Part of any robust education on cybersecurity as a field is going to involve certification exams. While there are many paths to the overall infosec industry, sooner or later, you’re going to want to earn some certs.
Certifications can help with your overall career, both in getting a job and in progressing further in the industry. Certification tests proctored by one of the major authorities in cybersecurity are tangible proof that you know what you’re talking about, and that knowledge will always be helpful.
There are many possible certifications you can earn, but one of the best introductory certs for cybersecurity is the Security+. So what is it, how can you pass it, and what can you use to assist you in studying for it?
What Is the Security+ Exam?
Security+ is a certification issued by the Computing Technology Industry Association, also known as CompTIA. CompTIA is a nonprofit trade association, created to help maintain some level of standardized education in computer science and technology. Before CompTIA and other authorities were organized, there was no standard to computer education, since the field was simply too new.
CompTIA’s primary role in modern information technology is two-fold. First, they develop exams and issue certifications that prove the knowledge of the students who take those exams. They don’t hold classes or issue degrees, like an educational institution. They simply offer tests to all who believe they know enough to attempt to pass them. Because of this, their exams are widely known and respected, and their certifications are valuable. CompTIA has no incentive to pass people who don’t quite reach the goals, so the people who earn their certifications truly do earn them.
The other mission of CompTIA is performing studies and surveys to track and monitor the overall IT industry. They publish over 50 studies per year, tracking trends, monitoring developments, and watching an evolving industry. They’re a very important resource for anyone who seeks to understand the overall computer and info-tech industries.
That’s CompTIA, but what about Security+?
The Security+ exam is one of the many certifications CompTIA offers. It’s one step up from the IT Fundamentals+ certification that they consider a basic cert. Security+ is considered a Professional Level Certification, alongside others such as A+, Linux+, Project+, and Server+. Security+ is also a precursor to a Master-level certification known as the CASP, or Advanced Security Practitioner certification.
CompTIA offers several stacks of certifications meant to represent a complete foundational knowledge of information technology. The CompTIA cybersecurity specialist pathway includes earning the A+ and Network+ certs in addition to Security+ as a specialist or linking Security+ with PenTest+ and CySA+ for a security professional role, among other options.
To sum it up, the Security+ exam is a test that examines your knowledge of modern computational security practices, concepts, and processes. It’s vendor-agnostic, so you don’t need specific knowledge of individual systems, but rather a generalized awareness of security practices, threat vectors, assessment, and protection. Passing the test earns you the certification, which opens new doors for job prospects and career progression.
Tips for Passing the Security+ Exam
There are a lot of different tips out there for passing the Security+ exam, though many of them are less than helpful. We’ve distilled down the most valuable of them in this section.
Use a study guide. Study guides are generally written by people who have passed the exams themselves and thus know their contents. We’ve selected a handful of study guides in the section below for you to peruse.
Take a practice test. The final section of this blog post includes our list of recommended practice tests. Keep in mind that some study guides may include practice tests or practice questions, but they may or may not reflect the actual questions on the test. The full test gives you 90 minutes to complete 90 questions, so they’re all generally quite short, but in-depth.
Join a security community. If you’re interested in cybersecurity, you should already be following relevant blogs and Twitter accounts, but it may also be time to participate. Join relevant groups on Facebook or LinkedIn, or look for specialized Security+ web forums where people discuss their studies and the topics of the day. Even if you don’t learn the specifics of the tests, you can network with other students and authorities, develop interests, and figure out where you might want to progress beyond the Security+ exam.
Take a course. Formalized education can be helpful, particularly for people who don’t do well studying on their own or motivating themselves to work for a nebulous goal. A structured course can give you a foundation in all things cybersecurity, from which you can branch out to specific studies and identified weak points in your knowledge. Our course is a great option to check out.
Try a boot camp. If a course takes too long for you, or you want something shorter and more intense, a boot camp might be right for you. A Security+ boot camp is a 3-5 day course with intensive, deep-dive lectures, exercises, and tests on the topics of the Security+ exam. It’s a good way to throw yourself into the deep end immediately, learn as much as possible, and figure out where you need to go next.
Avoid “real tests” or “brain dumps”. These unauthorized training materials typically claim to be actual copies of the real test, so you can study specific questions and memorize answers rather than learn fundamentals and establish knowledge of security practices. CompTIA warns against these, both because they’re the result of theft and copyright violations, and because this method of training devalues your education and, worse, makes you more likely to fail in your job.
