Reddit reviews CompTIA Security+ Study Guide: SY0-401

Personal recommendation, don't shoot for certifications with only Messer's videos and quick notes/questions. You might be able to pass the exam like that but more than likely you're going to be under prepared. Especially important for Network+ and Security+, as if something goes wrong it can cost a lot of money to the company. The in depth books are boring and will take a while, but it will teach you a lot more than studying the questions will.


Personally, when i study I use the 2-2-2 method. 2 Books, 2 Supplemental sources (Videos, tutorials, labs), and 2 Practice tests. Two books to make sure that if one author didn't cover a subject in detail well enough, or if I don't understand them, the other one mostly likely will cover it well enough. The other 2 would be other sources to learn from. I would watch videos on Wardriving, networking centers, data centers, etc. to get an idea of how everything looks in a real world deployment. Network+ won't teach you what to really expect to see in a MDF/IDF. CBTNuggets gets recommended a lot, but I usually use pluralsight. And 2 Practice exams, which I have to constantly get over 80% on them.


Todd Lammle's Network+ book is amazing, highly recommended


Mike Meyer's Book is also a good read.


As far as Security+ goes...


Favorite Security+ Material I've read. Super in depth and organizes topics very well.


Better than nothing for Sec+. After reading this book I did not review it again until right before the exam. Barely touches on a lot of subjects and missed quite a bit compared to the other book.

I used this book and the CompTia Certmaster. I got the certmaster because I think I bought a second shot for exam retakes. I read the book and then did the certmaster for a month until I took the exam.

https://www.amazon.com/gp/product/1118875079/ref=oh_aui_detailpage_o05_s00?ie=UTF8&psc=1

I just took the exam this morning and had two sims. I say don't worry about it too much, as it was pretty basic actually. Make sure you do them last as they require a considerable amount of time.

My main book was Sybex Security+ Study Guide by Dulaney and Easttom. I read it cover to cover. The content was comprehensive, but in my opinion, it lacks the exam preparation. It has chapter tests, and downloadable files that consist of flashcard and two sample exams, but no sims.

Going back to my sims: In the first one, I had to configure ACLs; and the other one, I had to setup multifactor authentication. If you memorize the ports, at least the commonly used ones (eg. FTP, TFTP, SSH, SCP, LDAP, etc.) and know how to read IP addresses, you'll be fine.

I haven't read Gibson's book, but I read its preparation format is close to actual exam. I wish I had that material; my guess is I would have scored higher than what I got this morning.

Good luck!

Let me start by telling you that InfoSec jobs are in-demand now more than ever and that's not likely to change as more and more of the world are starting to use computers, computers continue advancing, etc. So, barring any sort of impending dark ages and assuming you're putting enough effort into your education and continuing education, you should be able to work your way up without too much trouble. Focus on getting your foot in the door and be professional.

 

Now then, I'm currently an Information Security Analyst in the US, so this information may be completely irrelevant to you out there in NZ. I initially only graduated with an Associate's (2-year) in Information Security & Computer Forensics. I managed to get my job before I had even graduated as I worked hard in school (a stressful amount, really) and knew how to conduct myself in a professional manner. They actually paid for my certifications, and a lot of companies out there will as well. Here's the tiered structure we followed - all InfoSec related certifications:

 

Within the first 6 months, we are sent to training to obtain our CompTIA Security+ certification. This is roughly a 1-hour, multiple choice test and you need at least an 80% to pass. I would recommend any of these three books to study from:

This is the book that my company had provided me to study from

This is the book my friend had given me. Both her and I studied from this and passed successfully

This is the book we are currently learning from in my Bachelor's program

Take your pick, they'll all achieve the same essentials, mostly. I am awful at studying and mainly just crammed the few topics I wasn't sure about in the night/morning before my test and passed with an 86%.

 

Next, we're sent to get our GSEC, which is the GIAC Security Essentials Certification. The Security+ focuses on several main topics and gets in-depth with the information, whereas GSEC covers a wide span of topics but doesn't get very in-depth. This test takes about 5 hours to complete also, compared to the 45 minutes that it took to take the Security+. It's important to note that the GSEC, while 5 hours long, is open-book. My company sent me to a training class that provided 6 different books to cover any topic on the GSEC, however you also need an index. The books themselves don't have a table-of-contents, so you need to make an index yourself that covers just about every topic on every page. In my case, a coworker sent me his that he had used, and it turns out it was out of date so not a single page was correct. Much to my own surprise, I passed with an 82% (the minimum passing score is 74%) so while the index/books are important - they're not completely necessary as long as you paid attention in your classes. It should also be noted that I did not actually study for this. Most of it was just common-sense stuff like "Which of the following does an Intrusion Prevention Device do?" and knowledge that I had obtained from school/work.

