Certified Mail: May 2003

Scripting help; will the "real" security expert, please stand up; and a whole lotta feedback on the "braindumper" case.

• By MCP Magazine Readers
• 05/01/2003

Depending upon what you want to accomplish, this can be done quite easily. By default, the DNS suffix of your Fully Qualified Domain Name (FQDN) is the same as the name of the DNS Domain. If you’re using DHCP, this is easily configured with the DHCP server. If you’re manually setting static IP addresses on all your computers, this can be set at the same time using Windows Management Instrumentation (WMI). My August 2002 column features a script that uses WMI to set a whole host of IP settings. All you need to do is add a line to set the DNSDomain property, which is done by running the “SetDNSDomain” method. This may sound confusing now, but it won’t when you see the script. Simply add this line where all the other settings are being configured: intStatus=objInstance.SetDNS Domain(“yourdomain.com”).

If you want to allow different primary DNS suffixes, the procedure will vary depending on whether or not you’re using Active Directory; it’s beyond the scope of this response. Good luck!
—Chris Brooke

Security Foul
I’m currently working as an installer and maintainer of burglar, fire, camera and access-control security systems. Being an MCP and A+ and Network+ certified, my company recently decided that because I hold these certs, it could offer information security to our clients. When I was approached with the offer to do this, I pointed out that I was in no way qualified to do the work they wanted, and it would take more than a simple five-day training course to provide me with the knowledge needed to be competent. Eventually, the corporate IT director and I convinced management that this was a bad idea. I’ll admit that it cost me a little credibility with my company to say no; but it’s better to lose a little now rather than all of it later.
—Ron Gibson, MCP, A+, Network+
Dexter, Iowa

You did the right thing, Ron. You didn’t lose credibility with your company; you just earned it. If they don’t see that, then it’s their problem. They must not have realized that they could’ve been in a lot of trouble.

Typically, when you draw the line, when you tell folks what you’re competent to do, those in the know (it sounds like your IT director is in the know) respect that. As you build your reputation for being honest and up-front, other opportunities will come—those that you can do, or can do with appropriate training/experience/mentorship. And when you say, “Yes, I can do that,” they’ll believe you and off you’ll go. Hold your head up, and pat yourself on the back.
—Roberta Bragg

Learning a New Skill
I read the March “Pro Speak” column in which Greg asks what areas people should be looking into. Every year, I try to learn something new and attend some type of new training course. New hardware gets me excited and sometimes even new software. This year, it’s wireless and wireless security. I’m getting a lot of people asking me to secure their new home wireless network.
—Bill Mixon, MCSE
Fairfax, Virginia

Thanks for your comments, Bill. I agree that wireless is a hot area and has great promise—especially in understanding the security elements of wireless.
—Greg Neilson

I acquired my MCSE on Windows 2000 last July. Where has all the work gone? I haven’t worked much with servers (it seems hard to make the transition), but if I were to get a job working with servers (other than just desktop support), I’d get my mojo back. Any suggestions? (I have a little lab at home).
—MojosearcherX1, MCSE
Burlingame, California

Congratulations on completing your MCSE. I can appreciate your frustration in not being able to reach your goals right now, but there are a lot of folks out there who would be very thankful for any paying job in IT. Your time will come, but I’m afraid you need to be patient. Keep performing at a high level (this is very important!), keep your skills up and volunteer for any server-based work you can—even if you’re just watching someone else doing it in your own time—and one day that opportunity will come!
—Greg Neilson

Guilty as Charged
In response to Dian Schaffhauser’s March “Editor’s Desk,” I’m not convinced that Microsoft is very concerned about braindumps [despite Robert Keppel’s sentencing]. I think it needed to make an example of someone. I reported to Microsoft that my training center told me on more than one occasion to use www.braindumps.com to study for the MCSE. I called Microsoft; they took down my information and stated someone would contact me in a couple of days. I never heard back.
—John Diakogeorgiou, MCP, A+, Network+
Springfield, Ohio

If someone memorizes test questions during an exam and regurgitates those onto a dump site, they’re acting illegally and acknowledge this when taking the exam.

I couldn’t care less about braindumpers. Many of us in the real world realize what a game certification is to begin with. Most exams are difficult, but passing a difficult test doesn’t make you a better network admin. It just means you’re a good test taker. That’s why the whole argument about paper MCPs is a joke, and why braindumps are so popular.

