How I Passed the CompTIA Security+ Certification Exam
How I Passed the CompTIA Security+ Certification Exam
Certifications in my opinion are the structural support beams when it comes to building the foundation to our knowledge base within Information Technology. Certifications do not give the answers to troubleshoot a problem, nor will they make you an expert. Their purpose is to give you the foundational knowledge without having work experience to properly configure and troubleshoot the network and systems on the network. I do advocate for them, but that knowledge can be perishable, just like most skills that require consistent attention. There are certifications for most fields within technology, even fields outside of technology. Fields within technology include networking such as the Cisco CCNA, Systems Administrators, and the CompTIA A+ or Server+, Cybersecurity professionals and the famous CompTIA Security+ certification. These certifications provide resolute foundational knowledge for their respective fields, and I too advocate for them, even I have passed my own IT certification.
My first certification was the CompTIA Security+ 601 certification, and it has provided me the building blocks to my Cybersecurity career and my IT career in general. Within the workplace I have become for security focused, weary on possible weaknesses in a network or a system. For example: I had a colleague state that a Windows 7 machine (Microsoft does not supply any support as of January 14th, 2020) did not have any Anti-Virus on it and to leave it till we swapped it out a week later. My inner security professional started twitching, I was appalled that someone who’s been in IT for 8-10 years longer than I have would say such a thing. This machine was on a desk near employees that work a front desk and continuously do shift swaps. All it would have taken is one of those employees, bored, wanting to search the web on that machine which could possibly infect the whole client. I mentioned the possible ramifications and that colleague stated they would take the hit, but I was not satisfied. I decided to speak with the CTO of the company at the time and we agreed to just slap Malware-bytes on there since our deployment Anti-Virus, Sophos, is not compatible with end of support machines.
So yeah, not only is this event common sense, but we should also always ensure Anti-Virus is installed on machines, especially to “public” computers for employees; this event manifested from prioritizing my personal education to help get a start in my new career field by building that foundational knowledge. That foundational knowledge also helped me get my foot in the door at the age of 31 and allowed me to skip help desk work. Having the certification helped the resume process and attending interviews. It even helped during interviews when basic security questions were asked. Certifications help you in so many ways, and it’s important that we take these positive variables into account when considering these endeavors of passing an exam or choosing one.
Each exam has their own respectable difficulty level, the CompTIA Security+ 601 is no exception to that, especially being an introductory certification for Cybersecurity its quite the difficult one. This makes it important to respect the exam, if you respect the exam, it’ll respect you by allowing you to pass. CompTIA has a way of giving you questions with multiple right answers, but you must determine the best possible one. CompTIA also will do a play on words, so make sure you pay attention to detail, the smallest most innocuous term and it’ll throw you off. The worst part of any multiple-choice exam is second guessing yourself.
I did make sure that I took the time to get familiar with how the exam would go, multiple choice questions and the Performance Based Questions (PBQ’s) by taking Jason Dion’s practice exams on Udemy. I took an initial exam to understand the sentence structure and to see where I was having trouble. A nice feature of the Jason Dion exams it will show you which areas you need to work on by percentage. If you were lacking in the Attacks, Threats, and Vulnerabilities section, it will tell you how many questions you got correct or incorrect. This helps when you need to know what objective you need to put more time into.
From the initial exam to the study material, I leaned on Professor Messer, A book, and notebook; oh and make sure to add a pen or pencil, whatever you like. Now, I love self-help books or any type of book that improves personal skills, such as learning. I wanted a book that would increase my ability to learn more efficiently and to retain information. I found a book called Limitless by Jim Kwik. While I read this book, I took the techniques I was learning to aide in my study for the exam. One skill to practice that aides in information retention would be Promodoro. Promodor is a way of breaking up your study time into smaller blocks. In essence you would study for 60-90 minutes and taking purposeful breaks for 5-10 minutes. Breaking up your study time helps battle learning fatigue/fog that just inhibits our ability to retain new information.
Another method I learned from Jim’s book would be while you’re studying or watching videos, such as Professor Messor. This is where you need your notebook, you take a blank sheet, draw a T to break up the page. One side will be a phrase or different topics throughout the video. On the right side, is for after the video is over. This is where you write down what you remember from that phrase or topic in the video. Don’t worry, you’ll have to watch the video a couple of times, but if you only remember so little after watching the video once, that means you won’t remember it comes time for the exam. This technique helped me greatly and I still use it and I highly recommend using it.
When it comes to the different encryption types of symmetric and asymmetric encryption, there’s a way to remember those differences. Such as RSA or Rivest-Shamir-Adleman, the three pioneers that created the RSA encryption standard, which is used in TLS/SSL protocol. RSA is an asymmetric encryption standard that requires a public key and private key to encrypt communication between two clients. See the trick here is to know that RSA ends in an A and that Asymmetric starts with an A. This also goes for Symmetric encryption where you have DES, 3DES, and AES that all end in an S. This indicates that they use Symmetric encryption or a shared secret key to provide confidentiality for communication of data.
At this point, over the course of a few weeks of studying, each week I would take an exam (Jason Dion gives you 6 practice ones). After each exam I would go through the objectives I did poorly in and review those objectives. I would also take the time to investigate every question I got wrong and to understand why I got that question wrong. This included outlining the question and googling the different topics and options available. Doing so not only helps you understand the right answer for that question, but it also helps you understand the other options that could lead to getting other questions correct.
After a month and a half of dedicated studying, 8-10 hours per week (I was also in school for Cybersecurity while working full time) I was able to pass the exam first try. It was tough, I skipped the PBQs in the beginning and marked a few questions for review. I made sure to read every question carefully, looking for words that could stumble my thought process or trick me. Some of the questions were relatively similar to the Jason Dion practice exams as well. With only roughly 10-14 minutes left, I submitted my exam and went through the prompt to see if I passed. After seeing the page and seeing that I passed, I felt so proud of myself taking the time and energy that I did to ensure my success in passing the exam. I hope everyone who took the time to read this post is able to imply some of the information they read here today to aide on their journey.