Glenn Norman – Page 2 of 81 – IT Systems, Network, Security and Education

January 16, 2017June 27, 2017

Hacker Highschool: Foreword and Copyright Statement

Foreword From Glenn Norman, Project Manager, 2012-1016

Downloads: http://gnorman.org/2017/05/16/hacker-highschool-download-uncut-lessons/

As I’ve described in an earlier entry, I first got in touch with Pete Herzog and ISECOM (http://isecom.org) in 2010 through LinkedIn because, as a professional editor, I thought I could make a contribution to the writing and layout of some of his products. Initially I thought about working on the OSSTMM (http://osstmm.org), but accepted Pete’s offer to work on lessons for Hacker Highschool (http://hackerhighschool.org). In 2012 Pete asked me to take on the job of unpaid volunteer Project Manager for the Hacker Highschool Version 2 Rewrite Project, which I accepted.

Over the next four years I managed over 10,000 emails, almost 100 contributors and over 200 supporters of the project. Some of the lessons went through as many as 50 drafts, all of which I managed and edited. I learned a tremendous lot about hacking, hackers and hacker culture, most of it positive. By 2016, however, financial pressures forced me to relinquish the role of Project Manager.

The Hacker Highschool materials are open and free to the public, released under a Creative Commons Non-Commercial, No Deriviatives, Attribution Required License, which is an extension of copyright not formally embodied in law. Formal, legal copyright, of course, is always owned by the creator of a work, unless the creator is paid, or signs away rights in a contract. This means that all materials contributed to Hacker Highschool remain the copyright property of the contributors.

After my departure, ISECOM chose to keep our contributions but remove the names of several people from the Contributors pages, including mine.

So to preserve record of the contributions of the many good people of the Hacker Highschool rewrite project, here are the lessons that are my work product as the volunteer Project Manager of the Hacker Highschool Version 2 Rewrite Project from 2012-2016.

Parts of these lessons are Copyright © 2016 Glenn Norman, including editing, arrangement, verifying and integrating contributed materials, and original text. All rights are reserved, though these documents may be freely distributed provided this statement remains intact.

All other materials remain the copyrighted property of their respective contributors, beyond their use and acknowledgment in Hacker Highschool Version 2.

December 14, 2016June 5, 2017

Review: CompTIA® A+ 220-901 and 220-902 Cert Guide, by Mark Edward Soper (2016)

Here’s another in my series on reviews of the textbooks I use to teach my classes. In this case it’s an A+ text from Pearson with some pretty nice online value-adds.

CompTIA® A+ 220-901 and 220-902 Cert Guide, by Mark Edward Soper

ISBN-13: 978-0-7897-5652-7

ISBN-10: 0-7897-5652-8

Early study materials for the A+ were rough and ready, often terse little volumes that assumed a lot of foreknowledge. We’ve come a long way in the 13 years I’ve held, and later taught, this certification, to the point that you can find great material in book, ebook and online course formats, covering a lot of learning styles. Mark Soper’s CompTIA® A+ 220-901 and 220-902 Cert Guide is an in-depth Cert Guide, in Pearson-speak, as opposed to their usually shorter, drill-oriented Exam Cram series. I’ve taught both formats and generally prefer the greater detail of the cert guides, but I was impressed by David Prowse’s Exam Cram ebook on this same topic.

The “value added” materials have been getting better too. Most publishers have long offered CDs with test and study materials. But as optical drives have been going out of style while online storage has come on strong, I’m seeing almost everyone leaving the CD behind, and using the CD sleeve in the back of books for a slip of paper with an Activation Code, as this book does. I initially thought, Oh, there go the goodies, but I’ve found the reverse is true. More on this below.

Prose style really matters, too. My students make loud noises if reading the text gives them headaches, which magically transfers the headaches to me. From an earlier review:

When it comes to highly technical books, there are plenty of them that are written by committee, and read like it. I’ve got nothing against a dry, factual style, but my students seem to be more willing to read single-author books with a breezier prose style. [Prowse’s] book falls into the second category, and has the kind of comfortable, personable text that makes reading 982 pages a lot less of a chore. By comparison, the 901-902 text by Mike Meyers runs 1472 pages of chatty first-person conversation, while the text from Docter, Dulaney and Skandier is 1312 pages of formal discussion (what did I say about writing by committee?).

The previous edition of this Cert Guide was written by Soper, Prowse and Scott Mueller, and was my text of choice teaching my A+ 801-802 classes. It ran to 950 pages of text, plus end material (and included a CD). In the current edition, Soper goes it alone while Prowse works on the video course and the Exam Cram book, and Mueller apparently works on the 23rd edition of his amazing Upgrading and Repairing PCs series. I wondered if the quality would suffer or improve, and if the character of the book would change, but Soper keeps up the really excellent written material thickly scattered with high-res grayscale photos, screen shots and key topics tables. Possibly to the down side, the book now contains about 1150 pages of text, plus end material. It’s still one of the shorter texts, but they are all becoming behemoths.

I have to say I like Soper’s prose. He sticks to shorter sentences and obviously has a talent for stating things clearly. There is a minority among my students who like the more chatty, informal and sometimes funny language of Meyers, but they have to be willing to make a 1500-page commitment to that book.

Chapters are laid out clearly, and divided into topics with plenty of illustrations. Every book on this topic has to decide how deeply to descend into details. Do students need to know the specifics of the latest upcoming Intel memory controller topology? The hard-core geeks are going to love it. Others are going to find those details quickly obsolete, but do need to understand how the once-literal North and South Bridges are now mostly theoretical, with chipsets doing all kinds of things differently.

What really matters is that the materials match up to the A+ test objectives, which this book does quite well. Ending each chapter are the Exam Preparation Tasks, which include memory tasks like definitions alongside exercises like using diagnostic tools to research hardware details and upgrade options. Then come Review Questions, with Answers and Explanations conveniently following. The explanations are nice, because they’re really explanations, unlike too many of the ones I see on sample tests.

Here, each book handles this differently. The Exam Cram splits OS topics out among the main test topics, so there’s not one place that solely discusses Windows 7, for instance.

Docter, Dulaney and Skandier do the opposite, with 50-60 page chapters on each major OS, which might be a good idea for organization, but leads to a lot of duplicate discussions of installation and deployment, for instance.

In this book Soper manages to cover the same detail in about 35 pages each for the OSX/Linux chapter and the iOS/Android chapter, with less obvious duplication. Depending on whether you’re using the textbook later as a reference (go with duplication) or as a learning tool (don’t torture me when I have to read the whole book), this book may be the best option for students.

The most important work students can do for certification exams is taking lots of sample tests. There are resources online, of course, and many are quite good. Brain dumps, on the other hand, are worse than useless because they’ll mislead you or invite you to believe wrong answers. Note that tests and questions provided by real CompTIA Authorized Partners (like Pearson) tend to be much more realistic and closely aligned with the actual test questions, for instance the frequent use of scenario questions. There are lots of practice sites and sources of sample questions online, and students should use them – with a healthy awareness that sometimes these questions are wrong: wrongly worded, contradictory or just plain far off topic. Once you’re so advanced that you can spot these errors, generic online practice tests can be useful for learning to spot B.S.

Getting access to Pearson’s online materials takes a few steps, but isn’t any harder than registering for Facebook. You’ll download the Pearson test engine, fire it up, and use the Activation procedure to get and install the sample tests for this book. There are a total of four tests, which you can further tune to concentrate on questions by chapter/objective. Mix and match until you’ve seen every question several times. I always recommend saving at least one of these tests as a final proving challenge before taking the real certification exam; if you can ace a test you haven’t seen before, you’re likely ready for the real test.

Back in the book, there are also some memory drills, but the nicest value-add-on is the three hours of video you can watch from Prowse’s video course. They are highly worth the investment in time, I guarantee.

So I come to the things that matter when I choose a text for my A+ classes.

First, the price. At $60 this book isn’t cheap, but it’s not stratospheric for a college-level text either. Its main competitors are in the $50-60 zone.

