[NTLUG:Discuss] I PASSED... I'm an LCA

Chris Cox cjcox at acm.org
Fri Jun 1 14:21:46 CDT 2001 

Jeremy Blosser wrote:
> 
> Chris Cox [cjcox at acm.org] wrote:
...(context snipped...read it in thread)
> 
> The law defines what a company is allowed to do without getting sued.  It
> does not define things like 'you must routinely invade your users' privacy
> at any opportunity'.

Sounds good.  But incorrect.  Your email belongs to the company... not
to you.  If you want more privacy, do not use the company's email
facilities for your personal email.

> 
...(context snipped, read it in thread)
> 
> A lot of the questions related to ethics really feel like they're trying to
> preach the 'your life belongs to the company, you have no rights' thing,

Essentially a true statement.  I don't think they really want to preach
something that isn't true... even if you don't happen to agree with it.

> probably because they expect the ethics of free software hackers to go
> against it and for it to trip them up.  But that's all only one component
> of sysadmin ethics.  A certification test should be testing people on
> implementation of industry standard best practices, not taking a soap box.
> 

Again, the test isn't designed to get on a soapbox.... it's designed
to make sure you are aware of what the law says (there are some
true ethics questions on the exam too... esp with regards to
conflict of interest... where certainly the law does not supply
enough info).

...
> 
> > You won't get any explanation when you take the exam...
> 
> I would assume not.
> 
> > you either get it right or wrong.... and I really hate the ones where
> > there are multiple correct choices.... I mean, as an administrator you
> > tend to favor a certain way of doing things... sometimes to the exclusion
> > of alternatives just because you know you'll never need the
> > alternatives.... but in the case of the exam, there are a few questions
> > where you'll need to have a pretty broad understanding of various methods
> > to due the same thing.
> 
> That's all fine, provided we can be confident they are going to pick the
> industry-standard most correct answer and not just their own subjective
> neat way of doing things.  Otherwise they have no value as a certification.

You won't have any problem.  Again, the trick is to realize that there
may be more than one answer that is valid... it's tempting to shoot for
the one that you might be most comfortable with... even when the other
answers are just as suitable.  Those questions identify themselves
by having check boxes instead of radio boxes to answer... signifying
that there may be more than one answer.  The easier tests, Install & Config
and Sys. Admin. usually tell you how many correct answers there are
(e.g. select 2 answers).  I can't remember if the Network and Security
tests gave the same hints however.... again, they are considered
to be the harder tests of the set.

> 
...(lots of context snipped, see thread)
> > I diagree... this question is worded sufficiently to arrive at the correct
> > answer.  If the question said that root MUST be through the network...well
> > that's different.  The question said "if necessary"... and I think
> > that was designed to trip some up.  Remember it's a security exam....
> > so it's designed to mess with your mind a bit.  A good security
> > manager is often very paranoid.
> 
> Messing with one's mind and being paranoid about security is one thing.
> Failing to accurately describe the scenario, or being deliberately
> misleading, is another.  Real security is not based on mindless second
> guessing and paranoia, it is based on understanding of what's going on at
> the network and hardware level and taking appropriate measures.

We're just going to have to disagree on this matter.  I did not seem
ambiguous to me.  In fact, this exact scenario is fairly common place
in Unix security literature.... at least.... to me.

> 
...(lots of context snipped, read thread)
> > Remember, the Sys Admin can read your email AT WILL! (so bribe your
> > Sys Admin today!)
> 
> I'm well aware of what the sysadmin can do with email and other files and
> what the law says.  That isn't the point.  The question lacks enough data
> for an ethical sysadmin to determine if they have cause to read someone's
> mail.  Given that lack of cause, the default has to be no, you should not.
> Or, if they had instead said "it is LEGAL for", they could have been
> correct and continued to make their pet point.

Uhmm... don't mean to burst the bubble here... but they can do whatever
they want.  The ambiguity, as I mentioned is what they do with the
detailed personal information in your email.  For example, you buy something
via email by supplying your credit card number (don't send stuff like this in email!)
...anyway, the Sys Admin reads the mail... cuz he's allowed to do so....
and advertises your credit card number.  NOW, he's in trouble.... but
up until that part... I'm afraid he was protected.... take him to lunch,
get to know him really well... AND never tick him off! :-)

> 
...(tons of context snipped, read thread)
> > Again... the law rules over "what is right" in our own eyes.  If the
> > administrator fails to notify the world (so to speak), he may be
> > putting his own career in jeopardy....he is failing to protect
> > the company's interests potentially.
> 
> In the majority of companies, if you go tell the world about something like
> this (especially if you bother the owner) instead of just your boss, you're
> as good as fired.  If you are the boss, you have a defined route to take
> the issue, usually through HR.  This really has nothing to do with 'in our
> own eyes' and everything to do with appropriate (as defined by the company)
> dissemination of that information.

