Review: EC-Council’s iLabs Platform

Glenn Norman

I’ve been trying to bring “hacker” training to UNM for over ten years without much success. Only in the past two semesters have I been able to run an Ethical Hacking class based on the CEH, but where my past efforts didn’t bring students, the CEH did.

Red Team work has long interested me, likely because years of managing high-traffic websites left me with lots of scars and an urge to fight back. There are some interesting programs: the OSCP, GIAC certifications, and the CEH probably make up the short list. I’m highly interested in the GIAC certs, but man are they expensive. The OSCP from Offensive Security is the real hardcore hacker’s cert, even if most HR people haven’t figured that out yet. The CEH, on the other hand, is widely recognized by HR but doesn’t enjoy quite the same purists’ esteem.

So I approached Jay Bavisi online, and he connected me with ECC VP Eric Lopez and ECC University VP David Oxenhandler. Eric and David met with me to talk about marketing ECC courses and materials to UNM administration, and gave me a stack of books two feet high – and an account on ECC’s online training platform, iLabs 2.0. I’ll have more to say about specific books and certs, but here I’m going to talk about iLabs itself.

By now almost every teacher has dealt with a few learning management systems (LMSs). My list includes build-it-yourself platforms like Blackboard, Moodle and WordPress LMS; ready-to-go courses on sites like Udemy and Coursera; and some great pre-built platforms for building tests and courses like Mettl and Braincert. They all have a lot in common in terms of features and interfaces: videos or scenarios to play, guided exercises, mostly textual interactions (if any) with the instructor and other students.

I’ve also been spending a lot of time on hacking sites like root-me.org and HacktheBox, which are very different from the LMSs. The best of them fire up virtual machines for students to practice on, which is a lot more realistic than the guided walk-throughs most LMSs offer.

iLabs merges these two models. ECC has given me permission to share screenshots from that environment, so let’s do a walkthrough, starting from the login page.

iLabs Login
iLabs Login

I received a welcome email with instructions on setting up my account and using an Access Key to start running the course materials. My key got me into the CEHv9 course. Remember that the CEH is transitioning to version 10, so there will be some differences in the newer version.

iLabs Tab: My Training
iLabs Tab: My Training

From here I had four tabs to choose from: My Training (the current screen), My Transcript, Courses and Contact.

iLabs Tab: My Transcript
iLabs Tab: My Transcript

My Transcript showed that at the moment, I had basically completed no training (at least on this platform). No surprise. I can see this being useful once I’ve studied a few more certs.

iLabs Tab: More Courses
iLabs Tab: More Courses

The Courses tab takes us to a Course Catalog that will immediately made my mouth water: Advanced Penetration Testing, Incident Handler, Forensics Investigator. It’s a lineup that’s grown dramatically, and seems aimed directly at GIAC. Yes, I tried getting into other courses (hacker!) and that wasn’t possible, at least without making myself a nuisance instead of a guest. But now I have an appetite for more.

Going back to the Courses tab, I clicked on the Certified Ethical Hacker – CEH v9 link, and arrived at the summary page for the program.

CEH Course Activities List
CEH Course Activities List

These are the familiar sections of the CEHv9 training. Clicking the Launch button takes us to a preliminary test of our system, then lets us launch the actual test lab. Clicking the button opens a new window while our test environment is launched.

iLabs: Starting the Lab Environment
iLabs: Starting the Lab Environment

Module 1 is all about learning to use the iLabs platform, and provides a walkthrough of the interface’s features. It’s an information-intensive environment, so pay close attention at this stage. There are a couple of places on every screen that may offer tips; learning where to look helps a lot once we’re doing active work.

iLabs: Lab Orientation
iLabs: Lab Orientation

Next, in this and all Modules, comes a couple of screens of information: Objectives and the lesson Scenario.

iLabs: Module Instructions
iLabs: Module Instructions

Clicking through the Information screens takes us to the first virtual machine we’ll use, a Windows Server 2012 instance. Choose the Machines tab and click on Windows Server 2012, if it’s not already selected.

iLabs: Virtual Machine Ready
iLabs: Virtual Machine Ready

We’ll need to locate the Commands menu at the top of the screen in order to log into the VM. It’s not clearly labeled; look for the lightning bolt at the top of the scroll bar on the right. It pops open a dialog where we can send a Ctrl-Alt-Delete to get a login form.

We’ve got an amusing choice here: use the Commands menu, click Type Text, then click Type Username; or click in the Machines tab on the username; or type it into the form ourselves. Do aspiring hackers really need this much hand-holding? Probably not, but this feature is also likely just an element of the LMS. Choose a method, and enter the username and password.

