Just passed Security+ and I’m still feeling that post-exam adrenaline. Thought I was gonna fail the whole time, no joke — but I made it through and wanted to share how I prepped in case it helps someone else out here grinding.

My Study Setup:

• Jason Dion’s course (Udemy) — solid structure, great coverage of core topics. His practice exams are 🔥 and definitely harder than the real MCQs.

• Professor Messer’s videos — watched them when I needed a visual walkthrough or refreshers.

• Jason Dion’s Practice Exams (Udemy) — these were clutch for getting used to tricky wording. If you can handle those, you’ll be okay on test day.

• Cyberkraft for PBQs — this helps me understand the concepts but the test was nothing like anything that his videos. Way harder.

• ChatGPT — I used it to reason through concepts, break down tough questions, and make custom cheat sheets.

Exam Experience:

• MCQs: Honestly not too bad. I’d say easier than Dion’s practice exams. Still had a few gotchas, but if you practiced, you’ll recognize the patterns. My test had 75 questions with 3 PBQs.

• PBQs: These hit hard. Took time, and they weren’t the kind of thing you can guess your way through. They had me configuring 3 freaking firewalls and analyzed logs. I didn't know wth I did.

Book I Used (with ChatGPT prompts):

I uploaded the official CompTIA Security+ Study Guide (SY0-701) and used prompts like:

“Break this chapter down by topic. Make bullet notes and quiz me.”

“Explain zero trust like I’m 12.”

“Give me PBQ practice based on this section.”

I used ChatGPT as my personal tutor, flashcard generator, and brain-dump creator. It’s wild how much it helped with focus and clarity when stuff got dense.

Final Thoughts:

I went in thinking I’d fail, especially after the PBQs. But here’s the thing — if you’ve been practicing and you know your why, just ride the wave. Stick to your method, don’t freak out, and trust your prep. And if you need someone to break concepts down or simulate scenarios — use ChatGPT. Real talk, it pulled me through this.

Glad to have this cert under my belt and move on to the next.

A coworker came by and mentioned to me how he's "got no idea what he's doing" because he just went to an exam dump to get a certification (security+). He even has a clearance.

After I mentioned it's definitely cheating, he mentioned how he STILL had to go through 100 interviews before he found a job that didn't really ask him to know much outside of being a warm body. Most of his interviews stopped after he couldn't answer basic questions someone with the certification should know.

Just something to consider - sometimes you'll see a lot of posts where you get the impression ALL you have to do is get that cert and you'll land a job. It's not just the cert - it's the knowledge

Passed with a 785 online through Pearson VUE, and I am relieved.

Issues: I couldn't get to the check in site for 20 minutes after initially attempting 30 minutes prior to the exam time. It kept trying to load, but then gave me an error message after about a minute of waiting. It resolved by itself, and I was finally able to get past check-in with about 8 minutes to spare. But, during the 20 minutes I could not for the life of me figure out how to contact Pearson VUE, and it totally threw me off with the extra stress.

I wanted to use a testing center, but the one near me just started offering sec+ and didn't have times until after a baby we're expecting is due. I did NOT want to take the exam with that level of sleep deprivation.

Study materials: Sybex CompTIA security+ study guide LinkedIn Learning videos for 701 LinkedIn Learning practice exams CompTIA Security+ (easy-prep) mobile app practice exams CyberKraft pbq videos Physical Flash cards for ports

Takeaways: I'm not sure if it was just my set of questions, but I didn't get a single question with a port number on it. I made the flash cards the night before, memorized probably 15 different ports, and then didn't use any of them. I've since learned (go figure, after my exam) that this may be a difference between 601 and 701. I also think my exam had a strong bias towards security program management and oversight and security operations which also happen to be my weakest topics as a more technical person. These both kind of align with 701 being less technical and more management/process oriented than 601.

I was getting 90+ percent on practice exams prior to taking the test which probably saved me after getting so stressed from the exam issue at the beginning. I feel like the practice tests I used didn't include many of the "choose the best answer" type questions, and the exam had a lot where it didn't seem like there was one 100% correct answer. So, the exam questions felt more like, as a compromise, which answer would you choose?

I'm terrible at memorization, so I try to use at least three methods to interact with terms and acronyms out of reading, hearing, writing, and repetition. It was too much to hand write, though I prefer it, so I typed out literally every term and acronym in the study guide. I read every page of the study guide, and watched linked in learning videos of every subject. Then the practice quizzes helped with repetition, every time I got a term or acronym wrong, even if it wasn't the answer, I would look it up. I call it brute force learning, but even in college it was the only way I remember study material.

I was so worried about the pbqs since I really only watched videos about them, but I only had 2 on my exam. I'm pretty sure I got 100% of one and probably 60% of the other, so overall not bad.

I took mine at 930 am EST on a Tuesday, and there was only 1 person in queue before me. That was a relief after struggling to get to the check in page.

I see a lot of "I passed!!!1!" posts on here, and after passing I understand.

However, many of these posts don't offer much beyond "I watched Messor and Dion".

So I thought I'd make a post about how I passed because here's the thing: I am a visual learner. People talking at the camera with some dot points on screen makes me fall asleep. I can't do it, I learn nothing.

I need visual representation and analogies. I'm jealous of all of you people that can learn via lecture, because that would be wonderful and easy. But I can’t learn that way, so here’s my guide on how I learned:

Step 1: Change how you see the five fields.

Firstly, I changed how the five fields were described in my head:

• Attack, Threats and Vulnerabilities

These are the things you’re worried about. This is what you are protecting against.

• Architecture and Design

This is how you build the networks and systems that do the things companies want.

• Implementation

How to secure the things you built.

• Operations and Incident Response

If something bad happens, this is how you respond to it.

• Governance Risk and Compliance

Policies, documentation and non-technical controls (this is the field I want to go into).

Step 2: Learning order.

