Last, one of the things I often stress to people is the importance of knowing why the correct answers are correct and also knowing why the incorrect answers are incorrect. This way you have a much better chance of accurately interpreting the questions and answering them correctly.

However, if you go through the questions enough times focusing only on the correct answers, you can easily memorize them. You’ll be getting good scores but fooling yourself into thinking you understand the underlying content.

Hope this helps.

Trying pass SY0-401 Exam, 3rd try

Mr. Gibson, Hello. I am seeking your expertise and advise. I have tried passing the SY0-401 exam again and did not pass the exam. I have done all to understand & pass. I took a bootcamp SY0-401 class; purchased a study guide book from [xxx] ( Itilized the CDC only), used [xxx] and took the practice exams over and over again until I made solid 100s and I sat and listeded to all 275+ [xxx] videos om YouTube. I have accomplished many in my life, college degrees, served in the military and possess a vocational license. This is by far the most hardest thing for me to do…pass Security+ – SY0-401. To be honest, I am not proficient with WI-FI but trying to understand it more. I continue to hear from persons who are studying the same exam mention your name. Before I start buying and paying for more study materials, could you send me your most current SY0-401 link, so that I can try 2 more times with my goal of passing the SY0-401 exam. GOAL…I hope to pass no later than Feb 1, 2017. Thank you in advance and great day.


Here’s most of my response.

Sorry to hear you’re having trouble.

Your emails reminded me of the three habits commonly adopted by successful people. 1) Figure out what works and keep doing it. 2) Figure out what doesn’t work and stop. 3) Try new things.

I don’t know what your study habits are, but the results indicate they aren’t working.

Also, your words indicate passive studying, so you might like to switch to an active studying method.

You might like to check out this LFAQ: “I Failed – Any Advice?”

This blog post might help too:

> …could you send me your most current SY0-401 link… CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

Security+ Practice Test Questions

Security+ Full Access Package Includes questions, audio, and flashcards

Full Security+ Course: Includes Full Access Package + full text of study guide in an online format

I hear from people almost every day that pass the exam using the study guide and/or study materials on the site.

> …took the practice exams over and over again until I made solid 100s… I also occassionally hear from people that tell me they’re scoring more than 90% on the online quizzes but failed the exam. However, their online scores tell a completely different picture. Check out this post:

I’m not sure why there’s such a direct disconnect. It’s entirely possible people are just remembering their best score and forgetting the rest.

> …took the practice exams over and over again until I made solid 100s…

A danger with taking the same practice test questions over and over is that you can inadvertently remember the questions and answers. This is not a recipe for success.

This would sound a lot better if you said this: …took the practice exams until I was consistently scoring over 90% and I truly understood why the correct answers were correct and why the incorrect answers were incorrect.

When people use the online materials, I encourage them to check out this FAQ before taking the live exam: “Am I Ready?”

> GOAL…I hope to pass no later than Feb 1, 2017. I love goals. I would encourage you to change it to this:

I will pass the Security+ exam no later than Feb 1, 2017.

> I took a bootcamp SY0-401 class; > purchased a study guide book… > I sat and listeded to all 275+ (videos)

Some of your words (took a bootcamp, purchased a study guide, sat and listened) indicate passive studying, so you might like to switch to an active studying method. This is often as simple as taking notes, rewriting notes, and studying notes.

This blog post includes seven steps you can follow to get the Security+ exam in 30 days. 30 days is aggressive for some people. If desired, you can double the timings to make it 60 days or triple them to make it 90 days. However, I’d suggest that you have a lot of knowledge from your previous efforts. You only need to focus your studies with a specific path of study.


Unfortunately, I don’t think she received my email response. After sending the email, I received a message indicating the email address she used in her query was incorrect.

Still the feedback may be useful to others.


 

Braindumps

Should I use xxx?

I recently received this question from someone using material on this site.

I’m taking the exam on the 22nd of November. I’m passing your exams but I still need to put in more study so I can pass the test without any worries. I will renew and I have a question for you. Is xxx* worth the purchase to use along with your program? I love your program but there are those in the peanut gallery stating I need to buy pass4sure.

* The name of a known braindump  source was replaced with xxx.

Here’s part of my answer.

Xxx has been known to be a braindump source. You might like to check out this blog post.

CompTIA states that you can lose your certification if you use braindumps and be banned from taking a CompTIA exam for 12 months.

You can query CompTIA to see if they consider it a braindump today: .

Even if you don’t get caught, braindumps cause other problems. They typically don’t have explanations for all the content and are known to have incorrect answers. People that use them memorize the questions and answers and fail, often without knowing why.

