Took the exam tonight, completed all the required challenges and sent off the proof to be marked.

I had a few minor problems trying to get my connection details to start the exam, but these were swift resolve by one of the very able admins in the IRC #offsec channel. He was a gentleman and got me underway swiftly.

The actual exam is straightforward and is derived from the course material. Learn and study the material, be able to do all the practicals on your own systems and you should pass.

Unlike the PWB course, this is designed for beginners to wireless theory and attacks. The wifu course provides a solid grounding in the 802.11x fundamentals and is a well balanced, straightforward introduction, but is focused toward WEP.

Obviously WEP is still alive and well, so the content is still relevant but if you’re looking for more in-depth and all encompassing wireless technologies, such as Bluetooth, Zigbee, and so on , Joshua Wright’s SANS Wireless Ethical Hacking, Penetration Testing, and Defenses would be more appropriate.

Anyway, it was a fun hour and a bit exam and I can claim my 10 CPE for all that work too!

As of today only 16 people hold this qualification. I’ve meet a few of those that hold this certificate and am in no doubt they know their security stuff.

I have to pass a grueling multiple choice exam comprising of 150 question from three SANS courses, 401, 503 and 504, in three hours. Pass mark is 75% – that’s 114 out of the 150 questions.

That’s one foot and a quarter of study and review. Roughly around five kilos for SANS books.

When (note the positive thinking and projection) I pass that then I get allowed to attempt the two day practical hands on lab and exam. This is currently only held in the States.

I’m going to chart my tears, sweat, study, practice labs and progress on http://GSE.Chris-Mohan.com I hope to have people chime in with questions for me and anyone else to attempt to answer as practice.

Why do this to myself?

This is for me to see how much of the years of studying and training on the defensive side has actually sunk in. The two day practical will push me out of any comfort zone I’d like to hide in and give me a real experience of dealing with people a heck of a lot smarter than I am while explaining what I did to protect their systems while under fire. I want to see how I handle this type of situation and pressure.

To me this is more about the experience of those two days and proving I can survive them than the title.

This time I blame Ash for making me take this one, but the deluded voices in my head also have something to answer for.

Four months to get to grips with the 25 hours of study material and play with exercises. Should be simple right?

What is this training I speak of, well this from the web site:

“Offensive Security Wireless Attacks”, also known as “BackTrack WiFu” is a course designed for penetration testers and security enthusiasts who need to learn to implement various active and passive Wireless (802.11 2.4 GHz) attacks. The course is based on the Wireless Attack suite – Aircrack-ng.

The course was designed by Thomas d’Otreppe and Mati Aharoni in an attempt to organize and summarize today’s relevant WiFi attacks. This course will kick-start your WiFu abilities, and get you cracking WEP and WPA using the latest tools and attacks in no time!

http://www.offensive-security.com/backtrack-wifu-online-training.php

This should be fun, and hopefully not quite as a steep learning curve as Penetration Testing with BackTrack.

Time will tell.

• Not being prepared to spend the full 24 hours to complete the exam
• Not having the right mind set to work through processes and think like an attacker
• Not documenting fully and double checking and confirming results
• Not taking a fresh air breaks
• Not having enough experience
• Quite possibly being a whiner

For mere mortals, like myself, that don’t spend time looking for applications and systems to attack, the simple frustration of working through each service to find a hole to get a foot hold is “interesting”*.

*Insert swear words of choice

When attacking a system, the process is simple:

1. Find a live IP address
2. Discover the services on the IP address
3. Search for vulnerabilities for that service

After that successful discovery process, I developed this totally unsuccessful process steps:

1. Ignore the blinding obvious results from your own scans
2. Spend ages Googling and finding nothing that really fits
3. Grasp at straws and download anything that had the service name in it or sounds vaguely like it.
4. Try to adapt code that mostly wasn’t going to work, while not understanding how the author was attempting to do it in the first place
5. Watch the poorly complied code fail to do anything and wonder why I didn’t have a root shell prompt
6. Stare into space for long periods
7. Muttering to myself
8. Contemplate a career in herding mice with elephants, blowing stuff up or becoming a reality-tv star
9. Come up with something equally unlikely to work
10. Back to step 1

