I was in the testing center today and had just finished up the Financial Accounting DSST. I still had an hour to kill so I was looking for something else to take and saw the new CyberSecurity exam. Evidently they had just authorized it so the timing was good. 
Passed with a 432 in 45 minutes, so here's some feedback for anyone else who was interested.
First off, it's 100 questions with a time limit of 2 hours. It goes without saying that you should study, but I would also add that even if you have an Infosec background, you need to dedicate some time to this one. In terms of difficulty, I'd say it's harder than the refreshed Security+ exam from Comptia, and pulls information from the CEH and CISSP levels of knowledge. In FCP terms, I'd peg it at a high "3" in difficulty if you have an Information Assurance background. Computer-savvy individuals would likely find it a 4, and those with little to no experience will find this one up there in difficulty with the other level 5's.
Specific things you need to know:
Typical IT Security - Know CIA and be able to identify which applies when given a scenario. Know the common terminology like what's a vulnerability, what's a threat, what's mitigation, etc. The terms are used often and you'll want to have a firm understanding as it will help you figure out some of the questions.
COOP - Cold/Warm/Hot, know the difference between them and be able to identify them based on given scenarios.
Hacker Attacks - Know them all. Spoofing, Smurfing, DDOS, DNS Poisoning, Teardrops, Cross Site Scripting, Port Scanning, Rootkits, SQL injections, etc. Know what they are, how they work, and be able to match up the types to scenarios.
Ports - You need to know them. This touches on the above hacker attacks as well. You need to know which ports are affected by the different types of attacks and how to best prevent them, i.e. blocking this type of traffic from this port will stop this from happening.
Forensics - Know the different steps of digital forensics, including chain of custody concerns, hash matching a hard drive in evidence to validate integrity, as well as knowing why you're doing all of the above.
Crypto - Know the most common crypto and what they're used for (Email, wireless, ect). Know what their strengths are as well as their weaknesses. Know how symmetric/assymetric encryption for email works. Know the difference between WEP and WPA, how they work and what the PRO/CON of each is.
Biometrics - Know the difference between Type I and Type 2 Errors, FAR/FRR/FER/Crossover Error Rates, etc. Know the basics of biometrics and how it fits into an overall security plan (Physical, preventive, etc)
Virtual Machines - A surprising amount of questions on VM's. Know how they work with hypervisors (both Type 1 and 2), and how information security is changing to meet this "new'sh" technology. Know the hacking attacks that affect VMs and cloud based computing.
SDLC - You need to know this (Software Development Life Cycle). I had quite a few questions that tested my knowledge on the different steps and how security fits into the overall process.
MAC/DAC - Typical Sec+ level of knowledge though there were a few questions that only someone with some experience would likely know.
First Response - Had a lot of easy questions on first response situations. Anyone who's ever been in IA has probably taught this stuff to Help Desk, but it's all "What's the first thing to do when faced with a "X" type of hacker attack" type of questions.
IAVA/Patching - Read up on patching and vulnerability management. Again, anyone who's done this for a living won't have a problem with these questions. Anyone who hasn't, don't overthink the questions. I'll try and find some decent resources for the study guide.
Hacker Tools - Know the different types and what they're made for. Surprisingly, they even had a few questions asking for specific tool names.
Audit Logs - Know what they are, how they work, who is responsible for checking them, how to ensure they're being checked correctly (having to skirt around actual questions here, so forgive the vagueness).
Insider Threat Mitigation - A lot on insider threat vulnerability and how to mitigate it. There is some overlap from the Management CLEP and Human Resources DSST when talking about workplace fraud if you've taken those.
VPN's - Know what they are, how they work, how/why they're used.
Media Disposal - Know how to dispose of the different types of media, how to remove data (completely) for recycle, and when that's allowed.
Firewall/IDS/IPS - While you aren't getting asked any configuration questions, a basic understanding of what they are and how they're commonly set up will definitely help.
After I've had a chance to relax from work, I'll try to remember more and add it here. All in all, it's a doable exam if you have the background. For those without it, I'd suggest some serious study. I'd even go so far as to recommend picking up a refreshed Security+ book and maybe even a book on the CEH. Between the two of them, you should cover 90% of the exam.
I hope to have a free study guide on FCP by this weekend, but work's been brutal lately. The free practice test will likely come in the next few weeks. If someone wouldn't mind moving this down to the specific feedback area, I'd appreciate it. I don't have access anymore or I'd do it myself.
Hope this helps and good luck. It's a fun one!