You may well get fired.... I'm not saying that business decision makers
understand the law well either.... but take them to court and you will
probably win.  Besides, I think the owner would be terribly interested
in the fact that you found somebody trying to do harm to his company...
he might not like you coming to see him initially, but when he realizes
you may have just saved his tail... well, you get my point.
Now, some companies put some things into policy that probably should
be guidelines.  What happens in those situations is that the policy
doesn't get enforced.... and that could be used in court to nullify
the policy.  It's sorta like protecting your trademark.  If someone
uses it and you decide to let them go... because you don't feel
threatened, you can lose your trademark.

> 
...(context....well you know...)
> Again, this has nothing to do with personal ideas of right and wrong and
> everything to do with what is ethical and appropriate (as defined by the
> industry and the company), not just what is legal.  If they want to test on
> what the law says, they should just do that.

Yes... I can see your point... just remember that LAW comes first, ETHICS
comes second.  Where the LAW is silent, ETHICS rules.  If you can remember
that while taking the test, you should have no problem passing.  Ethics
deals more with feelings and emotion... LAW is the LAW.... hate it, love it,
it's there and it is what it is.

>From what I've gathered from most people... and there are certainly a few
who diagree on this.... but most poeple tend to feel that the Sair tests
are some of the hardest tests in the industry right now... which I think
is a pretty good thing.  Like I said earlier, it's become way to easy
to pay big bucks for a quickie tutorial, take and exam and ZZZINNGGG..
instant certification.  Having taken the tests... I feel they are not
hard enough.... Other certs seem to be too easy. For example, I pass the
RHCE tests with 100% when I take online samples of their test.... but again,
I have not taken their official tests.  So I was not too impressed with
their questions.

The Sair tests are NOT perfect (as my situation proves).  I don't think
any of them are.  I've looked at some of the LPI exam samples and found
some interesting nuances there as well... but I also realize that the
samples ARE NOT the exam... they are more of guidance about the kinds
of things asked on the exam.  I think there may have been only one
or two questions which were nearly identical on the exam vs. the
samples.

Are certifications worth it?  Time will tell.  I am unemployed... so
I have some time to kill... training may be an avenue of employment
for me... so it made sense for me.  Trust me... I know of several
people in NTLUG that could run circles around me on that Network
exam!  Whether they want to get an LCA is their business.  My point
is that their reputation goes before them very well... having
a certification sometimes can help people who do not know a person's
reputation to take them more seriously esp. when first getting
a foot into the doorway of an opportunity.

I you find yourself at a Linux conference, often times, they will
have the Sair exams there for free (if your company paid for the
bigger package)... could be a good opportunity to get some
exposure to the materials.  By agreement, I can't share the details
of the exam (except for that one question which go thrown out...
even then, with some tweaking they can make it into a valid
question again).  If you don't feel you need the certification,
don't get it.... if you like having the certification on your
resume... just in case, it may well be worthwhile (especially
if you can get your company to pay for it).  Today, I don't
think any company requires a Linux certification (well maybe
there are a handful)... that may change in the future, but
that's anyone's guess at this point.  But only with risk
comes greater reward.

Again, I like many of the point you raised and you'll notice
that I agreed with almost all of them, though I had some
comments on your responses (except for the root login question,
where we clearly disagree).

Who knows, maybe I'll get to help make some tests for SAIR
(you may want to get certified before I get my hands on
them though...insert evil laugh here....).  Maybe I'll take
the tests for LPI or RH...  my guess is that I could probably
pass all the Level I's right now.  As for Level II (!!)....
sendmail, apache and samba are hit hard.  I'm weak in
sendmail and apache (though you should know some of
the basics for the Level I exams).... definitely need to
know some serious Samba for the Level I's (I can only
imagine what they'll ask in Level II... probably stuff
about the underlying SMB protocol and such... I've seen
some samples on Brainbuzz that go that level of
detail..WARNING: Brainbuzz materials HAVE LOTS of
errors in them).

Best regards,
Chris

More information about the Discuss mailing list