Next, does it align closely with the CompTIA A+ Objectives? This book covers them without going in-depth on topics or technologies that will never show up on the test.

Then, how long is it? 1000 pages is tough, and 1500 pages is a huge task for my students, but few books in this area are smaller. At least this one is on the light end of the scale.

Finally, what’s it like to read the actual prose? Does it sound like it was written by an engineer or a lawyer, or is it more like a friendly discussion of interesting technology? Soper does very well in this area.

Ultimately, you can’t go wrong with this book. All by itself it’s good; with the online materials it’s top-notch. I’ll be trying it out in my next round of classes.

Disclaimer: Obviously I am a teacher, working with two major universities and many smaller clients. Some of the books I review are provided by my employers, but many of them come to me directly through my reviewer accounts with Pearson, Microsoft and Cisco (as this book did). They all know that sending me books is no guarantee mercy on my part.

* * *

December 14, 2016June 8, 2017

Excellent TechRepublic Article: “10 mistakes to avoid when troubleshooting IT problems”

Don’t you hate those clickbait “10 Great Pictures of …” or “10 Mistakes Men Make,” etc. etc.?

I say, as always, consider the source. For instance, TechRepublic is a pretty darn reliable, high-quality site for the hard-core geek (and you are one if you’re here reading this).

Whether trying to diagnose a single device or dealing with the urgency of a company-wide outage, there are solid best practices on what NOT to do. With that in mind, here are 10 things to avoid doing, so you can limit the pain and keep things running as smoothly as possible….

Yes! Exactly! Please show me your painful mistakes so I can wince and try to avoid them forever (at least try). Check out the list and see what you think:

http://www.techrepublic.com/article/10-mistakes-to-avoid-when-troubleshooting-it-problems/

* * *

November 4, 2016June 8, 2017

The Madness of the USBs (and Thunderbolts and alternate modes…)

I see rough issues coming for A+ students in terms of identifying the sudden proliferation of USB versions and ports, Thunderbolt versions, “alternate modes” and “multiplex modes.” Consumers are going to face lots of compatibility problems, because there are so many modes: some cables do one thing, while other cables that look identical do different things. And how about Thunderbolt over USB? Nightmare is a legitimate description.

http://blog.fosketts.net/2016/10/29/total-nightmare-usb-c-thunderbolt-3/

* * *

October 27, 2016

A fellow consultant asks me to define Pen Testing and Vuln Testing

Recently my friend and fellow IT consultant Marc Mintz (Mintz Infotech, https://mintzit.com/) asked me to clarify some of what I do for his clients. Here’s his question:

***

Glenn: I don’t know if my target market really understands pen and vulnerability testing, but since they should, I’d like to have some information for them.

I. What is Pen and Vulnerability testing

II. What are the benefits of Pen and Vulnerability testing.

III.What businesses are required to have this security testing?

IV. What is involved – what does it look like and how is your organization impacted during the process.

V.Costs, both in down time and $$$

VI. Everything else I don’t know enough to include.

***

So here’s my response:

PENETRATION TESTING

Often shortened to “pen testing,” this is a limited subset of security analysis. In the certification world, you’ll find distinctions between Pen Testers and Security Analysts, with pen testers being more glorified but analysts doing the real work.

Pen testers look for openings they can penetrate. Simple as that. Except it’s not simple. The real question is, what are you testing

SCOPE

The critical consideration is the scope of the pen testing. For a web application, the app itself, its hosting and its web server software would be the scope. Notice that this is very limited: it does not include, for instance, any email services that may be involved – and may be critical.

For a corporate network, the scope might include all external IP addresses, all external email, chat, messaging, voicemail and VOIP services, all hosting arrangements, all data network providers – or only a subset of these, or even perhaps far more than these, depending on the proposed scope of the pen test.

