Friday, August 01, 2008

Certification Testing Meets "CSI"

Sometimes it doesn't take much for me fixate on topics, as my wife will willingly attest. Since reading that Pearson Vue and Cisco will begin implementing additional security measures for certification exams beginning Aug. 1.

For up to 72 hours after the exam, a forensic analysis of your test can be conducted to see if anything transpired that shouldn't have.

If it's determined that you shouldn't have passed the exam, your score will be invalidated and additional consequences may be given.

Also, all paper score reports will now include your photo and an authentication code that can be used to check your real score (after that "forensic analysis") online.

While I'm all for testing centers justifying their existence, I have to question these measures. First, I'm not sure whether it helps to put my picture on a test report that the company now won't even say is valid. Supposedly, by the time we get to the printed form, my ID has been checked and a digital copy of my signature has been collected. To how many people does Vue think I show the printed score report? If anyone asks, I'd just tell them whether I passed or failed; I wouldn't even bring up that slip that says my understanding of the OSI model is weak (that stays my secret).

Secondly, exactly what type of "forensic analysis" are you going to conduct in 72 hours? If you want to see whether I answered questions that take 60 seconds to read in only 10, why couldn't that be done while I'm still at the test station? One of the supposed benefits of computerized testing is that software and algorithms can analyze what's happening in real time (remember "adaptive testing"?) and not three days later.

I wanted to know more, so I contacted Vue and asked exactly what type of "forensic analysis" will be performed. Mark Poole, Pearson Vue's director of test security, declined to share some information due to a need to preserve the integrity of proprietary detection strategies, but he did shed a great deal of light on the topic.

"We plan to analyze a range of exam and program data for aberrant behavior," he said. "Forensic analysis will take into consideration factors such as item latency (time spent on test questions), item performance (how well candidates do on certain test items compared to others), pass/fail rates and a range of other program metrics. We also monitor Web postings and online discussion forums, and use secret shoppers to follow up on tips."

According to Poole, the analysis is done in-house using a combination of automated software analysis and human examination.

A number of other vendors are already using some of these services; there's hope that others will want to implement them in the near future.

I next contacted Prometric to find out its take on the topic and if it had any plans to roll out similar services with certification exams from Microsoft or other vendors (having stopped offering Cisco exams a while back). According to Jodi Katz, public relations manager, Prometric already offers a "data forensics" service to clients.

"Our data forensics service provides analysis of items and exams to detect and flag abnormalities in the test process," Katz said. "Data forensics looks to identify unusual response patterns, unexpected candidate behavior (e.g., ending the test early, requesting frequent breaks, skipping large numbers of items, spending an inordinate amount of time on selected items) and sudden performance improvements (both localized and universal) which can all be indicators of a potential security concern that can be investigated by a thorough review of the various files generated during a test event. Prometric maintains an extensive amount of data during each test event, including the time spent on each item, the frequency with which responses were changed and the number, time and duration of all breaks. "

I have a history of questioning the need for such test centers in today's IT environment. Given the value being added through these services, however, I think their existence IS justified. I would encourage every vendor to consider adopting similar analysis for their exams to curtail cheating and keep the certifications valuable.

Friday, July 18, 2008

Cisco Certification Changes and Additions

Cisco recently added two designations to its Data Center Specialist group of certifications: Cisco Data Center Application Services Design Specialist and Cisco Data Center Application Services Support Specialist. The support certification has CCNA certification as a prerequisite while the design option requires CCDA certification first. Each requires an additional corresponding Data Center Application Services exam.

PMI Risk Management Professional Launched

The Project Management Institute (PMI), vendor of the successful Project Management Professional (PMP) certification, is in the pilot phase of a new credential for risk management professionals. The PMI Risk Management Professional (PMI-RMP) certification is for individuals who are charged with assessing and identifying project risks and preparing plans to mitigate them.

To qualify to sit for the PMP-RMP exam, you must first meet an experience requirement of 3000 to 4500 hours, depending on your educational background, as well as provide evidence of formal project risk management education. The exam contains 150 scored questions and has a 3.5 hour time limit. Topics covered include risk communication, risk analysis, risk response planning, and risk governance. The exam fee is $670 or €555 for nonmembers of PMI. Member pricing is $520 or €430. The certification handbook can be read on the PMI website (PDF).
If you are the pioneering type, be one of the first 100 people to take the exam and receive a 50% refund of your exam price and be entered in a drawing for $1,000. You must take the exam by October 31, 2008, to be eligible for this offer.