The next screen comes up every time we open this VM, which is just a result of starting an absolutely fresh installation. Obviously we don’t need to set up the whole server, so simply cancel the dialog.

iLabs: Server Setup
iLabs: Server Setup

Notice that the bottom of the VM’s screen is cut off on my 15″ laptop monitor (1366×768). Checking the available resolutions, I found it’s already at its lowest option, 1024×768. While this isn’t a big deal, it is a bit annoying to have to scroll to see everything. I couldn’t find a setting to resize the VM window, but the interface is complex enough that I may have missed it. (Let me know below if you find it.)

iLabs: Starting Firefox
iLabs: Starting Firefox

Next comes opening Firefox. This requires telling Firefox that we don’t want to update to the latest version. Why? Because the VM is running an older version that supports the outdated Firebug plugin. I expect that the version 10 course will use a newer utility that works in current versions of Firefox (as I mentioned, this is the now-retired version 9).

Note the instructions in the blue box at the bottom of the screen, which direct us to enter the target website’s URL (which is not an actual online domain).

iLabs: Moviescope.com
iLabs: Moviescope.com

Once we’re on the Moviescope site, open the Firebug console. Firebug, by the way, has since merged into the Firefox Developer Tools. In the lab, some Firebug features won’t work, but clicking through the interface tabs does for the most part. And of course the functions Firebug offered are still available in Firefox, so in real life you don’t have to stick to an old version of the browser.

iLabs: Firebug Error
iLabs: Firebug Error

The instructions steer us to the HTML inspector in Firesheep, and into the scripts present on the page.

iLabs: The Debugging Environment
iLabs: The Debugging Environment

Click to expand one of the scripts and it gives up its code.

iLabs: Moviescope Javascripts
iLabs: Moviescope Javascripts

After taking this quick look at the scripts the lab points out that these visible scripts are ripe for the plucking. Then the Module starts us into another software installation.

CEH Tools
CEH Tools

The CEH has a heavy concentration in hacking tools, and candidates are expected to be familiar with the functions of quite a few of them. This is where this LMS shines: we get to set up, run and see the output of these tools on a live VM system. When I studied for the CEH, everything I worked with was text and slideshows. I’m a geek and an instructor, so I went out and got, installed and tried out every tool that was mentioned (this took a LONG time), so it’s nice to see that this course puts the tools right in my hands.

Drive E: has a tasty little stash of software we’ll be using. In this case, we’re steered to the Web Data extractor, which we install and run.

Web Data Extractor
Web Data Extractor

“Web Data Extractor Pro is a web scraping tool specifically designed for mass-gathering of various data types. It can harvest URLs, phone and fax numbers, email addresses, as well as meta tag information and body text. Special feature of WDE Pro is custom extraction of structured data.” – http://www.webextractor.com/

Our target web site is small, so the scan completes quickly. When it’s done it lets us know.

Web Data Extractor - scan complete
Web Data Extractor – scan complete

Now we can dig through the results, which are excellent for Reconnaissance-stage hacking: one scan saves us the trouble of digging around for the target’s email addresses, phone numbers etc.

Web Data Extractor - scan results
Web Data Extractor – scan results

After some discussion, we’re led to another installation, this time of the WinHTTrack Website Copier.

iLabs: Installing WinHTTrack Website Copier
iLabs: Installing WinHTTrack Website Copier

“HTTrack … allows you to download a World Wide Web site from the Internet to a local directory, building recursively all directories, getting HTML, images, and other files from the server to your computer. HTTrack arranges the original site’s relative link-structure. Simply open a page of the “mirrored” website in your browser, and you can browse the site from link to link, as if you were viewing it online.” – http://www.httrack.com/

iLabs: Starting WinHTTrack Website Copier
iLabs: Starting WinHTTrack Website Copier

Once we’ve chosen a project name, we can review the configuration.

iLabs: Configuring WinHTTrack Website Copier
iLabs: Configuring WinHTTrack Website Copier

So bang, click OK and turn it loose. When it’s done it’s not completely clear what you’re supposed to do. From the Index of Projects page, click on the only one: our Test Project

iLabs: Scan Results WinHTTrack Website Copier
iLabs: Scan Results WinHTTrack Website Copier

Now we can click through pages and examine code without waiting for the live site to load them for us.

iLabs: Examining the Copied Site
iLabs: Examining the Copied Site

After some discussion and examination, we’re shown out the door to this Module and back to our summary screen: Status Complete. From here we can scroll down and launch Module 2, Scanning Networks. We can’t, however, skip ahead. We’ll have to run the Modules in order. After doing each one, we can go back and review.

iLabs: Post-Module Summary
iLabs: Post-Module Summary

This is only the top of the page…

iLabs: 17 Modules
iLabs: 17 Modules

…there are a total of 17 Modules to work through. Most of them run between a half hour and 1.5 hours.

iLabs: CEHv9 Module 2
iLabs: CEHv9 Module 2

Going forward, we get to use more real VMs, not just Server 2012. Module 2 takes us straight into doing network scans in Kali (oh fun!). We’re not playing with a simulation, either. This is live practice on real machines.

