Knowing NIST

Mitch Garvis · Aug 15, 2025

I have a couple of students who are telling me that on a practice exam they were asked to identify a particular NIST publication. While I have told them they need to know the talking points of all of the ones referenced in the course, would they be asked on the exam to call out that 800-53 is privacy controls while 800-61 is cyber risk management? I do not remember a question like that... although I think another exam I sat had them.

Thanks in advance!

Gregory Childers · Aug 15, 2025

To my knowledge, CompTIA has never asked questions about specific NIST special publications or ISO standards.

CISM and CISSP do ask those types of questions.

Mitch Garvis · Aug 15, 2025

Gregory Childers said:
To my knowledge, CompTIA has never asked questions about specific NIST special publications or ISO standards.

CISM and CISSP do ask those types of questions.

That is exactly the answer that I gave, but I told the class that I would check with people who were smarter than I am to be sure. Thanks @Gregory Childers !

Mark Anthony Germanos · Aug 16, 2025

Gregory Childers said:
To my knowledge, CompTIA has never asked questions about specific NIST special publications or ISO standards.

CISM and CISSP do ask those types of questions.

Prominent in my SecurityX notes. Sitting that test Thursday next week.

precious · Aug 17, 2025

Mark Anthony Germanos said:
Prominent in my SecurityX notes. Sitting that test Thursday next week.

All the best. Congrats in advance

Rick Butler · Aug 18, 2025

Mitch Garvis said:
I have a couple of students who are telling me that on a practice exam they were asked to identify a particular NIST publication. While I have told them they need to know the talking points of all of the ones referenced in the course, would they be asked on the exam to call out that 800-53 is privacy controls while 800-61 is cyber risk management? I do not remember a question like that... although I think another exam I sat had them.

Thanks in advance!

I seem to remember a couple questions that had the NIST publications identified in the answers. Can't give you a lot of details, since it's been a little while and I've had my head down on so many other things as of late. However, knowing the relevant NIST certs, to me, is a good thing always.

Mark Anthony Germanos · Saturday at 5:19 PM

For starters, I passed SecurityX on Thursday. Slightly more miserable than PenTest+ a few years back.

NIST was not on the test. However, this was the first time I have ever seen DKIM/SPF on a test.

145 minutes with no bathroom break. Not sure how long CompTIA can sustain that policy.

baylis · 2025-08-24T06:35:09-0500

Mark Anthony Germanos said:
For starters, I passed SecurityX on Thursday. Slightly more miserable than PenTest+ a few years back.

NIST was not on the test. However, this was the first time I have ever seen DKIM/SPF on a test.

145 minutes with no bathroom break. Not sure how long CompTIA can sustain that policy.

Once you do CISSP\ISSAP\CISM\CRISC \GSEC , you'll realize its industry norm. Its a long exam . You can take a bathroom break but the clock will run

Gregory Childers · 2025-08-24T06:48:24-0500

Mark Anthony Germanos said:
For starters, I passed SecurityX on Thursday. Slightly more miserable than PenTest+ a few years back.

NIST was not on the test. However, this was the first time I have ever seen DKIM/SPF on a test.

145 minutes with no bathroom break. Not sure how long CompTIA can sustain that policy.

I was done in an hour. I've never needed a break during an exam. If I have to go, I go before the exam.

Michael Schmitz · 2025-08-24T08:50:51-0500

Mark Anthony Germanos said:
For starters, I passed SecurityX on Thursday. Slightly more miserable than PenTest+ a few years back.

NIST was not on the test. However, this was the first time I have ever seen DKIM/SPF on a test.

145 minutes with no bathroom break. Not sure how long CompTIA can sustain that policy.

I`ve seen DKIM/SPF in questions. I believe even with CompTIA before

You should read the Rules again for CompTIA Exams. You are allowed to take a break when ever u want when asking the Testcenter Admin. As Gregory said, you time runs.. There are no scheduled Breaks..

EC Council Master: 6h, and you are not allowed to take a break..

Gregory Childers · 2025-08-24T12:00:41-0500

Michael Schmitz said:
I`ve seen DKIM/SPF in questions. I believe even with CompTIA before

You should read the Rules again for CompTIA Exams. You are allowed to take a break when ever u want when asking the Testcenter Admin. As Gregory said, you time runs.. There are no scheduled Breaks..

EC Council Master: 6h, and you are not allowed to take a break..

EC-Council has fallen out of favor in the industry. It's overpriced, the certs don't provide a lot of value, and the leaders have been found guilty of both plagiarism and sexism. If the DoD dropped them from the 8140 list, they would completely drop off the radar.

TechTrainer11 · 2025-08-25T03:52:31-0500

Gregory Childers said:
EC-Council has fallen out of favor in the industry. It's overpriced, the certs don't provide a lot of value, and the leaders have been found guilty of both plagiarism and sexism. If the DoD dropped them from the 8140 list, they would completely drop off the radar.

TechTrainer11 · 2025-08-25T03:55:21-0500

I am looking at EC Council Certified Network Defender (CND) what puts me off is the amount of material your expected to deliver over a short period of time

Search

Search

Knowing NIST

Mitch Garvis

Active member

Gregory Childers

Well-known member

Mitch Garvis

Active member

Mark Anthony Germanos

Well-known member

precious

Well-known member

Rick Butler

Well-known member

Mark Anthony Germanos

Well-known member

baylis

Active member

Gregory Childers

Well-known member

Michael Schmitz

Well-known member

Gregory Childers

Well-known member

TechTrainer11

Well-known member

TechTrainer11

Well-known member