Friday, August 26, 2011


As an engineer, I require certifications to prove my capabilities. Yes, even the stuff I've been doing since third grade. I still need that little paper which shows I know how to do what I do. But studying for the exam can be hard some times. Mostly, I've forgotten my study skills since I graduated. But sometimes the companies behind these exams make it hard to share information about them.

CompTIA provides certifications for IT professionals, such as A+ and Security+. (ISC)2 offers the CISSP for senior managers in security positions like a CISO. Of course, all the vendors like Microsoft and Cisco also offer certifications for their products. And they all offer all manner of tools to help your earn their certificates. But have you priced out some of these offerings? And that's not for the test to get the certificate, that's for the training to get ready to take the test.

And of course these test providers work hard to make sure their tests don't leak out to the internet. Some test providers are more aggressive than others but they'd all rather you didn't reveal their exams because otherwise what would people pay for. Which I why I won't talk about specific questions. But I will talk about some basic test-taking strategy and some differences I've noticed between vendors.

Your grade school teacher was right. Get a good night's sleep and eat a good breakfast. More than that, get into a regular sleep pattern leading up to the exam. That means no staying up all night studying and definitely don't pull an all nighter just before you go in to take the exam. As for breakfast, go easy on the coffee; restroom breaks may not be convenient or even available.

Most certification exams, at least in IT, are multiple choice. I like multiple choice better because even if you don't know the answer you can improve the odds of guessing correctly. The first step, if you don't know the correct answer, is to eliminate the incorrect answers. That can usually bring your odds of guessing correctly from 1-in-4 up to 1-in-2. For example, a question about fiber optic connector types might give you SCSI, FC, micro USB, and 1.21 gigawatts as choices. As useful a measurement as 1.21 GW is, it is not the correct answer here. SCSI and USB are serial connectors made of copper, not fiber optic glass, so they can be tossed out, too. That leaves only FC, which fortunately is a type of fiber connector.

Another technique that works well when asked to choose the correct definition is to define the choices. Match up the definitions in the choices with their terms. Even if you can't match up the term you've been given with the definitions available you can often turn a shot in the dark into an educated guess.

Finally, consider the type of certification the exam is for. Security+ and CISSP are both targeted toward the IT security industry but there are major differences in their respective outlooks. Between exams with slightly different focus, similar questions can have completely different answers. Security+ is very technical, as are all CompTIA exams. There's not a lot of introspective thought required but you do need to know your systems. CISSP, on the other hand, is geared towards senior managers whose obligation is to protect the people under them. That can make responses in subjects like incident handling and disaster recovery almost mutually exclusive between the two exams.

These are just some of the thoughts I've had on this journey of certification. Your mileage may vary.