Learn On Demand Systems
Learn On Demand Systems

By now it should be pretty clear that I really like the environment. If ECC had built it themselves I’d be amazed, because it’s such a large-scale project. Fortunately they did what any smart IT person does, namely finding the best and latest tech that currently exists. (You don’t try to re-create YouTube when you want to stream videos, do you?)

The ECC iLabs system is an instance of the Learn On Demand Systems (http://www.learnondemandsystems.com/) environment. They bill their product as “Experiential Learning Solutions,” and the name fits. This LMS isn’t just boring slide shows and droning videos; it’s real hands-on practice.

I should point out that iLabs is just one part of an ECC training course. ECC also provides a huge stack of printed material for the CEH and their other courses. But I’ll review that in another article and tie this review up for now.

Let me end by suggesting that this is a whole new game for the Certified Ethical Hacker credential. ECC has put huge work into updating the cert, as I’ve seen from brief looks at v10 materials. And the CEH is the pen testing/auditing cert that’s most recognized, and most requested, by the recruiters who are looking for my students. I feel pretty good about the prospects for bringing this cert to UNM, and attracting both current CS/MIS students and adult professionals. You’ll hear how it works out right here. Good luck!

Review: CompTIA® A+ 220-901 and 220-902 Cert Guide, by Mark Edward Soper (2016)

Here’s another in my series on reviews of the textbooks I use to teach my classes. In this case it’s an A+ text from Pearson with some pretty nice online value-adds.

CompTIA® A+ 220-901 and 220-902 Cert Guide, by Mark Edward Soper

Copyright © 2017 by Pearson Education, Inc.

ISBN-13: 978-0-7897-5652-7

ISBN-10: 0-7897-5652-8

Early study materials for the A+ were rough and ready, often terse little volumes that assumed a lot of foreknowledge. We’ve come a long way in the 13 years I’ve held, and later taught, this certification, to the point that you can find great material in book, ebook and online course formats, covering a lot of learning styles. Mark Soper’s CompTIA® A+ 220-901 and 220-902 Cert Guide is an in-depth Cert Guide, in Pearson-speak, as opposed to their usually shorter, drill-oriented Exam Cram series. I’ve taught both formats and generally prefer the greater detail of the cert guides, but I was impressed by David Prowse’s Exam Cram ebook on this same topic.

The “value added” materials have been getting better too. Most publishers have long offered CDs with test and study materials. But as optical drives have been going out of style while online storage has come on strong, I’m seeing almost everyone leaving the CD behind, and using the CD sleeve in the back of books for a slip of paper with an Activation Code, as this book does. I initially thought, Oh, there go the goodies, but I’ve found the reverse is true. More on this below.

Prose style really matters, too. My students make loud noises if reading the text gives them headaches, which magically transfers the headaches to me. From an earlier review:

When it comes to highly technical books, there are plenty of them that are written by committee, and read like it. I’ve got nothing against a dry, factual style, but my students seem to be more willing to read single-author books with a breezier prose style. [Prowse’s] book falls into the second category, and has the kind of comfortable, personable text that makes reading 982 pages a lot less of a chore. By comparison, the 901-902 text by Mike Meyers runs 1472 pages of chatty first-person conversation, while the text from Docter, Dulaney and Skandier is 1312 pages of formal discussion (what did I say about writing by committee?).

The previous edition of this Cert Guide was written by Soper, Prowse and Scott Mueller, and was my text of choice teaching my A+ 801-802 classes. It ran to 950 pages of text, plus end material (and included a CD). In the current edition, Soper goes it alone while Prowse works on the video course and the Exam Cram book, and Mueller apparently works on the 23rd edition of his amazing Upgrading and Repairing PCs series. I wondered if the quality would suffer or improve, and if the character of the book would change, but Soper keeps up the really excellent written material thickly scattered with high-res grayscale photos, screen shots and key topics tables. Possibly to the down side, the book now contains about 1150 pages of text, plus end material. It’s still one of the shorter texts, but they are all becoming behemoths.

I have to say I like Soper’s prose. He sticks to shorter sentences and obviously has a talent for stating things clearly. There is a minority among my students who like the more chatty, informal and sometimes funny language of Meyers, but they have to be willing to make a 1500-page commitment to that book.

Chapters are laid out clearly, and divided into topics with plenty of illustrations. Every book on this topic has to decide how deeply to descend into details. Do students need to know the specifics of the latest upcoming Intel memory controller topology? The hard-core geeks are going to love it. Others are going to find those details quickly obsolete, but do need to understand how the once-literal North and  South Bridges are now mostly theoretical, with chipsets doing all kinds of things differently.

