Comptia Exams

Jump to latest Follow Reply
Sivanesan

Sivanesan

Well-known member
Jun 4, 2020
48
66
5,361
50
Malaysia
#1
Recently the latest comptia Exams are testing on programming languages reading the output of a code or scripts in few programming languages. In official book or lab we don't have any info about it. For IT students it's easy for them to understand. But for non IT students even corporate people for example accounting or management people is quite hard for them to take up without knowing basic programming. We as trainer also having hard time explain to them when they ask why all this not in book but is tested in exam?

Is future comptia course going to be for IT students only?

My suggestion is add in a module to teach basic programming in our modules. Non IT Students will be able to answer the questions tested in exam.

The output from tools or OS is easy for students bcos they practice in lab and they have it in official book.

Programming languages?
 
  • Like
Reactions: prince ahir, Fanuel, Tess Sluijter and 1 other person
#5
jasoneckert said:
Linux+ also tests shell scripting too.
Click to expand...
Which makes sense, because shell scripting is literally the bread and butter of Unix administration.

Sivanesan said:
CYSA+, Pentest+, and CASP+. Feedback I get from my Cysa students whom also sat for Pentest and CASP.
Click to expand...
This might be suitable for /r/unpopularopinion, but I agree that someone who wants to do pen-testing or security operations and analysis does need to know at least a scripting language and the ability to grasp what a script does. You don't have to be able to write a program, but you'd better understand what it does when you read through it.

Sivanesan said:
My suggestion is add in a module to teach basic programming in our modules. Non IT Students will be able to answer the questions tested in exam.
Click to expand...
Originally I was thrown off by your question, because to me anyone learning for CySA+ or Pentest+ is an IT student. But, I think I understand what you're getting at: you mean students without a prior IT background, right? In that regard, I think you make a good point.

CompTIA could include a prior requirement, suggesting self-study before starting CySA+ or Pentest+. They also have ITF+ which introduces programming to some degree. All in all, ITF+ actually has multiple topics relevant to someone who wants to move to these fields.

Unfortunately, I'm not sure that what I described before, about needing to understand a script or program, can be taught a few small objectives. It's like learning a different language to describe all the concepts you're been learning about so far.

Interesting topic @Sivanesan
 
  • Like
Reactions: Ramaguru Radhakrishnan
#6
You did not see A+. Did introduced a short roundtrip to Powershell, Bash, Windows Batch, know .py and java. Also Variables, Loops, and so on.
That Modul are like 15 slides, but you can spent weeks there with this stuff.
For A+ i think it is overboarding.

Even Certmaster for Cysa let you create some Powershell Commandlets in the PBQ Exercise. I never like that in the the Exams...

Michael
 
#7
I think PowerShell is a great addition to A+ since it's a main management tool for Windows Desktops.
And the control structures are very similar to Bash shell programming on Linux.

But I believe the focus on A+ is not to be an expert programmer, but merely be able to understand (or trace) existing programs to understand what they are doing - this is because most admins will obtain shell/PowerShell/Python scripts from the Web to perform automation, rather than creating them from scratch.

So, taking a reading/tracing approach is well suited for this topic. Perhaps download and modify a PowerShell script and execute it in class. Then allow students to apply that same process to Linux with a Bash shell script or a Raspberry Pi using a Python script on their own time.
 
  • Like
Reactions: Hod Berman and Tess Sluijter
#8
The topic is now in many CompTIA exams, rightfully so, in my opinion, but yet still on a high level. I also would like to see more SQL snippets though. Maybe there will be some in the Data+ materials.

Years ago wasn't necessary, however, in today's world of DevOps, DevSecOps, Cloud, VR, EverythingOps, Web, mobile etc, it makes sense to me to introduce the concepts of scripting/programming and file extensions starting in A+. Just to get a taste of what is out there and what is to come in the higher certs. This is 2022! and kids at a very young age are beginning to learn to program.
 
  • Like
Reactions: ibrahimm, Tess Sluijter and Jill West
#9
Sivanesan said:
Recently the latest comptia Exams are testing on programming languages reading the output of a code or scripts in few programming languages. In official book or lab we don't have any info about it. For IT students it's easy for them to understand. But for non IT students even corporate people for example accounting or management people is quite hard for them to take up without knowing basic programming. We as trainer also having hard time explain to them when they ask why all this not in book but is tested in exam?

Is future comptia course going to be for IT students only?

My suggestion is add in a module to teach basic programming in our modules. Non IT Students will be able to answer the questions tested in exam.

The output from tools or OS is easy for students bcos they practice in lab and they have it in official book.

Programming languages?
Click to expand...
Well, this is one of those situations where some additional knowledge and study, beyond the scope of the exam is necessary.

