Just Passed CompTIA Security+ SY0-401 With Flying Colors

I just passed the CompTIA Security+ exam on the first attempt after less than a month of study. You can do the same if you set an appropriate time to learn the material.

I used Darril Gibson's book, CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. This study guide is CompTIA Approved Quality Content (CAQC) and covers every aspect of the SY0-401 exam. I found the book to be very easy to understand. Here are 2 good resources from Mr. Gibson's website:

1. Log Entries and Security+ (Update: Link edited to archive link as his site appears to be down)
2. Blog Links on Attacks (Update: Link edited to archive link as his site appears to be down)

The 2 practice exams in the book were a great comprehensive review. After reading the book, taking notes, doing both practice exams, and browsing through additional materials on his website, Security Blog Links on Get Certified Get Ahead (Update: Link edited to archive link as his site appears to be down), I moved on to Professor Messer's content.

Professor Messer has a series of free videos that go into the SY0-401 objectives. He actually uses tools and shows real world examples which really helps to drive points home.

CompTIA Security+ SY0-401 Certification Course - Playlist 1 of 2

CompTIA Security+ SY0-401 Certification Course - Playlist 2 of 2

I feel good about the exam. I could have studied more or even purchased additional materials, but I'm happy with the experience. I can provide some study notes if there is a demand for it ( I did 🙂 ). Other than that, the exam isn't too hard. Just know your stuff and avoid unauthorized study materials (brain dumps) like the plague.

Other Sources

• CompTIA Security+ SY0-401 Exam Objectives at CompTIA
• Professor Messer on YouTube
• /r/CompTIA on Reddit
• Free Practice Quizzes on GoCertify
• Free Practice Exams on ExamCompass
• Free Study Materials on Crucial Exams

Last week's post:

• Security Introduction: Acronyms

Important Note on Unauthorized 3rd Party Training Sites (Brain Dumps):

Here are a few links to articles that explain in greater detail why brain dumps are bad. Learn the material, stay on the up and up, and you'll be fine.

• Thread: Unauthorized Third-Party Training sites at TechExams
• Why You Should Avoid “Brain Dumps” When Preparing for IT Certifications at Tom's IT Pro
• Definition: brain dump at TechTarget
• Ways Braindumps Hurt Your IT Career at Career Level Up
• Dangers of Brain Dumps at Get Certified Get Ahead (Update: Link edited to archive link as his site appears to be down)
• In Depth: Pirates, cheats and IT certs at Computer World

Study Tips

1. Review the exam objectives if you haven’t already.
2. Get a good book. If you need to take classes in preparation for the exam, enroll or purchase materials from authorized partners. Unauthorized 3rd party training sites are against the candidate agreement.
3. Set a study schedule and plan a date for the exam.
4. Buy the exam voucher from Pearson Vue or CompTIA store.
5. Schedule the exam through Pearson Vue.
6. Take practice questions.
7. Review material that's still fuzzy to you. Watch videos, review concepts, and improve.

Exam Taking Tips

1. If you're confused or unsure about a particular question, flag it and move on. You can come back to it later in the review.
2. Regarding beta questions, these are ungraded questions designed to test the structure and validity of these new questions. It's unknown which questions are beta questions or even how many of them are in the exam. Don't put too much thought into it. Just answer all questions as best as you can.

Exam Background

Update 1/7/2017: The following section is now updated and available on its own separate page. View the SY0-401 exam overview for more information.

Exam Structure

• Number of Questions: 90 questions
• Duration: 90 minutes, not including survey time, about 1 minute per question
• Score Range: 100-900
• Passing Score: 750 (roughly 83%, not including experimental questions)
• Types of Questions:
  • Multiple Choice – can have more than one answer
  • Performance Based - perform the requested action
  • Matching – match items from 2 lists
  • Drag and Drop – visual matching
  • Data Entry – fill in the blank

Exam Domains

1. Network Security 20%
2. Compliance and Operational Security 18%
3. Threats and Vulnerabilities 20%
4. Application, Data and Host Security 15%
5. Access Control and Identity Management 15%
6. Cryptography 12%

---

Exam History

• SY0-401: Current, Launched May 2014
• SY0-301: 2011, retired December 31, 2014
• SY0-201: 2008, retired December 31, 2011
• SY0-101: 2002, retired July 31, 2009