After a number of hours of going through this process it’s somewhat disheartening, especially when you seem to get zip-all back. Letting all that frustration build up and not taking time to have a break is how to fail the exam. Simple

The exam –a post mortem

While reviewing of what went wrong during the exam, a friend commented that I should be used to dealing with similar frustrations as a sys admin. My response was without experience of the methods to get a foot hole, you effectively end up throwing mud at the target and see what sticks. As a Sys Admin, that’s usually the last resort, which you should never do with production systems.

As a great example of this, I was oddly very hesitant to run things that I didn’t really understand that could break it. I struggled to get the simple statement the lab machine are there to be broken. It was weird, I build hundreds of machines each year with the purpose of testing – and invariably breaking them , so why was this different?

It wasn’t different, it was a failure of adjusting my mindset to fit the situation and letting implied pressure of the exam get to me. I’d read other blogs about how people struggled and let their stories compound the “this is going to be really hard” mindset. I hit a wall at a certain point and refused to attempt to climb it.

That’s when I failed.

I honestly though “Well I’m crap at this, let’s never bother with penetration testing again and I’ll stick with my day job.”

Take Two

This where friends, time and a good night’s sleep make the world of difference.

The few days after the failing the exam I gathered up all my notes and records, review them and cleared them up in to an ordered fashion. I realised I had a huge amount of information I hadn’t applied, taken in to account or even tried. With some, okay – a lot, encouragement from friends the exam re-booked.I had twenty days to get back on the program. I did some serious reading and re-practicing of some of the lessons, while attacking home built systems.

My second exam try was a very different experience. I went in with goals and enforced break times. My notes and thoughts were well detailed and ordered. I review my notes and findings after each break, which helped keep a clear perspective of what I was doing and what I’d tried. This time round I completed the exam in 8 hours, successfully getting all the targets in that time. I still made some stupid mistakes, but being able to review my notes I corrected my mistakes after taking a break or two. The only real mistake I didn’t correct was burning the same pot twice while attempting to cook pasta during food breaks. Oops.

Lessons Learnt

Failing the exam was actually a great lesson in itself and worth the 12 hours I spend feeling sorry for myself , staring at “impossible” targets to hack during the first exam. I knew the targets could be hacked, but by putting them in the” too hard bucket” I wasn’t giving myself a fair chance.

Top three tips

Study with someone else, great to bounce ideas off and helps get a better understanding of questions and topics.

Lurk in the IRC chat room and troll through the forums, there’s great gems in there.

Remember to review your findings and double check your findings. It’s all too easy to make simple mistakes and get dishearten despite having the right freakin’ answer all along.

Thanks Damian and Ash for your encouragement and having to put up with my whining/rants.

I have had said before, Eric is a fantastic speaker, bring a huge amount of energy and real world experience to the material.

Eric’s overview of how the course came to be and who its intended audience should be drew a couple of students from other classes. There was hardly any bribery, stalking or pleading involved in this at all. The two people at the back of the room bound, gagged and drugged where merely by coincidence. Would I lie to you, dear reader? Anyway….

My poor interpretation is that 501 is the natural extension of 401 for those transitioning in to the role of security professional without picking a specialty. Where the 401 spends an roughly an hour on a myriad of varied security topics, 501 picks 6 critical areas and spend the day on each of them. If you really like the material from one of the days, it is then easy to work out which SANS or security training to take next. This is pretty darn helpful, I a see hundreds of posting for “What should I doing to be come a security professional?”  so picking a path that gets you out of bed in the morning with a spring in your step is the way to go.

With a title of enterprise defender, you may think this is just for IT folk in large companies. It isn’t. The course can be applied to companies of any size, from one man do-everything-band IT support to an entire team of dedicated security staff. You need to take the cue from the course title, It’s for those how are defenders and work in a defenses role or for those who aren’t sure what they like to specialise into.

