Hello, I'm searching for an CompTIA A+ instructor to teach our online courses to our students in Cape Town, South Africa.

Hello CIN Community!

I'm reaching out to connect with fellow instructors who share a passion for making a difference in underserved communities, particularly those at Historically Black Colleges and Universities (HBCUs). As members of the CIN, we have a unique opportunity to collectively empower those communities with the skills and certifications needed to excel in cybersecurity and IT.

I'm currently working on an initiative to develop and support cyber range and training programs for local HBCUs in Baltimore, MD. The long-term goal is to scale these programs across all 100+ HBCUs. The goal is to create immersive, hands-on experiences that span foundational IT skills to advanced cybersecurity certifications, leveraging CompTIA's courseware and certifications as a central part of the curriculum.

If you're interested in contributing to this vision or if you know of any similar programs in the space, I'd love to hear from you. Specifically, I'm looking to:

• Identify CompTIA Instructors interested in partnering on or mentoring for these programs
• Gather insights from those who may already be involved in similar initiatives
• Source any existing resources, best practices, or ideas that would help make this program impactful and sustainable

Together, we can help bridge the IT and cybersecurity skills gap and open new doors for talented students in these communities. Please reach out here or via a direct message ([email protected]) if you're interested or have resources to share. In the meantime, I will be scouring the forums for ideas and similar discussions.

Looking forward to collaborating,

Brandon Royal, MSCy, CSIE, GSTRT, CISSP

So, I am really confused about maintenance fees. My understanding is we only pay for the most expensive cert and even then... Not sure how this works when you have multiple at the same level. I am also unsure when it starts. Looking at Continuing education, I have a lot of certifications, and I am confused about whether I need to pay anything this year.

I also see that most of my certs this year have not been sent to fulfillment. I think this is the paper certification.

Any way... I'm hoping I have a budget left over at work, and I can pay some of these, but I'm really confused as to what I should pay.

It looks like I partially paid Cloud+, and since it is listed in the professional series, is that the only one I need to care about?

Here is a transcript if you want to help me

Hi All,
I would have sworn they discussed having example videos for the various labs in Net+ 009 CM Perform. I can't find them for the trees - so to speak.
Can someone point me in the right direction?

Also, are there any explanations or videos for the few PBQs in the CM Perform final?

I trying NOT to reinvent the wheel if they are already somewhere I'm over looking.

Thanks in advance CINners,
Amy

I'd like to get some input from the CIN community regarding Cyber Threats.
What do you see as top ones???

I’m thrilled to have been part of this incredible CompTIA EMEA partner conferences as a speaker! The energy was amazing, and I had the chance to meet some truly inspiring people. This experience has left me more motivated than ever. Can’t wait to step back onto that big stage next year!

Great job @Stephen Schneiter

I attended the Cloud+ TTT sessions. How do I go about claiming my voucher? Appreciate the support, I am new here so not familiar with the process.

Hello,
I am an instructor at a CompTIA Corporate Partner. Is there a way that instructors can get free access to labs. While I can create an own environment when teaching, it takes time to build and also since I don't have access to the student labs, it becomes difficult to support my students when they are stuck. It doesn't make sense for the organization to buy me a lab every time I am delivering a class.

Hello,

I am wondering if anyone is facing the same issue? CertMaster Labs is not accessible. We have tried to access the lab using different accounts using the office internet, and also from the home internet. The link to the instructor guides is working though.

I have only recently started going through the material for Certmaster N10-009, and already I am getting the feeling that this course may be lacking content that may be useful to students. Just in the first section where it discusses topologies, it does not cover ring and bus topologies, which even though those topologies are relatively old and unused, I feel like they should still be included in the material. On top of that, one of the practice questions uses a logical topology as one of it's answers, which was not covered at all. Is this a consistent theme throughout the course, or am I just off to a bad start? Let me know what you think of the new Certmaster Network+ N10-009.

Fellow Instructors,

I’m curious about how you approach developing and delivering classroom labs, especially when there’s a need to differentiate from the provided CertMaster Labs or similar online lab environments. As we know, hands-on labs are essential for reinforcing concepts and giving students practical experience, but I want to explore ways to avoid redundancy while keeping the content engaging and effective.

Here are some points to consider:

Preferred Lab Environment:
- Do you tend to use physical hardware setups, or do you prefer virtual machines and simulations? In Cisco instruction, for example, Packet Tracer allows us to demonstrate network configurations without needing physical equipment, but what’s your go-to?