Without getting too soapbox-y, a certification test isn't exactly for a closed set of objectives, but rather, more of an open set of experience and knowledge in a particular area. The objectives talk about what's going to be on the exam, sure, but those objectives may require knowledge that is outside the exam. Most of the time, it's pre-req. But it can be to the side as well.

Here's an extreme example.

The tests are generally in English (there are other languages, but run with me on this). The exam objectives don't teach you English - you need that going into the test. You need to know at least a little math to do subnetting calculations. And so on...

So I'd say programming essentials are key to those higher exams. And for someone in a straight management position, or accounting, etc - they'll have a harder time cross-classing (a D&D term!) into writing an IT exam, particularly ones like CySA+ and PenTest+.

I have a daughter who is a hardcore Python and C# programmer. She still doesn't get subnetting - and I've tried to teach her a few times. But she wants to sit for Security+ at some point, and having not taken Net+, she's gonna struggle a fair bit. But when she gets to any place with scripting or programming, she's liable to overthink.

It might just be one of those things where you gotta bite the bullet and read a "Dummies" book, watch a few YouTube videos, and fill in some of that side knowledge. And if you're not sure which to learn, I'd start with Python. And if they still don't get the concept of programming, an old favorite for me is KAREL. https://compedu.stanford.edu/karel-reader/docs/python/en/chapter1.html

/r
 
  • Like
Reactions: ibrahimm, Manoj Kashyap and Tess Sluijter
#11
Rick Butler said:
Well, this is one of those situations where some additional knowledge and study, beyond the scope of the exam is necessary.

Without getting too soapbox-y, a certification test isn't exactly for a closed set of objectives, but rather, more of an open set of experience and knowledge in a particular area. The objectives talk about what's going to be on the exam, sure, but those objectives may require knowledge that is outside the exam. Most of the time, it's pre-req. But it can be to the side as well.

Here's an extreme example.

The tests are generally in English (there are other languages, but run with me on this). The exam objectives don't teach you English - you need that going into the test. You need to know at least a little math to do subnetting calculations. And so on...

So I'd say programming essentials are key to those higher exams. And for someone in a straight management position, or accounting, etc - they'll have a harder time cross-classing (a D&D term!) into writing an IT exam, particularly ones like CySA+ and PenTest+.

I have a daughter who is a hardcore Python and C# programmer. She still doesn't get subnetting - and I've tried to teach her a few times. But she wants to sit for Security+ at some point, and having not taken Net+, she's gonna struggle a fair bit. But when she gets to any place with scripting or programming, she's liable to overthink.

It might just be one of those things where you gotta bite the bullet and read a "Dummies" book, watch a few YouTube videos, and fill in some of that side knowledge. And if you're not sure which to learn, I'd start with Python. And if they still don't get the concept of programming, an old favorite for me is KAREL. https://compedu.stanford.edu/karel-reader/docs/python/en/chapter1.html

/r
Click to expand...
Prerequisites for Cysa, pentest and casp must have programming knowledge.
Will start highlighting this in my classes.
Don't want them get shocked looking at programming output in exams. Hope the modules in future can give some insight on basic programmings like phyton.
Thank you Mr Rick.
 
  • Like
Reactions: Tess Sluijter
#12
Sivanesan said:
Prerequisites for Cysa, pentest and casp must have programming knowledge.
Will start highlighting this in my classes.
Don't want them get shocked looking at programming output in exams. Hope the modules in future can give some insight on basic programmings like phyton.
Thank you Mr Rick.
Click to expand...
The Stanford site I referenced is actually kind of nice because it does a basic primer into the concepts of programming, and they set it up as an entry point into python. And KAREL is something that someone can learn in the weekend.

/r
 
#13
Sivanesan said:
Prerequisites for Cysa, pentest and casp must have programming knowledge.
Click to expand...
I've checked the objectives documents for both CySA+ and Pentest+.

I agree with you that these should perhaps be updated to include a statement that applicants are expected to have prior knowledge or experience with a programming or scripting language.

On the other hand, both objectives documents do state an expectation of experience.
For CySA+:
It is recommended for CompTIA CySA+ certification candidates to have the following:
* 3-4 years of hands-on information security,
* or related experience • Network+, Security+, or equivalent knowledge
Click to expand...

And for Pentest+:
* Perform vulnerability scanning and penetration testing using appropriate tools and techniques, and then analyze the results
* Produce a written report containing proposed remediation techniques, effectively communicate results to the management team, and provide practical recommendations

This is equivalent to three to four years of hands-on experience working in a security consultant or penetration tester job role.
Click to expand...