What really matters is that the materials match up to the A+ test objectives, which this book does quite well. Ending each chapter are the Exam Preparation Tasks, which include memory tasks like definitions alongside exercises like using diagnostic tools to research hardware details and upgrade options. Then come Review Questions, with Answers and Explanations conveniently following. The explanations are nice, because they’re really explanations, unlike too many of the ones I see on sample tests.

One of the biggest changes for the new certification is the much-changed list of operating systems covered. XP is out, finally, but Vista lingers on, along with Windows 7, 8 and 8.1. Windows 10 is not covered. But OSX is getting a lot more discussion, which matches the workplace I see, mostly Windows but with a contingent of determined Mac users.

Here, each book handles this differently. The Exam Cram splits OS topics out among the main test topics, so there’s not one place that solely discusses Windows 7, for instance.

Docter, Dulaney and Skandier do the opposite, with 50-60 page chapters on each major OS, which might be a good idea for organization, but leads to a lot of duplicate discussions of installation and deployment, for instance.

In this book Soper manages to cover the same detail in about 35 pages each for the OSX/Linux chapter and the iOS/Android chapter, with less obvious duplication. Depending on whether you’re using the textbook later as a reference (go with duplication) or as a learning tool (don’t torture me when I have to read the whole book), this book may be the best option for students.

The most important work students can do for certification exams is taking lots of sample tests. There are resources online, of course, and many are quite good. Brain dumps, on the other hand, are worse than useless because they’ll mislead you or invite you to believe wrong answers. Note that tests and questions provided by real CompTIA Authorized Partners (like Pearson) tend to be much more realistic and closely aligned with the actual test questions, for instance the frequent use of scenario questions. There are lots of practice sites and sources of sample questions online, and students should use them – with a healthy awareness that sometimes these questions are wrong: wrongly worded, contradictory or just plain far off topic. Once you’re so advanced that you can spot these errors, generic online practice tests can be useful for learning to spot B.S.

Getting access to Pearson’s online materials takes a few steps, but isn’t any harder than registering for Facebook. You’ll download the Pearson test engine, fire it up, and use the Activation procedure to get and install the sample tests for this book. There are a total of four tests, which you can further tune to concentrate on questions by chapter/objective. Mix and match until you’ve seen every question several times. I always recommend saving at least one of these tests as a final proving challenge before taking the real certification exam; if you can ace a test you haven’t seen before, you’re likely ready for the real test.

Back in the book, there are also some memory drills, but the nicest value-add-on is the three hours of video you can watch from Prowse’s video course. They are highly worth the investment in time, I guarantee.

So I come to the things that matter when I choose a text for my A+ classes.

First, the price. At $60 this book isn’t cheap, but it’s not stratospheric for a college-level text either. Its main competitors are in the $50-60 zone.

Next, does it align closely with the CompTIA A+ Objectives? This book covers them without going in-depth on topics or technologies that will never show up on the test.

Then, how long is it? 1000 pages is tough, and 1500 pages is a huge task for my students, but few books in this area are smaller. At least this one is on the light end of the scale.

Finally, what’s it like to read the actual prose? Does it sound like it was written by an engineer or a  lawyer, or is it more like a friendly discussion of interesting technology? Soper does very well in this area.

Ultimately, you can’t go wrong with this book. All by itself it’s good; with the online materials it’s top-notch. I’ll be trying it out in my next round of classes.

Disclaimer: Obviously I am a teacher, working with two major universities and many smaller clients. Some of the books I review are provided by my employers, but many of them come to me directly through my reviewer accounts with Pearson, Microsoft and Cisco (as this book did). They all know that sending me books is no guarantee mercy on my part.

* * *

[ Book Review ] :: A+ Exam Cram from David Prowse, eBook Version

This July 1st (2016), the CompTIA A+ certification rolls over to the 901-902 version, with some pretty significant changes to the test materials. I’ve been evaluating books for my upcoming classes, and decided I’d try out not just different publishers’ offerings, but different forms of the media. As an instructor, I’ve relied heavily on physical books to run my classes: they’re marked up, dog-eared and riffed with sticky notes for points I want to hit in class. Could I do as well with an eBook?

 

Pearson hooked me up with an epub version of this Exam Cram, written by David Prowse. I’ve been in this business for many years – and so has he. His materials are pretty darn good, including an online A+ training course I had the opportunity to preview (and review). When it comes to highly technical books, there are plenty of them that are written by committee, and read like it. I’ve got nothing against a dry, factual style, but my students seem to be more willing to read single-author books with a breezier prose style. This book falls into the second category, and has the kind of comfortable, personable text that makes reading 982 pages a lot less of a chore. By comparison, the 901-902 text by Mike Meyers runs 1472 pages of first-person conversation, while the text from Docter, Dulaney and Skandier is 1312 pages of formal discussion (what did I say about writing by committee?). Prowse gets one point for good prose style and one for shortest length, which does in fact matter.

