Darril Gibson

Passed this exam today, using this book as my primary resource. It's less dry than other textbooks (Gibson clearly likes his Simpsons) and it provides good coverage of the exam requirements. However I'd recommend using alongside other resources (videos, online tests) to stand your best chance

Couple of notes about the exam, don't think I'm breaking any NDAs with the below

- the questions in the book are a little easier than in the exam, but useful for getting used to the tricksy wording. Would recommend coupling with a test application (I used Pocket Prep's Android app)
- Know your acronyms! If you don't know your MTTRs from your MTBFs etc, postpone until you do.
- This gives no preparation for the Simulation based questions, try to find a resource that gives you a sense of what will be asked.
- The book doesn't prepare you for reading logs or more complex CMD line queries, a test lab or some exposure to these would be useful… (plus d'informations)

This book is concise at 375+/- pages of actual reading material. Each chapter is 20-25 pages with @20-26 practice questions. Using this as my primary study guide, and giving myself 2 weeks, I passed first time with a score @90%. I studied one chapter daily for 11 days, then performed further research the last 3 days. While not specifically in security, I work in a high-reliability, IT-related field, so most of the concepts were not new.

I felt obliged to leave a review due to the high quality of the writing. While the tech press usually has low standards of editing and authorship, this was well-written with few typos or misspellings and actually engaging. Not a single yawn! Mr. Gibson wasn't lazy in regards to redundant material. For instance, although several practice questions in a row may be similar, each practice question's correct and incorrect answers are fully explained in the context of the question, rather than being cut and paste from the previous 3 or 4 similar questions or simply abbreviated.

However, no one book will ever suffice for a test of applied knowledge. Mr. Gibson lists each of the CompTIA subject areas and then explains them concisely. In this regard, the book shows you what you need to know. Some topics such as whaling and phishing only need a paragraph or two and this book was adequate. Other topics could use their own books such as PKI, hashing, encryption, subnetting, etc. and you'll need to go out for further research.

An example of this is his port list. Ports are frequently mentioned along with their material to hammer them home, but his port cheat sheet is incomplete. As you read the book, you'll see the need for a fuller listing of common ports ALONG WITH THEIR PROTOCOL (TCP/ UDP). Make your port list an hourly mantra.

Caveat: the type of simple multiple choice question used here leads you to believe the test will be simple memorization. Few questions on the actual exam were. Most involved some application of the knowledge. For that, I ding a star. I don't believe he needs to include simulation-type questions, but rewording them in a more applied way would be better. IE - his questions on which keys Sally and Bob use to encrypt/ decrypt email are better than "Which model uses job functions to determine access?" "C. RBAC".… (plus d'informations)