As Rick mentioned: CompTIA exams claim to test for X years of actual, hands-on experience. It is not realistic to expect someone to work 2-4 years in this field without building any experience in scripting. For both a pentester and a security analyst role, it's implicit that someone in that role has this experience.

In your first post, @Sivanesan wrote:
My suggestion is add in a module to teach basic programming in our modules. Non IT Students will be able to answer the questions tested in exam.
Click to expand...
I think this will sound like I'm gatekeeping, but I feel students who are coming from a non-IT background, who want to become a SOC analyst or a pen-tester should not start their education, aiming for an exam that tests for multiple years of work experience.

I feel that CySA+ and Pentest+ are not the right place to start for someone in this position.
 
  • Like
Reactions: Hod Berman, ibrahimm and Gregory Childers
#14
To tell the truth the initial conversation from @Sivanesan is about adding the programming language in necessary certifications , but the question is many corporate and few nood students may get programming questions which is not present in book,

But you need to ACCEPT THE TRUTH with out programming language no one should enter to this subjects it's like pre-requisite, atleast they need to know syntax, with zero knowledge in programming or scripting and going certifications will not be good.
 
  • Like
Reactions: Hod Berman
#15
Too often, students sign up for classes without the recommended prerequisites. I've had people with zero IT experience or training sign up for CySA+ and PenTest+ and then crash and burn because they don't understand any of the fundamentals. The recommended experience is Network+, Security+ or the equivalent knowledge. Minimum 3-4 years of hands on security or related experience. It is completely reasonable to expect someone to have some rudimentary knowledge of scripting/programming at that level. They don't need to be developers, but a basic understanding so they can read code is required.

They literally mention these things in the exam outlines. The 5th Domain of PenTest+ is Tools and Code Analysis.

The problem is too many people want to take the easiest path. Complete novices who skip ITF+, A+, Net+, and Sec+ who are completely shocked to find out they have to have some actual experience before diving into CySA+, PenTest+, and CASP+. People don't want to do the work any more.
 
Last edited:
  • Like
Reactions: maykin and Manoj Kashyap
#17
There is the Practical world and the Course world. I, personally believe A+ has already to much content for the 10 Days. Earlier Versions did make more fun to teach. So, in my opinion, understanding Scripting in foiur different languages to be done in A+ is not useful. Maybe in a High School, with two years time, but not in a Commercial Training with Customers paying. They might understand it, why it is there and what you need to know. And some have th Expierence.
Same with Sec+: Indroduction in Secure Software Development in 10 Slides and less. Other Vendors have a 5 Days Course for that to teach. Its scratching the Surface.
I would really happy, if that would fall out (A+ and Scripting). But in recent Years, each Version got more Content packed into the same time frame (not much drops out) and the Trainer can think of how to handle that. But from the Answers here, i might be the only one thinking like that.

Michael
 
#19
Sivanesan said:
CYSA+, Pentest+, and CASP+. Feedback I get from my Cysa students whom also sat for Pentest and CASP.
Click to expand...
jasoneckert said:
Linux+ also tests shell scripting too.
Click to expand...

All these aforementioned certifications does require some level of scripting, but I do not think that the students need to be programmers. These certifications are not for those who are very new in IT - such cohort might need to start with A+, or network+ and security+.

A+ introduces the students to various scripting tools and/or programming languages. It is introduced in Core2 (220-1002) > 4.8 Identify the basics of scripting. It is with this regard that I am not surprised that scripting is present in higher certifications.

For example, CySA+ recommended experience is: Network+, Security+ or equivalent knowledge. Minimum of 4 years of hands-on information security or related experience. Reference: https://www.comptia.org/certifications/cybersecurity-analyst

Linux+ is expected to have scripting. It is stated in the website, and I quote, "Execute basic BASH scripts, version control using Git, and orchestration processes". Reference: https://www.comptia.org/certifications/linux

Surprisingly, Pentest+ actually states in the website, and I quote, "It is important to note that no scripting and coding is required." However, in class, we encourage our students to learn Linux+ first before going to Pentest+. Reference: https://www.comptia.org/certifications/pentest
 
#20
Tess Sluijter said:
This, I don't necessarily stand behind. There's also the matter of training and certification vendors over-selling these tracks as the golden path to better income.
Click to expand...
Speaking of over-selling, this is straight from CompTIA's marketing blurb about Project+.

Earning CompTIA Project+ gives you an equivalent of at least 6 to 12 months of hands-on experience managing projects in an IT environment.
Click to expand...
Uh, no. Passing Project+ or any other exam does not give hands-on experience, or the equiv thereof. It may test for it...
 
You must log in or register to reply here.
Top Bottom
Back
Jump to latest Follow Reply
Jump to latest Follow Reply
Home
Media
Resources
Menu