The Security+ exam is an essential stepping stone along any IT security career path. According to CompTIA, the company behind Security+ certification, “Security+ is the certification globally trusted to validate foundational, vendor-neutral IT security knowledge and skills. As a benchmark for best practices in IT security, this certification covers the essential principles for network security and risk management, making it an important stepping stone of an IT security career.”

Security+ is an entry-level credential, designed for those with minimal experience in the infosec world. It’s also only a “stepping stone” for your IT career, meaning if you want to earn more and take on greater responsibilities, you’ll need to earn higher certifications.

Of course, the first step is to earn your Security+ credentials. Here are some important things to know before you sign up for the exam.

What’s the Goal of the Security+ Exam?

The goal of the Security+ exam is to prove to employers you have the skills, knowledge and expertise necessary to handle basic information security requirements and concerns. CompTIA states that the exam “covers network security, compliance and operation security, threats and vulnerabilities, as well as application, data and host security. Also included are access control, identity management and cryptography.”

Security+ SYO-401 vs. SYO-501

It’s important to realize the version of the Security+ exam discussed in this article was updated in 2014, and is called SYO-401. Due to the rapid evolution of the infosec world, including emerging threats, new technologies and more, the exam will be updated in late 2017, and will be rebranded as SYO-501.

While SYO-401 will eventually be retired, there will be a brief period during which both SYO-401 and SYO-501 are in use. SYO-501 will debut in October 2017, and SYO-401 will officially retire at the beginning of 2018, with the English version being the last to retire in July 2018.

What Is the Security+ Exam Schedule, Duration & Format?

The format of the Security+ exam is much like other standardized tests, as it entails multiple-choice, multiple-response and fill-in-the-blank questions. During this part of the exam, you will see a clock indicating how much time you have left. However, a key part of the exam also contains performance-based questions, or PBQs, that require you to make split-second decisions in a simulated environment. These occur at the beginning of the test and you will not be able to see the timer.

Therefore, it’s important to manage your time wisely. You can either skip a question you don’t know or do some work on it, click the “done” box, then mark it for later review. At the end of the test, you will be able to return to flagged questions before your final submission.

We’ve included a couple Security+ example questions to help you better understand the format and what will be required of you. These questions do not actually appear on the exam itself, but are designed for practice:

  1. Software or hardware responsible for checking information coming from the Internet and, depending on the applied configuration settings, either blocks it or allows it to pass through is called:
    1. Antivirus
    2. Firewall
    3. Antispyware
    4. Malware
  2. What do you call a device that forwards data packets between networks?
    1. Layer 2 switch
    2. Active hub
    3. Content filter
    4. Router
  3. This is an example of a performance-based question and is drawn directly from CompTIA’s website. In the live question, you must navigate through the screen to achieve the goals stated in the question:

Scheduling & Taking the Security+ Exam

If you live in the United States or Canada, you can choose to take the Security+ online exam. It is available 24/7 and requires a PC or Mac, camera and Adobe Flash. If you are in another country, or would prefer to take the exam in person, you can find the nearest Pearson VUE Testing Center and schedule an exam.

On the day of the exam, you are not allowed to bring any laptops, computers or tablets. You will be asked for two forms of identification and are required to leave devices like smartphones and watches outside of the testing area. During the test, you will have access to an online calculator.

There are six domains covered, each of which accounts for a specific percentage of your overall score:

  • Network security (20%)
  • Compliance and operational security (18%)
  • Threats and vulnerabilities (20%)
  • Application, data and host security (15%)
  • Access control and identity management (15%)
  • Cryptography (12%)

Note that the domains themselves and the percentage of the score they cover are subject to change in SYO-501, as CompTIA has not released this information at of the time of this writing.

You can schedule your exam, register to take the exam and find a testing center near you through the CompTIA website.

Acceptable Forms of ID

You are required to provide proof of identification on the day of your Security+ exam. This applies whether you are testing online remotely, or taking part in an in-person testing event at a Pearson VVUE Testing Center. Acceptable forms of ID include the following:

  • Valid state-issued driver’s license
  • Valid state-issued ID card
  • Valid passport
  • Valid green card or resident card
  • Valid military ID

Note that your Social Security card is not considered a valid form of identification, and any expired ID will be automatically rejected. If you must be excused at any point during the exam, your ID will need to be verified once more before you’re allowed back into the testing area.

How Many Questions Are on the Security+ Exam?

There are 90 questions in the exam and they are mixed between multiple-choice and performance-based questions. The number of questions that will appear on the SYO-501 exam has yet to be determined, but the new test will debut in late 2017.

How Long Do You Have to Take the Security+ Exam?

You have 90 minutes to take the Security+ exam. This means you have less than one minute per question. As with the number of questions, the duration of the SYO-501 Security+ exam has yet to be determined.

