About 2 years ago I studied for CCNA for 11 months. I made 100 page study guides, outlines of the OCG textbook, index cards that would reach my ceiling if i stacked them up ( a fun game you might think). And after those 11 months....I failed. I was infuriated, not because I failed, but because after studying so goddam hard all those months, I realized the test only tested me on like 20% of the material i studied...and that it was a game..not how hard you study...but how smart

I vowed never would I go through that again....

Sec+ Test Experience:

• JUST LIKE PROFESSOR MESSER PRACTICE EXAMS

• Stay AWAY from DION's practice exams, they are NOTHING like the real exam

• For attacks specifically, know what they look like, for example what does the URL look like in XSS attack? What does a path look like for directory traversal ?

• Ports were not as huge as other people made them out to be

• The PBQs were INSANE. The configurations they asked for were out of the scope for sure and i probably got them wrong.

• Some questions were tricky when regarding governance/policy. Know your standards!

Sec+ 3 Week Study Method: Professor Messer

Week 1: Passive Study

• Passively watch Professor Messers video series on Youtube (DO NOT TAKE NOTES JUST WATCH)

Week 2: Take Professor Messer Practice Exams

• Take exam 1 open book, have a print out of Professor Messer Notes next to you. Make index cards of everything you dont know...especially those acronyms. Study those index cards before moving onto exam 2

• Take exam 2 closed book in study mode. What this means is that you go to the end of the exam where it has the same questions but with detailed explanations BUT you do not look at answers until you make your decision. Checking the right answer after each question individually helps reinforce the right answers into your memory, and helps you learn why the wrong answers are wrong. Again, make index cards of what you didnt know and review before exam 3

• Take exam 3 closed book, like a regular exam. This gets you ready for how you will take the exam on exam day. Do not look at detailed answers until you finished. When you go over it, understand right and wrong answers, and once again make index cards of what you dont know

Final Week: Review

• You should now have 3 card decks: Exam 1, Exam 2, Exam 3. Study them until comfortable

• Day 2 and 3 before exam retake all practice exams

• Day before Exam DO NOT STUDY. Netflix n chill, order a pizza, be adventurous.

Takeaway:

• The Goal is to waste less time studying because youre not going to be tested on everything on the exam. Dont make guides/index cards on EVERYTHING...just what you didnt know on practice exam

• You dont need to know every single acronym, but if you know the acronyms/everything from Professor Messers practice exams then you will pass.

• Go over visual examples of attacks such as XSS, SQL injection, Directory traversal (what does the URL look like for ex)

EDIT: Another random tip: Studies have shown that we recall information better based on the state of our minds when we learned the same material. So if you drink caffeine(coffee/red bull) while you study, make sure you drink it before the exam.

A bit of an explanation. Last year, I have completed the CompTIA A+ (the 1101 on January 2023, and the 1102 on March 2023) and Network+ (August 2023) certifications. I am planning to study for my Security+ certification. I am planning to use Professor Messer's videos and his notes like with A+ and Network+, but this time I plan on using his practice exams. I don't think I'll be getting Dion's course like with A+ and Network+, but may use his practice exams if they're available.

Now I am wondering if it would be a good idea to do the 601 or the 701. I am aware of the 601 expiring on July 31, 2024 (less than five months from now as of typing this), and I believe I can prepare for the 601 exam before then. But at the same time, anything can happen that might put off my studies (I remember putting off my studies for Network+ for a month due to IRL stuff going on). And I am wondering if the learning resources for 701 (notes and practice exams for example) are as good as the 601 to use.

Of course, I am leaning towards doing the 701, but is there any reason to do the 601 over the 701?

EDIT: Okay, 701 it is then.

Hi, I would like your advice about the Security+ certification.

I am preparing since this week with Udemy practice exams and I understand that on November 7 this year they will upgrade from version 601 to 701.

My question is, do you think it is a good idea and gives me time to prepare to sit for the 601 or better to wait for the new version (causing me to have to study more content and take longer).

Best regards!

tl;dr - I passed with a 767 and studied for a month. Only three months of help desk experience. I'm also bad at studying.

So I'm really bad at studying. I've had diagnosed yet untreated ADHD my whole life thanks to some financial issues and I could never properly focus on studying for this exam. On the first of April, I went and set my exam date to the 29th of April. That way I had four weeks to study for it and I knew I couldn't just wing it by watching some videos online while I did something else like it was a podcast so I had to plan it. I'm hoping anyone in my (lazy and bad study habit) situation or with a similar mind set can benefit to this.

Study Materials I Used

At first I felt content on using Professor Messer's free YouTube videos but I realized I wasn't retaining information, as beautiful as that man is. So I went and researched different study materials people used, checking the wiki, asking people on discord, etc. I settled on the following:

• Jason Dion's CompTIA Security+ Complete Training Course & Exam - $11.99 $84.99

  • This includes video lectures, a downloadable PDF study guide, short practice quizzes at the end of each section, and a 90 multiple choice question (MCQ) Practice Exam at the end.