It takes a logical approach to rationalising how to do security in a planned, thoughtful manner. Nothing earth shattering or mind blowing appear in the material; it doesn’t need to do that. It provides the framework to apply good security to any company. This can be easily missed in the rush to get projects completed on time and things working. We get pushed in to just doing “stuff” to get a new system in to place without looking at the bigger picture.Each day proves a solid understand of a critical security skill set and role, at the end of each day you have the tools and knowledge to step in to that role and not stuff it up.

I enjoyed and appreciated the material and content of the course despite having completed a number of other SANS courses. This is a profession where learning never stops, so even re-capping and refreshing the so called basics is never a waste of time.

Before I rattle off my take on each day, I want to mention a number of conversations I had with other students on the flow of the course and how it fitted in with the other SANS 500 level courses. The most discussed point was number of hands on labs, or lack of them on day two and three. I actually liked the two days of talk, mainly due to the content and partially because I’ve used the tools described in those two days fairly heavily over the last few months.

Fortunately, Australians aren’t quiet, shy flowers and mentioned this to Eric. There was plenty of time at breaks and after the day has ended to run through lab work. Most nights five or six people stayed behind to re-do the labs, just so they could get extra practice in with the bonus of having others around to talk over any problems.

SANS courses are the perfect time to play with tools and practice techniques in a calm, non-critical environment. The added bonus is you have a real person to help out if you run in to problems with it. Labs can break up the day and re-focus the brain or labs can disrupt the day as, in real life, thing don’t always work; you spend an hour troubleshooting why your lab isn’t work while the girl next to you has finished the whole lab in ten minutes. Still, both are real, hands on experience.

Day 1 Defensive Network Infrastructure

Switches, Routers, Firewall and other networking gear

The day started off with an illuminating and fascinating attack using routers. The day was pretty Cisco heavy, but the lesson are easily transposed to other vendors technologies.

Know what is on your network how it is configured, understand how it should be configured and use change management to get it there was the theme of the day.

Take a step back think what network needs to do and check that it is doing it. Light labs

Day 2 Packet Analysis

Understand the traffic on your network, what it’s doing and what it should look like. Profiling your normal traffic  makes looking the Bad Stuff ^TM much easier to find.

no labs

Day 3 Penetration Testing

no classroom labs, but the back of the book has a number of self study one

Day 4 First responder

Great stuff. Lots of things to apply and how to do them as a first responder to an incident.

labs

Day 5 Malware

Heavy labs. Got to find and purge Bad Stuff ^TM , lots of hands on fun!

Day 6 Data Loss Prevention

No classroom labs, but the back of the book has a number of self study ones

This day covers a number of topics and in my mind should possibly be day one, rather than the last day. My reasons are:

Normally covering risk and procedures is like slowly pulling nails from each finger with tweasers, slow and painful. Eric injects passion, direction and relevance, really make it applicable to the real world and the working lives of the student. I slogged through the CISSP domain when I was studying for the exam. Honestly, I feel Eric brought this section to life, I learnt more in those few hours, will remember and apply use this section than I ever could from the long, dark days of my CISSP study.

For those of you unaware of the process to get a SANS “gold” certification, this is the process. You pass a one of the SANS’ “silver” qualifications, then choose to push yourself further by writing a paper related to the qualification. Applying in the SANS portal to “go gold”, a brief summary of what the paper is based on and what its goals are is required. This summary is read by the gold paper advisors, a group made up of SANS alumina students, and hopefully one of them agrees to take on the role to spend the next six months advising on the paper. Once an advisor takes on the role, a fee is paid to SANS. This covers administration and a fee to the advisor for their time.

From then onwards, drafts are sent to the advisor for feedback, guidance and sanity checks. When the advisor feels the paper is ready, it is submitted to a review board. Should it pass that, the paper is published in the SANS Reading Room. At that point and only that point, Gold certificate is yours.

Why do it in the first place?

A four hour exam is one way of displaying your ability, spending six months to possibly have it published to the entire world to review is another.

Exams test people in certain defined ways, but spending personal time to understand, develop and put down on paper a project is a much, much more extensive test of knowledge and understanding.

