[lpi-examdev] Re: lpi-examdev Digest, Vol 20, Issue 10

[howard d.]

Hello, all.

I am replying to the last message, number 7, from

Bryan J. Smith in the Issue 10 Digest.

He was talking about the cost of HW for certification exams....

I think those costs are more than halved with Virtual Machines and templated setups

I am not trying to offer a marketing message here.... I was at Oracle OpenWorld 
and they changed out lab set ups in 30 minutes by running it in a VM.

They had something like 30 labs net in 6 rooms, some repeated.    But an entire VM 
- with app servers and/or DBs - could be copied to a 1 or 2 GB USB drive.  They said
that by going to a VM infrastructure they could run 3x the number of classes on half 
the HW they had.   

That should be pushing down the costs of the exams, unless some one is seeking doubled 
profits from certification exams.

H.

 

-------------- Original message from [EMAIL PROTECTED]: --------------


> Send lpi-examdev mailing list submissions to
> lpi-examdev@lpi.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev
> or, via email, send a message with subject or body 'help' to
> [EMAIL PROTECTED]
>
> You can reach the person managing the list at
> [EMAIL PROTECTED]
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of lpi-examdev digest..."
>
>
> Today's Topics:
>
> 1. Re: 303 Security exam objectives (Lennart Sorensen)
> 2. Re: 303 Security exam objectives (Lennart Sorensen)
> 3. Re: Re: Mapping to CISSP CBKs -- SSCP instead of CISSP
> (Bryan J. Smith)
> 4. Re: Re: Mapping to CISSP CBKs -- SSCP instead of CISSP
> (Bryan J. Smith)
> 5. Re: 303 Security exam objectives (Lennart Sorensen)
> 6. Re: 303 Security exam objectives (M. Boelen)
> 7. Re: 303 Security exam objectives (Bryan J. Smith)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 7 Oct 2008 17:53:44 -0400
> From: [EMAIL PROTECTED] (Lennart Sorensen)
> Subject: Re: [lpi-examdev] 303 Security exam objectives
> To: [EMAIL PROTECTED], "This is the lpi-examdev mailing list."
>
> Message-ID: <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset=us-ascii
>
> On Tue, Oct 07, 2008 at 02:33:17PM -0700, Bryan J. Smith wrote:
> > Ummm, I thought the Brainbench agreement requires you to
> > claim you won't use such?
>
> Certainly not in the past they didn't. They explicitly said you could.
> Perhaps they have changed that since. I haven't taken any of theire
> tests for many years now.
>
> > How do you "cheat" on a "hands on test"? You're more than
> > allowed to use HOWTOs, docs, etc... on the system, which is
> > not on the Internet in the exam. Of course, if you're looking
> > through those, you're not going to finish in the alloted time.
>
> I meant you could cheat on the online test. The hands on test you
> probably can't. The hands on test has the disadvantage of requiring a
> much more elaborate setup.
>
> > I've now sat the RHCE twice. I took the entire period both
> > times for the second part. Some people finish in half-time.
> > Don't know how, but they do. But 80% of them do not, including
> > very experienced people. E.g., the last time I sat, last fall
> > for the RHEL 5 exam, every single person had been administering
> > RHEL systems for at least 3 years and knew what they were doing.
> >
> > I've also have sat two (2) RHCA exams. I took the entire
> > period on both of those as well. The EX442 was one session
> > of four (4) hours, not exactly "happy, happy fun time." ;)
> >
> > Huh? Brainbench? Sorry, don't see it.
>
> If I can find the answer to a question using the man page in 20 seconds,
> I think that makes a good indication of my admin skills. Just because I
> can't remember an obscure option I never use doesn't mean I don't know
> what I am doing. A paper only test tends to encounter such problems.
>
> I wrote the LPIC 101 once at a linux show some years ago. My score
> reflects a lot more on LPIC than on my skill level as a linux
> administrator.
>
> > Furthermore, you can't cover as many concepts in a 4-6 hour,
> > hands-on exam like you can in a 2 hour exam like LPI. As
> > someone who has sat those, I can say, they have their own
> > pluses and minuses.
>
> Hands on is certainly the best.
>
> > In fact, that's why companies like Red Hat now have over a
> > half-dozen level 400 exams, which go into various specialties