Passed with a 432 in 45 minutes, so here's some feedback for anyone else who was interested.First off, it's 100 questions with a time limit of 2 hours. It goes without saying that you should study, but I would also add that even if you have an Infosec background, you need to dedicate some time to this one. In terms of difficulty, I'd say it's harder than the refreshed Security+ exam from Comptia, and pulls information from the CEH and CISSP levels of knowledge. In FCP terms, I'd peg it at a high "3" in difficulty if you have an Information Assurance background. Computer-savvy individuals would likely find it a 4, and those with little to no experience will find this one up there in difficulty with the other level 5's.
Specific things you need to know:
Typical IT Security - Know CIA and be able to identify which applies when given a scenario. Know the common terminology like what's a vulnerability, what's a threat, what's mitigation, etc. The terms are used often and you'll want to have a firm understanding as it will help you figure out some of the questions.
COOP - Cold/Warm/Hot, know the difference between them and be able to identify them based on given scenarios.
Hacker Attacks - Know them all. Spoofing, Smurfing, DDOS, DNS Poisoning, Teardrops, Cross Site Scripting, Port Scanning, Rootkits, SQL injections, etc. Know what they are, how they work, and be able to match up the types to scenarios.
Ports - You need to know them. This touches on the above hacker attacks as well. You need to know which ports are affected by the different types of attacks and how to best prevent them, i.e. blocking this type of traffic from this port will stop this from happening.
Forensics - Know the different steps of digital forensics, including chain of custody concerns, hash matching a hard drive in evidence to validate integrity, as well as knowing why you're doing all of the above.
Crypto - Know the most common crypto and what they're used for (Email, wireless, ect). Know what their strengths are as well as their weaknesses. Know how symmetric/assymetric encryption for email works. Know the difference between WEP and WPA, how they work and what the PRO/CON of each is.
Biometrics - Know the difference between Type I and Type 2 Errors, FAR/FRR/FER/Crossover Error Rates, etc. Know the basics of biometrics and how it fits into an overall security plan (Physical, preventive, etc)
Virtual Machines - A surprising amount of questions on VM's. Know how they work with hypervisors (both Type 1 and 2), and how information security is changing to meet this "new'sh" technology. Know the hacking attacks that affect VMs and cloud based computing.
SDLC - You need to know this (Software Development Life Cycle). I had quite a few questions that tested my knowledge on the different steps and how security fits into the overall process.
MAC/DAC - Typical Sec+ level of knowledge though there were a few questions that only someone with some experience would likely know.
First Response - Had a lot of easy questions on first response situations. Anyone who's ever been in IA has probably taught this stuff to Help Desk, but it's all "What's the first thing to do when faced with a "X" type of hacker attack" type of questions.
IAVA/Patching - Read up on patching and vulnerability management. Again, anyone who's done this for a living won't have a problem with these questions. Anyone who hasn't, don't overthink the questions. I'll try and find some decent resources for the study guide.
Hacker Tools - Know the different types and what they're made for. Surprisingly, they even had a few questions asking for specific tool names.
Audit Logs - Know what they are, how they work, who is responsible for checking them, how to ensure they're being checked correctly (having to skirt around actual questions here, so forgive the vagueness).
Insider Threat Mitigation - A lot on insider threat vulnerability and how to mitigate it. There is some overlap from the Management CLEP and Human Resources DSST when talking about workplace fraud if you've taken those.
VPN's - Know what they are, how they work, how/why they're used.
Media Disposal - Know how to dispose of the different types of media, how to remove data (completely) for recycle, and when that's allowed.
Firewall/IDS/IPS - While you aren't getting asked any configuration questions, a basic understanding of what they are and how they're commonly set up will definitely help.
After I've had a chance to relax from work, I'll try to remember more and add it here. All in all, it's a doable exam if you have the background. For those without it, I'd suggest some serious study. I'd even go so far as to recommend picking up a refreshed Security+ book and maybe even a book on the CEH. Between the two of them, you should cover 90% of the exam.
I hope to have a free study guide on FCP by this weekend, but work's been brutal lately. The free practice test will likely come in the next few weeks. If someone wouldn't mind moving this down to the specific feedback area, I'd appreciate it. I don't have access anymore or I'd do it myself.
Hope this helps and good luck. It's a fun one!
[SIZE="2"]
-Justin
PMP, CISSP, A+, Sec+, MCDST, ITIL
Total Credits Earned: 162
www.Free-Clep-Prep.com - (with Forum Admin's permission)
[/SIZE]
-Justin
PMP, CISSP, A+, Sec+, MCDST, ITIL
Total Credits Earned: 162
www.Free-Clep-Prep.com - (with Forum Admin's permission)
[/SIZE]
![[-]](https://www.degreeforum.net/mybb/images/collapse.png)