About a month ago I took the CompTIA Security+ and passed with only two days of prep.
Before I give you the recipe, let’s get clear on what the cert tests.
Maybe things will get better in the future. But the exam, in its February 2017 state, was about 25% practical knowledge and 75% nonsense.
The Security+ is from an alternate universe where “reverse hacking” is a thing, and malicious operators mark the sidewalk near unsecured WiFi hotspots with chalk (“war-chalking”). You’ll be asked about “blue-snarfing” (intercepting Bluetooth comms). You’ll be asked about 802.11b versus 802.11a as if they’re current technology.
I figured all this out before I scheduled the exam and paid the money. So why was I taking it, if the knowledge base was goofy? It’s not like I was really going to learn anything.
My major motivation was to get a bit of security credibility with my current firm (Lockheed Martin). The Security+ fulfills a DoD requirement, plus my role there is software engineering. My formal education is computer science. I don’t get infosec cred out of the box.
So I’d say the exam is useful if your motivations are similar. Mega-corps (their human resources people) will recognize this more than small firms that know better.
I took some practice questions online, including with the 7 day trial CompTIA offers for their CertMaster program.
My scores were coming out around 70%. I credit that to my general infosec background knowledge, and having always been a good test taker. My deductive reasoning skills are on point.
The way scoring works, that’s not good enough. You get a point score between 100 and 900. 750 passes.
(So the percent score is hard to compare but it seems closer to 80%)
Going in, based on the practice scoring, I knew I’d need some studying. I was also daunting that I might blow the $320 exam price by failing.
Here’s what I ended up ordering from CompTIA and what I recommend – for about $390, you get access to the full version of CompTIA CertMaster plus two exam takes. You can fail the initial take and do a re-do, included in the price.
This took the stress off for the first attempt. But for two days before I took the exam, I completed about 3/4 of the CertMaster content. There are 7 categories and I made sure to divide that 3/4 among all the categories, instead of ignoring any completely.
Then, the morning of the exam, you can go back to categories you’ve already completed and do a “Smart Refresh”. This will re-test you on questions you initially struggled with as you worked through that module. Other ones, it’s clear that you knew the content or were able to guess at the right answer already.
Here’s a link to this bundle I’m talking about:
Learn more about the Security+ here: