Difficulty of the Exam

extremegamer1

Hi, sorry about posting this as probably other people have posted this before. But can anyone tell me the difficulty of the exam? I took a semester class on Security+ and feel confident in most areas and would like to take the exam next week. I am studying with the Daril Gibson book and find it to be a great review.

Basically, is the exam like the practice exam on this website or more towards Gibson's book and CompTIA's practice exam?

Thanks in advance.

Subby808

Just finished taking the test yesterday. Went in thinking I wasn't prepared enough. From my experience with the actual exam, It's much easier then I expected. I do recommend reading at least two different resources. I elected to use Exam Cram and James Michael Stewarts CompTIA Security + Review guide. From what I read on this forum, Darril's Book seems to be your best option.

The actual exam differed from many of the practice exams in that there were not as many 'select two answers' as I expected to encounter. Again this was my own personal experience. For me there seemed to be more 'select the MOST' reasonable answer. I ended up flagging about 20 questions. I finished the initial 100 questions with about 5 minutes left on the exam. I used the left over time cruising through my flagged questions.

For me I didn't have any of the prerequisites that CompTIA suggest, Ie Network + or two years experience. I managed to pass the test by reading two books and plenty of flashcards.

Good Luck with your exam.

Richard

earweed

Welcome to TE!
To me it was easier than the Net+ as there was less memorization. The questions were all situational (for the most part) and asked for the "best" answer.I studied using the Sybex book and Labsim.

extremegamer1

Thank you guys for your response, I ordered one more book for Review, so hopefully after reading Gibson, ExamCram, and the last review book I should be good to go. Hopefully it is like the practice ones that CompTIA had online.

Darril

One thing I like to repeat in the classroom is that you have 90 minutes to finish 100 questions. That's about a minute per question. With that in mind, the questions simply can't be that deep or lengthy.

I've taken non-CompTIA exams where scenario-based questions are a couple of paragraphs long, and even some where the scenarios are multiple pages. However, you won't see anything like that on the CompTIA Security+ exam.

Most reputable study sources include explanations for the practice test questions. These are just as important to read and understand as the actual questions. It's well worth your time to read and understand why the correct answers are correct, and why the incorrect answers are incorrect.

HTH and good luck,

Darril Gibson
Author: CompTIA Security+: Get Certified Get Ahead
ISBN-10: 1439236364
Security+ Blog

CertGrabber

Darril, thank you for the time you take with us. It's one thing to right the 'de facto' security+ book, the one that we all swear by. It's another to respond to our questions in the forums. I truly appreciate it sir!

I'm currently about half way through your book btw, and it's a great read compared to the other security+ books I've seen. I like the way you explain the concepts of symmetric/asymmetric keying and intrusion detection/prevention systems.

Devilsbane

extremegamer1 wrote: »

But can anyone tell me the difficulty of the exam?

I'll let you know on Thursday

extremegamer1

Well I decided to take the exam next week and have a couple of topics I am a little shaky on:

NTLM - what encryption it uses
PKI
Risk Assessment, mainly what is impact assessment.

If you guys could clear some of those up for my I would really appreciate it.

brewd

Honestly, for the Security+ exam you don't have to know must about the inner workings of the subjects you've identified as your problem areas.

For NTLM (an integrity based hashing algorithm as Security+ identifies it) - simply know that it is used in a Microsoft environment and that it is more secure than LANMAN and in the same grouping of algorithms as SHA1 and MD5.

For SHA1, know that it produces a 160bit hash, slower than md5 but less collisions. MD5, produces a 128bit has, faster but more collisions.

PKI - just know it's asymmetrical (and what asymmetrical means) and know the architectures of PKI based systems. Know that to sign a message you would use your private key and the recipient would use your public key and to encrypt you would use their public key and recipient would use their private key.