 

One of the biggest changes for the new certification is the much-changed list of operating systems covered. XP is out, finally, but Vista lingers on, along with Windows 7, 8 and 8.1. Windows 10 is not covered. But OSX is getting a lot more discussion, which matches the workplace I see, mostly Windows but with a contingent of determined Mac users. The three texts I reviewed handled this issue differently. This Exam Cram splits OSs out among the main test topics, so there’s not one place that solely discusses Windows 7, for instance. Docter/Dulaney/Skandier do the opposite, with 50-60 page chapters on each major OS, which might be a good idea for organization, but does lead to a lot of duplicate discussions of installation and deployment, for instance. In my reading all three texts ended up covering the same materials for each OS, because the CompTIA A+ Objectives are so clearly spelled out in this area. Frankly, I kind of like the way Prowse handles things, discussing the topic under a major heading with subheads for each OS’s differences. iOS and Android also get a little more emphasis, though largely along the same lines as the 801-802 tests: checking versions, doing resets and synchronizing. The whole topic of OSs is one of the areas where the eBook really shines, with beautiful full-color high-resolution images.

 

Color images appear frequently in the text, and put the printed books’ grayscale images to shame. Many of them are close-ups of details, and I had to admire how well I could see things like silkscreen lettering on circuit boards. I wasn’t sure how comfortable I’d be using the eBook, as I’ve mentioned, and I tried more than one e-reader. Windows 8.1 offered a friendly link to the friendly Windows store for an epub reader, and served up an app that got even more friendly by installing a toolbar and search engine, and modifying my network settings, none of which I appreciated. It took some lengthy research to uninstall that crapware, then the research I should have done in the first place: what are the really good eBook readers, for Windows, in 2016? This led me to Adobe Digital Editions, much despised in its 1.x versions but apparently much improved in the current 4.5.x version. I thought I would miss my sticky notes, but the Bookmarks feature fills the gap really well. And it’s nice to click directly from the Table of Contents to a chapter, or even better, easily search for particular terms, something I had to rely on Indexes to do for me in paper books. I had to find the right tips page to figure out highlighting: select text, right-click, voila!

 

There are a lot of subtle things that get glossed over in a lot of A+ texts, for instance the issue of Northbridge and Southbridge, bridges that were originally real bridges with real, separate controller chips, but which are now “virtual,” in the sense of being absorbed into the main processor or other subsystems. Of the three texts I reviewed, only this one discusses the DMI bridge in Intel-processor chipsets, and none discusses DMA channels (which apply to RAM, not processors); there’s a certain degree of depth that’s being lost as different manufacturers devise very different solutions to the same fundamental problems. Intel’s DMI differs significantly from AMD’s HyperTransport bus, and both differ from Intel’s Quick Path Interconnect (QPI). Prowse gives all these some attention, and he’s the only one in this group who does. And that’s just one example.

 

The most important work students can do for certification exams is taking lots of sample tests. There are resources online, of course, and many are quite good. Brain dumps, on the other hand, are worse than useless because they’ll mislead you or insist on wrong answers. So the test material that comes with a CompTIA-approved text is actually really important, because for the most part it accurately reflects real question styles, for instance the frequent use of scenarios in questions. The Meyers book uses 10-question end-of-chapter quizzes that are good; they come at the end of lengthy chapters, which means you’ll read for a while before dealing with relevant questions. I have to admit I like Prowse’s Cram Quizzes, short 5-question tests that come two or three times per chapter. That’s a good idea: look at the material, then look at the kind of questions you’ll see for it. And not just multiple-choice questions, but performance-based questions like the ones you’ll be getting on the real exams going forward.

 

This makes for an interesting point: only Prowse’s online version of this course offers genuine simulations of the performance-based questions, for instance dragging and dropping devices to the correct slots. Obviously you’re not going to do this with either paper books or an eBook, but different writers have dealt with this in different ways. The Sybex book comes with access to an online lab and test bank, which I haven’t explored yet. This Prowse Exam Cram uses write-it-by-hand versions of the performance-based questions, which are actually pretty good substitutes, considering a lot of that drag-and-drop stuff is just silly.

 

Ultimately, I liked the Prowse book itself the best among this group, and surprised myself that I liked the eBook much more than I thought I would. It’s the shortest of the group I evaluated, yet covers many topics more completely. And Prowse’s writing is easy to read without trying to be too funny or chummy. Every classroom I work in has a projector, so it’s totally feasible to bring the book in digital form and put it up on the screen. When I’m drawing students’ attention to highlights, they can see exactly what I’m talking about, easily. I’m finding myself completely willing to try out this book, as an eBook, this coming term. Maybe the most interesting thing to see will be how well my students like using it. If they do, I’m going to permanently lighten my book bag and never look back.

