CERT - Security+ | Security Portfolio

CompTIA Security+

Security+

Exam Code: SY0-601

Number of Questions: 90 questions (77-90 questions with about 2-4 Performance-Based Questions, or PBQs)

Passing Score: 750/900

Exam Format: Multiple-choice and performance-based questions

Time: 90 minutes

Domains Covered:

Attacks, Threats, and Vulnerabilities – 24%
Architecture and Design – 21%
Implementation – 25%
Operations and Incident Response – 16%
Governance, Risk, and Compliance – 14%

The Security+ exam is meant to validate your foundational knowledge of cybersecurity concepts, but don't let “foundational” fool you – this is a serious, technical exam. Whether you've been working in IT for a while or are newer to cybersecurity, dive in with the right mindset and approach, and you’ll be well-prepared!

Exam Overview

1. Study Resources

Professor Messer’s Free YouTube Playlist
- Messer's YouTube videos are top-notch, offering detailed explanations in bite-sized segments. Focus on his study group videos for deeper dives into specific concepts, and drill down on the practice exams to check your understanding.

Jason Dion’s Practice Exams (Udemy)
- Dion’s practice exams are famously tough – but this is intentional to better prepare you. Treat these tests as your foundation; note your weaknesses, and dig deeper into those areas. Aim for a consistent score of at least 80% before you consider yourself test-ready.

Andrew Ramdayal’s Udemy Course
- Ramdayal’s simulations and performance-based questions (PBQs) on Udemy are a solid way to get hands-on practice. His content feels closer to the actual test format, making it a popular choice for those tackling PBQs.

CompTIA CertMaster (for WGU Students)
- WGU students have access to CompTIA CertMaster, a structured approach that balances reading material with interactive quizzes and flashcards. It's a great way to check your understanding and find areas where you need additional review.

Quizlet for Terms & Acronyms
- For acronyms and key concepts, Quizlet is a lifesaver. Break down each concept you struggle with and create flashcards for regular review.

2. Practice Exam Strategy

After each practice test, write down every single question you missed. This will give you a specific list of concepts that need review. Then:

Look up the topics in Professor Messer’s videos or ChatGPT for further clarification.

Take note of common attack types, tools, and protocols.

Create Quizlet sets based on questions you missed and revisit them until you consistently get them right.

Focus on business continuity terms like RPO, RTO, MTTR, and MTBF – these are tested often, and knowing the details can give you an edge.

3. Topics to Prioritize

Based on recent feedback, focus on the following key topics:

Attack Types & Vulnerability Management: Understand attack methods like phishing, spear phishing, DoS, DDoS, and ransomware. You should know how to identify and mitigate these attacks, as well as incident response strategies.

Protocols, Ports & TCP/UDP Knowledge: Dion and Messer emphasize knowing common ports (like 80 for HTTP, 443 for HTTPS, 21 for FTP). But keep in mind, while these may not be as heavily tested as on Network+, understanding protocols still helps with troubleshooting questions.

Access Control Lists (ACLs) and Network Security: Be comfortable with implementing ACLs, knowing when to use them, and understanding how to secure networks using firewalls, VPNs, and network segmentation.

Symmetric vs Asymmetric Encryption: Know the differences, common algorithms (AES, RSA), and real-world applications. This is crucial for questions about cryptography and secure communications.

Business Continuity & Disaster Recovery: You’ll likely see questions on planning and recovery metrics, including RTO, RPO, and MTBF. Focus on high-level strategies like business impact analysis and disaster recovery planning.

4. Performance-based Questions

PBQs test your practical knowledge, so focus on these areas:

Practicing with PBQ simulations from Andrew Ramdayal or Informatik Lab’s Network+ playlist on YouTube.

Knowing how to read and interpret system logs, set up a guest network, or identify attack indicators.

Brushing up on Kali Linux tools like Nmap, Wireshark, and Netcat – not every exam will have these tools, but knowing what they do is valuable.

5. Acronym Drills

Security+ is a haven for acronyms. Make it a goal to review these daily until you can decipher them instantly:

CVE – Common Vulnerabilities and Exposures

IDS/IPS – Intrusion Detection System / Intrusion Prevention System

MTBF/MTTR – Mean Time Between Failures / Mean Time to Repair

RTO/RPO – Recovery Time Objective / Recovery Point Objective

6. Quick Tips for Exam Day

Stay Calm, Manage Your Time: With 90 minutes, budget around a minute per question. PBQs often take longer, so tackle them first if you’re comfortable with them, or save them for later if you need a confidence boost.

