Passing the Security+ Certification

A guide to preparing for and passing CompTIA's Security+ certification in five weeks, complete with resources and study methods.

CompTIA’s Security+ Certification is a globally recognized, government-approved, industry-standard certification that validates the baseline skills needed to perform core security functions and pursue an IT security career.

The Security+ is compliant with ISO 17024 standards and approved by the U.S. Department of Defense (DoD) to meet Directive 8140/8570.01-M requirements.

Job titles that require the Security+ or equivalent certifications are Systems AdministratorSecurity AdministratorSecurity SpecialistSecurity EngineerNetwork AdministratorJunior IT Auditor/Penetration Tester, and Security Consultant. Organizations that require the Security+ or equivalent certifications are Northrop Grumman, Raytheon, SAIC, Apex Systems, and The United States Department of Defense.

According to The Bureau of Labor Statistics, the average annual wage for Information Security Analysts was $98,350 with 108,060 in employment with a projected increase in job outlook of 32% by 2028. As of writing, there are 623,067 Results for Security+ on LinkedIn in the United States alone.

About the Exam

The CompTIA Security+ SY0-501 exam was launched in October of 2017. The exam is a maximum of 90 questions comprised of multiple-choice and performance-based questions. The test is 90 minutes long and requires a passing score of 750 on a scale of 100-900 points.

There are six (6) domains covered in the Security+ exam:

  • Threats, Attacks, and Vulnerabilities (21%)
  • Technologies and Tools (22%)
  • Architecture and Design (15%)
  • Identity and Access Management (16%)
  • Risk Management (14%)
  • Cryptography and PKI (12%)

Free Materials

Video Training Courses

Online Testbanks

Performance-Based Question Simulators

Cheat Sheets

Paid Materials (Optional)


Video Training Courses

Study Guides

All-in-One Guides (Study & Practice Exam Guides)

Practice Exam Guides

Study Application

Study Methodology

Obtain the following materials:

  • One (1) Certification Study Materials: Exam Guide and Video Training Course (I used the Official CompTIA Security+ Certification Study Guide and Professor Messer’s Security+ Certification Course)
  • Two (2) or more Practice Exam Materials: Practice Exam Guide, Digital/Online Test Bank, and/or Study Application (I used PocketPrep as well as online test banks and performance question simulators)

Perform the following routine for each domain until all are mastered:

  1. Watch all videos in the relevant domain from your choice of video training course.
  2. Read the relevant domain in the certification exam material of your choice. Skip over the content you’re already comfortable with and focus on new material covered in the video training courses.
  3. Quiz in the relevant domain using your choice in practice exam materials until you average a score greater than 85%.

Keep track of the questions you have the most trouble with, go back and re-read/re-watch that particular section until you obtain a passing score.


  • Week 1: Read/watch materials on Domain 1 and take 30 question quizzes until you average a score greater than 85%.
  • Week 2: Read/watch materials on Domain 2 and take 30 question quizzes until you average a score greater than 85%.
  • Week 3: Read/watch materials on Domains 3, 4 and take 30 question quizzes (15 questions per domain) until you average a score greater than 85%.
  • Week 4: Read/watch materials on Domains 5, 6 and take 30 question quizzes (15 questions per domain) until you average a score greater than 85%.
  • Week 5: Take a 90 question (15 from each domain) mixed content test until you score greater than 85%

It is possible to over study! Be sure to get adequate rest to absorb the material you are learning. For example, I do my best when I study just before bed. However, everyone is different, you may need to break up study sessions throughout the day to prevent burnout. If you can manage, take 15 question quizzes throughout the day, this is really easy with PocketPrep.

Registering for the Exam

Plan to schedule the exam at least one (1) week in advance (I usually schedule my exams a month in advance). CompTIA Exam Vouchers are good for 12 months and finding a good timeframe to take the exam at the desired testing center can be difficult at the last minute.

  1. Purchase the Exam Voucher (339 USD). If the tester is currently enrolled in college, they can purchase a discounted exam voucher from the CompTIA Academic Store using the institutions provided email address for a discounted price (215 USD)
  2. Schedule the exam with Pearson Vue. Schedule the test far enough in advance to assure you have the entire day dedicated to it. I prefer to take my exams sometime between 1100 and 1400.