Don’t stress over perfection. The test is 90 questions and is scored on a scale from 100 to 900. A passing score is 750. If a particular question is causing you problems, skip it and come back to it later. You have some leeway in the time it takes for the test, but not a ton, so try not to waste time on a question you don’t know or would have to struggle to remember. Come back to it later and get the rest out of the way first.
Decide which test to take. The Security+ exam has a rolling set of exams whenever they release a new version. This is to allow students who have spent months studying for one version to take that version, even if a new version has been released, so it doesn’t invalidate their study. As of right now, there are two versions; the SY0-501 and SY0-601. You can currently take the 501 version up until July 2021, at which point it will be retired.
The 601 version adjusts which domains are in focus for the exam, and the weight of each domain. You can read more about the differences between them here.
Pay attention to capitalized words. In the test, you will see all-caps words like MOST, LEAST, and BEST. These are superlatives meant to identify between similar choices in a multiple-choice test. Often, you’ll find cases where a question has four answers and is only asking for one of them, but two or more are applicable and reasonable suggestions. In these cases, look for the all-caps words to indicate which of those choices is the one you should really pick.
If you have the budget, consider a retake package. CompTIA does not offer free retakes on their exams, but you can purchase a more expensive version of the test that offers a retake voucher if you fail the first time around. It’s more expensive, yes, but the peace of mind of “I have a fallback in case I might I fail this test” can make it less stressful, and thus easier to pass. It might be worth considering if you have the budget for it.
Security+ Study Guides
This selection of study guides represents a variety of different formats for learning the contents of the Security+ test. A study guide alone won’t ensure you pass, but it can be a foundation for reading deeply into specific topics you’ll need to know to take the exam. Here are some recommended study guides you can try out.
The Official Study Guide for Security+ – This study guide is the officially sanctioned study guide for Security+. It’s slightly less than ideal for many students, simply because it’s not a free guide; the full guide, in paperback or as an ebook, costs over $150.
This is an excellent guide in that it’s written by the same group that writes the exam, so you’re guaranteed to cover everything on the test. Some people balk at the expense, and some don’t like that it doesn’t come with practice tests, which we cover in the next section.
Netwrix’s Study Guide – This six-chapter ebook offers details on the major sections that represent most of the Security+ knowledge base. Learn about threats, attacks, and vulnerabilities in chapter one, tech and tools involved in security in chapter two, security architecture and design in chapter three, identity management in chapter four, risk management in chapter five, and cryptography in chapter six.
You can use this study guide before you begin studying for the Security+ exam to give you an idea of what areas of study you need to pay attention to the most. Alternatively, you can use it after you’ve taken a course or studied for the exam in other ways, to help self-diagnose weaknesses in your education.
Alternative Study Guides – There are several other paid study guides available on Amazon in varying price ranges and by various authors. Many of them are serviceable, though you want to make sure that the guide you buy is relevant to the current version of the test. Out of date guides may have errata on the sites of the authors, or they may be replaced by more up to date versions.
Keep in mind that cybersecurity is a very fast-moving field with lots of tug-of-war between attackers and defenders globally. While many of the fundamentals don’t change, specifics can change quite rapidly, so it’s important to use updated resources to learn.
Security+ Practice Tests
Some study guides come with practice tests, though the official guide does not. Practice tests can give you an idea of how the questions will be formatted and can give you experience with taking a similar exam. The questions will not be the same, but they will be in the same format and the same style, so you can start to learn the quirks of the language used to test your knowledge. Practice tests can also offer the reasoning for the answers and explanations of why an incorrect answer is incorrect. This is an invaluable resource for studying for a high-pressure exam.
CompTIA’s Official Practice Tests – CompTIA provides their own practice tests for their exams. They are relatively limited in comparison to some larger testing engines and services, but they are also written by the same people writing the actual questions, so you’ll be able to see the same formats and mindsets behind them.
GCGA Practice Questions – this is a $50 practice test that comes with over 300 questions, along with explanations of the answers, right and wrong. It also has a section of performance-based questions, similar to the practical questions the actual exam will ask you.
ExamCompass – ExamCompass provides 24 different sets of practice questions, though those questions are all of the multiple-choice variety and do not include any of the performance-based assessments that the real test will include.
One of the best ways to prepare for a hard exam such as the Security+ test is to take some kind of formal education. Not everyone is capable of self-motivation and preparation to the extent needed for this kind of test. Formalized education can be designed from the ground up to cover all of the bases, giving you a robust knowledge of the industry suitable for taking a dynamic test like the Security+. By taking a course like ours, you can be sure of passing and knowing enough to feel confident in your job after you earn your cert. Why not get started today?