How I passed: CompTIA Security+ SY0–501
Today I’ll be reviewing the CompTIA Security+ SY0–501 exam, a foundational cybersecurity exam emphasizing secure systems and application design, threat analysis, risk mitigation, and security operations. As one of the first certifications meeting DoD 8140 (8570) requirements, Security+ is well-recognized as one of the oldest and most popular entry-level cybersecurity certifications available today.
Exam Information
The Security+ SY0–501 exam contains five weighted sections:
- 21% Threats, Attacks, and Vulnerabilities — indicators of compromise, types of attacks and vulnerabilities, threat actors, penetration testing, vulnerability scanning
- 22% Technologies and Tools — network components, software tools, security troubleshooting, log reading, mobile device security, protocol security
- 15% Architecture and Design — security frameworks and best practices, secure network and systems design, staged deployment, embedded systems, and software development, cloud and virtualization technologies, resiliency, automation, physical security controls
- 16% Identity and Access Management — AAA, identity and access services and controls, account management
- 14% Risk Management — policies, plans, and procedures, business impact analysis, risk assessment, incident response, computer forensics, disaster recovery and continuity planning, security controls, data security and privacy practices
- 12% Cryptography and PKI — cryptography concepts, cryptography algorithms, wireless security, public key infrastructure design and components
There is a maximum of 90 questions (multiple-choice and “performance-based,” AKA simulations) on the exam, with 90 minutes to answer them. A passing score is 750 on a scale of 900, or roughly 83% (although not all questions are necessarily weighted equally or counted in the score).
How I scored
I’m going into my sophomore year studying cybersecurity at RIT in upstate New York. I have worked part-time and as a contractor for IT-related jobs, so I had a fair amount of experience coming in.
I studied from July 10th to July 19th, with the test at 9:00 AM on July 19th. The exam presented me with 83 questions and four performance-based questions. I passed with a 799/900.
How did I pay for the exam?
The CompTIA Academic Marketplace offers nicely discounted exam vouchers for students enrolled in accredited colleges and universities. I highly recommend you take advantage of these offers if you are a student.
The Pearson VUE testing centers
Test centers vary widely in terms of comfort and noise. I have taken exams in secluded rooms with little noise, open spaces with glass windows that do not shield you from the noise of the surrounding business, and once in a dimly-lit room with a noisy ventilation system. However, all of the centers are standardized in their procedures and equipment and are generally kept very clean. I highly suggest checking the reviews of the location you will be testing to ensure they adhere to these standards, as I did find one that was not.
Schedule a time you know you will be not tired and can think clearly. For me, that’s usually mid-morning, but the time also depends on availability. You may only have one choice to schedule a time (like at 8:00 AM), especially if you wait until the last minute to make an appointment. You are allowed to reschedule an exam up until 24 hours before the appointment as many times as you choose, though, so best to make it sooner than later and then reschedule if you don’t feel prepared.
You will need two forms of ID (a primary with name, photo, and signature, and a secondary with name and photo or name and signature). You will sign the candidate agreement, they will check your signature and take your picture, and then you will initial on a sign-in/out form.
Pearson provides a flimsy legal-size dry-erase paper, a fine-point marker, and earplugs with every exam. Don’t initial the form until you get these if you plan on using any of them, as it confirms that the test administrator offered them to you. Finally, you must lock all your personal belongings in a box or locker before entering the secure test room.
The PC also has you agree to the exam terms before you can start. At the end of the exam, you will typically take a survey, and then your results may be presented on screen. Regardless of if they are or not, you will receive a printed score report and a digital embosser code that lets you view your score online before you leave. You mustn’t leave the test center without receiving this form, as it is an official confirmation that you took the test. Sign out and return the whiteboard (don’t erase it!). As long as you scored at or above CompTIA’s minimum competency score, you will pass. A pass is a pass, and only this fact will appear on your certificate, not your score.
On to my study materials:
CompTIA Security+ SY0–501 Exam Objectives (Free)
It should go without saying, but the exam objectives should always be the first resource that anyone studying for a certification exam should review.
Download the topics in PDF format. Cross out or highlight content that is familiar or unfamiliar to you, take notes in the margins, essentially do whatever you need to give yourself a clear picture or roadmap for how you will attempt this exam and in what order you will study the content. Sometimes, CompTIA’s syllabus is not always the best order in which new students should learn the content.
Professor Messer’s 501 Video Series (Free)
Professor Messer’s videos are a mainstay with me when it comes to CompTIA exams. Messer’s videos are short, to the point, and cover everything you need to know (although he can be very monotone, which doesn’t work for some people).
For the A+, Professor Messer had an excellent book of Pop Quiz questions that I used to study and practice. Unfortunately, as I found out with the Network+, he doesn’t yet have this resource available for the other exams. Therefore, I had to find an alternative source for practice exams. He still does offer course notes for sale for Security+ ($20) for those looking for that resource, though.
Darril Gibson’s GCGA SY0–501 Security+ Study Guide ($10, Kindle version)
I’m not the kind of person who usually advocates for reading textbooks when studying for an exam, but Darril Gibson’s Security+ Study Guide is a great resource when combined with his practice test questions (below). I chose it due to its consistent recommendation on the Reddit r/CompTIA community. The content seems to be more in-depth than Professor Messer’s videos, although some concepts seem to skirt the edges of what will actually be tested on the exam.
Darril Gibson’s GCGA Premium SY0–501 Security+ Practice Test Questions ($50)
I probably spent the most time studying Darril Gibson’s 400+ practice questions provided by the GCGA Premium website. Unlike most practice questions prepared by independent authors, this set includes performance-based questions. It is regularly updated with new material, making it well worth the higher price tag than some practice question books (in my opinion). Each question also provides a referral back to specific pages in Gibson’s study guide, which I found very helpful for reviewing questions I answered incorrectly.
Unfortunately, be aware that this access is only for 60 days. After the 60-day period, you will need to pay an (albeit reduced) fee is over to extend your access. I would suggest only purchasing this set within two months of your exam date. This product is much different than a book that you purchase and retain access to forever, but it does offer its own benefits.
Quizlet Flashcards
If there were any technical details or comparisons that I had difficulty remembering or had to memorize, I put them into Quizlet. Then, I cycled through the Learn mode until I felt confident enough that I knew them. Studying minutiae about these topics is incredibly helpful, even if it is only for this exam.
Exam Day
My strategy for CompTIA exams is to answer as many multiple choice questions as I can before returning to the performance-based simulations and then reviewing any flagged questions I am unsure about before submitting the exam.
The exam presented me with 83 questions and four performance-based questions. Due to the non-disclosure agreement, I cannot share specific details about the questions I received, although I can speak about them in generic terms.
Performance-based questions:
- Match security concepts
- Secure a physical environment
- Compare/contrast security measures
- Identify attacks
I felt that this exam was easier than the Network+ N10–006 but harder than the A+ 220–901/902, and with the amount of time I had to complete the exam, I believe my score reflects that. As with the previous exams, I was still very nervous and felt like I was doing poorly to start, but in the end, I became confident and submitted my work with 15 minutes remaining.
Good luck with your studies!
The CompTIA Security+ exam is perhaps the most well-known entry-level cybersecurity certification. It is a foundational cybersecurity exam emphasizing secure systems and application design, threat analysis, risk mitigation, and security operations. It is also one of the most popular ways to meet DoD 8140 ( 8570) requirements. I definitely believe that this certification will aid me as I begin my Summer 2019 co-op search this fall. Best of luck to all who will be attempting this exam after me! Do reach out if you have any questions.
I do not use affiliate links, nor do I earn compensation for any products I endorse in this post. These are the resources I used to pass this exam and my honest reviews of them.