 

After GSEC is the GCIH, or, GIAC Certified Incident Handler. I haven't taken this yet, nor the next one, so I can't speak to their difficulty or process, but I've been told by other analysts it's roughly the same as GSEC, just different information and more hands-on like capture the flag runs.

 

Finally, after GCIH, we are sent to get our GCIA, or, GIAC Certified Intrusion Analyst. Same with GCIH, I have not been sent to obtain this cert just yet, but I can only imagine it's somewhat similar to the last 2 as they follow GIAC's tiered structure.

 

So TLDR - as a current InfoSec Analyst - the recommended certs are Security+, GSEC, GCIH, and GCIA. There are many more certs out there, though, these are just the ones my company values currently.

 

Good luck!

Studying is MOSTLY FREE. Cannot provide cheating test sites here. Go to the CompTIA website to get the actual test exam outline - print that out please, and supplement with these videos from Professor Messer $FREE and you will need to jot down notes as you go. This is not enough to pass the test(s). You'll also need to get an official study guide book $20 as reading material to go into the details. Coupled with taking notes during the videos and fleshing out the outline from CompTIA you should hit all the possible ways to study. CompTIA offers this $free trial through one of their partners. I also like Mike Meyer's writing style $31 as an alternative.

I have CompTIA Network +, Security +, and Apple OSx Certified Support Professional.

Best way to get them is just to study by purchasing the books.

[Network +] (https://www.amazon.com/CompTIA-Network-Study-Guide-Authorized/dp/1119021243/ref=sr_1_2?s=books&ie=UTF8&qid=1473465885&sr=1-2&keywords=network+%2B)

Security +

ACSP

You can schedule the CompTIA certifications here

You can schedule the Apple certifications [here] (http://training.apple.com/)

You only really need Security + to get a DoD job, however, the most certs you have, the better you look in the eyes of potential employers. Most people I've worked with have never touched a Mac, but support clientele that work on Macs, so having a Mac cert is a big plus, but not at all required.

If you get a Sec+, and have a decent understanding of computers and troubleshooting, you'll find a nice entry level job normally working Helpdesk.

A study guide should be more than enough.
https://www.amazon.co.uk/gp/product/1118875079/ref=pd_sbs_14_t_1?ie=UTF8&psc=1&refRID=FJ778RBW4HCTJN0TG0Y8

How long did it take you to study? and what materials did you use?

I currently have the exam cram security+ book, and just recently ordered the symbex book alongside it. I learned from people that took the CCNA that multiple sources are a good thing but don't go overboard, a cert only lasts for a few years and you'll need to take it again with more up to date literature. Congratulations.

Before the test I'd suggest picking up a copy of CompTIA Security+ Study Guide: SY0-401, to see what you aren't familiar with. To pass the 401, I read the book in it's entirety once, then went over every test question in this book, CompTIA Security+ Certification Practice Exams, Second Edition (Exam SY0-401) (Certification Press) Kindle Edition.

I flew through the multiple choice section of the 401 with no problems. The labs were a pain, but that's due to how they were designed, not due to lack of knowledge or studying. In my opinion, they were presented poorly, the instructions were hard to follow and never followed the same structure from one to the next. However, since the practice exam book prepped me for the multiple choice, I had plenty of time to go back and decipher the labs (my lab questions were in the beginning, I think I had 5 or 6 of them).

Links to the books from above:
http://www.amazon.com/CompTIA-Security-Study-Guide-SY0-401/dp/1118875079/ref=cm_cr_pr_product_top?ie=UTF8

http://www.amazon.com/CompTIA-Security-Certification-Practice-Edition-ebook/dp/B00IZX3XYY/ref=cm_cr_pr_product_top?ie=UTF8

https://www.amazon.com/CompTIA-Security-Study-Guide-SY0-401/dp/1118875079

I need to schedule my exam, but I have used the following study materials.

Of course Profesor Messer's videos.
CompTIA Security+ Study Guide: SY0-401, 6th Edition
CompTIA Security+ Certification Practice Exams, Second Edition (Exam SY0-401),

Sure thing, the Comptia certs do cost some money, I know some high schools/community colleges have reimbursement programs for them so that may be looking into in your local area. As far as study material I used these: A+, Security+, Linux+. PDF's of these books can be found online from various sources as well.

For exam practice I used a VCE exam player application and whichever vce file had the best rating per exam from examcollection. Hope that helps!