Steps to Success: How to Ace the Security+ Test
While everyone’s path to passing CompTIA’s Security+ test is unique, the following is a series of steps that will position you for the greatest chance of success. Before you dive in, make sure to check out part one, a top-level overview introduction to the CompTIA Security+ certification.
Step 1: Survey and Learn About the Topics Covered on the Test
Before you can ace a test, you have to become familiar with what’s on it. Approximately half the test will address:
- Security threats
- Attacks
- Vulnerabilities
- Technologies
- Crypto-malware
- Stego-malware
- Ransomware
- RATs
- APTs
- Zero-days
- Malware-as-a-Service
You would be wise to assume that mastery of these topics would be a good place to start.
Step 2: Create a Study Plan
Disciplined preparation requires a written study plan. With a study plan, you can realistically and reasonably cordon off chunks of time to dedicate to preparing for the test so as not to interfere with work or family time. The study plan should include:
- Baseline assessment of your current knowledge and expertise
- Key milestones in terms of topic mastery
- Practice score threshold goals
- Financial resources available to support your preparation
- Identification of the preparation and training methods that best suit your learning style
- Actual test date or dates
This Study Plan should be designed with an honest assessment of your own mastery of topics as outlined in Step 1 above.
Step 3: Become Familiar with the Structure of the Test
CompTIA’s site provides a slew of helpful information regarding the Security+ exam. In addition to offering links to training providers, test resources, exam topics, practice questions and study materials, the site also goes into detail with respect to the types of questions posed, time management, and prerequisites. The more you know what to expect, the less surprised you will be on the day of the actual test.
Step 4: Take a Few Practice Tests
For many, test-taking last reared its ugly head with college entrance exams, either SATs or ACTs. If this is the case for you, or if you still harbor nightmares from that experience, it’s wise to get back in the practice of simulating real-life test-taking environments, to eliminate surprises and minimize anxiety. Importantly, taking practice tests repeatedly will help reinforce muscle/brain memory with respect to the amount of time you have to answer each question, allowing you the chance to get in a groove and proceed with accuracy and haste. It’s advised that you take practice exams covering a single domain in clumps so you can demonstrate mastery. This helps to build confidence, easily paving the way to the next domain. After you have mastered each domain, then it’s appropriate to practice full tests so you can piece together all in one unit. You can try CompTIA’s practice questions to prepare. Regardless of your level of expertise, keep your early expectations in check. It’s not uncommon for many to struggle in the early stages of preparation only to rally near the end. Again, discipline and practice are essential.
Step 5: Leverage Free Test Prep Resources
Sometimes, there is such a thing as a free lunch. In those cases, you would be wise to eat it. Free test prep resources abound on the web, from CompTIA’s Security+ exam objectives to its previously referenced practice questions. In addition, check out the outstanding resources from ITProTV, including the fundamentals overview.
Step 6: Take an Exam Prep Course
Self-study works for many, but not all. If you’re the type who excels by a more hands-on approach, consider enrolling in a certification preparation course that affords you the chance to work with an experienced instructor familiar with the exam, its content, and tricks of the trade.
Step 7: Join an Online Community
They say misery loves company, so consider joining with others facing the dreaded exam and dealing with the same anxieties as you. There are a variety of Security+ forums, wikis, and personal websites that allow both test takers and experts to collaborate. Take advantage of these and soak them all up, as there is a reservoir of knowledge and experience seeping through the forums’ pores. Ironically, the forums can serve as a confidence boost as well, especially if you learn from the mistakes of those who took the test before you. Knowing what pitfalls to avoid helps the brain prepare.
Step 8: Master What’s New
While you should not ignore basic security topics, you can expect that a significant majority of the question on the exam will address the latest and greatest in terms of security topics. Some topics to address include:
- Elliptic Curve Diffie-Hellman Ephemeral (ECDHE)
- Crypto service provider and Crypto modules
- Hardware Security Modules (HSM)
- Continuity of operations planning (COOP)
- Forensic strategic intelligence/counterintelligence gathering
- Privacy impact and threshold assessment
- Driver manipulation – shimming and refactoring
- Everything on the “deploy mobile devices securely” objectives list
- Configuration compliance scanners
- These utilities: ping, netstat, tracert, nslookup/dig, arp, ipconfig/ip/ifconfig, tcpdump, nmap, and netcat
- Data Loss Prevention (DLP)
- Internet of Things (IoT) and SCADA
Step 9: Rest and Relax
Your parents probably told you before tests in high school to get some rest and eat a healthy breakfast. Nothing has changed. Do the same in preparation for this test. Get rest, do a last minute review of topics in the morning, and arrive early to avoid any stress from traffic jams or car troubles. It might sound like common sense — it is — but often the little disruptions can cascade into large problems if you don’t prepare in advance.
Summary
Armed with a disciplined plan, a defined preparation timetable and a willingness to learn, absorb, and master new topics, you can put yourself in an ideal position to pass the CompTIA Security+ test with flying colors.