(Part 3) Best software certification guides according to redditors
We found 2,882 Reddit comments discussing the best software certification guides. We ranked the 675 resulting products by number of redditors who mentioned them. Here are the products ranked 41-60. You can also go back to the previous section.
53. CompTIA CySA+ Cybersecurity Analyst Certification All-in-One Exam Guide (Exam CS0-001)
7 mentions
In my opinion; every book in this bundle is a bag of shit.
Here's a list of reputable books, again in my opinion (All links are Non-Affiliate Links):
Web Hacking:
The Web Hackers Handbook (Link)
Infrastructure:
Network Security Assessment (Link)
Please Note: The examples in the book are dated (even though it's been updated to v3), but this book is the best for learning Infrastructure Testing Methodology.
General:
Hacking: The Art of Exploitation (Link)
Grey Hat Hacking (Link)
Linux:
Hacking Exposed: Linux (I don't have a link to a specific book as there are many editions / revisions for this book. Please read the reviews for the edition you want to purchase)
Metasploit:
I recommend the online course "Metaspliot Unleashed" (Link) as opposed to buying the book (Link).
Nmap:
The man pages. The book (Link) is a great reference and looks great on the bookshelf. The reality is, using Nmap is like baking a cake. There are too many variables involved in running the perfect portscan, every environment is different and as such will require tweaking to run efficiently.
Malware Analysis:
Practical Malware Analysis (Link)
The book is old, but the methodology is rock solid.
Programming / Scripting:
Python: Automate the Boring Stuff (Link)
Hope that helps.
I'm the manager of application security and research at a mid-level software vendor with over 400 developers and testers and I want to recommend you ignore all of the more generic advice currently in this thread. As someone with coding experience and interest, you have a unique path to infosec that so many companies want, but find it extremely difficult to hire for.
Any company that ships software has to consider the security of their application - full stop. Most rely on scanners or annual third-party vulnerability assessments for this, but obviously that falls short. They need people who can build security in from an architectural standpoint. Someone who can actually implement the fixes suggested by the above methods, and ideally, someone who can help implement security as an integral part of the SDLC instead of as a bolt-on premise.
My recommendation is to make your way through 24 Deadly Sins of Software Security and The Web Application Hacker's Handbook. If you can understand the bulk of concepts in these two books, you'll be leagues ahead of almost any developer you find yourself up against in a hiring scenario. For the coup de gras, learn about threat modeling. It's a great way to teach other developers and testers security and to build security into any system during design instead of post-release. Check out this book which is actually probably a little too comprehensive, use this card game from Microsoft (it seems silly, but I promise you it works), and watch this talk one of the guys on my team gave at BSides Cincinnati.
If you have any questions, PM me.
Here is a "curriculum" of sorts I would suggest, as it's fairly close to how I learned:
Generally you'll probably want to look into IA-32 and the best starting point is the Intel Architecture manual itself, the .pdf can be found here (pdf link).
Because of the depth of that .pdf I would suggest using it mainly as a reference guide while studying "Computer Systems: A Programmers Perspective" and "Secrets of Reverse Engineering".
Of course if you just want to do "pentesting/vuln assessment" in which you rely more on toolsets (for example, Nmap>Nessus>Metasploit) structured around a methodology/framework than you may want to look into one of the PACKT books on Kali or backtrack, get familiar with the tools you will use such as Nmap and Wireshark, and learn basic Networking (a simple CompTIA Networking+ book will be a good enough start). I personally did not go this route nor would I recommend it as it generally shys away from the foundations and seems to me to be settling for becoming comfortable with tools that abstract you from the real "meat" of exploitation and all the things that make NetSec great, fun and challenging in the first place. But everyone is different and it's really more of a personal choice. (By the way, I'm not suggesting this is "lame" or anything, it was just not for me.)
*edited a name out
I would first establish a list of expected responsibilities as an Accidental DBA with your supervisor. Do they have a CSO or other security-minded employees who have login policies in place already, or does that fall to you? Does your company design and deploy its own databases often? If so, who will be in charge of that design? Will it be you, a database developer, or someone else?
When you establish a list of responsibilities an expectations, you can then make a plan of action to learn about each of these topics. It takes an ocean of knowledge and responsibility and helps you narrow it down and focus on the fundamentals of what you will be doing day to day.
That being said, here are some resources you might consider using:
In addition to all of these recommendations, give priority to your Disaster Recovery and High Availability plan. It's not a matter of "if", it's a matter of "when". A well-designed Disaster Recovery plan will let you sleep at night, and performing "fire drills" using these plans will make it second nature when you end up having problems later.
​
Database Administration is a brother/sisterhood. If you have any questions, engage the community or feel free to send me a PM.
For all 3 exams, I followed the same order of study materials. I would first read a book that covered the whole exam. Next, I would watch a video series about the exam(I would read a book and watch videos at the same time). I then would go through the exam objectives and look up anything else I didn't learn from the books or the video series. Lastly, I would some practice exams to practice test questions (look up any terms you don't know in any questions).
|Exam|Step 1: Read a Book|Step 2: Watch a video series|Step 3: Go over exam objectives|Step 4: Practice tests|
:--|:--|:--|:--|:--|
|Network+|https://www.amazon.com/gp/product/1260122387/ref=ppx_yo_dt_b_asin_title_o02_s00?ie=UTF8&psc=1|https://www.professormesser.com/network-plus/n10-007/n10-007-training-course/|https://certnet.de/wp-content/uploads/2017/08/Network-N10-007-Exam-Objectives.pdf|Didn't actually use any practice tests for net+ but would recommend|
|Security+|https://www.amazon.com/gp/product/1260019322/ref=ppx_yo_dt_b_asin_title_o02_s00?ie=UTF8&psc=1|https://www.udemy.com/comptia-security-certification-sy0-501-the-total-course/|https://www.comptia.jp/pdf/Security%2B%20SY0-501%20Exam%20Objectives.pdf|https://www.udemy.com/comptia-security-practice-exams/|
|CySA+|https://www.amazon.com/gp/product/126001181X/ref=ppx_yo_dt_b_asin_title_o00_s01?ie=UTF8&psc=1|https://www.udemy.com/comptiacsaplus/|https://www.comptia.jp/pdf/comptia-cybersecurity-analyst-(cs0-001).pdf|https://www.udemy.com/comptiacsa/|
https://www.amazon.com/Deadly-Sins-Software-Security-Programming/dp/0071626751
https://www.amazon.com/Writing-Secure-Code-Strategies-Applications/dp/0735617228
I'd stick with Server 2012 given the amount of materials out there and the fact that companies take awhile to jump to the next server OS. Get your MCSA 2012, then when good materials hit down the road just take the upgrade exams to be MCSA/MCSE 2016.
As for training, I'd check out video training at: CBTnuggets and PluralSight.
For books I'd go with: Mastering Server 2012 R2: https://www.amazon.com/Mastering-Windows-Server-2012-R2/dp/1118289420/ref=sr_1_sc_1?ie=UTF8&qid=1479126961&sr=8-1-spell&keywords=masterinng+server+2012
and MCSA complete study guide: https://www.amazon.com/Windows-Server-Complete-Study-Guide/dp/111885991X/ref=sr_1_1?ie=UTF8&qid=1479126991&sr=8-1&keywords=MCSA+2012
>I know I likely won't do well in the event, however, I want to challenge and provide myself a goal
Why not? You'll just have to study like hell.
PM if needed
Depending on your level of knowledge:
Networking
Brocade IP Primer I haven't read it myself, but some guys around these parts that I have a lot of respect for recommend it highly for beginners.
CCENT Offical Cert Guide Good next step after above and gets you the CCENT cert which is half the ccna if you pass the test.
CCNA Official Cert Guide Next step after CCENT, gets you CCNA obviously if you pass the test.
If you need to know some basic wireless, I highly recommend the CWTS by CWNP. It is meant more as marketing/sales, but honestly its a really good entry into wifi. You can always follow it up with the CWNA after.
And an always favorite, the network warrior. This book really brings it all together for doing day-to-day networking for a ccna level. I haven't read all of it, but the majority I did read really clarified what I the CCNA brushed over.
As far as Microsoft and other tech's, I highly recommend getting your hands on CBT Nuggets (Yeah, its a bit expensive ~$1000 / year) and just start devouring as much as you can. Watch two or three shows a night? Sub one of them for a CBT nuggets vid. Just devour a few books and some vids and do your best to lab (either in vmware or with gear) and you'll be off to a really great start.
