This has a lot to do with the way the examination is constructed. Truth is, it's hard to write good exam questions so many multiple choice exams are easy to pass if you are "test wise." But it is possible to write questions that test application rather than x+y=z. For example:
x+y=z question
What IPSec construct do you use for authentication services?
Application question
If you wanted to provide non-repudiation but did not require confidentiality, which of the following IPSec constructs would you use?
Big difference in the two questions but I can tell you from experience the second one is much harder to write and to justify so most multiple choice questions end up being fact not application based. Anyway that my oppinion.
Bill Stackpole, CISSP
| [EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED] 04/07/00 01:53 AM
|
To: [EMAIL PROTECTED] cc: Subject: RE: Qualifications |
To pass an exam you only need to know x+y=z.
It is easy to learn x+y=z, it is a lot harder to know HOW or WHY.
To do most IT security work you need to know why.
When hiring someone, ask WHY.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