PEN TESTING, VULNERABILITY TESTING AND SECURITY ANALYSIS

Are you just looking for potential vulnerable points, or are you actually trying to perform a penetration? These are two very different things. Real pen testing might actually bring your business down (I might break things trying to get in), while simply scanning for vulns shouldn’t (unless badly done, which is a real possibility). But finding a list of vulns does *not* actually determine if your business can be penetrated; in fact, thinking you’re safe if you fix that list is a big vulnerability of its own.
If you really want to know that you’re cast-iron set-in-concrete secure, turn me loose to do full pen testing, and I’ll let ‘er rip. I’ll find a hole somewhere, in the network layers or at the human layer (depending on scope). Hardly anyone actually does this except the government. Most people want vuln testing, which gives them a solid to-do list of things to fix. This is the way to go for proof of compliance or due diligence or similar legal concepts. Security? You likely get a little security out of vuln testing, though not as much as some people think. But if you’re really getting ferocious about security, you want something much deeper generally called security analysis. A security analyst might note, for instance, that your firewall device has a hardware fault or your email server is an open relay, and that you should fix them.

COMPLIANCE

There are somewhat similar requirements across several industries, but of course specifics have to be slavishly followed. For HIPAA-compliant organizations, an annual Risk Analysis includes things like pen testing, auditing and user training. For schools, for the most part, they only need to deal with simple records storage security under FERPA. Military and mil-contractor organizations, on the other hand, have to follow FIPS guidelines, which require frequent and fearsome pen testing. Business and financial outfits have various Dodd-Frank and Gramm–Leach–Bliley security requirements that include risk analysis, which in turn includes pen testing, user training, auditing and so much more.

My point is that pen testing is one tool in the box for proof of compliance, but it’s not the only one. Not by a long shot.

TESTING

Any hacker worth his/her salt is going to work in ways they hope they won’t be detected, assuming data theft is the goal. Pen testing, on the other hand, is frequently (dismayingly) done during business hours, very much to the detriment of the business’s operations. That’s why I see statements in contracts like “testing must be halted immediately if the customer’s operations are affected.” I’m sorry, but this is ignorant.

On the other hand, denial of service is a legitimate goal, though you don’t really want to test it. You’ll just be testing the resilience of your data and hosting providers’ networks, and that is a very big no-no. Pen testing that results in DOS, then, is extremely, specifically bad. If you’re signing a contract for pen testing, make sure it includes provisions that testing be done during non-business hours, if you have off hours.

COSTS

Costs are always an issue of balance: What does it cost you to fail to comply? You’d better be very clear on your legal requirements to answer that question. What does it cost you to audit or pen test? Probably, but not certainly, less. The issue is that you’re not playing poker, where there are odds and perhaps sustainable losses. You’re playing Russian roulette, where loss means the potential for total destruction of your business or even more devastating losses for your customers, clients or patients. If you think I’m trying to scare you to lessen any sticker shock, I am.

For a full-scale, mil-spec pen test against a large organization, expect price tags somewhere in the $15,000-25,000 (each) range for mandatory thrice-annual tests. The critical thing here is that setup is the biggest expense (i.e. takes the longest time), so a single-incident pen test for a smaller business could easily approach or surpass this price tag, depending on the scope of testing. This makes understanding your scope, which is to say your compliance requirements, the critical point.

Even more, because pen testers are in strong demand, at least in certain sectors, most of them don’t want to deal with smaller businesses. The risks aren’t worth the legal issues, which are substantial. This means those smaller orgs are often better served by training internal staff to perform pen testing than they are by hiring outside contractors. In some cases this doesn’t fulfill legal requirements for testing to be performed by a separate institution, but if you’re at a scale that requires full-scale external-provider pen testing for compliance, you already know this.

POTENTIAL DOWNTIME

The landscape is changing very rapidly here. If you’re hosting all your servers and services internally, serious pen testing could temporarily shatter your working infrastructure. Do not ask me how I know this. In some situations this in unavoidable because extreme security or data location requirements force you to do your own hosting this way.

On the other hand, if you’re utilizing contemporary infrastructure there’s no reason you should have significant or any downtime. Host your documentation on Google and your pen tester is testing Google, not you (which will get them in some serious trouble). Host your servers on Amazon and they’re testing Amazon’s cloud resiliency, and asking for some very unwelcome attention.

