Resources I used to pass Security+ SY0–701, and why you should use them too
Passing the Security+ exam only takes some time and an interest to learn. On January 10th, 2024, I passed the Security+ SY0–701 exam after about 3 weeks of practice,
and in this article, I will briefly list out the study guides and resources I used to successfully pass the certification on my first attempt. In a later section of the article, I will also go through some more detailed information of how to approach the test and what kinds of questions one might see.
Note: I first started learning the topics of the exam with a general background on security and some knowledge about Linux systems. Even if you have less knowledge than that, it’s fairly easy to acclimate yourself and learn quickly.
TOTAL: CompTIA Security+ Cert (SY0–701)
For getting an introduction to the material, I took the following course from Udemy which covered almost all the necessary materials needed to pass the exam at around $15 dollars. This course laid out all of the security fundamentals required for the exam, and would attempt to use practical examples to further the discussion into the real world. However, some of the requirements from the CompTIA Security+ Certification Exam Objectives were omitted, but it is a hard and long chain of boxes to all check, and I feel they did a fantastic job for a low price.
FREE Security+ PRACTICE TEST (1000+ Questions w/explanations — Exam: SY0–601)
This source, although primarily focused on 601, a previous version of the exam, covers many topics present in 701, the current exam version. Going through almost all 1000+ flashcards helped me understand definitions of various foreign terminology and how to apply them to a basic question. One example question is as follows:
I believe this question style eases you in to the scenario type questions that are very popular on the exam.
Coupled with all 1000+ questions are detailed explanations of the answer. Be warned that on a few occasions the answer might be wrong or a little off, but this was a stellar piece of free content that developed my learning.
Complete PBQ walkthroughs: Cyberkraft on YouTube
A main and highly weighted component on the Security+ exam are PBQs, or performance-based questions. There are few of them, but their weight is considerably more than plain old multiple choice responses. PBQs ask you to perform an assessment of a common or otherwise complicated situation, and pick between multiple different answer choices for many different slots.
Cyberkraft on YouTube has full-length Security+ PBQ walkthroughs which are stellar for understanding the material and as a walkthrough on how to approach the problems on the actual test. Here’s an example of one such video:
Just watch this guy, he’s super knowledgeable and has a great teaching style where he walks through each part of the solution step-by-step.
Gotta Know ‘Em All: Acronyms
Like catching all Pokémon's, it felt that I had to know all the acronyms listed under the exam objectives’ acronym list. There are a total of 322 acronyms that CompTIA expects test candidates to know. Here is a Quizlet of all the listed terms and their acronyms.
To be honest, most of these acronyms did not show up on the actual exam. But sometimes they showed up in places where they are clearly the wrong answer, but if it wasn’t studied, it might be a red herring. For a $400 exam attempt, I don’t want to forget some silly acronym that I’m expected to know, so might as well take a little extra time.
ExamCompass Practice Security+ Exams
This free online website contains dozens of Security+ practice exams with hundreds of questions. It should be used to practice definitions of different technologies such as details of wireless technology or encryption standards. Use these tests to identify your strengths and weaknesses. Really drills down into the nitty gritty of lots of different types of technologies and their definitions/standards that back them up. Relentless, but honest.
More Practice Tests? You Got It. CrucialExams
More concrete testing on various Security+ topics. More practice never hurts. You can also use incognito mode to circumnavigate a restricting one-time exam attempt. Has certain questions that mimic question style on the actual exam. Here’s one example:
During routine security checks you discover that a wireless access point is setup on the outside of your employer’s office building. The access point has the same SSID as the internal WiFi network but is unsecured to allow anyone access. What type of attack have you discovered?
- W-DNS Spoofing
- SSID reduplication attack
- Jamming
- Evil twin
This question archetype of a scenario-based situation is extremely common on the actual exam, so it’s good that you get used to it.
Forget Everything I’ve Said If You Don’t Do This
The main idea I want to convey here is to look over the exam objectives and identify any places you need more information or practice.
Look over each bullet point, and Google each acronym or concept you don’t know. Try to understand everything enough so that you could effectively retransmit the main idea back to someone else. Some things in this document don’t show up in any of the above resources, but it’s up to you to understand it.
For an example, take “Consequences of non-compliance” directly from section 5.4 of the exam objectives.
Unless I completely missed it, I did not find this information anywhere in the above sources and therefore was baffled to see a question on the exam regarding non-compliance impacts of a company mishandling PII or credit card information.
Finally, I will end this article by stressing on the importance of finding relevant practice questions that are similar to the exam. I bought a book off Amazon for around $30, and I didn’t include it here because it was utterly useless (should’ve read more reviews). I hear TotalSem, the company behind the Udemy course, has good practice questions, and they definitely do based on short snippets I got at the end of Udemy chapters. Be wise, fellow studier, and you will do awesome! Best of luck to you!
🎉 Thank you for reading this article on how to pass the Security+ exam.
If you would like to check out more blog posts, either navigate to my Medium page or check out Karthik’s Blog on Notion.
Furthermore I run a podcast 🎙️ on YouTube with my friend Sven titled “The Deep Plea” which contains audio formats of contemplations on addiction, Stoicism, problem solving, free will, and much more if you are interested.
Hello! My name is Karthik, and I intend to write blog posts about all sorts of stuff from Stoicism to cybersecurity to social diseases and various other contemplative pieces. I hope you enjoy my work! If you have a comment or suggestion, feel free to leave it on this article!