I passed my CompTIA Security+ (SY0–701) exam on the first attempt with a 792/900. I started working towards the certification on 12 Jul, and attained my certification on 18 Sep. In this 2 months, I did not study every single day as I was also sporadically preparing and going for job interviews. I was also still in service at that point of time so I had work to do as well. All in all, I probably spent about a month of 2–3 hours of studying a day. This post aims to archive the steps taken to achieve this certification, and share my study resources and tips with Security+ hopefuls.
Preparation
First, I subscribed to Jason Dion’s CompTIA Security+ training course on Udemy. The course contents included 264 modules over 31 hours of video lectures with numerous quizzes peppered in between, and a summative practice exam. Undoubtedly, there is A LOT of information to digest, and most of them require memorisation instead of understanding. I’m old-school, so I hand wrote all my notes.
I also subscribed to Jason Dion’s Practice Exams Set 1 and 2. Both sets contained 6 exams, and I did 9 of the 12 exams before I was relatively confident to attempt the actual exam. The practice exams provided feedback as well, so you are able to learn from your mistakes. The biggest drawback however, is that some of the questions worded were not very clear, and did not effectively illustrate what they were asking for. I consistently scored about 75–85% on these tests.
The actual exam will consist several Performance Based Questions (PBQs) which cannot be emulated on the Udemy platform. These PBQs model real-world scenarios, and require application of the theories covered in the Security+ syllabus.
Cyberkraft’s Security+ PBQ videos were QUINTESSENTIAL, to say the least. These videos taught me how to approach these PBQs, and understand how CompTIA structures their questions. I also gained additional knowledge that were not covered in Jason Dion’s course contents. I watched every single one of those videos, as well as other Security+ related videos.
Last but not least, I tested my knowledge even more by watching Cyberjames’s Security+ Practice Exam and Walkthrough videos and Technical Institute of America’s Security+ videos. Attempting these questions gave me the affirmation that I was ready for the actual exam.
Resources:
- Jason Dion’s CompTIA Security+ (SY0–701) Complete Course (https://www.udemy.com/course/securityplus/?couponCode=OF83024E)
- Jason Dion’s CompTIA Security+ Practice Exams Set 1 and 2 (https://www.udemy.com/course/comptia-security-sy0-701-practice-exams/?couponCode=OF83024E)
(https://www.udemy.com/course/comptia-security-sy0-701-practice-exams-2nd-edition/?couponCode=OF83024E) - Cyberkraft Security+ PBQ videos (https://www.youtube.com/@cyberkraft1/videos)
- Cyberjames Security+ Practice Exam and Walkthrough videos (https://www.youtube.com/@ImCyberJames/videos)
- Technical Institute of America Security+ videos (https://youtu.be/yPqSLJG8Rt0?si=AtpluDbo9Zo8ZrNO)
Exam Methodology
The exam is 90 minutes, with up to 90 questions and multiple PBQs. The more PBQs you have, the lesser MCQs you get. All of the PBQs are front loaded. It is also worth highlighting that CompTIA will include “test” questions that do not affect your score — presumably to assess its potential implementation in future exam scripts.
I approached the exam as follows:
- Brain dump all the memorised ports and protocols onto the rough paper provided
- Skip PBQs, proceed to MCQs first
- Flag unsure questions, indicate interim answer
- Complete PBQs
- Run through all questions again
- Address flagged questions
Tips:
- Answer instinctively, the questions may be vague or unclear at times causing you to second guess yourself
- Have the answer in mind before looking at the given options
- Review all of the questions at least twice
I cannot emphasise the importance of reviewing the questions again, because I changed many of my initial answers on second read. Reviewing the questions for a second time gave me additional clarity as proceeding questions included information that I could use.
I completed the exam with 30 mins to spare, feeling fairly confident. The exam result is given immediately upon completion.
Conclusion
The Security+ is a fundamental certification for any aspiring cybersecurity enthusiast, and is well regarded in the industry. Obtaining this certification required me to have a wide breadth of knowledge across multiple domains. If you’re reading this and want to pursue cybersecurity, I think this is a good first step. I took the ISC2 Certified in Cybersecurity first, but in hindsight, I felt that it was unnecessary.
The information provided in this post is accurate as of writing, but may not be absolute — use the information as you will. Oh and before I forget, a huge thanks to Tracy who inspired me to pursue this career and provided me with so many resources. Thank you for reading!
John