For me, this is was a real change and challenge as I don’t write papers. There is no personal or professional requirement to do so. Life has to be about challenges and pushing forward. So I gave it a go.

So what went wrong during the first six months

• My time management sucked.
• The outline of the paper was too vague and not defined enough
• I tried to review and edit the paper by myself
• I failed to understand what the advisor was telling me to bring the paper back on topic and track

The two cardinal mistakes were I mis-judge how long writing/re-writing took and thought I could edit my own work. Oops.

My original paper wandered all over the place and my advisor, Don, should have hit me with the large ‘Pay Attention’ stick; He tried to re-focus where I was off track. Email is not the best medium to convey certain emphases. If there was not a 14+ hour time difference, then we may have been able to talk directly. The re-writes missed the mark and time got away from me. I got to five months stage and with the Christmas break looming, supported by Don, I applied for an extension. He felt that I was trying hard – School report flash-back: C minus, Chris can do so much more it he applied himself and pays attention – and was getting on the right track.

So with a New Year behind me and the three month extension approved, I found three people willing to review my work. I listen to Don’s advice and made some sweeping edits. Each changes and re-write got smaller and more focused on particular points. Finally Don was happy and submitted it for review by the review board.

Simple rules for the next one

• Make time to write the paper. It was amazing how many different distractions could and would appear.
• Have a pre-planned outline of the paper and what it should intend to deliver to the reader content-wise.
• Pre-build or have full access to any test environments needed for the paper’s subject matter.
• Build a time line and stick to it. A wise friend told me two months to prove all the concepts in the paper, two months to write them up and two months to edit the paper.
• Line up two or more people to read the paper and provide honest feedback.
• Do not expect an instant respond back from the advisor. They have lives give them a couple of days. Plan this into the time line.
• If you do not hear back from the advisor after two weeks then email SANS. Stuff happens in other people’s lives

To make the next paper better than the last

• Read other people’s papers
• Read, or re-read, The Elements of Style by William Strunk
• Ask friends, peers or SANS instructors what their favourite technical papers, books or writers are. Then read them.
• Ask someone what you could have do better in the first paper

To make the next paper better than the last

Well the paper is up in the SANS Reading Room here

Penetration testing is not part of my official job role, but understanding the mindset, tools and tactics employed is immensely valuable to any one working on behalf of the networks defence team. So off I went and jumped in the deep end.

Having already taken the Sec 504: Hacker Techniques, Exploits & Incident Handling course, which also written by Ed Skoudis, I was keen to see what made the courses different since there appeared to be a overlap of the material at first glance. With the warning “SANS Security 560 is one of the most technically rigorous courses offered by the SANS Institute”, I have to admit I was intrigued.

The first day has a heavy emphasis on methodology and report writing, which seemed to deter a number of students in the class. It became clear how important solid, clear and concise report writing skills are to a professional penetration tester. The writing skills are critical to the client the test is being performed for. If they can understand and act on the report of the test, you get a happy client. Happy client can mean repeat business. That’s good. As someone that has to throw together monthly security reports, it was more encouragement to keep reports clear, concise and not too techie. The methodology section covered how to provide maintain consistent results using a variety of frameworks.

I will not go in to the following days, as they covered skills, concepts and tools in both Windows and Linux. The course layout is detailed here. Many labs made up those days to counter point the theory with solid practicals. The days provided the core elements, a foundation, if you will, of the training and skill sets required  for penetration testers.

The Day Six Challenge

This is the day you put together what you have practiced and learnt and apply it to a real world situation. Thinking on your feet is required, with plenty of lateral brain work. That is all you will get from me J

The day six challenge is perfect. Fiendish, demanding and  aggressively driven to get the prise as quickly as possible but without destroying every jump point or system you touch. This is tailored to the pen tester skills and gives a clear insight in to how broad minded – and skilled – you would have to be.

No, I did not win the challenge, but I took away a great deal of notes, to do lists, insights and a sense of achievement.

