How I Passed the CompTIA Security+ Exam

I passed the CompTIA SY0-501 Security+ exam! WOooWHOoo!!! Passing exams can be daunting… This test is no different. Join me for the next few minutes as I take you on my adventure and hopefully pass along some info and ideas that might help you pass it as well!

First-things-first… Why would you want to be Security+ certified? If you’re like me and work in information technology then you know that cybersecurity, viruses, hackers, and other assorted sundries are becoming daily issues and risks. Now more than ever, we are responsible for the stability, availability, confidentiality, and integrity of our data and digital information. This is true from a work standpoint as well as a personal one. It is tougher and tougher to keep our private information secret and our computers secure. Without even thinking about the requirements or responsibility as an IT professional, we also seek security and skills around this challenging field for personal reasons. That said, having high-end certifications can also increase your work performance, build your job security, and improve your chances at continuing to advance in the IT field. It goes without saying that salary increases, promotions, and accolades all come from obtaining certifications. On top of this, your peers and colleagues will rely on you and come to you seeking assistance knowing that you are a source of knowledge.

Now that we’ve figured out why, let’s look at how…

The CompTIA Security+ exam is not an easy one. It has up to 90 multiple choice and performance-based (these can be challenging, so look into them) questions. You need a score of 750 on a scale of 100-900, which ends up being about 80%. Many of the questions are tricky and rely on you giving the “BEST” answer. I find this type of test extremely challenging if not a bit biased.

My foundation and background is primarily as a database administrator and system administrator. I have worked on computers all of my life (checkout this article for more details of my computer background). Starting back in 1977 I was introduced to programming by my dad. I didn’t really start down the career path of computers until about 1986 when I attended Computer Learning Center. I have been working with Oracle, Linux, and UNIX for nearly thirty years. Did this give me an edge when attempting the Security+ exam? Absolutely. That said, it doesn’t mean you need 30, 20, or even 10 years of computer experience. However, I highly recommend a few years of solid computer experience before tackling this beast.

If I didn’t have as much experience, I probably would have taken the A+ and then Network+ exams first to ensure my abilities and knowledge were up to par. These are not required prequisites, but I highly recommend them especially if your experience and skillset are not on the high side. In my case, I chose to dive right into the Security+ test. Everybody has different levels of experience, and the path you choose is ultimately on your shoulders. If you do not know much about networking (can you solve a subnet question?) than you might want to consider taking the Network+ exam first. You know the drill.

Starting out with my studies I knew that my practice exams had to be in the 90% or higher range if I was going to pass. So I worked on every single practice exam until I was confident that I was getting 90% (or more) of the questions correct.

I attended a bootcamp, which was five days long and a deep dive into everything about the exam. My boot camp was given by Infotec and there are many schools available. Boot camp was a bit like drinking from the proverbial fire-hose. It did help me a good bit, as it touched on a few of the topics that I was completely unfamiliar with. It also pointed out my weaknesses and strengths. I utilized that class to focus on my problem areas and make sure I was ramped-up enough to pass. If resources are available, I highly recommend a bootcamp, as your chances for success are greatly increased!

Professor Messer on YouTube was incredibly informative and he packs a ton of information into brief video lessons. I found that I could easily listen to his training in my car utilizing YouTube on my phone patched into my vehicle sound system. DISCLAIMER / WARNING: Do not watch videos while driving, only listen to them. Also, streaming YouTube while driving will blow through your mobile data plan quicker than Speedy Gonzales can run the 50 yard dash.

Along with the bootcamp and videos, I also bought the CompTIA Security+ Study Guide by Darril Gibson. I cannot stress enough how important is to double or triple up your efforts on training materials. Each class, book, YouTube training video, and website that I trained with provided a little different perspective on the information and in some cases info that others didn’t include. I believe it was this mesh of training platforms that helped me through the exam.

As I read technical books, I highlight important parts and also material that I need to work on. In this way, I can flip through a thick book much quicker the second and third time and only read the highlighted sections. Mr. Gibson’s book did a great job pointing out specific things to remember for the exam.

Actually Taking the Examdun-dun-dunnnnnn

Before the exam starts, you have about 15 minutes alone time. My test site provided a mini whiteboard and dry-erase marker. I used those 15 minutes to quickly write down and draw a few things that I struggled remembering. I find that there is less stress before the test and I can write down tough things and then they are there later during the test and I can rely on the info. Also, because I am not a mathematical genius who can remember pi to 4,527 places (these days I can only recite about 22 places…), I drew a quick subnet calculation chart to help me instantly answer any subnet questions. Here’s the chart I draw (people do this differently, this is just my go-to chart):

^2’s76543210
Subs248163264128256
Hosts1286432168421
CIDR/25/26/27/28/29/30/31/32
IP.128.192.224.240.248.252.254.255

*I’m not going into details on how to use this bad-boy… Some things are better discovered by one’s self. hehe.

