[ Book Review ] :: Pearson IT Certification CompTIA A+ 220-901 Complete Video Course

Pearson’s A+ Video Courses: A Serious Alternative to Classroom Training


Video training has become a really big business. I’m a classroom teacher myself, and teach the A+ certification and several others, so the question of whether video training can replace classroom time is pretty personal, and I come at it a little skeptically. I’ve endured some truly painful online and video training courses, and I’m betting my gentle reader has too. Do they have to be awful? Or can they truly be good enough to replace “live” teachers? And more important, are they a good bargain relative to live classes?


No, they don’t have to be awful. Some are definitely better than others. Twenty years ago the user interfaces were mish-mashes, a situation that has hugely improved. Today they’ve almost all settled toward uniform layouts, which honestly improves the user experience across the board. It’s great to have a course outline with links to lessons down one side of the workspace or the other, for instance. Live classes often have a separate area for text material and another column for chat. Sometimes there’s a panel for downloadable materials, and sometimes all of these are wrapped up in one tabbed column (my favorite). What really matters is, which of these elements are included in a given course? And far more critical, how good is the actual presentation material?


In this case the material is quite good. The video pane alternates between Powerpoint-like slides, detailed video close-ups of hardware and actual assembly, and the presenter (whom I presume is David Prowse himself) talking and using a white board. This last is kind of classroom-like, complete with quick-and-dirty sketches. David has a good physical presence and a good speaking voice, so it works well. The frequent change of visual layout keeps things interesting, which is critical for recorded trainings. And the level of detail is really quite good; at 20+ hours for the 901 video course and 40+ for both 901 and 902, it’s close to the number of hours most live classes will run. That’s a lot of material, but in small chunks running about five minutes each. This is a popular format length these days: most students like being able to “drop in” to the course when they have some free time without making an hour-long commitment. Plus, it’s not so painful if you have to repeat a lecture. Personally, I find myself reluctant to start hour-long lessons online, but I can devour a five-minute video almost any time.




Lessons consist of Learning Objectives, lectures, Performance Based Exercises (very much like the ones you’ll find on the actual test) and PC Build demonstrations. The Learning Objectives aren’t a boring list of topics; instead, David gives a brief but much more informative talk about the lesson. Some Performance Based Exercises are classic drag-and-drop matching tasks, but some require you to demonstrate actual familiarity with Windows by, for instance, setting a static IP address, which is a highly relevant skill. The overall high-quality video production really shines in the PC Build walkthroughs, though these may be most useful for less experienced students. Modules are collections of Lessons, and include Module Quizzes (again, very similar to actual test questions). Most textbooks in this area include at least a couple of sample tests, whether on CD or by download. With this package you get a series of Module Quizzes, which as I’ve mentioned are pretty good, but you don’t get formal timed sample exams.


Can really hi-res video of motherboards and RAM and video cards replace the hands-on, pass-it-around of a live class? Put simply, yes, provided you’re already familiar with these things. But no, not if you’ve never handled them. How should you hold a stick of RAM? What part(s) should you never touch? If you picked up a module in a job interview would you be comfortable holding it? If these questions just make you laugh, you’re a good candidate for this course.


There were a couple of things I missed in the user interface package. There are no Supplementary Materials, which is a pretty small issue in a really complete package like this one, though I’ve run into some really valuable supplementary handouts from time to time. But the lack of student-teacher interaction might be a more serious issue. This is obviously the primary benefit of a live classroom or online class: you can say, Wait, I’m stuck on this, or I can’t make that work, or Mine doesn’t look like that. I’ve seen the chat window fill with questions, and I’ve found some of the most valuable material there when an instructor is provoked to a deeper explanation.


Some of the online course platforms use a hybrid method, where the course is recorded but the chat function is always available (and teachers are expected to respond to inquiries, even months or years later). Given the model of this video courseware, that’s not practical here. But this lack does take the course another big step away from the live classroom.


