My Road to CompTIA SY0–501 Security+
My Background:
I am a recent graduate with MS in Cybersecurity from Southern New Hampshire University. I also hold a Bachelor’s degree in Telecommunication Engineering and a Masters in Telecommunication Engineering and Management. Currently, I am working as Teaching Assistant for Columbia Engineering Cybersecurity Bootcamp-Trilogy Education. I have over five years of experience in teaching at the undergrad level. I believe in enhancing my technical skills with industry certifications. In this article I am going to share my exam experience and resources I found helpful to pass the exam on the first attempt.
About the Exam:
CompTIA Security+ is known to be an Entry Level cert for IT security positions in the industry. Also, it can be a great starting point for some intermediate and high-level IT security certifications like CySA+, Pentest+, CEH, CASP, CISM, or CISSP. This certification covers a wide variety of technical topics that are essential for cybersecurity students to understand and have command of before they embark on their professional career journey. According to CompTIA, this cert will certify that an individual has the knowledge and skills required to assess the security posture of an enterprise environment, recommend & implement appropriate security solutions, monitor & secure hybrid environments, operate with an awareness of applicable laws & policies, and identify, analyze, & respond to security events and incidents. The current version of this exam is scheduled to be retired on 31st, July 2021. The new version SY0–601 is now available. Here you can read about the differences between both versions of the exam.
The exam covers six domains and exam objectives can be downloaded from the official CompTIA website from this link. Domains covered by CompTIA Security+ SY0–501 are:
Resources I used:
I started my studies during the last semester of my MS in November 2020, so I could not concentrate solely on my certification. Once I was done with my studies, I started studying for Security+ with dedication for about a month and passed my exam on the 19th of January 2021. Before taking Security+, I also went through Mike Meyer’s CompTIA Network+ course on LinkedIn to review my networking concepts. It really helped me during the exam. Following is the list and description of resources that I found helpful in my journey:
1. CompTIA SECURITY+ Get Certified Get Ahead SY0–501 Study Guide by Darril Gibson: This is the best resource that I used to pass my exam on the first attempt. Not only the content delivered in this book is to the point, but also the practice exams are very close to the actual exam as the language presented in exam questions is mostly scenario-based. This book will prepare you well for such questions. I gave this book a read thoroughly twice and went through chapter summaries the night of the exam. It also has a pre-assessment exam and a post-assessment exam. In total there are 300 practice test questions with in-depth explanations.
2. Jason Dion Practice Tests on Udemy: It contained six full-blown practice tests with PBQs. Overall, it was also a great purchase. I found these on Udemy on sale for about $10. One thing I want to mention is that Jason’s practice tests are quite challenging. I scored an 80% (which is the minimum passing score for this test) on the first test and I was feeling great but on a second test, I got a 69% and it shattered my confidence. Below are my scores on each of the six tests and multiple attempts on each of the tests. As you can see I have failed twice on my first attempt on test #2 and test #4. Don’t stress if you fail on practice tests, just keep an eye on what areas you’re struggling with and give a revision from your study materials, and also read in-depth explanations for questions you get wrong.
3. CompTIA Security+ Certification Practice Exams, Third Edition (Exam SY0–501) by Daniel Lachance and Glen E. Clarke: This book only contains practice questions with in-depth explanations of answers along with PBQs. I found this book free on my University Library as a pdf. Great book without any doubt. I found the scenario-based questions pretty close to an actual exam. This also included Total Tester, which provides you with a simulation of the CompTIA Security+ exam. Exams can be taken in Practice Mode, Exam Mode, or Custom Mode. Practice Mode provides an assistance window with hints, references to the book, explanations of the correct and incorrect answers, and the option to check your answer as you take the test. Exam Mode provides a simulation of the actual exam. The number of questions, the types of questions, and the time allowed are intended to be an accurate representation of the exam environment. Custom Mode allows you to create custom exams from selected domains or chapters, and you can further customize the number of questions and time allowed.
4. Professor Messer’s Video course on YouTube (It’s FREE): Hands down, it is a great resource. I used to read from Darril Gibson’s book and after that, I used to watch videos to seal my concepts. The video course for SY0–501 Security+ Exam contains a total of 141 videos, but they’re bite-size videos ranging from 3–10 minutes duration each. So, you can watch as much as you want in a single sitting.
5. Exam Compass Security+ Practice Tests: These free tests are helpful in exam material review and to check if you have retained the knowledge from exam objectives. These exams lack the specific style of scenario-based questions asked in real exam but you can still use them to memorize terms and definitions that you need to know for the actual exam.
Exam Day:
I took the exam at my home through Pearson’s Vue Proctor Exam. To begin with, my experience was not a pleasant one because, on the first attempt on January 10th, 2021, I was not able to complete my exam due to some unknown technical glitch that caused the browser application to reset right after the first question. It was quite frustrating. I had to launch a complaint and as it was Sunday, I was unable to have anyone to help me over the phone, so I had to wait. The next day, I called Pearson’s Vue helpline and they told me it will take a day or two to resolve the case and get another voucher to reschedule my exam. Long story short, within the specified time I got a new voucher and was able to reschedule my exam and passed it on the first attempt with 804 (passing is 750 out of 900). All is well that ends well.
I got a total of 79 questions on my exam including 4–5 PBQs (Performance Based Questions). At first glance, the exam looks quite overwhelming and difficult because the first questions that you encounter are PBQs. The right strategy is to Flag those questions and attempt MCQs first. When you’re done with all the remaining questions you can go back and solve PBQs, which now do not look as scary as they looked before. I had a question regarding “Firewall Configuration”, and “to Label key elements of CSR (Certificate Signing Request)” so it is important that you pay attention to all exam objectives and domains because you should expect anything from configurations, log analysis, interpreting outputs, etc.
Next in my Journey:
I am now preparing for CompTIA Pentest+. Hopefully, I will be sharing my exam prep experience soon.