  • The course does not go in the order of the domains but in a specific order meant to make the most sense, combining multiple domains in one lecture for better information retention. Used as the primary course for setting a baseline.

  • The slashed price is from udemy's discounts that they seem to always have. ¯\_(ツ)_/¯

• Professor Messer's CompTIA Security+ SY0-601 Training Course on YouTube - Free

  • This is a YouTube Playlist that goes in the order of the domains that are short and straight to the point. Used more as a supplemental course to strengthen your grasp on certain topics.

  • I actually use YouTube Premium, downloaded the whole playlist on my phone, and listened to specific topics I had trouble with while at the gym.

• Professor Messer's CompTIA SY0-601 Notes & Exams Combo - $40.00

  • The notes are compact and easy to read. I printed mine out at work and pulled it out whenever I could.

  • These exam questions were the closest thing to the real exam (though the real exam questions were a level above these ones, in my opinion). Comes with three practice exams and their answer keys. I made the most progress in my studies with this, after setting up my baseline with Dion's courses.

  • I actually pitched in with three others at work who were also in my shoes (little to no experience) so we paid $10/ea.

• Jason Dion's CompTIA Security+ Practice Exams & Simulated PBQs - $13.99 $99.99

  • These were cool and all but the performance based questions (PBQs) don't work properly. I guess they're an image that you're supposed to look at and choose an answer but they just don't ever load properly. I honestly wouldn't get these for the PBQs.

  • When you complete an exam, it tells you which domains you're good on and which ones you suck on. Great for going back to review your weaknesses!

  • These practice exams are much easier than Professor Messer's exams or the real thing but they're great study material.

• Darril Gibson's CompTIA Security+ Prep Study App - Free Download, $3.99/monthly

  • This app is an organized lifesaver. I used it mostly for the flashcards and acronyms but boy these are great for on the go studying. This contributed to learning what acronyms reference what. A huge boon to studying.

• Quizlet - Digital Flash Cards - Free

  • I used Quizlet for memorizing ports. Great app for any time you want flash cards!

My Study Schedule/Plan

I get off work at 5:00PM and go to bed around 10:00PM~12:00AM so I spend 1~5 hours a day studying. Before I even started, I took all three Professor Messer Practice Exams as an assessment and took note on what I got incorrect. I then spent my first week finishing Dion's Course, spent the second week diving into practice exams, spent the third week memorizing ports and going over flash cards, then spent the last week spamming practice exams and looking over the course notes. I definitely had days where I couldn't study so I just didn't. I took 1~2 days to give myself a break every week otherwise my brain would melt. When work was slow, I'd bring out the app and look through flash cards or bring up the course notes through the Files app on my iPhone and read through it. As the exam date started getting closer, I went through the exam objectives from CompTIA and made sure I understood everything.

My Practice Exam Scores

My initial practice exam scores from my assessment were so bad. After the video course, my scores got better but they still weren't passing. In the end, I only got one practice exam as a passing grade. Dion's practice exam at the end of the course was really easy compared to Professor Messer's exams as I got a 70% on my first try then a 97% on my second try. The following are the practice exam scores I got on Professor Messer's practice exams:

1. Practice Exam A - 48% / Practice Exam B - 50% / Practice Exam C - 50%

2. Practice Exam A - 76% / Practice Exam B - 84% / Practice Exam C - 81%

3. Practice Exam A - 82% / Practice Exam B - 86% / Practice Exam C - 84%

I took my second attempt at Exam A on Monday, then Exam B on Tuesday, then Exam C on Wednesday and repeated that for Thursday, Friday, and Saturday so I wasn't just looking over the notes and having the questions and answers fresh on my mind while I took the third attempt.

How I Tackled the Exam

I skipped the PBQs, flagged and skipped the MCQs that took me more than a minute or two to get, made it to the end of the MCQs then went back to finish skipped MCQs, tackled the PBQs, then read through each question and made some corrections as I reviewed them.

My Thoughts on the Exam

Despite my planning, I felt so unprepared. The PBQs from Professor Messer's practice exams were the closest thing to the actual PBQs on the real exam. The MCQs however... I've never felt so small taking an exam. None of the MCQs from the practice exams were like the real deal. The whole time I took the exam, I thought I was gonna fail. I skipped the first four PBQs, finished my 78 MCQs 45min in, then tackled the PBQs. Afterwards, I had roughly 30min left so I went through every question again and again until I felt I had done everything I could. Finished the exam, took a survey at the end, got my result right after and, to my surprise, passed with a 767.

Things I Could Have Done Better

I really could have studied more. I was hoping to get a higher score than 775 to beat my friend haha! Going through the exam, I completely blanked out on certain acronyms and I had a couple of questions where I just tried to remember what that one acronym was. The funny part was that that acronym was the basis of, like, a handful of my questions. It's like the exam knew... According to my paper I get after the exam, the domains that hurt me most were...

• Domain 4: Operations and incident response (16%)

• Domain 5: Governance, risk and compliance (14%)

Tips and Tricks (A bunch I learned from u/AmethystWind)

• Learn what Symmetric Encryption is and you'll know what Asymmetric Encryption is(n't).