> > beyond the RHCE. But even those exams still have tasks that
> > take time, and can't cover various scenarios.
> >
> > It all depends on the focus as it can be crammed it, with
> > their various pluses and minuses.
>
> Are certifications that specialized actually useful? What are the
> chances of needing anyone with exactly that specialization and wanting
> proof of exactly that skillset?
>
> > If we're really, really worried about cheating, then maybe
> > the system is flawed. Candidates should really think what
> > cheating means.
>
> Some people will do anything to get a piece of paper that makes other
> people think they know stuff.
>
> > In any case, it's hard to balance everything without creating
> > a week-long exam that cost $10,000. ;)
>
> Well that would be pretty nuts, but then again some people cheat in
> university and how much does that cost?
>
> Is the $10000 for a training course or is it just for a piece of paper
> you can show around? A training course is useful. A $10000 piece of
> paper probably isn't. At least LPIC doesn't charge anything like that.
> I think the only winner in a market where a certification can cost
> $10000 is the provider of the certification. Sounds like a profitable
> business.
>
> --
> Len Sorensen
>
>
> ------------------------------
>
> Message: 2
> Date: Tue, 7 Oct 2008 17:54:42 -0400
> From: [EMAIL PROTECTED] (Lennart Sorensen)
> Subject: Re: [lpi-examdev] 303 Security exam objectives
> To: "This is the lpi-examdev mailing list."
> Message-ID: <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset=us-ascii
>
> On Tue, Oct 07, 2008 at 05:41:44PM -0400, G. Matthew Rice wrote:
> > But...but...If the test is supposed to reflect real-life, how come I can't
> > "phone a friend" :)
>
> Very true. If you were actually trying to solve a problem and you knew
> just who to call to get a quick solution, that to me is the true
> indicator of a great admin.
>
> --
> Len Sorensen
>
>
> ------------------------------
>
> Message: 3
> Date: Tue, 7 Oct 2008 14:58:16 -0700 (PDT)
> From: "Bryan J. Smith" <[EMAIL PROTECTED]>
> Subject: Re: [lpi-examdev] Re: Mapping to CISSP CBKs -- SSCP instead
> of CISSP
> To: "This is the lpi-examdev mailing list."
> Message-ID: <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset=us-ascii
>
> From: G. Matthew Rice <[EMAIL PROTECTED]>
> > Dang and I was already attached to the previous mapping.
>
> I brought this up back in 2004-2005 IIRC. ;)
>
> > I'll attempt a mapping to these, too, but I do like the
> > 'marketing' spin on the CISSP side.
>
> The SSCP is a subset of the CISSP CBK. The SSCP is,
> literally, the "System Security Certified Practitioner."
> It is, literally, the system-focused CBK.
>
> The CISSP gets all the glory because it requires at least
> three (3) years of experience (with credentials), while
> the SSCP requires half that or can even be credited for
> other things.
>
> The CISSP is also more abstractly focused on the "architect"
> role, whereas the SSCP is more of the "sysadmin" aspect. But
> if you start breaking down the CISSP CBK, a lot of things are
> more development or network-centric, not services and system
> concepts.
>
> That's why the SSCP is more appropriate, technically.
>
> I have the same issue with people on MBA v. MSIE. Most
> people have never heard of Industrial Engineering, and say
> I should get a MBA. Yet everyone I've ever met that has
> worked with a MSIE will instantly go against the grain and
> say, "sorry, if I have the choice of a MBA or MSIE, I will
> take the MSIE" -- even if those people are few.
>
> But that all aside, the MSIE is far more applicable to my
> job function, management and microeconomics of technology.
> It picks up where my 2 years of microeconomics and risk
> management classes in my BSEE core left off and continues
> to use calculus of variations to explain systems. In fact,
> I sat in two MBA classes at my Alma Matter, and I could not
> believe that they were doing stuff that I had already had
> in my first year of engineering management, and definitely
> simplified (either algebra or first order calculus).
> It was _not_ "review" either, so it was like I'd be going
> backwards. A MBA might be fine for the majority of people
> who don't have an engineering degree, like coming from
