Certified Mail: May 2003
Scripting help; will the "real" security expert, please stand up; and a whole lotta feedback on the "braindumper" case.
I’m trying to set every client’s “Primary DNS Suffix” without walking
around to each user’s desk. Any help would be appreciated.
—Ben Freeman, MCP, A+, Network+
Pleasant Hill, California
Depending upon what you want to accomplish, this can be
done quite easily. By default, the DNS suffix of your Fully Qualified
Domain Name (FQDN) is the same as the name of the DNS Domain. If you’re
using DHCP, this is easily configured with the DHCP server. If you’re
manually setting static IP addresses on all your computers, this can be
set at the same time using Windows Management Instrumentation (WMI). My
2002 column features a script that uses WMI to set a whole host of
IP settings. All you need to do is add a line to set the DNSDomain property,
which is done by running the “SetDNSDomain” method. This may sound confusing
now, but it won’t when you see the script. Simply add this line where
all the other settings are being configured: intStatus=objInstance.SetDNS
If you want to allow different primary DNS suffixes, the
procedure will vary depending on whether or not you’re using Active Directory;
it’s beyond the scope of this response. Good luck!
I’m currently working as an installer and maintainer of burglar, fire,
camera and access-control security systems. Being an MCP and A+ and Network+
certified, my company recently decided that because I hold these certs,
it could offer information security to our clients. When I was approached
with the offer to do this, I pointed out that I was in no way qualified
to do the work they wanted, and it would take more than a simple five-day
training course to provide me with the knowledge needed to be competent.
Eventually, the corporate IT director and I convinced management that
this was a bad idea. I’ll admit that it cost me a little credibility with
my company to say no; but it’s better to lose a little now rather than
all of it later.
—Ron Gibson, MCP, A+, Network+
You did the right thing, Ron. You didn’t lose credibility
with your company; you just earned it. If they don’t see that, then it’s
their problem. They must not have realized that they could’ve been in
a lot of trouble.
Typically, when you draw the line, when you tell folks what
you’re competent to do, those in the know (it sounds like your IT director
is in the know) respect that. As you build your reputation for being honest
and up-front, other opportunities will come—those that you can do, or
can do with appropriate training/experience/mentorship. And when you say,
“Yes, I can do that,” they’ll believe you and off you’ll go. Hold your
head up, and pat yourself on the back.
Learning a New Skill
I read the March “Pro
Speak” column in which Greg asks what areas people should be looking
into. Every year, I try to learn something new and attend some type of new
training course. New hardware gets me excited and sometimes even new software.
This year, it’s wireless and wireless security. I’m getting a lot of people
asking me to secure their new home wireless network.
—Bill Mixon, MCSE
Thanks for your comments, Bill. I agree that wireless is
a hot area and has great promise—especially in understanding the security
elements of wireless.
I acquired my MCSE on Windows 2000 last July. Where has all the work
gone? I haven’t worked much with servers (it seems hard to make
the transition), but if I were to get a job working with servers (other
than just desktop support), I’d get my mojo back. Any suggestions?
(I have a little lab at home).
Congratulations on completing your MCSE. I can appreciate your frustration
in not being able to reach your goals right now, but there are a lot of
folks out there who would be very thankful for any paying job in IT. Your
time will come, but I’m afraid you need to be patient. Keep performing
at a high level (this is very important!), keep your skills up and volunteer
for any server-based work you can—even if you’re just watching
someone else doing it in your own time—and one day that opportunity
Guilty as Charged
In response to Dian Schaffhauser’s March “Editor’s
Desk,” I’m not convinced that Microsoft is very concerned about braindumps
[despite Robert Keppel’s sentencing]. I think it needed to make an example
of someone. I reported to Microsoft that my training center told me on
more than one occasion to use www.braindumps.com to study for the MCSE.
I called Microsoft; they took down my information and stated someone would
contact me in a couple of days. I never heard back.
—John Diakogeorgiou, MCP, A+, Network+
If someone memorizes test questions during an exam and regurgitates those
onto a dump site, they’re acting illegally and acknowledge this when taking
I couldn’t care less about braindumpers. Many of us in the real world realize what a game certification is to begin with. Most exams are difficult, but passing a difficult test doesn’t make you a better network admin. It just means you’re a good test taker. That’s why the whole argument about paper MCPs is a joke, and why braindumps are so popular.