  • DES, 3DES, IDEA, AES, Blowfish, Twofish, RC4

  • RC4 is the only encryption standard that is a stream cipher. Everything else is a block cipher.

  • Elliptical Curve Cryptography (ECC) is used on mobile devices.

• Hashing algorithms increase in size alphabetically.

  • MD-5 & NTLM - 128-bit

  • RIPEMD & SHA-1 - 160-bit

  • SHA-2 - 256-bit

• Please Do Not Throw Sausage Pizza Away - Mnemonic for OSI Model (more of a Network+ thing)

  • Physical, Datalink, Network, Transport, Session, Presentation, Application

• PICERL (pic-earl) - How I memorized the incident response steps

  • Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned

• MEMORIZE THOSE PORTS. Just brute force them into your brain. Use flash cards. Memorize the port numbers first then whether its TCP, UDP, or both.

• Don't just memorize what the acronym stands for, though it will help if you do. Know what it does and how it is used.

• Read the MCQs carefully. Look for key words. Process of elimination.

So I just passed the 601 version with a not great score of 781 - I've been lurking here for a while to try to help to pick up so tips, so I thought I'd share my story. I'm still a little giddy.

After Action Review (I'm going to try not to tick off the CompTIA gods):

• I got hit with the labs first, so I just did them - don't let them intimidate you, they were not difficult at all

• Jason Dion's course and practice tests was a bargain and def helped the most BUT - I felt that I over-studied - so much so that I'm just going to bang out Net+ while I'm in the mode

• GCGA practice exams and labs were WAY harder than the test, but they helped

• Don't trust dumps - Idly did one a while ago and there was def some WRONG answers on them!

• Taking the exam in my office via Pearson was a breeze (maybe a year or so of working from home made me used to it)

• Not sure if they did it on purpose, but lots of these questions sort of "self answered" themselves - by that I mean that they seem to put two answers in there that were so wrong it really helped me narrow down the correct answer

• Difficulty from the old 301 from 2013 - I found the 601 overall an easier test to pass

• Don't let it lapse! I was working for the Army back in 2013 and this was a requirement for where I sat - I started working in the secular world and figured nobody would care - fast forward to the year 2021 and I'm working for the DoD again so I had to get it back! Don't ever let it lapse! What a pain!!!

• Why did I go for the 601? I dunno.

Hey everyone,

I just had to share some awesome news—I crushed my CompTIA Security+ (SY0-601) exam last Saturday passed with a 760, May 11th! It's been a wild ride, but totally worth it.

I put in about 4 weeks of solid study time. First up, I spent three weeks diving deep into materials from Professor Messer and Jason Dion. Let me tell you, those guys know their stuff! Professor Messer's practice exams were especially clutch—they're like a sneak peek into the actual test.

In the final stretch before the exam, I drilled myself with Professor Messer's practice questions. Seriously, those were a game-changer for boosting my confidence.

A bit about me: I work in a tech support center, so I had a bit of a head start. But nailing the Security+ certification? That's a whole new level of awesome.

To anyone thinking about tackling the Security+ exam, my advice is simple: go for it! With some dedication and the right resources (ahem, Professor Messer), you've got this.

Next up for me? Diving even deeper into cybersecurity. I've got my sights set on landing a gig in security, and I'm already eyeing up some SIEMs like Splunk and Microsoft Sentinel to level up my skills.

Big thanks to this community for all the support and good vibes. If I can do it, so can you!

Wishing all you certification warriors the best of luck on your own journeys!

Cheers! 🚀✨

Hello there,

I want to start preparing for the Security+ exam. I wanted to start in September but I saw that the content of the exam is going to change on November 12th and if I take it before this date the certification will expire in 2021 instead of being valid for 3 years.

The problem I ecountered is that I can't find any books or learning papers for SY0-601, only for 501. I found a book on Amazon but it's avalaible only for pre purchasing and will be delivered in January or February. I want to start asap. Should I start studying from the 501 materials and give the exam a try?

Thanks in advance and have a great day!

About a week ago, I created a post about the announcement of the SY0-601 Security+ exam release date (November 2020) and the retirement date for the SY0-501 (July 2021). Here's a link to that information:

https://www.reddit.com/r/CompTIA/comments/hkkxul/sy0601_security_exam_release_date_and_sy0501/

In that post, I said that you should never wait to get certified. I've said this for years, and nothing about that advice has changed.

In that previous post, I also said that we didn't have the new exam objectives to compare but I expected the changes to be minor. As it turns out, that predication wasn't quite as accurate as I would have hoped.

A day or so after I created that earlier post, the SY0-601 exam objectives were made available for download on the CompTIA website. You can download them for yourself here:

https://www.comptia.org/certifications/security#examdetails

I've compared both the SY0-501 exam objectives to see what will be dropped, and I indexed the SY0-601 exam objectives to see what's new. The results are surprising from the perspective of both quantity and content.

The Numbers

The current SY0-501 Security+ exam covers approximately 778 total objectives. That's a lot. For comparison, the current Network+ covers about 500 topics, and the 220-1001 A+ and 220-1002 A+ exams have about 570 objectives each.