On a political level at work, I'd be fighting for some training (again cbtnuggets or the like) saying, hey tech is always moving forward and you need it to keep up and benefit the company. If you stay hungry you'll do just fine :)
Just go with the odom books. That's what I used for the icnd 1 and 2.
http://amzn.com/1587143852 icnd 1
http://amzn.com/1587143739 icnd 2
http://amzn.com/1587143879 Comprehensive kit
(Includes "The New Edition of the Best-Selling two-book value priced CCNA Official Cert Guide Library includes Updated Content, New Exercises, 8 Practice Exams, and 150 Minutes of Video Training -- PLUS the CCENT and CCNA Network Simulator Lite Editions with 26 Free Network Simulator Labs." my recommendation)
Read them while constantly asking yourself, "Do I understand this?." Most people complain the books are dry but that wasn't the case for me. I was too busy making sure I comprehended everything, if not, I'd jump on google for clarification. I'd also recommend lammle but I don't think he made a book yet for the new revision of the ccna. odom and cbt + labs should be enough.
If you've looked into it online, you know it's not the easiest subject to just explain in a comment. If you're learning subnetting, you may as well take the ICND1 exam and get CCENT certified.
Chapter 12 of Book 1 in this set honestly did the best job of any resource I found.
In a nutshell, focus on the binary math - it's longer and more tedious, but helps get the point of it across. Once you have that down, learn how to convert back to dotted decimal very quickly. There are tricks that you'll learn, like subtracting the value of the subnetted octet of the mask from 256 to quickly figure out subnet size and range (for example, 256 - 192 = 64, subnet has 64 addresses - 2 = 62 valid addresses, network addresses at .0, .64, .128, and .192 in that octet). Expect to need or use multiple sources to ensure you have it down. Be sure that you can do Class A and B addresses as easily as you can Class C.
Use http://www.subnettingquestions.com/ to practice until you're able to do the questions in about 10 seconds. You can consider yourself able to subnet at that point. Good luck, feel free to PM me with any specific questions you have.
here is my 2c
it is crucial that you understand subnet masking as it's like 70% of ipv4 networking and unfortunately the first thing you need to wrap your brain around as you will be working with VLSM in most networking labs/scenarios. download this pdf and just start plugging along..
Sormcontrol.net is a nice online tool to help with learning subnets.
once you finish that workbook and feel comfortable with variable length subnets, start working on these problems in your spare time and at your own pace. your goal should be to solve any single subnetting problem within 30 seconds.
now that you understand a bit of subnetting, you need to begin learning the OSI-model, focus mainly on the layers 1 (sending bits across a medium), 2 (mac address switching) ,3 (ip routing), and 4 (tcp, udp, and icmp ports). here are two of my favorite beginners books to networking.
Microsoft Windows Networking Essentials, &
Cisco Introduction to Networks V6
Once you've read those books you should be ready to learn routing and switching. Focus your attention here to static routing, dhcp, nat, basic ACLs, and to understanding switchports and vlan related things like trunking and routing on a stick.
Next book you want to read is going to be on dynamic routing and scaling networks for large environments.This is where you delve into dynamic routing protocols (RIP, EIGRP, OSPF) and redundancy/failover protocols such as spanning-tree, etherchannel, and HSRP.
This is a nice book to read along the way and to sort of tie all of the knowledge you've learned so far together into short succinct chapters.
Download GNS3 or Packet Tracer if you want to simulate networks and labs at your desktop. You can learn a lot about the concepts and protocols presented in the books by searching on youtube things like "GNS3 dhcp" or "Packet Tracer dhcp".
I don't know about CBT nuggets, but just focus on what I've linked you and if you are going to follow anything online, the topic of routing and switching is the way to go as it is fundamental. Study like you are trying to pass the CCENT exam and then study for the CCNA exam.
I'd highly recommend that all programmers read the book 24 Sins of Software Security. It goes over all of this stuff, but in more detail and with examples.
First things first. Learn to google. it will be invaluable to your security career.
Secondly, try these links:
And there are plenty more out there.
IT security is about learning what the industry is doing. Staying fluid is key. keeping upto date it the most important part of it.
It depends a little on what you are looking for . . . Some time back, LPL recommended this:
https://www.amazon.com/High-Security-Mechanical-Locks-Encyclopedic-Reference/dp/0750684372
I worked in hospitality for almost 7 years, I've always been "good" with computers as far as trouble shooting goes (making sure connections are seated, power cycling, diagnosing small networking or connection problems) but I had lost my job and my husband suggested I get into the technology field. I did have a general interest in technology and gadgets, stuff like that, so I looked into CompTIA. I had NO formal experience with working with computers but I dedicated myself to "mastering" a chapter a day, and if I didn't I'd continue with it the next day. My studying looked a bit like this:
Materials Used:
CompTIA A+ Exam Cram
Throughout the chapter there are practice quizzes, I would read until I came to the quiz and take it, if I passed (answered 80% of the quiz questions right) I'd keep reading, if not I'd re-read the previous info and taking note of the things that I missed.
The book also comes with a practice exam (and an exam coupon!) and let's say my chapter had two quizzes and a total of 20 questions, you can set the parameters of the practice exam to ask a certain number of questions, so I'd put 20 and take the exam without referencing the book. If I passed I'd move onto the next chapter. I'd keep adding the number of exam questions as I took the quizzes in the study book.
Professor Messer exam videos
These are extremely through and up to date, I would hug this man if I could. Along with reading a chapter a day I'd watch at least 10 of his videos a day. For the most part this method followed along at the same pace as the info I was reading in the books.
Get an older computer from somewhere, this was a great resource that I used to take apart and actually examine the actual parts of the computer being reference in my studies. I would take apart all the components, label them, and put them back together. (Then strip the labels off and do this again.)
Also trying to help out where you can, if feasible, at your current job or talking to other professionals that you work with. You can do this.
With the way I studied I was confident enough after three and a half months to take the exam. Took and passed both on the same day and got an entry level job three months after that. Don't be afraid to start from the bottom, I've been in my position for almost a year and (clearly) I learn something new everyday.
-On mobile so there may be errors
> I have my A+ cert
>
>they recommended a segmented network. and I had to google what that even was.
>
>I am the "IT Guy" The previous "IT Guy" got me this job
You need to start reading cbks right now in all your free time. Even if you don't take the cert exams for the cbks below, it is knowledge you need to know asap.
​
I suggest these (in order):
​
https://www.amazon.com/CompTIA-Network-Certification-Seventh-N10-007/dp/1260122387/ref=sr_1_3
https://www.amazon.com/CompTIA-Server-Certification-Guide-SK0-004/dp/125983803X/ref=sr_1_1
https://www.amazon.com/Windows-Server-Complete-Study-Guide/dp/111885991X/ref=sr_1_4
https://www.amazon.com/Windows-PowerShell-Cookbook-Scripting-Microsofts/dp/1449320686/ref=pd_sbs_14_5/143-0552349-3403540
https://www.amazon.com/Windows-Server-Complete-Study-Guide/dp/1119359147/ref=sr_1_3
https://www.amazon.com/CompTIA-Security-Guide-Fifth-SY0-501/dp/1260019322/ref=sr_1_4
https://www.amazon.com/Certified-Information-Security-Professional-Official/dp/1119042712
One more point, we are now involved in the Sybex series of study guides (SSCP and CISSP right now). These are more akin to our standards.
CISSP Study Guide
SSCP Study Guide
https://www.amazon.com/CompTIA-CySA-Study-Guide-CS0-001/dp/1119348978/ref=sr_1_1?ie=UTF8&qid=1519675757&sr=8-1&keywords=CSA%2B
https://www.amazon.com/CompTIA-Cybersecurity-Analyst-Guide-Certification/dp/0789756951/ref=sr_1_2?ie=UTF8&qid=1519675757&sr=8-2&keywords=CSA%2B
I passed CySA+ using This book and This video course.
Security+ has a bit of overlap, especially if you took the 501. Focus well on the information about regulations, chain of custody, and forensic processes.
Other books I can recommend from O'Reilly are JunOS Enterprise Routing, JunOS Enterprise Switching, and Juniper SRX Series. I bought them all as epubs when O'Reilly was still selling them directly and I have found them very useful for my day to day work with Juniper gear.
I learned Cisco first and then branched out into other vendors later. It has worked very well for me, but I see no reason why you can't start with Juniper first. The more I learn about Juniper the more I fall in love with their gear. Get yourself an SRX-100, a book, and just go to town.
learn about network security this book is a nice start imo:
https://www.amazon.com/Cisco-ASA-All-one-Next-Generation/dp/1587143070
These two books for the ICND 1
https://www.amazon.co.uk/CCENT-CCNA-100-105-Official-Guide-x/dp/1587205807/ref=sr_1_1?ie=UTF8&qid=1483461592&sr=8-1&keywords=icnd+1
https://www.amazon.co.uk/CCENT-ICND1-Study-Guide-100-105-ebook/dp/B01I5WZ6L2/ref=sr_1_2?ie=UTF8&qid=1483461592&sr=8-2&keywords=icnd+1
These two books for the ICND 2:
https://www.amazon.co.uk/Routing-Switching-ICND2-200-105-Official-x/dp/1587205793/ref=sr_1_1?ie=UTF8&qid=1483461669&sr=8-1&keywords=icnd+2
https://www.amazon.co.uk/CCNA-ICND2-Study-Guide-200-105/dp/1119290988/ref=tmm_pap_swatch_0?_encoding=UTF8&qid=&sr=
A+ Resources Computing...