If Microsoft created a test that mirrors real-world needs and tests real-world skills instead of a paper exam, then the braindumpers would go away.
—Barry Hohstadt, MCP
Seattle, Washington

I believe that anyone who “purchased” his or her MCSE certification should bear some responsibility. If not revoking the certs, then a list should be published with the names of purchasers. How about a reduction in pay if they’re on the list—or better yet, give them one full year to finish the Windows Server 2003 track with electives of SQL Server 2000 or Exchange.

As for test preparation, test simulations, and so on, these serve a useful purpose. A friend of mine thought he wanted to be a Novell CNA in 1996. He studied with the test prep and read the books, then took the test and failed. He never went back. This was a smart fellow, yet he didn’t have the interest or drive to do this. It was only for the money. This illustrates how test prep materials can help. They show you what the “job” is going to be like. They demonstrate what will be demanded of you and will help show if you have the mettle to stick with it. Exposure to real-world business situations and requirements is essential.
—Curtis J. Spanburgh, MCSE
San Diego, California

When I took the certification tests, I noticed that the questions weren’t a technical issue, but a linguistic one. My scores were good, and the only literature I used besides the Microsoft Official Curriculum (MOC), were the corresponding Microsoft training kit books and Microsoft’s Resource Kit.
At the time I took the tests making up my own MCSE on Win2K, I was an instructor for people who needed to get a new education. Many of these people had poor English skills. They were good with computers and handled the more difficult parts of the MCSE curriculum well, but most failed miserably the first time they took any test. Reason stated was most often the difficulty in understanding what a given scenario was about, and thus, selecting the most correct answer.

As long as MS tests aren’t practical ones, people not fluent in English will resort to "cheating" just to have a fair shot at passing. The value of an MCSE cert lies in its practical value—not in how good one understands English!
—Borge Kristoffersen, MCSE
Bergen, Norway

The Problem With Braindumps
In response to the February news article “Microsoft Addresses Exam Piracy”: If Microsoft was truly serious about protecting the integrity of its exams, it would increase the size of the pool of questions for each exam and add new questions, removing old ones periodically. This would make it much harder for the braindumps to keep up.
—Vincent Vitro, MCSE, MCSA
Coronado, California

I personally think the issue isn’t so much about if an individual “stole” real exam questions for profit by posting them onto a cheat site (not that I defend what Keppel did), but about the legitimacy of test exams. Microsoft has a huge bank of questions relating to each exam it posts. Are people expected to go into an exam totally blind as to the test layout and the way questions are worded? Is it acceptable to be allowed to sit for mock exams? If Microsoft believes this to be acceptable, I think it could quickly nullify the effect of these sites by freely posting a larger number of questions via its Web site.
If individuals fail, it’s a bit harsh and narrow-minded to blame Microsoft. All industries have, at some point, taken on a person who was a strong candidate on paper, only to find in reality that they were far from it.

Yes, I do use practice test exams for nearly every test, and I can’t remember one question from the practice tests appearing on a real exam. However, they did help prepare me for question structuring.
—Kieron Darley, MCSE, CCNA
London, England

I once visited a braindump site when I was starting out in the certification rat race. I found it to be a huge waste of my time.

When you spend hours pouring through questions and answers to maybe pick up the correct answer to a question, you’re doing yourself and any potential employer a great disservice. My approach has always been to purchase the software in question, buy relevant study materials and actually do the hands-on work necessary to master the technology. It’s not easy or cheap, and it may take me months to prepare for a single exam. The payback is that I actually do know what I am doing and am readily able to demonstrate that fact to any potential employer. As a result of that approach, after only six years in IT, I am both MSCD and MCDBA certified and make an income within the top 10 percent of all programmers in the country.

As far as sending braindump site operators to jail, I really don’t care. I do know that every time I take an exam, I agree to not disclose actual questions to anyone else. If I violate that agreement, then I’ve broken the law. Sometimes people who break the law spend time in jail. Perhaps those who do will spend some time actually studying for their next exam.
—Bob Feldsien, MCSD, MCDBA
St. Louis, Missouri

I was a displaced worker, and my home state paid to cross-train me for my MCSE. I became a "paper" MCSE. I took the instructor-led classes and didn't use braindumps until the last test, SQL Server 7.0. The first day of the class for SQL, the instructor told us there wasn't enough information in the "official" textbook to pass the test. So, I finished the class and went home to prepare. I went through the textbook a few times, bought an Exam Cram book and took those practice tests until I was blue in the face. I even spent a $100 on practice tests that Microsoft recommended. I felt more prepared to take that exam than any of the other six—and I failed it. There were a lot of questions not covered in any of the material I used. Hence, braindumps.