Tuesday, July 15, 2008

Is this Enough for CCNA

A firend of mine named Tesl and me are currently working away at our CCNA, and hope to get it within the next couple of weeks. We are trying to read all the material we can get his hands on, but we are a little worried that we need to buy some more.

We are using the Sybex CCNA 4th Edition by Todd Lammle. Has the exam changed enough to justify buying the 5th edition? Ideally we don't want to have to fork out more if its not really necessary.

We've read that book through front to back three times now, twice in the past week. We've a fair bit of background in networking so feel like We've picked it up really quickly. But is that book really enough to pass with? (HWe really can't afford to buy any equipment right now).

How much of a Cisco background do we have?

Admittedly, not that much. Obviously the N+ helps and W've limited experience with simple cisco router configurations, but since We don"t have our own equipment its hard to practice. Our new job is actually not in the IT field, although we will be looking for work in the Networking/Linux field not too long after arriving in Japan.

We've spent quite a bit of the time in the past writing a lot of networking code, including a linux kernel module that altered how the OS would respond to certain TCP/IP requests (for security reasons).

Some of that was a while back though, and obviously doesn't help with things like WAN technologies and the equipment/protocols used within those. We would say that is our weak point.

What are we using to prepare for the sims (the practical element of the exam)?

Alas, not that much. More or less just what we can find online, since we don"t have access to the equipment right now. We would honestly love to hit ebay and buy some bits and pieces, but it really isn't ideal right now. Once we get my own place to live sorted out, we may buy some cisco gear and set up my own lab once in Japan =)

Have a read through similar topics on the net and take some practice tests to gauge our knowledge.

We were away for a week where we picked up that book for the first time in about a year or so, and read it twice through. Doing the practice tests on the net we are scoring anywhere between 65% - 90%. Not really good enough.

The CCNA (List of Cisco CCNA Exams: 640-802, 640-822, 640-811, 640-821, 640-801, 640-816) doesn't strike us as being difficult per se, there is just quite a wide variety of information that needs to be memorised.

Wednesday, July 02, 2008

Cheaters be Advised, Cisco Will Catch You

In a recent article on, Rick Gregory reports on new exam security measures by Cisco and Pearson VUE intended to slap the cuffs on those who attempt to cheat or compromise exam security. In addition to the candidate identification program GoCertify has reported on in the past, LINK.Cisco and VUE have implemented an impressive exam forensics program that captures and analyzes every keystroke during a certification exam, including time spent on each question and much more. The resulting log is analyzed and compared to a storehouse of data profiles that have been developed based on age, sex, country, first time test takers, exam retakers, and numerous other criteria. If something doesn't measure up, Gregory reports, the exam taker may face civil and criminal charges. See what else Gregory has to report at

Monday, June 30, 2008

Guide to information security certifications

For this update to our survey we added only one new vendor-neutral certification, the GIAC Certified Incident Manager, or GCIM. On the other side of the table, numerous items were deleted or removed. 12 full-blown vendor-neutral credentials were dropped for reasons that vary from no information available, to no visible signs of life, to a virus lurking on the program's home Web page. We can't take a security program seriously if its operator lets its website attempt to download viruses to its visitors. We also decided to drop individual Brainbench security exams, because they don't lead to certification in and of themselves, which drops the vendor-neutral count by another 5 items. We also did away with coverage of the GIAC certificate and specialist items to drop another 23 items. Thus, our total dropped item count for vendor-neutral certifications is 39. In addition, 11 vendor-specific credentials were dropped, for reasons that vary from cancellation of the program (Symantec), obsolescence of the platform (Windows Server 2000), lack of information available (Cisco IPS) or lack of substantial security content (NCTE and NCDE).

Thursday, June 05, 2008

Almost ready: OCA Linux Certification

Oracle is almost ready to go live with the Oracle Enterprise Linux Certified Administrator (OCA) certification. This certification, a stepping stone to upper-level Linux certifications to come, requires passing two exams:

  • 1Z0-402, the Enterprise Linux Fundamentals exam (which went live on March 22).
    1Z0-403, the Enterprise Linux System Administration exam (which closed beta on March 31).

Source: Almost ready: OCA Linux Certification

Monday, June 02, 2008



All About Microsoft Certification

There are more Microsoft certifications than ever, which means that choosing one isn't as easy as it used to be.

