.

Sybex and TestKing

<<

V...

User avatar

Newbie
Newbie

Posts: 4

Joined: Mon Jun 06, 2011 8:22 am

Post Tue Jun 07, 2011 11:36 am

Sybex and TestKing

Hello All,

New member to the board here, great forum, hope I can learn a lot from it.

I'm looking to sit my CEH in the next few weeks (v6).

I've got the Sybex Study guide and downloaded TestKing's engine (please before anyone comments - I know that braindumps aren't for learning but I feel that qualifications themselves can be farcical as holding one doesn't necessarily equate to practical ability etc and let's be honest the qualification itself is merely a tick in a box for a skillset that you already have).

I've been pressing along with both and starting to score in the low 80's with testking. I've also worked through the study guide more than once and can answer the vast majority of the review questions...however, I tried the "Bonus Exams" of which there are 2 - contained on the CD.

I can't even muster a 60% with these.

The questions are quite left-field, talking about technologies, applications and features of operating systems that aren't included in the book.

Does anyone else have any knowledge of these? Are these the typical question's I've to expect in the exam? Is testking a reliable measure of my progress against what will typically come up in the exam? etc.

Just to give a bit of background; I'm not new to networks or security. I'm a mid-level network bod with pretty extensive Cisco, Microsoft Server, VoIP and PBX telephony, Web and Security experience. I've got a decent grounding in network technologies etc therefore not totally green with regards to the technologies, vulnerabilities, exploits etc...

I'm just a little concerned at the format I should expect and how I can make this certfication go a bit easier.
<<

nicklauscombs

User avatar

Newbie
Newbie

Posts: 28

Joined: Mon May 23, 2011 9:02 pm

Location: Virginia

Post Tue Jun 07, 2011 11:58 pm

Re: Sybex and TestKing

if you're using braindumps i can't imagine why you're worried about failing......
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 570

Joined: Sat Apr 17, 2010 12:12 pm

Post Wed Jun 08, 2011 3:00 am

Re: Sybex and TestKing

I know plenty of people who have failed with braindumps. Its one of the motivating reasons I tell people NOT to use them (some dont care for the moral arguments.)

Now I can't answer your question for a few reasons.

1. Using braindumps for any reason is most likely against the Ec-Council terms of certification.
2. Its unethical. You are trying to take the certified ETHICAL hacker examination.
3. Its unethical. This forum is the ETHICAL hacker network.
4. The answers to your questions are all over the internet if you know how to look for them. http://lmgtfy.com/?q=ceh+exam+review
sectestanalysis.blogspot.com/‎
<<

V...

User avatar

Newbie
Newbie

Posts: 4

Joined: Mon Jun 06, 2011 8:22 am

Post Wed Jun 08, 2011 4:27 am

Re: Sybex and TestKing

Didn't really expect that kind of response tbh.

Firstly the EC-Council make no stipulation on braindumps, secondly I think it's a little far fetched and dramatic to call braindumping unethical. Points 3 seems moot as it's a re-stipulation of the questionable point raised in 2

Thank you for posting a lmgtfy link on CEH keywords, I don't find that to be patronising at all...  ::)

Sorry all, I must have stumbled on the wrong forum. I thought this was a community forum for those in the security industry.

Not wanting to enter a discussion about the rights and wrongs of braindumps, for me I don't see it as any different from the past papers I done to practice for university exams. Even the EC-Council are releasing their own practice exams soon  ::)

Certification is a necessary evil in our industry, I think that education and good practical experience is the key in moulding a successful professional, not the answering of a number of random questions on a given subject.

I think we all know that someone who has no knowledge and has just memorised a number of answers isn't going to be best prepared when faced with whatever task they have to do.

Not sure why you responded to my thread at all Seph, if it was just to tell me you wouldn't answer my questions  ???

Could any mods please advise if my question by its nature is against forum rules etc, as I said in my first post, I'm new to the forum. If braindumping is a taboo subject then I'll desist on posting in this thread.

Thank you

V...
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 570

Joined: Sat Apr 17, 2010 12:12 pm

Post Wed Jun 08, 2011 5:46 am

Re: Sybex and TestKing

If I may be allowed to say so, I have to say that I think you should have been more aware. You stated in your post that you understood that it was a contentious topic. I must say that any IT pro that knows about the braindump situation would be aware that most companies have policies against using them.