Mike Meyers: All In One
Exam Cram
A+ Complete Study Guide
...Popular Books Terminated
Videos Compressing...
Professor Messer's A+ Videos Free
Anthony Harries A+ Series Free
Mike Meyer's A+ Video Series Paid
...Decompressing
A+ Practice Exams Initialized.....
Professer Messer's Pop Quizes Free
Crucial Exams Free
ExamCompass Free
[Exam Cram Practice Questions Paid](https://www.amazon.com/CompTIA-220-901-220-902-Practice-Questions/dp/0789756307/ref=sr_1_2?ie=UTF8&qid=1484881100&sr=8- 2&keywords=a%2B+901+and+902&refinements=p_72%3A2661618011)
....End Transmission
Simmy-Turner activated(sims)....
GTS Labs Paid
Mike Meyers Lab Book Paid
Testout A+ Paid
Prof. Hammonds Free
....End Transmission
Community Driven Content(all free)......
Zac Wilsons A+ Study App
Gemini88mill Advice
Deathrus's Study Habits
DrawMonster's Study Methods
...The Community thanks you!
I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.
The TCP/IP Guide - It's a little dated these days and barely touches IPv6, but it's a good, quick look at a lot of the glue services that you will eventually need to understand and troubleshoot: DNS, SNMP, NTP, etc.
TCP/IP Illustrated, VOL 1 - Here's where we get into the nitty gritty. This shows you what is happening in those packets that cross the wire. Invaluable if you go onto doing Performance Engineering functions later on, but still good.
NMAP Network Scanning - NMAP is a godsend if you don't have remote login rights but you need to see what's happening on the far end of the connection.
Wireshark Network Analysis - Most useful tool in your toolbox, IF you can use it, for proving the negative to your customers. At some point you're going to be faced with an angry mob in Dockers and Polos who want to know "WHY MY THING NOT WORK?". This is the book that will let you point to their box and go "Well, as soon as the far side sends a SYN/ACK your box sends a FIN and kills the connection."
Learning the bash shell - You're a network engineer, you're going to be using Linux boxes as jump boxes for the rest of your life. Shell scripting will let you write up handy little tools to make your life easier. Boss wants to blackhole China at the edge? Write a quick script to pull all of the CN netblocks from the free FTP server APNIC owns, chop it up in sed and AWK, throw a little regex in for seasoning and you're done. And when he comes back in 30 days for an updated list? Boom, it's done even faster.
The vendor specific books are nice, but I can't tell you how many network engineers I've run across who couldn't tell me how DNS worked or how a three way handshake worked or couldn't write a simple script in Bash to bang out 300 port configs in 30 seconds. There are a shit ton of paper CCIEs out there, but those books up there will make you stand out.
It's a good book, it's also setup around the 10 domains, pre 2015 test. You should also get something newer Cybex book
http://www.amazon.com/Certified-Information-Security-Professional-Official/dp/1119042712
Also, check out the free training course at cybrary.it, it's very good.
The CISSP is the gold standard for cyber security certifications. To qualify for the full cert, you need 5 years of experience in at least two distinct areas of the field. Otherwise, passing the test grants you "associate" certification.
The guys that I work with (who have 10 years in the field) took a two week bootcamp and then studied nonstop for a month before they took the test- they took a week off of work at the end to do nothing but study. They said it's the most challenging certification they have had to take. in the field.
It is NOT something that you can take a 5 day bootcamp and breeze through with no experience at all. The study guide is more than 1000 pages long.
There are a wealth of places you can get started. But if you're starting out with the goal of passing the CISSP right away with no prior experience, you're going to be drinking out of a firehose of information. Be ready for that.
Exam 70-761 Querying Data with Transact-SQL by Itzik Ben-Gan
https://www.amazon.com/Exam-70-761-Querying-Data-Transact-SQL-dp-1509304339/dp/1509304339/ref=mt_paperback?_encoding=UTF8&me=&qid=
Congratulations!! I started out using the Lammle book as well but also used the official Cisco books to make sure I had coverage for the blueprint items the Lammle book didn't cover (I studied before the current version was released). Make sure to keep the ICND2 blueprint in mind while you study, you'll do great!! :)
The CCNA one is in very high demand. I took part in a lecture held by Todd Lammle at Birmingham City University a few months ago. He basically said the best jobs to get into right now are communications, virtualization and web aplication development. It's kind of obvious really considering the trend towards cloud computing, on demand services and most importantly converged networks.
If you want to do the CCNA I would recommend skipping CompTIA N+ all together. But be warned CCNA is not something you can jump into that easily. From my experience, which isn't that much but it is a little, best books for the CCNA are the ICND1, ICND2 and Todd Lammle's CCNA Study Guide. I strongly recommend taking a course for the CCNA as the practice is not easily achieved at home (lack of equipment unless you have money to spend on second hand cisco routers, switches, cables, etc.).
Other than that, best of luck!
As for the Microsoft ones... meh, a book and a few virtual machines should get you sorted.
If you haven't read this already then please do - 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them.
The book covers a wide range of coding errors such as SQL Injection, Web Servers & Clients, URL's, Cookies, Buffer overruns, etc. I'm currently pairing this with the WAHH2 and it is an amazing resource at understanding the underlying code that causes such vulnerabilities.
At the same time OWASP provides great resources for developers. And the Google Gruyere app allows you to actually exploit some HTML and HTTP Vulnerabilities and go through the code, with steps on how to mitigate it.
Hope that helps. Cheers!
Shon Harris's new book, updated by Fernando Maymi is an excellent study and certification prep. We use this book when delivering training to our DoD clients.
https://www.amazon.com/CISSP-All-One-Guide-Seventh/dp/0071849270/ref=sr_1_1?ie=UTF8&qid=1484067461&sr=8-1&keywords=cissp+shon+harris
Eventually, you may want to look at picking up High-Security Mechanical Locks: An Encyclopedic Reference.
best advice i can give is to start reading anything and everything you can get your hands on related to programming, operating systems, networking, security, etc......
a few books i'm reading/have read/on my list to read and all are excellent starting points:
BackTrack 4: Assuring Security by Penetration Testing (this book was just released and still relevant when using BackTrack5)
Metasploit: The Penetration Tester's Guide
Ninja Hacking: Unconventional Penetration Testing Tactics and Techniques
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning
Gray Hat Hacking The Ethical Hackers Handbook, 3rd Edition
plenty of links to keep you busy for awhile:
Open Penetration Testing Bookmarks Collection
Not an expert but I have read a lot of posts saying that 2016 is still young. Take the 2012 first. I am currently reading from this book and I find it great :
https://www.amazon.com/dp/111885991X/ref=tsm_1_fb_lk
You might want to pair it with : Learning Powershell in a month of lunches. It's a bestseller on Amazon and highly recommended.
Edit : what did you use for CCNA ? I have started it in the past but I find the prices exorbitant for seminars !
I subscribed to CBTnugget couple weeks prior to my test to recap with the videos, and it gives you access to Transcender test which in and of itself is worth it. It's a great practice test. I like how it explains why the wrong answers are wrong. It comes with digital flash cards too.
I got around 50 questions. Besides powershell, make sure you know Hypver-V really well and study up on IPv6 too.
I used Don Poulton's 70-410 book mainly and William Panek's MCSA Complete Study Guide as supplement.
Good luck!
Grab a copy of the official study guide.
https://www.amazon.com/Certified-Information-Security-Professional-Official/dp/1119042712/
Which one did you think was better?
1000 online practice exam questions that come with the Official Study Guide 7th Edition - http://sybextestbanks.wiley.com/course/start/id/102
vs. CISSP Official (ISC)2 Practice Tests - Chapple, Seidl Amazon
The Sybex study guide will be available on April 24th. I plan on buying that, studying for a month, then taking a shot at the exam in late May.
Hey u/mertino11,
To answer your questions:
Get this book and study it, and actually do all of the exercises and questions until you're comfortable.
I have an INE course on Implementing Cisco ASA Firewalls
if you're looking for videos.
For books, the best resource is Cisco ASA: All-in-one Next-Generation Firewall, IPS, and VPN Services.
Cisco has lots of good free documentation, as long as you know how to sort through it, such as the Cisco ASA 5500-X Series Firewalls Configuration Guides and Cisco ASA 5500-X Series Firewalls Configuration Examples and TechNotes.
If you have a Cisco support contract you can download the Adaptive Security Virtual Appliance (ASAv)
and run it on a hypervisor like VMWare ESXi.
INE also rents Security racks that have ASA 5510 and ASA 5515X in them if you want to play around with physical hardware.
Good luck!
