Security+: Tips and Strategies for Getting Certified

In the past six months, I prepared for and passed the SY0-501 certification exam. There were a lot of misconceptions I had going in, and I’m happy to tell you that it’s not as difficult as it may seem. There are, however, ways you can prepare for it that will make the test harder, and a few that will help you make the most of your limited time.

We can start by looking at the exam objectives CompTIA has laid out for us, found here at this link as long as you have an account with CompTIA: https://www.comptia.org/training/resources/exam-objectives

This list is fully comprehensive of everything you can expect to see on the exam. There are a lot of subjects and points here, and the list can seem daunting at first. Some people make their first mistake in assuming there are parts of this list that will not show up on the exam, and the truth of the matter is every subject has a chance to come up. The good news, though, is that a lot of these subjects build upon themselves, and mastering one will make the others easier. But then the question arises, where do we begin?

Your starting point will depend mainly on what resources you use to study for the test. CompTIA has a special package that comes with a book and a free retake. Even if you’re confident, you’ll pass, knowing that you at least have a retake available to you can take some weight off your shoulders, not to mention that you save a lot of money should you end up failing your first attempt and need a retake. The book that comes with it is very comprehensive and is enough on its own to help you pass the exam.

There are a multitude of additional resources on the internet that can aid you if you’re looking for something different. Several communities exist explicitly dedicated to passing this exam, a favorite among many is the one curated by Professor Messer found here: https://www.professormesser.com/
Along with classes, you can sign up for and practice materials, Messer has put up his entire course as videos for free on YouTube and is linked from his site. These videos present content in a different order than the book, but using both in concert can prove enormously helpful. There are also communities on Reddit that can give you even more resources and answer questions.

Speaking of questions, be prepared to encounter many questions. There will be around five simulation exercises at the beginning of the test, followed by multiple-choice for the remaining questions. You can go back and forth between them and flag ones that you want to come back to before turning the test in, upon which you will receive your score immediately. A common recommendation is to skip the exercises and come back to them later as there is a time limit, and you don’t want to be in a situation where you don’t get to answer questions. However, if you see the exercise and know right away that you can knock it out, go ahead and do so. There are a lot of practice questions out there that can show you what they look like, including ones on CompTIA’s site.

Additionally, make sure you know all the ports and their associated services that will appear on the exam. There are a lot of resources available online for this, as they are a significant part of the exam, and not knowing them will easily cost you a passing grade. It is essential to know not just what the ports and services are, but what the best practice and use case of each one is. It is not uncommon to see questions give you a scenario and ask you which port and service you should use for it.

The ports and services coincide with another significant part of the exam, which is Threats, Attacks, and Vulnerabilities. If you’ve taken a course in cybersecurity or cryptography, a lot of this will look familiar. For these questions, be prepared to be able to identify attacks based on their symptoms, how to defend against each attack, and what vulnerabilities each one can exploit. The inquiries include physical defense mechanisms like identification cards, camera systems, and how to set up a room of servers.

As far as studying strategies go, give yourself a deadline, and if necessary, schedule your test well in advance to give yourself a hard deadline. Consider the amount of time you have in advance to make sure you’re not strained and skipping over a section to meet the deadline. An excellent way to gauge this is to try to cover one chapter of the book and master the material and see how long it takes you, and compare that to the remainder of the content you have left to study. Account for holidays, vacations, and additional flex time in case things come up. Study consistently, take good notes, and go back to stuff you’ve already learned often to make sure you don’t forget anything before taking the exam.