If Microsoft created a test that mirrors real-world needs and tests real-world
skills instead of a paper exam, then the braindumpers would go away.
—Barry Hohstadt, MCP
I believe that anyone who “purchased” his or her MCSE certification
should bear some responsibility. If not revoking the certs, then a list
should be published with the names of purchasers. How about a reduction
in pay if they’re on the list—or better yet, give them one
full year to finish the Windows Server 2003 track with electives of SQL
Server 2000 or Exchange.
As for test preparation, test simulations, and so on, these serve a
useful purpose. A friend of mine thought he wanted to be a Novell CNA
in 1996. He studied with the test prep and read the books, then took the
test and failed. He never went back. This was a smart fellow, yet he didn’t
have the interest or drive to do this. It was only for the money. This
illustrates how test prep materials can help. They show you what the “job”
is going to be like. They demonstrate what will be demanded of you and
will help show if you have the mettle to stick with it. Exposure to real-world
business situations and requirements is essential.
—Curtis J. Spanburgh, MCSE
San Diego, California
When I took the certification tests, I noticed that the questions weren’t
a technical issue, but a linguistic one. My scores were good, and the
only literature I used besides the Microsoft Official Curriculum (MOC),
were the corresponding Microsoft training kit books and Microsoft’s
At the time I took the tests making up my own MCSE on Win2K, I was an
instructor for people who needed to get a new education. Many of these
people had poor English skills. They were good with computers and handled
the more difficult parts of the MCSE curriculum well, but most failed
miserably the first time they took any test. Reason stated was most often
the difficulty in understanding what a given scenario was about, and thus,
selecting the most correct answer.
As long as MS tests aren’t practical ones, people not fluent in
English will resort to "cheating" just to have a fair shot at
passing. The value of an MCSE cert lies in its practical value—not
in how good one understands English!
—Borge Kristoffersen, MCSE
The Problem With Braindumps
In response to the February news article “Microsoft
Addresses Exam Piracy”: If Microsoft was truly serious about
protecting the integrity of its exams, it would increase the size of the
pool of questions for each exam and add new questions, removing old ones
periodically. This would make it much harder for the braindumps to keep
—Vincent Vitro, MCSE, MCSA
I personally think the issue isn’t so much about if an individual
“stole” real exam questions for profit by posting them onto
a cheat site (not that I defend what
Keppel did), but about the legitimacy of test exams. Microsoft has
a huge bank of questions relating to each exam it posts. Are people expected
to go into an exam totally blind as to the test layout and the way questions
are worded? Is it acceptable to be allowed to sit for mock exams? If Microsoft
believes this to be acceptable, I think it could quickly nullify the effect
of these sites by freely posting a larger number of questions via its
If individuals fail, it’s a bit harsh and narrow-minded to blame
Microsoft. All industries have, at some point, taken on a person who was
a strong candidate on paper, only to find in reality that they were far
Yes, I do use practice test exams for nearly every test, and I can’t
remember one question from the practice tests appearing on a real exam.
However, they did help prepare me for question structuring.
—Kieron Darley, MCSE, CCNA
I once visited a braindump site when I was starting out in the certification
rat race. I found it to be a huge waste of my time.
When you spend hours pouring through questions and answers to maybe
pick up the correct answer to a question, you’re doing yourself
and any potential employer a great disservice. My approach has always
been to purchase the software in question, buy relevant study materials
and actually do the hands-on work necessary to master the technology.
It’s not easy or cheap, and it may take me months to prepare for
a single exam. The payback is that I actually do know what I am doing
and am readily able to demonstrate that fact to any potential employer.
As a result of that approach, after only six years in IT, I am both MSCD
and MCDBA certified and make an income within the top 10 percent of all
programmers in the country.
As far as sending braindump site operators to jail, I really don’t
care. I do know that every time I take an exam, I agree to not disclose
actual questions to anyone else. If I violate that agreement, then I’ve
broken the law. Sometimes people who break the law spend time in jail.
Perhaps those who do will spend some time actually studying for their
—Bob Feldsien, MCSD, MCDBA
St. Louis, Missouri
I was a displaced worker, and my home state paid to cross-train me for
my MCSE. I became a "paper" MCSE. I took the instructor-led
classes and didn't use braindumps until the last test, SQL Server 7.0.
The first day of the class for SQL, the instructor told us there wasn't
enough information in the "official" textbook to pass the test.
So, I finished the class and went home to prepare. I went through the
textbook a few times, bought an Exam Cram book and took those
practice tests until I was blue in the face. I even spent a $100 on practice
tests that Microsoft recommended. I felt more prepared to take that exam
than any of the other six—and I failed it. There were a lot of questions
not covered in any of the material I used. Hence, braindumps.
I checked out several dump sites (free ones, as I was still unemployed).
I did a retake and passed the test. I’m sorry to say I had to use
braindumps, but I wouldn't have had the money to take that test several
more times. I was counting on my MCSE to get my foot in the door in IT,
which it did. If Microsoft would put the needed information in its books,
braindumps might lose their appeal.
—Ernie Johnston, MCSE, A+
I train in Louisville, Kentucky and have been in the IT industry since
1993 starting with Novell certifications. It’s disheartening to
see students bragging about passing an exam by using a braindump. They
say that they know the exam questions even before going into the testing
center. Some students have asked me to explain why a question is worded
a certain way in a braindump exam and why the answer is what it is. These
are the same exact questions I saw when I slaved so hard and studied for
my exams (without any “study guides”).
Something has to be done about the blatant nondisclosure violation.
Why is Microsoft taking so long in responding to braindump companies and
listening to the trainer community and forums (such as the one on MCPMag.com)?
Everyone is talking about it, but nothing is getting done.
I certainly call it cheating when a person who obviously doesn’t
know the inner operations of Win2K Pro or Server but can memorize a braindump
site and get certified.
—Ryder MacLaren, MCSE, MCT
The solution to braindumping seems pretty clear to me: It should be illegal
to steal the actual questions and sell them. Microsoft and others are
publishing material that tells us the questions will be “like”
those listed. I don’t see how it could possibly be illegal for a
person to create mock questions from scratch and publish them. This has
been done for decades in the SAT/ACT/GRE test-prep business. Reviewing
the SAT questions is very well-known to raise students’ scores dramatically.
Any student who doesn’t prep isn’t very serious about scoring
well. Same for MCP test takers.
Reviewing mock questions is definitely something every test taker should
do. Just doing your job and reading books isn’t enough because you
don’t know if all the possible topics were covered. Microsoft seems
to agree with this because they’re publishing their own materials.
—Todd Huffman, MCP
La Crosse, Wisconsin
I’ve been through the MCSE certification process—took the
courses, bought the books, studied my eyes off—and I never bought
a braindump. However, I was very unimpressed by the official materials,
both for understanding the material and understanding how Microsoft tests.
While it’s true you should know the material and understand how
it works, another part of passing an exam is understanding Microsoft’s
logic and its peculiarities in asking questions. This has nothing to do
with understanding the material, but rather understanding examination
Certifications must be controlled to prevent students from passing on
anything other than their own merits. On the opposite side, what protection
do students have to keep from being taken advantage of by a system where
one company holds all the cards and has everything to gain by the students
There is a huge gray area when it comes to Microsoft certification exams
and “braindumps.” I used to co-author Microsoft Exam training
kits for MCSD and MCSE tracks back in the '90s. I was once an MCT and
MCSD for a CTEC in Arizona. To prepare for my exams, I’d say about
80 percent of the time I used either Transcender or Coriolis' Exam Cram
books. Those could easily be labeled braindumps for MCP exams.
The funny thing is that Microsoft Press claims that its training kit
books prepare you for the exam. That’s both true and false. In reality,
the Exam Training Kits aren’t much better than looking at the exam
objective domain and researching the subject matter yourself in MSDN.
I think Microsoft CTECs should have a training class for every cert that
includes hands-on training for the objective and a lab and written exam
that covers exactly what was taught in class. If you pass the class and
the exams, you’re certified. This way, braindumps offered by companies
or individuals don’t have the same kind of impact on the certification
—Sean Chase, MCP
I’ve thought about this a lot, as I teach A+ certification. My
thought is that the failings are almost entirely on two things: First,
the test itself and second, what we expect certification to accomplish.
The objectives for tests are often well thought out but badly implemented
in the test. If the test was truly solid in its objectives, you could
publish the test questions and forget about objectives. I hear a great
gasp of horror at that but this is exactly what the FCC (and other government
agencies) does with its certifications. The entire question pool is published
with answers along with wrong answers. If the federal government can do
this with tests that certify people that make life-and-death decisions
(and cost $5 to $50), why can’t the IT industry (with tests that
cost $100 to $250).