> arts or non-engineering sciences, but it's really not much
> of one for those of us who do.
>
> Same deal on the CISSP. Are we going to test based on a
> book of knowledge that spends half of its time testing for
> networking concepts that are generic to OSes? Or one that
> really really focuses on system details and their services,
> which could be well-mapped and adapted for a specific
> platform like Linux?
>
> > Besdies, who's ever heard of the SSCP? I can't
> > even get the acronym correct when I speak of it.
> > Always ends up as CSSP, SCCP, CCCP, ... :)
>
> I know it's a joke, but ...
>
> It's still the (ISC)2. If you ask them, I'm sure some
> would even agree it's more applicable.
>
> Again, it's not about marketing, but reality in my view.
>
> > No, they're in 303. In host-based AC but it'll
> > probably get broken out.
> > ... I'll leave all of DAC, MAC and RBAC in the
> > 303 for now. We can always push some of it down into
> > LPIC-2 at some point.
>
> Okay then.
>
> > No doubt on that. We seem to have picked some token and
> > ubiquitous services but people want to seem to focus that
> > way.
>
> My point was that the tasks can probably be broken out better.
>
> > Ah, I wasn't thinking a total mapping but an
> > 'applied subset' (by applied, I mean non-theory).
>
> The CISSP really gets into conceptual things, not applied
> tasks, for half the exam. The SSCP does that somewhat too
> in its CBK, but it really does map well to actual, system
> tasks.
>
> Again, "System Security Certified Practitioner."
>
> If I was interested in focusing on network IDS, policies
> and procedures, etc..., then yes, CISSP. I've been there,
> I've done that. A lot of things just don't map.
>
> But for system security, no, SSCP is better in my view.
>
> Hell, say it's "based on the (ISC)2 CISSP and SSCP CBKs"
> in marketing, but map to the SSCP. Change the objectives
> to be generic, but you'll find the SSCP maps far more to
> actual tasks that can be accomplished for system and service
> security of a Linux system.
>
>
>
> ------------------------------
>
> Message: 4
> Date: Tue, 7 Oct 2008 15:02:49 -0700 (PDT)
> From: "Bryan J. Smith" <[EMAIL PROTECTED]>
> Subject: Re: [lpi-examdev] Re: Mapping to CISSP CBKs -- SSCP instead
> of CISSP
> To: "This is the lpi-examdev mailing list."
> Message-ID: <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset=us-ascii
>
> From: Bryan J. Smith <[EMAIL PROTECTED]>
> > ... Alma Matter ...
> ^^
>
> Sometimes I wonder how I graduated.
> Oh wait, I only had to pull C's in my general ed. ;)
>
> --
> Bryan J Smith Professional, Technical Annoyance
> [EMAIL PROTECTED] http://www.linkedin.com/in/bjsmith
> ------------------------------------------------------
> I'm a PC, but Linux -- Windows: Life Without Firewalls
>
>
>
>
> ------------------------------
>
> Message: 5
> Date: Tue, 7 Oct 2008 18:04:32 -0400
> From: [EMAIL PROTECTED] (Lennart Sorensen)
> Subject: Re: [lpi-examdev] 303 Security exam objectives
> To: "This is the lpi-examdev mailing list."
> Message-ID: <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset=us-ascii
>
> On Tue, Oct 07, 2008 at 05:33:43PM -0400, G. Matthew Rice wrote:
> > LMAO. To both of you. Len, I think that Etienne was being facetious here.
>
> I suspect so, but at the same time I think it is a very valid point.
>
> > There's definitely a balance here but I still don't agree with a pure 'no
> > option testing' ideology.
>
> I don't really consider certifications worth anything. Probably takes
> it too far in the other extreme. I would consider a hands on test the
> most useful, but even there it's a simulated set of problems. When it
> comes down to it you have to deal with real problems, without predefined
> solutions in many cases, and occationally without solutions (which isn't
> good), working together with other people. Do any tests do that?
> perhaps I am much to cynical about certifications, but so far the ones I
> have seen have been rather far from reality.
>
> > Otherwise, the job interviews I give would degrade to "here is 'man man' and
> > that's all you get...now build me a web server farm". And just wait to see
> > how long he takes.
>
> If you are looking to hire someone that knows how to build web server
