The Security+ (SY-601) Success Story: How I passed it (with BONUS Resources!)

Noel Varghese
7 min readNov 3, 2021

--

Hey There,

It was a huge relief to have that pass score flash across my screen, after the stressful survey CompTIA offers candidates after finishing their exam.

A million emotions pass by — you fail or pass, go through the whole ordeal again, or face disappointment. I passed through the whole lot until it was confirmed that I was officially Security+ certified.

Well, I am here, penning away this guide, to remove the “disappointment” part of your preparation and to ensure your subsequent pass

Let’s begin

Learning Resources

Below are the resources from where you can learn the concepts required for CompTIA to test you:-

  1. The SY-601 Objectives — You can’t prepare for the Sec+, without going through this document. It covers all the concepts and acronyms that you need to know and learn.

Link to the document — https://comptiacdn.azureedge.net/webcontent/docs/default-source/exam-objectives/comptia-security-sy0-601-exam-objectives-(2-0).pdf

2) Professor Messer’s SY-601 Playlist — This is your key to learning the Sec+ concepts in detail. Professor Messer goes into great detail to teach concepts, citing real-world examples along the way to enforce real learning. Moreover, this resource is free to use for anyone. Salut!

Link to the Playlist — https://www.youtube.com/watch?v=9NE33fpQuw8&list=PLG49S3nxzAnkL2ulFS3132mOVKuzzBxA8

He has curated playlists for all current CompTIA exams, so feel free to use his content, for passing your choice of exam

3)Jason Dion’s Udemy course — I haven't used this, but have heard a lot of good reviews from other test-takers.Some say that combining Dion’s and Messer’s videos are the best way to learn.

His course goes on discount once in a while as well. Subscribe to Udemy to know about occasional discounts, to get the course on the cheap.

Link to the Udemy course — https://www.udemy.com/course/securityplus/

4)Reddit’s wonderful r/CompTIA community — I was a part of the community from the early days of my prep. I highly encourage you to join this wonderful group, where you get to learn from fellow test-takers experiences, ask queries about concepts you don't know, and get discount coupons to use while purchasing the exam voucher

Link to r/CompTIA — https://www.reddit.com/r/CompTIA/

Notes

For the ones who prefer ready made notes,Professor Messer has compiled a pdf notebook just for you!.It is a good resource to cover your knowledge gaps

Link — https://drive.google.com/folderview?id=1p-04wXO0v9OkBzbsEMEo4v7aXIgdiaQw

Should I take the Network+ before attempting the Security+?

  • It's your choice.Network+ passed candidates have a good base of the concepts taught in the Sec+. I did pass without taking the Net+. Have a good understanding of Network Infrastructure-watch videos and read blogs to digest the info, to prepare, if you are not taking the Net+

Now, what about the questions asked in the exam?

  • Before taking the exam, it’s good to create a home lab, using VM’s and installing Kali, to familiarize yourself with the tools mentioned in the objectives
  • Configuring a LAN /Router— It’s perfectly okay if you don’t have access to this, but there is a high chance of LAN/Router configuration appearing as a PBQ for the exam. I had it for my exam and it’s always good to have hands-on practice

Recommended Books to use

Having no physical books to study from, a few Google Dorking tricks up my sleeve got me the pdf versions of the following guides:-

Link to Books — https://drive.google.com/drive/folders/1z1T1Q5eLDJXEpgcfwo7ZxQ0puFrNMgpW?usp=sharing

Topics to pay extra attention to:-

  • Wireless Network Security — LAN, WLAN, WPA[1–3], ARP Spoofing, MAC Spoofing, etc
  • Backups — Differential and Incremental
  • Acronyms & Ports — A MUST

Acronyms from the Sec+ Objectives pdf and ports from the below resource:-

Add the following ports and their names to the list

Network Time Protocol (NTP) — Port 123

MySQL — Port 3306

Viruses and Worms sometimes operate on ports 4444 and 5000

  • Cryptography — being aware of the key length of hashing algorithms and methods to implement them are good to know
  • Cloud Infrastructure — IaaS,PaaS,SaaS.Learning how to differentiate them will be key
  • Linux and Windows command utilities
  • Authentication systems and implementation — RADIUS, SAML, TACACS, LDAP, Web-based and internal network-based authentication methods

Additional Resources:-

Anki Flashcards — Not a huge fan, but it does work for certain people, List down the concepts and acronyms that you have a hard time remembering and create your flashcards, to retain concepts in a better manner

Command/Cheat sheets-Plenty of them can be found online

Ian Neil’s free Sec+ resources — www.securityplus.training — contains free resources, flashcards, lab exercises, flashcards, and PBQ’s to boost your prep

Practice Exams

After you are all washed up with the acquired knowledge, it's time to put them to the test! It is always good to test yourself from multiple sources. In this section, I recommend the following:-

  • Professor Messer’s Exams — Tough, but great to learn from. I learned a lot from his exams. Don't just skim over the answers you got right. Learn why you got that question right, from the explanation provided by Messer. The same goes with the answers you got wrong too!