As a interesting aside, 504’s final day is much more raw, as it is a hack and slash approach for Sysadmins have at it and play attacker for once. I am not putting the challenge down in the slightest, it was excellent fun to go full tilt at someone else’s systems in the all consuming charge to get the flags first.

In my own mind, I would love the day six challenge of 504 to be more on the defending, and repelling of an attacker, rather than being the attacker. Being an offense is a very different mindset to defence. Attacker need to find one fault, defenders have to fix them all. Guess who feels the more pressure.

Mr Galbraith

As to our instructor, it was absolute pleasure to have Bryce guide us through the lessons, material and labs. Bryce’s teaching style is calm, open to questions and focused. It is all too easy for a question to spark off a whole thread of detours and off topic ramblings. Bryce kept us alert, on track and entertained.  A sprinkling of relevant, and some very funny,  war stories dropped in to highlight the course material and practicals. To have someone that works in the penetration and security space consulting for a wide range of clients teaching, you get a very real sense of how to use these skills and supplement them with a variety of tools. What was amazing to watch and understand was how Bryce use installed tools and utilities of the OS to “live off the land”, as he call it, to subvert the network and systems to reach the target goal. So many standard system tools that ease administration are an absolute menace in the wrong hands.

560 Boot Camp

We also took part in a boot camp session, on the second, fourth and fifth nights of the training. These ran directly after the day class until 6:30 pm.

This was an added bonus, as I had not heard of this before and was not expecting it. The boot camp sessions were voluntary, running for on and a half hours.

The first session was on report writing, we had some drop outs from students keen to avoid more paper work. As a group we broke down a poorly constructed report, then rebuilt it and made it more relevant, giving it focus and flow. The group discussion threw together a wide range of thoughts, ideas, suggestions and the occasional disagreement on how to improve the report. With the before and after example report, it was easy to see how thinking through the layout and to who the audience is, a solid report could be created.

Session two was on Metasploit, using it to deploying ‘sploits to a USB device. The entire class stayed and attended. We all knew it was going to be that good. No-one left their seats as we jumped straight in to the boot camp from class. The hour and a half flew by, but most of us finally brandished a Metasploit backdoor payload hidden on a USB drive, with a large grin on our faces.

Session three, we lost two people (it was Friday night), but again the class stayed glued to their seats and followed Bryce through various methods of Netcat-ing without Netcat using Windows and Linux OS tools to emulated a relay. Never realised how helpful and user friendly *Nix systems could be compared to Windows in this task This really emphasized that it is creativity, not the tools, that differentiate the truly talented pen testers.

504 and 560: Do They Overlap?

I would have to say the tools used may be the same as 504, but the mindset, application and drive of the course is very, very different. That is where the value is. Mr Skoudis & team has done an excellent job in make the course stand up by itself, but flow on smoothly from the 504 course should you take both.

In my opinion, 504 is understanding the attackers and how to deal with them, with a brief foray into their world and tools. Focus is placed on incident response methodology and being the responder to event on the systems or network.

560 is starkly about being the attacker, albeit in an ethical manner, and using every possible tool, trick, technique, toehold to get in and grab the prize. Each attempt at getting in to a system or network is documented, but it is about finding the weak points in the armour and exploiting them to get to the target.

Final Thoughts

The course was challenging and though provoking. It is easy to get cocky, thinking this stuff is simple when completing the classroom labs, but the day six challenge brings you firmly back to earth. For people searching for a career in penetration testing the course sets you a clear understanding of what you knew to be able to do, think and report on in this role. Too many times I have had poorly cleaned and all to generic Nessus scans handed over to companies I’ve worked for, as part of their yearly audit. This helps sets the bar to what should be expected and delivered.

For those of us non-pen testers, the insights to what can happen if you let basic, simple standards drop or get forgotten about become blindingly obvious. Use good passwords/phrase, patch and keep an eye on logs files and it would stops a great deal of the possible in roads for testers or real attackers.

Oh and it’s great fun too.

For reasons only known to myself, I’ve stupidly decided to kick off the final two MCITP: Enterprise exams starting with 70-649.

