The Security+ (SY-601) Success Story: How I passed it (with BONUS Resources!)
It was a huge relief to have that pass score flash across my screen, after the stressful survey CompTIA offers candidates after finishing their exam.
A million emotions pass by — you fail or pass, go through the whole ordeal again, or face disappointment. I passed through the whole lot until it was confirmed that I was officially Security+ certified.
Well, I am here, penning away this guide, to remove the “disappointment” part of your preparation and to ensure your subsequent pass
Below are the resources from where you can learn the concepts required for CompTIA to test you:-
- The SY-601 Objectives — You can’t prepare for the Sec+, without going through this document. It covers all the concepts and acronyms that you need to know and learn.
Link to the document — https://comptiacdn.azureedge.net/webcontent/docs/default-source/exam-objectives/comptia-security-sy0-601-exam-objectives-(2-0).pdf
2) Professor Messer’s SY-601 Playlist — This is your key to learning the Sec+ concepts in detail. Professor Messer goes into great detail to teach concepts, citing real-world examples along the way to enforce real learning. Moreover, this resource is free to use for anyone. Salut!
Link to the Playlist — https://www.youtube.com/watch?v=9NE33fpQuw8&list=PLG49S3nxzAnkL2ulFS3132mOVKuzzBxA8
He has curated playlists for all current CompTIA exams, so feel free to use his content, for passing your choice of exam
3)Jason Dion’s Udemy course — I haven't used this, but have heard a lot of good reviews from other test-takers.Some say that combining Dion’s and Messer’s videos are the best way to learn.
His course goes on discount once in a while as well. Subscribe to Udemy to know about occasional discounts, to get the course on the cheap.
Link to the Udemy course — https://www.udemy.com/course/securityplus/
4)Reddit’s wonderful r/CompTIA community — I was a part of the community from the early days of my prep. I highly encourage you to join this wonderful group, where you get to learn from fellow test-takers experiences, ask queries about concepts you don't know, and get discount coupons to use while purchasing the exam voucher
Link to r/CompTIA — https://www.reddit.com/r/CompTIA/
For the ones who prefer ready made notes,Professor Messer has compiled a pdf notebook just for you!.It is a good resource to cover your knowledge gaps
Link — https://drive.google.com/folderview?id=1p-04wXO0v9OkBzbsEMEo4v7aXIgdiaQw
Should I take the Network+ before attempting the Security+?
- It's your choice.Network+ passed candidates have a good base of the concepts taught in the Sec+. I did pass without taking the Net+. Have a good understanding of Network Infrastructure-watch videos and read blogs to digest the info, to prepare, if you are not taking the Net+
Now, what about the questions asked in the exam?
- Before taking the exam, it’s good to create a home lab, using VM’s and installing Kali, to familiarize yourself with the tools mentioned in the objectives
- Configuring a LAN /Router— It’s perfectly okay if you don’t have access to this, but there is a high chance of LAN/Router configuration appearing as a PBQ for the exam. I had it for my exam and it’s always good to have hands-on practice
Recommended Books to use
Having no physical books to study from, a few Google Dorking tricks up my sleeve got me the pdf versions of the following guides:-
Link to Books — https://drive.google.com/drive/folders/1z1T1Q5eLDJXEpgcfwo7ZxQ0puFrNMgpW?usp=sharing
Topics to pay extra attention to:-
- Wireless Network Security — LAN, WLAN, WPA[1–3], ARP Spoofing, MAC Spoofing, etc
- Backups — Differential and Incremental
- Acronyms & Ports — A MUST
Acronyms from the Sec+ Objectives pdf and ports from the below resource:-
The Ports and Protocols You Need to Know for the Security+ Exam - Cyberkrafttraining
Port numbers can be a hassle to learn and remember. To…
Add the following ports and their names to the list
Network Time Protocol (NTP) — Port 123
MySQL — Port 3306
Viruses and Worms sometimes operate on ports 4444 and 5000
- Cryptography — being aware of the key length of hashing algorithms and methods to implement them are good to know
- Cloud Infrastructure — IaaS,PaaS,SaaS.Learning how to differentiate them will be key
- Linux and Windows command utilities
- Authentication systems and implementation — RADIUS, SAML, TACACS, LDAP, Web-based and internal network-based authentication methods
Anki Flashcards — Not a huge fan, but it does work for certain people, List down the concepts and acronyms that you have a hard time remembering and create your flashcards, to retain concepts in a better manner
Command/Cheat sheets-Plenty of them can be found online
Ian Neil’s free Sec+ resources — www.securityplus.training — contains free resources, flashcards, lab exercises, flashcards, and PBQ’s to boost your prep
After you are all washed up with the acquired knowledge, it's time to put them to the test! It is always good to test yourself from multiple sources. In this section, I recommend the following:-
- Professor Messer’s Exams — Tough, but great to learn from. I learned a lot from his exams. Don't just skim over the answers you got right. Learn why you got that question right, from the explanation provided by Messer. The same goes with the answers you got wrong too!