Yes, keep your secret sauce on your own hardware, but otherwise don’t run your own steam engines, generators or servers. Don’t worry, though. One round of pen testing (really, vuln testing) will show you where the easy openings are. Just remember that if your pen testers bring you down during operating hours, they’re doing their job poorly (with the notable exception of 24-hour operations).

Marc is, and you, gentle reader, are also welcome to contact me if you have questions, want to know more, or need pen testing or training services.

Test safely.

* * *

August 29, 2016

Tech in the Workplace

This guest article is brought to you by Leonardo Calvo / NEUVOO

Nowadays, technology is such a big part of our lives that we do not even notice how much we rely on it. Technology affects us and helps us almost every minute of every day. From the minute our alarm wakes us up to the moment we read our favorite book on our tablet before going to sleep. No one can escape the barricade of innovation and the way it has affected how we live our lives. We are currently positioned in the threshold of gadgets, Internet and Artificial Intelligence.

The last generation was used to spending their days stuck in a cubicle without almost no social interaction, obligated to commute every day from home to the office. However, due to this new digital era, both the conception of workplace and how we develop our careers have changed drastically, at least for the vast majority.

People working from home is a trend that is rising, thanks to the Internet and new startup initiatives that are taking advantage of new and very productive working protocols that adapt into people’s comfort and the company’s needs, which is a rather beneficial agreement for both employer and employee. But if you are one of those people who does not like working for an employer, the Internet has provided us with global online outsourcing marketplaces like Fiverr where people can offer their freelance services, depending on their skills and field of study.

Comedians, musicians, filmmakers, bloggers and artists have found different ways to earn good money through platforms such as Youtube or Vimeo, which have demonstrated that working in these new networks is entirely profitable, especially when a top ranking Youtuber makes around 3.2 million dollars annually.

What if you do not have a job? That could also be easily solved by technology these days. Job search engines like neuvoo index jobs from different sources and companies; it filters all offers through their system and classifies them by location and industry. So yes, those days of browsing through the newspaper employment classifieds are entirely over, being that the Internet is a much more practical source for a job search.

Has technology changed or influenced the way you work? I am sure it has, in one way or another, the future is now and it is taking over. Eventually, Artificial Intelligence might start taking our place in different entry level jobs, let’s hope it is a very far away possibility and let’s focus on taking advantage of it while we can. Hopefully, technology will always have a positive influence on our society.

* * *

July 25, 2016

Pete Herzog removed my name as contributor from the Hacker Highschool lessons!

Just amazing. Pete Herzong of ISECOM has removed my name from the list on contributors on every lesson of Hacker Highschool – even though I was the Project Manager for 6 years and produced every one of them.

Now that’s the way to treat a contributor to an open-source project! Wipe their name from it!

I am more amazed every day at the childishness of Pete Herzog of ISECOM and Hacker Highschool.

***

July 7, 2016

Contributor Article: Business Networking and job search aggregators like Nuevoo

Business Networking 101

by Vanessa Fardi

We have seen the word a million times in articles, magazines, blogs, even Facebook, but it is very likely we do not have the slightest idea of what ‚ÄúNetworking‚Äù actually means. We might relate it directly to Facebook and we definitely know it is an important tool when it comes to doing business. But, do we know its actual objective? Networking can be defined as the exchange of information or services among individuals, groups, or institutions, and it specifically refers to the cultivation of productive relationships for employment or business. Now that we finally know what it means, how do we get it done? Should we just go to parties, meetings, benefits and events, talk to people about our company or business, exchange business cards and be sociable? Yes, that is exactly what a networker does. The main idea is to make new contacts with the objective of forming mutually beneficial business relationships. That is it! Now you are an expert on the subject.There is another aspect we have to consider, why go ahead and do business networking? Some entrepreneurs and business owners actually think business networking is a more cost-effective method of getting new clients than advertising or public relations. Business networking can be conducted in a local business community, or on a larger scale on the Internet. Social networks play a very important role for companies nowadays. Even law firms and oil companies have Facebook and Twitter in order to attract more clients and be able to get the word out there about what they do. Social networks make companies more approachable to the general public and potential future clients. That is the reason why the position of Community Manager has boomed over the last five years. If it is not on Facebook, Twitter, Instagram or LinkedIn, your company literally does not exist.To be the greatest networker known to man, just follow these simple, yet life changing, tips:

Always be honest. No one likes a liar.
Carry your business cards with you at all times.
Try to meet at least five or more new people at an event.
Be friendly.
You will need to give to be able to receive. The business relationship works both ways.
Go get them!

Vanessa Fardi / NEUVOO

Team Leader US/CA/LATAM

Email: vanessa@neuvoo.com

***

May 16, 2016

[ Book Review ] :: A+ Exam Cram from David Prowse, eBook Version

This July 1^st (2016), the CompTIA A+ certification rolls over to the 901-902 version, with some pretty significant changes to the test materials. I’ve been evaluating books for my upcoming classes, and decided I’d try out not just different publishers’ offerings, but different forms of the media. As an instructor, I’ve relied heavily on physical books to run my classes: they’re marked up, dog-eared and riffed with sticky notes for points I want to hit in class. Could I do as well with an eBook?

Pearson hooked me up with an epub version of this Exam Cram, written by David Prowse. I’ve been in this business for many years – and so has he. His materials are pretty darn good, including an online A+ training course I had the opportunity to preview (and review). When it comes to highly technical books, there are plenty of them that are written by committee, and read like it. I’ve got nothing against a dry, factual style, but my students seem to be more willing to read single-author books with a breezier prose style. This book falls into the second category, and has the kind of comfortable, personable text that makes reading 982 pages a lot less of a chore. By comparison, the 901-902 text by Mike Meyers runs 1472 pages of first-person conversation, while the text from Docter, Dulaney and Skandier is 1312 pages of formal discussion (what did I say about writing by committee?). Prowse gets one point for good prose style and one for shortest length, which does in fact matter.

One of the biggest changes for the new certification is the much-changed list of operating systems covered. XP is out, finally, but Vista lingers on, along with Windows 7, 8 and 8.1. Windows 10 is not covered. But OSX is getting a lot more discussion, which matches the workplace I see, mostly Windows but with a contingent of determined Mac users. The three texts I reviewed handled this issue differently. This Exam Cram splits OSs out among the main test topics, so there’s not one place that solely discusses Windows 7, for instance. Docter/Dulaney/Skandier do the opposite, with 50-60 page chapters on each major OS, which might be a good idea for organization, but does lead to a lot of duplicate discussions of installation and deployment, for instance. In my reading all three texts ended up covering the same materials for each OS, because the CompTIA A+ Objectives are so clearly spelled out in this area. Frankly, I kind of like the way Prowse handles things, discussing the topic under a major heading with subheads for each OS’s differences. iOS and Android also get a little more emphasis, though largely along the same lines as the 801-802 tests: checking versions, doing resets and synchronizing. The whole topic of OSs is one of the areas where the eBook really shines, with beautiful full-color high-resolution images.

Color images appear frequently in the text, and put the printed books’ grayscale images to shame. Many of them are close-ups of details, and I had to admire how well I could see things like silkscreen lettering on circuit boards. I wasn’t sure how comfortable I’d be using the eBook, as I’ve mentioned, and I tried more than one e-reader. Windows 8.1 offered a friendly link to the friendly Windows store for an epub reader, and served up an app that got even more friendly by installing a toolbar and search engine, and modifying my network settings, none of which I appreciated. It took some lengthy research to uninstall that crapware, then the research I should have done in the first place: what are the really good eBook readers, for Windows, in 2016? This led me to Adobe Digital Editions, much despised in its 1.x versions but apparently much improved in the current 4.5.x version. I thought I would miss my sticky notes, but the Bookmarks feature fills the gap really well. And it’s nice to click directly from the Table of Contents to a chapter, or even better, easily search for particular terms, something I had to rely on Indexes to do for me in paper books. I had to find the right tips page to figure out highlighting: select text, right-click, voila!

