Like This Blog 2

Added by Steve Fullmer September 16, 2015

I finally had the time to study and pass the SYO-401 Security+ exam.

Everyone who takes our SEC155 Security+ Certification Skills course wants more information about test preparation.

My observation: You will need multiple resources and some focused study to pass this exam. Mere memorization of content is unlikely to assist you. Many of the questions are about applied understanding.

Gathering, assimilating and associating information leads to knowledge. The ability to draw forth the appropriate knowledge in the correct situation demonstrates understanding. The ability to select which understanding to apply, and the proper method to use the knowledge is application.

The CompTIA Security+ test is very much about applying the knowledge to both specific and varied scenarios.

Step one: Always go to CompTIA.org and navigate to the CompTIA Security+ certification page.  Select the “See what the exam covers” button on the right of the page (which CompTIA has kindly highlighted.)

Enter the requested information and download a copy of the current exam objectives. These are your key to proper test preparation regardless of the learning method or tools that you use. Before you take the test, you need to understand the association between and amongst the concepts. I recommend that students spend time going through entire Exam Objectives outline until they can recall or retrieve about 30 seconds of useful information for each bullet point. Repeat the process filling in knowledge gaps by reviewing personal course notes, courseware, or accessing the Internet and supplemental test support systems.

We use courseware from Logical Operations Choice, supplemented by other sources and several years (maybe combined decades) of educational and practical security experience.

Experience is a stated pre-requisite for this exam, and you need it!

Multiple questions asked for the application of generic knowledge from the Security+ objectives, though I was surprised at how many questions ask very specific questions about detailed application of the knowledge. We will undoubtedly be updating the delivery of our course yet again to prepare candidates to meet this exam element.

Although the test process and agreement precludes me from sharing specific questions, I am glad that I teach the A+ course, and have detailed, hands-on experience with several system elements. Some of the content required detailed knowledge about:

• RAID 0, RAID 1, RAID 5, and RAID 6 disk arrays.
• Command line tools for securing Cisco Router implementations.
• Detailed Firewall configuration. Know you protocols and ports, including TCP and UDP alternatives and uses.
• Although the objectives don’t suggest an understanding of custom subnetting, a clear understanding of segmentation and custom addressing schemes is extremely useful.
• Know more than the lengths of hash, symmetric, and asymmetric cipher methods; have a clear understanding of their application to specific solutions.
• Take a look at the output from various NIDS/NIPS, HIDS/HIPS, vulnerability scanners, protocol analyzers, and system log files so that you can quickly interpret what they suggest.
• Threat categories, types, and their application by a hacker were covered both broadly and deeply.
• Acquire a basic understanding of Microsoft Group Policy security alternatives.

Add each of the items above to the content listed in the Exam objectives

As I was purchasing my exam voucher, I was offered a discount opportunity to try out the Pearson/CompTIA CertMaster certificate preparation tool.  Mind you, I had less than a week before the planned date of my exam. I purchased a copy, and quickly ran through the 24+ hours of training in about 12 hours. Having completed the entire content, Pearson awarded me 10 hours of ongoing IT training credit (for Continuing Education) reporting. As such, the CertMaster tool is useful to anyone refreshing their security skill sets as it is to a certification candidate.

CompTIA CertMaster is a powerful training tool if you like repetitive reinforcement. What I found perhaps more useful was a better sense of the syntax or context of the exam questions. CertMaster is NOT a test or exam simulator, it is clearly intended as a study or material review aid. As a broad brush across the content, I found the tool useful. My primary objection with CertMaster is the lack of preparation for the Simulation and scenario questions.

My favorite tool for exam simulation is MeasureUP. MeasureUP recently changed their software engine and delivery mechanism. Previously, you purchased the entire tool and installed it for offline use on your system, with access to updates when you had an online/Internet connection. I don’t recall any expiration period. The new MeasureUP tool is web based, or at the least browser based. The tool is designed to run in Offline mode, such that once downloaded you may use the instance on your local drive when disconnected. There are several warnings and a 60 day expiration period. My recommendation would now be to acquire MeasureUp only when you are serious about committing yourself to several, multi-hour study sessions. Exceeding 320 questions in the study and timed modes, you will need to spend ten or more hours just for one pass through all the content.  Start with 30 to 60 minute sessions and increase your pace and recall until you can take a full 90 question exam in 90 minutes. MeasureUp does an admirable job presenting Simulation scenarios that closely resemble test questions in form and content.

Finally, the exam is promoted as offering 90 questions in 90 minutes.  This is the preparation environment employed by MeasureUP. The time frame is fixed, though the number of questions may be reduced depending on the number and scale of the Simulation questions you are provided. You need to be prepared and confident to handle the rigorous test pace.  The exam actually asks somewhere between 60 and 70 questions, replacing several multiple choice questions with detailed Simulations. Within the Simulations, the number of alternatives, thought processes, scratch pad work, detail and multiple answer inputs (even though typically offered as choices) causes the test to exceed 90 question elements. I found myself using half the allotted time for about six simulations, and racing through the remainder of the time to answer questions at apace slightly faster than one question a minute.

Know the material. Reinforce your understanding of its application. And continue to enhance your focus and pacing right through test day.

Good luck!

I look forward to seeing you in the classroom, or online!

Steven Fullmer
Interface Technical Training Staff Instructor

Steve teaches PMP: Project Management Fundamentals and Professional Certification, Windows 7, Windows 8.1 and CompTIA classes in Phoenix, Arizona.