CompTIA® A+ 220-901 and 220-902 Exam Cram

 

Copyright © 2016 by Pearson Education, Inc.

 

ISBN-13: 978-0-7897-5631-2ISBN-10: 0-7897-5631-5

 

 

[ Book Review ] :: Pearson IT Certification CompTIA A+ 220-901 Complete Video Course

Pearson’s A+ Video Courses: A Serious Alternative to Classroom Training

 

Video training has become a really big business. I’m a classroom teacher myself, and teach the A+ certification and several others, so the question of whether video training can replace classroom time is pretty personal, and I come at it a little skeptically. I’ve endured some truly painful online and video training courses, and I’m betting my gentle reader has too. Do they have to be awful? Or can they truly be good enough to replace “live” teachers? And more important, are they a good bargain relative to live classes?

 

No, they don’t have to be awful. Some are definitely better than others. Twenty years ago the user interfaces were mish-mashes, a situation that has hugely improved. Today they’ve almost all settled toward uniform layouts, which honestly improves the user experience across the board. It’s great to have a course outline with links to lessons down one side of the workspace or the other, for instance. Live classes often have a separate area for text material and another column for chat. Sometimes there’s a panel for downloadable materials, and sometimes all of these are wrapped up in one tabbed column (my favorite). What really matters is, which of these elements are included in a given course? And far more critical, how good is the actual presentation material?

 

In this case the material is quite good. The video pane alternates between Powerpoint-like slides, detailed video close-ups of hardware and actual assembly, and the presenter (whom I presume is David Prowse himself) talking and using a white board. This last is kind of classroom-like, complete with quick-and-dirty sketches. David has a good physical presence and a good speaking voice, so it works well. The frequent change of visual layout keeps things interesting, which is critical for recorded trainings. And the level of detail is really quite good; at 20+ hours for the 901 video course and 40+ for both 901 and 902, it’s close to the number of hours most live classes will run. That’s a lot of material, but in small chunks running about five minutes each. This is a popular format length these days: most students like being able to “drop in” to the course when they have some free time without making an hour-long commitment. Plus, it’s not so painful if you have to repeat a lecture. Personally, I find myself reluctant to start hour-long lessons online, but I can devour a five-minute video almost any time.

 

 

 

Lessons consist of Learning Objectives, lectures, Performance Based Exercises (very much like the ones you’ll find on the actual test) and PC Build demonstrations. The Learning Objectives aren’t a boring list of topics; instead, David gives a brief but much more informative talk about the lesson. Some Performance Based Exercises are classic drag-and-drop matching tasks, but some require you to demonstrate actual familiarity with Windows by, for instance, setting a static IP address, which is a highly relevant skill. The overall high-quality video production really shines in the PC Build walkthroughs, though these may be most useful for less experienced students. Modules are collections of Lessons, and include Module Quizzes (again, very similar to actual test questions). Most textbooks in this area include at least a couple of sample tests, whether on CD or by download. With this package you get a series of Module Quizzes, which as I’ve mentioned are pretty good, but you don’t get formal timed sample exams.

 

Can really hi-res video of motherboards and RAM and video cards replace the hands-on, pass-it-around of a live class? Put simply, yes, provided you’re already familiar with these things. But no, not if you’ve never handled them. How should you hold a stick of RAM? What part(s) should you never touch? If you picked up a module in a job interview would you be comfortable holding it? If these questions just make you laugh, you’re a good candidate for this course.

 

There were a couple of things I missed in the user interface package. There are no Supplementary Materials, which is a pretty small issue in a really complete package like this one, though I’ve run into some really valuable supplementary handouts from time to time. But the lack of student-teacher interaction might be a more serious issue. This is obviously the primary benefit of a live classroom or online class: you can say, Wait, I’m stuck on this, or I can’t make that work, or Mine doesn’t look like that. I’ve seen the chat window fill with questions, and I’ve found some of the most valuable material there when an instructor is provoked to a deeper explanation.

 

Some of the online course platforms use a hybrid method, where the course is recorded but the chat function is always available (and teachers are expected to respond to inquiries, even months or years later). Given the model of this video courseware, that’s not practical here. But this lack does take the course another big step away from the live classroom.

 

What really matters here is, can you take this video course and pass the A+ exam? There’s never a certain answer to that, because so much depends on the experience you bring. Some people are really successful at passing certification tests simply by reading a book or two; those people usually are already familiar with the topic and have advanced study skills. Most of us need more. If you can’t take a classroom course where you live, a video course is a very good alternative, at least if the course itself is high-quality, though I’d recommend spending some serious hands-on time with real hardware. The past few years have seen courses like this one dramatically improve, and at this point they’re certainly a viable alternative, especially if you’re relatively disciplined about your study – and like learning from videos rather than books.