Eliminate Obvious Wrong Answers: Many questions have “distractor” options. Cut those out quickly to narrow down your choices.

Flag and Return: If a question is taking too long, flag it. You’ll find that returning to it later often makes the answer clearer.

Prep Strategy Overview

To maximize your study time and approach the exam confidently, here’s a breakdown of popular resources, tips, and how to make the most of each one.

Week 1-2: Foundations & Core Concepts

Videos: Watch all Professor Messer’s videos on SY0-601.

Reading: Go through CompTIA’s study guide or CertMaster course if available.

Quizlet: Create sets for every acronym and key term.

Week 3-4: Practice Questions & Targeted Review

Practice Tests: Start Jason Dion’s practice tests (take at least two per week).

Review Mistakes: Focus on concepts you missed in Messer’s videos or use ChatGPT for clarification.

PBQs: Work through a few PBQ examples each week to get comfortable with simulations.

Week 5: Advanced Review & Simulations

Lab Practice: Complete Andrew Ramdayal’s lab simulations.

Practice Exams: Take the final two Dion exams, aiming for 85% or higher.

Quizlet/Flashcards: Drill on acronyms and key concepts daily.

“Take Your Time” Study Plan

Here's a six-week study plan that balances a detailed review with flexibility:

Week 1: Core Concepts and Foundations

Focus on building a solid understanding of Security+ essentials and identifying areas where you need extra review.

Videos (Daily): Watch Professor Messer’s SY0-601 videos at 1.5x or 2x speed. Aim to cover around 20-25% of the videos per day. Focus on critical topics like:
- Attacks, Threats, and Vulnerabilities
- Cryptography Basics (Symmetric vs Asymmetric Encryption)
- Network Security Protocols & Ports

Reading (Daily): If available, work through the CompTIA Security+ study guide or CertMaster’s modules at a high level. Focus on reading the summaries and definitions, and take quick notes on topics you find challenging.

Flashcards/Quizlet (Nightly): Create flashcards for every acronym and port. Review them daily to build recall speed.

Week 2: Practice Exams and PBQs

Practice Exams (Every Other Day): Take a Jason Dion practice test every other day. After each exam:
- Review every missed question, write down notes on mistakes, and look up explanations on topics you missed.
- Supplement with Professor Messer’s videos or use ChatGPT to clarify any confusing areas.

PBQ Practice (Daily): Work through PBQ simulations with Andrew Ramdayal’s labs or other available simulations on Network+, Security+, and Kali Linux tools. Practice:
- Attack identification and remediation
- System log analysis
- ACLs, symmetric/asymmetric encryption setup, and guest network security

Concept Drills (Daily): Every night, review your weakest areas from the day’s practice exam. Focus on attack types, vulnerability management, and business continuity terms (like RPO, RTO, MTBF). Use flashcards or Quizlet to reinforce these terms.

Week 3: Intensive Review and Final Prep

Final Practice Tests (2-3): Take at least two more Jason Dion practice exams in Week 3, aiming for scores of 85% or higher. Use these as “dress rehearsals” for the real exam. Flag areas you’re still shaky on and focus on those concepts.

Daily PBQ Review: Practice at least one PBQ every day this week. Go through simulations on network security tools, access control lists, and malware identification. Familiarity with these will help you quickly tackle PBQs on exam day.

Acronym/Concept Drills (Nightly): Every night, do a 30-minute “drill” session on acronyms, encryption types, attack types, and security tools. Focus on any terms or concepts you still struggle with, using flashcards to reinforce them.
Day Before Exam: Light review only. Skim over notes, acronyms, and key concepts. Get a full night’s rest.

With this aggressive plan, you’ll reinforce core knowledge, hone your PBQ skills, and build the recall speed needed to tackle Security+ questions with confidence. Remember to stay hydrated, take regular breaks, and dive in with determination!

2-3 Week Aggressive CompTIA A+ Core 1 Study Plan

If you’re short on time, here’s a focused 2-3 week study plan.

Tackle PBQs First or Last: Choose whichever order helps you feel most comfortable.

Use Elimination: Narrow down options to increase odds.

Stay Confident: Trust your prep work. Read each question carefully and manage your time well.

With this detailed plan, you’ll have the knowledge and confidence needed to pass the CompTIA A+ Core 1. Happy studying and good luck!

Exam-Day Tips

The CompTIA Security+ can be an intimidating test, but with a strategic approach, you’ll be ready to tackle it. Remember, focus on attack types, encryption basics, business continuity, and network security fundamentals. Get comfortable with PBQs, stick to the exam objectives, and – most importantly – believe in your prep work! You’ve got this, future Security+ pro!