Certification should be seen as a learner’s permit, not a driver’s
—Mark W. Murray, MCP, A+, Network+, iNetwork+
Of all of the certifications that I've gained over the years, all have
been accomplished the same way: Read the material, pass the test. I don't
consider myself special, as most of the people that I work with have gotten
the certifications that they hold following the same method. So from my
standpoint current certifications are a useless but necessary evil. The
solution to all of this mess is to make certifications meaningful. I and
others have great respect for the Cisco CCIE because of the difficulty
and time required to attain that certification. It has meaning because
of what a person must know and demonstrate to be able to attain it. I
consider the MCSE, which I hold, to be a meaningless certification. It
doesn't indicate that the possessor can actually architect or manage a
Windows network. I'm not singling out Microsoft as the only offender,
just as a handy representative.
Transitioning certifications to “hands on” demonstration
style tests, as Cisco’s CCIE, or making certifications based on
apprenticeship programs would result in fewer, more knowledgeable certified
people. But, the value of that certification would be much higher. Also,
the world of potential employers could rest assured that this type of
certification has meaning.
However, all of this will never come to pass as Microsoft et al. derive
too much money from the certification programs and use the number of certifications
currently held globally as a marketing tool to further push the software
and/or hardware that they produce. This is OK, but let’s not delude
ourselves into thinking that a majority of today’s certifications
are any more than marketing hype.
—Shawen Donnellan, MCSE, CCNA, Compaq ASE
Merrimack, New Hampshire
The entire certification industry is tainted because the certifications
are vendor oriented. Vendors such as Microsoft and Cisco are delighted
that so many companies look to these certifications as qualifiers for
employment. I’ve been in this industry for 20 years, and I’ve
seen more “paper certs” than I can shake a test probe at.
People that bought the study materials, frequent dump sites and rely on
braindumps then march into an exam and pass a few tests. Bingo! A bona-fide
expert is born. Two of the biggest problems here are the lack of quality
of truly competent people and the glut, and subsequent devaluing of, the
industry as a whole. Vendor certifications mean that you should have a
decent basic knowledge of that particular platform. (Of course, certifications
should be based on general technologies, not vendor-specific solutions.)
The lack of practical knowledge held by these phonies berates those of
us who have actually earned our certifications and reputations.
Punishing everyone that fraudulently got answers to the exam won’t
stop it. The problem has to be addressed by making certifications technology
related, not vendor focused. Also, there should be a written and a practical
side to the certification process. So, you can ask questions but also
have to be able to write code or actually troubleshoot a real problem,
something to really show that you have a level of expertise in that technology.
Entry-level people should be able to apprentice for a period of time prior
to the test. Perhaps qualify, via written test first, the apprentice to
gain the experience for the practical exam.
Charlotte, North Carolina
All of this is a bunch of money-making garbage to benefit not only Microsoft
but Novell and any other company that uses certification exams to qualify
IT professionals. I’ve never used braindumps. I use Transcender
test prep software, purchased by my company so I can prepare for these
exams. What’s the big deal about publishing the test questions in
the pool with both wrong and right answers? I have an FCC Commercial Radiotelephone
license, as well as an Advanced Class Amateur Radio License. The questions
for these federal exams are all published along with the answers, including
how many questions from each section of the pool that will be on the exam.
If this is acceptable to the federal government, why isn’t it acceptable
in the IT industry?
You either know the material or you don’t; it’s not important
how you learn it. Some people will argue that just learning the questions
and answers isn’t enough to test whether or not you know the materials.
Those are the same people who run MCSE boot camps, publish question and
answer test prep software, and so on. They’re in this for the money,
and no other reason. They want the test question pool kept secret because
that’s how they make the big bucks off of the backs of the IT community.
Every time the wind shifts directions, Microsoft has a new certification
test to keep our MCSE certification. By the time we finish taking one
test, it’s outdated. When Microsoft slows down, I may update my
MCSE certification. Microsoft should publish the exam questions and answers
for all to study, quit ramming so many tests down our throats, and cut
back on the number of exams needed to upgrade an MCSE from earlier OSs
to the later and greater stuff.