The CEH requires you to adhere to the EC-Council Code of Ethics. While I cannot yet confirm, I would say that braindumping is against the CoE. It may fall under the following categories:

Intellectual Property:- The exam questions and answers are the Intellectual Property: of Ec-Council.

Unauthorized Usage: These training providers are unauthorized, as is the use of exam materials. EC-Council takes unauthorized training very seriously. In fact they had a lawsuit against a former ATC for using their materials to develop their own program.

Now again, I cannot at this time confirm a restriction against braindumps, but I will contact them and find out. I would bet a lot that they will say they cannot be used, hopefully they have it in writing. I can tell you that someone posted on the EC-Council forums looking for braindumps... lets just say that they were not well received.

In addition I believe that testing providers vue/prometric have clauses in their contracts that you sign saying that you have not used such materials.

A practice exam is WAYYY different than official exam questions and answers. I doubt you'll find anyone here or on most legit forums who will sympathize. Sorry to tell you but braindumps are nearly universally hated. And there are good reasons for it.
sectestanalysis.blogspot.com/‎
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Wed Jun 08, 2011 7:57 am

Re: Sybex and TestKing

V... wrote:Sorry all, I must have stumbled on the wrong forum. I thought this was a community forum for those in the security industry.


Yawn. What you stumbled upon is a forum for those in the security industry who are "up and comers" and are learning and sharing information to make themselves stronger professionally, not solely to pass an exam. There is a difference. Most here share information about their experiences so that other peers (normally their juniors) can understand security as a practice not a thesis slash theory.

V... wrote:Certification is a necessary evil in our industry, I think that education and good practical experience is the key in moulding a successful professional, not the answering of a number of random questions on a given subject.


Then why bother taking an exam? Certifications have become bastardized because of far too many people memorizing books, taking exams, slapping a professional title behind their name while not understand an iota of a subject. This is what is synonymous behind the types of answers you will receive when using words like: "brain dumps" to others who dedicate time out of their lives to become true security professionals as opposed to "professional test takers."

V... wrote:I think we all know that someone who has no knowledge and has just memorised a number of answers isn't going to be best prepared when faced with whatever task they have to do.


Again I ask, then why bother with the brain dumps? In your previous post, you state:

V... wrote:I've been pressing along with both and starting to score in the low 80's with testking. I've also worked through the study guide more than once and can answer the vast majority of the review questions...however, I tried the "Bonus Exams" of which there are 2 - contained on the CD.

I can't even muster a 60% with these.



Then the answer and solution is simple, you need to go back and understand slash study the content you're failing on. 60% is really and personally, I wouldn't aim to take any test unless I can average above 95% through at least 5 practice exams or better. This to me states that I understand the core of it while am likely failing at little tidbits like verbiage. The reality for me is, the 5% of the questions I do fail at are not because I AM wrong, but because I view security differently and could have likely written a better question. Not being arrogant, just being truthful.

V... wrote:Could any mods please advise if my question by its nature is against forum rules etc, as I said in my first post, I'm new to the forum. If braindumping is a taboo subject then I'll desist on posting in this thread.


Braindumping is and will forever be taboo to professionals. You need to think outside of the box so here goes an analogy... "An intern is failing with an average of 60% throughout his or her tests. In an effort to hurry their life/career, they shoot to memorize every imaginable concept/term/idea/theory in order to pass 'that one exam.' After trolling slash searching for answers, they come across the 'gold' they'd been searching for. They take the test, smoke the exam, after all they did memorize everything they could. They're now a doctor - after all, what do you call a doctor who comes in last in their class... a doctor."

Would you want this to be your doctor? Do things like malpractice, etc., come into play? Do you think this would be an effective doctor or a prescription factory doctor who will simply tell you: "Take two of these...", "didn't work? Try two of these then..."

Same holds true for security. Many of us on this forum love and respect the industry we're in. Many of us loathe people for taking "the easy way out." We loathe it because it creates a devaluation of our profession, what many have worked hard to accomplish slash achieve: A piece of paper that states: "We know what we're doing" at least that is what a certification USED to mean. Nowadays because of braindumping, we see "professionals" via way of a title with zero knowledge and or experience. That paper, was only made possible because of moronic brain dumps.

Moderator? Me? Not one, but I think you will find that out of anyone else here, I will call it how I see it without the BS. I am also probably one of the top 10 experienced professionals here with or without a certification. Suggestion... Learn it the right way without the use of braindumping. Otherwise, you're cheating and lying to yourself, your potential employer and other professionals who hold the cert you're aiming to pass.
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Wed Jun 08, 2011 9:02 am

Re: Sybex and TestKing

Hey V...,

We believe in free speech here, so I have no rules against this type of post and won't delete it. About the only thing I delete are blatant SPAM posts. On the other hand, free speech goes both ways as the members have every right as well to reply in the way they feel.

