Passing The Security+
So I just recently passed the glorified vocab test known as the Security+. Just wanted to give me thoughts about. I studied for around a week and half. (Planned on 2 weeks, but got sick for around 4 days.) I do have a degree in cybersecurity, as well as having already taken and passed the Network+ 3 years prior. So that definitely helped.
I had planned on taking the Security+ much earlier, but once I got a fulltime job whilst still taking classes fulltime, I held off on it. I did however purchase Darril Gibson’s Security+ SY0-601 study guide before making this decision, so it ended up collecting dust for 2 years. Which is why I decided to go with the 601 exam instead of studying the newer 701 exam. I didn’t feel like blowing money on another study guide.
I ended up passing the exam with a 772. Which I guess is okay, but isn’t too solid of a score. Not that the score really matters. But it’s a lot lower than my Network+ score of 811. My strategy for preparing was to just go through the entire study guide book, page by page, and make Anki flashcards of any acronyms or topics that I didn’t know or understand. In these Comptia exams it is vital you know just about every acronym. I also used Jason Dion’s practice exams to prepare as well. Although I only ended up taking 2 of them. I took before studying anything, getting a 74%. After studying I took another exam and actually ended up getting a lower score of 68%. Honestly the score kinda freaked me out for a sec. I felt like I somehow didn’t learn anything. But really that specific exam just covered a lot of stuff I hadn’t gone into much detail about.
In reality there was a ton I learned through studying, it’s just that most of it was surface level. Which is okay, because the exam is basically a mile wide and an inch deep. It’s just that there’s 20-30 questions that go into specifics / detail. After learning the surface level details of each objective, it becomes exponentially harder and harder to retain and learn as you get deeper in each subject. The deeper you go, the more there is to understand and remember.
The way I like to look at these kind of exams is to look at each exam objective and grade yourself a hypothetical between 0-5. With 0 being knowing nothing, and 5 being pretty much impossible, like being omniscient in that specific subject.
| Level | Knowledge |
|---|---|
| 0 | Nothing |
| 1 | Newbie |
| 2 | Novice |
| 3 | Intermediate |
| 4 | Expert |
| 5 | Omniscient |
At each level it becomes exponentially harder and harder to jump to the next level.
At the beginning of your exam journey, your level of knowledge for each objective will look something like this:
There’s some stuff you know a bit about, and then other stuff you know absolutely nothing. After a bunch of studying your level of understanding improves:
Let’s say it took you 2 months of studying to get to this. Now, think about how many more months it would take to get to levels above 3.5. It wouldn’t take 2 more months or anything. It’d probably take more like 4-6 months. Just to get that much closer to level 4 for some of the objectives.
Now let’s say the Security+ exam asks questions that are between levels 1.5-3.5. And the distribution of questions is on a bell curve, with 2.5 being the median difficultly for each question. So maybe there’s a couple super easy questions, as well as a couple extremely difficult questions. So then the required knowledge for the exam is something like this:
An as long as you have enough overlap with your knowledge and the required knowledge for each objective on the exam, you’ll do fine. But the issue is you don’t know which questions from each objective will be easy and which will be hard. It’s totally random. So you that’s the reason why you have to achieve an average or so of 2.5 or whatever level to pass the exam. Because in reality, the exam could be any one these:
One main issue I have with Comptia exam’s is that there seems to be a decent amount of questions that are complete BS. Not only are you tested on your knowledge of the subject, but also how well you reading compression is and if you can decipher the true meaning of each question. It’s like Comptia likes to play English gymnastics with some of their “tough” questions. Which, while they are technically grammatically correct, it barely makes any sense. And to top it off, the options you have as answers are as vague and opened ended as possible.
There were a few questions where I was honestly kind of pissed off at how stupid they were. The question they were asking barley made sense, and the options they had for answers made even less sense. I believe it is literally impossible to get a perfect score on any of their exams, because they will always add in 4-6 questions that you pretty much have to guess on. You could bring in the smartest Cybersecurity guy on this earth, and even they would not be able to get a perfect score.
So yeah, my advice to anyone wanting to pass this exam, is first, get a book to go off of. Read the ENTIRE book, and make flashcards of pretty much anything you do not know. And then take Jason Dion’s practice exams. The thing about the practice exams, is that you should not waste them at all. You really don’t want to take them more than once. It’s supposed to simulate an actual exam so you can accurately see where you are and if you are ready to take the real thing.