I checked out several dump sites (free ones, as I was still unemployed). I did a retake and passed the test. I’m sorry to say I had to use braindumps, but I wouldn't have had the money to take that test several more times. I was counting on my MCSE to get my foot in the door in IT, which it did. If Microsoft would put the needed information in its books, braindumps might lose their appeal.
—Ernie Johnston, MCSE, A+
Lincoln, Illinois

I train in Louisville, Kentucky and have been in the IT industry since 1993 starting with Novell certifications. It’s disheartening to see students bragging about passing an exam by using a braindump. They say that they know the exam questions even before going into the testing center. Some students have asked me to explain why a question is worded a certain way in a braindump exam and why the answer is what it is. These are the same exact questions I saw when I slaved so hard and studied for my exams (without any “study guides”).

Something has to be done about the blatant nondisclosure violation. Why is Microsoft taking so long in responding to braindump companies and listening to the trainer community and forums (such as the one on MCPMag.com)? Everyone is talking about it, but nothing is getting done.

I certainly call it cheating when a person who obviously doesn’t know the inner operations of Win2K Pro or Server but can memorize a braindump site and get certified.
—Ryder MacLaren, MCSE, MCT
Louisville, Kentucky

The solution to braindumping seems pretty clear to me: It should be illegal to steal the actual questions and sell them. Microsoft and others are publishing material that tells us the questions will be “like” those listed. I don’t see how it could possibly be illegal for a person to create mock questions from scratch and publish them. This has been done for decades in the SAT/ACT/GRE test-prep business. Reviewing the SAT questions is very well-known to raise students’ scores dramatically. Any student who doesn’t prep isn’t very serious about scoring well. Same for MCP test takers.

Reviewing mock questions is definitely something every test taker should do. Just doing your job and reading books isn’t enough because you don’t know if all the possible topics were covered. Microsoft seems to agree with this because they’re publishing their own materials.
—Todd Huffman, MCP
La Crosse, Wisconsin

I’ve been through the MCSE certification process—took the courses, bought the books, studied my eyes off—and I never bought a braindump. However, I was very unimpressed by the official materials, both for understanding the material and understanding how Microsoft tests. While it’s true you should know the material and understand how it works, another part of passing an exam is understanding Microsoft’s logic and its peculiarities in asking questions. This has nothing to do with understanding the material, but rather understanding examination procedure.

Certifications must be controlled to prevent students from passing on anything other than their own merits. On the opposite side, what protection do students have to keep from being taken advantage of by a system where one company holds all the cards and has everything to gain by the students failing?
—Greg, MCSE
Alberta, Canada

There is a huge gray area when it comes to Microsoft certification exams and “braindumps.” I used to co-author Microsoft Exam training kits for MCSD and MCSE tracks back in the '90s. I was once an MCT and MCSD for a CTEC in Arizona. To prepare for my exams, I’d say about 80 percent of the time I used either Transcender or Coriolis' Exam Cram books. Those could easily be labeled braindumps for MCP exams.

The funny thing is that Microsoft Press claims that its training kit books prepare you for the exam. That’s both true and false. In reality, the Exam Training Kits aren’t much better than looking at the exam objective domain and researching the subject matter yourself in MSDN. I think Microsoft CTECs should have a training class for every cert that includes hands-on training for the objective and a lab and written exam that covers exactly what was taught in class. If you pass the class and the exams, you’re certified. This way, braindumps offered by companies or individuals don’t have the same kind of impact on the certification exams.
—Sean Chase, MCP
Mesa, Arizona

I’ve thought about this a lot, as I teach A+ certification. My thought is that the failings are almost entirely on two things: First, the test itself and second, what we expect certification to accomplish.

The objectives for tests are often well thought out but badly implemented in the test. If the test was truly solid in its objectives, you could publish the test questions and forget about objectives. I hear a great gasp of horror at that but this is exactly what the FCC (and other government agencies) does with its certifications. The entire question pool is published with answers along with wrong answers. If the federal government can do this with tests that certify people that make life-and-death decisions (and cost $5 to $50), why can’t the IT industry (with tests that cost $100 to $250).