Here is the CCNA path as printed on Cisco's website. My recommendation would be to take the 100-101 (ICND1) to earn the CCENT, then after passing that test take the 200-101 (ICND2) for the CCNA. I own the OCG books intended for the seperate tests, I am not sure if the OCG for 200-120 has it split for single tests. In the Sybex CCNA Routing and Switching book by Lammle, it does split into sections for the CCENT and CCNA.
There is a composite test that will get you the CCNA in one test, it is more expensive ($250 USD I think), versus the ICND1 and ICND2 being $150 USD each. I recommend the seperate tests, you can think of splitting up the CCNA test into two exams as using a checkpoint in a video game. No sense in starting over if you make a mistake or don't fully understand a topic. I think most here will agree, and most taking the 200-120 will be doing it for a re-certification or have years of experience in the technology.
Also keep in mind the questions on the exam are likely different than what you are used to. There are multiple-answer multiple choice, matching, simlets, etc. If you make the mistake and click Next before answering all the sections on a Simlet it will move to the next question. To get used to the question format, I would highly recommend investing in the Boson practice tests for your exam. They will help link all of the topics in your head and prepare you for success in your endeavor. At the Boson site there should be some sample tests if you question their quality. Good luck.
well, to get started in networking I would recommend Cisco.com There is a lot of info in the tech part of the site.... Just kidding, that is where you'll eventually end up reading though... (and hopefully enjoying it)
The first thing to do is make a choice. In networking there are several different paths you could take. Voice, Routing & Switching, Security, Design or service provider stuff... among others.
It all begins with one to three exams. If you want to bypass your network+ and go straight for your Cisco certs it will be 1 or 2 exams, then pick up the CCNA books from Cisco Press. They are extremely beneficial, and the Official Exam Certification Guides for ICND1 and 2 also come with CDs that have a practice exam environment that is very similar to the actual test. Grab the Box set, it comes with both, and is cheaper.
Also, I would recommend scouring Ebay for some decent switches and routers. I highly recomment grabbing a Cisco2511 (and not the RJ45 one, the one that takes the Octal Cable.) As much as I hear people talking about GNS3 and Packet Tracer, I understand it works (I use GNS3 myself, but also have a sweeeeeet home lab setup) I still think hands on with the equipment is more important than only the config.
Also, I really don't have any experience with Juniper, but from what I've seen there isn't much difference, just syntax and terminology. I'm sure there are some Juniper guys on here that might be able to give you some info.
Cisco CCNA Routing and Switching 200-120 Official Cert Guide Library AND CCNA Routing and Switching Portable Command Guide (3rd Edition)
NOTE I do not have a CCNA yet, however this is what I am going to be using to study for it.
Thank you for the very detailed reply. Where does VMware and other virtualization fit into that as well if you don't mind, a lot of the entry jobs around here will probably be dealing with that as I'm near a port city and heavy industry is huge here. Everything they do is on VMware usually to train their employees, etc. Is a CCNA/CCNP cert going to cover most of the bases on virtualization? They also just opened an Amazon warehouse here one reason why I thought the right thing to do was to pick the brains of some seasoned IT professionals and ask about AWS.
Here is what I was looking at picking up to learn.
https://www.amazon.com/gp/product/1587205815/
https://www.amazon.com/gp/product/1587205904/
https://www.amazon.com/gp/product/B00SA7XKZC/
You are looking for this book High-Security Mechanical Locks: An Encyclopedic Reference
Are you a mechanical engineer? Id love to compare designs.
So I was digging around in the High-Security Mechanical Locks: An Encyclopedic Reference and I found this paragraph. Might help lead you in the right direction.
> In some locks (e.g., American and Laperche), antipicking lower pins are also used. This idea was mooted around 1940 in a patent by Crousore (Fig. 2.22), which called for grooved upper and lower pins cooperating with a channel in the plug. An even earlier method that involved modifications to the lock cylinder was presented in a 1928 patent (US 1,739,964).
Well for starters, the CASP was just updated. Prior to that it hasn't been updated since it released in 2011. So it became increasingly out of date. On top of that, there have been other more recognized certs out there that seemed to be in more demand. This isn't to say that will change.
Also keep in mind, most people are only aware of the CompTIA trifecta. Even Linux+ until recently was considered a joke as well. It wasn't until they teamed with LPI that it started to gain momentum.
As for studying for the CASP here are some resources you may look at.
It was this book. I have A+, Sec+, and FOI besides CASP. I used to work helpdesk for 2 years and moved up to a JR sysadmin position recently (3-6 months).
1.) 874/900
2.) CAS-002 cert guide by Robin Abernathy and Troy McMillan
3.) Currently I'm a contractor for the army. I'm apart of a security assessment team and plan on staying on this path for now. As for the future I'd love to move into an IAO role.
http://www.amazon.com/gp/aw/d/0789754010/ref=pd_aw_sim_14_2?ie=UTF8&dpID=51ueq5geAvL&dpSrc=sims&preST=_AC_UL100_SR100%2C100_&refRID=19QR78KRB5Y0Y3HBCC48
By the way, I passed both of the exams on my first try. I'm not saying this to boast but to point out that I derived some benefit from all of the study materials I used (including the stuff from uCertify) and that using all of them helped me pass. Dollar-for-dollar, the best source to prepare for the exams (AFTER you've done all of the reading from whatever sources you end up using) is a book by David Prowse that contains 640 practice test questions with detailed answers. Link: https://www.amazon.com/CompTIA-220-901-220-902-Practice-Questions/dp/0789756307/ref=sr_1_2?s=books&ie=UTF8&qid=1468412764&sr=1-2&keywords=david+prowse+901
If you're looking for an intro that will get you doing hands-on stuff quickly, I definitely recommend "Practical Packet Analysis: Using Wireshark...". Only if you want something that's far from textbook-y and will give you some insight into doing casual sysadmin type stuff. Also, "Nmap Network Scanning" will get you doing some hands-on fun activities as well. Just pay attention to local laws before doing anything that might raise red flags.
everyone recommends TCP/IP illustrated, and I've still got that on my shelf and to-do list. Can't lose there.
I squeaked by on the 412 with a score of 720. I studied for 3 months, at least a couple hours a day though I am sure I skipped a day here and there. Are you labbing? Hands on is critical. Were you weak in the same areas on both tests?
These are the books I used: Training Guide by Orin Thomas and the Exam Ref also by Orin Thomas.
I also followed the Pluralsight video series and basically built out his lab. I spent a lot of time reading technet. For practice exams I used Kaplan and Boson; Boson was expensive and kicked my ass but in a good way and their answer explanations are awesome.
Another method I found helpful is to copy out the exam objectives and then use those as an outline for detailed notes. I used OneNote so I could pull them up whenever I wanted, sitting in a drive thru, getting an oil change etc. For final prep make another copy of the objectives and plug in everything I can think of relating to the topic from memory and then compare to my notes.
For the earlier exams I did the CBTNuggets series with the virtual labs but the 412 series didn't have labs so I skipped it, and I think that hurt me. I still did labs on my own but being able to hop on from anywhere and run through stuff was really helpful. I also skipped the Complete Study guide by William Panek which I had used for 410/411. I think I just had exam fatigue and was tired of studying.
Hope that helps!
> https://www.amazon.com/Certified-Information-Security-Professional-Official/dp/1119042712
That's the official study guide for the exam. The CBK is the Common Body of Knowledge which is intended to teach you the concepts.
I'm studying and both are dreadfully boring. I'd start with something like the CBT Nuggets videos, which will introduce you to the topics in a fun and engaging manner - then hit the dry book work hard when you feel you're ready.
If you start with the official CBK or study guide, it might turn you off. It's a lot of dry reading.
i am also using the udemy videos plus this book https://www.amazon.com/CompTIA-CySA-Study-Guide-CS0-001/dp/1119348978/ref=pd_lpo_sbs_14_t_1?_encoding=UTF8&psc=1&refRID=Q1HMEANW19CTDCH8E366
as /u/supergeniusluie stated the fast track tools are great and what i used for my JNCIA-JUNOS. I then used the below books with some real gear for my JNCIA-ENT, JNCIS-ENT and JNCIP-ENT. sadly my last few stops havent had any juniper and all my JNCIA-FWV were on the ScreenOS so i may not be the most up to date. I hear you can integrate the new juniper virtual router into VIRL though (even though its expensive).
https://www.amazon.com/Juniper-Networks-Warrior-Guide-Implementations/dp/1449316638/ref=sr_1_1?ie=UTF8&qid=1475007466&sr=8-1&keywords=juniper+network+warrior
https://www.amazon.com/Junos-Enterprise-Routing-Practical-Certification/dp/1449398634/ref=sr_1_1?ie=UTF8&qid=1475007491&sr=8-1&keywords=juniper+network+routing
https://www.amazon.com/JUNOS-Enterprise-Switching-Harry-Reynolds/dp/059615397X/ref=sr_1_3?ie=UTF8&qid=1475007563&sr=8-3&keywords=juniper+network+switching
https://www.amazon.com/JUNOS-Cookbook-Cookbooks-OReilly-Garrett/dp/0596100140/ref=pd_bxgy_14_img_2?ie=UTF8&psc=1&refRID=VGTJEBZR1JWAP2MHBBFZ
> Does Juniper have a Similar program to Packet Tracer?
