How I Passed the CompTIA Security+ Exam

I passed the CompTIA SY0-501 Security+ exam! WOooWHOoo!!! Passing exams can be daunting… This test is no different. Join me for the next few minutes as I take you on my adventure and hopefully pass along some info and ideas that might help you pass it as well!

First-things-first… Why would you want to be Security+ certified? If you’re like me and work in information technology then you know that cybersecurity, viruses, hackers, and other assorted sundries are becoming daily issues and risks. Now more than ever, we are responsible for the stability, availability, confidentiality, and integrity of our data and digital information. This is true from a work standpoint as well as a personal one. It is tougher and tougher to keep our private information secret and our computers secure. Without even thinking about the requirements or responsibility as an IT professional, we also seek security and skills around this challenging field for personal reasons. That said, having high-end certifications can also increase your work performance, build your job security, and improve your chances at continuing to advance in the IT field. It goes without saying that salary increases, promotions, and accolades all come from obtaining certifications. On top of this, your peers and colleagues will rely on you and come to you seeking assistance knowing that you are a source of knowledge.

Now that we’ve figured out why, let’s look at how…

The CompTIA Security+ exam is not an easy one. It has up to 90 multiple choice and performance-based (these can be challenging, so look into them) questions. You need a score of 750 on a scale of 100-900, which ends up being about 80%. Many of the questions are tricky and rely on you giving the “BEST” answer. I find this type of test extremely challenging if not a bit biased.

My foundation and background is primarily as a database administrator and system administrator. I have worked on computers all of my life (checkout this article for more details of my computer background). Starting back in 1977 I was introduced to programming by my dad. I didn’t really start down the career path of computers until about 1986 when I attended Computer Learning Center. I have been working with Oracle, Linux, and UNIX for nearly thirty years. Did this give me an edge when attempting the Security+ exam? Absolutely. That said, it doesn’t mean you need 30, 20, or even 10 years of computer experience. However, I highly recommend a few years of solid computer experience before tackling this beast.

If I didn’t have as much experience, I probably would have taken the A+ and then Network+ exams first to ensure my abilities and knowledge were up to par. These are not required prequisites, but I highly recommend them especially if your experience and skillset are not on the high side. In my case, I chose to dive right into the Security+ test. Everybody has different levels of experience, and the path you choose is ultimately on your shoulders. If you do not know much about networking (can you solve a subnet question?) than you might want to consider taking the Network+ exam first. You know the drill.

Starting out with my studies I knew that my practice exams had to be in the 90% or higher range if I was going to pass. So I worked on every single practice exam until I was confident that I was getting 90% (or more) of the questions correct.

I attended a bootcamp, which was five days long and a deep dive into everything about the exam. My boot camp was given by Infotec and there are many schools available. Boot camp was a bit like drinking from the proverbial fire-hose. It did help me a good bit, as it touched on a few of the topics that I was completely unfamiliar with. It also pointed out my weaknesses and strengths. I utilized that class to focus on my problem areas and make sure I was ramped-up enough to pass. If resources are available, I highly recommend a bootcamp, as your chances for success are greatly increased!

Professor Messer on YouTube was incredibly informative and he packs a ton of information into brief video lessons. I found that I could easily listen to his training in my car utilizing YouTube on my phone patched into my vehicle sound system. DISCLAIMER / WARNING: Do not watch videos while driving, only listen to them. Also, streaming YouTube while driving will blow through your mobile data plan quicker than Speedy Gonzales can run the 50 yard dash.

Along with the bootcamp and videos, I also bought the CompTIA Security+ Study Guide by Darril Gibson. I cannot stress enough how important is to double or triple up your efforts on training materials. Each class, book, YouTube training video, and website that I trained with provided a little different perspective on the information and in some cases info that others didn’t include. I believe it was this mesh of training platforms that helped me through the exam.

As I read technical books, I highlight important parts and also material that I need to work on. In this way, I can flip through a thick book much quicker the second and third time and only read the highlighted sections. Mr. Gibson’s book did a great job pointing out specific things to remember for the exam.

Actually Taking the Examdun-dun-dunnnnnn

Before the exam starts, you have about 15 minutes alone time. My test site provided a mini whiteboard and dry-erase marker. I used those 15 minutes to quickly write down and draw a few things that I struggled remembering. I find that there is less stress before the test and I can write down tough things and then they are there later during the test and I can rely on the info. Also, because I am not a mathematical genius who can remember pi to 4,527 places (these days I can only recite about 22 places…), I drew a quick subnet calculation chart to help me instantly answer any subnet questions. Here’s the chart I draw (people do this differently, this is just my go-to chart):

^2’s76543210
Subs248163264128256
Hosts1286432168421
CIDR/25/26/27/28/29/30/31/32
IP.128.192.224.240.248.252.254.255

*I’m not going into details on how to use this bad-boy… Some things are better discovered by one’s self. hehe.