> farm's, that really doesn't sound that bad.
>
> > Knowing options that are used all the time is a way to show experience. If
> > you have to continually look up the 'c' option for tar or the -l option to
> > ls, you just haven't been around the block enough times.
>
> But sometimes there are more than one option and you use one while
> someone else uses another? Especially cases of long options versus
> short option names on many commands. For some of them I have no idea
> what the long option is, I just know the short one I always use.
>
> > That said, don't blow this out of perspective. These types of questions are
> > getting rarer as we improve the tests overall.
>
> Which is good. Of course to some extent the policy of not discussing
> questions makes it hard to elliminate that kind of problem question. I
> realize entirely why discussing questions isn't feasible, but that
> doesn't detract from the problem it also question.
>
> > BTW, the first question on a Perl test that we used to give prospective
> > senior level Perl OO developers (not CGI hackers) was:
> >
> > # 1. What does this statement do?
> >
> > bless { _h => 'Hi' }, 'Hi';
> >
> > It was difficult to find someone that could answer that sensibly (or at all).
>
> I sure can't, but I don't do perl OO. I do perl, but not that.
>
> > I would argue that this question is akin a ls -lr question. The -r comes
> > from the { ... } part which does obfuscate (but not really).
>
> I can see some people never having a need for -r when using ls. I do
> use ls -lrt way too often to not know what it does, along with the ls
> -lrS of course.
>
> --
> Len Sorensen
>
>
> ------------------------------
>
> Message: 6
> Date: Tue, 07 Oct 2008 23:32:53 +0200
> From: "M. Boelen" <[EMAIL PROTECTED]>
> Subject: Re: [lpi-examdev] 303 Security exam objectives
> To: "This is the lpi-examdev mailing list."
> Message-ID: <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
>
> G. Matthew Rice wrote:
> > "G. Matthew Rice" <[EMAIL PROTECTED]> writes:
> >>> Last, but not least, I do hope that this examination tests security insight
> >>> of people and does not focus at remembering program parameters/switches ;)
> >> Yeah. I've never had that comment thrown at me before :-?
> >
> > I forgot another PS :)
> >
> > PS - You still better know the switch and parameters that are used all the
> > time. An LPIC-1 that doesn't know 'ls -l'...umm, well isn't an
> > LPIC-1.
> >
> > Regards,
>
> Makes me wonder if there actually is a question "What is the parameter
> to show a extended directory listing?" :)
>
> My wish was not in particular against the current LPI certifications
> btw, as I think common options should be known to prove someone is
> familiar with the system, beside questions which test if people can
> understand a given scenario and wrap that up to the correct answer.
> However I got reminded to the "remember dry command switches and repeat"
> last month, when learning for some other exams (non LPI)..
>
> So, that's settled then, no parameters and command switches to remember
> then! (j/k)
>
> Thanks so far for listening to the input. It's nice to see things get
> build up with more than just a few eyes looking at it.
>
> Regards,
>
> Michael
>
>
>
> ------------------------------
>
> Message: 7
> Date: Tue, 7 Oct 2008 15:20:49 -0700 (PDT)
> From: "Bryan J. Smith" <[EMAIL PROTECTED]>
> Subject: Re: [lpi-examdev] 303 Security exam objectives
> To: "This is the lpi-examdev mailing list." ,
> Lennart Sorensen <[EMAIL PROTECTED]>
> Message-ID: <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset=us-ascii
>
> From: Lennart Sorensen <[EMAIL PROTECTED]>
> > Certainly not in the past they didn't. They explicitly
> > said you could.
>
> I had recruiters have me take these many times. They
> explicitly had me pledge not to do so.
>
> > Just because I can't remember an obscure option I never use
> > doesn't mean I don't know what I am doing. A paper only test
> > tends to encounter such problems.
>
> Such questions are the lowest form of Bloom's. They should
> be avoided or minimized in such tests. There are better ways
> to test such concepts than with options.
>
> > I wrote the LPIC 101 once at a linux show some years ago.
> > My score reflects a lot more on LPIC than on my skill
> > level as a linux administrator.