There are a lot of subtle things that get glossed over in a lot of A+ texts, for instance the issue of Northbridge and Southbridge, bridges that were originally real bridges with real, separate controller chips, but which are now “virtual,” in the sense of being absorbed into the main processor or other subsystems. Of the three texts I reviewed, only this one discusses the DMI bridge in Intel-processor chipsets, and none discusses DMA channels (which apply to RAM, not processors); there’s a certain degree of depth that’s being lost as different manufacturers devise very different solutions to the same fundamental problems. Intel’s DMI differs significantly from AMD’s HyperTransport bus, and both differ from Intel’s Quick Path Interconnect (QPI). Prowse gives all these some attention, and he’s the only one in this group who does. And that’s just one example.

The most important work students can do for certification exams is taking lots of sample tests. There are resources online, of course, and many are quite good. Brain dumps, on the other hand, are worse than useless because they’ll mislead you or insist on wrong answers. So the test material that comes with a CompTIA-approved text is actually really important, because for the most part it accurately reflects real question styles, for instance the frequent use of scenarios in questions. The Meyers book uses 10-question end-of-chapter quizzes that are good; they come at the end of lengthy chapters, which means you’ll read for a while before dealing with relevant questions. I have to admit I like Prowse’s Cram Quizzes, short 5-question tests that come two or three times per chapter. That’s a good idea: look at the material, then look at the kind of questions you’ll see for it. And not just multiple-choice questions, but performance-based questions like the ones you’ll be getting on the real exams going forward.

This makes for an interesting point: only Prowse’s online version of this course offers genuine simulations of the performance-based questions, for instance dragging and dropping devices to the correct slots. Obviously you’re not going to do this with either paper books or an eBook, but different writers have dealt with this in different ways. The Sybex book comes with access to an online lab and test bank, which I haven’t explored yet. This Prowse Exam Cram uses write-it-by-hand versions of the performance-based questions, which are actually pretty good substitutes, considering a lot of that drag-and-drop stuff is just silly.

Ultimately, I liked the Prowse book itself the best among this group, and surprised myself that I liked the eBook much more than I thought I would. It’s the shortest of the group I evaluated, yet covers many topics more completely. And Prowse’s writing is easy to read without trying to be too funny or chummy. Every classroom I work in has a projector, so it’s totally feasible to bring the book in digital form and put it up on the screen. When I’m drawing students’ attention to highlights, they can see exactly what I’m talking about, easily. I’m finding myself completely willing to try out this book, as an eBook, this coming term. Maybe the most interesting thing to see will be how well my students like using it. If they do, I’m going to permanently lighten my book bag and never look back.

CompTIA® A+ 220-901 and 220-902 Exam Cram

ISBN-13: 978-0-7897-5631-2ISBN-10: 0-7897-5631-5

March 25, 2016

[ Book Review ] :: Pearson IT Certification CompTIA A+ 220-901 Complete Video Course

Pearson’s A+ Video Courses: A Serious Alternative to Classroom Training

Video training has become a really big business. I’m a classroom teacher myself, and teach the A+ certification and several others, so the question of whether video training can replace classroom time is pretty personal, and I come at it a little skeptically. I’ve endured some truly painful online and video training courses, and I’m betting my gentle reader has too. Do they have to be awful? Or can they truly be good enough to replace “live” teachers? And more important, are they a good bargain relative to live classes?

No, they don’t have to be awful. Some are definitely better than others. Twenty years ago the user interfaces were mish-mashes, a situation that has hugely improved. Today they’ve almost all settled toward uniform layouts, which honestly improves the user experience across the board. It’s great to have a course outline with links to lessons down one side of the workspace or the other, for instance. Live classes often have a separate area for text material and another column for chat. Sometimes there’s a panel for downloadable materials, and sometimes all of these are wrapped up in one tabbed column (my favorite). What really matters is, which of these elements are included in a given course? And far more critical, how good is the actual presentation material?