No, but kind of.
https://www.juniper.net/us/en/products-services/nos/junosphere/
> What materials are best to study for the JN0-102?
Juniper has some good training videos on their website. CBTNuggets also has some. Never watched any Youtube channels that might cover Juniper, but they do exist.
Books:
https://www.amazon.com/Junos-Enterprise-Routing-Practical-Certification/dp/1449398634/ref=sr_1_3?ie=UTF8&qid=1495212847&sr=8-3&keywords=jncia
https://www.amazon.com/Junos-Enterprise-Routing-Practical-Certification/dp/1449398634/ref=sr_1_3?ie=UTF8&qid=1495212847&sr=8-3&keywords=jncia
https://www.amazon.com/Juniper-Networks-Warrior-Guide-Implementations/dp/1449316638/ref=la_B007IVLZ8K_1_2?s=books&ie=UTF8&qid=1495212854&sr=1-2
> What other advice can you give coming from mainly cisco knowledge
If you have CCNA or greater, just get used to the commands and the inter-workings of JuneoS.
Ok you've decided to do it. here is my $.02
Checkout The Cisco Network academy and see if they have any locations near by. Generally they are done as adult school classes, or at community colleges. Its great training ( Cisco curriculum), led by certified instructors, for generally pennies on the dollar.
If that turns out to be not an option the self study books are the next best thing. Take your time, do all the DIKTA Q's (Do i know this already) and end of chapter review questions. Be honest with yourself if you get 1 out of 2 answers on a "choose the best two answers" type of question mark it wrong. As you read, and a concept isn't clear, keep going back until you get it. If you cant get it, us ask here, thats why we have this.
Protip: start taking multi vitamins , it helps with memory, retention, and focus. Keep taking them at least till you pass the test.
If you need anything else or you have any more questions please ask /r/ccna were here to help!
Depends what you want to do.
A CCNA is a networking certification which will involve building a solid understanding of all fundamentals (and even some trickier areas) of networking only. Computer science is the study of how computers are used in the world around you, and networking is really just one small piece of that.
If you'd like to start a career in systems administration and networking, go get yourself the CCNA and then a Microsoft cert that interests you. Buy the CCNA books here: http://www.amazon.com/CCENT-ICND1-640-822-Official-Edition/dp/1587204258/ref=pd_sim_b_1?ie=UTF8&refRID=1XTT3GRD3TCRMTQQTV3N
DO THE LABS AND TESTS!
You can also sign up for CCNA classes at any on-line class from any community college. This shouldn't take you more than a few months. If you're going super slow, maybe 6 months.
After you've got that down, look into the Microsoft side of things here:
https://www.microsoft.com/learning/en-us/certification-overview.aspx
The new MCSE will get you far and I highly recommend digging into ANYTHING you can that's cloud and virtualization related, because 10 years from now everything helpdesk level is going to be handled my machines.
If you want to do actual computer science, there are great careers to be had but you should consider what you want to do with a computer science degree before you jump down that path. Check out the curriculums at local colleges to see what interests you. Here's the spring semester at U-Mass Amherst for example:
https://www.cs.umass.edu/ugrad-education/spring-15-course-schedule
Good luck!
If you really want in-depth knowledge, I would go with TCP/IP Illustrated. It has recently been updated and pretty much covers the gamut of all things networking.
If that looks a little too daunting, you can go with a CCENT book (Lammle and Odom tend to be the best writers, IMO). It does cover Cisco products, but the concepts in it are primarily vendor neutral. Hope that helps.
Honestly, I would get your hands on the CCNA Routing and Switching portable command guide, if you need a physical reference, most of the commands and stuff you can do are public knowledge even without that.
If you have not already, look into GNS3 and setup some virtual routers there, if you want to play around with routing protocols, they have not yet released their virtual switching, but there is only so much you can do with one router. There is a laundry list of labs you can do from: Free CCNA Lab Workbook to get the basics down.
You should check out this book:
CCNA Routing and Switching Portable Command Guide (3rd Edition)
This book is amazing and well worth it. Good reference material.
> I asked for personal recommendations.
No. No, you didn't.
Scroll back up there and read the actual words you provided to us.
Here, let me help you:
> I am looking for an additional resource (preferably a text book because for some god forsaken reason, text books are the only books I enjoy to read) for a secondary CCNA source.
That is not a personalized request. That's a shotgun blast.
What resources have you discovered on your own? Which resources seemed interesting to you? Can we help you choose between a specific list of things you've found?
When you read the FAQ over in /r/ccna what did you think of their recommended reading list?
When you ask a broad, unfocused question like that and don't provide any evidence or indication that you've done any research or put any effort into it, it comes across as laziness.
Compare these two sentences examples:
"I want to get my CCNA. Can someone suggest a book on the subject?"
or
"I want to get my CCNA. I read <blog> and <article> and I see lots of positive comments for these two books <URL> and <URL>, but I also hear good things about CBTNuggets. Can someone help me choose? I really only want to spend about $100 on this."
See how that first example gives us nothing to work with, and makes us ask all the questions & do all the work for you?
See how the second example puts more of the work effort on you to explain the situation and help us understand what you've already done to find this answer on your own?
That is what effective communication looks like when you are communicating via electronic text. You might make a note of it.
-----
The two most popular books on CCNA R&S are:
The two books from Wendell Odom, part of the official Cisco Press offering:
ICND1
ICND2
And the Todd Lammle books:
CCNA Routing and Switching Complete Study Guide
https://www.boson.com/netsim-cisco-network-simulator
The All-In-One: https://www.amazon.com/Routing-Switching-200-125-Official-Library/dp/1587205815
Or
Separate: https://www.amazon.com/CCENT-ICND1-100-105-Official-Guide/dp/1587205807
https://www.amazon.com/Routing-Switching-ICND2-200-105-Official/dp/1587205793
31 Days Before (Refresher): https://www.amazon.com/Days-Before-Your-Routing-Switching/dp/1587205904
Udemy - Chris Bryant: https://www.udemy.com/ccna-on-demand-video-boot-camp/
I heard Stormwind Studios has a nice course. I haven’t looked up the price.
You can start with the same book I did... seriously
https://www.amazon.com/Networking-Dummies-Doug-Lowe/dp/111925776X/ref=sr_1_2?ie=UTF8&amp;qid=1503420588&amp;sr=8-2&amp;keywords=networking+for+dummies
There was a line in the forward from an older version of the book that stuck with me; "From this moment on everything is your fault"
The Cisco CCNA books are actually pretty good for reference
https://www.amazon.ca/CCENT-ICND1-100-105-Official-Guide/dp/1587205807/ref=sr_1_5?ie=UTF8&amp;qid=1503420668&amp;sr=8-5&amp;keywords=ccna
https://www.amazon.ca/Routing-Switching-ICND2-200-105-Official/dp/1587205793/ref=sr_1_6?ie=UTF8&amp;qid=1503420668&amp;sr=8-6&amp;keywords=ccna
As Epic has already stated the best book is Lammle, but I also like Odom's ICND1 & Odom's ICND2 as well. I would also suggest doing ITProTV or Chris Bryant for training videos.
Bryant lacks any lab documents, but you can download packet tracer and just pause the video and screenshot anything you need to do the labs.
If you spring for the high plan from ITPro you get access to labs and practice tests. I would skip the practice tests and spend the money on Boson ICND1/Boson ICND1&2
As far as books go, they don’t cost $750 I think you were looking at a kit or a combination of things that has books maybe and simulators. The books cost if I remember correctly $24 to $30 each.
CCENT/CCNA ICND1 100-105 Official Cert Guide https://www.amazon.com/dp/1587205807/ref=cm_sw_r_cp_api_i_MRv7Ab1WQ22CS
CCNA Routing and Switching ICND2 200-105 Official Cert Guide https://www.amazon.com/dp/1587205793/ref=cm_sw_r_cp_api_i_8Rv7AbZF8A1A5
This book is helpful and will give you some basic understanding. If you're not working in the system all the time, don't sweat not knowing the background or super technical aspects.
Si, ci sono i libri e molto altro materiale da poter integrare:
Libri ufficiali: Link Amazon Guida Ufficiale a prima vista possono sembrare enormi (e lo sono, quasi 2000 pagine se non erro), ma imparando ad usarli sono la miglior fonte di studio possibile per prepararsi, dividendo l'esame in due (come i libri appunto).
Guida per i comandi: Link Amazon Comandi è appunto una lista di tutti i comandi per iOS (il sistema operativo di cisco) con una breve spiegazione per ognuno.
Ripasso finale: 31 Days before your exam libro ufficiale per il ripasso partendo 31 giorni prima dell'esame.
Molto utile per ricontrollare tutti gli argomenti.