>
> Some would, and could, argue that even the RHCE does that.
> Hell, screw up SELinux, and you could get a big fat 0 on the
> second part of the RHCE, regardless of what else you did.
>
> > Hands on is certainly the best.
>
> Depends on your viewpoint.
>
> > Are certifications that specialized actually useful?
>
> I've had several clients asking for the RHCA. That
> requires passing 5 exams at the 400 level (after the
> single 300 level RHCE).
>
> Now that the RHCDS is here, and it only requires 3 exams
> after the RHCE (instead of 5 like the RHCA), several clients
> are starting to use that as a "differential."
>
> > What are the chances of needing anyone with exactly that
> > specialization and wanting proof of exactly that skillset?
>
> Oh, I don't know, maybe perhaps ...
>
> 1. Deployment, Virtualization, and Systems Management
> 2. Directory Services and Authentication
> 3. Clustering and Storage Management
>
> Which is basically ...
>
> 1. Provision, deploy and manage systems, including virtual
> 2. Centralize authentication, users, systems and other objects
> 3. Manage access to and the storage itself, including clusters
>
> I just read off the Red Hat Certified Datacenter Specialist
> (RHCDS). There is a _huge_ difference being able to manage
> a RHEL system (RHCT), plus services (RHCE), and being able
> to manage a datacenter. ;)
>
> Companies are using Xen paravirt. Companies do deploy
> Red Hat Network (RHN) Satellite (and don't just use the
> Internet hosted RHN service), as well as various, emerging
> technologies (ET) that Red Hat is integrating into it.
> Companies (and entire governments/military branches ;) deploy
> Red Hat Directory and Certificate Services. And companies
> do really rely on clusters on RHEL, both native and 3rd party
> (which have underlying components still provided by RHEL).
>
> You asked. I'm not saying "Red Hat is great." I'm answering
> the question you had. And that's before we even look at the
> SELinux-specific exams, tuning exam (which is damn fine for
> Linux in general -- highly recommend the RH442 course, even
> if you don't have a RHCE, you can sit it, just not the EX442
> exam), etc...
>
> > Some people will do anything to get a piece of paper that
> > makes other people think they know stuff.
>
> You can't worry about them. Inhibit them, yes. But worry?
> They sign an agreement. When they cheat, they compromise
> everything the certification means for them, especially to
> themselves.
>
> > Well that would be pretty nuts, but then again some people
> > cheat in university and how much does that cost?
>
> Only once did I have to "read the riot act" to some people
> in my Differential Equations class. Really pissed me off
> when they merely didn't hurt the curve, but felt like they
> discredited the institution I attended -- which, at all other
> times, I never saw any cheating whatsoever.
>
> > Is the $10000 for a training course or is it just for a
> > piece of paper you can show around?
>
> If an exam took all week, it would be at least $5,000, if
> not $10,000. Basically figure $1,000 for every 4 hours.
>
> > A training course is useful. A $10000 piece of
> > paper probably isn't. At least LPIC doesn't charge
> > anything like that.
>
> LPIC doesn't focus on training.
>
> > I think the only winner in a market where a certification
> > can cost $10000 is the provider of the certification.
> > Sounds like a profitable business.
>
> Red Hat charges around $750 to sit their 4-6 hour exams.
> That covers the real cost of the 1-2 system you will have
> in front of you, the facilities, etc...
>
>
> --
> Bryan J Smith Professional, Technical Annoyance
> [EMAIL PROTECTED] http://www.linkedin.com/in/bjsmith
> ------------------------------------------------------
> I'm a PC, but Linux -- Windows: Life Without Firewalls
>
>
>
>
> ------------------------------
>
> _______________________________________________
> lpi-examdev mailing list
> lpi-examdev@lpi.org
> http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev
>
> End of lpi-examdev Digest, Vol 20, Issue 10
> *******************************************

_______________________________________________
lpi-examdev mailing list
lpi-examdev@lpi.org
http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev