Sec+ in 2 months...starting from...now!

Hey all,

My workplace has said I have to do the Sec+. So I am giving myself 2 months. In truth, since I studied back in 2015 for 90 days solid for the OSCP, i've lost every single ounce of motivation to pass exams. The OSCP was draining and sapped up the last bits of love I had for IT. That being said, I did get my PGCert (1/3 of a MSc degree) and other achievements after the OSCP such as my Linux+.

But I digress. I've got 2 months to pass the Sec+. I'm on chapter 3 of the book and so far, it's very easy. Although i've looked up some sample questions and it looks like it's going to get tougher soon. It'll be nice to get another Comptia cert.

I'm also hoping that this might be the exam that makes me love IT/security again. I will update this post as I go along and hopefully within 8 weeks, i'll have taken the exam.

Thanks for looking!

Find more posts tagged with

Comments

shochan

https://www.youtube.com/watch?v=VZ2HcRl4wSk

si20

shochan wrote: »

https://www.youtube.com/watch?v=VZ2HcRl4wSk

Haha that is some great motivation right there! Thanks!

shoey

Uhmmmm... What? You've got your OSCP but your job is making you get your Sec+?! Must be a gov't job, right? I can't imagine this happening in the private sector.

si20

shoey wrote: »

Uhmmmm... What? You've got your OSCP but your job is making you get your Sec+?! Must be a gov't job, right? I can't imagine this happening in the private sector.

private sector - I didn't have to do it but I didn't do any certs this year (aside from some Lynda courses but they're not real certs). I kinda opted into it because on the surface, it looks pretty easy for someone who has been working insecurity for a number of years and has got the OSCP. That said - some of the material is VERY dry. The first chapter is boring and bland - about costs/spending...ugh!

It'd be a nice start to 2018 to get this cert and will motivate me to keep studying (that's my plan anyway!)

shoey

si20 wrote: »

private sector - I didn't have to do it but I didn't do any certs this year (aside from some Lynda courses but they're not real certs). I kinda opted into it because on the surface, it looks pretty easy for someone who has been working insecurity for a number of years and has got the OSCP. That said - some of the material is VERY dry. The first chapter is boring and bland - about costs/spending...ugh!

It'd be a nice start to 2018 to get this cert and will motivate me to keep studying (that's my plan anyway!)

Ok that makes a bit more sense. Yeah, the book is definitely dry; I'm sure even more so for someone already holding their OSCP. You probably can skim over most of the material and be good...

si20

shoey wrote: »

Ok that makes a bit more sense. Yeah, the book is definitely dry; I'm sure even more so for someone already holding their OSCP. You probably can skim over most of the material and be good...

I think you might be right!

Here's a quick update for anyone who has bookmarked and is following the thread. Tonight I spent just 1 hour 15 mins reading and using the certmaster software that we were given and I worked on the network section and got the following stats:

progress

time spent

starting knowledge

refreshers taken

you

3%
36min
74%
0

all learners

8%
1hr 52min
62%
0.3

So if i'm reading this right, I came to the section with 74% knowledge and completed it within 36 mins, whereas the average is 1 hr 52 and 62% average. I'm not trying to rush - it helped that out of the 31 questions, I got 27 of them right. The 4 I got wrong talked about WIPS - wireless intrusion prevention systems - which isn't even mentioned in the 104 book i've got

Either way, I think i'm off to a good start. But if I do a course after this, I want it to be practical. I cannot cope with reading and having multiple choice answers. I want to do some programming or configuring!!

Diskpak

I was told there were no select all that apply? One right answer. Is this true?
I also have the Transcender test exams. I have read multiple threads were some like them and some don’t? The instructor told me that all of the questions come right from the book. The Transcender questions have many questions that aren’t even in the book?
Sorry to hijack your thread.

