It demonstrates the core knowledge required for working in the exciting and ever-changing field of cybersecurity. Security+ validates the understanding of key troubleshooting principles across a wide range of IT-related activities and confirms an understanding of industry best practices.
Additionally, Security+ is compliant with ISO 17024 standards and is approved by the US Department of Defense (DoD) to meet directive 8140/8570.01-M requirements, making it a must-have certificate for Defense IT professionals. With more than 20 Security+ certificate holders, AEM is able to confidently rise to DoD cybersecurity needs, making this certification both an asset to individual professionals and to teams.
About the Exam
Don’t be fooled by the “entry level” label; the Security+ exam is challenging and requires extensive time to properly prepare. If you think you can pass the exam by studying for a few hours, you’ll likely find yourself having to retake the exam and be out $339 (ouch)!
The exam is scored on a scale between 100 to 900 with a passing score of 750. It will contain no more than 90 questions. The exam will include a mix of multiple choice and performance-based questions where you will have to solve problems in a simulated environment.
Below is a breakdown of the six domain areas covered by the Security+ exam:
THREATS, ATTACKS & VULNERABILITIES
- Given a scenario, analyze indicators of compromise and determine the type of malware
- Compare and contrast types of attacks
- Explain threat actor types and attributes
- Explain penetration testing concepts
- Explain vulnerability scanning concepts
- Explain the impact associated with types of vulnerabilities
TECHNOLOGIES & TOOLS
- Install and configure network components, both hardware and software based, to support organizational security
- Given a scenario, use appropriate software tools to assess the security posture of an organization
- Given a scenario, troubleshoot common security issues
- Given a scenario, analyze and interpret output from security technologies
- Given a scenario, deploy mobile devices securely
- Given a scenario, implement secure protocols
ARCHITECTURE & DESIGN
- Explain use cases and purpose for frameworks, best practices and secure configuration guides
- Given a scenario, implement secure network architecture concepts
- Given a scenario, implement secure systems design
- Summarize secure application development and deployment concepts
- Summarize cloud and virtualization concepts
- Explain how resiliency and automation strategies reduce risk
- Explain the importance of physical security controls
IDENTITY & ACCESS MANAGEMENT
- Compare and contrast identity and access management concepts
- Given a scenario, install and configure identity and access services
- Given a scenario, implement identity and access management controls
- Given a scenario, differentiate common account management practices
RISK MANAGEMENT
- Explain the importance of policies, plans, and procedures to organizational security
- Summarize business impact analysis concepts
- Explain risk management processes and concepts
- Explain disaster recovery and continuity of operation concepts
- Compare and contrast various types of controls
CRYPTOGRAPHY & PKI
- Compare and contrast basic concepts of cryptography
- Explain cryptography algorithms and their basic characteristics
- Given a scenario, install and configure wireless security settings
- Given a scenario, implement public key infrastructure
Tips for Preparation
A number of resources are available online to help prepare for the exam. The CompTIA website offers a number of study guides which you can preview for free. If you decide to purchase CompTIA's preparation e-book, you can get a discount on it with their Basic bundle that includes your exam fee. These guides include information on key concepts such as network protocols and cryptography. A thorough understanding of these concepts greatly increases your chances of passing the exam the first time.
Flashcard Machine is another valuable tool to use when preparing for the exam. The Flashcard Library offered on the site provides definitions, protocols and ports, command prompts, and acronyms that must be known to pass the exam. I would recommend going through all study materials that comprehensively cover the exam at least twice before looking at any practice/mock tests.
Once you have a good foundation, it’s always a smart idea to measure your understanding of the material. Practice/mock tests are available online but use caution as some sites may not contain accurate answers. One reliable practice exam can be found on the CompTIA website which offers free practice tests for a number of their certification exams.
Exam Day
Once you feel you are ready, it is time to take the test. You will need to sign up on the CompTIA website and go to a testing center to take the exam. Upon arriving at the testing center, you are provided a writing board and pen. One strategy would be to memorize the ports/protocols, writing those down on the board the second you start the exam to help increase your odds of getting those questions correct. Another strategy would be to use the pen/board to note any question numbers where you are not comfortable with the answer. Once you have answered all the questions, you can go back and review the questions on the board to see if you can eliminate any answers or have a better idea which answer is correct.
The keys to successfully passing the exam are to develop a study plan following the tips outlined above, gathering/reviewing study materials, establish a reasonable timeline for completion (not too short or too long), develop a method to measure your progress, and above all, stick to the plan!
Good Luck!