Guidebooks or Resources:
- Are there specific guidebooks, manuals, or resources you rely on for inspiration when designing in-classroom labs? I find that instructor guides provided by some vendors can be helpful, but I’m always looking for more diverse options that can complement the CertMaster Labs.

Unique Lab Scenarios:
- How do you ensure the lab scenarios you create are unique and add value beyond what’s covered in CertMaster or other vendor-provided labs? For instance, do you design scenario-based labs that connect multiple topics together, or do you prefer to break down complex tasks into smaller, focused demos?

Balancing Physical and Virtual Components:
- How do you strike the right balance between using physical hardware versus virtual environments like Packet Tracer or VMware? I find that while virtual environments are convenient, physical hardware can sometimes provide a more tactile learning experience. What has worked best for you and your students?

Please feel free to share your strategies, experiences, and any tips for creating in-class labs that are engaging, challenging, and complementary to the existing CertMaster content.

Looking forward to hearing your thoughts!

Prof. Jason C. Rochon, CISSP

Hello everyone. I"m teaching the Network+ N10-009 course. I want to insure that my students have the most effective tools to use for the training. I've purchased the bundle for other courses in the past,, CompTIA A+, Learn, Practice Labs and Voucher. I hear that Perform is a new tool that has other features that may replace Certmaster Learn.

In your estimation, should I stick with the original bundle of Certmaster Learn, Practice, Labs and Voucher or purchase Perform, Practice and Voucher. Again, this is for Network+ N10-009.

Lastly, I want to confirm that when I purchase either of these bundles, there's an instructor or organization access key and student access key for all products. I need to make this purchase immediately.

With Appreciation,

Bobbie

The three CompTIA certifications you mentioned—Data+, DataSys+, and DataX—cater to different levels of expertise and specializations within the data and IT fields:

1. CompTIA Data+: This is an entry-level certification aimed at individuals who want to start their careers in data analysis. It covers foundational skills such as data mining, visualization, governance, and statistical analysis. It's ideal for those seeking roles like data analysts or business analysts, as it focuses on using data to generate actionable insights and reports. Data+ is a good starting point for those new to the field, with about 18-24 months of relevant experience being recommended.
   
   
2. CompTIA DataSys+: This is a more advanced certification focused on data systems management. It covers topics such as database architecture, cloud integration, and data security. DataSys+ is geared towards professionals responsible for managing and securing data storage and processing systems. It's suitable for roles like database administrators, data architects, and IT security specialists, as it requires deeper expertise in managing data infrastructures.
   
   
3. CompTIA DataX: This is an expert-level certification for professionals with at least five years of experience in data science or related fields. DataX is part of the Xpert series and covers advanced concepts in mathematics, machine learning, and specialized data science applications. It targets seasoned professionals who want to validate their expertise in high-level data science operations. This certification is designed to demonstrate a comprehensive understanding of critical data science tools and concepts and is ideal for advanced roles such as data scientists.
   
   
   In summary, Data+ is for foundational data skills, DataSys+ is for managing data systems, and DataX is for expert-level data science skills.

Cloud load balancers distribute traffic across multiple virtual machines (VMs), containers, or servers within the cloud infrastructure. Here are some specific ways cloud load balancing can be deployed:

1. Cloud-Based Load Balancers:​

• Elastic Load Balancer (ELB) in AWS
• Azure Load Balancer in Microsoft Azure
• Google Cloud Load Balancing in Google Cloud
• These services automatically distribute incoming traffic across multiple instances in multiple regions or zones.

2. Global Load Balancing:​

• In cloud environments, load balancers can distribute traffic across multiple data centers or regions. This ensures global availability and low-latency access for users based on their geographic location.

3. Auto-Scaling Integration:​

• Cloud-based load balancers often work hand-in-hand with auto-scaling. As traffic increases, the cloud environment automatically spins up new instances, and the load balancer evenly distributes traffic among these instances.

4. Multi-Cloud and Hybrid Cloud Load Balancing:​

• Some organizations use load balancers that work across multiple cloud environments (multi-cloud) or between on-premises and cloud (hybrid cloud), ensuring seamless traffic distribution across different platforms.