Certification should be seen as a learner’s permit, not a driver’s
license.
—Mark W. Murray, MCP, A+, Network+, iNetwork+
Lula, Georgia

Of all of the certifications that I've gained over the years, all have been accomplished the same way: Read the material, pass the test. I don't consider myself special, as most of the people that I work with have gotten the certifications that they hold following the same method. So from my standpoint current certifications are a useless but necessary evil. The solution to all of this mess is to make certifications meaningful. I and others have great respect for the Cisco CCIE because of the difficulty and time required to attain that certification. It has meaning because of what a person must know and demonstrate to be able to attain it. I consider the MCSE, which I hold, to be a meaningless certification. It doesn't indicate that the possessor can actually architect or manage a Windows network. I'm not singling out Microsoft as the only offender, just as a handy representative.

Transitioning certifications to “hands on” demonstration style tests, as Cisco’s CCIE, or making certifications based on apprenticeship programs would result in fewer, more knowledgeable certified people. But, the value of that certification would be much higher. Also, the world of potential employers could rest assured that this type of certification has meaning.

However, all of this will never come to pass as Microsoft et al. derive too much money from the certification programs and use the number of certifications currently held globally as a marketing tool to further push the software and/or hardware that they produce. This is OK, but let’s not delude ourselves into thinking that a majority of today’s certifications are any more than marketing hype.
—Shawen Donnellan, MCSE, CCNA, Compaq ASE
Merrimack, New Hampshire

The entire certification industry is tainted because the certifications are vendor oriented. Vendors such as Microsoft and Cisco are delighted that so many companies look to these certifications as qualifiers for employment. I’ve been in this industry for 20 years, and I’ve seen more “paper certs” than I can shake a test probe at. People that bought the study materials, frequent dump sites and rely on braindumps then march into an exam and pass a few tests. Bingo! A bona-fide expert is born. Two of the biggest problems here are the lack of quality of truly competent people and the glut, and subsequent devaluing of, the industry as a whole. Vendor certifications mean that you should have a decent basic knowledge of that particular platform. (Of course, certifications should be based on general technologies, not vendor-specific solutions.) The lack of practical knowledge held by these phonies berates those of us who have actually earned our certifications and reputations.

Punishing everyone that fraudulently got answers to the exam won’t stop it. The problem has to be addressed by making certifications technology related, not vendor focused. Also, there should be a written and a practical side to the certification process. So, you can ask questions but also have to be able to write code or actually troubleshoot a real problem, something to really show that you have a level of expertise in that technology. Entry-level people should be able to apprentice for a period of time prior to the test. Perhaps qualify, via written test first, the apprentice to gain the experience for the practical exam.
—Sean McNamara
Charlotte, North Carolina

All of this is a bunch of money-making garbage to benefit not only Microsoft but Novell and any other company that uses certification exams to qualify IT professionals. I’ve never used braindumps. I use Transcender test prep software, purchased by my company so I can prepare for these exams. What’s the big deal about publishing the test questions in the pool with both wrong and right answers? I have an FCC Commercial Radiotelephone license, as well as an Advanced Class Amateur Radio License. The questions for these federal exams are all published along with the answers, including how many questions from each section of the pool that will be on the exam. If this is acceptable to the federal government, why isn’t it acceptable in the IT industry?

You either know the material or you don’t; it’s not important how you learn it. Some people will argue that just learning the questions and answers isn’t enough to test whether or not you know the materials. Those are the same people who run MCSE boot camps, publish question and answer test prep software, and so on. They’re in this for the money, and no other reason. They want the test question pool kept secret because that’s how they make the big bucks off of the backs of the IT community.

Every time the wind shifts directions, Microsoft has a new certification test to keep our MCSE certification. By the time we finish taking one test, it’s outdated. When Microsoft slows down, I may update my MCSE certification. Microsoft should publish the exam questions and answers for all to study, quit ramming so many tests down our throats, and cut back on the number of exams needed to upgrade an MCSE from earlier OSs to the later and greater stuff.
—Ronnie Jackson, MCSE
Tyler, Texas

One thing that hasn’t been sufficiently discussed on this issue is the commercial nature of the particular case. There are many different levels of “cheating” on Microsoft exams. Just talking to a friend who has taken the exam and getting an outline of what type of questions were on the exam, potential traps and so on; or by posting your general impressions of the exam on a discussion Web site or reading the same. There are many ways to look at it.

