I recently passed the CompTIA Security+ (SY0-701) exam and want to share my experience with you in the hopes that it will better prepare you for the exam.
I had quite a bit of relevant knowledge going in and scored 79% on a practice exam prior to studying anything. I’m still genuinely surprised by how much I did learn given my starting point.
It shouldn’t be discounted that exam objectives, whether you plan to obtain a particular certification or not, provide a comprehensive and well rounded roadmap of what is important in an area of study. In my experience this is frequently what is missing in self study.
Every exam experience is likely to be different. Given the wide selection of objectives you’re simply not going to see everything you study on the exam. This might seem like a good thing and a bad thing, but it’s really only a good thing. Every objective in the exam is useful to know and will likely come up at some point in your career.
The exam was definitely more challenging than I anticipated.
I would say that only 20% of the questions that I was presented with were direct and unambiguous. The other 80% of questions were ambiguous and required critical thinking. A lot of questions used adjectives like best, safest, most effective, or most secure which forced me to consider context and know enough about the subject matter to eliminate and rank order potential answers.
I advise you to think carefully about each question, and don’t be discouraged by the fact that the questions aren’t as straightforward as the questions you might have anticipated going in. It’s just the nature of this exam.
Study Materials #
I used a few resources to study for the exam.
- CompTIA Exam Objectives PDF
- Jason Dion’s CompTIA Security+ Udemy Course & Practice Exam (price varies)
- Professor Messer’s CompTIA Security+ Course on YouTube
- Professor Messer’s CompTIA Security+ Practice Exams PDF
(3 for $30)
All of the study materials were helpful, but none of them contributed directly to my success.
What do I mean by that?
I took a total of 4 practice exams. Almost none of the questions from those exams would have appeared on the exam that I took. They were too direct and frankly didn’t make me think as hard as I did on the real exam. Professor Messer’s Practice Exams PDF gave me an edge, to some degree, in that it did require me to make comparisons and consider alternatives.
You are not prepared for the Performance Based Questions (PBQs)
Memorization alone is not going to get you through this part of the exam. Understand how you might configure setups contained within the objectives, interpret logs, and where you might place devices in a diagram. None of the study materials that I used did a particularly good job preparing me for these questions. If I could go back and change one thing about my studies I would have spent more time really drilling these questions.
Not necessarily in terms of content, but in terms of difficulty, the PBQs that most closely aligned with the exam were Cyberkraft on YouTube.
On the exam, take the PBQs last. Flag them and come back after you’ve answered all of the multiple choice questions. I don’t recall who gave me that advice, but I’m glad I heeded it.
Jason Dion’s course is very informative, but it’s also 31 hours of material. If you only have a small amount of time every day to study this course will provide you with a structured approach to covering the material. It does not follow the same order as the exam objectives, if that is important to you. The practice questions and practice exam were too easy and not demonstrative of real exam readiness, in my opinion.
Professor Messer’s Security+ playlist is probably the most efficient study material I found. If you’re looking for just enough information to pass, this is probably the resource to choose. I benefited from his practice exams and would recommend them to anyone. They definitely made me more confident going into the exam.
Bonus: Cyber James on YouTube also has many good practice questions to help you understand the concepts, but like all of resources mentioned here the difficulty is lower than what I saw on the exam.
Conclusion #
There’s a lot of gimmick content out there from people saying that they passed after studying for two days, one week, or a month. Don’t let these sources fool you.
Only take the exam when you feel reasonably confident that you have a solid understanding of the exam objectives. Everyone takes a different amount of time to prepare and it doesn’t matter how long it takes you. The only thing you’ll learn from not passing is that you were not as well prepared as you thought. Do not study to pass, study to understand. I know it’s trite, but it’s absolutely the only way to really succeed.
Study every objective, have a good understanding of the concepts, their relationship to each other and how they fit into the broader picture. Do not underestimate this exam, particularly if you do not have previous experience in tech. Thankfully there’s no curve balls in the exam, you simply have to understand the objectives. Make an effort to really understand the objectives and you should do fine.