Advantages of Cloud Load Balancers:​

• Scalability: As demand grows, load balancing in the cloud enables you to scale out (add more resources) without manually configuring the infrastructure.
• Flexibility: Cloud load balancers can handle a variety of traffic types (HTTP, HTTPS, TCP, etc.) and can work at both Layer 4 (transport) and Layer 7 (application) levels.
• Cost-Efficiency: Instead of investing in expensive physical load balancers, cloud load balancers are billed on a pay-as-you-go basis, making them more cost-effective.
• Resilience: They offer automatic failover and redundancy across regions or availability zones, enhancing fault tolerance.
• Security: Cloud providers often integrate security features like SSL offloading, DDoS protection, and traffic filtering at the load balancer level.

Common Cloud Load Balancing Use Cases:​

• Web Applications: Ensure smooth performance by distributing traffic across multiple cloud instances.
• Microservices: Manage and balance traffic between various containers or services.
• Global Traffic Management: Serve content from the nearest location to reduce latency for users worldwide.

Cloud Load Balancing Services by Major Providers:​

• AWS Elastic Load Balancing (ELB): Offers Application Load Balancer (Layer 7), Network Load Balancer (Layer 4), and Gateway Load Balancer.
• Azure Load Balancer: Supports both internal and public load balancing and integrates with Azure's global regions.
• Google Cloud Load Balancer: Offers regional and global load balancing, with features like SSL offloading and content-based routing.

Conclusion:​

Load balancing is essential in cloud environments for achieving high performance, redundancy, and scalability. Cloud providers make it easy to deploy and manage load balancers, allowing businesses to handle varying traffic demands efficiently while ensuring service reliability across regions or zones.

Hello community,

What's the difference between passkeys being used for authentication
vs. public-key authentication?

Hello everyone,

I hope you’re all doing well! I wanted to share a recent teaching experience related to SSL/TLS certificate verification and seek your insights on a particular point of confusion that came up in class.

During a session on secure communications, I had my students test the SSL/TLS configuration of a web server using OpenSSL. We used the following command to retrieve and display the certificate details:

openssl s_client -connect 192.168.100.30:443 -showcerts

This command successfully connected to the server and displayed the server’s certificate chain. However, one student asked about the process of verifying whether the certificate is valid and trusted, particularly regarding the role of Certificate Authorities (CAs).

To clarify, I explained that the verification process involves checking several factors, including:

1. Whether the certificate is signed by a trusted CA.
2. The certificate’s expiration date.
3. The certificate's revocation status, often checked through OCSP (Online Certificate Status Protocol).

However, I realized I could provide more depth on how to perform these checks effectively. For example, we can check the certificate expiration date using:

openssl x509 -in certificate.crt -noout -dates

I’d love to hear your suggestions on the following:

1. How can I effectively demonstrate the entire SSL/TLS verification process in class, including checking the certificate’s revocation status?
2. Are there any additional tools or techniques you recommend for teaching about certificate verification and the role of CAs in ensuring secure communications?

Thank you for your insights!

1. Cross-Site Scripting (XSS)​

• If you come across: User input fields (like comments or search bars)
  • Verify for:
    • Reflected XSS: Injecting scripts in the input to see if they are executed in the user's browser.
    • Persistent XSS: Checking if scripts are stored on the server and reflected back to users.
  • Prevention: Implement input validation, output encoding, and Content Security Policy (CSP).

2. Overflow Vulnerabilities​

• If you come across: User input or data handling that may exceed allocated memory
  • Verify for:
    • Buffer Overflow: Sending oversized inputs to trigger memory corruption.
    • Integer Overflow: Providing inputs that exceed maximum integer values.
    • Heap Overflow: Manipulating dynamic memory allocation to corrupt memory.
    • Stack Overflow: Causing the call stack to exceed its limit.
  • Prevention: Use safe coding practices, input validation, and memory management techniques.

3. Data Poisoning​

• If you come across: User-modifiable data inputs
  • Verify for: Manipulating data to affect the application's behavior or outcomes.
  • Prevention: Validate inputs and implement strong data integrity checks.

4. Broken Access Control​

• If you come across: User permissions or roles within the application
  • Verify for: Accessing restricted resources or functions without proper authorization.
  • Prevention: Enforce strict role-based access control (RBAC) and regularly audit access permissions.

5. Cryptographic Failures​

• If you come across: Data stored or transmitted securely (e.g., passwords, personal data)
  • Verify for: Weak encryption algorithms or improper key management.
  • Prevention: Use strong encryption protocols and ensure proper key storage and lifecycle management.

