John Kirk's Reviews > Security+ Certification Training Kit

Security+ Certification Training Kit by Microsoft Corporation
Rate this book
Clear rating

's review

it was ok
bookshelves: computing

I bought this book in Nov 2004, and I've made a few attempts at reading it over the years but I always got bogged down in chapter 1. (That chapter talks about putting a dollar value on various aspects of the business, e.g. intellectual property: I can see why that might be necessary, but it's not an IT skill.)

I finally made an effort to get through it (in March/April 2016), and the rest of the book is a bit better. Obviously it is a bit dated now; for instance, it only talks about WEP because it was published before 802.11i brought in WPA2. Also, it refers to the first edition of the Security+ exam (SY0-101) and we're now up to the fourth edition (SY0-401). Still, I won't fault the book for that, and a lot of the general principles are still relevant (e.g. least privilege).

Unfortunately, even taking it as a product of its time, it's still not great. It definitely goes for breadth over depth, so it mentions various topics (e.g. buffer overflows and SQL injection) without actually explaining how they work. That may have been good enough for the exam syllabus, but I prefer Mike Meyers' approach where he goes beyond the exam to actually teach useful information. If you already know about those topics then you won't learn anything new from this book, and if you don't already know about them then this book will just make you vaguely aware that they exist.

There are some parts of the book which are badly written. For instance, on p174 it refers to both "802.11x" (using x as a wildcard for various amendments) and "802.1x" (referring to the specific 802.1X standard). That is needlessly confusing! Then there are other parts which are just flat out wrong, e.g. when they say that 802.11a uses the 2.4 GHz band. (It actually uses the 5 GHz band.)

I'd also argue that some of their advice would make you less secure. For instance, they talk about Trojan malware (which pretends to be a legitimate file) and they talk about using hashes to verify files. However, they also tell you to download particular programs from the internet without specifying a source or a hash! If you download and run a file solely on the basis of the filename then you may not get what you expected.

When I got to the end of chapter 11, the ending felt a bit abrupt: it just went straight into appendices. I realise that this isn't a novel, so I shouldn't expect a grand climax to the story. However, after I've slogged my way through the entire thing I'd like to just see a short page that says "Well done, now you're ready to take the exam!" Something similar to the "Game over" messages that I used to see on computer games in the 1980s. Frankly, I feel that I've earned it.

Having said all that, there are a few useful bits of information in here. I particularly liked the section on physical security for server rooms, and I will look up some of the other documents that this book mentioned (e.g. the NIST 800 series).

Also, while this may be damning with faint praise, the publishers did a decent job with the physical binding. The pages are printed on thick paper so I didn't have to worry about tearing them, and none of them came loose from the spine even when I carried the book around in my bag for a month.

Sign into Goodreads to see if any of your friends have read Security+ Certification Training Kit.
Sign In »

Reading Progress

June 16, 2015 – Shelved
March 15, 2016 – Started Reading
April 12, 2016 – Finished Reading
November 16, 2016 – Shelved as: computing

No comments have been added yet.