What really matters here is, can you take this video course and pass the A+ exam? There’s never a certain answer to that, because so much depends on the experience you bring. Some people are really successful at passing certification tests simply by reading a book or two; those people usually are already familiar with the topic and have advanced study skills. Most of us need more. If you can’t take a classroom course where you live, a video course is a very good alternative, at least if the course itself is high-quality, though I’d recommend spending some serious hands-on time with real hardware. The past few years have seen courses like this one dramatically improve, and at this point they’re certainly a viable alternative, especially if you’re relatively disciplined about your study – and like learning from videos rather than books.


Now for brass tacks: you can take two live courses for the 901 and 902 tests, with textbooks and test vouchers included, for about $2000 depending on your area. These two video courses list as a $499 package as I write this, much more expensive than a textbook and not including the tests, which will run you another $450. You could buy a text and some sample tests and spend barely more than half the price of classroom courses. If you’ve already got some experience with PCs, this could be a real steal for you.


Pearson IT Certification CompTIA A+ 220-901 Complete Video Course – January 22, 2016


By David L. Prowse


ISBN-13: 978-0-13-449930-7 / ISBN-10: 0-13-449930-1


Also see


Pearson IT Certification’s CompTIA A+ 220-901 and 220-902 Complete Video Course Library – April 18, 2016


[ Book Review ] :: CISSP Training Kit (Microsoft Press Training Kit) 1st Edition

This year (2015) is the year the CISSP changes from a 10-domain test to an 8-domain test, beginning April 15, 2015. I teach certifications, and always find these updates tricky: often the new materials don’t come until six months later. As I write almost all the new CISSP books are only “Available for pre-order.” So while I’m considering the CISSP certification, I’m looking at books for the 2012 version of the test (10 domains).


What’s nice is that a book selling for $70 a few months ago now costs a little over $40. And though this one uses the “old” domains, the infosec information itself is still completely relevant, and the practice questions alone are worth the price. (One of my top pieces of advice to students is to take lots of sample tests. They’ll point you to your weak areas faster than any other method.)


The book itself is hefty: 700+ pages of dense, small-font text and many, many long bullet lists. For better or worse, that’s the nature of the game in this area of expertise. At this level of certification, most readers are going to be able to deal with this kind of prose, though not necessarily everyone will love it. Consider:


The determination of value of the company’s good reputation is somewhat subjective, but it is certainly a valuable asset that needs protection and can be damaged by breaches of security. It is therefore a component of the risk assessment that must be quantified in order to establish an appropriate (cost-justified) level of protection. As each threat to each asset is identified and quantified, you must also determine any possible damage to the company’s reputation for the threat-related breach and additionally quantify the potential losses due to the (qualitative) damage to the company’s good reputation.


I guess some people will like that kind of prose, if that’s the kind of prose they like. I can deal with it, and I appreciate the effort for extreme clarity. Generally, though, I prefer to read – and write – text that says what’s important, simply.


When it comes to issues other than the writing style, I have to praise this book as wildly comprehensive. If you’re a network person the discussion of Layer 3 devices will be familiar ground, but accounting and patents and intellectual property protections likely won’t be. You can be versed in fire suppression issues and still be surprised by the provisions of Sarbanes-Oxley. Do one good, deep pass through the book (I recommend frequent, small chunks) followed by a pass doing spot-study of as many high points as you can identify. Then beat yourself with sample tests until you’re passing them consistently.


On the tests and questions: each certification organization has their own take on how to make things hard, ISC2 included. CompTIA questions, for example, are frequently tricky simply because of poor grammar or garbled syntax. ISC2 questions are generally quite sharp, crystal clear, and often followed by a set of choices for which you’ll need a razor to parse out the fine distinctions. Microsoft’s sample test sticks to this format beautifully, though there is only one on the included CD. But with 250 questions you can do lots of practices with 20-50 randomized questions and get the benefit of seeing familiar things side-by-side with new questions. This is definitely the high point of the kit for me; taking lots of sample tests, particularly good ones like this one, is the top technique for passing these certifications.


For any certification, I recommend not one but two books, at least. Since the newer material is still on its way, this book would be a good way to get strongly warmed up on the CISSP. Then get the best new book you can (for the 8-domain test) to finish your studies, thus buying only one top-dollar book. But that’s just my suggestion.


