Just got back from scoring a 97% on the Microsoft Technology Associate Exam for Security Fundamentals. I found it to be the easiest certification I’ve taken to date, however, here are some tips to help you prepare:
My Previous experience:
- I just got my MTA Network certification as well as CompTia Network+, which actually gave me the answers to all items related to network security.
- 10+ years in telecom, IS/IT/Development roles
- Lots of other certs… I’ve taken nearly all MTA certifications now, mostly thanks to WGU (Washington Governors University).
My study time/process/tools:
- My only source was the Wiley text: Exam 98-367 Security Fundamentals (Microsoft Official Academic Course). I spent two nights reading this cover to cover, with the exception of the networking chapter. This book is a little dry, and the content is scattered, but everything you need is in there.
- I have a Windows Server 2008 R2 virtual machine to play with… the exercises in the book aren’t really helpful, but i found it helpful to play around with the server when they reference something unfamiliar. Its its too much trouble for you to set this up, you can get away without it.
What to focus on:
- Different types of password attacks – there were more questions on things like brute force, dictionary attacks than anything else.
- There were at least three question on digital certificates and digital signing (what are they for, who do they protect?)
- NTFS permissions – what happens to perms when you move a subfolder? What about copying files?
- Know the different layers of security presented in the first chapter of the book. Lots of questions like “Encrypting a thumb drive is an example of ___________” with possible answers of integrity, confidentiality, etc.
What to skip:
- That book has a lot of stuff unrelated to security. While it is important to understand some concepts, don’t waste your time memorizing stuff unrelated to security. Examples of what I mean below:
- You don’t need to memorize the OSI model (if you haven’t already). Just know the security-related nuggets you read about. A question you might see on the exam would be: IPSec operates at layer ______ of the OSI model.
- Don’t memorize the extra stuff in the tables presented in the book. Example: the test may ask which file systems support NTFS, but it will probably NOT ask what the maximum filesize is for NTFS.
Most of this exam is common sense, especially if you already go about your daily life in a safe and secure manner when it comes to computers. Just read each question carefully. But if you are the type of person who isn’t sure what type of wireless security your home network is using, or have never dealt with setting file permissions, you will probably want to take some time and read the text.
Good luck!