In my view, the problem won’t go away until the nature of the exams changes substantially. They claim to have done this with Win2K, but that isn’t my impression from the exams I’ve taken.
—Elliot Gingold MCSE
Melbourne, Australia

Here’s a question: If Keppel was forced to give up the customer list and Microsoft was going to decertify individuals, what happens to people who unknowingly purchased the materials and then reported it to Microsoft when they discovered what was going on? Would they be decertified as well? When I was preparing for my Win2K exams, a friend advised me to purchase TroyTech study guides to help me with my last exam, 70-220, Designing Win2K Security. I was nervous to take the test and there weren’t many study materials available at that time. I ordered the guide the day before the exam, (it was scheduled for a Saturday), and it took three days for them to send it out by e-mail. I wasted the money on this study guide and didn’t even get to use it for the exam the next morning. The study guide came in via e-mail on Monday afternoon, and I was appalled to see screenshots of the exam I’d just taken the day before (and passed I might add…). This was the last exam to become an MCSE on Win2K.
—Ryan M. Rinehart MCSE, CCNA
Topeka, Kansas

Microsoft is sometimes its own worst enemy. Although I don't excuse Mr. Keppel for any criminal acts he committed, his sentence was a bit harsh. Perhaps the following case study will help put things in perspective.

In one of my Win2K MCSE exams, 25 percent of the questions came verbatim (as far as I could tell) from a Microsoft Press Test Readiness Guide I borrowed from my local public library to help me study for the exam.
So are Mr. Keppel’s transgressions really more serious than those perpetrated by Microsoft?
—Jeffrey Harris, MCSA, MCSE
Fairfax, Virginia

Is it cheating when my teenager takes a practice SAT test? What about when a law student takes a practice bar exam? In Texas, school children have to take a state certification test before advancing to the next grade. They take several practice tests during the year in order to assess their skill level and to prepare for the test. Are the teachers helping them cheat? If I take the self-test quiz in my college textbook the night before a test, am I cheating if the answers to the test questions are in that book? Of course not, and there’s nothing wrong with practice MCP certification tests.

Also, the certification tests do not, and cannot test only the experience of the test taker. The skills required for my position by my employer may be very different from the skills required for the same position by another employer. If I’m a developer on a project team, but only one member of the team creates the installation files for the final product and uses a third-party product, how well can any of us answer a question on the certification test that deals with using the Microsoft tools for distributing an application? We can’t, so we have to seek the answer from a book, the Internet, a boot camp, another developer or a braindump site. Does that mean we’re lousy developers? Which of those methods is cheating? None, if used properly. They are all means to educate. A test is a measure of how much you know, not only your experience.

Let’s lighten up with the attitude that the only way you can be qualified for anything is through years of experience.
—Mark A. Baker, MCSD
Temple, Texas

Microsoft has gone overboard on this whole exam thing. First of all, it does indeed offer free sample exams (and some of the questions do show up on the live exams). It also publishes books to help prepare (with sample exams included), as do many others. I get somewhat incensed when Microsoft complains about braindumps, while it has sponsored boot camps where you can become an MCSE (taking seven exams) in 13 days. I can tell you from personal experience, that claim is pure nonsense unless you are “prepped” by the classes. Each exam requires about 500 to 1,500 pages of reading plus some hands-on experience. To do the entire thing in 13 days is impossible unless you're already prepared (they all claim minimal preparation) or are spoon-fed the questions. As far as I am concerned, Microsoft is therefore violating its own standards. Of course, it makes money by supplying the training materials, and so on. Perhaps this makes it alright to them, but to those outside, it appears a double standard.
—Bruce Waid, MCP
Glen Ellyn, Illinois

To help fix the problem, I’d recommend that Microsoft reduces the cost of an exam to something that is more reasonable, such as $30 per exam. Also, write a test in a straight forward and factual real-world manner, not some trickery in wording and testing for some unused obscure fact. Most of all, don’t sell the exam questions to anyone! If these ideas were followed, it would greatly increase the credibility of the Microsoft certs.
—Michael Blose, CCNA, NCTI, A+
Amherst, New York