Ah, nothing like making bets, attempting to get a bit of competition going, that you can get certified before the rest of the team.

In front the Boss. (He’s a hockey playing, beer drinking, Northern ninja for randomly appearing like that!)

Pure Muppet magic on my part! Meep.

Hum ho.

Why the Enterprise rather than the long winded 70-647 update exam first? After skimming the objectives, it looks less work and studying for 749 will help out with 647 at a guess.

Check List:

Study guide:                                         Ms Press Self paced 70-647 Training kit

Hands on:                                              Build a virtual lab on Windows 2008 and use the Ms Virtual Labs

Pick a date to get this done by:    Monday 23rd of March 2009

Better get on with it then.

So, kick off by designing and build and small self contained Windows 2008 domain. This is all built on a physical machine, running Windows 2008 Server x64 with 8GB of RAM, lots of hard disk space and a couple of NICs. Hyper-V is installed.

I’ve added three additional networks in the Virtual Network Manger: Domain_Internal, DMZ and Hyper-V_External. Hyper-V_External is connected to the router for direct Internet access.

I’ve build, installed the Integration tools and patched (32updates and 159mb later) one VM, then cloned it (done by copying it to a new location, starting it up and running newsid) to speed things up and save download bandwidth. I should have used Windows Deployment Services (WDS), but I get around to that later.

The master network plan is below

This isn’t information leakage and I haven’t forgotten to add IPv6 addresses in, just a basic network diagram!

So once everything has finished installing, on with setting it up.

Now to start going through the notes and playing!

Notes Part 1

In hind sight it would have been great to have taken the GSEC (401 track) course as my starting point to my SANS training, but things didn’t work out that way. Doing the course was like revisiting old haunts to find new paths or to avoid getting to carried away in too many fluffy lines, it was well worth revisiting the core topics and looking at them again.

We had Steven Sims provide guidance on the broad canvas of all the topics the 401 track. He proved to be a brilliant and entertaining instructor, who coloured the course work with his own personal experiences and insights. Steven had a couple of topics close to his own heart during the six days, which I’m sure if he was allowed, could have talked for hours – possibility days – on them. It made a fascinating and seemly very short six days. I was all fired up, ready to kick start my exam prep as soon as I go home and complete this sucker before the month ended!

Then you get home, then back to work and reality sets in.

After the first three weeks of shifting the books from one spot to another, I talked to one of the guys I’d taken the course with and drew up a basic time line and study plan. We kept it simple and straight forward. Four hours of study a week and listen to the audit files on the commute in and out of work. The working target was to sit the exam three months down the line, giving a month’s breathing space before the exam deadline date. The four hours of studying was to include using the pre-defined courseware scenarios and supplied tools on virtual lab systems we’d pre-built. I ended up with a couple of Windows domains (no surprise there) and a couple of random Linux boxes sitting on VMware and Hyper-V for practicing on. Since the VM’s were isolated, I didn’t need to install AV software which plays havoc with the SANS supplied tools on the CD. This gave me the ability to break and quickly restore test systems, which avoid the questions of having attack tools on work machines

The audio portion was taken from a class in the US, by another SANS instructor, Dr Eric Cole. Eric has a very distinctive American New York accent, which kinda made me think that one of the Sopranos’ was teaching me IT security. I guess it’s a perspective thing. Dr Cole had his own take on the material and it was a superb counter point to Steven’s. Twice the instructor at half the price

Dr Cole accompanied me for the next two months commuting to work and those long, random shopping trips guys get dragging in to. I re-read and annotated the six course books on the bus; occasionally while half watching bad TV cop shows and two attempts at painting the kitchen.

Study suggestions

Put together a simple time line and goal plan. E.g. read book 1 properly, with notes and comments in two weeks, and then repeat again for the other 5 books.

If you can get someone to study with, even if as a form of encouragement, it really helps maintain focus. If you at a conference, swap email addresses with other doing the exam.

Get the little post notes stickies in different colours. Title the main chapters and sub sections first, then start creating tabs on topics or tools. Go mad with the sections you weaker on. The day six (Unix) book looks like I’ve double its depth with the things.

