Passing The CompTIA Security+

I recently took the CompTIA Security+ SY0-601 exam and want to share my experience to help others be successful. The current version of the exam is the SY0-701, but I believe my experience is relevant and will help you understand and prepare for your exam.

The Pearson VUE Testing Center

Know exactly where the testing center is. Don't waste time on the day of the exam figuring out how to get there. I recommend eating some protein and a little bit of high glycemic index carbs with fiber and drinking coffee before the exam. I have blood sugar problems and I did not want to have issues while taking the test. If you special considerations or a disability, check this page to find out how the testing center can accommodate you. Arrive at least 15 minutes before your exam. You will have the opportunity to stow your phone and backpack in a secured locker. They will be locked and the proctor will have to open them for you to remove your belongings.

Test Composition

First of all, you will notice a timer on the top right of your exam. You have 90 minutes to complete the exam. You will see a flag next to the timer. Clicking on this marks the question and allows you to go back to it on a summary screen. The exam consists of a combination of multiple choice, drag and drop, and performance based questions (pbqs). The multiple choice questions can have a single or multiple answers, but no more than two required choices. Performance based questions are simulations. You can see a demo here or try a pbq here.

Taking the Test

Performance Based Questions: I completed the performance based questions first and took my time going through them carefully. The simulations' instructions are straight forward. Either you will understand the concept or you won't. I found one to be difficult, so I flagged it and skipped it completely, to return to later.

Testing Philosophy: This was my philosophy for the entire test. I did not want to linger on any single question for too long. I flagged and skipped questions I needed more time on. I spent up to 30 seconds carefully reading and answering questions I felt I understood and finished questions I felt I understood with about 20 minutes left over. So, I began going over what I had skipped, being very aware of the time left. I had skipped 10 questions plus the performance based question, so I estimated I would need a maximum of 5 minutes for the pbq and had a maximum of 1? minutes for the rest. After answering everything I had about 5 minutes left, so I began reviewing everything. I felt I wanted to change answers but did not want to second guess myself, so I left them alone and stopped the exam with time left over.

Domains:

The domains are the same for all versions of the Security+. They are just updated with new technologies and concepts. Please note that the examples below are for SY0-601 and SY0-701 will have a greater focus on some key concepts. These are what I feel are the top 3 concepts for each domain.

Threats, Attacks, and Vulnerabilities (24%): Covers understanding and identifying various types of threats, attacks, and vulnerabilities, along with penetration testing and vulnerability scanning concepts.

• Types of Attacks: Understanding various attack types such as phishing, on-path attacks (formerly known as man-in-the-middle attacks), and distributed denial-of-service (DDoS) attacks .
• Threat Actors: Identifying different threat actors like organized crime, nation states, and insiders, along with their motivations and methods .
• Vulnerability Management: Techniques for identifying and managing vulnerabilities, including the use of vulnerability scanning tools and understanding the different types of vulnerabilities such as zero-day and known vulnerabilities .

Architecture and Design (21%): Focuses on understanding secure network architecture and design, including the implementation of secure cloud and virtualization technologies.

• Secure Network Architecture: Understanding and implementing secure network design principles and network segmentation.
• Cloud and Virtualization: Securing cloud and virtualization technologies, including the different models (IaaS, PaaS, SaaS).
• Embedded Systems and IoT Security: Ensuring the security of embedded systems and Internet of Things (IoT) devices.

Implementation (25%): Encompasses the implementation of secure network protocols, endpoint security, mobile and embedded device security, and wireless security settings.

• Secure Protocols: Implementing and using secure protocols like HTTPS, SSH, and SNMPv3.
• Endpoint Security: Applying security measures to endpoint devices, including mobile and embedded device security.
• Network and Security Configuration: Configuring network security settings, such as firewalls and intrusion detection/prevention systems.

Operations and Incident Response (16%): Deals with the execution of organizational security operations, monitoring and analysis, and incident response procedures.

• Incident Response Processes: Understanding and applying the phases of incident response, including preparation, identification, containment, eradication, recovery, and lessons learned.
• Forensics: Collecting and analyzing forensic data to support incident response efforts.
• Monitoring and Detection: Implementing and utilizing monitoring tools and techniques to detect and respond to security incidents.

Governance, Risk, and Compliance (14%): Involves understanding compliance frameworks, risk management concepts, and the importance of security governance and policies.

