How to Pass the CompTIA Security+ Certification Exam

Kindra CooperKindra Cooper | 8 minute read | February 23, 2021
CompTIA Security+ study guide

In this article

With cybercrime up 600% due to the Covid-19 pandemic, it’s no surprise that cybersecurity jobs are projected to grow by 31% by 2029, according to the U.S. Bureau of Labor Statistics. As hackers diversify their tactics with social media disinformation campaigns, IoT-based attacks, and phone calls offering fake refunds, cybersecurity experts are tasked with staying up to date on the latest tools and technologies. 

Certifications are the number-one way to do that. For an entry-level cybersecurity analyst, a certification is an essential calling card that shows you have the baseline skills necessary to perform security functions in IT security.

Springboard has partnered with CompTIA, the world’s leading tech association, to create a new Cyber Security Career Track. CompTIA’s Security+ certification lays the groundwork for specialized career paths in cybersecurity. The certification covers core technical skills in risk assessment and management, incident response, forensics, enterprise networks, hybrid/cloud operations, and security controls.

While the CompTIA Security+ exam does not have any formal prerequisites, CompTIA recommends test-takers have 24 months of experience in network security administration and/or a prior Network+ certification from CompTIA. Springboard’s cybersecurity bootcamp incorporates exam prep materials developed with CompTIA, official practice exams, and hands-on coursework including 30+ labs, 35+ mini-projects, and one capstone project to adequately prepare you for the exam.

CompTIA Security+ SY0-501 vs. SY0-601: What’s the difference?

Each CompTIA Security+ certification is valid for three years, after which CompTIA releases a newer version of the exam designed to keep up with evolving technology.

The SY0-501 exam was released in 2017, while the more recent SY0-601 launched in November 2020. The key difference between them is that the SY0-601 represents a more pared-down version of its predecessor. The new exam covers five domains instead of six, guided by a maturing industry job role, and 35 exam objectives compared with SY0-501’s 37 objectives. Having fewer objectives means more examples within each objective, prioritizing depth over breadth.

CompTIA Security+ 501 Exam Domains CompTIA Security+ 601 Exam Domains
Threats, Attacks and Vulnerabilities (21%) Attacks, Threats and Vulnerabilities (24%)
Technologies and Tools (22%) Architecture and Design (21%)
Architecture and Design (15%) Implementation (25%)
Identity and Access Management (16%) Operations and Incident Response (16%)
Risk Management (14%) Governance, Risk and Compliance (14%)
Cryptography and PKI (12%)

While the SY0-601 is a more up-to-date version of the exam, one advantage of taking SY0-501 is there are more study resources available online outside of official CompTIA material. Springboard’s cybersecurity program prepares you to take the SY-601 exam with the help of dedicated video content, mock exam materials, and a mini study guide mini-project.

Both exams still prepare test-takers for the same primary roles, which include:

  • Security administrator
  • Systems administrator

The certification is also useful for the following roles:

  • Help desk manager/analyst
  • Network/cloud engineer
  • Security engineer/analyst
  • DevOps/software developer
  • IT auditor
  • IT project manager

Each exam is 90 minutes long, with a maximum of 90 questions that are multiple-choice and performance-based questions (PBQs). PBQs test your ability to solve problems in a simulated environment—typically an approximation of a virtual environment such as a firewall, network diagram, terminal window, or operating system. To pass the exam, you must score at least 750 (on a scale of 100-900). Note that during your exam session, you are not allowed to use exam-specific materials or scratch paper, erasable white boards or any other physical writing tool like a pen or pencil. However, you’ll have the option to use a built-in digital whiteboard to do scratch work or take notes.

If you’re planning on taking the CompTIA Security+ exam and/or participating in Springboard’s Cyber Security Career Track, here’s a study guide to help you get started.

  1. Get a good study guide

  2. Make a study plan

  3. Study in bite-sized chunks

  4. Become familiar with the exam domains

  5. Prepare for the performance-based questions

  6. Take at least three practice exams

1. Get a good study guide

Your best bet is to stick with CompTIA-approved content, like a study guide with the CompTIA Approved Quality Content (CAQC) seal or CompTIA-issued exam prep book. This will ensure you are studying with the best material endorsed by CompTIA itself. Online study guides can be useful, too, but they may offer a less accurate sense of what to expect in the exam as CompTIA does not release actual questions from prior exams.

If you’re enrolled in Springboard’s Cyber Security Career Track, you’ll have access to CompTIA Security+ prep these materials as part of your course. If not, you can purchase CompTIA’s official study guide from its online store. Additionally, consider joining a CompTIA Security+ exam online community so you can study with like-minded individuals, stay motivated and find answers to your questions from other test takers and experts.

2. Make a study plan

If you’ve purchased CompTIA’s official study guide, start by reading it through it in its entirety to get an overview of everything you need to know for the exam and identify gaps in your knowledge. You should be able to do this in a few hours.

Next, determine how much of the material you already know about security technologies and create a study plan accordingly. You should consider the following:

  • How much time you can devote to studying each day/week
  • When you want to be certified

Students enrolled in our Cyber Security Career Track will have the chance to create a study plan early on in the course. This means that by the time you’re ready to prep for the CompTIA Security+ exam, you’ll mostly be reviewing material you already know. You’ll also receive a study guide outline similar to this one.

CompTIA recommends studying no more than one or two units per day. Expect to put in about 60 hours of study time before you sit for the exam, so you may want to pace yourself over the course of several weeks.