Per fare esercitazioni e lab scaricati Packet Tracer dal sito di Cisco, in rete o su udemy troverai vari esercizi da poterci simulare.
Ti consiglio inoltre questo video corso su udemy, ti fornisce anche molto materiale di test (domande, fac-simili, esercizi) per soli 10€ Corso udemy prima parte
&#x200B;
Per quanto riguarda l'esame, è un mondo a se rispetto a tutti gli altri esami che probabilmente avrai già fatto: gli esami Cisco pretendono un punteggio molto alto per passare (generalmente sopra l'80/85%) e spesso le risposte non sono quelle più giuste ma quelle che Cisco ritiene che lo siano. Ti consiglio di prendere un simulatore di esame, ad esempio il Boson, e fare esercizi con quello...
Per il resto, in bocca al lupo! Spero di non averti messo ansia ma è un esame "particolare" :)
24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them is good
Unfortunately, most of the university programs lag significantly behind industry. I've interviewed candidates with graduate degrees in cybersecurity that were not aware of most modern techniques used to find persistent adversaries. The good things those programs provide is a broad coverage of information security as a whole.
I saw you mention "finding the vulnerabilities before the bad guys do". Unfortunately, in the real world the code is either unpublished and you're a software security consultant, analyst, or tester, or it is published and you're fixing a hole that the adversary has already discovered. If your interest is in the software security side, I would recommend two books above all others.
The 24 Deadly Sins of Software Security: https://www.amazon.com/Deadly-Sins-Software-Security-Programming/dp/0071626751?_encoding=UTF8&amp;%2AVersion%2A=1&amp;%2Aentries%2A=0
Writing Secure Code: https://www.amazon.com/Writing-Secure-Code-Strategies-Applications/dp/0735617228/ref=sr_1_1?s=books&amp;ie=UTF8&amp;qid=1499038741&amp;sr=1-1&amp;keywords=writing+secure+code
That said, there is also a lot of work in the systems engineering side of the house - along the lines of credential theft and secure enterprise design. If you think this might be interesting to you, I would recommend reading papers such as these:
Microsoft Pass the Hash Whitepaper: https://www.microsoft.com/en-us/download/details.aspx?id=36036
Think Like a Hacker (shameless plug for my book): https://www.amazon.com/Think-Like-Hacker-Sysadmins-Cybersecurity/dp/0692865217/ref=sr_1_sc_1?ie=UTF8&amp;qid=1499038880&amp;sr=8-1-spell
Cybersecurity is typically broken into various subfields, such as reverse engineering, forensics, threat intelligence, and the like - each with its own set of tools and skills. Ultimately, I would recommend attending a decent hacking conference such as DEFCON, DerbyCon, ShmooCon, or the like to get familiar with the field.
Not sure what everyone uses, but http://www.amazon.com/Deadly-Sins-Software-Security-Programming/dp/0071626751 is a good place to start. Not all internet stuff, but the base ideas of how hacking works.
TL;DR:http://i.imgur.com/zHYn6Zd.jpg
CISSP as there are more training resources available. Do your own research though.
&#x200B;
Take a look at these resources:
CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide
https://www.amazon.com/gp/product/1119042712/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=1119042712&linkCode=as2&tag=mc00-20&linkId=C7HNX553XYF3YBVA
&#x200B;
CISSP All-in-One Exam Guide, Seventh Edition 7th Edition
https://www.amazon.com/CISSP-All-One-Guide-Seventh/dp/0071849270/ref=sr_1_1?s=books&ie=UTF8&qid=1541218380&sr=1-1&keywords=shon+harris+cissp
&#x200B;
Pluralsight:
https://app.pluralsight.com/paths/certificate/cisspr-certified-information-systems-security-professional
&#x200B;
CBT Nuggets:
https://www.cbtnuggets.com/it-training/isc2-cissp-2015
This was my textbook for my cybersecurity class and never before have I ever learned so much from a class or textbook. It's technical yet extremely understandable. The best cybersecurity methods are the simplest ones, the ones that make sense. ITGCs are covered, though they don't call them that. If you read this book thoroughly and studied you could pass the CISSP cert and be in fantastic shape. That's my plan. I have this eBook too if you want to PM me your email, as the book is rather expensive. This is known as the "Bible" for the CISSP exam.
Edit: CISSP All-in-One Exam Guide, Seventh Edition https://www.amazon.com/dp/0071849270/ref=cm_sw_r_cp_api_MljtzbZ9CJ7ZV
These two subjects are very well explained by the CISSP All in One (created by Shon Harris)
https://www.amazon.com/CISSP-All-One-Guide-Seventh/dp/0071849270/ref=pd_sbs_14_t_0?_encoding=UTF8&amp;psc=1&amp;refRID=4D3GRA6EEWEVVRQ0F39J
Hi Roboman,
If your current position falls within the realm of the Security+ Cert, go after it. If you are hungry to gain knowledge in this field, I recommend https://www.amazon.com/CISSP-All-One-Guide-Seventh/dp/0071849270. You will crush the Security+ exam and the CISSP exam if you engulf this material. If you want a good career in IT Sec, this will help you tremendously. Happy Holidays!
Though it's expensive, High-Security Mechanical Locks: An Encyclopedic Reference by Graham Pulford is a fantastic book. It's focused more on the mechanical aspects of higher security locks, most of which are relatively recent, but it does briefly go through the history and development of each lock type, and includes an extremely wide variety of mechanisms.
High-Security Mechanical Locks: An Encyclopedic Reference
by Graham W. Pulford
Huh, when I copy the text of the comment, I get this: High-Security Mechanical Locks: An Encyclopedic Reference
by Graham W. Pulford
But I just see a comment or it pasted with no text when I view your comment on the official Reddit app. Weird.
Here is the desktop version of your link
The cert guide is good and covers pretty much everything. There is an iOS app from LearnZapp that covers CAS-002 which is based on the cert guide. That being said, nothing really covers the PBQ's which in my case I had 10 of them. CAS-002 is being deprecated and replaced by CAS-003. So I am not sure what all of those changes will encompass.
&#x200B;
https://www.amazon.com/CompTIA-Advanced-Security-Practitioner-CAS-002/dp/0789754010
&#x200B;
I used this and this. Both together are more than you'd need. If you have Sec+ and have even a small amount of industry/best practice/common sense experience, you'll be fine.
Not advocating them, but I'm sure there's braindumps for it, as it is entirely multiple choice, other than a few simulations at the beginning.
I used the practice questions only version, found at my local Barnes & Noble. Here it is on Amazon.com:
https://www.amazon.com/CompTIA-220-901-220-902-Practice-Questions/dp/0789756307
The format of the book is four practice exams for each test, of increasing difficulty. Start at Test A and take it until you get at least 90%, then move on to B. Similarly for C and D.
It comes with an activation code to set up an account on the Pearson web site. The book says you can download a Windows program for taking practice tests, and this is true. However, Pearson now also has a web-based version of the test engine, which I recommend over the fairly creaky Winows program. (I'm running a Mac, so YMMV.)
The web-based engine is found here:
http://pearsontestprep.com
There's a bonus exam for each test on the web site/Windows program, too, which were more difficult but shorter than the A, B, C, and D tests.
The book/web test engine worked out really well for me. It's not a study guide, but I didn't have the time to read something with more pages, and there is a reasonably full explanation of all of the questions, including what the wrong answers are and why they're wrong. I found this sufficient for my study guide, although it's a bit hard to find the text again afterwards.
I ended up using the Review feature of the web test engine to list all the questions and answers, then copied this to a text file. This worked really well.
Best of luck to you!
I only have the book, not the practice questions. Although, the book does come with 5-10 practice questions at the end of each chapter. It also comes with a cd with a practice test at the end. And some videos as well. I highly recommend it, it cuts to the chase unlike the mike Meyers book which gives every single detail.
Book is here: https://www.amazon.com/CompTIA-220-901-220-902-Exam-Cram/dp/0789756315
Practice questions here, although I don't have experience with this one: https://www.amazon.com/CompTIA-220-901-220-902-Practice-Questions/dp/0789756307/ref=sr_1_2?s=books&amp;ie=UTF8&amp;qid=1536027807&amp;sr=1-2&amp;keywords=Exam+cram+a%2B+practice+questions
Professor Mike Meyers is pretty good. He does what I like to call KISS: Keep It Simple Stupid. Follow his videos on Udemy with his textbooks. He's my main source but I'm also using this Exam Cram book and this one with practice questions. There are Kindle versions for both if you want, and they're cheaper than the physical copies.
The examcram stand alone practice test book
https://www.amazon.com/dp/0789756307/ref=cm_sw_r_cp_apa_i_DWRACbYTJ65VF
I found the exam cram practice question book to be useful. I comes with a lot more questions on the CD.