Before the Exam

A Week Before

  • Review videos, notes, cheat sheets dealing with trouble areas.
  • Take a mixed practice test of 90 questions scoring greater than 85%
  • Review domains where the score is less than 85%
  • Repeat once a day as needed

The Day Before

  • Review testing center requirements
  • Review videos, notes, cheat sheets dealing with trouble areas
  • Take a mixed practice test of 90 questions scoring greater than 85%
  • Go to bed early and get adequate sleep! I kid you not, this will make or break your performance!

The Day Of

  • Wake up early (at least 4 hours prior to your scheduled exam time) and eat a substantial breakfast! This is important if you schedule your exam later in the day, especially right after lunch as you may become lethargic.
  • Review videos, notes, cheat sheets dealing with trouble areas if time allows.
  • Take a break/rest prior to the exam. I like to take a nap a few hours before any test to recharge.
  • Arrive at the testing center an hour before the exam leaving adequate time to de-stress if you have test anxiety like me.
  • Enter the testing center 30 minutes before the exam for check-in
  • Skim cheat sheet/notes prior to the exam if you are able.

Taking the Exam

You will likely go through the following process in taking your exam:

  • Sign-in requires two (2) forms of Photo ID (license and school ID suffice).
  • Review documentation and accept exam agreement before starting the exam.
  • The first questions are usually performance-based questions that often utilize text prompts, drag-and-drop fields and interactive maps.
  • The remaining questions are multiple-choice questions. These questions are often situational and in the form of “choose the option that best fits this scenario.”
  • CompTIA exams allow the tester to skip forward and return to previous questions as well as flag questions for review before submitting it.
  • Once the exam is complete a survey will be presented prior to receiving on-screen notice of pass/fail status.
  • Results will be printed upon signing-out of the testing center.

Test Taking Methodology

This methodology is designed to answer most questions the tester is confident in quickly allowing for more time to complete intensive and lower confidence questions as the exam is limited in time.

  1. Flag and skip performance-based questions as these questions are multi-part and take the most time to complete.
  2. Answer all higher confidence multiple-choice questions and move on; flag and provide your best guess or skip lower confidence questions. (50-60 minutes)
  3. Go back and answer all performance-based questions to the best ability from simplest to most complicated. (10-20 minutes)
  4. Review flagged questions, use test logic to eliminate unlikely answers and make an educated guess if all else fails. (~10 minutes)
  5. If time permits go back and re-review performance questions and flagged multiple-choice questions for errors. (~10 minutes)

Example Situational Question

A good example of a CompTIA question is as follows:

An organization wishes to provide better security for its name resolution services. Which of the following technologies BEST supports the deployment of DNSSEC at the organization?


LDAP refers to the Lightweight Directory Access Protocol which is an application protocol for accessing and maintaining distributed directory information services over a network. A TPM or Trusted Platform Module is a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. Neither of which applies to the concept of “name resolution” or specifically Domain Name Resolution (DNS).

The Secure Socket Layer (SSL) and Transport Layer Security (TLS) protocols both apply here as they are both cryptographic protocols used to encrypt data and authenticate connections on the internet. The difference here is that TLS introduced as an upgrade to SSL 3.0 in 1999 as the superior communication protocol, however, the term “SSL” remains in use interchangeably. The Domain Name System Security Extensions (DNSSEC) was introduced as RFC 4033RFC 4034, and RFC 4035 in 2005.

Notice that the question itself does not ask about any particular feature of DNSSEC in order to determine which technology best supports it but sidetracks the tester into attempting to answer the wrong question entirely. The real question is essentially in the form of “which technology is utilized by DNSSEC.” LDAP and TMP do not apply to DNSSEC and TLS had superseded SSL by the time DNSSEC was introduced, thus the correct answer is C. TLS.


Chances are you’ve just passed your CompTIA Security+ Certification because you have been rigorously studying and preparing to the best of your ability! Time to check out, collect your summary, and celebrate.

Obtaining Your Certificate

Within three (3) days of passing the exam, the tester will receive several emails from CompTIA. The first one congratulating the tester on successfully passing the exam. The email will contain a link to a confirmable digital badge provide by Acclaim. Another email asking the tester to confirm their identity and shipping address before shipping certification packages through CertMetrics. Shipment usually takes 1-2 weeks.

Maintaining Your Certification

The CompTIA Security+ certification is valid for three (3) years and there are several methods for keeping it current:

Leave a Reply