Step aside, SY0-501. In the upcoming SY0-601 Security+ exam, there are a whopping 1,037 topics, which is an increase of over 250 topics. You'll have to remember quite a bit more information if you plan on passing the SY0-601 exam.

This next bit is also important. If you've considered studying for the SY0-501 but you're going to take the SY0-601, you should know that 70% of the SY0-501 exam objectives are also covered in the SY0-601. However, because the SY0-601 is so much bigger, 52% of the SY0-601 is new content. That's right, over 500 objectives in the upcoming SY0-601 exam aren't covered in the SY0-501 objectives. There are more new topics on the SY0-601 than there are total topics on the Network+ exam! If you walk into the SY0-601 exam having only studied from SY0-501 training materials, you're going to have a bad time.

Enough of substance. Let's talk style.

The Topics

Although the topics and domains have moved around a bit, the basic structure and set of topics on the SY0-601 is very similar to the SY0-501. If you're familiar with the SY0-501, then the SY0-601 won't be much of a surprise. You'll still need to know about threats, risk, incident response, compliance, and all of the other SY0-501-like topics.

Much of the information that will be dropped from the SY0-501 consists of minor changes to existing sections. For example, an SY0-501 subsection with a list of 17 application attacks might see two of those dropped in the SY0-601 objectives.

However, some topics missing in the SY0-601 are significant. The SY0-501 covers specific cryptography algorithms in section 6.2, including AES, DES, RSA, MD5, and many, many others. Although encryption, key exchange, hashing, and other cryptographic concepts are covered in the SY0-601, that big list of algorithms is dropped in the SY0-601.

Instead of requiring you to memorize algorithms, the SY0-601 shifts the focus to more of a day-in-the-life of an IT security professional. Along with the previous SY0-501 topics such as recognizing threats, managing security policies, and planning for disaster, the SY0-601 includes topics on better recognizing when an attack is occurring, securing cloud-based resources, and using utilities to better manage your security posture. You may not have to know about AES and RSA, but you will have to know when to use theHarvester or run a Nessus scan and how to properly interpret the results.

My Take

Based on these exam objectives, it looks like the upcoming SY0-601 exam will have effectively the same difficulty level as the questions on the SY0-501 exam. There doesn't appear to be significant changes to the scope or expectations. We won't know this for sure until the exam is live, but there's nothing in the exam objectives that appears to be remarkably different.

However, studying for the SY0-601 will certainly be more of a challenge. There are hundreds of additional topics to remember as compared to the SY0-501, and those new topics are just as challenging as the old ones. Your study books will be bigger, the video courses will be longer, and you'll have much more to remember when you walk into the exam room.

My original recommendation stands, and perhaps now it's even better advice than a week ago. If you can take and pass your SY0-501 exam before the July 2021 retirement date, you should endeavor to do so.

If you just can't make the SY0-501 retirement date and you're going to take the SY0-601, you're still in pretty good shape. You'll have to cover and learn more topics, but the exam most likely won't be significantly more difficult than the SY0-501.

Good studies!

So, I know there are a million of these posts, but when I was gearing up to take the test, I took a lot of comfort in these posts, and read all of them. I figured I would pass that on.

- Score - 780 (fine by me)

- Taken in person at a tech school

- Study Materials - Professor Messer, Dion, Cert Master, YouTube

- Time studying - over 100 hours in 3 weeks

- Previous Experience - University Of Kansas CS Bootcamp (no IT experience)

To start off, here are some anecdotes that I would have taken comfort reading beforehand:

- The test is easier than ANY of the practice tests I took. The wording is concise, and most answers are pretty obvious. That said, there were quite a few things I felt like I hadn't seen before on the test. I can't be sure, but I think the 100 - 900 grading scale and having weighted questions makes this very passable. (I had 78 total questions)

- The PBQs were WAY easier than I thought they would be. Drag n drop definitions, fill in the blank etc... (I only got 3 PBQs)

- If the question wants more than 1 answer, the question tells you exactly how many it is looking for (i.e PICK TWO ANSWERS). This is unlike Cert Master where you don't know how many they are looking for and a huge reason why I think it is hard to score high on their practice exams.

- Like most, I can report that I thought I was failing while taking the test. There is obviously room for error built into however they grade it.

- Cert Master is not a great metric. Not the material, just the way they word their practice questions is overly confusing and unlike the actual test. My highest practice score was 69%

- Dion's tests really get in the weeds and there are a lot of things from his tests that I just didn't see represented on the actual test. Still 100% recommend; I learned a ton. My last two Dion practice tests, I scored 90%

- Messer is where it's at. His tests are almost identical to how the real test looks. His PBQ's are the closest to the real thing imo. I scored in the mid 80s on all three of his practice tests.

How I studied:

- KU CS Bootcamp - learned a lot of foundational knowledge, but honestly I would have failed the SEC+ if I relied only on this

- I downloaded the objectives from comptia

- I wrote down every objective, by hand, in a notebook.