So without getting into the braindump argument, let's answer your question.

In all honesty, you answered your own question. If you "can't even muster a 60%" on the questions, regardless of their source, either the questions are innacurrate or you need more study time (or both). The CEH is not a hard exam. Self-study is an economical way to go. There are plenty of CEH specific books that can help in addition to the Sybex one you're using.

In the study of any exam, I always recommend using multiple sources of information. That way you not only can fill in gaps where some materials are lacking, but you also get concepts explained by different authors in different ways.

Also, don't limit yourself to just CEH materials. Try books in the field such as Hacking for Dummies by Kevin Beaver, Counter Hack Reloaded by Ed Skoudis and Professional Penetration Testing by Thomas Wilhelm.

If you're still not getting the concepts, then maybe back up a little and study security on a broader scale with something like Michael Gregg's Build Your Own Security Lab.

People learn in different ways. So maybe you need a class and not just books, self-study and your own lab for practice & understanding of how things really work. Boot camps can be expensive, but there are always ways around that. Try some more inexpensive online courses or video series.

On a personal note, try not to cut down all of the professionals who are actually trying to help you with your career and not just pass an exam. It may sound harsh and worthy of criticism, but most techies I know (myself included) speak directly. Some take that as harsh. We take it as cutting through the BS. In the end, we're truly helping you.

Good luck & I'm looking forward to hearing of your progress,
Don
Editor-in-Chief
EH-Net
CISSP, MCSE, CSTA, Security+ SME
<<

V...

User avatar

Newbie
Newbie

Posts: 4

Joined: Mon Jun 06, 2011 8:22 am

Post Wed Jun 08, 2011 10:48 am

Re: Sybex and TestKing

Don,

Thanks for the reply, I'm sure I'll find my way eventually.

I was really only posting to gauge the content of what I was studying in relation to what to expect in the exams. It seems crazy that on other threads  people talk about exam format and books etc they used to get there but an almighty flaming ensues when the b* word is raised.  :D

It almost seems like it hits a raw nerve with some posters, maybe those that "doth protest too much"

I have been dancing around the CEH for some time now, I started studying security some time around 2000 and have been involved comercially in security projects, drafting a security policy, have experience with Cisco PIX, ASA's, Bluecoat proxies, Juniper Firewalls, Nokia Checkpoints etc.  I want to adapt my career towards pen-testing and eithical hacking, CEH certification seemed like the next logical step especially after being hit by redundancy almost a year ago.

I'm a qualified CCNP and yes I did get there with the help of braindumps however I have to say that out of a practice pool of 600 questions on the routing exam, not one appeared on the actual exam  :P

This is partly what my OP was based on - relevancy of testking and sybex questions to actual exam questions.

To the critics of brain dumps, I would defy anyone to state that I'm an any less capable a CCNP than any one of my counterparts. I have over 5 years experience working with organisations such as IBM and HP to prove that.

I'd like to apologise to anyone that my post offended, although I still don't actually see the issue myself. My purpose was never to enrage anyone.

I'll let you know how I get on in the exam.

Thanks for the response.

V...
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Wed Jun 08, 2011 11:17 am

Re: Sybex and TestKing

Study hard, and you will succeed. There's no shortcut to some certifications like OSCE  :) Except knowing the answers of course, but that would be cheating  ;)

V... wrote:Certification is a necessary evil in our industry, I think that education and good practical experience is the key in moulding a successful professional, not the answering of a number of random questions on a given subject.


Some certifications like OSCE, will challenge your skills to the limit. They are not necessary evil, as the courses that follow them, teaches you what you need to know in order to pass them. With OSCP, you need to have a good baseline within Penetration Testing. With OSCE, you need a good foothold within Exploit Development and Advanced Exploitation + Penetration Testing mainly.

Recently I passed a GPEN practice exam with 77% without studying, and a GWAPT practice exam with 80%, also without studying. (Both are 150 questions, multi-choice, I completed both in ~2 hours out of maximum 4 hours.)

So it is possible to become certified without studying, even though for GPEN which I passed most recently with 87%, I did study to increase the 77% I initially received. For GWAPT, I would probably study as well, to improve my score on areas where I might be confused with the terminology GIAC uses. (Different people, organizations and corporations can use the same word, where it doesn't mean the same.)

