## background This way my first industry certification. I took this exam with a little under a year of general IT experience while enrolled in University. I studied for this exam for about a month and a half. For anyone already in the industry looking to beef up their resume, you will probably not have to study as long as I did. ## my_experience I started off as probably most people did, purchasing Darril Gibson's "CompTIA Security+ Get Certified Get Ahead" study guide from Amazon. This seems to be the holy grail of Security+ study material, as nearly everyone I know with Security+ used this book as their main source of study material. If you are not a reader and learn better visually or audibly, I HIGHLY recommend Professor Messer's Security+ SY0-501 certification playlist. It is completely free and available on YouTube to watch. I recommend using both to supplement your studies. First, I read the entire Gibson book, front to back once. I then watched all of Professor Messer's videos while taking light notes, both taking me around two weeks. After watching all of Messer's videos, I read through Darril Gibson's book once more, but with a focus on the objectives that I was weaker on and wanted to understand better. I did go on a highlighting rampage throughout my book, which helped whenever I eventually skimmed through the book a final time right before the exam. I would also listen to Messer's videos while driving to and from work, while making food, while on lunch, etc. in order to keep the information fresh and in my mind. After around a month of continuous studying, I scheduled my exam 2 weeks in advance for cushion. In that time, I watched Messer's videos again, skimmed through Darril Gibson's book, took a few practice tests available online, practiced memorization using a few Quizlet flashcard sets, and anxiously waited. Exam day came around, and I entered the testing center as nervous as one can be before taking their first CompTIA exam. I used up the entire hour and a half, going back through my answers multiple times, even changing a few at the last second. The survey screen hit, and to be completely honest, I was sure I had failed. After finishing the survey however, I was met with complete and utter elation at the fact I had somehow managed to pass with a 779/750. Not the greatest score, but I was just happy to have my anxiety finally dissipate. ## recommendations - Memorization. This is important however do NOT rely on memorization alone, as this isn't a simple "What service runs on Port 22 ?" type test. You will be expected to use everything you have memorized to answer various scenario-based questions where you will fill the role of a security expert. - Know every single type of malware and attack in the objectives as you will be expected to know the differences between them. You will be expected to know what type of attack is occurring based off of a device log or a scenario. - Know your cryptography. Know what the difference between hashing and encryption is. Know which algorithms and protocols are deprecated.  - Understand access control schemes. For example, make sure you know how how to differentiate between MAC and ABAC access control schemes. - Know your authentication protocols! This is very important as you will be expected to know what authentication protocol is preferred in a scenario. Know which protocol should be used in a given situation. - I recommend taking Network+ before Security+ as it will teach you the basics of network security and encryption, however it is not necessary.  - Exam objectives! ## links https://a.co/d/fYlxcRT https://www.youtube.com/watch?v=KiEptGbnEBc&list=PLG49S3nxzAnl4QDVqK-hOnoqcSKEIDDuv https://assets.ctfassets.net/82ripq7fjls2/6TYWUym0Nudqa8nGEnegjG/0f9b974d3b1837fe85ab8e6553f4d623/CompTIA-Security-Plus-SY0-701-Exam-Objectives.pdf