It’s fine to be overwhelmed by the amount of stuff you have to learn about. I certainly was. When overwhelmed, break it down into bite size chunks. I would recommend learning in the following order:

• 1 – Architecture and Design

• 2 – Attacks, Threats and Vulnerabilities

• 3 - Implementation

• 4 – Operations and Incident Response

• 5 – Governance

Governance and Incident Response were the easiest for me to learn. Learning technical stuff is hard for me, but learning policy stuff was extremely easy (hence why it’s the field I want to go into). Also most of the Governance stuff can be learned through test exams.

Everyone is different, you can change the order however you like.

Step 3: Visual Learning

As mentioned above, I found both Dion and Messor’s learning absolutely useless for technical learning. This is not a criticism on their teachings, it’s just not a method I can learn.

So I started googling and I found amazing guides online that helped me learn super quickly:

Sunny Classroom: https://www.youtube.com/@sunnylearning/videos

This guy is incredible. Clear, efficient descriptions of technical controls. I would never ever have passed without this absolute legend’s videos.

Here are some very good ones:

• TCP Three way handshake

• Public Key (Asymmetric) Encryption

• Private Key (Symmetric) Encryption

• Certificate Authorities

• Kerberos

• AAA and RADIUS

• SSL Certificates

• Digital Signatures

• NAT

• VLAN

• Spanning Tree Protocol

• IDS and IPS

• DMZ/Screened Subnet

I also found this video incredibly helpful for Digital Certificate Trust

I am sure you can find more on YouTube, but I cannot express how much these helped me.

Once you’ve learned the basics of the network/servers, it’s time to move onto the attacks and how they threaten the organization.

Step 4: Listen and write.

Open up Professor Messor/Dion Training/whoever it is that’s doing the run through. If you’re not aware of how they do their training, they literally go through the course objectives in order.

So what we’re going to do is get pen and paper and manually write down what each thing on that course objective is. Why pen and paper? Because brain reasons. Seriously, it’s been studied: https://journals.sagepub.com/doi/10.1177/0956797614524581

I learned all of these attacks via Professor Messor (free): Security+ 601 Playlist

I loaded up this playlist, I would play at 1.25x speed because he talks very slowly and pause when I needed to write down. I had the Sec+ exam objectives open as well (download it from CompTIA website) and I would write down:

Phishing Social engineering often delivered by email or SMS (SMS Phishing is called Smishing). The purpose of phishing is to collect credentials from people or to have them click on links and download malware.

Things to look for: Check the URL within the email, check attachments. Check email headers.

Spear Phishing is when the phishing is targeted to a specific organization or department with the hopes of a large catch.

And so on for each.

Yes, it took a while (days) and yes my arm/wrist ached. But I also got 100% of Attack questions correct on my exam so it definitely worked! The Attacks field is split into helpful sections; 1.1, 1.2 and so on and I strongly recommend doing one of these sections a day.

You can do this for other fields in the exam, but I only did it for Attacks and Implementation.

For me, learning about how attacks are done gave me better context for the rest of the fields.

Step 5: Practice, practice, practice.

This is the final part and what I see as the most important part. By now you’ll have a modest understanding of the basics but you’re not ready to sit the exam. This is when practice apps come in.

Did you know there is an official Sec+ app? It’s free! Google Play Link

Download it and start learning. Do 2-3 of the little sub-parts a day. You’ll get a lot of them wrong, but that’s fine. It only matters if you’re learning. I can safely tell you this: if you find these questions easy then you will 100% pass the exam. These questions are slightly harder than the real exam. The best part about this app is it tells you why the correct answer is correct but also why the wrong answers are wrong.

Second, Dion Training Udemy practice exams are very close to the real thing.

Dion Exams

Yes you have to pay for them, but they are very close to both the question type and feel of the real exam. If you are getting 85%+ on these, you are ready. Always review the questions afterwards so you know where you need to learn (look back at your notes!).

Finally, I highly recommend Pocket Prep. It has desktop and mobile apps. I use the mobile app. It is paid, but it helps so much. You can do quick 10 question quizzes or longer/shorter. It tells you what fields you need to learn. I recommend 1-2 quick quizzes every morning. You will probably start off getting 50/60% and it may be a downer, but don’t worry. Doing 10-20 questions a day and ensuring you’re learning by reading the ones you get wrong, you will start to learn it all.

Whatever you do, never use the Certmaster Security+ course. This is the worst thing in the world. The questions are vague and deceptive and nothing at all like the real exam. How bad are the questions?

Myself and my colleague who is CISSP certified as of September this year, got 70% working together on the exam. The questions made him very angry, as they did for me. I got 55% on the Certmaster exam by myself, but I comfortably passed the Sec+ exam.

If you can pass the Certmaster Sec+ exam, congratulations I guess but you worked a lot harder than you needed to. That thing is garbage.

Step 6: Making things funny helps learning

I am a silly person and like most people, I find being serious can be difficult. I leaned into that and came up with some fun memory techniques that I will share with you. Feel free to come up with your own but these helped me a lot:

SSL vs TLS

SSL = Sucky SLime. Therefore TLS is better.

Symmetric vs Asymmetric Encryption

• DES = DESymmetric

• AES = AESymmetric

• RSA = RSAsymmetric

• RC4 = Doesn’t end in A so it’s symmetric

• 3DES = 3DESymmetric

• Symmetric is faster. Asymmetric has more letters and is therefore slower.

TELNET vs SSH

• TELNET IS GARBAGE. TELNET BAD. KILL TELNET. CLOSE PORT 23. #closeport23

• SSH is secure. It stands for ssshhhh because it's secure.

Incident Response Steps

• The Incident Response checklist: Pickle. Remember the pickle. Well… it’s Picerl…

• P I C E R L

• Preparation, Investigation, Containment, Eradication, Recovery and Lessons Learned.

• Remember the pickle. Well, picerl.

TCP vs UDP

• TCP is nice and ordered, UDP is close to the word dump because it dumps all the packets however it feels like it.

HTTP vs HTTP Secure

• 80 is HTTP

• 443 is HTTPS because it's secure so needs more math so is a higher number

Stateful vs Stateless Firewall

• Stateful firewall: It’s better to think of “states” as sessions. A Sessionful firewall keeps track of the sessions which means if a session for 443 traffic is opened, that session will also allow it to go out.