If you're considering pursuing a Microsoft certification, you may already have discovered that the number of Microsoft certifications is legion. This has come about because Microsoft has redesigned the structure of its certification program several times as it worked to come up with a sustainable, straight forward structure. However, each certification in the latest crop comes in a wide array of variations, and on top of that, the old certifications never went away, and some of them are in fact still relevant to IT professionals today. All of this makes the menu of choices a little overwhelming.

Another reason for this article is that, as of this writing, Microsoft forces you to install their new Silverlight plug in before you can view certification information, and many of us would rather not do that...

Read the full article here: All About Microsoft Certification

All About Microsoft Certification

There are more Microsoft certifications than ever, which means that choosing one isn't as easy as it used to be.

If you're considering pursuing a Microsoft certification, you may already have discovered that the number of Microsoft certifications is legion. This has come about because Microsoft has redesigned the structure of its certification program several times as it worked to come up with a sustainable, straight forward structure. However, each certification in the latest crop comes in a wide array of variations, and on top of that, the old certifications never went away, and some of them are in fact still relevant to IT professionals today. All of this makes the menu of choices a little overwhelming.

Another reason for this article is that, as of this writing, Microsoft forces you to install their new Silverlight plug in before you can view certification information, and many of us would rather not do that...

Read the full article here: All About Microsoft Certification

Monday, May 26, 2008

Exam 70-620: Windows Vista Configuration

Officially launched January 4, 2007, Exam 70-620: Microsoft Windows Vista, Configuring earns Microsoft Certified Technology Specialist: Windows Vista, Configuration certification.

The certification is aimed at technical staff having at least a year of experience providing phone support in organizations ranging from retail stores to enterprise-scale environments.

Microsoft recommends candidates have experience

  • Repairing network issues
  • Troubleshooting Windows desktops
  • Configuring security and applications
  • Repairing logon problems
  • Resetting passwords
  • Eliminating desktop program conflicts

To successfully pass the exam, candidates must demonstrate proficiency

  • Installing and upgrading the new OS
  • Configuring and troubleshooting Vista's post-installation system settings
  • Configuring security features (including user account controls, Windows Defender and Windows Firewall).

Technology professionals must also demonstrate expertise configuring

  • Network connectivity
  • Applications included with Vista (including Windows Mail, Windows Meeting Space, Windows Calendar, Windows Fax and Scan and Windows Sidebar)
  • Mobile computing features.

Further, candidates must also prove their ability to maintain and optimize Vista performance.

Read more here.

Tuesday, May 20, 2008

Vista Vulnerability Study Puts Microsoft on Defensive

Microsoft and some independent security researchers had the blogosphere buzzing Wednesday over a series of denunciations after one company claimed that Vista was more vulnerable to malware and other exploits than previous operating systems.

Late last week, a study by Sydney, Australia-based anti-virus concern PC Tools suggested that although Vista was an improvement over Windows XP in respect to system fortitude, it is more easily encroached upon by malware and other exploits than Windows 2000.

PC Tools found that for every 1,000 machines running Vista, 639 suffered from cases of malware in varying degrees. Among machines running Windows 2000, 586 were found compromised; for Windows 2003, 478.

Read the full article here: Vista Vulnerability Study Puts Microsoft on Defensive

Monday, May 19, 2008

Windows 2008 Exams On Last Leg of Development

Microsoft's Learning Group closes beta testing on several new Windows Server 2008 exams, with release soon after the software launches next month.

Windows Server 2008 rounds the corner toward release at the end of next month. And the Microsoft Learning Group, for its part, has been keeping pace with new exams that are slated to be generally available at Prometric testing centers soon after the software hits shelves. According to blog posts from Trika Harms zum Spreckel, a member of the marketing team in the Microsoft Learning Group, MCPs will see a healthy mix of MCTS and MCITP exams in the weeks to come.

The MCITP: Enterprise Administrator title, on the other hand, requires a bit more network design-based expertise and an understanding of network infrastructure in the context of the enterprise. So, Microsoft makes the bar for obtaining this title a bit higher, with candidates having to pass at least four of the following MCTS level exams: 70-640, 70-642, 70-643 and 70-620 TS: Windows Vista, Configuring or 70-624 TS: Deploying Vista and Office Desktops (70-620 and 70-624 have been available since soon after the release of Vista last year). Over on the Professional level, candidates finally have need to pass one more exam, 70-647, to obtain MCITP nirvana.

Windows 2008 Exams On Last Leg of Development

Migrating from MCSA/MCSE on Windows 2003

As it has done in the past, the Microsoft Learning Group incorporates transition exams into both Windows 2008-based MCITP tracks for MCSA and MCSE on Windows 2003 titleholders.