• Regulations and Compliance: Understanding various regulations and compliance requirements such as GDPR, HIPAA, and PCI DSS.
• Risk Management: Implementing risk management frameworks and methodologies to identify, assess, and mitigate risks.
• Security Policies and Procedures: Developing and enforcing security policies, procedures, and controls to ensure organizational security and compliance.

Test Preparation

• I purchased the CompTIA Security+ Study Guide and Practice Tests and bought CompTIA's CertMaster Bundle, which included an exam voucher. This included a very thorough tutorial of each domain with intermittent testing as well as labs to practice in a simulated environment.
• TryHackMe: I have learned more from TryHackMe than any other source. I suggest you begin taking their free courses, focussing on the Security+ domains and then purchase a subscription. This is my subscription URL. It's very cost effective and, if you're really interested in a career in IT and cybersecurity will be invaluable. You can take a look at my progress here: https://tryhackme.com/p/sidchoudhuri
• I used Professor Messer's Course Notes and Practice Exams and regularly watched his free Security+ Youtube playlist. I focussed on the concepts I understood least and then watched the entire thing a week before the exam.
• I uploaded Messer's Notes and Exams to ChatGPT and created an agent to quiz me or show me flash cards for any of the domains. I can't share it, because the material is copyrighted, but it should be fairly easy for you to formulate a prompt and do the same. If you need help, ask me.

• Three days before the exam up until 15 minutes of taking it, I watched Pete Zerger's free Exam Cram Youtube playlist for the Security+ at 2x speed. This is a great supplement to Professor Messer.
• I joined several cybersecurity groups in my city and began attending their free meetings, The Cyber Security Global Alliance, Toronto Area Security Klatch (TASK), DEFCON Toronto as well as OWASP and SANS. This is invaluable for networking. Recruitment is done at the end of many of these meetings.

General Tips

• The exam (and the IT field in general) is full of jargon and acronyms. You don't need to understand these concepts in depth, but must know what they are and are not and how they fit together. For example, on the SY0-601 you will be asked about different types of cloud services and must know what each does and does not provide.
• The exam is "a mile wide and an inch deep". This means you do not need to be an expert on the many topics covered, but you must understand every one of them thoroughly enough to be able to explain each to a beginner in IT.
• It's possible, but I don't believe it's enough to be an absolute beginner with an interest in IT and take a boot camp or cram for this exam and pass. It's possible if you are very disciplined and genuinely study for 6 months. But, you really should have at least one year of systems or network administration or have worked at an IT help desk job or an IT related job. I know this is easily said and that you are, likely, taking the Security+ to get a job in the first place, but this practical experience helps immensely.
• You should know the concepts covered in the Network+ exam. If you don't know what that is, take a look here. Specifically, know and understand these two networking concepts:
• The OSI Model: Understand each OSI layer, what hardware or software and what protocols and ports are involved at each layer. Understand the relationship between frames and packets. Understand how data is encapsulated travelling downwards and how data is decapsulated going up. Understand what vulnerabilities and exploits exist at each layer. Research these concepts and create a table of all of this. It will help you picture network concepts, operations and security in a holistic manner.
• Subnetting: Understand public and private subnets. Understand bitwise masking and how CIDR is simply the number of bits, left to right that exist in the subnet mask. Understand how this limits, increasing and decreasing the number of available addresses and how, because of the nature of this structure, only certain numbers of endpoints can be easily defined using each CIDR block. Learn to count in binary from left to right very quickly until you are able to visualize at a glance how each bit in a byte translates to an octet in an IP address and its mask.
• Learn to use Google and ChatGPT or Perplexity AI to quickly find the answers to your questions. This may sound dismissive, but it is what I do every day, working in IT. I always tell people that I do not know everything about my field. I do know, however, that every single IT concept is documented on the internet. Learn to form concise queries. If you are a complete neophyte and really don't know what to ask, use ChatGPT over Google.
• Finally, take the FREE ISC2 Certified in Cybersecurity (CC) exam. This exam and its study materials are offered FREE by ISC2. Study for this first using ISC2's free materials and take the exam. It will tell you which domains you understand and which you are weak in. This will help you immensely in preparing for the Security+.
• After you've passed the Security+ you will be able to renew your certification using Continuing Education Units (CEUs), either a course or credits for different activities.

Please feel free to add and message me on LinkedIn, but I am not open right now for other solicitation.

I hope this overview has been helpful.