Studying each unit requires a close reading: taking notes, looking up terms you don’t know in a glossary, and then using review questions to test and reinforce what you’ve learned. If you don’t already have the recommended 24 months of experience prior to taking the exam or a Network+ certification from CompTIA (a recommended prerequisite) and you aren’t enrolled in Springboard’s cybersecurity course, you’ll need to compensate for it with extra study.

Once you’ve skim-read the entire study guide, you’re ready to start taking more detailed notes and preparing for the exam.

3. Study in bite-sized chunks

Download or print a copy of the certification objectives to organize your studies. Memorizing definitions and concepts is key to acing the multiple-choice questions, while the performance-based questions test your ability to relate concepts and solve problems. Keep these skills in mind as you study. . To break up the monotony and broaden your knowledge, use a mix of reading through the study guides, doing review questions, and watching videos.

Our course material includes a few non-CompTIA resources that come highly recommended on CompTIA Security+ platforms, such as videos on by Mike Chapple, an IT professional and associate professor at the University of Notre Dame, and free resources on Professor Messer.

In addition to the video-content included throughout our course experiences, supplement your study with other resources like flashcards, practice exams (more on that later), and virtual labs. A virtual lab is a simulated environment that incorporates cybersecurity vulnerabilities and defenses such as malware, databases, firewalls, encryption standards, and so on. Throughout your course experience at Springboard, you’ll work with virtual labs to build and test various security defenses.

You can use a system like VirtualBox to create your own virtual lab, where you can build and test various security defenses.

4. Become familiar with the exam domains

Create a list of domains and individual items to review within each domain. This should include key definitions, concepts, and diagrams. For example, under secure network design, make a list that includes subnetting, endpoint security, and network access control. Ensure you have mastered one domain before moving on to the next. As you progress through the exam objectives, many concepts will overlap, thereby speeding up your study process.

5. Prepare for the performance-based questions

Performance-based questions are more complex than multiple-choice questions and often take more time to solve. Managing your time wisely during the exam is the key to answering as many questions as you can. Remember that the simulated PBQ environment is not a live lab, so it may have restricted system functionality. Some former test-takers advise tackling the multiple-choice questions first and then coming back to the PBQs.

This way, you can devote the rest of your exam time to these questions rather than switching back and forth. There may be questions for which there is more than one way to get the right answer. In those cases, you’ll receive a correct score if the correct solution is achieved. There may be questions for which partial credit is offered, although CompTIA does not disclose which ones.

6. Take at least three practice exams

The most reliable resource for practice questions is the CompTIA website. While this yields a limited number of practice questions, you can also find mock exams online with a list of randomized questions or find quizzes by exam topic if you need to practice a specific domain, such as malware or social engineering.

Don’t expect to ace your first practice exam: use it as a baseline for what you already know. A recommended approach is to take a mock exam at least three times: the first time early in your studies to identify areas of weakness and set the direction for your training going forward. The second time to help you identify areas where you need to spend extra time. On the third try, aim to score 90% or higher, which means you’re ready for the real thing. Let the results of your final practice exam dictate your final review ahead of exam day.

Remember that the exam is timed, so once you’ve done several mock exams and built your confidence, start using a timer. Take sample tests over and over until you can comfortably score in the high 80s and 90s.

Finally, consider signing up for a free trial of CertMaster Practice. Developed by CompTIA, the online knowledge assessment tool is designed for the final stage of the learning process to help you identify and fill knowledge gaps. It includes a quick knowledge assessment, adaptive learning that reinforces existing knowledge, and personalized feedback.

Get To Know Other Cybersecurity Students

Dylan Wood

Dylan Wood

Cybersecurity Career Track Student at Springboard

Read Story

Ed Burke

Ed Burke

Cyber Security Career Track Student at Springboard

Read Story

Rafael Ayala

Rafael Ayala

Mergers And Acquisitions at Autodesk

Read Story

Sample CompTIA Security+ Questions

Joe, a security analyst, is asked by a coworker, “What is this AAA thing all about in the security world? Sounds like something I can use for my car.” Which of the following terms should Joe discuss in his response to his co-worker? (Select THREE).

A. Accounting

​B. Accountability

​C. Authorization

D. Authentication

E. Access

F. Agreement

A system administrator is configuring accounts on a newly established server. Which of the following characteristics BEST differentiates service accounts from other types of accounts?

A. They can often be restricted in privilege.

​B. They are meant for non-person entities.

​C. They require special permissions to OS files and folders.

D. They remain disabled in operations.

E. They do not allow passwords to be set.

Recently, a company has been facing an issue with shoulder surfing. Which of the following safeguards would help with this?

A. Screen filters

​B. Biometric authentication

​C. Smart cards

D. Video cameras

The process of presenting a user ID to a validating system is known as:

A. authorization.

​B. authentication.

​C. identification.

D. single sign-on.

An input field that is accepting more data than has been allocated for it in memory is an attribute of:

A. buffer overflow.

​B. memory leak.

​C. cross-site request forgery.

D. resource exhaustion.

Which of the following if used would BEST reduce the number of successful phishing attacks?

A. Two-factor authentication

​B. Application layer firewall

​C. Mantraps

D. User training

To see a sample of a PBQ, click here.

Since you’re here…
There are hundreds of thousands of vacant cybersecurity jobs, and one of them has your name on it. You can enter the industry in 6 months flat with our Cybersecurity Course. We’ve helped over 10,000 students make huge career changes with our fully flexible mentor-led bootcamps. Explore our free cybersecurity curriculum today to start your career switch story. 

Kindra Cooper

About Kindra Cooper

Kindra Cooper is a content writer at Springboard. She has worked as a journalist and content marketer in the US and Indonesia, covering everything from business and architecture to politics and the arts.