For those with MCSA on Windows 2003 certificates who want to upgrade to MCITP: Server Administrator, candidates need only pass two exams: 70-646 on the Pro level and 70-648 TS: Upgrading MCSA on Windows Server 2003 to Windows Server 2008, Technology Specialist, an exam that has been available since Octob er 2007.

For the more comprehensive MCITP: Enterprise Administrator, MCSAs have to pass either of the Vista exams (70-620 or 70-624), plus 70-643 and 70-647, as well as the transitional 70-648 exam.

For MCSEs taking on the MCITP: Server Administrator requirements means passing the same 70-646 exam, but a different transition exam: 70-649 TS: Upgrading from MCSE on Windows 2003 to Windows 2008, Technology Specialist (that one has also been available since October 2007). MCSEs migrating to the Enterprise-grade title take a similar path as MCSAs, but substitute 70-649 for 70-648.

Wednesday, March 19, 2008

Windows 2008 Exams Go Live

Microsoft releases three new exams for its newest network operating system in March.

Windows 2008 Exams Go LiveThe Microsoft Learning Group has released three new exams for Windows Server 2008. All three are available worlwide at Prometric testing centers. The release comes quickly on the heels of the official release of Microsoft's newest network operating system software in Los Angeles at the end of February.

  • 70-640 TS: Windows Server 2008 Active Directory, Configuring
  • 70-642 TS: Windows Server 2008 Network Infrastructure, Configuring
  • 70-643 TS: Windows Server 2008 Applications Infrastructure, Configuring

Thursday, March 06, 2008

Why not tie exams to employment?

Here’s an idea worth considering: Currently in the IT world, multiple-choice and practicum-based exams are used to authenticate your skills, give you something to put on your resume and allow your employer to advertise that they have a certain number of certified administrators/technicians/etc.

It seems to me that here’s an opportunity for employers to incorporate practicum-based exams into the actual hiring process, and for testing centers to fulfill a purpose beyond what they currently do...

Thursday, January 24, 2008

Computer Certification: 2007 in Review and a Peek at What Lies Ahead

There was plenty going on in the certification marketplace in 2007, and the industry is showing signs of emerging from the relative doldrums of the last few years. From players large to small, certification vendors kept busy rolling out new exams and updating existing ones to incorporate the latest products and technologies. Going beyond maintenance, certification vendors are exhibiting an increasing will to revitalize the perception of computer certifications by employers and certification candidates, not just through wishful thinking, but with concrete action plans. It is not clear yet, however, how strong the will is to do this and what resources will truly be put into it, so success is far from assured.

Tuesday, November 06, 2007

What happened to the good old-fashioned MCSE?

Windows Server 2008 will be released early next year. That's right...I said it, another major server OS will be released with undoubtedly more to learn! However, with this release, Microsoft is also rolling out major changes to its certification program. All of us old MCSEs are in for some big changes.

For example, the MCSE we're all familiar with is going away. Yep, you heard it, completely going away! Instead, new certification titles, like MCTS, or Microsoft Certified Technology Specialist: Active Directory Configuration or Application Platform Configuration, will be the certification de jour.

Here's an overview of the new Windows Server 2008 certification program. Specifically, it will address:
  • New changes in the Windows Server 2008 certification program
  • What you need to do to transition your Windows Server 2003 MCSE skills to 2008
  • What you need to do to go from Windows 2000 MCSE to 2008
  • Learn practical tips on what you can do now to start planning
The world's most popular certification is going through a major remodel-are you ready?

Wednesday, October 17, 2007

Novell Certified Engineer (NCE)

Novell has announced a new certification to help Certified Novell Engineers (CNEs) migrate to Linux: the Novell Certified Engineer (NCE). This isn't just a simple reshuffling of the acronym; the NCE is intended to further cement the move away from all NetWare platforms in favor of Open Enterprise Server.

To become certified, you must pass a single exam: NCE Enterprise Services (050-709). While not currently available, the exam is expected to be practicum-based and priced at $195, the same as similar Novell exams.

For those new to Novell, four courses are recommended in preparation for taking the exam:

  • Novell Networking and Services for Linux
  • Administering Novell Open Enterprise Server 2 for Linux
  • Implementing Novell Open Enterprise Server 2 for Linux
    Deploying Novell Open Enterprise Server 2 for Linux
  • For those already certified as CNEs, only the latter two courses are recommended.