A few months back I was encouraged by a friend to get my Comptia Security+ Certification. After about 4-6 weeks of studying, I took the exam and passed with a score comfortably exceeding what Comptia considers to be its’ passing score. Woohoo!
The current iteration of the Security+ exam is call the “SY0-501” exam, and contains a maximum of 90 questions of both multiple choice and performance based questions. To pass, Comptia requires you score at least a 750, on a scale of 100-900, Which is harder then it might sound. It really is a pretty big exam, both in terms of subject matter and the sheer scope of security topics that it covers. Many people find it to be daunting and a bit intimidating – and rightly so. Comptia is also a little secretive about it’s grading policy and how it scores each question, meaning some questions might be worth more than others.
To give you an idea of what all it covers, here are just its’ overarching domains, straight out of their “Exam Objectives“:
- Threats, Attacks and Vulnerabilities
- Technologies and Tools
- Architecture and Design
- Identity and Access Management
- Risk Management; Cryptography and PKI
That means that there is a lot of stuff that can be covered under all those topics. It’s literally all things security, and well, that is naturally a lot of stuff. I was lucky in that I have worked with many of the various aspects that the exam covers, in one form or another. I was able to draw upon that knowledge, and I know it helped me greatly. For me, using my personal knowledge and reviewing the video series I mention below was enough to enable me to pass.
The good news though is that it is not an impossible exam, even for those that don’t have any pre-existing knowledge of the subject matter. Comptia literally gives us the “Exam Objectives” in a pretty clear and concise document. Everything someone needs to know to pass, is listed right there in that document. I’m not saying it’s going to necessarily be easy… Just that they aren’t hiding what they are going to be asking you questions about. Use that as a guide. Review it and make sure you can describe what each item is and how it might be used or applied. Those objectives should be the very last thing you are reviewing before you walk into your exam.
They aren’t going to quiz you so much on vocabulary and definitions, thought it does help to know those. Their questions are going to be more along the lines of which would be the better choice in this scenario, using ‘A’ or ‘B’ or ‘C’, type of questions. One of great things about the Comptia exam is that they allow you to flag, skip over, and later revisit any question on the exam. My personal exam taking suggestion is to do all of the multiple first, then go back and do the performance ones. My reason for that is time management. It’s easy to get caught up in those performance questions and end up not having enough time to finish all the other questions. So power thru all of the multiple choice questions, then do the performance questions, then circle back and revisit and multiple choice questions you flagged and were unsure about.
In my opinion, one of the best (if not the best) resources I was able to find in my studies was, Professor Messer. He has a complete YouTube series that walks though the exam objectives, covering every bit of it. He gives lots of examples of how/where you might encounter those subjects or topics in the real world. I find having a real world example helpful. He also has some other resources like a monthly study group where he spends time going a little deeper into a study question, then follows it up with a “open line” where he takes questions about anything live on the air and answers them.
The most amazing part is that his video content and study groups are FREE! He does offer a more in-depth study guide book and notes for sale on his website, which if your particular learning style requires a book to read from, you will probably find it beneficial. You can cruise right to his YouTube channel and watch all his videos on the exam and his monthly study. And if you buy his book, you can follow right along with notes. Here is a link to Professor Messer’s YouTube Channel about the Security+ as well as his website. If you’re going to go for your Sec+ exam… Definitely check him out.