- Made acronym flash cards (this felt like a waste of time tbh)

- I watched ALL of Messer's free videos, and took notes on the objectives by hand in that notebook

- I went through every module/domain in the Cert Master practice

- I spammed practice tests from Jason Dion, Professor Messer, and Cert Master (I think I took 15 practice tests, not including random little ones I found on the google play store)

- I did deep dives on questions I got wrong, and overviewed the questions I got right

- Mostly though, it was just TIME and persistence. I studied A LOT!

Test Prep:

- The day before the test, I cut off studying at 430pm, and just let my mind rest

- I ate a small dinner so my sleep wouldn't be messed with

- I slept 8 hours

- I left out everything I needed to get signed in at the test facility on the counter next to my keys (wallet, IDs)

- Got up early with plenty of time to get ready and leave without feeling rushed, or to mitigate an accident on the highway

- I showed up to the exam facility 30 minutes early and used that time to study my notes and load that information into my RAM

- Then I took the test, and when I finished I saw, "PASSED" and let out an audible "thank god".

What a huge relief.

Anyway, That's my experience. I did a lot of stressing about this test before hand, and that's just how I am so I guess I couldn't avoid that, but this test is VERY passable. If you are scoring pretty decent on your practice exams (80s - 90s), you will pass the SEC+.

Thank you to everyone who posts here. It has been a tremendous motivator for me.

Hi everyone! When I started my journey to get my security+ cert I was reading a lot of posts similar to this outlining what people's processes and resources were to pass their test, so I thought I'd chime in with my experience.

For my timeline I had 3 weeks to study. I didn't take the A+ or Net+ prior to getting this cert. The first week was watching the free YouTube course from u/professormesser where I watched 1 section each day and took notes while watching. When watching the videos I made sure to take plenty of breaks as there are quite a few videos for the first 3 sections. Once I did that I went to studying for 2 weeks for about 6-8 hours a day (again with plenty of breaks, about 10-15 mins ever hour or so). The way I did it was I purchased the Professor Messer practice test (which had 3 tests) and took all 3 without actually studying to see what I could score on it first try from memory. After I did that I'd mark which ones I didn't get right and I'd go back and review those those terms as needed. Also in the practice tests there are detailed explanations of why each answer is right or wrong and I made sure to read every one of the explanations as I went though the test. After the first attempt on each of the 3 practice tests and reading though all the right/wrong answers I went to actively study. I made a quizlet with all the acronyms I saw in the practice tests and didn't know as well as some of the important ports since I hadn't been exposed to that previously. I made sure to get all the acronyms down first since knowing the acronyms was crucial to understanding the terms. I then studied the port numbers and returned to go through the practice tests again with this new knowledge. Anything I missed I would mark and I'd make a quizlet with those terms and definitions such that I'd better know what they were.

Once I was missing fewer than 10 on the practice tests from Professor Messer I felt I needed more practice tests so I got the ones from Dion on Udemy for around $20 which came with 6 practice tests. While these were great and had lots of new questions, I felt they weren't as focused on the objectives or as representative of the actual test as the questions from Professor Messer and I was only getting around 70% on these when Dion recommended 90% to pass. Still, more variety and more preparation is never a bad thing. For the Performance based questions the videos from InformatikLab on YouTube were similar in style and layout but not identical to the actual questions. If you finish all those and are doing fine, there's also Vincent Humble on YouTube who does videos of practice tests and you can just watch those and try to do those shown in the videos.

Best of luck to all those taking their Security+ and feel free to leave any questions for me and I'll answer them as best as I can!

I've been a software engineer for about 4 years, recently made the switch over to cybersecurity so decided to pursue this certification to get me up to speed with the lay of the infosec land.

I only used Jason Dion's SY0-601 Udemy course and 6 practice exams. I watched the entire Udemy course, while following along with the study guide. Then I knocked out 2 practice exams per day scoring between 80-96% on each. I reviewed every question and why each answer was justified wrong or right. This took me about 2-3 weeks.

Also during the test, I completely skipped the PBQs until the very end.

There was a couple things on the new exam that I'm certain weren't covered in the Udemy course, but luckily I happened to know the terms from experience.

This was my first attempt, and I scored 800.

I passed this morning with an 800, and feel a whole lot of relief. Since I found other people's experiences so helpful while preparing, I thought I'd share my own.

Background:

I've been working in IT for almost 23 years, most of that time as a system administrator. I also have a Master's degree in Networking, Security, and System Administration, with a focus on security, which I finished about ten years ago. I thought an "entry level security certification" would be walk in the park, and studied for about a month. More on that later...

Study materials:

• CompTIA Security+ Sy0-691 Exam Cram, 6th Edition, rating 5/10 - I really can't recommend this book. It does cover the core information, but there often wasn't enough information for me to thoroughly understand topics I didn't know much about, and I ended up spending a fair amount of time googling to get a better understanding.

