I am currently a graduate student at Carnegie Mellon University (CMU) and studying Information Security and Policy Management with an emphasis in cyber security. I have a background in the topics covered in the CompTIA SY0–601 Security Plus exam. Before you read more, I want you to understand that you don’t have to have an academic background in information security to pass the Security Plus exam. Prior to studying the material, I had a basic understanding of all the topics that pertain to the exam. This only means that you need to spend a bit more time studying to gain that basic understanding of topics such as networking, cryptography, and malware. The exam consists of 80% memorization of terms and 20% understanding. This article will outline the following:
- Who should take the exam?
- Why should you take the exam?
- You want to take the exam. Now what?
- Basic layout of the exam
- My study schedule and process
The ‘Who’ — If you want to change career fields, enter the IT field, increase your skillset at your current job, or increase your earning potential, the compTIA Security Plus certification is a great place to start. One of the best things about this exam is that it is an introductory certification if you want to enter the information security field. All the information you need can be found on the internet and within books to pass the exam. No real-world IT experience is necessary to pass the exam. Here’s a list of jobs that you could land with the certification:
- Junior IT Auditor
- Penetration Tester
- Systems Administrator
- Network Administrator
- Security Administrator
The ‘Why’ — If you have done any research on certifications, you know that there are arguments on whether you need certifications to get a job or that someone without a certification can still do the job. In my experience, recruiters, HR, and several companies want you to have a certification in order to get an interview. It does pay to know someone to bypass the HR mess, but you still need to nail the interview to get the job. Studying the basics of information security will go a long way in an interview. If you want to work for a government agency, defense contractor, or many private companies, a certification is necessary to work on projects or get hired.
The ‘Now what’ — Now that you understand the who and why, let's lay out the now what. There are a lot of online resources that offer insights on how to pass the Security Plus exam. I encourage you to do your own research and figure out what works for you. I figured out a 2 week studying schedule and process that worked for me. Depending on your knowledge, you can adjust the study schedule, as you will see it is easily adjustable.
A good rule of thumb is get study matieral from 2–3 sources because not one resource will provide all the information needed to pass the exam.
The exam is focused on 5 sections, and it is important to understand all the topics and definitions pertaining to each section. The questions on the exam are often put into real world scenarios, and you have to choose the best possible choice or choices. It is important to refer to the sections mentioned below as most (70%) of the exam is covered in the first 3 sections.
1. Attacks, Threats and Vulnerabilities → 24%
2. Architecture and Design → 21%
3. Implementation → 25%
4. Operations and Incident Response → 16%
5. Governance, Risk and Compliance → 14%
More information can be found here.
Details about the exam:
- The current version of CompTIA Security is the SY0–601 released November 12, 2020.
- The cost is $381 USD and $240 USD for students.
- The maximum number of questions is 90 with multiple choice and performance-based questions.
- The passing score is 750 (on a scale of 100–900) or 83%.
- More information about the exam can be found here.
- Read a CompTIA Security Plus SY0–601 Study Guide.
I purchased this book because it had great reviews and outlines the material with little fluff. It explains the basics of the concept and often provides great examples that make real world connections to technology. I spent the first week reading the book and creating a study guide for the end-of-chapter review questions. Each chapter varies on length and the number of questions will vary in number from 30–60 questions. After each chapter, I typed out the questions and found the answer to each question within the chapter. The answers are in the index in the back of the book. Finding the answers helped me better understand the material and prepare for the types of questions asked on the exam. The questions aren’t exactly the same as they are on the exam, but being exposed to questions and material is what is important at this point. I would review the questions each night before I went to bed.
2. Use Professor Messer material to accompany study material.
Professor Messer is a great resource as you can watch his videos online for free. It is a great way to better understand the key concepts such as malware, cryptography, cloud security, risk mitigation, and compliance. The videos are great and are built into sections and segments to facilitate studying. Some topics and definitions are pretty straight forward, and you only have to read them once or twice to remember. Others require repetition to memorize. I used the videos to supplement the book which means I used the book as my primary source to find definitions and examples. I would supplement my studying with Professor Messer videos and Google if I needed more examples and a deeper understanding.
After reading the entire book, watching videos, studying all the end-of- chapter reviews, it is time to take the 2 practice tests at the end of the book. The point of this is to see where your knowledge level is at based upon your scores. Don’t get discouraged by your score; this is a chance to see where you need to improve. For example, I had a great understanding of the Section 1 — Attacks, Threats and Vulnerabilities, but I needed to study the other sections more thoroughly.
3. Use flash cards.
My preference is to use the Quizlet app because I can access them from anywhere from my phone and they can create questions for you based upon your Quizlet study set. Quizlet is free and also offers a Plus version with more features. The free version will suffice and is a great tool to memorize defintions. A lot of the exam is memorization, and eliminating the wrong anwsers to find the correct one is a great strategy. At this point, I went through the book again and filled in the gaps with definitions that I needed to study again. For example, the cryptography section is less intuitive than other sections and takes a lot of effort to understand. There are also a lot of terms to memorize. To give you a better idea, I ended up with about 200 terms/flashcards.
4. Practice Exams, Practice Exams, And More Practice Exams
There are several places you can find practice exams, but I found Professor Messer content valuable and affordable. Check out the the Professor Messer exams here. At this point, the score is important to judge your knowledge level and to make adjustments to fill in the gaps. If you’re earning 90% or above on the practice tests, you’re ready to take the exam.
It is important to set an exam date and create a deadline for yourself. If you give yourself 3 weeks, you’ll make it happen in 3 weeks. If you never create a deadline for yourself, you most likely won’t accomplish it.
I bought the education test voucher and scheduled my exam in two weeks. I felt that was a sufficent amount of time as I had time during my winter break to study for the exam. I would say that Professor Messer’s practice exams were fairly accurate and provided a great deal of information about the type of questions on the test as well as examples of how the questions will be asked, which is most commonly done through scenarios as a security professional.
I found it extremely important to review the questions that you missed on the exam. Professor Messer’s exams also have detailed explanations of each question and links to videos that cover the topic. After each practice exam, I would review what I missed and study those flashcards more heavily. I created new flash cards to ensure that I wouldn’t miss another question based upon that term/topic. As I repeated this process, I saw my scores increase by 6–8%. If you need additional practice, you can always repeat the practice exams as you mostly likely won’t remember the answers after you have taken several tests. Based on my exam scores, after taking 5 practice exams, I was ready for the exam.
In conclusion, you can pass the security exam with these 4 simple steps. Though it won’t be easy and will require much effort on your part, it will provide you with the basic knowledge to help you in your learning journey and career.
- Read the entire book to get basic knowledge.
- Use Professor Messer material to supplement your learning.
- Use flash cards and memorize terms.
- Take several practice tests, review, study terms, and repeat.
Thank you for reading! I hope that this short article has helped you in your goal to pass the CompTIA Security Plus exam! If you would like to purchase the book referenced above, feel free to use this link to purchase your CompTIA Security+: SY0–601 Certification Guide as I am an affiliate of Amazon. Thank you for the support!