The authors:

Author
Media Designer Content Editor
Pamela J. Taylor
Jason Nufryk

N7Valiant

Diskpak wrote: »

I was told there were no select all that apply? One right answer. Is this true?
I also have the Transcender test exams. I have read multiple threads were some like them and some don’t? The instructor told me that all of the questions come right from the book. The Transcender questions have many questions that aren’t even in the book?
Sorry to hijack your thread.

The authors:

Author
Media Designer Content Editor
Pamela J. Taylor
Jason Nufryk

Highly unlikely. The A+ and Net+ I took all had some questions with multiple answers.

shoey

si20 wrote: »

I think you might be right!
So if i'm reading this right, I came to the section with 74% knowledge and completed it within 36 mins, whereas the average is 1 hr 52 and 62% average. I'm not trying to rush - it helped that out of the 31 questions, I got 27 of them right. The 4 I got wrong talked about WIPS - wireless intrusion prevention systems - which isn't even mentioned in the 104 book i've got

Either way, I think i'm off to a good start. But if I do a course after this, I want it to be practical. I cannot cope with reading and having multiple choice answers. I want to do some programming or configuring!!

I believe your correct; but I wouldn't take the average as a legit number (i.e. Not finishing, etc.). Honestly if I were you - I'd just buy a CISSP study guide and use it for both... I basically used the CISSP guide for the Sec+, SSCP, C|EH, C|HFI, and CISSP.

shoey

N7Valiant wrote: »

Highly unlikely. The A+ and Net+ I took all had some questions with multiple answers.

Agreed. I remember multiple question types on my exam... I personally didn't find Transcender very useful. I think it's more about how you use practice exam questions. I suggest you take exam questions to identify weak areas, then you can better focus your studying. When your instructor says "all the questions come right from the book" they likely mean that the book has all of the material you need to study; not that the only questions your likely to see are actually the questions in the book. The actual questions in the book are just a guide...

shochan

si20, look up Professor Messer online, he has a monthly (around 15th of every month) Sec+ study group on YouTube (live feed) & his website (for chat purposes during live feed). He will cover only about 10 questions during that 1st hour, but the 2nd hour is basically asking him questions directly about the exam. His $10 Sec+ notes are spot on too, totally worth it. Another book you might purchase is the Daril Gibson book (I personally did not use, but from all the TE folks on here said it is the best one). Cheers & Hi5!

McxRisley

Why security +? I would suggest either CSA+ or CASP because you are just wasting your time studying for it when you already have your OSCP. You could walk in and pass the CSA+ just off of your OSCP knowledge, thats what I did

si20

shochan wrote: »

si20, look up Professor Messer online, he has a monthly (around 15th of every month) Sec+ study group on YouTube (live feed) & his website (for chat purposes during live feed). He will cover only about 10 questions during that 1st hour, but the 2nd hour is basically asking him questions directly about the exam. His $10 Sec+ notes are spot on too, totally worth it. Another book you might purchase is the Daril Gibson book (I personally did not use, but from all the TE folks on here said it is the best one). Cheers & Hi5!

Thanks I'll check out the material!

McxRisley wrote: »

Why security +? I would suggest either CSA+ or CASP because you are just wasting your time studying for it when you already have your OSCP. You could walk in and pass the CSA+ just off of your OSCP knowledge, thats what I did

It's being paid for me - that's literally the only reason I'm doing it. Having spent a bit of time now looking at various questions - I'm not a fan of the Sec+. The questions are very....leading - as in, lead you to believe that x is the right answer, only to find out it's y.

This will definitely be the last non-practical course/exam I take. I want to 'do', not just read

Anyway, I'm ranting! I'll probably update by the weekend

rade

Best of Luck! What book are you using if you don't mind? Just picked up SY0-501 Study Guide (Darril Gibson) Thanks!

si20

rade wrote: »

Best of Luck! What book are you using if you don't mind? Just picked up SY0-501 Study Guide (Darril Gibson) Thanks!