—Ronnie Jackson, MCSE
One thing that hasn’t been sufficiently discussed on this issue
is the commercial nature of the particular case. There are many different
levels of “cheating” on Microsoft exams. Just talking to a
friend who has taken the exam and getting an outline of what type of questions
were on the exam, potential traps and so on; or by posting your general
impressions of the exam on a discussion Web site or reading the same.
There are many ways to look at it.
In my view, the problem won’t go away until the nature of the exams
changes substantially. They claim to have done this with Win2K, but that
isn’t my impression from the exams I’ve taken.
—Elliot Gingold MCSE
Here’s a question: If Keppel was forced to give up the customer
list and Microsoft was going to decertify individuals, what happens to
people who unknowingly purchased the materials and then reported it to
Microsoft when they discovered what was going on? Would they be decertified
as well? When I was preparing for my Win2K exams, a friend advised me
to purchase TroyTech study guides to help me with my last exam, 70-220,
Designing Win2K Security. I was nervous to take the test and there weren’t
many study materials available at that time. I ordered the guide the day
before the exam, (it was scheduled for a Saturday), and it took three
days for them to send it out by e-mail. I wasted the money on this study
guide and didn’t even get to use it for the exam the next morning.
The study guide came in via e-mail on Monday afternoon, and I was appalled
to see screenshots of the exam I’d just taken the day before (and
passed I might add…). This was the last exam to become an MCSE on
—Ryan M. Rinehart MCSE, CCNA
Microsoft is sometimes its own worst enemy. Although I don't excuse
Mr. Keppel for any criminal acts he committed, his sentence was a bit
harsh. Perhaps the following case study will help put things in perspective.
In one of my Win2K MCSE exams, 25 percent of the questions came verbatim
(as far as I could tell) from a Microsoft Press Test
Readiness Guide I borrowed from my local public library to help
me study for the exam.
So are Mr. Keppel’s transgressions really more serious than those
perpetrated by Microsoft?
—Jeffrey Harris, MCSA, MCSE
Is it cheating when my teenager takes a practice SAT test? What about
when a law student takes a practice bar exam? In Texas, school children
have to take a state certification test before advancing to the next grade.
They take several practice tests during the year in order to assess their
skill level and to prepare for the test. Are the teachers helping them
cheat? If I take the self-test quiz in my college textbook the night before
a test, am I cheating if the answers to the test questions are in that
book? Of course not, and there’s nothing wrong with practice MCP
Also, the certification tests do not, and cannot test only the experience
of the test taker. The skills required for my position by my employer
may be very different from the skills required for the same position by
another employer. If I’m a developer on a project team, but only
one member of the team creates the installation files for the final product
and uses a third-party product, how well can any of us answer a question
on the certification test that deals with using the Microsoft tools for
distributing an application? We can’t, so we have to seek the answer
from a book, the Internet, a boot camp, another developer or a braindump
site. Does that mean we’re lousy developers? Which of those methods
is cheating? None, if used properly. They are all means to educate. A
test is a measure of how much you know, not only your experience.
Let’s lighten up with the attitude that the only way you can be
qualified for anything is through years of experience.
—Mark A. Baker, MCSD
Microsoft has gone overboard on this whole exam thing. First of all,
it does indeed offer free sample exams (and some of the questions do show
up on the live exams). It also publishes books to help prepare (with sample
exams included), as do many others. I get somewhat incensed when Microsoft
complains about braindumps, while it has sponsored boot camps where you
can become an MCSE (taking seven exams) in 13 days. I can tell you from
personal experience, that claim is pure nonsense unless you are “prepped”
by the classes. Each exam requires about 500 to 1,500 pages of reading
plus some hands-on experience. To do the entire thing in 13 days is impossible
unless you're already prepared (they all claim minimal preparation) or
are spoon-fed the questions. As far as I am concerned, Microsoft is therefore
violating its own standards. Of course, it makes money by supplying the
training materials, and so on. Perhaps this makes it alright to them,
but to those outside, it appears a double standard.
—Bruce Waid, MCP
Glen Ellyn, Illinois
To help fix the problem, I’d recommend that Microsoft reduces
the cost of an exam to something that is more reasonable, such as $30
per exam. Also, write a test in a straight forward and factual real-world
manner, not some trickery in wording and testing for some unused obscure
fact. Most of all, don’t sell the exam questions to anyone! If these
ideas were followed, it would greatly increase the credibility of the
—Michael Blose, CCNA, NCTI, A+
Amherst, New York