Using a CompTIA Security+ Practice Test to Prepare for the Actual Test
OK, so you’ve studied the CompTIA Security+ exam objectives, some content (courseware, online videos, Google or whatever works for you). You also self-tested using some Security+ practice test until you feel very comfortable with the subject material and you are ready to face the beast. You will be prepared but watch out for that one word in a question that can change its total outcome. I’ve seen people use practice tests wrong to the point where they can answer a question correctly based on just a couple of the first few words in a question and the choices. This totally misses the point. Sure, it feels good to get% 100 on a practice test and you very well might pass the exam. But if they change the scenario even slightly you’ll be in trouble. Read every word of the real question and examine the answers carefully. Eliminate the wrong answers based on your knowledge of their function and behavior. Reduce the possible correct answers by eliminating the absolutely wrong answers from the possible correct ones.
The Exam Objectives
One very important item is to go over the Exam Objectives line by line – carefully! Read each topic in the sub objectives and own them. There’s no way of telling which objective you will get hit with, the only thing you know for sure is that it will be in the CompTIA Security+ SY0-401 Certification Objectives. Print them and take notes. In the CertBlaster Security+ practice test the exam objectives are taken so seriously that in addition to four Exam simulations there are one Drill per exam objective, see screenshot below.
How deep are the exam questions?
We’ll use the protocols as an example. You should know not just which acronym represents which term, you need to know what they do and what other protocols there are interdependencies with and the ports they use. You will be tested on this type of scenario in depth. Know your attack types and how they are used. Find some sample attacks online and try to execute them on a sample target machine. This is White Hat material, use your own machines and do no harm. See if you can penetrate a machine, then use your knowledge gained to mitigate and or deter the threat to that target. I’d suggest running virtual machines of different OS’s. Hammer on them. Script on a Linux Terminal and attack other servers Now this takes time, but better to spend that time learning what works and what doesn’t before you plunk down over $300 dollars in the testing fee to end up guessing at the test. The test might put you in a situation where you need to identify a server under attack, the attack type and the best defense against that attack.
Know the policies that help protect your organization. Know the forensic procedures especially things like data volatility and the chain of custody. How do you calculate your risk? Prepare for everything because the Security+ test is no walk in the park.
Wireless is a bigger part of the SY0-401 than it was in the SY0-301 so be prepared. Do you want an IPS or an IDS? Would you rather see a successful attack in a log file or a blocked attempt? I think you get the picture.
What Security+ practice test should you use?
The main criteria for any good practice tests are: 1) “Freshness” of content i.e. are these constantly updated? 2) Do they cover every single CompTIA sub-objective? 3) Does it provide answers and explanations, and 4) are there enough practice questions? You need a LOT of good questions to practice effectively and for rote memorization to not become too significant a factor too early. Freshness is important in two respects. The first is content proper i.e. the practice questions need to reflect the depth/level (we call it calibration) of the questions on the actual exam. Second, it needs to reflect the very latest types of Performance Based Questions (PBQ). CompTIA varies those regularly and for you to not be thrown off by those having practiced on the same types of questions will save you a lot of time and anxiety on exam day.
At the testing center
When you go for the test the first thing on your mind should be nothing! Get a good night’s sleep and arrive relaxed. If you want, go over your objective sheet again. But walk into the test center calm and clear. No acronyms buzzing in your brain.
Have your documentation in order two pieces of ID one with your picture one with signature. You’ll get your picture taken so look sharp.
You only have 90 minutes for the entire exam so time management is of the essence. When you take the test you may get hit with some heavy material right away such as performance based questions. If you don’t immediately have a good answer just mark it for later, you can make an educated guess but don’t waste time. You may find that a later question sheds light on one you marked earlier. You will find that there is adequate time to take the test and review your marked missed items, as long as you don’t let a question bog you down. Don’t know? Put in your best guess mark it for later and move on. Some of the questions may only take ten seconds to get correct, that’s time in the bank. Use the timer to your advantage. You could get through the first pass with 45 min to an hour left. Now you have a little time to think. Use the same tactics on the second pass, if you still don’t know leave it marked and roll-on. Check your time, the second pass will have considerably fewer questions. If you get them unmark them to reduce the third pool of questions. Use all of your time and don’t waste it. If you end up with a few questions you have no idea what to do about then just click anything (could be all clicks on the first choice for all it matters) but make sure to answer everything as there is no penalty for incorrect answers but you can’t get lucky if you don’t click any of the choices…
Good luck on the test! Let us know how you make out!