Getting Started & Tips
The Gold Standard for Starting Your Career
Welcome to the Security+ preparation module. In the cybersecurity industry, certifications are the currency of credibility. From what I have seen in both my academic and industry career, you should consider the following:
- A degree alone will not make you job-ready.
- Certifications help you get the interview (and are often requirements in job postings)
- Your demonstration of hands-on skills and abilities (TryHackMe, Hack the Box, home labs, CTFs, etc) will help you land the job.
For many of you, this will be your first professional certification. Do not underestimate it. It is not a vocabulary test; it is a test of your ability to apply security concepts to real-world scenarios under pressure.
Note
The Security+ is a great place to start for security certs, as it is "wide in scope" (covering many topics) but not extremely deep.
Exam Details at a Glance
Before you start studying, you need to know the battlefield.
| Feature | Detail |
|---|---|
| Exam Code | SY0-701 |
| Number of Questions | Maximum of 90 |
| Type of Questions | Multiple Choice & Performance-Based Questions (PBQs) |
| Length of Test | 90 Minutes |
| Passing Score | 750 (on a scale of 100-900) |
Instructor Note: A score of 750 roughly translates to getting ~83% of the questions correct. There is very little room for error. You cannot "wing" this exam.
The Five Domains of SY0-701
The exam is broken down into five major categories. Notice that Security Operations is the largest chunkβthis aligns with the entry-level SOC Analyst roles many of you will be applying for.
| Domain | Title | Percentage | Focus Area |
|---|---|---|---|
| 1.0 | General Security Concepts | 12% | CIA Triad, Zero Trust, AAA, Gap Analysis, Cryptography |
| 2.0 | Threats, Vulnerabilities, & Mitigations | 22% | Threat Actors, Malware types, Vulnerabilities, Malicious activity |
| 3.0 | Security Architecture | 18% | Cloud models, Network segmentation, Device placement, Network tools, Data types and protection, Resiliency |
| 4.0 | Security Operations | 28% | Incident Response, Monitoring, Logging, Forensics, Vulnerability management |
| 5.0 | Security Program Management | 20% | Governance, Risk, Compliance (GRC), Ethics |
π Official Objectives
You should never study without the map. Download the full breakdown of every acronym and concept you are responsible for. Download Official CompTIA SY0-701 Exam Objectives (PDF)
Reminder
Our CFS136 Principles of Information Security class directly aligns with the most current Security+ SY0-701 exam
Strategy Guide: Tips for First-Timers
Taking a standardized vendor exam is a skill in itself.
1. The "PBQ Skip" Maneuver
The first 3-5 questions you see will be Performance-Based Questions (PBQs). These are drag-and-drop simulations or firewall configurations.
- The Trap: They are designed to be time-sinks. Students often panic, spend 20 minutes on them, and run out of time for the easy questions.
- The Strategy: Flag them and skip them immediately. Do all the multiple-choice questions first to build confidence and rhythm. Come back to the PBQs with your remaining time.
2. "The Best" vs. "The Correct"
CompTIA loves to give you questions where three answers are technically correct, but only one is the BEST answer for the specific scenario.
- Example: "You find a virus on a PC. What is the first thing you do?"
- Choices: A) Scan for viruses. B) Unplug the network cable. C) Re-image the machine.
- Analysis: All are good steps. But the FIRST step is containment (Unplugging). Read the question carefully.
3. Know Your Acronyms
The exam will not say "Virtual Private Network." It will say "VPN." It will not say "Time-based One-Time Password." It will say "TOTP." If you don't know the acronyms, you can't even read the question. Use the glossary in the Exam Objectives PDF as a checklist.
4. The "Process of Elimination"
Never just look for the right answer. Look for the answers you know are wrong.
- If you see a question about "Encryption" and two of the answers are hashing algorithms (MD5, SHA), cross them out immediately. Now you have a 50/50 chance instead of 25%.
Ready to Start?
Take the Practice Exams that I have generated in the left menu bar and good luck!
