Passed Security+ SY0-401 862/900 -- My Strategy and Materials

CryptrotTheWarlockCryptrotTheWarlock Member Posts: 6 ■□□□□□□□□□
I posted this over on Reddit but since I lurked here as well I figured it'd only be nice to share. Pardon formatting.

5 years of Systems Administration experience plus 10-12 years of being a computer hobbyist put me in a decent position knowledge wise. I did spend 3 years out of industry so there was some rust. Recently received a job offer that required a Security+ before starting (DoD Regulation). Expected to have 2-3 weeks while other paperwork was done, was notified on Monday that I had to test ASAP. Total prep time: 1.5 weeks.

Gibson, Darril CompTIA Security+ Get Certified Get Ahead SY0-401 Study Guide (Kindle Edition)
CompTIA SY0-401 Objectives List [Extremely important]

My strategy and plan centered around several steps, a summary of the plan is as follows:

1. Self-Analysis: Using the CompTIA SY0-401 objectives I went point by point to see where my areas of strength and weakness were. I would attempt to describe each objective, anything I felt I knew I highlighted green, anything I was fuzzy got yellow, and anything I did not know at all was red.
2. Assessment/analyze: Take the pre-test in the GCGA book, score accordingly and then match incorrect answers to objectives. Compare results with self-assessment.
3. Study Chapter-by-chapter: Starting with Chapter 1 read each chapter (two to three per day) and then answer the questions at the end. Make note of any incorrect responses and what objective they align with.
4. Take the post-test, analyze any missed answers again and then compare to the objective list.
5. Bring it all together: Map out any and all objectives you were unsure of, performed poorly on, and otherwise did not do well with and work through those parts of the books again. Make flashcards, flowcharts, whatever works for you to ensure that the information sticks. Do not immediately re-test, you'll likely remember past mistakes.
6. Port number flashcards: While my background gave me a good basis, I had never worked with things like Secure LDAP on 636/TCP. You need to know your port numbers. Seriously.
7. Chill for a few days: You're not trying to rote-memorize the material, that won't serve you well.
8. Retest: Re-take the assessment at the end of the book. Grade it, score it, repeat step 5 then 7.
9. Schedule your test.
10. Drill on any of the must be memorized stuff (Acronyms that you're unfamiliar with, ports, etc)

Then on test day: Take the pretest again. Go objective by objective down the list, you should be able to explain in your own words a majority of the stuff on the list. I don't just mean definitions, but explain what something does, how it works, how it fits into the big picture. If you can't do this you will have trouble on the test.

Test Strategy:
The very first thing I did while the test was loading was write my port numbers on the top of my reusable pad, it was the only bit of rote memorization that really is necessary and it helped to just have them down and available.

Obviously due to NDA I can not give specifics on test questions, but my test was 66 total questions with 7 simulations (I was startled because I expected 90 questions from lurking this subreddit.) Material was covered quite thoroughly with some questions utilizing multiple objectives. Mark for review is your friend!

I immediately marked every simulation for review and went on to multiple choice questions. Anything I spent more than a bit of time (you know yourself) thinking about or required any math got marked for review. Anything I second-guessed got marked for review. The rest I just answers as best as I could.

At the end I did my simulation questions before going back to the multiple choice questions that I marked for review. I then went question to question eliminating impossible answers and then weighing the pros and cons of each solution. I was much more calm by this point and I feel like I gained at least 50 points by re-approaching the questions that required more thought after already doing my simulations.

Make sure you read the question carefully! They may have more than one answer, they may be asking for a best, they may be asking for a worst. Also if you just rely on rote memorization a few questions will get you. Understand what they are asking and answer the question.

TL;DR: Know what you know and do not know before you start studying, still study everything in case things have changed in the last few years but really focus on what you think you know that was wrong and what you do not know at all. Structure your study based on the objectives. Know your god damned ports. Skip sims at first on test, but do them before any multiple choice you flagged for review. Be able to explain the objectives in your own words and you'll pass easily.

Good luck friends!


  • materwelonmaterwelon Member Posts: 13 ■□□□□□□□□□
    congrats! i used the same exact strategy when i took my exam and i passed
  • nisti2nisti2 Member Posts: 502 ■■■■□□□□□□
    Thanks for sharing!!! Really helpful your advice!!
    2020 Year goals:
    Already passed: Oracle Cloud, AZ-900
    Taking AZ-104 in December.

    "Certs... is all about IT certs!"
  • greg9891greg9891 Member Posts: 1,189 ■■■■■■■□□□
    Congrats! Impressive
    Upcoming Certs: VCA-DCV 7.0, VCP-DCV 7.0, Oracle Database 1Z0-071, PMP, Server +, CCNP

    Proverbs 6:6-11Go to the ant, you sluggard! Consider her ways and be wise, Which, having no captain, Overseer or ruler, Provides her supplies in the summer, And gathers her food in the harvest. How long will you slumber, O sluggard?
    When will you rise from your sleep? A little sleep, a little slumber, A little folding of the hands to sleep, So shall your poverty come on you like a prowler And your need like an armed man.
  • NavyMooseCCNANavyMooseCCNA CCNA R&S, ITIL, Security+ ZZ9ZZAMember Posts: 544 ■■■■□□□□□□
    Bravo Zulu!

    'My dear you are ugly, but tomorrow I shall be sober and you will still be ugly' Winston Churchil

  • DAVIS NGUYENDAVIS NGUYEN Member Posts: 1,472 ■■■□□□□□□□
Sign In or Register to comment.