Chapter 19. Taking the Real Exam

Now you’ve done it! You’ve accessed the final chapter. We are at the final countdown! This chapter shows you how to go about taking the exam. Then it goes over some tips and tricks I have used over the years that have helped me to pass multiple certification exams. Finally, we discuss some of the possible future avenues that can lead you to a career in IT security.

To acquire your Security+ certification, you need to pass the SY0-501 exam. This exam consists of multiple-choice and performance-based questions. The exam is administered by Pearson VUE. You need to register with that test agency in order to take the exam. To do so, go to the following link: http://www.pearsonvue.com/comptia/.

CompTIA uses a somewhat unorthodox grading scale, so it can be difficult to estimate what percentage of questions you need to get correct to pass the exam. To be safe, the best bet is to attempt to know as much as possible and shoot for 90% correct or higher when taking the practice exams provided with this book.

It is important to be fully prepared for the exam, so I created a checklist that you can use to make sure you have covered all the bases. The checklist is shown in Table 19-1. It assumes that you have read this entire book up to this point.

Place a check in the status column as each item is completed. Historically, my readers and students have benefited greatly from this type of checklist.

Table 19-2 gives a partial example of a cheat sheet that you can create to aid in your studies. For example, the first row shows common ports. Add information that you think is important or difficult to memorize. Keep the descriptions short and to the point. A few examples are listed in the table.

^* Continue Table 19-2 in this fashion on paper. The idea is to write down various technologies, processes, step-by-step tasks, and so on to commit them to memory.

The exam is conducted on a computer and has two types of questions. The bulk of the exam consists of multiple-choice questions, where you select one or more correct answers from a list of possibilities. However, there are also some performance-based questions. These might ask you to drag and drop correct answers into their respective slots, or they might ask you to complete a simulation, either within the operating system, in the command-line, or otherwise. This is where your hands-on knowledge is tested. But it shouldn’t matter what type of question you receive; if you have studied this book in its entirety, you should be ready for just about anything.

Note that you have the option to skip questions. If you do so, be sure to “flag” or “mark” them before moving on. Feel free to mark any other questions that you have answered but are not completely sure about, or any questions that you think are taking you too long to answer. When you get to the end of the exam, there will be an item review section, which shows you any questions that you did not answer and any that you marked. Though you should try to avoid marking many items and skipping around, sometimes it is unavoidable and can save time in the long run if a question is overly difficult. A good rule of thumb is to keep the marked questions between 10% and 20%. Just be sure to allow some time at the end of the exam to finish up those marked questions!

The following list includes tips and tricks that I have learned over the years when it comes to taking exams. By utilizing these points, you can easily increase your score.

First, let’s talk about some good general practices for taking exams:

Pick a good time for the exam: It would appear that the least amount of people are at test centers on Monday and Friday mornings. Consider scheduling during these times. Otherwise, schedule a time that works well for you, when you don’t have to worry about anything else. Keep in mind that Saturdays can be busy.

Don’t over study the day before the exam: Some people like to study hard the day before; some don’t. My recommendation is to study off the cheat sheet you created, but in general, don’t overdo it. It’s not a good idea to go into overload the day before the exam.

Get a good night’s rest: A good night’s sleep (7 hours to 9 hours) before the day of the exam is probably the best way to get your mind ready for an exam.

Eat a decent breakfast: Eating is good! Breakfast is number two when it comes to getting your mind ready for an exam, especially if it is a morning exam. Just watch out for the coffee and tea. Too much caffeine for a person who is not used to it can be detrimental to the thinking process.

Show up early: Both testing agencies recommend that you show up 30 minutes prior to your scheduled exam time. This is important; give yourself plenty of time, and make sure you know where you are going. You don’t want to have to worry about getting lost or being late. (If it is the first time going to the testing center, consider a test drive a couple days before.) Stress and fear are mind killers. Work on reducing any types of stress the day of and the day before the exam. By the way, you really do need extra time, because when you get to the testing center, you need to show ID, sign forms, get your personal belongings situated, and be escorted to your seat. Have two forms of ID (one, a photo ID, both signed) ready for the administrator of the test center. Turn your phone off when you get to the test center; they’ll check that, too.

Bring ear plugs: You never know when you will get a loud testing center—or worse yet, a loud test taker next to you. Ear plugs help to block out any unwanted noise that might show up. Just be ready to show your ear plugs to the test administrator.

Brainstorm before starting the exam: Write down as much as you can remember from the cheat sheet before starting the exam. The testing center is obligated to give you something to write on; make use of it! By getting all the memorization out of your head and on “paper” first, it clears the brain somewhat so that it can tackle the questions. I put “paper” in quotation marks because it might not be paper; it could be a mini dry-erase board or something similar.