• Stateless firewall: Sessionless firewall means sessions don’t matter. If 443 traffic is allowed in, it needs an explicit rule to be allowed to go out. Just because it has a session, doesn’t mean it’s allowed back.

Three way handshake:

• Client: SYN > hello pls SYNc with me

• Server: SYN ACK > I ACKnowledge your sync request, can you SYNc with me?

• Client: Yeah bruv, I ACKnowledge u

• Client: SYN

• Server: SYN ACK

• Client: ACK

If you can, explain things to friends/colleagues. You will very quickly find if you have a concept down or not if you have to explain it to a person. I found this method very helpful.

Step 7: Book the exam.

When you’re getting over 75% on pocket prep/practice exams, you need to book the exam. Give yourself 1-2 extra weeks to continue practicing. It might not seem like it, but you will focus more with a locked in date. Lock that date in.

Step 8: The day of the exam.

I was doing pocket prep during the whole day, but I touched up on port numbers and some other bits during the day as my test was booked for the afternoon.

Here are some quick tips:

Make sure you’re hydrated! You may sweat during the exam and dehydration causes physical and mental discomfort. Strongly recommend necking a glass of water before about an hour before the exam if you’re not used to hydrating. The hour should give your body enough time to process it and not need to go to the bathroom during.

Here are some basic tips to read on the day:

Ports that are actually relevant for the exam:

• 21 - Ftp (Insecure!)

• 22 - SSH/scp/sftp (Encrypted. Important!)

• 23 – Telnet (BAD! #closeport23. Boooo! Important!)

• 25 – SMTP (email)

• 53 – DNS (Important!)

• 69 – Tftp

• 80 – Http (Bad! Insecure! Important!)

• 88 – Kerberos

• 110 - Pop3

• 143 - IMAP

• 389 - Ldap (Insecure! Important!)

• 443 – Https (Encrypted HTTP. Important!)

• 445 - SMB

• 514 - Syslog

• 636 - LDAPS (Encrypted LDAP. Good. Important!)

• 989/990 - Ftps

• 993 - Imap4

• 995 - Pop3 Encrypted

• 3389 – Rdp (Very important)

• 6514 - Syslog (Encrypted Syslog)

Some tools:

• Cuckoo is a sandbox analysis tool

• Sn1per is a pentest framework

• Hping is a packet crafter

• The Harvester is an open source intelligence tool (OSINT)

• Bcrypt is a key stretcher (salter)

• Shibboleth is an SSO open source federation solution

• dd is a command line file copying tool for linux

• Nessus is a vulnerabiliy scanner

• nmap is a command line port scanner

• Wireshark is a packet analyzer

• FTK Imager is a forensic disk imager

• jack the ripper cracks passwords

Input validation protects against the following:

• Cross site scripting (XSS/CSS)

• Cross site request forgery (XSRF/CSRF)

• SQL Injection

• XML injection

Fuzzing tests input validation

WAF = Web Application Firewall. EMPHASIS ON WEB APPLICATION.

netcat can be used to open connections between devices

Data Owner/Data Controller is the Executive (not always) who is responsible for the risk to the data and is ultimately the person who wants the data in the first place.

Data Custodian is the person who does all the actual work protecting and managing the risk to the data. Usually a system admin.

Data Steward is the liaison between the Owner and the Custodian. They also worry about the meaning of the data and the correct usage of the data.

SYN Flood is when you send a bunch of “can you please open a port for me” (SYN) packets to a device and the device gets stuck saying “yes I will open a port”.

You never share a private key in asymmetric encryption. You only share a public key. Safely storing private keys is called key escrow.

That’s all from me. I hope it helps.

Throwaway account.

So I downloaded two free samples of braindumps from some site; I didn’t realize the true consequences of them until further researching it.

I only skimmed over it a couple of times and only had it on my computer since last night. Didn’t write anything down either. Once I realized how detrimental they were to NOT have I deleted them right away today.

But my nerves are pretty high strung right now and now I’m worried this is some decoy website that Comptia might of put up to catch offenders? It now has my credentials and can trace it back to me that I downloaded them even though I didn’t fully understand the detrimental meaning behind having brain dumps;

question is will I be okay when it comes to test date?

Sorry; I’m super paranoid right now and feel so stupid even though I didn’t have the files for more than a day. I dont want this to be a reason my cert gets revoked bc I have spent COUNTLESS hours into this before running across these “braindumps”

Hello! New to all things IT security and I started pursuing the Security + cert in Feb. I watched all of Professor Messer’s free videos. It helped but it was in one ear and out the other. I just don’t learn this way. I bought his practice exams and exam hacks. I believe this was the key to me passing.

Don’t waste your time on Dion’s tests. They are very wordy, long and I barely got any on the actual test that resembled Dion’s style. The PBQs are way different too. Only spent $25 on them but still - not worth it. I took 3 of his tests and scored in the 70s.

Going back to the star of the show: Professor Messer’s practice tests. These were definitely more in the style of PBQs and questions in the actually test. With that being said - I think I only got 10 questions that I felt like were similar to Professor Messer’s out of the 300. BUT —- his tests were built on how to teach you to understand. He teaches you just enough to pass without going overboard. I got 78 questions and 3 of those were PBQs. Like what everyone else said on here - watch a video on how to install firewalls.

For Messer’s - I just made an answer sheet and wrote down all my answers. It’s PDF form but it’s fine. I scored 45s on my first round of Messer’s. Second time 70s. 3rd time 80s and then wrote down all the ones I got wrong on all tests. Tested and learned all the ones I got wrong. This helped me a ton instead of taking each test over and over.

I studied the crap out of the OSI model and the cyber kill chain - only had 2 questions that were relatable.

I also used passemall.com. I believe this helped me score the final points to pass.

Now for everyone saying as of recent they don’t think the PBQ’s are graded. Let me just tell you, I ran out of time. I was sooo focused on the questions that I only had 10 minutes left for 3 PBQs at the end. So I spent about 3 minutes on each and just chose what I felt it was right. Comptia gives you points for every answer you get right I think. In the beginning of the test, it states not every question will give you points.

I didn’t fully finish any PBQs. I passed. You should too if you’ve studied and feel like you’ve learned mostly all you can learn. Good luck!

TL;DR
I passed the Security+ (SY0-501) exam on 12/04/2018 with a score of 797/900. I used Gibson's book, Gibson's free online "extras", and Messer's videos. I suggest taking a networking course/training before preparing for this exam and doing all of Gibson's free online labs. I, as others have also reported, felt that I was failing the exam once I got deep into the multiple choice questions, but ended up passing anyways. Good luck!

Summary: I have just over 16 years of IT experience, most of that has been in a business analyst role and 12 of the 16 have been in the legal industry working in the e-discovery field. So, I have experience on the evidence-handling side of things (legal hold, chain of custody, drive imaging, encryption programs) and general IT knowledge. I have zero experience with networking, sysadmin stuff, linux anything, authentication stuff, etc. I studied for 3-5 hours per day for almost 4 weeks. I passed today with 797 out of 900; my exam had 85 questions, i think 4 or 5 of them were performance-based. I will list out what I DID and then list out what I WISH i had done.

What I did:

1 - Bought Darril Gibson's "Get Certified Get Ahead" SY0-501 book
2 - Did the assessment exam in the front of the book and got about 65% correct. Thought oh boy, this is going to be easy!
3 - Read the book from cover to cover, taking structured notes in a Word doc for everything I didn't already know (which was a LOT).
4 - Did the practice questions at the end of each chapter and re-read the question AND answer for every single question whether I got it wrong or right.
5 - Did the post assessment test in the book and got over 90% correct.
6 - I watched every single one of Professor Messer's (FREE!) videos for the 401 exam AND the 501 exam; took more notes where needed.
7 - Went to this web site and did all 24 FREE practice tests, plus the subject-matter-specific ones linked at the bottom of the page: https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests NOTE: They only give you a correct/incorrect mark and tell you what the correct answers were. There is no explanation of WHY.
8 - There are a handful of FREE tests at this link (this is the first test, the others are linked in the upper-right). Some of these questions have incorrect grammar, wrong answers here or there, and are just generally weird. I am not sure if doing these ones helped or hurt. https://www.proprofs.com/quiz-school/story.php?title=Comptia-Security-Practice-Exam-1-1

9 - The day before the exam (yesterday as i type this) I started going through Darril Gibson's "extras" web site here: http://gcgapremium.com/501-extras/ ... the content is:

9a) Labs

9b) extra questions

9c) external resources

10) Day before, tried best I could to memorize PORTS. https://blogs.getcertifiedgetahead.com/understanding-ports/#ports. This DID end up coming in handy, but only for maybe a few questions, and "which port" wasn't necessarily the defining part of the question.

11) Did the Gibon's "extra questions" (especially the performance-based ones) on his web site. Some of those I feel should've been in the book. There aren't all that many of them, but some of the material is helpful. There were probably two questions on the exam that I only got right because I did these extra questions. http://gcgapremium.com/501-extra-ptqs/

EXAM DAY. You show up, put your stuff in a locker, check in, they take your picture, and you sit at the computer. The app gives you some instructions, etc. Then I started. The first 4 or 5 were performance based questions. Three of them were unlike *ANYTHING* I had seen in any of the Gibson, Messer, or any "free test questions" materials. Two of them were pretty simple, just matching up definitions.

I answered the two easy ones, and skipped the other three. Now on to the multiple choice. The first ~10 questions were simple and i flew threw them thinking AWESOME, I prepared really well ! From that point forward, however, I was 100% convinced that I was failing the exam. There were terms and scenarios that I'd not come across anywhere in Gibson or Messer's materials. I was sweating my butt off and felt like I would have a heart attack at any moment. Question after question I had little confidence in my response. The timer is in the upper-right and I started FLYING through the last ~20 questions in order to leave myself with at LEAST ten minutes to go back and do the performance questions I had skipped, plus do a review of all my multiple choice answers.

I responded to the three performance questions best I could with only TWO minutes to spare. I flew through the middle section of the multiple choice questions to review and my time ran up.

HERE'S THE FUNNY PART. Once you are done with the test, instead of showing if you passed or not, they make you take a demographic survey first. The survey feels like it goes on FOREVER. Then when that's done you are shown a screen with your score. Why the heck can't they put the survey in front BEFORE you start the exam questions ? You're already a captive audience at that point.

THINGS I WISH I HAD DONE:

1. Taken some sort of networking course or training program first. I feel that the Gibson materials and Messer videos give you enough information to answer the simple "definition" questions on the exam, but those materials aren't enough to make the "leap" you need in order to answer the harder questions on the exam. If you've spent time as a sysadmin or helpdesk person (or obviously a networking person) then these questions might come pretty naturally. There were a LOT of questions around firewall setup, wireless protocols, the command-line utilities on windows and linux, DNS stuff, outputs from some logs, etc, etc. Some of it really doesn't seem to have much to do with security, unless you take the broad "anything that can break or go wrong on planet earth or any other planet is considered a security risk" stance. Since a "network issue" (whether it's the result of an attack or not) is considered a threat to confidentiality, integrity, and/or accessibility, then "all networking issues" seem to be considered security issues.

2. Done all of the Gibson labs. I browsed through them, but didn't actually do them. I think some of the material may have helped, especially around command line utilities.

3. Managed my time on the multiple choice better. If you don't IMMEDIATELY know the answer, "Flag" it and move forward.

4. Realized that the Gibson practice questions and the Exam Compass free questions are a LOT easier than the actual test questions. This is more of a mental prep thing than a technical one.

