My security+ journey was a fast-paced grind but I think I learned enough to help pick study materials and what sections to hit the hardest. To start off Darril Gibson’s “CompTIA Security
+ Get Certified Get ahead Study Guide” is a must. This book has everything you need to pass this cert but if you’re like me not everything will stick with how it is explained. This is where professor Messers’ Free youtube series comes into play. His videos are short and sweet and right to the point and he hits hard on only the information needed for the test. This test doesn’t require Jason Dion’s udemy course in my opinion but knowing it’s out there is never a bad thing. Now that we have all the study materials out of the way it’s on to the real meat and potatoes.
What topics are there on the exam?
Below is the breakdown of domains for the exam, coupled with the percentage of questions belonging to each domain. Technologies and Tools have the highest percentage, but in reality, nearly every question will somehow be related to them, because it is the foundation for everything else.
- Technologies and Tools – 22%
- Threats, Attacks, and Vulnerabilities – 21%
- Identity and Access Management – 16%
- Architecture and Design – 15%
- Risk Management – 14%
- Cryptography and PKI – 12%
So what are performance-based questions?
The words “performance-based question” strike fear and raise the heart rate of any average CompTIA test taker, myself included. However, you shouldn’t be afraid of them on the Security+. The reason people get so blindsided by these questions is that they don’t put the proper time into studying for them. The knowledge of the rest of the theoretical material will help you complete them, but you can’t rely on it solely. These questions include, but are not limited to: Setting up a Wireless Network You are given an interactive network diagram and are supposed to change the settings in a way that will make it work. It might include setting the correct IP for a radius server or enabling a correct security protocol on the Access Point. Know your WIFI protocols and port numbers.
Configuring a firewall
You are given a set of instructions, a network diagram, and an Access Control List of a firewall. You are supposed to modify it in a way that will satisfy the instructions you are given. Review CIDR notations and remember your port numbers for this one.
Drag-and-Drop Security Controls
You are given a selection of different security controls and are tasked with applying them where it’s appropriate on a given network diagram or even a building. Remember the best practices related to choosing security controls and you should have no problem completing this one.
Drag-and-Drop Matching
This is a wildcard. You might be given a list of ports to which you have to match services. You might be given a list of attacks to which you have to match definitions or remedies. You might even have to match RAID levels. You should be fine with this one without any special prep. This is the same information you study for the rest of the test.
Drag-and-Drop Correct Order
You may be asked to put the right order for a process such as incident response or order of volatility. Same as the last one, study the regular material and you will be fine with this one.
Command Line
I have not encountered this one on my test and I don’t know anyone who has, but people say these questions might also appear on the exam, so you should nevertheless study for them. Review basic Windows and Linux commands and you should be fine. Also, try the “help” command. It works in CompTIA’s example PBQ, so it should theoretically work on the exam.
One important note about performance-based questions: Flag them for review and proceed with multiple choice. That will prevent you from losing precious time if you get stuck and the multiple-choice questions will refresh your mind before you get to the real stuff.
Acronyms and Port numbers
There will be a LOT of acronyms on the exam, so prepare yourself for that by doing flashcards. Same thing with port numbers. This is the only part of the preparation which is pure memorization. Do them until you can remember most of it.
Threats, Attacks, and Vulnerabilities
This section was where most of my questions came from, making sure you know the different viruses and malware can easily earn guaranteed easy correct questions.
To conclude
This test in my opinion is the easiest CompTIA cert and is where most people should start out. The main thing to hit on is to be prepared for the performance-based questions. Most people even myself included worry about remembering all the different topics and acronyms and then when they finally test are caught off guard when the first question is to configure a router for example.
Links
- Professor messer: https://www.youtube.com/watch?v=UbxRf_9Rcmg&list=PLG49S3nxzAnnVhoAaL4B6aMFDQ8_gdxAy&ab_channel=ProfessorMesser
- Book: https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059/ref=sr_1_4?crid=20YRXUBM2UOYA&keywords=CompTIA+Security%2B+Get+Certified+Get+Ahead%3A+SY0-501&qid=1657136648&sprefix=comptia+security%2B+get+certified+get+ahead+sy0-501%2Caps%2C194&sr=8-4
- Udemy course: https://www.udemy.com/course/securityplus/
SHARE ON