It takes me about five minutes to draw that chart. Once I have the chart drawn, I can answer subnet questions in a matter of seconds. Without this chart, some subnet questions can take me a few minutes to answer… You can see why drawing it before your test has actually started is a really good use of time!

Tip – Several people recommended that you skip the initial performance-based question and save them for the end. Instead, I jumped right into them and quickly worked through them. If I was unsure about any, I simply flagged them and came back after I was done. Use the “flag” feature to check on any questions you are unsure about. However, if you don’t know the answer go with your gut and just pick the best one for YOU! Also, answer every question. Even if you have no clue what the answer is, make an educated guess. You can often eliminate one or two of the answers leaving you with a 50/50 chance of being right!

Tip Two – Remember the different hashing algorithms, certificate, and encryption types. Simply knowing these well will help you answer several questions.

Another tip – Memorize the acronym definitions. Many of the questions will only use acronyms, and simply knowing what they are will often reveal the answer. There are a ton of acronyms, but I highly recommend learning and memorizing them. I used flash cards (on my mobile phone of course) to help me with this.

Yet another tip – Try to remember all of the important protocol ports and the OSI model. For that matter, anytime there is a process order (e.g. the incident response process), make sure you know the correct order of the phases. I often use mnemonics or other memory tricks for these. For the OSI model, I remembered “All People Seem To Need Data Processing”; which I could then translate into the seven layers “Application, Presentation, Session, Transport, Network, Data Link, and Physical.” This was one of the things I wrote down prior to the test, while it was fresh in my memory (from last minute studying in the parking lot!)

Important Port Numbers
  • 20 and 21 is FTP
  • 22 SSH (and SFTP/SCP)
  • 23 Telnet
  • 25 SMTP
  • 49 TACACS+
  • 53 DNS
  • 67/68 DHCP
  • 69 TFTP
  • 80 HTTP
  • 88 Kerberos
  • 110 Pop
  • 123 NTP
  • 135 RPC
  • 137/138/139 NetBIOS
  • 143 IMAP
  • 161/162 SNMP
  • 389 LDAP
  • 443 HTTPS
  • 445 SMB
  • 554 SRTP
  • 631 IPP
  • 636 LDAPS
  • 989/990 FTPS (over TLS)
  • 1812 RADIUS
  • 3389 RDP
  • * see… Isn’t this easy?

    Last tip – Read the questions and answers VERY carefully. Don’t be afraid to read them out loud and look like the weirdo who talks to themselves in the testing facility. Many of the questions are trick questions and if you look closely you’ll discover the trap and the answer will magically appear.

    If there’s one thing I can tell you that will help… Study. Practice the sample exam questions. Study. Practice the sample exam questions. Oh… And, study! Knowledge and experience will carry you a long way in this test, but they are no substitute for some hard work and elbow grease. Study!

    That said. Be confident. Depend on yourself and believe in yourself. You got this!

    Good luck! (Oops… I forgot I don’t believe in luck… So, study!)

    -Vaughn

    Please comment by clicking “Leave a Comment.” And, if you dig, share this article! Also, please type your email address into the “Subscribe” box up top to get updates each time I post a new blog article.

    You can rest assured that we will never SPAM your email account, and it’s only used to send the latest articles.

    01001101 01111001 00100000 01001100 01101001 01100110 01100101

    You might be asking yourself, What the heck does that blog title mean? It is binary and translates to “My Life” (without the quotes). This post is about computers and how they have affected my life (and yours). I thought it was apropos (if not a bit geeky) to make the title in binary. BTW – If you recognized the three disks in my article graphic then you’ve been in computers for a while too.

    In my lifetime (I was born on April 12, 1967) we have seen the computer appear and grow exponentially beyond man’s wildest dreams… I know that the computer was technically invented way before that. Most consider the ENIAC, unveiled in 1946, as the first computer. However, controversy (and a lawsuit) has uncovered that the Atanasoff-Berry Computer (ABC) was created in 1942. Even before that (circa 1941) the Z3 was invented in Germany but destroyed shortly after during a bombing raid. All of this is moot though… Because if you look further back, all the way to 1801, you will find that binary was actually used via punch-cards on the Jacquard loom. And, technically, that even used technology based on earlier inventions by the Frenchmen Basile Bouchon (circa 1725). Ready to have your mind blown? Blaise Pascal invented a simple calculating machine back in circa 1642. And, finally, the Sumerian abacus (a math calculating machine) first appeared sometime between 2700 and 2300 BC!

    If you wanna continue being amazed, checkout my article on communications.