• Professor Messer's CompTIA Security+ Sy0-601 Training Course, rating 10/10 - I wish I'd found this sooner. I avoided it initially because I have a hard time with video learning (I zone out quickly), but these videos are short enough I could stick with them, and I often found his explanations and examples were what I needed to understand and remember. I didn't get to finish all the videos (I think there were maybe 10 I didn't get to), but everything I watched was fantastic

• Jason Dion's SY0-601 Practice tests on Udemy, rating 9/10 - These were pretty key in helping me prepare. I think there are areas where these go into more depth than the actual exam, but in the long run that was helpful - it forced me to really understand concepts in depth, which was very helpful in making decisions on the exam. I think if you're scoring mid-80s on these, you're probably doing fairly well.

• Mike Meyer's SY0-601 Practice tests on Udemy, rating 8/10 - These were a little easier than Dion's, but I'm glad I had the contrast. The questions were a little different, and there were concepts addressed in Meyer's that weren't in Dion's. I'd say you'd want to be scoring in the 90's on these.

• PocketPrep's Security Sy0-601 Exam Prep, rating 7/10 - I really wanted something mobile and more quiz-like, and this fit the bill. It has a pretty large question bank (650 questions), and like Dion's, the questions are more detailed than the actual exam. I'd probably rate it higher, but there wasn't always as much information as I would have liked about the answers, and I occasionally found an answer that wasn't quite right (LDAP isn't a Microsoft application, for example). Overall, though, it was helpful for review when I was away from a computer, and I'm glad to have had it.

• Cram.com for flash cards, rating 9/10 - I used this site for building flash card decks for the AWS SAA exam, and I found it very helpful for this exam, too. I didn't trust any of the decks that were out there, but building my own helped me review, and I liked being able update/modify them. The "jewel" game is a silly but fun way to start to remember concepts, and cram mode was great for helping someone who isn't great at remembering details really dig in and get information stuck in my head.

Exam:

Obviously can't go into too much detail, but make sure you understand the various attacks and how to mitigate them, know your port numbers, detailed information about certificates, and the processes by which businesses understand risk. I found there were MANY questions that felt like they had more than one reasonable answer, and choosing the best was tricky. Read for context clues, but also don't overthink too much, and remember best practices.

Other thoughts:

This was a humbling experience for me. I thought that with my experience and with the foundational information I learned while getting my masters', this wouldn't be too hard. However....there was a LOT I didn't know. Things like attacks and cryptography weren't too different from when I went to school; experience and working on my AWS cert helped a fair bit with implementation, but threat frameworks like Mitre ATT&CK didn't even exist when I was working my degree, and the strong emphasis on understanding the business side of risk management (as opposed to the technical side) was something of a challenge for me.

The exam itself was far harder than I expect. I was certain I was failing for most of it. I'd done most of the practice exams in ~30 minutes, but I used almost every bit of the 90 minutes for the exam. I was very glad I knew in advance about the survey at the end, but it was kind of cruel imo. I felt so much relief when I saw I'd passed! I'm glad to have this one done.

Hello, everyone!

I just passed Comptia Security + SY0-601 (791/900) with high help from this community and I want to give something back. I know that will soon retire but maybe someone will find it useful.

It took me 1 and a half month to get prepared for the exam.

What did I use to pass?

I get hand written notes from the following:

1. Exam cram by Marty M. Weiss - it was my main resource but I found it pretty comprehensive, it took the most time to complete. It goes deeply into the exam objectives (sometimes too much), but still reliable

2. Professor Messer - CompTIA Security+ SY0-601 Training Course on Youtube. It was really good, all the exam objectives were covered and explained.

I started with the Exam cram but I realized that it takes a lot of time to get all the notes (I was pressed by the time so my voucher won't expire) and it's difficult to follow the objectives because it has it's own way of presenting things, and I went for professor Messer. For me, the content provided was just right ,so I highly recommend it.

I suggest to get a copy of the exam objectives and as you go through your source of information to tick every objective to be sure that you understood each concept.

After you have prepared your notes, assumingly you understand them, try to go again through exam objectives and focus on what you don't know or miss.

After that, it comes the cramming part. What I recommend:

1. Definitely the Professor Messer Crams for overall exam simulation. There are really similar to the real one. You get the question, why the answer is right and why all others are wrong.

2. Professor Messer Study groups on Youtube. Good for more exam like questions.

3. PBQ solving by CyberKraft. Again similar to the real exam, try to solve them before he answers and listen the explanation at the end of the video to get why you are right/wrong.

Don't get too much into cramming because you will get used to the questions and you will probably memorize them. Try it once, see what you did wrong, mark the chapters and revise. At the second time you should get better.

Another sources of information that really helped me are actually post from this sub. Thank you for your content and time. Here are the links:

https://www.reddit.com/r/CompTIA/comments/zkjs1d/how_a_dumdum_like_me_passed_sec/

https://www.reddit.com/r/CompTIA/comments/1awqx90/memorization_and_a_strong_understanding_for_sec/

If you want some helpful notes I also recommend the following:

https://comptia-security-notes.com/

https://nnovru.medium.com/comptia-sy0-601-security-study-notes-5-0-4-5-5-governance-risk-and-compliance-34a4a52a346d - Here is just the 5th chapter, if you go back you will find all the others.

This is what I did for the last few days before exam, I went to through exam objectives following the notes to be sure that I did not missed anything.