Some random tips:
- Know what CCMP is. They seem to want to drill it into your head that the "most secure" wireless setup for an enterprise is WPA2-Enterprise with a RADUIS/AAA server using CCMP. They really love WPA2, RADIUS servers, CCMP, and AES. Go through your own WIFI router's setup screens and just sorta memorize what the options are for protocols and whatnot.
- Know the command line utilities - - not necessarily all the switches, but which tool CAN BE USED for some purpose. Netcat for example CAN BE used for banner grabs, but there are other command line utilities as well. They seem to be very fond of nmap and netstat in particular.
- If the question is asking about what is most secure in a list of stuff, the answer is probably going to be TLS and/or AES. They love TLS and AES. I got ZERO questions about which things in a list were the LEAST secure.
- They seem to love Salting .. there were a bunch of Salting-related questions, although ZERO questions on any particular encryption method except that "AES is the best" mantra. Like, no Diffie-Helman, nothing about block chain, only ONE question that had anything to do with KEYS and it was a "gimme" one.
- Port numbers were really not much a part of my particular exam, outside of a few questions. They really want you to know that port 80 is HTTP, port 443 is HTTPS/SSL/TLS and that DNS is 53.
- I got only one question having anything to do with Cloud and one question on secure development that had absolutely nothing to do with "security" at all.
- Many of the scenario-based questions have a LOT of irrelevant information packed into them. I think it would've helped if i had first read the actual question (the last sentence in the paragraph), then looked at the potential answers, and then gone back and re-read the whole thing. Many, many, many, of the responses to these things are VERY subjective. What's the FIRST thing that you do after you walk out of your front door? They might give you responses of:
a) Lock the door
b) Start your car
c) Pick up the newspaper
d) Turn around
Well, in order to lock the door you probably FIRST have to turn around, but since this is a security exam it's probably (A). Just try to separate the BS from the likely overall purpose of the question.

Overall, I think this was a very difficult exam and some of the questions didn't seem "fair" based on the scope of the available training materials. The material itself isn't rocket science, but what made it difficult is that (for me anyways) at LEAST half the questions were so completely different from the available "test prep" sources (like Gibson's and Messer's). Just be prepared for that reality so you don't go into PANIC mode like I did ! Choose the "most likely" best answer and move to the next. Good luck !!

exam prep courses to help you prepare for the Security+ 701 certification. I found this link on LinkedIn.

Hope this helps.

https://certpreps.com/secplus/20

Hey

can someone give me a tip on which reputable seller i can buy the CompTia Sec+ dumps from. i'm looking for either online test or software thanks very much

**Something about myself!**
2.5 years of experience [8 months security-specific experience]. I prepared for a month and a half and Passed Security+ 601 with 791 :)[ ** insert It's ain't much but it's honest work meme ]

Here's what I did it:

Online course to understand Security+!!

• Professor Messer is an excellent teacher and provides all the necessary details. His videos also strictly follow the syllabus. There are many other instructors which you can definitely try but I find Messer amazing!

• My suggestion => No matter which instructor you choose, make handwritten notes. Yes, It will hurt writing all those pages but hey, they are your personal notes and write only summaries and important things [that you often forget or are hard to understand] so you can always come back to it for reference. You might argue that you don't need it but writing things down really have an impact on your memory.

Practice!!!

• There are many resources out there. My Favourite:

  • Dion Jason Practice Test - A total of 480 questions with PQBs [sort of]

  • CompTIA Security+ Official App by ABC E-Learning - Set of 860 questions [approx] divided into 5 Sections as per syllabus without PQBs. Also, have 8 Practice tests with questions from those 860 questions. [The App has this Favourite and Weak | Medium questions section ... really helpful!!]

  • I initially started with free community-driven dumps but it's a waste of time as you will never know what is the right answer. Some will say A, others will say C, and a few B and D.

  • My Suggestions => If you are confident, you will pay $250 [including tax] for the exam voucher and if not like me you will buy a retake bundle for $350. The point is extra $20 $25 for these practice tests will go a long way as you understand the syllabus from the online instructor course [ they give you perspective but you will really learn from reading these questions ]

  • People say CertMaster is poo poo... and I trust this community. So Never tired ... never know. I think you should too.

Exam Tips!!!!

• Keep important short information with you like important acronyms and port-service lists.

• I got a list of ports and other information from one of the AMAZING REDDIT POST FOR SECURITY+[ Read this post as well for additional information and this OP's perspective ]

• Never underestimate a good night's sleep. Don't take rest and keep yourself calm [Easier said than done]

• Imagine yourself successfully completing this certification, Yes it feels so light and amazing. You can feel that too! after all this hard work ... you deserve it! But a coin has 2 faces. Meditate upon

  • What if you fail?

  • What's the worst that can happen?

• Worst to worst you will be booking another exam in the next couple of weeks. People fail and that's alright. Make peace with that feeling and you will find confidence.[Believe me, I know how sweaty palms and feet feel like]

• Give the Testing center a preference. There are a lot of Pearson Vue horror stories for protected exams. The testing center is peaceful and straightforward. Puts you in that zone.

• Just like everyone says, Starting 3-4 questions will be PQBs, don't even look at them ... skip, flag, and come back later after completing all the MCQs

• For MCQs, there is a golden rule: Read twice, Answer once! Believe in your hard work and your gut

• If you believe in God or any higher entity, believe in him too! cause*"Who cares if one more light goes out? Well I do" [ you know its true if it rhymes ]*

Do let me know if you want me to add anything else to this...

Thank you ... this wonderful community for all the help.

In the name of all those unnamed, unsung heroes of REDDIT!! <3

All the best stranger

- theModernWitcher

The CompTIA Security+ SY0–701 is arguably the most difficult I’ve taken so far. I scored 763 points in my first attempt and this is how I prepared myself towards this exam. Note that the quality of preparation questions you encounter are very important.

My Background

It was somehow easier for because I’ve been working as an IT Security analyst one (01) year prior to taking my exam. Additionally, I am a holder of the ISC2 Certified in Cybersecurity (ISC2 CC), a MSc and BSc in Computer Science and a Graduate Certificate holder in Cybersecurity Analysis. This helped to solidify my foundation moving into the exam.

Preparation

Before booking my exam, I started by browsing the Internet and gathering materials that will be needed for this exam from recommended books, instructors, websites, PBQ sites etc. I spent over 4 days gathering materials and drafting out a study and preparation plan. The first steps was downloading the official exam objectives from CompTIA’s website — https://www.comptia.org/training/resources/exam-objectives.