 

Now for brass tacks: you can take two live courses for the 901 and 902 tests, with textbooks and test vouchers included, for about $2000 depending on your area. These two video courses list as a $499 package as I write this, much more expensive than a textbook and not including the tests, which will run you another $450. You could buy a text and some sample tests and spend barely more than half the price of classroom courses. If you’ve already got some experience with PCs, this could be a real steal for you.

 

Pearson IT Certification CompTIA A+ 220-901 Complete Video Course – January 22, 2016

 

By David L. Prowse

 

ISBN-13: 978-0-13-449930-7 / ISBN-10: 0-13-449930-1

 

Also see

 

Pearson IT Certification’s CompTIA A+ 220-901 and 220-902 Complete Video Course Library – April 18, 2016

 

Book Review: CISSP Cert Guide (Pearson IT Certification, 1st Edition)

As an instructor I’m faced with the choice, over and over, of a thick, detailed textbook versus a more concise one. Thinner would be the easier choice, except that some authors manage to make their thicker books easy, even breezy reading. Other thick books are just … thick. Many of the A+ texts, for instance, go much, much deeper into details than the test they cover does.

This book, which is for the 10-domain test, strikes a very good balance. At 470-odd pages of actual reading material (less Glossary, Index and front matter), it’s a reasonable size for the cert courses I teach. I found it easy to cover 50 pages an hour, though I’ve got over 20 years’ experience with this area so not much slows me down. But I’ve dealt with many (many) books filled with page after page of thick, hard-to-read and hard-to-comprehend text, so many that the slimmer, more terse books tend to make me cautious. This one’s slim and terse and absolutely readable.

Tight texts like this work by using short, declarative sentences. They state facts, explain simply, and provide solid nuggets of useful information, but they also don’t supply many examples, don’t try to explain things using scenarios, and don’t provide much if any historical context. If you’re already the kind of network professional you’re supposed to be to test for this certification, this won’t be a problem. A couple of paragraphs of discussion can cover Kerberos just fine – for the initiated. If you’re trying to “leverage” your way to a higher certification (and it pays to know that if you can’t document five years’ experience, you get an “associate” certification), though, this may not be the book for you. Actually, if you haven’t done the real groundwork, this isn’t the certification for you, either.

One very strong point about the Pearson IT cert texts is the sample questions and tests. I’ve seen too many questions in sample tests from several sources that are mangled, ungrammatical, ambiguous or just plain incorrect, but not here. As a long-time technical editor, I appreciate the good, clear, concise questions and the use of multiple plausible answers that made me slow down and think before choosing. The chapter-end questions and sample tests also seem very much in what I’d label “(ISC)2 style” – there is little or no sneakiness about them, unlike the questions common on some certifications I could name but won’t. They’re short and clear: What’s the second step in a Business Impact Analysis? On which layer is the Internet destination address added? And you either know the answer or you don’t, simple as that.

It was a little sad that the CD that came with my book had some kind of manufacturing defect that looked a little like a tire had run over the edge of the disk, rendering it useless. Ironically, it really was useless: since I already have the Pearson test engine installed, the enclosed license code did the trick all by itself, downloading the latest version of the test and activating it. From there it was all joy for me. With any luck this was a sheer fluke no one else will run into.

Where I did see some weakness in the text was in the tables and diagrams. Personally, I never like matrix tables: a crosswalk of administrative controls against access control categories means almost nothing to me unless something entices me to look carefully at the rows of Xs. This type of table is often necessary for compliance documentation, but it makes for pretty dull reading in a textbook. And diagrams are best if they show relationships and flow. Eight gray bubbles in a row do NOT illustrate the complexity of the ticket-granting process, for instance. From my own experience writing textbooks, I know this is a tough area. Personally, I cheat: I hire a graphic designer and build the simplest, clearest flow diagrams we can make. And fortunately, in this case, not all the graphics are tables and rows-of-bubbles diagrams. Some, for instance the software development models, are pretty good. In fact seeing the waterfall model as an inverted view of the agile model gave me an interesting moment.

A really good glossary and index are gold for most of my students. You know how this field is: the acronyms are like a bowl of Alpha-Bits, and the nomenclature is thicker than the nearest competitor (psychology). In this book the glossary and index cover over 120 pages, which is to say a quarter the size of the reading proper. For a lower-level text it would be too much. For this cert it’s enough, but not too much. These things are not easy to build, and you’ll appreciate them when you’re scratching your head: where the heck did they define this?

I’d be confident to teach from this text immediately, and I’d be confident taking the test after reading this. At this point I’m still evaluating books for teaching the CISSP going forward, but the certification is looking like a winner because of the demand I’m seeing for it in the sectors I serve: labs, bases, government and education. For this class of student, this book is just about ideal.