Using the 401 study guide by Darril Gibson and I've started looking at the Professor Messer youtube videos.

si20

Ok so I've kinda dived in at chapter 5. A topic I find more interesting than the others. Wi-fi Security! I passed my OSWP (OffSec Wireless Professional) in 2014 and honestly - as I never became a pen-tester, I've not dabbled in wireless security since. So I went straight to the questions at the end of the chapter without reading the chapter to gage where I was up to.

I got 14/20. The questions I got wrong were asking how many bits CCMP uses. Umm... I don't know. Not the kind of thing I'd normally remember! And I got another question wrong about a "site survey" - never heard of site survey attack/recon in my life. I think after I get around to reading the chapter and understanding CompTIA's logic, I should be able to hit a much higher score.

So here is my gameplan:

I should be ready to take the exam mid-late February, 2018. Admittedly, with it being December, i'm finding study time a little difficult. There are 12 chapters in the book. So I plan to spend 4 weeks on these 6 chapters:

Chapter 1: Measuring and Weighing Risk
Chapter 2: Monitoring and Diagnosing Networks
Chapter 3: Understanding Devices and Infrastructure
Chapter 4: Access Control, Authentication, and Authorisation
Chapter 5: Protecting Wireless Networks
Chapter 6: Securing The Cloud

So by mid-January, I should have read the first 6 chapters of the book. Once that's done, I will spend the next 4 weeks on these chapters:

Chapter 7: Host, Data and Application Security
Chapter 8: Cryptography
Chapter 9: Malware Vulnerabilities, and Threats
Chapter 10: Social Engineering and Other Foes
Chapter 11: Security Administration
Chapter 12: Disaster Recovery and Incident Response

So by mid-February, I should have read the entire book. That then gives me 2 weeks to prepare for the exam using cert master and the questions in the books.

Continuing the gameplan: there are 90 questions to answer within 90 minutes. The weight for each chapter is as follows:

1.0 Network Security 20%
2.0 Compliance and Operational Security 18%
3.0 Threats and Vulnerabilities 20%
4.0 Application, Data and Host Security 15%
5.0 Access Control and Identity Management 15%
6.0 Cryptography 12%

Total 100%

Overall, I think I've got this. I imagine 77/90 questions (85%) would be a pass. CompTIA say a passing score of 750/900 is needed. So my aim is to get 80/90 on the final exam and I'll call that a successful start to 2018.

Right. I'll update next week! Have a good week all.

si20

Well I should, have passed my Security+ by now. As you can tell from my post above, I had great intentions and was raring to go, at least on the outside. On the inside, I had zero motivation. I really, really hated the format of the Security+. I've actually decided that I dislike the Security+ with a passion. For me, security HAS to be practical, otherwise, it's almost useless.

The Linux+ was very practical and I expected the Security+ to be the same. It isn't. At all. It's blocks and blocks of text, and then some. Certmaster - my goodness. I wouldn't be happy if I paid for it myself. It's p*ss poor.

I'm almost convinced this is why people get into IT roles and don't know what to do. Because they've only read a book and not spun up a virtual machine and worked on proxy servers etc I understand as well as the next person that it's not viable to somehow use a load-balancer at home, but the Security+ should have some practical kali linux / exploitation. Instead, it's just theory with no practical.

That's my long winded excuse of saying: I have barely read a word in the Sec+. I've got no choice but to study it and pass it. But I just wanted to be honest for anyone who was following. I can't study something unless i'm 100% committed and focused - and i'm not at the moment. If the Security+ was more interesting and practical, I think i'd be on it every day. But at the moment, i'm just waiting for a huge tidal wave of motivation to hit so I can power through it. Very boring, basic course i'm afraid

mmcabe

I know what you mean about practicality. I'm having a hard time reading that TLS is a good alternative to SSL when in real life I'm battling developers over upgrading to TLS 1.3. I guess it's just the nature of an exam that covers a very fast-moving field.

bluewarlord8

Hey,

I'm a baby into the computing field (working to get my A+). I don't know what an OSCP is, I know basic Comptia certs like Sec+ etc. Anyway.. It all sounds good, I think you should be fine within a month or so at max! Try, Udemy.com for some great content. Good luck on the Sec+.

si20

So my motivation is back and as i'm typing this, i'm reading through ALL of chapter 1. Do we really need to remember the SLE. ARO and ALE stuff? To me, it seems like high-level management gibberish, but just because I don't agree, doesn't mean it wont crop up on the exam.