Every morning, I would wake up at 5a.m and study for 2 hours (1Hour on Hack The Box and 1 Hour reading books), and after my work, I would study for 3 hours (1hr on HTB and 2hrs on Security+ notes).

Preparation Resources

1. CompTIA Security+ Study Guide with Practice Tests from Mike Chapple (2 books — $90 CAD) — On Amazon

2. CompTIA Security+ (SY0–701) 30 hours course on CBTNuggets https://learn.adept.at/cbtnuggets/comptia-security-sy0-701

3. Professor Messer’s Free Security+ Study Materials -https://www.professormesser.com/get-comptia-security-plus-certified/

4. Hack the Box Academy — Linux Fundamentals — https://academy.hackthebox.com/dashboard

5. ChatGPT — I used the premium version of ChatGPT (20 USD/m), created projects for my training and leveraged it when I needed more elaboration on a concept. This was one of the best resources as the quality of responses and recommendations from the paid version were far above that of the free version. — https://chatgpt.com/

Exam Questions and Problem-Based Questions (PBQs)

1. Wileys Test Bank aka Sybex (over 360 questions) — https://study.learning.wiley.com/

2. Professor Messer’s question Bank with PBQs(270 questions — Set A, Set B, Set C) — https://www.professormesser.com/get-comptia-security-plus-certified/

3. LabsDigest — 50PBQs — https://labsdigest.com/courses/comptia-security-sy0-701-performance-based-questions-pbqs/

4. ExamsDigest — Over 50 Simulations Exams with PBQs — https://examsdigest.com/courses/comptia-security-plus/

5. Passmall Exam Collections (The most difficult, I barely scored 70% in these exams) — https://passemall.com/free-comptia-security-practice-test

6. CertPreps — Over 90x20 question sets, good quality — https://certpreps.com/secplus/

Home Cybersecurity Lab — Side-learn

In addition to all of these, I built a home cybersecurity lab and got a Fortinet FortiGate with an annual subscription. Got a mini PC with 64GB RAM, 4TB SSD NVMe, 20 CPUs 2.5GHZ, 4gb NVIDIA. I installed and configured over 14 different VMs, practices network segmentation, isolation, air-gapping, access controls, firewall configurations, malware analysis amongst others.

This home lab help me a lot with hands-on as I was able to translate theory to practice.

Exam Revision

During the revision, i set out different sets of questions, all grouped together. I would time myself for 90 minutes and make sure that I stop immediately the countdown reaches zero and evaluated myself. This made me to be very time conscious and as did several sets, i was able to manage my time effectively. Find below my practice sheets.

How I Scored Myself During The Revision

The first exam sets were so difficult that I almost gave up, I was scoring between 60% to 71% and It kept on getting worst as my main issue was time management. I would hardly finish 90 questions in 90 minutes and to be strict with myself, I would stop when the countdown rings and count my marks.

As time went on, i started mastering everything, i was able to finish in 1h20 minutes and I consistently scored between 85% to 98% in the most difficult of the exams. At this point, as Professor Messer would say… “You know you’re ready for the exam”.

Exam Day Proper

On the eve, I made sure I had gone through everything, I slept as early as 9p.m and my exam was the next day at 1:30p.m. In the morning, I revised my notes, did a quiz with ChatGPT and the confidence was high. I drove to the exam centre, It is in a very big shopping mall, i lost my way and was so tensed as my exam was in 45 minutes. Finally after several minutes of doing rounds, I found the centre, got myself registered. I was so tensed, my heartbeat increased, I started sweating.

I started hearing voices in my head telling me how unready I am. I coulnd’t focus. I can assure you, i even forgot my phone number (^_^). The receptionist asked me to calm down, she gave me a bottle of water and ask me to use the bathroom if i wish to. I used the bathroom, washed my face, got inside the exam room and that was it.

The first 10 questions were so difficult, I though I knew them, but the way they were structured was as if it was a reading comprehension exam and not an IT Security exam. It looked like something written in Japanese with a blend of Vietnamese and a small touch of English.

I lost hope and at some point, I was just answering for answering sake. I knew I was done and dusted. The PBQs were just so so so so long and as recommended, I skipped them and took them after the MCQs. I finished the PBQs with 7 minutes to go, went back and reviewed the flagged questions and submitted my exam with 30 seconds to go.

Result Declaration

After submitting, I was asked demographic questions and all i just wanted to do was get to the end as soon as possible and leave that place. I was crying already. My hours of studying, hands-on labs, revision, sacrifices, everything had boiled down to that moment and nothing mattered again.

Once I submitted the review, I was asked to click on a button to see my result and behold, I PASSED WITH 763.

This was it, the rest was celebration++. Now, I am currently preparing for the CompTIA CySA+ exam and I now see how important my homelab is.

KEY NOTES

• Do as many revision questions as possible

• Avoid “FREE QUESTIONS” as their qualities are not the best

• Professor Messer, Sybex and Passmall were the closest to the exam. I highly recommend those.

• NOTE: You cannot reverse-engineer the exam. I revised over 2000 questions, but I can’t remember seeing anything I knew.

• Master the concepts and avoid cramming. If you cram, YOU WILL FAIL, that’s the sad truth.

Thank you for your patience in reading my CompTIA Security+ story and I hope this acts as a motivation for you to achieve yours.

Goodluck in your exams.

But damn.. it wasn't easy. The last CompTIA exam I took was the A+ 1001,1002.. and this one felt way harder!

My tips: know the acronyms, there are so many and they are used soo often.. some even have multiple meanings (I.e. SoC vs SOC). Save the non-multiple choice qs for last (though they aren't overly difficult).. And above all, relax, you guys got this, if I can do it literally anyone can, I am (as my sister would say) "as dumb as rocks" lool

I only used free resources to study for this test. YouTube videos (Messer and others), Quizlet flash cards, and 3 practice tests. I felt the resources I used adequately prepped me for the exam. In case any of you were wondering whether it is absolutely mandatory to buy books or qbanks to prep - its definitely not needed.