    Suffice it to say the computer has been around a LONG time! That said, we really are living in the information technology age and the computer as we know it today was invented in our parent’s lifetime. It took nearly 4,000 years and the invention discovery of electricity to get us where we are… Thousands of inventors have been involved and millions of people have been part of advancing the computer. I’m one of those millions, and this is my story:

    I was first introduced to the computer by my father, Julien Kim Ripley, circa 1977. He would bring me into his office, Rodgers and Associates, which was a land surveying company. They had a PR1ME 300 mainframe computer, and it was incredible to me. Instantly, I saw my future and destiny. Dad and his company used the “beast” for CoGo (Coordinate Geometry), and I used it for PRIMOS, FORTRAN IV, and even some assembler. On top of very rudimentary programming, I also used it for two text based games that were loaded on it. One was Star Trek and the other was Adventure (Colossal Cave). Adventure changed my life. Some of you might recall this:

    YOU ARE STANDING AT THE END OF A ROAD BEFORE A SMALL BRICK BUILDING.
    AROUND YOU IS A FOREST. A SMALL STREAM FLOWS OUT OF THE BUILDING AND
    DOWN A GULLY.

    The epiphany for me was beyond anything I had ever experienced. I mean, sure I had been playing Pong at home for about two years, but this was different. I was on a machine… With a keyboard… Typing commands… Controlling it… I was the master, it was the slave. It did my bidding. And, I quickly learned that it would do anything I wanted.

    Then, in 1979, my grandmother bought our family an Apple II+ home computer. Since then, I have owned an Amiga, TRS-80 Color Computer, Commodore 64, Atari, Apples, IBMs, and every brand of IBM PC clone.

    After Fortran and assembly language, I taught myself BASIC. Then GraForth. Then machine language. Then Pascal (Turbo Pascal). Then C (again Turbo). Then COBOL and CICS. Then C+, C++, VisualBASIC, Java, C#… I think you get the point. I immersed myself. Along with programming languages, I studied every operating system I could get my hands on.

    In 1983, my high school created its first computer class. The teacher was actually a history teacher and really did not know much about computers. I quickly became the teacher’s aide and before I knew it, I was teaching the class.

    My Dad brought home a 300 baud modem (baud is similar to bits per second), we quickly upgraded to a 1200 baud joker. To put this into perspective, you are probably reading this article over a 10mbps (or faster) internet connection. That equates to over 10,000,000 baud. Ain’t technology grand?

    Then the movie, War Games, came out… This changed my life again. Inspired to get even more involved with technology and communication. I started hacking (white hat only – that’s my story and I’m sticking to it). I started using several BBSs (bulletin board systems) to share and gain information.

    After High School I attended Computer Learning Center in 1986. This was a technical school and it went over many facets of computers and technology. Along with hardware we also spent a lot of time building our programming chops. This was a foundation for many of my future skills.

    Graduating Computer Learning Center gave me a new perspective on information technology and I quickly landed a job with Sears Business Systems where I was a hardware technician (yes, Sears used to build computers). I was working on the motherboards, video cards, and newly arriving hard drives for desktop computers.

    Next, I found databases. I started programming and database administration with FoxPro back in 1991 (before Microsoft bought them). From FoxPro, I worked with Access, DBase, and then Oracle. I was hooked on yet another way to utilize the power of the computer. During this time I climbed the technology ladder and over three decades rose from data entry clerk to chief information officer.

    My first experience with Unix was in 1992 with Sun. In 1993 I installed a little known operating system called Linux. Starting with Slackware, moving to S.u.S.E. and then later Red Hat, CentOS, Fedora, Debian, and lately Ubuntu. By far, Linux and Unix (I have worked on and tried more than two dozen varieties) is my favorite environment and operating system (even twenty-three years later).

    Before I knew it, the internet and email was here. Each of these things continued to motivate me to enhance my computer knowledge. I taught myself HTML and SGML (later Java, JavaScript, Rails, Ruby, Faces, Grails, and a few others).

    These days, the only programming I do is SQL for databases, and C script for system administration work. I also dabble in mobile apps on my smartphone.

    Writing this blog article was actually eye opening for me. It was fun to dig into the depths of my memory and come up with a timeline of computers in my life. When I started with computers I was using punch-cards (and then tape cassettes) to save my programs. My first program was only a few lines of code. Today, most of my programs are stored on a solid state drive (drive made of random access memory) or even on the cloud.

    I think about the fact that computers came mid-childhood for me, and my seven year old son knows more about computers, smartphones, and tablets than I can imagine. I hadn’t even heard of the computer when I was seven! Xander is already learning to program via some very cool apps and tools for young children. What is the future (and his generation) going to hold for us? I bet it will be exciting!!! At the very least, I believe that computer will do some amazing things in the medical field and help us cure many things that are killing us early. They will also continue to powerfully impact our transportation and we will soon see flying cars as a regular occurrence. Mostly though, for better or for worse, I think that games will get better and better and more realistic.

    What was your computer introduction like, and do you remember your early experiences? Got any predictions for the future?

    Please comment by clicking “Leave a Comment.” And, if you dig, share this article! Also, please type your email address into the “Subscribe” box up top to get updates each time I post a new blog article.

    You can rest assured that we will never SPAM your email account, and it’s only used to send the latest articles.