Full disclosure: I get textbooks for review from several sources, in this case from Pearson IT Certifications. I also work for a certifying organization (ISECOM), participate in building certifications (the OPST and SAI), write textbooks and teach at two universities (UNM and NMSU), so while I’m not the usual test subject, I am frequently the instructor.

* * *


[ Hacking Tools ] : sqlmap

sqlmap (yes, all lower-case) is a “Automatic SQL injection and database takeover tool” and a great example for my students of the goodies on GitHub.

On the hacking side, this impressive tool wraps a lot of functionality into one package. From their website:

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

From the teacher’s perspective (mine), it offers a great roadmap to the ways a database can be exploited, and not just one breed of database, but practically any DBMS in use today. And it’s a good time to teach students what git is, what a repo is and how to clone a git repo (at the very least). See it at:


* * *

A dictionary of Unix commands

Unixes (Unices) are largely consistent – at least that’s been the theory. But if you’ve ever wrestled with the differences between lp and lpr (hint: BSD vs. SystemV) or tried to remember at least the right general command to do something, a reference like this is gold.

That said, Caveat Emptor: this is not an exhaustive guide. It’s a way to prod your memory or help you find something new, which you’ll have to explore and learn in depth on your own. In other words, SOP.

Check it out here:


* * *

Playing with the Raspberry Pi

I’ve been tinkering with the Pi for a couple of months now, after resisting the call of RISC for years. These little machines have finally caught up to about Pentium II performance, which is to say they’re moderately good as a desktop PC, and excellent as a tiny Linux server.

The Kali people maintain an ARM image, though, which inevitably meant my students came to me about setting up Kali on the Pi. Depending on the student, I’m okay with that, but in most cases the request is cue for a sit-down talk about trust, as in, do you know these Kali people and if they had bad intentions should you be running this OS in your home? Nothing against Kali: I’m just nervous about any system with lots of moving parts, most of them mostly invisible.

That’s why I’ve been working with customized images of Fedora 21 and 22 with the Security Spin added on. I like this distro and the community that supports it (I know them personally), and the whole product suite is very thoroughly reviewed. Which is to say, I’ve made a trust decision.

And Fedora maintains an ARM image (yipee!), so off I went and ordered a Pi.

So: I don’t understand the unboxing video thing. I guess it’s a good way to verify you got all the parts? But since I’m going to use the devil out of this thing in my classes, might as well document from start to finish. So here’s the beginning:

* * *

Book Review: CISSP Cert Guide (Pearson IT Certification, 1st Edition)

As an instructor I’m faced with the choice, over and over, of a thick, detailed textbook versus a more concise one. Thinner would be the easier choice, except that some authors manage to make their thicker books easy, even breezy reading. Other thick books are just … thick. Many of the A+ texts, for instance, go much, much deeper into details than the test they cover does.

This book, which is for the 10-domain test, strikes a very good balance. At 470-odd pages of actual reading material (less Glossary, Index and front matter), it’s a reasonable size for the cert courses I teach. I found it easy to cover 50 pages an hour, though I’ve got over 20 years’ experience with this area so not much slows me down. But I’ve dealt with many (many) books filled with page after page of thick, hard-to-read and hard-to-comprehend text, so many that the slimmer, more terse books tend to make me cautious. This one’s slim and terse and absolutely readable.

Tight texts like this work by using short, declarative sentences. They state facts, explain simply, and provide solid nuggets of useful information, but they also don’t supply many examples, don’t try to explain things using scenarios, and don’t provide much if any historical context. If you’re already the kind of network professional you’re supposed to be to test for this certification, this won’t be a problem. A couple of paragraphs of discussion can cover Kerberos just fine – for the initiated. If you’re trying to “leverage” your way to a higher certification (and it pays to know that if you can’t document five years’ experience, you get an “associate” certification), though, this may not be the book for you. Actually, if you haven’t done the real groundwork, this isn’t the certification for you, either.