π Additional Outside Resources
While our course material covers everything you need, hearing the same concept explained by different voices is a powerful study strategy (I like to call it "learning-in-depth"). These are the two external resources I vouch for personally, alongside positive student feedback.
1. Professor Messer (Video Training)
If you are a visual learner or want to study during your commute, Professor Messer is the gold standard. His training course is entirely free on YouTube and covers every single exam objective in order.
- Best for: Reviewing specific topics you are struggling with or reinforcing concepts before a quiz. Pro-tip: Highly specific sub-domains in the Exam Objectives PDF and then locate the exact videos.
- Watch the Full SY0-701 Training Course (YouTube)
2. Jason Dion (Practice Exams)
Hosted on Udemy, Jason Dion's practice exams are famous for mimicking the "tricky" wording of the actual CompTIA exam. He focuses heavily on the logic behind the questions.
- Benchmark: If you are consistently scoring 85% or higher on his practice tests, you are likely ready for the real exam.
- Mentor Tip: Never pay full price on Udemy. Udemy has sales almost every week where courses drop to ~$12-$15. If it shows as $99, wait a few days or open the link in an Incognito window to check for new user pricing.
- Check out Jason Dion's Practice Exams (Udemy)
Frequently Asked Questions (FAQ)
π’ Should I take the exam Online (OnVUE) or In-Person?
My strong recommendation: Take it In-Person at a Pearson VUE testing center.
- In-Person: You show up, put your stuff in a locker, sit down, and take the test. If the internet goes out, that is the center's problem, not yours. You get a physical whiteboard and a marker.
- Online (OnVUE): You take it at home. You must have a perfectly clean desk, a webcam, and a microphone. If your internet blips for 1 second, your exam can be revoked. If someone walks into your room, your exam can be revoked. If you look away from the screen too long, the proctor will warn you. It adds unnecessary stress to an already stressful day.
β³ Does the Security+ certification expire?
Yes, it is valid for three years. However, you do not necessarily have to take the exam again. CompTIA uses a "Continuing Education" (CE) program. You can renew your cert by:
- Earning a higher-level certification (like CySA+ or PenTest+).
- Completing "CertMaster CE" (a self-paced training course).
- Submitting CEUs (Continuing Education Units) from webinars, conferences, or teaching classes.
π Does it matter if I hold an older version (e.g., SY0-601)?
No. Employers rarely look at the version number; they look for "CompTIA Security+ CE". As long as your certification is active and not expired, you are qualified. The version number just tells them which year you took the test.
π When do new versions get released?
CompTIA updates exams roughly every three years.
- SY0-601: Released Nov 2020 (Retired July 2024).
- SY0-701: Released Nov 2023 (Current).
- Note: There is usually a 6-month "overlap" period where both versions are available. Always study for the newest version available to ensure your knowledge is current.
Note
It is our top priority to always keep our CFS courses aligned with the latest and greatest exam objectives!
π When do I get my score?
Immediately. As soon as you click "End Exam" (and fill out a frustratingly long demographic survey), your score will appear on the screen. You will know before you leave the chair if you passed or failed. You need a 750 out of 900 to pass.
β What happens if I fail?
First, don't panic. It happens to the best of us.
- First Retake: You can register to take the exam again immediately (though I recommend waiting a week to study).
- Second Retake: You must wait at least 14 calendar days before trying a third time.
- Note: You do have to pay for every attempt unless you purchased a "retake voucher" bundle.
π Is the exam Open Book?
Absolutely not. You cannot use notes, phones, smartwatches, or websites. You must memorize your ports, protocols, and acronyms. At a testing center, you will be provided with a reusable erasable board for brainstorming/subnetting.
π What are "Stackable Certifications"?
CompTIA rewards you for collecting certifications.
- If you have A+ and Network+ and then pass Security+, you automatically earn the "CompTIA Secure Infrastructure Specialist" (CSIS) stackable certification. Itβs a nice bonus to put on your resume/LinkedIn to show depth of knowledge.