Full disclosure: I get textbooks for review from several sources, in this case from Pearson IT Certifications (http://www.pearsonitcertification.com/store/index.aspx?st=86509). I also work for a certifying organization (ISECOM), participate in building certifications (the OPST and SAI), write textbooks and teach at two universities (UNM and NMSU), so while I’m not the usual test subject, I am frequently the instructor.

* * *

Book Review: Just about to fade away: thoughts on the CompTIA A+ Authorized Cert Guide, Third Edition

The A+ exam is nearing its rollover from the 801/802 tests to the 901/902 tests, and I’ll soon be doing my usual survey of new textbooks to teach from. It’s kind of the same decision every time: choose a smaller book that cuts to the point, which makes life easier on the student and directly addresses the tests, or choose a “big” book that really tries to be a comprehensive reference after the test. I don’t mind the big book model, as long as retired subjects are rightly removed and the material genuinely reflects both the new test and current computer tech.

This particular text from Pearson (which I was given by UNM for evaluation, and covers the 801/802 tests) runs over 1100 pages, and definitely falls into the “big book” camp. Now, when I use this as a class text, that’s not particularly a problem, because I tell students directly: don’t memorize POST codes or IRQs or I/O addresses, among many other things. Know the basics, and know how to look up the details. They’re right there in this book, in most cases – but you don’t need all this detail to pass the test. In fact, students can bog down in the exhaustive lists: video resolutions, processor sockets, floppy disk capacities: really? Far better that they spend their time learning troubleshooting techniques, and I’m glad to say they’ll find them here.

This book doesn’t try to artificially divide the subject matter of the two tests; functionally they’re about the same. That’s good, because it prevents a lot of the repetition I’ve seen in some texts. The topic areas are nicely divided, and work through a nice progression from the most elementary hardware to advanced Windows management. Personally, and as a teacher, I appreciate that.

I’ve found I have a strong preference for the Pearson practice tests, included in a CD in the book. The trend has been to online downloads, which aren’t bad in themselves, but often aren’t of such high quality. The offset is that online goodies often include things like videos and flash cards, which some students find really useful. What will this look like in the next version?

I’m waiting to see what the 901/902 edition looks like, particularly compared to its peers. This will be a whole new version of the A+, which means a total reset of the textbook market. This transition is never smooth, but if Soper, Prowse and Mueller can pull of another quality text, it will likely be my choice for next year’s classes.

* * *

Book Review: CompTIA Healthcare IT Technician HIT-001 Cert Guide, by Joy Dark and Jean Andrews

Since I’m evaluating so many books for IT courses, I’ve decided to start doing formal reviews here and on Amazon. I hope these are useful for other instructors like me.

Back in 2012 the HIT certification was brand new and materials were just coming out. I looked at some that I could only describe as ratty, which clearly were selling only because there was literally almost nothing else. Fortunately, there was this book, by far the best thing out there at the time. My copy was a review copy supplied by UNM.

It wasn’t perfect. In fact it looks very much like a first edition built for the first version of a new certification. I’ve been teaching CompTIA certs for some 15 years, and I’m pretty familiar with how they build tests. In this case I’d say they merged questions from the A+, Network+ and Project+ with strong doses of medical terminology and medical legal concepts. As other reviewers have noticed, the pool of questions on the sample test CD is pretty limited. They did, however, seem to cover the same ground as the actual test questions.

This cert was a snap for me because I’ve worked in medical and IT for over 20 years, and have taught the A+, Network+ and Security+ many times. But I’d have to agree that for a person coming into this field cold, this book alone wouldn’t be enough. You’d need to study medical terminology in more depth than you’ll get here, and build a background in security because you won’t get explanations of some pretty deep concepts you’ll be expected to understand for the test.

On the other hand, if you’ve got some experience in this field, this book does a good job of steering you toward the issues the test emphasizes: regulations and agencies, workflows, terminology and security. If you can get on top of the legal hierarchy, for instance, and you’ve already got an A+, you’re most of the way there.

Now, in 2015, I’ve taught this certification with successful students. But I’m surprised, after looking online, that there is still little to compete with this book for a detailed class text. The newer materials I’ve seen are mostly “cram school” stuff, which some people like but I don’t. If I do see continued interest in HIT cert classes this will be my text, but I’ll also be looking for more functionally complete materials. Given what I’ve seen of Joy Dark’s writing, a second edition will be much better. The real test is going to be adoption of the HIT certification itself as a credential, and that I’m still waiting to see.

ISBN-13: 978-0789749291 ISBN-10: 0789749297,
http://www.pearsonitcertification.com/store/comptia-healthcare-it-technician-hit-001-cert-guide-9780789749291

* * *