Edit: Here are the resources I used, in order of priority:

• https://www.youtube.com/watch?v=O4pJeXgOJDs - A 5hr sec+ review, you can watch this on 2x speed

• https://docs.google.com/document/d/e/2PACX-1vQ6Yr440loG9ubZ5m5-UYUAtBA2v5e7Ac4OAT5KUsPLnuXPq2P_gsRtGpc_k9Av-g/pub - Set of notes for 501, missing section 5, but comprehensive aside from that

• https://passemall.com/free-comptia-security-practice-test/ - Perhaps the biggest reason for my passing the exam - this is a very helpful, yet free, practice exam

• https://apps.apple.com/us/app/comptia-security-exam-sy0-501/id1458159392 - Solid practice app, geared toward 501 tho

• https://www.youtube.com/watchv=9NE33fpQuw8&list=PLG49S3nxzAnkL2ulFS3132mOVKuzzBxA8 - I actually didn't finish the whole playlist, but his vids are some of the best, best of all its fully up to date for 601

• https://quizlet.com/551902735/security-sy0-601-flash-cards/ - Flashcards, there are many sets available

I saw someone's post being deleted for presumably advertising one.

From what I see they seem to offer practice tests?

Can someone explain what's wrong with them and why it's against COMPTIA or this subs to mention them?

I just bought Jason Dions Practice tests and just curious as I've come across this BrainDump thing for the first time.

Has anyone had success with Security+ SY0-501 dumps? If so, please provide a recommendation. I need to recertify. Thanks.

Hey guys I’m about to take my exam on Sunday and was wondering who makes the practice exams closest to the real thing. Currently using professors messers exams.

Well, folks, I passed the CompTIA Security+ SY0-701 exam with an 800 in just one month!

Here’s how I survived this rollercoaster—grab a drink or maybe two.

What I Used:

ChatGPT voice model: Big shoutout to Ember; she helped me understand things like a tutor.

Jason Dion’s Course on Udemy and his 6 extra practice exams : Dude’s a great teacher, and I have nothing but respect. Unfortunately, his course is a bit dry. Still, it gets the job done and helps you understand the material. Just be prepared to question your life choices and your sanity when you tackle those practice exams!

Pocket Prep question bank and mock exams: Quick 10-question quizzes you can do anywhere, including the bathroom. Once you are through most of them, I would start the mock exams—just be prepared; they are rough.

CyberCraft YouTube Videos for PBQ practice: Full of insights that stick. Pro tip: Write down your answers first and then follow along with the video.

Quizlet: Great way to study the acronyms, ports, and protocols. You will be studying this every day.

Step 1: Set Your Exam Date Book your exam and commit to that date, or you’ll end up doing anything instead of studying. (My professor in college said your brain retains information better if you do an exam within 30 to 60 days, and it has always worked for me.)

Step 2: The Magical Whiteboard If you’re taking the exam online (like I did), there’s a whiteboard feature! Use it like it’s your own personal dump station—just put everything you can remember on there before the exam. Think of it as a lifeboat for your sinking ship of knowledge. (at the end of the exam, I could barely remember my name.)

Step 3: Daily Dose of Dion I watched and listened to Dion’s course while commuting, at the gym, and even during dinner. Every chance I had. Then I’d read the study guide following what I had learned that day from the videos, jotting down notes and discussing them with the ChatGPT voice model. (It really helped me out.)

Step 4: Acronyms and Ports Acronyms are like that one friend who shows up uninvited but you can’t quite get rid of. Get to know them; they’ll be everywhere. Just remember, spaced repetition is your best friend here. Some acronyms will feel like a walk in the park, while others will have you questioning your life choices. I’m pretty sure my test was created by a team of sadistic crossword puzzle enthusiasts—“TMI” might as well have been on there!

Step 5: Pocket Prep for the Win I decided to invest in Pocket Prep, and boy, was that worth it! The interface is smoother than a buttered slip ‘n slide, and the motivational emails made me feel better about myself. I went from a shaky 50% to a comfortable 85%. Do most of the premium questions before the mock exam. (I did all 1000 questions.)

Step 6: Mock Exam Madness Once I wrapped up Dion’s course, it was time to tackle the 6 mock exams . These felt tougher than a steak you get from those TV dinners. Between Dion’s mock exams and Pocket Prep, I was sweating bullets (Definitely no tears; it was totally sweat). But here’s the trick: don’t just memorize the questions; actually understand the material! Scoring 80% on both Dion’s and Pocket Prep’s mock exams felt like finding a twenty in your old jeans—a total surprise and a reason to drink! Just a side note I feel like these test are harder then the actual test but they really make you think which helps on the exam.

Step 7: Last-Minute Panic Session With just four days left, I dove headfirst into PBQs and polished everything up like it was a classic car. (I would recommend to look at the exam objectives and circle the ones you don’t know so you can review it)

Exam Day: The FUBAR Chronicles Now, let’s talk about the chaos that was exam day. I have a special place in my heart for Pearson VUE, and by “special,” I mean I loathe it with every fiber of my being. Everything from booking the exam to taking it was like pulling teeth. Pro tip: do a system check a day before, or prepare for a mini meltdown! My MacBook Pro M1 worked fine and passed the checks the day prior, and then on exam day, the software decided that it wouldn't work with my Mac, so I was forced to run and borrow my brother’s Asus Zenbook, which has more than enough processing power and a dedicated GPU. ( login to the test an hour prior if your taking it online to work out the kinks)

Make sure your testing area is cleaner than an operating room floor. I was dinged by the proctor over staplers and a paperclip. (Once I moved them, we no longer had a problem, but seriously, one paperclip?)

Then, three questions in, my mouse started lagging like it was trying to escape my grasp. I thought, “Is this a new PBQ where my Bluetooth is being sabotaged?” I was thinking CompTIA really outdid themselves. So I switched to the trackpad, and it still did not work. I begged the proctors for help, and they told me they could not do anything and that since the exam started, there is no refund.

I discovered I could navigate with the Tab key and the arrow keys. So if you have an issue like this, use this method. The PBQ took me a good 20 minutes thanks to the mouse fiasco.

In the end, I powered through like a pro. So, here’s my advice: embrace the chaos, take good notes, and when in doubt, lean on the community for help.