This LFAQ page includes a question from someone that failed the exam 5 times after memorizing content. “I Failed – Any Advice?”

Additionally, people that memorize questions and answers stumble during job interviews. They don’t get hired (and again often don’t know why).

Your choice though.


Here’s an important point that I didn’t mention to this gentleman. There is absolutely nothing wrong with using other  study materials and I won’t say anything negative about legitimate study materials. Different study materials can help you look at topics from the perspective of another author. In many cases, this can help you clarify a concept. It is very common for someone to use more than one study source to pass any certification.

However, braindumps are not legitimate study materials.

Are the practice test questions exactly like the real exam?

Question: Are the practice test questions exactly like the real exam?

Answer: No. That would be cheating.

Our intention is to provide quality practice test questions and other study materials that help you pass the exam. Gratefully, we hear from people almost every day telling us that they passed the exam using the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide and/or study materials on this site.

Practice test questions that are exactly like the real exam are often called braindumps. You might like to take a look at this post:

And this LFAQ:


 

Am I Missing Something?

These emails didn’t arrive on April 1st, but when I first read them, I wondered if I was being pranked.

Do you provide something to unzip the files?

Hi Darrill,

I downloaded the audio files to my computer.I do not have software to unzip the files. I get a pop up that asks me to purchase winzip software. Do you provide something to unzip the files? When the files are unzipped how do I load them to my iphone? Thanks


Then a little while later…


Darril,

I am set I have purchased you book your practice app for my phone and now your audio tapes so I can be productive thru out the week end while working outside and driving in my car. How do I open the zip file on my iphone 6 and on my computer? when I try to place it on my computer I get a notice stating the want me to pay for something to open the zip fie. I also nee to get it on my iphone Thanks


Here’s part of my reply.


I received your two emails.

> Do you > provide something to unzip the files?

There are multiple options and at first I thought that you were pranking me by indicating you didn’t know how to open a zip file. If this is new to you, you may find that you need to study much harder to pass the Security+ exam than someone with prerequisite knowledge and experience.

At any rate, I don’t know what operating system you use. Try this.

1. Open a web browser. 2. Go to Google.com 3. Type in “How can I unzip files” or “How can I unzip files for free” or “How can I unzip files on Windows” or “How can I unzip files on Linux”

You’ll see that there are many choices to help you.

> When the files are unzipped how do > I load them to my iphone?

Once you unzip the files, try this. 1. Open a web browser. 2. Go to Google.com 3. Type in “how can I transfer mp3 files to my iphone” or “how can I transfer mp3 files to my iphone 6”

You’ll see that there are many choices to help you.

Hope this helps.

Darril

Does 30 days mean 30 days?

> Hi I am looking at purchasing this study package for the labs etc. > but is it valid for a specific length of time ? As I am liking to take > security exam but I am worried if it’s subscription only I won’t > have enough time Please let me know


Here’s part of my response:

Yes, as described on these pages depending on what package you want: http://gcgapremium.com/pass-the-security-sy0-401-exam-the-first-time-you-take-it/ http://gcgapremium.com/full-security-course/ Renewals are available at a reduced price.


Then a little while later…


 

> Ok so I am looking at getting the security + study package (basic > package) at a cost of $34.99. It says on your website includes 30 day > online access. So I understand this package will be valid for 30 days?


Here’s part of my response:

I’m puzzled…

You’re asking if “30 day online access” means it will be “valid for 30 days”?

I’m not sure if you’re pranking me or not.

….

At any rate, the answer is Yes.


* Blunt answer. It’s better if you discover  the answer on your own. However, here’s a more direct answer if you need it.

Blunt Answer on TCP Handshake query

Blunt Answer on TCP Handshake query

Think about a TCP three-way handshake (chapter 3, Figure 3.1).

tcphandshake

1) Syn 2) Syn/Ack 3) Ack

Which packet (1, 2, 3) in the TCP three-way handshake is referenced in the question?

The question included this line (emphasis added).

16:12:50, src 10.80.1.5:3389, dst 192.168.1.100:8080, syn/ack

The “syn/ack” indicates the question is referencing the second packet. In other words, it is the packet returning from the server.

> shouldn’t the source > have initiated a communication on a random high port and the destination > would have been 3389

That makes sense. However, which packet (1,2,3) in the TCP three-way handshake is the communication initiated?

The TCP three-way handshake  is initiated in the first packet (syn).

However, the question is not referencing the first packet, it is referencing the second packet.