This is what I used:
CompTIA A+ 220-901 and 220-902 Practice Questions Exam Cram https://www.amazon.com/dp/0789756307/ref=cm_sw_r_cp_api_BItJzbN7CE4JE
>read the book by Gordon "Fyodor" Lyon if you're not familiar
Is this the book you're referring to? I'm following this thread too due to my position where I work. :)
(this is my copy paste when people ask where to start, I recommend these books quite frequently, and I'll be honest, most of them can be "acquired" through other means than buying.)
If you have no Linux Knowledge, I would recommend these two books: http://www.amazon.com/Introduction-Unix-Linux-John-Muster/dp/0072226951
http://www.amazon.com/Introduction-Linux-Manual-Student-Edition/dp/0072226943/ref=pd_bxgy_b_text_y
I would also recommend getting a book on windows server: http://www.amazon.com/Mastering-Microsoft-Windows-Server-2008/dp/0470532866
After going over those you should have a fundamental understanding of Unix/Linux
Then I would recommend this if you need to brush up on your basic networking knowlege:
http://www.amazon.com/CompTIA-Network-Deluxe-Recommended-Courseware/dp/111813754X/ref=sr_1_1?s=books&amp;ie=UTF8&amp;qid=1369292584&amp;sr=1-1&amp;keywords=network+%2B+delux+guide
Some security theory wouldn't hurt: I'd recommend these in no particular order:
http://www.amazon.com/The-Basics-Information-Security-Understanding/dp/1597496537/ref=pd_rhf_se_s_cp_7_FHWA
http://www.amazon.com/gp/product/1597496154/ref=s9_simh_se_p14_d0_i6?pf_rd_m=ATVPDKIKX0DER&amp;pf_rd_s=auto-no-results-center-1&amp;pf_rd_r=6289C56ED33B4C108B60&amp;pf_rd_t=301&amp;pf_rd_p=1263465782&amp;pf_rd_i=itia2300
And now we actually start getting into penetration testing:
http://www.amazon.com/Metasploit-The-Penetration-Testers-Guide/dp/159327288X/ref=pd_rhf_se_s_cp_3_FHWA
http://www.amazon.com/The-Basics-Digital-Forensics-Getting/dp/1597496618/ref=pd_rhf_se_s_cp_6_FHWA
http://www.amazon.com/Advanced-Penetration-Testing-Highly-Secured-Environments/dp/1849517746/ref=pd_rhf_se_s_cp_8_FHWA
http://www.amazon.com/Nmap-Network-Scanning-Official-Discovery/dp/0979958717/ref=pd_rhf_se_s_cp_10_FHWA
Full disclosure: I have used all these books in my studies. I am not affiliated in any way with these authors, this also isn't something you can just "master" in 24 hours; you may however learn a few cool tricks early. My advice would be to keep at it, not only read these books, but setup Virtual environments to test these concepts in.
Those books I listed should give you a fundamental understanding of: Linux, Windows server, Networking, Information security theory, computer forensics, and basic penetration testing.
I would also recommend you take up a scripting language, Python is pretty simple to learn if you haven't already, and insanely powerful in the right hands.
I'm actually starting this path myself.
I think I'm going to be starting with these books:
https://www.amazon.com/Windows-Server-Complete-Study-Guide/dp/111885991X/ref=sr_1_1?ie=UTF8&amp;qid=1466108469&amp;sr=8-1&amp;keywords=mcsa+server+2012
Or the individual books if I can find them.
I would recommend if you can afford the $99 for CBT Nuggets to check those out too
The other nice thing is I think that the certs are good as long as the software is used - Server 2012 is valid for support until 2023 so it's a nice long duration cert to have
Thanks!
Panek's Sybex is pretty good yeah. I helped write some of it. Was fun. Link to the book at Amazon: http://www.amazon.com/Windows-Server-Complete-Study-Guide/dp/111885991X/ref=asap_bc?ie=UTF8
This one covers all 3 tests pretty well.
Sybex actually has a newer CISSP book that covers the new domain format. http://www.amazon.com/Certified-Information-Security-Professional-Official/dp/1119042712/ref=sr_1_1?ie=UTF8&amp;qid=1458704710&amp;sr=8-1&amp;keywords=sybex+cissp . I found the Shon Harris All-in_one book very difficult to read cover to cover. I used it for reference.
Certified Information Systems Security Professional Official Study Guide
There's also this https://www.amazon.com/CISSP-Official-ISC-Practice-Tests/dp/1119252288/ref=dp_rm_title_0
Hi, Thanks for sharing in details.
are these two items same,
Sybex practice test bank 4x250 question exams And Sybex Practice text book? https://www.amazon.com/CISSP-Official-ISC-Practice-Tests/dp/1119252288.
if not, how can I get the 4x250 questions?
Thanks
thats this guy right?
https://www.amazon.com/CISSP-Official-ISC-Practice-Tests/dp/1119252288/ref=sr_1_1?ie=UTF8&amp;qid=1498778594&amp;sr=8-1&amp;keywords=cissp+official+test+book
the testing app on my phone is pulled from this book i believe
No, its a different book.
https://www.amazon.com/CISSP-Official-ISC-Practice-Tests/dp/1119252288/ref=sr_1_2?ie=UTF8&amp;qid=1500562635&amp;sr=8-2&amp;keywords=isc2+cissp
cccure.org is considered by most to be the defacto question bank and the best way to prepare. I have found that the Sybex Official Practice tests online are just as good if not better and will save you a few bucks if that's a problem. The one thing I WILL say bad about it is at times it lags very bad.
https://www.amazon.com/CISSP-Official-ISC-Practice-Tests/dp/1119252288/ref=sr_1_2?ie=UTF8&amp;qid=1481206384&amp;sr=8-2&amp;keywords=sybex+cissp
I would imagine that this is the book. https://www.amazon.com/CompTIA-CySA-Study-Guide-CS0-001/dp/1119348978/ref=sr_1_1?ie=UTF8&amp;qid=1518465950&amp;sr=8-1&amp;keywords=sybex+csa
It seems to be often recommended.
i used this book
https://www.amazon.com/CompTIA-CySA-Study-Guide-Packaging/dp/1119348978/ref=mp_s_a_1_3?keywords=cysa%2B&amp;qid=1565555748&amp;s=gateway&amp;sprefix=cysa&amp;sr=8-3
and this video course
https://www.udemy.com/comptiacsaplus/
I agree. I would look into virtual labs too.
I personally liked these:
https://www.cybrary.it/catalog/practice_labs/comptia-cybersecurity-analyst-csa
And the Sybex book and practice questions:
https://www.amazon.com/CompTIA-CySA-Study-Guide-CS0-001/dp/1119348978/
https://www.amazon.com/CompTIA-CySA-Practice-Tests-CS0-001/dp/1119433207/
Edit: CompTIA renamed Cybersecurity Analyst from CSA to CySA. So you will see a mix for a while.
Yeah he's great!
https://www.google.com/url?sa=t&amp;source=web&amp;rct=j&amp;url=https://www.amazon.com/CompTIA-Cybersecurity-Analyst-Certification-CS0-001/dp/126001181X&amp;ved=2ahUKEwiezIummY7lAhVzIqYKHesCCKkQFjAAegQIBRAB&amp;usg=AOvVaw1aUg1VXkH1whQQvROIqE8W
Honestly, I just took the assessment blind after beginning the class and passed it. I have experience in the field, but I recently did this Professor Messer course to get my Sec+ and the majority of the knowledge was in that YouTube course.
You can watch the Professer Messer material in a weekend if you watch it at 1.25 speed, again just take notes on things that don't immediately click for you and pay special attention to those in other training material.
This series of books is good in general for CompTIA exams: On Amazon , they always have end of chapter quizzes that map pretty well onto exams.
How are you doing on the practice exams? Any special areas that aren't clicking for you?
I've used Cybrary's practice exams in the past and found them pretty okay:https://www.cybrary.it/catalog/transcender_tests/comptia-cysa-practice-exam/
https://www.amazon.com/gp/aw/d/126001181X/ref=mp_s_a_1_2?ie=UTF8&amp;qid=1520706009&amp;sr=8-2&amp;pi=AC_SX236_SY340_FMwebp_QL65&amp;keywords=csa%2B&amp;dpPl=1&amp;dpID=515Z0goTp7L&amp;ref=plSrch
for less than 100$ you have the o'reilly:
http://www.amazon.com/Junos-Enterprise-Routing-Practical-Certification/dp/1449398634 this one is mostly on EX series, but ospf, bgp, mutlicast, cos works almost the same on MX. Don''t find if there is one dedicated to service providers
If you're a quick study, this one is a great crash course:
https://www.amazon.com/Exam-70-761-Querying-Data-Transact-SQL/dp/1509304339/
I used that to brush up for the exam and pick up on new SQL Server 2016 stuff I hadn't used.
I completed the 70-761 T-SQL exam.
For the exam I used:
https://www.edx.org/course/querying-data-with-transact-sql
https://www.amazon.com/Exam-70-761-Querying-Data-Transact-SQL/dp/1509304339
I would recommend practising each new topic locally so you get a feel for it. I hope this helps!