6. Injection Flaws​

• If you come across: Input fields that interact with databases or APIs
  • Verify for:
    • SQL Injection: Manipulating SQL queries through input fields.
    • Command Injection: Executing arbitrary commands on the server.
  • Prevention: Use parameterized queries, prepared statements, and input validation.

7. Cross-Site Request Forgery (CSRF)​

• If you come across: Forms that perform state-changing actions
  • Verify for: Unauthenticated requests being accepted by the application.
  • Prevention: Implement anti-CSRF tokens and validate the origin of requests.

8. Directory Traversal​

• If you come across: File upload or retrieval functions
  • Verify for: Accessing restricted directories using path traversal techniques.
  • Prevention: Validate and sanitize file paths and restrict access to sensitive directories.

9. Insecure Design​

• If you come across: Flaws in the application's architecture
  • Verify for: Design weaknesses that expose the application to various attacks.
  • Prevention: Follow secure design principles and perform threat modeling.

10. Security Misconfiguration​

• If you come across: Default settings in applications or services
  • Verify for: Misconfigured security settings or unused features being enabled.
  • Prevention: Regularly review and harden security configurations, and conduct security audits.

11. End-of-Life or Outdated Components​

• If you come across: Use of libraries or software that are no longer supported
  • Verify for: Known vulnerabilities associated with outdated components.
  • Prevention: Regularly update and patch software components and replace end-of-life software.

12. Identification and Authentication Failures​

• If you come across: Login or authentication mechanisms
  • Verify for: Weak password policies, account enumeration, or failure to implement multi-factor authentication.
  • Prevention: Enforce strong password policies and implement multi-factor authentication.

13. Server-Side Request Forgery (SSRF)​

• If you come across: Applications making backend requests based on user input
  • Verify for: Manipulating requests to access internal services.
  • Prevention: Validate and sanitize user inputs, and restrict server-side requests.

14. Remote Code Execution (RCE)​

• If you come across: User inputs that are executed by the server
  • Verify for: Ability to execute arbitrary code on the server.
  • Prevention: Validate all inputs and use language features to limit code execution.

15. Privilege Escalation​

• If you come across: Role or permissions settings
  • Verify for: Users gaining unauthorized access to higher privilege levels.
  • Prevention: Implement the principle of least privilege and regularly review user roles.

16. Local File Inclusion (LFI) / Remote File Inclusion (RFI)​

• If you come across: File inclusion functionalities
  • Verify for: Ability to include local or remote files that could compromise the application.
  • Prevention: Validate and sanitize file paths and restrict the inclusion of sensitive files.

SHARE WITH US YOUR TIPS

Hi all,

I passed the CompTIA DataSys+ on Thursday. It was a great experience!

Thank you for the great resources and support!

Tracey

Hello,

I was wondering if an Instructor Guide/Student Guide for the DataX certification will be available for purchase in the future?

Thanks!
Tracey

I passed the DataSys+ DS0-001 exam yesterday, thanks to the continuous support and encouragement from CIN and @Stephen Schneiter .

@Stephen Schneiter ,Are the vouchers still be distributed from the Network+ TTT. I still haven't received mine yet. I'm wondering if others are in the same boat?
Thanks in Advance.

CINers have you ever thought of doing a live data migration by using proxmox VE and experience its smooth operations!!

Hi there

Just out of curiosity, is anyone else getting this error message for the PBQ titled, "Core 2 PBQ: Supporting OS/App Installations Performance-based Question"

I've tried contacting CompTIA Customer Care but received the general "clear your cookies and cache" response. A few of my students have also brought this to my attention so I'm wondering if this is affecting all users.

Howdy!

We’re reaching out to hear from people who have taken the unique path of becoming an IT teacher in a U.S. high school. Whether you’re currently teaching or have taught IT in the past, we would greatly appreciate your input. Subjects in grades nine to twelve include computer hardware, networking, IT support, web development, cybersecurity, robotics, and programming.

Please take less than 20 minutes to complete our survey. As a thank you, participants will receive a $20 Amazon gift card!

Your participation will help us better understand the experiences and support needed for IT teachers, contributing to the future of IT education in U.S. high schools.

--> Complete the Survey Here

Feel free to share this survey with any other IT teachers you know - we value every voice!

Thank you,
Kelli Adam, Network+
Texas A&M University

Hi CINers ,
If anybody can help how can I get the instructor teaching aids in Testout Portal
there is only one button for reports in the enrolled Classes and courses > I cant see the other button (teaching aids).

Thank you