One very strong point about the Pearson IT cert texts is the sample questions and tests. I’ve seen too many questions in sample tests from several sources that are mangled, ungrammatical, ambiguous or just plain incorrect, but not here. As a long-time technical editor, I appreciate the good, clear, concise questions and the use of multiple plausible answers that made me slow down and think before choosing. The chapter-end questions and sample tests also seem very much in what I’d label “(ISC)2 style” – there is little or no sneakiness about them, unlike the questions common on some certifications I could name but won’t. They’re short and clear: What’s the second step in a Business Impact Analysis? On which layer is the Internet destination address added? And you either know the answer or you don’t, simple as that.

It was a little sad that the CD that came with my book had some kind of manufacturing defect that looked a little like a tire had run over the edge of the disk, rendering it useless. Ironically, it really was useless: since I already have the Pearson test engine installed, the enclosed license code did the trick all by itself, downloading the latest version of the test and activating it. From there it was all joy for me. With any luck this was a sheer fluke no one else will run into.

Where I did see some weakness in the text was in the tables and diagrams. Personally, I never like matrix tables: a crosswalk of administrative controls against access control categories means almost nothing to me unless something entices me to look carefully at the rows of Xs. This type of table is often necessary for compliance documentation, but it makes for pretty dull reading in a textbook. And diagrams are best if they show relationships and flow. Eight gray bubbles in a row do NOT illustrate the complexity of the ticket-granting process, for instance. From my own experience writing textbooks, I know this is a tough area. Personally, I cheat: I hire a graphic designer and build the simplest, clearest flow diagrams we can make. And fortunately, in this case, not all the graphics are tables and rows-of-bubbles diagrams. Some, for instance the software development models, are pretty good. In fact seeing the waterfall model as an inverted view of the agile model gave me an interesting moment.

A really good glossary and index are gold for most of my students. You know how this field is: the acronyms are like a bowl of Alpha-Bits, and the nomenclature is thicker than the nearest competitor (psychology). In this book the glossary and index cover over 120 pages, which is to say a quarter the size of the reading proper. For a lower-level text it would be too much. For this cert it’s enough, but not too much. These things are not easy to build, and you’ll appreciate them when you’re scratching your head: where the heck did they define this?

I’d be confident to teach from this text immediately, and I’d be confident taking the test after reading this. At this point I’m still evaluating books for teaching the CISSP going forward, but the certification is looking like a winner because of the demand I’m seeing for it in the sectors I serve: labs, bases, government and education. For this class of student, this book is just about ideal.

Full disclosure: I get textbooks for review from several sources, in this case from Pearson IT Certifications (http://www.pearsonitcertification.com/store/index.aspx?st=86509). I also work for a certifying organization (ISECOM), participate in building certifications (the OPST and SAI), write textbooks and teach at two universities (UNM and NMSU), so while I’m not the usual test subject, I am frequently the instructor.

* * *

Book Review: Just about to fade away: thoughts on the CompTIA A+ Authorized Cert Guide, Third Edition

The A+ exam is nearing its rollover from the 801/802 tests to the 901/902 tests, and I’ll soon be doing my usual survey of new textbooks to teach from. It’s kind of the same decision every time: choose a smaller book that cuts to the point, which makes life easier on the student and directly addresses the tests, or choose a “big” book that really tries to be a comprehensive reference after the test. I don’t mind the big book model, as long as retired subjects are rightly removed and the material genuinely reflects both the new test and current computer tech.

This particular text from Pearson (which I was given by UNM for evaluation, and covers the 801/802 tests) runs over 1100 pages, and definitely falls into the “big book” camp. Now, when I use this as a class text, that’s not particularly a problem, because I tell students directly: don’t memorize POST codes or IRQs or I/O addresses, among many other things. Know the basics, and know how to look up the details. They’re right there in this book, in most cases – but you don’t need all this detail to pass the test. In fact, students can bog down in the exhaustive lists: video resolutions, processor sockets, floppy disk capacities: really? Far better that they spend their time learning troubleshooting techniques, and I’m glad to say they’ll find them here.

This book doesn’t try to artificially divide the subject matter of the two tests; functionally they’re about the same. That’s good, because it prevents a lot of the repetition I’ve seen in some texts. The topic areas are nicely divided, and work through a nice progression from the most elementary hardware to advanced Windows management. Personally, and as a teacher, I appreciate that.