Create yourself little challenges on the sections you feel most confident on as a reality check. On the Windows day book, I was “I’m an Ms god! I work with this stuff every day. This is too easy!” Still a couple of the test questions had me scrabbling for the book as it was left field of my thinking.

Play with the tools and, if you can, build a lab. I still struggle with Linux/Unix and it was my biggest source of failed questions during the exam. More hands on practice would have flipped those wrongs to right answers.

Listen to the audio records. Download them and have a listen when you’re in the car, in the shower or in board meetings. Just joking, showering could damage the mp3 player. You get the idea.

Avoid watch junk TV while studying, put 40 minutes aside to concentrate on the material. It’s not like you don’t know how the show is going to end; oddly enough they’ll be in the same peril again next week and somehow escape/solve it in 40 minutes. You think they find some other career less risky…

Don’t just put the books away after the exam. Pick one or two areas to study more on and think about taking the Gold paper challenge or simply challenging yourself to learn one more piece in depth.

My exam tips

Its 180 questions in 300 minutes (that’s 5 hours) needing 126 right answers to pass.

Be nice to the Proctor

Get a good night sleep before the exam. Avoid going in to the exam with any pressing time issues hanging over you (like painting a kitchen before everyone gets, for example …)

Have a clear space around to spread out the books.

Have any liquid in a container with a lid. It’s amazing how often a cup can be knocked over near paper or a computer. Both do an excellent job of absorbing that liquid.

Use the five skip question options if you spend more than 5 minutes figuring out the question. You can get hung up on the wording or meanings, so coming back to it later can help and avoid derailing you.

Use the break time of 15 minutes at the half way point, so at about Question 90. Take this to stretch your legs and take a break from the screen. Exam fatigue sets in staring at the questions and the screen. You can get a little click happy otherwise, just to finish up faster. Don’t use it as a last minute revision scramble! It’s there to relax.

Upgrading from MCSE 2003 to 2008 or MCITP: Enterprise Administrator (sooo much more fun to say…) is three exams. Vista, then two about all the new features in 2008 and how to use them.

There are two Vista exam I could have taken, neither really seemed appropriate for “Enterprise admin’s” so I picked the configuration one. RTFM would have been a great place to understand what they actually are testing on, but hey, I run Vista at home, and sort of know what I’m doing.

Wrong.

The exam is for those that work with home users or very small companies that don’t use Vista on a domain.

I had found one of the MsPress books
MCTS Self-Paced Training Kit (Exam 70-620): Configuring Windows Vista™ Client by Ian McLean and Orin Thomas. Orin lives in Oz, so if I failed, my plan was to track him down and make him do the re-sit for me

The book wasn’t too bad and I enjoyed Ian’s, who’s English, comments. I half expected a line starting with “In the good old days..”, but the antidotes are well worth the read.

The book covers how to use Vista (if it never goes on a domain), how to use all the built in software (we all ditch the second we install Office) and to use all the home features (you’d never let on a company network). All of which makes you wonder why it’s part of the Enterprise admin’s exam, but hum-ho.

The lads did a nice job of putting in real world commentaries and suggestions which were nice touches.

Anyhow, I rushed in to do the exam, as Real Life™ doesn’t just stop when I fancy doing an exam and I have this Forefront project going on amongst other things.

Top tip: make sure you put the right date of the exam in the calendar. I manage to arrive an entire day early. Oops.

I then turned up on the right day and finished the exam in about 45 minutes. There was about 6 questions of the 56 I had no idea about, the topics were in the book, but I must have passed out when looking at them. Using the old Sherlock Homes deduction method got me through thoses. To be honest any thing to do with faxing isn’t a fun topic for me, the few I had on Media Centre I had to flash back to watching a friend set up his Xbox with Vista Ultimate. Kevin, you legend, I think that got me past the finishing post

Those desperate to pass, the book cover all the objectives nicely and hands on practice with Vista Ultimate with following the actual practices in the book is very helpful and should get you over the 700 pass mark easily.