About the exam, it's similar to what I recommended above. If you know all the objectives, you should be fine.

I got 74 question with 4 PBQs ( identify attack and prevention method, set firewall rules, some PC and firewall logs - identify the origin/infected/clean, data classification and disposal).

I did not get any question regarding the port numbers.

As everyone already suggested, skip PBQs get directly to MCQ. Don't overthink, pay attention to time management and review all flagged questions.

It was a difficult experience but with the help of this community I managed to get it.

Thank you and good luck for anyone who is preparing for this exam!

Edit/addendum: I forgot to mention flashcards - I used the Brainscape app/website to make flashcards on concepts that I just could not get to casually stick. There are a lot of things here that will take brute force memorization.

Also, I did not use any Sec+ specific videos due to my previous info-sec studies helping out so much. However I've heard really good things about the Jason Dion videos. If his videos are as good as his practice exams - then they'll be gold as a starting point.
_____________________________________________________________________________________________________________

Hey all!

I'm excited to share that I passed the SY0-601 Security+ exam this morning with a 789 out of 900. I believe this equates to roughly 88% - but nobody truly knows how CompTIA scoring works on this exam.

I found this subreddit invaluable to determining which study materials to use, so I thought I would share my materials and rank based off of what I found most useful.

PRACTICE EXAMS:

Here are the practice Exams I took. I’ve ranked these in order of usefulness to passing the real exam.

To me, Usefulness = accuracy + following the official study guide material very closely + responsiveness of test writer to any questions I had.

1. Passemall Security+ Practice Exams. 10/10. Conclusion: Excellent resource. USE THIS.

Biggest pro to using this source: large bank of test questions, accuracy of questions/answers.

I didn’t ever ask them clarifying questions, so I can’t evaluate test writer responsiveness.

Details:I took the first 4 exams. I only ‘passed’ the first one, with 83%. Tests 2, 3, and 4 I was getting high 70s, low 80s.

These were the best exams. https://passemall.com/free-comptia-security-practice-test. They were the hardest practice exams and most closely followed the source material. I’d say they’re 5-10% HARDER than the real exam, and 5-10% harder than the Dion practice exams.

They offer 8 practice exams of 90 questions each. You need to achieve 83% to pass (same as the real thing).

They also offer a ‘learning’ mode which lets you drill down into each topic you feel you need to, in blocks of 8 questions at at time. These tests are harder than Dion Udemy practice tests, and super closely follow the Official CompTIA Security+ Study guide.

2. Jason Dion Udemy SY0-601 practice test. 10/10 Conclusion: Excellent resource. USE THIS. I only ranked this as number 2 because Passemall has a larger test bank and is a bit harder.

Strongest Pro to using this: Accuracy, size of test bank, test writer responsiveness to questions I had.

Details:I’m not sure what to say about the Dion exams that hasn’t already been said 100 times on this subreddit. You need to get 90% on each test to ensure that you'll probably pass the real thing. I think Dion only says 90% because chances are you'll accidentally memorize a few questions rather than truely knowing the material. These tests are super close to the difficulty of the ‘real’ exam. It might be a 1% or 2% difference in difficulty one way or the other from the real thing, but I couldn’t really tell.

The Dion Practice Exams super closely follow the official book material, and are super accurate. There were a few questions that I thought “gotcha! That’s not the correct answer.” When I asked a question, I would only later find out they were correct, and I was thinking about the problem in a wrong way.

3. Total Seminars CompTIA Security+ Cert (Sy0-601) practice tests. 3/10. Mediocre resource at best. My recommendation: Don't use this.

Pros: Not really anyLargest Cons: Smaller test bank then the other two resources I used (4 exams). Content that goes really far off-book/doesn’t follow the official study plan. Inaccurate questions/answers, and poor test writer responsiveness.

I hate to slag off on an otherwise reputable company, but these practice tests were bad. I get the distinct feeling that they attempted to write these exams for the 601, before the official exam objectives were revised last summer. I was finding far too many questions that simply didn’t apply to the curriculum. Then I’d waste a TON of time double, triple, and quadruple checking that the concept/question item wasn’t in the official study guide.

Books:

Quick tips - if you have a multi-monitor computer set up, I recommend going the e-book route. This way you can easily ctrl+f to search any terms you need to, in order to quickly find them. Trust me, this will save you so much time. Even if you don’t have multiple monitors, this advice probably stands.

Also, it’s good to have more than one reputable book as source material. Different books generally explain things differently. I often found myself scratching my head when reading from one book – but the same item was more clearly explained in another book.

1. The Official CompTIA Security+ Student Guide (ebook). 10/10 USE THIS.

I accidentally bought the student guide instead of the study guide. The only difference is that the student guide is tailored for in-classroom studies. All of the information is in both books though, so if you accidently make the same mistake I did – don’t stress 😊

This is the OG book. It has everything in there that you need to pass.

2. CompTIA Security+ SY0-601 Exam Cram, 6th edition (ebook) 9/10 USE THIS

This book comes with additional practice tests if you need them, although I didn’t use them. This contains probably 95% of the information you need. I found the information was typically more easily digestible here than in the Official study guide.