In this case the material is quite good. The video pane alternates between Powerpoint-like slides, detailed video close-ups of hardware and actual assembly, and the presenter (whom I presume is David Prowse himself) talking and using a white board. This last is kind of classroom-like, complete with quick-and-dirty sketches. David has a good physical presence and a good speaking voice, so it works well. The frequent change of visual layout keeps things interesting, which is critical for recorded trainings. And the level of detail is really quite good; at 20+ hours for the 901 video course and 40+ for both 901 and 902, it’s close to the number of hours most live classes will run. That’s a lot of material, but in small chunks running about five minutes each. This is a popular format length these days: most students like being able to “drop in” to the course when they have some free time without making an hour-long commitment. Plus, it’s not so painful if you have to repeat a lecture. Personally, I find myself reluctant to start hour-long lessons online, but I can devour a five-minute video almost any time.

Lessons consist of Learning Objectives, lectures, Performance Based Exercises (very much like the ones you’ll find on the actual test) and PC Build demonstrations. The Learning Objectives aren’t a boring list of topics; instead, David gives a brief but much more informative talk about the lesson. Some Performance Based Exercises are classic drag-and-drop matching tasks, but some require you to demonstrate actual familiarity with Windows by, for instance, setting a static IP address, which is a highly relevant skill. The overall high-quality video production really shines in the PC Build walkthroughs, though these may be most useful for less experienced students. Modules are collections of Lessons, and include Module Quizzes (again, very similar to actual test questions). Most textbooks in this area include at least a couple of sample tests, whether on CD or by download. With this package you get a series of Module Quizzes, which as I’ve mentioned are pretty good, but you don’t get formal timed sample exams.

Can really hi-res video of motherboards and RAM and video cards replace the hands-on, pass-it-around of a live class? Put simply, yes, provided you’re already familiar with these things. But no, not if you’ve never handled them. How should you hold a stick of RAM? What part(s) should you never touch? If you picked up a module in a job interview would you be comfortable holding it? If these questions just make you laugh, you’re a good candidate for this course.

There were a couple of things I missed in the user interface package. There are no Supplementary Materials, which is a pretty small issue in a really complete package like this one, though I’ve run into some really valuable supplementary handouts from time to time. But the lack of student-teacher interaction might be a more serious issue. This is obviously the primary benefit of a live classroom or online class: you can say, Wait, I’m stuck on this, or I can’t make that work, or Mine doesn’t look like that. I’ve seen the chat window fill with questions, and I’ve found some of the most valuable material there when an instructor is provoked to a deeper explanation.

Some of the online course platforms use a hybrid method, where the course is recorded but the chat function is always available (and teachers are expected to respond to inquiries, even months or years later). Given the model of this video courseware, that’s not practical here. But this lack does take the course another big step away from the live classroom.

What really matters here is, can you take this video course and pass the A+ exam? There’s never a certain answer to that, because so much depends on the experience you bring. Some people are really successful at passing certification tests simply by reading a book or two; those people usually are already familiar with the topic and have advanced study skills. Most of us need more. If you can’t take a classroom course where you live, a video course is a very good alternative, at least if the course itself is high-quality, though I’d recommend spending some serious hands-on time with real hardware. The past few years have seen courses like this one dramatically improve, and at this point they’re certainly a viable alternative, especially if you’re relatively disciplined about your study – and like learning from videos rather than books.

Now for brass tacks: you can take two live courses for the 901 and 902 tests, with textbooks and test vouchers included, for about $2000 depending on your area. These two video courses list as a $499 package as I write this, much more expensive than a textbook and not including the tests, which will run you another $450. You could buy a text and some sample tests and spend barely more than half the price of classroom courses. If you’ve already got some experience with PCs, this could be a real steal for you.

Pearson IT Certification CompTIA A+ 220-901 Complete Video Course – January 22, 2016

By David L. Prowse

ISBN-13: 978-0-13-449930-7 / ISBN-10: 0-13-449930-1

Also see

Pearson IT Certification’s CompTIA A+ 220-901 and 220-902 Complete Video Course Library – April 18, 2016