If you do not complete the test in the time allotted, and you do not score a passing grade because of unanswered questions, the result will be the same as if you failed the test due to inaccurate answers. You will be required to reschedule, pay your registration fee again and retake the test.

How Is the Exam Scored? What Score Do You Need to Pass?

The exam is graded on a scale from 100 to 900, with a minimum of 750 to pass. Any score less than 750 is considered a failing grade. The passing rate for SYO-501 has not yet been determined.

How Will I Know If I Passed? What Happens If I Fail?

Immediately after the exam, your score will appear on the screen as well as instructions for keeping your report emailed to you. If you’ve passed, congratulations!

If you fail the test, don’t despair. Your report will show you the areas you need to focus on. If this is your first failure, you can retake the test at your earliest convenience. In fact, CompTIA will allow you to retake the test after your second failure without any need to wait. However, if you need to take the test a third time (or more), you’ll need to wait at least 14 calendar days from the previous attempt.

What’s the Cost of Taking the Security+ Exam?

The price for taking the CompTIA Security+ exam varies depending on your location. For instance, in the United States, it is $320 per person, per attempt. In Great Britain, the cost is 201 GBP. In Japan, it will cost you 33,950 yen. In “emerging markets” the cost of the exam is only $179, but CompTIA does not explain their definition of what constitutes an emerging market on the company’s website.

Every test attempt requires that you pay full price once more. For instance, if you fail the test and have to retake it a second time, you’ll pay the full price for the second attempt, while also forfeiting the cost of the first attempt. This applies to every attempt and also applies to rescheduling and cancellations, unless the request for rescheduling or cancellation is made within 24 hours of the testing date.

Are There Any Prerequisites to Taking the Security+ Exam?

CompTIA, the company behind the Security+ exam, doesn’t have any official prerequisites. However, they suggest preparing for the exam with their Network+ certification, as well as two years of experience in IT administration with a security focus.

What Are CompTIA’s Certification Exam Rescheduling, Late Arrival & Cancellation Policies?

CompTIA complies with all local disability regulations to give as many people access to their tests as possible; requests are handled through service provider Pearson VUE. Citizens of a particular country are allowed to take Security+ exams within that country but, if a non-citizen wants to take the exam, they must first receive permission from CompTIA.

CompTIA does not allow for advance review of the Security+ exam. If there are any questions or concerns after the exam, you must submit a ticket which will then be reviewed. CompTIA does not respond directly to individual requests.

CompTIA manages the integrity of its Security+ exam by continually monitoring the performance and outcomes of exams. Occasionally, due to a variety of factors, an exam outcome will be classified as indeterminate and the candidate will not be given a certificate but will be allowed to retake the exam free of charge. If it is determined that the candidate breached their conduct policy, additional actions will be taken as outlined in the Candidate Agreement. To further ensure integrity and prevent cheating, all Security+ candidates must bring valid photo identification and must also be photographed at the test site; failure to do so will bar you from taking the test.

If you need to cancel or reschedule your Security+ exam date, you must give 24 hours’ notice (ADA applicants must give three days); otherwise, you will forfeit your fees.

Exam questions and passing rates are subject to change without notice.

InfoSec Institute’s Security+ Exam Resources

Feeling overwhelmed? Don’t be. Security+ is a demanding exam but, with proper preparation, it will be remarkably easy to pass. This is where InfoSec Institute comes in. We have a whole section of free resources, including articles, ebooks and white papers, covering essential security concepts you need to know.

If you’re ready to start prepping right now, jump into one of our Security+ Boot Camps which has a 95% pass rate, the highest in the industry. Don’t fall behind in your career goals, get Security+ certified today!

Sources:

https://certification.comptia.org/testing/test-policies/comptia-certification-retake-policy

http://www.tomsitpro.com/articles/information-security-certifications,2-205-2.html

https://certification.comptia.org/certifications/security

http://www.examcompass.com/comptia-security-plus-practice-test-1-exam-sy0-401

https://certification.comptia.org/testing/schedule-exam

https://certification.comptia.org/modules/performancetesting/#/

https://www.comptiastore.com/?ProductCode=comptias&utm_source=CertificationWebsite&utm_campaign=BuyNowButtons&utm_medium=Website&utm_term=SecurityPlusEPButton&mkto=aWRfbWt0bz0xMTItSElMLTQ5MiZ0b2tlbl9ta3RvPV9tY2gtY29tcHRpYS5vcmctMTUwMzQ5MTM2OTQzNy01NjY3OA

Be Safe

Section Guide

Stephen
Moramarco

View more articles from Stephen

Earn your Sec+ the first time with InfoSec Institute and pass your exam, GUARANTEED!

Section Guide

Stephen
Moramarco

View more articles from Stephen