CompTIA Security+ (SY0-701) Exam: My Experience and Thoughts

Hey Everyone👋

So this post is nothing technical, I wanted an accounting medium to journal my experiences as part of a new personal goal. And I did read somewhere that you are all the more cognizant of an activity if you pen down experiences into words. I recently attempted the CompTIA Security+ certification. This being the latest and greatest SY0-701 version which replaces the SY0-601. The SY0-601 is set to expire in July 2024 so it made sense for me to take up the SY0-701, even though I did start my preparation with the SY0-601 initially. This is actually my very first CompTIA certification. Prior to this I have achieved the AWS Solution Architect ladder and also completed the Linux Foundations Certified Kubernetes Architect . You can find my odyssey of IT certifications here: Credly/badges 😊

Motivation

I came to hear about Security+ and essentially about CompTIA as well through hearsay. Although I haven't gotten the opportunity to directly involve with cybersecurity and threat analysis, I did however have frequent touch-bases with improving product security, fixing vulnerabilities, assigning least privilege, well architected frameworks and so on. More recently though I had the opportunity to contribute on a flagship threat intelligence software (OpenText cyDNA), which focused on far space threat detections based off of internet (IP Traffic) signals. The algorithm and correlations were particularly fascinating wherein it consumed adversary signals and heuristic patterns to decide on the vulnerability targeted towards a client. I had a challenging couple of weeks wrapping my head around various cybersecurity intricacies and processes. It was my inaugural deep dive into the field, but as time progressed and releases were underway I found the whole learning to be very intriguing and I was excited to learn more and get my hands dirty. This served as my primary motivation behind my pursing a security certification, and one honest take from the previous many certifications I have done was that it really did augment my understanding and built thorough confidence while undertaking any task on my plate.

Preparation

Udemy has been my go-to for everything certification prep related. They usually yield a plethora of creators and courses for a particular certification objective. For CompTIA Security+ I found Dion Training to be very competitive and highly rated among the available ones. So I sought to purchase it and I also bought practice exams to aid my preparations. (Note: When I first purchased the course, it was targeted to SY0-601, but it was later revamped in-place with the SY0-701 content, so I did not have to re-purchase it again.)

It comes with close to 30 hours of video content and also a objective wise study guide. My overall preparation for Security+ would have been spanned roughly one month. Effectively I spent close to two hours a day going through the video lectures and reviewing the pdf study guide on the side. Although I may not be speaking for everyone, I can say the course material is not overly complicated. It was an ocean of information yes!, a lot of topics to cover, but nothing too in-depth and this was also the expectation since I knew this was a foundational level cybersecurity course. Provided you have little background of general IT/software I am sure most would feel alike. But I did find several enriching gap-filling areas that helped strengthen my previous knowledge.

For instance, the different algorithms used in symmetric and asymmetric encryptions-their strengths, hashing and tokenization strategies, port security with 802.1x and EAP, various attack vectors and incident response procedures are to name a few. Surprisingly it also discussed physical security standards for example RFID, NFC and Access control vestibules, which I was a little peeved off by. But I guess it is understandable since Security+ is verified with an ISO/ANSI accreditation status and these are important to know. The exam also features PBQs (Performance Based Questions). These are essentially lab/practical questions unlike the the other MCQs. A PBQ could be anything from reviewing logs and identifying threats, configuring firewalls/VPN’s on an interface etc. While I could not necessarily prepare for them, I was confident I could perform them as best I could with the knowledge I had.

My Experience taking the Exam

Similar to my previous exams, CompTIA too partners with PearsonVUE to offer the online proctored exam, which is a relief. I have been told of the horrific waiting queues while attempting the offline version. Besides who does not like to give their exam at the comfort of their home? Come test day I was extremely easy-going and expected it to be a cake-walk, but to my surprise the questions were in fact tricky. Although they were worded very simple, I could often narrow down to more than one correct choice for a given scenario or threat attack description. This had me flakey and I flagged a bunch of them for later review. This did prove useful, because I did end correcting them on re-visits. I also had two PBQs in my test where one focused on a full tunnel VPN configuration, and another to identify infected endpoints in a compromised network. Fortunately I passed! I received a 790/900. And the score comes instantaneously upon submission which saved me from the dire stress of having to await if I passed or flunked bad (and to be honest I felt it could have gone either way 🤞).

Takeaway

Overall I am extremely satisfied with the outcome. The knowledge made, learning process and also of having achieved my first CompTIA and cybersecurity certification. I am confident that the knowledge gained will be useful for my upcoming tasks and will greatly enhance my contributions. I also could enumerate on a whole range of concepts and topics that I have learned during this certification journey, and I do hope to, but perhaps as individual articles on Hashnode 😎.

Here are some (optional) tips if you do plan to give the exam

1. You can use Dion Training vouchers (provided you don’t have a better alternative). It gives you a 10% discount and also waives off the tax (which is around 40 dollars) on the actual exam.

2. I have heard that Professor Messer’s videos give an edge to attempting PBQ’s, it is however up to you to gauge, research and choose the preferred course.

3. The exam contains 74 questions of which 1-5 could be PBQs and they appear at the beginning. It could be challenging to attempt them right at the start so you may want to flag them for later once you are through with the MCQ’s.

4. If you do belong to a non-native English speaking country, consider opting for the additional 30min exam accommodation which tremendously helps.

Cheers!✌️