I'm just going to reiterate this one more time and I promise I wont repeat it again but the Security+ is NOT my favourite course. It's so, so wordy and I can't hep but feel it will produce nothing but "know it all" Security folk who can talk the talk but can't walk the walk.

That said - I am going to study this and pass it and put it behind me. Once i've done it, I can figure out where to go next in the world of IT. At the moment, this cert will just prove i've studied *something* in 2018, rather than sat on my backside doing nothing.

globalenjoi

si20 wrote: »

So my motivation is back and as i'm typing this, i'm reading through ALL of chapter 1. Do we really need to remember the SLE. ARO and ALE stuff? To me, it seems like high-level management gibberish, but just because I don't agree, doesn't mean it wont crop up on the exam.

I'm just going to reiterate this one more time and I promise I wont repeat it again but the Security+ is NOT my favourite course. It's so, so wordy and I can't hep but feel it will produce nothing but "know it all" Security folk who can talk the talk but can't walk the walk.

That said - I am going to study this and pass it and put it behind me. Once i've done it, I can figure out where to go next in the world of IT. At the moment, this cert will just prove i've studied *something* in 2018, rather than sat on my backside doing nothing.

When I decided to actually start the certification thing, I started with Sec+. I had no experience, and was about 6 months into my first IT job. I scheduled the exam first, and then spent 2-3 weeks with the Gibson book and not much else. I read it each night, taking notes and forcing myself to write what I was reading just to help it stick, because holy crap a lot of it is dry. I'd say schedule the exam 3 weeks out and force yourself to read the material.

yoba222

How many more days do you have left before your job lets you go? I knew a guy where I used to work that didn't have the required Security+. They fired him after failing for the fifth time. He was a senior analyst too.

If you have more time, I'd suggest considering the CySA+ as it's much more technical and hands-on based questions from what I understand.

si20

yoba222 wrote: »

How many more days do you have left before your job lets you go? I knew a guy where I used to work that didn't have the required Security+. They fired him after failing for the fifth time. He was a senior analyst too.

If you have more time, I'd suggest considering the CySA+ as it's much more technical and hands-on based questions from what I understand.

I've not failed the exam - quite the opposite - i've not even got a date in mind to take it now. I've read chapter 1 and can barely bring myself to read the rest of it. I can't pinpoint the reason why my motivation has died, but it has. I'm putting it down to it being a "worthless" course for me. It's too basic, it's not practical etc the only reason I am having to study it is as a requirement. I think that's another reason my motivation has died, because work want me to do it. It's not something i'd have picked.

si20

Ok, I decided to book the exam 4 weeks from now. This will force me to study and get this cert done and out the way.

Right now, I am working through some CBT Nuggets and Lynda courses - I found that the textbook approach doesn't work for me at all and I need practical examples of the material. So that said, I will update this thread over the next 4 weeks because the exam is going to be taken then no matter what!

coreyb80

si20 wrote: »

Ok, I decided to book the exam 4 weeks from now. This will force me to study and get this cert done and out the way.

Right now, I am working through some CBT Nuggets and Lynda courses - I found that the textbook approach doesn't work for me at all and I need practical examples of the material. So that said, I will update this thread over the next 4 weeks because the exam is going to be taken then no matter what!

I prefer videos over text myself so I understand the approach. I'm scheduled to take my exam a week from today.