Link — https://drive.google.com/file/d/1AxA8H9kHB_6kRMSLXMkiUWK8-F3MzyMT/view?usp=drivesdk

  • Jason Dion’s Sec+ practice exams — On sale at Udemy, these are ideal and psst, some say that they are closer to what you get on your actual test!. Reasonably priced, they enforce your learning with new and real-world concepts that enrich your learning

Link — https://www.udemy.com/course/security-601-exams/

  • Exam Compass — Wow man, these guys are the real deal. They put forward questions on virtually every topic and never be disheartened if you get answers wrong. They go deep into each concept and set good questions to test you. You would be missing out if you don't come across anything new!

Link — https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests

NOTE: Follow from page 595 and onwards from Mike’s book to redeem your promo code and practice questions on Total Seminars

Tips for effective learning:-

  • Take down notes — Any note-taking tool is efficient to get your work done. If you are like me, who prefers taking down notes, a spiral notebook comes in handy
  • Sketch pens, highlighters, and the works
  • You know your weak concepts after attempting practice tests. Please, never try to hide it. Get out there and solve more questions that you can lay your hands on.ExamCompass is an excellent resource for this.
  • NEVER RELY ON EXAM DUMPS- Exam dumps are created by students who recall questions they faced from their exam. These are often inaccurate and are riddled with wrong answers to questions.CompTIA strictly forbids the use of exam dumps.
  • Do not rote learn. Understanding the concept and its applicability in real life goes a long way in mastering a concept. One of my weak points was digital certificates, cryptography, and network implementation. Taking up a university offered cryptography course helped me to bridge my knowledge gaps, with investigations into its real-world application.
  • Correlating concepts — Being a student, who studies effectively by correlating things, it was a joy to see that I was able to relate many of the concepts to real-world applications

Password Complexity — Helped change the passwords of relatives,into something more complex,rather than something that a script kiddie would try

Changing my mobile hotspot security to WPA3-Personal (more secure),from the default WPA2 Personal type

Switching off Bluetooth after use,rather than leaving it open,preventing exposure to Bluesniff and Bluejacking attempts

SaaS — Utility tools we use everyday like SmallPdf are cloud hosted applications,available to us with the help of a laptop.

Voucher Purchase

Great! You have finished the exam prep, learned a few new concepts, got some MCQ’s wrong along the way, and now here you are, the most important hurdle — scheduling the exam

Voucher code that you can use —PEARSON10 — Save 10% off on your purchase

Tips for effective test-taking:-

  • Undertake a system test from PearsonVue every day, leading to the exam date. Have all technical issues figured out
  • Check-in 30 minutes before your exam time-The verification process should hopefully go on well for everyone.
  • Be a robot — Going through many test-takers exam experiences led me to understand that PearsonVue proctors are notoriously strict. Although it’s wrong to say this, I have got to say it — peel your eyes to the screen, during the exam. Exams get revoked for silly reasons like mumbling the questions, stretching your neck, changing posture, etc.
  • Stable connection? — I used cellular data hotspot to perform my exam, which does not work for everyone else. The minimum requirement is to have a stable internet connection
  • Relieve yourself before taking the exam — ‘Nuff said.
  • Follow all the rules stated by PearsonVue, for preparing your exam space
  • Have a positive mindset and determination that you can pass the exam-Don't lead it to overconfidence.Security+ is indeed tough and a single question can make or break your exam.

Miscellaneous

  • How to schedule your exam — Zach’s video helped me understand the test booking process.

https://www.youtube.com/watch?v=7T_NL8BFOeA

  • Buying your voucher — Using geographical data, CompTIA assigns you a regional store, where you can buy exam vouchers from. Remember, check the URL of the site, before clicking on it. A typosquatting attack may be around the corner!

Link to CompTIA’s official store — store.comptia.org

To buy exam vouchers on the cheap — These vouchers are close to their expiry dates and hence are offered at a lower price. Make sure to read the voucher’s description and check the regions where it can be used. A USA & Canada voucher is not applicable for someone living in Europe.

Conclusion:-

I do hope this guide helped you, no matter what stage of preparation that you are in. If you have made it here, consider leaving a clap for the article.

Connect with me on LinkedIn — https://www.linkedin.com/in/noel-varghese

Until then, I wish you all the best for your Sec+ exam. Believe in yourself, you’ve got it!

--

--

Noel Varghese
Noel Varghese

Written by Noel Varghese

Threat Researcher at CloudSEK Security+ | eJPT | Connect with me on LinkedIn — https://www.linkedin.com/in/noel--varghese

No responses yet