I finally got some time to sit down and go through the Security JTA. Here are some thoughts and notes, in Content Area order. I originally wrote here "Apologies for the size of this missive - I'm going to have to print it off and go through it all again, myself." - but in the interests of everyone's sanity, and to make followup discussion easier, I'm going to split this into a series of emails:
General comments Specific Content Areas Additional Content Areas and Tasks Because I've chopped up a large email, some of the ones that follow might seem to terminate somewhat abruptly, and some will be quite short. Sorry about that. . . First, some general comments: There's a wide variation in the level of detail in the Content Areas, as you'd expect. There's a lot of low-level detail in some, and none in others. The JTA system doesn't seem to allow for refinement of Tasks in the way that, say, a wiki might - so how are we going to refine these? There is some duplication of content, e.g. a Content Area on "Validating Firewall Configuration", one on "Network Vulnerability Scanning", and one on just Nessus. All of these could be consolidated into "Security Testing" or perhaps separate "Network Security Verification" and "Host Security Verification" Areas. There are quite a few areas where things need to be refactored. Some tasks are written in terms like "understand such-and-such". Unfortunately, there is no way of directly determining whether someone understands something or not - you can't unscrew the top of their head and look for the understanding inside. Instead, you have to indirectly assess their level of understanding by whether or not they can accomplish certain tasks (which is why these things are called tasks), And since LPI doesn't conduct a practical exam (by comparison with, e.g. trade schools or even RHCE), we have to come up with questions about the tasks. I've added comments about a couple of the "Understand" tasks to show how they might be re-written. See https://www.lpi.org/en/examdev/jta/instructions.html for another take on what I'm on about here. In my opinion - and this is just opinion - some of the Content Areas relate to software subsystems, patches or components that are not in common use and are unlikely to form part of the tasks performed on a regular basis by the typical LPIC-3 candidate. I get this feeling about RSBAC, LSM and - to some extent - about Kerberos. On the other hand, we seem to be missing entire subsystems which I know people *are* tasked with setting up and managing on a day-to-day basis, e.g. VPN's, FTP, dial-in and dial-out, etc. I'll follow up with those in the last email of this series. Best, --- Les Bell, RHCE, CISSP [http://www.lesbell.com.au] _______________________________________________ lpi-examdev mailing list [EMAIL PROTECTED] http://list.lpi.org/mailman/listinfo/lpi-examdev
