I have to strongly agree with ChrisG's point. Why condone the use of these "braindumps" by allowing the Q&A's to be posted here. I mean asking about concepts and seeking knowledge is one thing, but just trying to memorize answers, What does that accomplish?

The braindumps allow unqualified people to pass an exam that they cannot do the job for. They dillute our market with Paper Certified "Experts" and give everyone a bad name in the end.

You want to get your cert? Get the books, study, ACTUALLY LEARN the concepts, not just the answers and get your cert. If you are otherwise incapable or too lazy to do that, find another industry because Information Security isn't for you anyways... one of the KEY things that makes a good Security Professional is a passion for learning and the ability to learn things on your own.

I am adament about this topic as I have recently hired 2 "Paper Certified" Security Professionals who had CEH, CPTS and CISSP certifiications but unbeknowst had used braindumps to achieve their certifications and had lied on their resumes about experience. They waisted by time, my companies money and forced me to carry their load where they were not able. Once you have experienced something like that your opinion on the topic may change...

We've already been through this a million times. it's an old topic, but I agree with both of you.

Makes me wonder a little bit about your screening process, though; you didn't discover they were only paper before you hired them? Did you give them any kind of testing?

Great thread...

It is important to have difficult questions discussed and dissected, it helps both the question answeree and the answerer.  However, there is no reason why the questions cannot be altered enough to where it would be considered a unique item.

The idea behind posting questions should be to learn more and strengthen an area that your are deficient in.  With this thought in mind altering the question would only be an issue if it was the specific question you wanted the answer to and not a similar question, which still holds the spirit of the original question.

Thangvt that is such a great idea, maybe the eh.net community could generate questions and (once we reached a descent amount) Don could create a database that would ask these questions in a randomly generated format. This is obviously just in the brainstorming phase, but something definitely worth talking more about.

This site has been amazing so far with the amount of OPINIONS you can find. And if anyone comes to a forum to find answers for a test, obviously missed large parts of school where they said even WIKI is NOT a source for tests or papers. If you want an opinion, come here. If you want an answer to a test question, read the study guide.

+1

I agree as long as the "answering" of the question doesn't violate the potential NDA served to the respondee post taking said exam (assuming the person answering actually took 'x' exam).

Answering Don's question direct:

I don't like brain-dump, learning to the exam type activity, but at the same time:

• Those that purely study to pass the exam aren't doing themselves any favours and will quickly get passed by in the industry if they don't learn beyond passing the cert
• Certifications that can be passed purely by brain-dump are intrinsically of less value that those that require more indepth testing and/or practical portions
• Businesses that can't identify paper tigers through either the interview or procurement processes will have issues regardless of what we do as a site.
• Typically members getting involved in these sorts of posts disappear fairly quickly, but there are plenty of examples of those (probably myself included) that have started out that way, but with the help of the community have grown beyond.
  

EH-Net has always (mostly) been a friendly and helpful place to study so I'd be inclined to continue to allow such discussions. The community is good at self-censorship if a member starts asking questions beyond what is deemed 'acceptable'.

From a personal perspective, if I don't agree with a topic, discussion or tone of a post, I just don't reply.

my £0.02....

Well, the first thing that a site admin would have to consider is what his visitors/members are going to think when they see those links. I can tell you that most ethical individuals would write off the site the second they saw sponsored links to dumps. Its ingrained in anyone who worked hard to attain our certs to look down on resources that make such things easier.

I'm not going to claim I havent been tempted to look at dumps. but ultimately it involves me in the exam process when i walk into the exam center, and I am trying to think, of the answer, of the process. And it makes that experience of seeing that pass screen at the end so much sweeter. I remembered walking out of the exam center thinking "I'm a CEH..." After all those posters on the EC-Council website: "Dont mess with SephStorm, hes a CEH". You dont get that after a dump I think.

As for the second question, i'll be honest, I would guess that most "whitehat"s are horrible "blackhat"s... we follow the rules, established policies and procedures, methodologies...

another more relevant point, this is not a resource that one would come to for knowledge that could be used for BH purposes, there are no zero days posted here, few tutorials that you couldnt find something similar on youtube. Look at this menu on the right hand of your screen:

"SANS Work study experience
recommended book for pentester"

this is not where I would go if I were a script kiddie or blackhat.