I want to wrap up that I didn’t get into studying ro the Sec+ in the normal way. I was (and shortly will resume) studying for the ISC2 CISSP exam. The source material has a lot of overlap with the Security+ (there’s a lot MORE to cover in the CISSP, however, probably 90% of the Sec+ material is also in the CISSP.). I found myself getting discouraged with the CISSP studies, so on a whim took a Sec+ practice exam and got score in the 730s. Since I was so close to passing without having studied for the Sec+, I decided to pivot to the Sec+ and crammed for a couple weeks to pass.

This is definitely not the standard way of reaching a Sec+ I realize. Since I was so close to passing already, I didn’t bother with reading any Sec+ books start to finish. Instead, I focused on practice exams to identify and drill into my weak points, then used the books as reference material.

On the note of the CISSP - there's so much overlap between the Sec+ and CISSP, I think it is a REALY GOOD IDEA to go for the CISSP after the Sec+. The CISSP is a magnitude of difficulty harder, but if you ever think you might want to take this exam in the future - then do yourself a favor and go for it after passing the Sec+. You don't want all that valuable Sec+ information leaking out of your brain before you start on the CISSP :)

If you’ve read the whole post, thank you!

Also, good luck to anyone going for the Sec+!!

Hi All,

I just wondering what people thought were the best books and resources for Security + SY0-601? I was thinking of looking at Professor Messer’s resources and getting Jason Dion’s course. I also was thinking about getting Darril Gibson’s book but wasn’t sure as I haven’t heard much about the 601 one.

Any revision recommendations will be appreciated! :)

I'm a long-time lurker in this sub. Finally, I decided to schedule the exam and start studying seriously. The resources in this sub helped a lot to schedule my plan. I scored a 796/900.

Prep work - 3 Weeks.

1. I started with the "Get Certified Get Ahead - SY0-601 study guide" by Darill Gibson. I got the kindle version. I would say that the explanation is pretty straightforward and fairly simple and I would definitely recommend that book as a foundation for the exam's preparation.

2. Professor Messer's complete training playlist for the SY0-601 on Youtube. I purchased his study notes as well and it really helped me revise for the exam. While seeing the videos, I noticed that some of the information was not covered in Darill Gibson's book. These two resources should cover the complete objectives of the SY0-601.

3. Jason Dion's practice tests at Udemy. I had purchased both the full course and the practice tests. But I felt there was nothing more I could learn and retain. The practice tests were perfect for the MCQs and the explanation was on point. I got 80% + for all the 6 practice tests and that increased my confidence. For each exam, I had around 30 mins leftover, but for some reason in the actual exam, I literally had 17 seconds left.

One final tip: I could not find any online resource to simulate or give me a good idea of the Performance-based questions. They are the ones that caught me off guard. Flag the PBQs at the beginning of the test and move on. I got back to them when I had 15 minutes left on the clock.

Additional resources that I read on the day before the exam.

1. List of all the Acronyms for the Security+ - SY0-601.https://getcertified.ecpi.edu/wp-content/uploads/2021/06/CompTIA-SecurityPlus601-Acronyms.pdf

2. "Get Certified Get Ahead - SY0-601 study guide" - Appendix.https://greatadministrator.com/sy0-601-extras/
   It contains labs, some practice test questions in addition to the ones at the end of every lesson, and the appendixes. In the appendixes, I recommend reading the list of ports numbers frequently as it would help with the Performance-based questions.

Hi guys and girls,

So the resources I used

• Jason Dion 601 Udemy course

• Darril Gibson's book.

• Jason Dion practice exams

• Messer's practice exams

• Security+ phone app

I also did a lot of flash cards, quizlet official sec+ flash card bundle, and Learn you PORTS.

I'm so relieved.

If anyone wants a copy of the quick study guide I'll be happy to share it to you. See below my google drive link.

Took me about 1 month 4-6 hours a day, in the last 2 weeks before the exam even more hours per day.

No IT background.

They said on my exam they were going ask me two questions that wasn't covered by the material, they also said those questions aren't graded. They also said 2 other questions would be ungraded (but give you ZERO clue which 2 questions are)

Seriously SKIP THE PBQs at the start.

My method was

• Skip PBQs (I didn't even read them)

• Read every question VERY CAREFULLY

• Flag any question I'm unsure of

• Once I get through go review PBQs

• Review any flagged questions

• If I don't know the answer, eliminate what I think are the wrong answers, and guess.

• After review review as many questions as I can

If I can do it, anyone can.

Best of luck to everyone.

Hi,
I am thinking to prepare myself to security+ 601

Could you advice how to prepare to easily pass the exam? I have basic IT knowledge and security- field ( working in blue team)
I did my own research for materials so far I think Professor Messer - YouTube it cool but i am looking for apps, books, etc where i can learn a little bit quicker then watching videos.

My aim its no fill the gap of knowledge-> PRACTICE TESTS then read the things I don't know? I answer wrong.
What do you think about it? Please let me know how did you prepare it for exam? I would be very grateful. many thanks