It takes me about five minutes to draw that chart. Once I have the chart drawn, I can answer subnet questions in a matter of seconds. Without this chart, some subnet questions can take me a few minutes to answer… You can see why drawing it before your test has actually started is a really good use of time!

Tip – Several people recommended that you skip the initial performance-based question and save them for the end. Instead, I jumped right into them and quickly worked through them. If I was unsure about any, I simply flagged them and came back after I was done. Use the “flag” feature to check on any questions you are unsure about. However, if you don’t know the answer go with your gut and just pick the best one for YOU! Also, answer every question. Even if you have no clue what the answer is, make an educated guess. You can often eliminate one or two of the answers leaving you with a 50/50 chance of being right!

Tip Two – Remember the different hashing algorithms, certificate, and encryption types. Simply knowing these well will help you answer several questions.

Another tip – Memorize the acronym definitions. Many of the questions will only use acronyms, and simply knowing what they are will often reveal the answer. There are a ton of acronyms, but I highly recommend learning and memorizing them. I used flash cards (on my mobile phone of course) to help me with this.

Yet another tip – Try to remember all of the important protocol ports and the OSI model. For that matter, anytime there is a process order (e.g. the incident response process), make sure you know the correct order of the phases. I often use mnemonics or other memory tricks for these. For the OSI model, I remembered “All People Seem To Need Data Processing”; which I could then translate into the seven layers “Application, Presentation, Session, Transport, Network, Data Link, and Physical.” This was one of the things I wrote down prior to the test, while it was fresh in my memory (from last minute studying in the parking lot!)

Important Port Numbers
  • 20 and 21 is FTP
  • 22 SSH (and SFTP/SCP)
  • 23 Telnet
  • 25 SMTP
  • 49 TACACS+
  • 53 DNS
  • 67/68 DHCP
  • 69 TFTP
  • 80 HTTP
  • 88 Kerberos
  • 110 Pop
  • 123 NTP
  • 135 RPC
  • 137/138/139 NetBIOS
  • 143 IMAP
  • 161/162 SNMP
  • 389 LDAP
  • 443 HTTPS
  • 445 SMB
  • 554 SRTP
  • 631 IPP
  • 636 LDAPS
  • 989/990 FTPS (over TLS)
  • 1812 RADIUS
  • 3389 RDP
  • * see… Isn’t this easy?

    Last tip – Read the questions and answers VERY carefully. Don’t be afraid to read them out loud and look like the weirdo who talks to themselves in the testing facility. Many of the questions are trick questions and if you look closely you’ll discover the trap and the answer will magically appear.

    If there’s one thing I can tell you that will help… Study. Practice the sample exam questions. Study. Practice the sample exam questions. Oh… And, study! Knowledge and experience will carry you a long way in this test, but they are no substitute for some hard work and elbow grease. Study!

    That said. Be confident. Depend on yourself and believe in yourself. You got this!

    Good luck! (Oops… I forgot I don’t believe in luck… So, study!)

    -Vaughn

    Please comment by clicking “Leave a Comment.” And, if you dig, share this article! Also, please type your email address into the “Subscribe” box up top to get updates each time I post a new blog article.

    You can rest assured that we will never SPAM your email account, and it’s only used to send the latest articles.

    About Vaughn Ripley

    Vaughn is a happily married daddy, author, and CIO. He is an HIV+ hemophiliac, and is one of the longest surviving HIV+ people in the universe.
    --
    Follow Vaughn on Twitter: @vripley
    Like Vaughn's page on the Facebook: www.facebook.com/VaughnFRipley
    Read his personal blog: HIVLongevity.com
    Visit his web page: www.VaughnRipley.com

    Comments

    1. Excellent! Seriously if I were 20 yrs. younger, I would follow in your footsteps as this post has totally inspired me. I agree, study, study… be prepared… or as you know one of my favorite expressions… “When there is a student, a teacher appears”. Your inspiration in this post has energized me. Thank you!

      • Hi mom,

        Thank you for the kind words! I agree completely about the student teacher philosophy. And, you’re never to old to delve into new technology! And… Thank you for inspiring me for my whole life!!!

        -V