Link — https://drive.google.com/file/d/1AxA8H9kHB_6kRMSLXMkiUWK8-F3MzyMT/view?usp=drivesdk
- Jason Dion’s Sec+ practice exams — On sale at Udemy, these are ideal and psst, some say that they are closer to what you get on your actual test!. Reasonably priced, they enforce your learning with new and real-world concepts that enrich your learning
Link — https://www.udemy.com/course/security-601-exams/
- Exam Compass — Wow man, these guys are the real deal. They put forward questions on virtually every topic and never be disheartened if you get answers wrong. They go deep into each concept and set good questions to test you. You would be missing out if you don't come across anything new!
Link — https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests
- Passemall — https://passemall.com/free-comptia-security-practice-test/
- Mike Myers’ online exam — https://www.totalsem.com/security-certification/
NOTE: Follow from page 595 and onwards from Mike’s book to redeem your promo code and practice questions on Total Seminars
- Great Administrator — https://gcgapremiumpass.com/sy0–601-extra-practice-test-questions/
- Exam Digest — https://examsdigest.com/courses/learn-comptia-security-sy0-601/
Tips for effective learning:-
- Take down notes — Any note-taking tool is efficient to get your work done. If you are like me, who prefers taking down notes, a spiral notebook comes in handy
- Sketch pens, highlighters, and the works
- You know your weak concepts after attempting practice tests. Please, never try to hide it. Get out there and solve more questions that you can lay your hands on.ExamCompass is an excellent resource for this.
- NEVER RELY ON EXAM DUMPS- Exam dumps are created by students who recall questions they faced from their exam. These are often inaccurate and are riddled with wrong answers to questions.CompTIA strictly forbids the use of exam dumps.
- Do not rote learn. Understanding the concept and its applicability in real life goes a long way in mastering a concept. One of my weak points was digital certificates, cryptography, and network implementation. Taking up a university offered cryptography course helped me to bridge my knowledge gaps, with investigations into its real-world application.
- Correlating concepts — Being a student, who studies effectively by correlating things, it was a joy to see that I was able to relate many of the concepts to real-world applications
Password Complexity — Helped change the passwords of relatives,into something more complex,rather than something that a script kiddie would try
Changing my mobile hotspot security to WPA3-Personal (more secure),from the default WPA2 Personal type
Switching off Bluetooth after use,rather than leaving it open,preventing exposure to Bluesniff and Bluejacking attempts
SaaS — Utility tools we use everyday like SmallPdf are cloud hosted applications,available to us with the help of a laptop.
Great! You have finished the exam prep, learned a few new concepts, got some MCQ’s wrong along the way, and now here you are, the most important hurdle — scheduling the exam
Voucher code that you can use —PEARSON10 — Save 10% off on your purchase
Tips for effective test-taking:-
- Undertake a system test from PearsonVue every day, leading to the exam date. Have all technical issues figured out
- Check-in 30 minutes before your exam time-The verification process should hopefully go on well for everyone.
- Be a robot — Going through many test-takers exam experiences led me to understand that PearsonVue proctors are notoriously strict. Although it’s wrong to say this, I have got to say it — peel your eyes to the screen, during the exam. Exams get revoked for silly reasons like mumbling the questions, stretching your neck, changing posture, etc.
- Stable connection? — I used cellular data hotspot to perform my exam, which does not work for everyone else. The minimum requirement is to have a stable internet connection
- Relieve yourself before taking the exam — ‘Nuff said.
- Follow all the rules stated by PearsonVue, for preparing your exam space
- Have a positive mindset and determination that you can pass the exam-Don't lead it to overconfidence.Security+ is indeed tough and a single question can make or break your exam.
- How to schedule your exam — Zach’s video helped me understand the test booking process.
CompTIA Security+ SYO-601
This blog is here to help those preparing for the CompTIA SYO-601 Security+ exam. The goal is to cover all of the…
- Buying your voucher — Using geographical data, CompTIA assigns you a regional store, where you can buy exam vouchers from. Remember, check the URL of the site, before clicking on it. A typosquatting attack may be around the corner!
Link to CompTIA’s official store — store.comptia.org
To buy exam vouchers on the cheap — These vouchers are close to their expiry dates and hence are offered at a lower price. Make sure to read the voucher’s description and check the regions where it can be used. A USA & Canada voucher is not applicable for someone living in Europe.
- https://getcertified4less.com/ (Trusted and verified)
I do hope this guide helped you, no matter what stage of preparation that you are in. If you have made it here, consider leaving a clap for the article.
Connect with me on LinkedIn — https://www.linkedin.com/in/noel-varghese
Until then, I wish you all the best for your Sec+ exam. Believe in yourself, you’ve got it!