Take small breaks while taking the exam: Exams can be brutal. You have to answer up to 100 questions while staring at a screen for an hour or more. Sometimes these screens are old and have seen better days; these older flickering monitors can cause a strain on your eyes. I recommend small breaks and breathing techniques. For example, after going through every 25 questions or so, close your eyes, and slowly take a few deep breaths, holding each one for 5 seconds or so, and releasing each one slowly. Think about nothing while doing so. Remove the test from your mind during these breaks. It takes only half a minute but can really help to get your brain refocused.

Be confident: You have studied hard, gone through the practice exams, created your cheat sheet—done everything you can to prep. These things alone should build confidence. But really, you just have to be confident. You are great...I am great...there is no disputing this!

Now let’s talk about some methods to use when faced with difficult questions:

Use the process of elimination: If you are not sure about an answer, first eliminate any answers that are definitely incorrect. You might be surprised how often this works. This is one of the reasons why it is recommended that you not only know the correct answers to the practice exams’ questions, but also know why the wrong answers are wrong. The testing center should give you something to write on; use it by writing down the letters of the answers that are incorrect to keep track.

Be logical in the face of adversity: The most difficult questions are when two answers appear to be correct, even though the test question requires you to select only one answer. Real exams do not rely on “trick” questions. Sometimes you need to slow down, think logically, and really compare the two possible correct answers.

Use your gut instinct: Sometimes a person taking a test just doesn’t know the answer; it happens to everyone. If you have read through the question and all the answers and used the process of elimination, sometimes the gut instinct is all you have left. In some scenarios you might read a question and instinctively know the answer, even if you can’t explain why. Tap into this ability. Some test takers write down their gut instinct answer before delving into the question and then compare their thoughtful answer with their gut instinct answer.

Don’t let one question beat you!: Don’t let yourself get stuck on any one question (especially the performance-based variety). Mark it, move on to the next question, and return to it later. When you spend too much time on one question, the brain gets sluggish. The thing is, with these exams you either know it or you don’t. And don’t worry too much about it; chances are you are not going to get a perfect score. Remember that the goal is only to pass the exam; how many answers you get right after that is irrelevant. If you have gone through this book thoroughly, you should be well prepared, and you should have plenty of time to go through all the exam questions with time to spare to return to the ones you skipped and marked.

If all else fails, guess: Remember that the exams might not be perfect. A question might seem confusing or appear not to make sense. Leave questions like this until the end, and when you have gone through all the other techniques mentioned, make an educated, logical guess. Try to imagine what the test is after, and why they would be bringing up this topic, vague or strange as it might appear.

And when you finish:

Review all your answers: Use the time allotted to you to review the answers. Chances are you will have time left over at the end, so use it wisely! Make sure that everything you have marked has a proper answer that makes sense to you. But try not to overthink! Give it your best shot and be confident in your answers.

Information Technology (IT) people need to keep learning to foster good growth in the field. Consider additional college courses (or even degrees). Contemplate taking other certification exams after you complete the Security+. The CompTIA Security+ certification acts as a springboard to other certifications. For example, you might choose to go for other more difficult non-vendor certifications such as the CISSP or the CEH. And, of course, there are vendor-specific certifications from Microsoft, Cisco, Check Point, and many others. Now that you know exactly how to go about passing a security-based certification exam, consider more certifications to bolster your resume, and maybe even a computer security degree. Most importantly, keep learning and practicing in a hands-on manner. Experience is the most important element of a resume.

The best advice I can give is to do what you love. From an IT perspective, I usually break that down by technology or concept, as opposed to by the vendor. Products and vendors come and go. Knowledge of a particular device or a distinct program can be fleeting. But skill sets that are based on conceptual technology will have more value in the long-term. Whatever segment (or segments) of security you decide to pursue, learn as much as you can about that field(s) and all its vendors. Read up on the latest technologies, visit security websites, read security periodicals, and keep in touch with fellow security people. Consider security conferences and seminars and ongoing training. Taking it to the next level, you might decide that there is a specific security threat that you would like to address. Who knows, in the future you might be interested in developing a security application or a secure hardware device. My advice is this: Good engineering can usually defy malicious individuals; the better you plan your security product, the less chance of its being compromised.

Whatever you decide, I wish you the best of luck in your IT career endeavors. And remember that I am available to answer any of your questions about this book via my website: www.davidlprowse.com.

David L. Prowse