I ran into a similar conundrum. If you read the 70-461 or T-SQL Fundamentals, they have practice problems that are related. The 70-761 does not contain practice testing material.
Apart from that, it's recommended to do the more official practice tests if you decide you need one. They are supposed to be more difficult than the real test, but I do not have any experience taking the practice tests. I am thinking of trying the 762 practice test though.
I did use one other resource that was a practice test and I'll list it below, but here's a copy from my site that lists my favorite resources from when I studied for my 761.
My favorite resources:
https://www.cathrinewilhelmsen.net/2015/01/28/preparing-for-and-taking-exam-70-461-querying-microsoft-sql-server-2012/
https://www.mssqltips.com/sqlservertip/4644/sql-server-exam-70761-study-material-for-querying-data-with-transactsql/
https://www.amazon.com/T-SQL-Fundamentals-3rd-Itzik-Ben-Gan/dp/150930200X
https://www.amazon.com/Training-70-461-Querying-Microsoft-Server/dp/0735666059/ref=sr_1_1?ie=UTF8&amp;qid=1513628070&amp;sr=8-1&amp;keywords=70%3D461
https://www.amazon.com/Exam-70-761-Querying-Data-Transact-SQL/dp/1509304339/ref=sr_1_1?s=books&amp;ie=UTF8&amp;qid=1513628083&amp;sr=1-1&amp;keywords=70-761
http://www.accelerated-ideas.com/70761-practice-test-questions.aspx#.WeeTWVtSypo
https://www.mssqltips.com/sqlservertip/4015/introducing-json-for-sql-server-2016/
https://www.mssqltips.com/sqlservertip/4073/sql-server-2016-advanced-json-techniques--part-1/
https://docs.microsoft.com/en-us/sql/relational-databases/json/json-data-sql-server
https://www.mssqltips.com/sqlservertip/3680/introduction-to-sql-server-2016-temporal-tables/
https://docs.microsoft.com/en-us/sql/t-sql/queries/select-group-by-transact-sql
https://www.mssqltips.com/sqlservertip/1958/sql-server-cross-apply-and-outer-apply/
It seems like if you can put yourself into a posture for expansion in anything you deploy, do it. That goes for IP schemes, topology, etc. I doubt this network will ever expand beyond two members, but if they find some sort of need to do so I'd like to give them the ability.
There are VSS-specific command options, such as:
(config-if)# channel-group 1 mode active vss-id <VSS/vPC ID>
However, that's not required so it wouldn't seem like it would be necessary. We're proof that it works without. In fact, I followed the Cisco press deployment guide for ASA and their sample config doesn't include a VSS/VPC ID.
edit: formatting
oh boy.......
My recommendation is to start at the beginning. Get an ASA book and start working through it.
Do "show version" and see how many vlans you can do, and if it is "DMZ restricted", if it is, your options will be limited.
Cisco ASA: All-in-one Next-Generation Firewall, IPS, and VPN Services (3rd Edition) https://www.amazon.com/dp/1587143070/ref=cm_sw_r_cp_apa_i_EZRzCbZGRVCSZ
As stated, get GNS3 set up with an ASA or go buy one and set it up. then, buy this book and read it.
&#x200B;
(Cisco ASA: All-in-one Next-Generation Firewall, IPS, and VPN Services (3rd Edition)
https://www.amazon.com/Cisco-ASA-All-one-Next-Generation/dp/1587143070
&#x200B;
Master the information in this book and you will know far more than I did when i first started managing an ASA. Especially pay attention to the chapters on ACL's and Site to Site VPN/Remote Access VPN.
If you want a cert out of it, maybe pursue the CCNA security alongside this? Not sure exactly what that cert entails as I have just went the teach myself and prove I know it career path..
&#x200B;
*Edit* Don't shoot the Cisco guy! Perhaps it may be better to start with learning something like a Palo alto NGFW. I've just learned Cisco first out of necessity and the prevalence of the tech in the industry.
I too was in the same boat but just a lowly CCNA R&S! Never the less I learned. Here's some reccomendations.
Pick up this book for the new test (this one for the old test), or similar book that has a software CD with a practice test. Do the practice test. At the end of the test, it will tell you which chapters you need to study the most.
Repeat until you are able to pass the practice test easily. (And not just by knowing the correct answers from repeat questions.) The practice test in this book is slightly harder than Cisco's exam in my opinion. If you can ace it, you should be good on the exam.
The updated version is already released. Look up the 100-101 and 200-101 exams if you want to take them in 2 parts or the 200-120 exam if you want to take it all at once.
The two-part books that cover everything:
http://www.amazon.com/Cisco-CCENT-ICND1-100-101-Official/dp/1587143852/
http://www.amazon.com/Cisco-Routing-Switching-200-101-Official/dp/1587143739/
You probably don't need to build up a lab if you're going to stop at CCNA. Cisco's Packet Tracer is included with the books and you can use GNS3 to virtualize routers to practice on. That said, if you'd like the hands-on experience, feel free to grab hardware from ebay. Decent stuff to go with:
Of course, check /r/ccna
First you should be aware that Cisco is introducing new exams at the CCNA level. The 640-822 and 640-816 are being replaced by the 100-101 and 200-101. So make sure you buy study materials for the correct tests.
Suggested study guides: 1 and 2
If you can afford it, pay for CBT nuggets. It's $100 per month for access to their videos. Yes, that's a lot of money, but you get what you pay for.
You will need something to practice configuring IOS routers with. Option 1 is to find a copy of packet tracer. You'll have to figure that one out for yourself.
Another option is a program called GNS3. This program allows you to emulate Cisco routers, but you will need to provide your own copy of the IOS. Also it doesn't support emulation of switches.
Your final option would be to use real gear. For a few hundred dollars you can build a home lab that will allow you to practice everything you need for the exams. There are many pros and cons to building a home lab. At the CCNA level packet tracer is usually a better idea.
As someone else said, the second link is for both exams, so I would just go with that. Personally I like physical books, and Cisco Press has a few published that are handy
http://amzn.com/1587143852
http://amzn.com/1587143739
However, I would HIGHLY recommend going for the single 200-120 exam
Sweet, thanks for the tips!
My job provides me access to Cisco equipment, and I have the Cisco Press CCNA prep books. How true are the practice tests in the books to the actual exam?
A lot of people:
-Buy the Wendell Odom book CCENT/CCNA(http://www.amazon.com/CCENT-ICND1-640-822-Official-Edition/dp/1587204258)
-Use CBNuggets on youtube for help and explanations
-Use the program called packet tracer to work on labs
or
-Go through a two-week bootcamp that's crazy cramming
Best choice is the first option
Alright. I grabbed this book (Link) and it seems to come with a network simulator on the training DVD. As for experience with networking I don't have too much professional experience but I have lots of experience working with ISPs and telecomms as tech support and sales so I know more than average about most networking equipment and troubleshooting as is, and a gentleman I spoke to up at the test center says that the experience from those positions is definitely an advantage. I was going to go for an A+ certification but then I learned that they make next to nothing and that networking sounds a whole lot more fun. I know I love to troubleshoot and fix my own network connectivity issues and have been able to tell my ISP where the problem was occurring on their network when calling in. Hopefully our city will be hiring soon and I can get a position there. There's a motion on the table right now to have the whole downtown area networked with wifi by 2015 so hopefully that's good.
ME/EE background. The problem solving is the most important part. My strongest advice to you, which would be very echoed by this subreddit if you look at previous posts of people trying to get into networking, is to study for the CCENT. It's the fundamentals of networking (beyond the fundamentals really, it's gets into the nitty gritty on a few things)
book
HOWEVER, Be aware that the CCNA test is changing in September. This CCENT book will be out of date by that time. If you have no interest in getting certified, this book is still fantastic for the fundamentals of networking.
Which book did you use? I'm using:
CCENT/CCNA ICND1 640-822
The first half of Wendell Odom's CCENT/CCNA ICND1 640-822 guide book will give you all the information you'll ever need. It's pitched towards aspiring network engineers rather than AV guys, but I think it's all the better for that.
www.amazon.co.uk/gp/aw/d/1587204258/ref=pd_aw_sim_14_1?ie=UTF8&psc=1&refRID=8FSC1SJ4M2R6NNEXZFPS&dpPl=1&dpID=51l9hFm8Y1L
The goal isn't to get the cert, its to learn the material. The cert will come naturally.
Certs get you jobs and promotions.
Knowledge and understanding keeps you from being canned.
But yes, if they need someone specifically for networking tasks you may be ill-equipped and its important that they understand.
However, basic routing and vlans are rather simple. So, if you the aptitude for it you can probably do it. They generally only break if someone broke it.
http://packetlife.net/library/cheat-sheets/ read these over.
(Might want to buy this as well.)
http://amzn.com/1587204304
I would read the "31 Days Before your CCENT" book. Since you got a 70 I can assume you've got a firm grasp of the material. That book helped me immensely.