Regarding Risk Assessment, the PrepLogic Megaguide summed this up better for me than did the Sybex book:

Risk Assessment: an objective evaluation with the end goal of determining both quantitative (measurable quantity) and qualitative (measurable quality) values of threat and is the first phase of risk management - the process of assessing risk and establishing appropriate controls. The risk analysis portion of risk assessment attempts to identify the risk factors that prompt particular risk mitigation practices and risk management processes.

A quantitative risk assessment calculates risk (the magnitute of potential damage or loss) and the probability that such a consequence will occur.

The Sybex book has a good formula to use to calculate the risk:

SLE x ARO = ALE

SLE=Single Loss Expectancy ($ a risk represents in cost)
ARO=Annualized Rate of Occurence (# of occurences in a year)
ALE=Annual Loss Expectancy (total $ of cost/year)

Keep in mind that if they throw a % chance of an event occuring, such as a 50% chance of a virus infection, multiple that % by the ARO.

Hope this helps. Good Luck on the Sec+, it's far easier than its reputation, but you do want to find some Transcender or similar questions so that you get a good feel for what to expect.

Divine-Assault

Hey,

I just took the Security+ exam today and passed. To be honest it didn't seem all that hard but my passing score was kind of low. I used the Security+ CBT Nuggets and I have to say that they did a good job for pinpointing the major objectives but I did some stuff I did not see on the Nuggets on the exam. Experience helped me too but in the end, you can pass if you understand the concepts well and memorize the types of attacks, encryptions, etc.

extremegamer1

Thank you all for your response, I do appreciate them. I scheduled my exam for this Thursday and hope I do well enough. I feel prepared enough in that I know the topics but I need to study some of the nitty gritty details more (bit sizes for encryption and things of that sort).

My last thought is the scoring on the exam. If the range of the score is 100-900, assuming you get all questions wrong you would get a 100 right? So essentially there is a curve on the exam or am I just think about this the wrong way and each question is worth 9 points? Either way, hope I do well haha. Thanks once again

Devilsbane

extremegamer1 wrote: »

Thank you all for your response, I do appreciate them. I scheduled my exam for this Thursday and hope I do well enough. I feel prepared enough in that I know the topics but I need to study some of the nitty gritty details more (bit sizes for encryption and things of that sort).

My last thought is the scoring on the exam. If the range of the score is 100-900, assuming you get all questions wrong you would get a 100 right? So essentially there is a curve on the exam or am I just think about this the wrong way and each question is worth 9 points? Either way, hope I do well haha. Thanks once again

Range is 100-900. All wrong earns you a score of 100. All correct gets you a score of 900. Some wrong gets you somewhere in between, CompTIA doesn't say where. The do say that some questions are test questions and are worth no points, but the break down of the other points is unknown. It likely isn't a straight percentage.

I found the test to be easy. A lot of the concepts came off the Network+ or from other training I have done, so this was just a new spin on things. The test took me about 35 minutes, which comes down to about 20 seconds a question. But they give you 90, time certainly won't hinder your results.

Good luck!

extremegamer1

So I had my exam today and passed!!! I scored a 875; I used Darril Gibson's book (very helpful) and the sybex review guide (helpful for the night before). Well I am off now to do Network+ and maybe A+. See you in those forums

earweed

Congrats!

Devilsbane

extremegamer1 wrote: »

So I had my exam today and passed!!! I scored a 875; I used Darril Gibson's book (very helpful) and the sybex review guide (helpful for the night before). Well I am off now to do Network+ and maybe A+. See you in those forums

Congrats! What were your thoughts about the test? (Don't disclose anything you can't, I'm just curious what you thought about it)


=

extremegamer1

Well, the exam basically matched what the objectives were. There were about 20 questions that I marked since I didn't really understand what the question was asking and had to eliminate by choice. Using the book (gibson) definitely did help, questions were similar in style. I think if I studied A+ first and then Network+ I would have done slightly better since it seems Security+ encompasses those two and builds a little bit upon them.