In your case, I would study the CEH material. I know it's A LOT, but take it as a learning experience. You want to become CEH certified? And become even better within Information Security? Well then you need to study hard as well, even the less interesting theoretical topics, such as how NTLM works, which I had to as well while I was preparing for GPEN. (I forgot it afterwards ;D )

Good luck with your CEH certification, and don't think as certifications as necessary evil. Except in some countries where you have to be certified within some organizations. Take all certifications and courses behind, as a learning experience making you a smarter and better pentester, security manager, or whatever role it is you're going for or already doing.

Think of a certification as a cool add-on to yourself.
I'm an InterN0T'er
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Fri Jun 10, 2011 8:08 am

Re: Sybex and TestKing

My route for passing the CEH was reading the courseware. That's really the only study method I used for the exam. Any other experience didn't really come into play as most of the required answers came from following the course books.

My advice would be to read the objectives and study based on those. There are numerous posts here saying they had questions come up that are not in the objectives (and EC-Council is supposed to be fixing that) so be prepared for that as well. The Sybex book basically takes this route of going through the objectives and giving you just enough information. I never tried the practice exams so can't speak for their content or accuracy.
<<

Joshsevo

User avatar

Sr. Member
Sr. Member

Posts: 281

Joined: Tue Dec 29, 2009 11:00 pm

Post Tue Jun 28, 2011 1:15 pm

Re: Sybex and TestKing

my question is how can I get the experience when I can't get even loked at without having a cert or two.  The way to get the certs is to study by any means and then get the practical experience from there.

My problem learning is I need to be walked through how something initially begins or how to enter the data in that the software/hardware is looking for.  I'm not a computer nerd to where that's all I do everyday, day in day out.  (maybe I should but time behind the saddle will help this).

So I understand where the OP is coming from about braindumps.  even though I have never used one or even know where to find them..or even know what they are....But I think I know what they are just from the conversation.
Security+, Network+, C|EH, CHFI, CPT
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Tue Jun 28, 2011 10:47 pm

Re: Sybex and TestKing

How's this for creating your own experience... VOLUNTEER!!

1. Volunteer for a non-profit
2. Get some other IT job and slowly work your way into more security-related duties. This is another form of volunteering.
3. Volunteer your own money for your own training and your own lab. The best investment is in yourself, especially if it for career advancement which in turn makes you money. $100 in books, $300 laptop for a cheap lab and an internet connection for research. This is a tiny investment for a career that can last a lifetime.

This way, even when going for a junior position or even an internship, you can speak with authority and confidence on the topic for which you want employment.

Some other free ways to get your foot in the door include going to local meetings. The best way to get a job is if you know someone. So go meet someone in the infosec field. Buy them a drink and pick their brains.

These any many other pointers can be heard in my talk "DIY Career in Ethical Hacking." Good thing I made the slide deck and 2 versions of the audio available for free. Check them out:

http://www.ethicalhacker.net/content/category/7/15/24/

Hope it helps,
Don
CISSP, MCSE, CSTA, Security+ SME
<<

El33tsamurai

User avatar

Full Member
Full Member

Posts: 219

Joined: Sat Feb 03, 2007 4:01 pm

Post Wed Jun 29, 2011 12:06 pm

Re: Sybex and TestKing

Back to those sites the way you should look at it is if you say you have the certifications and get the job.  Then can't produce what these certifications say you can, they will fire you.
CCENT, A+, Network+, Security+
<<

Joshsevo

User avatar

Sr. Member
Sr. Member

Posts: 281

Joined: Tue Dec 29, 2009 11:00 pm

Post Wed Jun 29, 2011 1:49 pm

Re: Sybex and TestKing

It's not something I am going to do.  I already have the materials (books,videos) for the CHFI, and then I am taking the CEH/CPT through info Sec.  Class has already been paid for and I am now just waiting on the class to being.  AUG 28-Sept 2.
Security+, Network+, C|EH, CHFI, CPT
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 570

Joined: Sat Apr 17, 2010 12:12 pm

Post Sat Jul 09, 2011 8:01 am

Re: Sybex and TestKing

Good luck, the intense school program is good, if you practice with the main tools you'll do fine. (on the CEH, I havent taken the CPT yet.) :)
sectestanalysis.blogspot.com/‎
Next

Return to CEH - Certified Ethical Hacker

Who is online

Users browsing this forum: No registered users and 2 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software