About an year of studying random security concepts and about six months of focused approach for the topics that come under the exam! That might appear too much to people who have appeared for and cleared the COMPTIA Security+ exam, but that’s how I approached this exam. For me, it wasn’t just about clearing the exam, I wanted to build a strong foundation of security concepts, to imbibe security into the way I think about IT.
I have cleared the COMPTIA Security+ exam with a score of 890 out of 900 (about 99%). The passing score for the exam is about 84%, which makes this exam a little difficult target despite the definition that it is a Security Basics exam.
I had to study various new concepts related to Access Controls, Cryptography, Malware and Attacks, Security Policies, Communications Security and so on. The (suggested) pre-requisite for the exam is a Network+ and A+ certification. I don’t have any of these and I am a Mechanical Engineering graduate. So, I had to dig into networking concepts first before touching security.
90 minutes, 100 questions – appeared a little tough. Infact after the pass percentage, this was looking as the next big challenge. But I was wrong. I completed the 100 question test (with marking) in 25 minutes. Along the process, I had marked 23 questions for review, for which I spent next 40 minutes. Getting 22 correct out the 23 marked questions was a pleasant surprise!
All in all, it was a good learning experience. I read a lot of security literature, visited several sites. Most of them were not directly related to the exam in that much detail e.g. assembly language, buffer overflow exploitation, dissassembling and debugging, web application security, Cross Site Scripting, Fuzzing etc. But reading these kept me interested in the exam (which is otherwise a theoratical concepts based exam) and in the process helped in learning much beyond the scope of the exam.
Some experts talk against certifications (especially in the testing world). I found appearing for this certification very challenging and the approach which I followed helped me learn a lot. This is in contradiction to the dumps-based-preparation approach which such experts talk of and assume when talking about certifications.
If interested, you can visit the COMPTIA Security+ site for more details about the exam.
Site Admin, Testing Perspective