Security+ CE (SY0-501) – Exam Thoughts and Considerations

After recently passing my Security+ exam on January 9th, I was forced to admit that this exam has become notably more challenging in recent years. While it’s encouraging that CompTIA and other vendors that had perhaps been historically labeled by the industry as having “paper exams” (this term means that the exam is so easy to pass, that it’s practically a piece of paper to potential employers afterward in terms of value, and little more) are beefing up their tests considerably, this also trickles down to the test taker to realize that the CompTIA exams are becoming more competitive in today’s IT landscape in terms of passing percentage.

In light of this, I’d like to offer a few perspectives on the exam and what you can expect if you’re planning on sitting for the SY0-501 version of the test in the near future.

Study Materials

The study materials that I used to prepare for the test were Skillport’s online video course on the technologies and concepts covered, as well as Sybex’s Security+ Study Guide for SY0-501 (Standard Edition).

Firstly, let me say these are some fantastic study materials. They covered roughly 90% of the same content between both, but it’s great to be able to watch a video course on a topic, then read back through a written summary of everything covered with easy-to-note lists of all the technical term definitions.

Regardless of what study materials you use to prepare for this test, my suggestion is to use more than one study source. This is due partially to how helpful repetition is in nailing a lot of the tested concepts down, but also to offer a different author’s perspective on the topics as well as possibly cover things that your main study source didn’t mention.

The Skillport course and Sybex book covered about 85% of the questions I saw on the test. You’ll find that this is usually the case for most study books and courses – there’s always going to be something that will be on the test that your training doesn’t cover. The reason for this is that the test vendor is hoping that your real-world experience will fill in some of the gaps in the study materials, hence why CompTIA selects a few questions on the test that are probing into further detail than the others to see how deep your knowledge goes.

Test Topics That I Wasn’t Expecting

As with any test, there are going to be “curveballs” – things that the test provider throws in to see how much you’ve dug into the material and how well your real-world job experience prepares you for the tested topics.

I’ll try and describe what I saw on the exam that I didn’t expect to see on it as best I can without dropping spoilers that might be in violation of the NDA I signed:

  1. Make sure you know basic Linux file structures as well as core system files and config settings. Taking an hour or two to dive into the basics of Linux if you’re not already familiar with it will go a long way towards addressing the more Linux-focused questions on the test (and there WILL be some).
  2. Look through some more in-depth documentation on SQL injection attacks, Javascript attacks, and XSS-based attacks. My study materials gave these attacks a few paragraphs worth of a mention, but you’ll need to know them in more detail for the test if you use the same study sources I did. Certified Ethical Hacker and CSA+ both cover these in more detail, as well as plenty of sources online where you can do some additional reading on documented cases of these attacks and how specifically they work.
  3. Either play around with, or do some more research into worms, bots, and logic bombs. An understanding of how these work on a “warning signs” level will be necessary to address some of the test questions. The coverage on these topics in the Sybex guide and in Skillport didn’t give these adequate justice.

Closing Thoughts

This is my 18th IT certification that I’ve achieved, and I’d rate it as more challenging than ITILv4 and DCSE, but less challenging than CCNA and MCTS. It’s a happy middle ground of complexity vs. industry value. And, if you’re working for the government, it can be either a great thing to have on your resume, or an outright job requirement.

I’m pleasantly satisfied with the direction that CompTIA is going in with their certification tracks, and feel that this accomplishment is beneficial to my career moving forward; if you’re planning on sitting for the test, I hope it is for you as well.

Caleb
Caleb Huggenberger is a 31 year-old systems engineer, owner of the non-profit animation streaming service 'Otaku Central', and Eastern culture enthusiast. Outside of long work days, he enjoys electronics engineering, cast iron campfire cooking, and homesteading on his acreage in the Indiana countryside.

Leave A Comment (please keep things clean & civil)

Your email address will not be published. Required fields are marked *