Good luck, future test-takers—may your acronyms be clear, your proctors be lenient, and may your exam day be less chaotic than mine (because let’s be real, I think I deserve a medal for surviving that).

You’ve got this!

Edit/addendum: I forgot to mention flashcards - I used the Brainscape app/website to make flashcards on concepts that I just could not get to casually stick. There are a lot of things here that will take brute force memorization.

Also, I did not use any Sec+ specific videos due to my previous info-sec studies helping out so much. However I've heard really good things about the Jason Dion videos. If his videos are as good as his practice exams - then they'll be gold as a starting point.
_____________________________________________________________________________________________________________

Hey all!

I'm excited to share that I passed the SY0-601 Security+ exam this morning with a 789 out of 900. I believe this equates to roughly 88% - but nobody truly knows how CompTIA scoring works on this exam.

I found this subreddit invaluable to determining which study materials to use, so I thought I would share my materials and rank based off of what I found most useful.

PRACTICE EXAMS:

Here are the practice Exams I took. I’ve ranked these in order of usefulness to passing the real exam.

To me, Usefulness = accuracy + following the official study guide material very closely + responsiveness of test writer to any questions I had.

1. Passemall Security+ Practice Exams. 10/10. Conclusion: Excellent resource. USE THIS.

Biggest pro to using this source: large bank of test questions, accuracy of questions/answers.

I didn’t ever ask them clarifying questions, so I can’t evaluate test writer responsiveness.

Details:I took the first 4 exams. I only ‘passed’ the first one, with 83%. Tests 2, 3, and 4 I was getting high 70s, low 80s.

These were the best exams. https://passemall.com/free-comptia-security-practice-test. They were the hardest practice exams and most closely followed the source material. I’d say they’re 5-10% HARDER than the real exam, and 5-10% harder than the Dion practice exams.

They offer 8 practice exams of 90 questions each. You need to achieve 83% to pass (same as the real thing).

They also offer a ‘learning’ mode which lets you drill down into each topic you feel you need to, in blocks of 8 questions at at time. These tests are harder than Dion Udemy practice tests, and super closely follow the Official CompTIA Security+ Study guide.

2. Jason Dion Udemy SY0-601 practice test. 10/10 Conclusion: Excellent resource. USE THIS. I only ranked this as number 2 because Passemall has a larger test bank and is a bit harder.

Strongest Pro to using this: Accuracy, size of test bank, test writer responsiveness to questions I had.

Details:I’m not sure what to say about the Dion exams that hasn’t already been said 100 times on this subreddit. You need to get 90% on each test to ensure that you'll probably pass the real thing. I think Dion only says 90% because chances are you'll accidentally memorize a few questions rather than truely knowing the material. These tests are super close to the difficulty of the ‘real’ exam. It might be a 1% or 2% difference in difficulty one way or the other from the real thing, but I couldn’t really tell.

The Dion Practice Exams super closely follow the official book material, and are super accurate. There were a few questions that I thought “gotcha! That’s not the correct answer.” When I asked a question, I would only later find out they were correct, and I was thinking about the problem in a wrong way.

3. Total Seminars CompTIA Security+ Cert (Sy0-601) practice tests. 3/10. Mediocre resource at best. My recommendation: Don't use this.

Pros: Not really anyLargest Cons: Smaller test bank then the other two resources I used (4 exams). Content that goes really far off-book/doesn’t follow the official study plan. Inaccurate questions/answers, and poor test writer responsiveness.

I hate to slag off on an otherwise reputable company, but these practice tests were bad. I get the distinct feeling that they attempted to write these exams for the 601, before the official exam objectives were revised last summer. I was finding far too many questions that simply didn’t apply to the curriculum. Then I’d waste a TON of time double, triple, and quadruple checking that the concept/question item wasn’t in the official study guide.

Books:

Quick tips - if you have a multi-monitor computer set up, I recommend going the e-book route. This way you can easily ctrl+f to search any terms you need to, in order to quickly find them. Trust me, this will save you so much time. Even if you don’t have multiple monitors, this advice probably stands.

Also, it’s good to have more than one reputable book as source material. Different books generally explain things differently. I often found myself scratching my head when reading from one book – but the same item was more clearly explained in another book.

1. The Official CompTIA Security+ Student Guide (ebook). 10/10 USE THIS.

I accidentally bought the student guide instead of the study guide. The only difference is that the student guide is tailored for in-classroom studies. All of the information is in both books though, so if you accidently make the same mistake I did – don’t stress 😊

This is the OG book. It has everything in there that you need to pass.

2. CompTIA Security+ SY0-601 Exam Cram, 6th edition (ebook) 9/10 USE THIS

This book comes with additional practice tests if you need them, although I didn’t use them. This contains probably 95% of the information you need. I found the information was typically more easily digestible here than in the Official study guide.

I want to wrap up that I didn’t get into studying ro the Sec+ in the normal way. I was (and shortly will resume) studying for the ISC2 CISSP exam. The source material has a lot of overlap with the Security+ (there’s a lot MORE to cover in the CISSP, however, probably 90% of the Sec+ material is also in the CISSP.). I found myself getting discouraged with the CISSP studies, so on a whim took a Sec+ practice exam and got score in the 730s. Since I was so close to passing without having studied for the Sec+, I decided to pivot to the Sec+ and crammed for a couple weeks to pass.

This is definitely not the standard way of reaching a Sec+ I realize. Since I was so close to passing already, I didn’t bother with reading any Sec+ books start to finish. Instead, I focused on practice exams to identify and drill into my weak points, then used the books as reference material.

On the note of the CISSP - there's so much overlap between the Sec+ and CISSP, I think it is a REALY GOOD IDEA to go for the CISSP after the Sec+. The CISSP is a magnitude of difficulty harder, but if you ever think you might want to take this exam in the future - then do yourself a favor and go for it after passing the Sec+. You don't want all that valuable Sec+ information leaking out of your brain before you start on the CISSP :)

If you’ve read the whole post, thank you!

Also, good luck to anyone going for the Sec+!!