I’ve found I have a strong preference for the Pearson practice tests, included in a CD in the book. The trend has been to online downloads, which aren’t bad in themselves, but often aren’t of such high quality. The offset is that online goodies often include things like videos and flash cards, which some students find really useful. What will this look like in the next version?

I’m waiting to see what the 901/902 edition looks like, particularly compared to its peers. This will be a whole new version of the A+, which means a total reset of the textbook market. This transition is never smooth, but if Soper, Prowse and Mueller can pull of another quality text, it will likely be my choice for next year’s classes.

* * *

Book Review: CompTIA Healthcare IT Technician HIT-001 Cert Guide, by Joy Dark and Jean Andrews

Since I’m evaluating so many books for IT courses, I’ve decided to start doing formal reviews here and on Amazon. I hope these are useful for other instructors like me.

Back in 2012 the HIT certification was brand new and materials were just coming out. I looked at some that I could only describe as ratty, which clearly were selling only because there was literally almost nothing else. Fortunately, there was this book, by far the best thing out there at the time. My copy was a review copy supplied by UNM.

It wasn’t perfect. In fact it looks very much like a first edition built for the first version of a new certification. I’ve been teaching CompTIA certs for some 15 years, and I’m pretty familiar with how they build tests. In this case I’d say they merged questions from the A+, Network+ and Project+ with strong doses of medical terminology and medical legal concepts. As other reviewers have noticed, the pool of questions on the sample test CD is pretty limited. They did, however, seem to cover the same ground as the actual test questions.

This cert was a snap for me because I’ve worked in medical and IT for over 20 years, and have taught the A+, Network+ and Security+ many times. But I’d have to agree that for a person coming into this field cold, this book alone wouldn’t be enough. You’d need to study medical terminology in more depth than you’ll get here, and build a background in security because you won’t get explanations of some pretty deep concepts you’ll be expected to understand for the test.

On the other hand, if you’ve got some experience in this field, this book does a good job of steering you toward the issues the test emphasizes: regulations and agencies, workflows, terminology and security. If you can get on top of the legal hierarchy, for instance, and you’ve already got an A+, you’re most of the way there.

Now, in 2015, I’ve taught this certification with successful students. But I’m surprised, after looking online, that there is still little to compete with this book for a detailed class text. The newer materials I’ve seen are mostly “cram school” stuff, which some people like but I don’t. If I do see continued interest in HIT cert classes this will be my text, but I’ll also be looking for more functionally complete materials. Given what I’ve seen of Joy Dark’s writing, a second edition will be much better. The real test is going to be adoption of the HIT certification itself as a credential, and that I’m still waiting to see.

ISBN-13: 978-0789749291 ISBN-10: 0789749297,

* * *

When Security Is Too Hard For Your Mother: a Dark Matters article

We in the US have been getting our InfoSec pants pulled down and our lunch money stolen on the playground for months, years now. I’ve bitterly complained about the nation/state actors and the non-nation actors and our own government actors, with all the usual results of complaining.

We’d better get serious immediately, at the personal level, about security. When I first approached ISECOM I liked the idea that security should be the default, that it should be hard, in fact, to do unsafe things. But things like money, politics and entrenched interests have kept us from achieving the significant leap forward we’re going to need to secure our information.

Some means are available to us personally: using aliases online for social media accounts, for instance. But in other places our critical personal information is held by … our government, for instance. In not-very-secure ways. Which means that we get pwned when they get pwned. Which is often.

That’s a damned shame, because we do have the means to make security much easier, and much better. We just choose not to use them. Read my discussion here:



“High School Hackers”

“High School Hackers is an all-inclusive group (this includes all 5th graders and middle schoolers!) Non-HSers are welcome to join us and see what we’re up to!”

This is a MeetUp event in Pennsylvania and “This meetup requires acceptance into PennApps or MHacks, but will be livestreamed online for those who can’t make it.”

Again, an interesting comparison to our how Hacker Highschool.