People send me notes almost every day telling me that they’ve passed the Security+ exam using materials I’ve created. These are always a joy to read.
Every now and then I hear from people telling me that they dropped the exam.
What’s the difference between the two? Recently, a simple message has emerged. Preparation.
For example, people that are prepared can answer questions such as this one that we recently added to our online quiz banks.
Q. Your organization recently updated an online application employees use to log in when working from home. Employees enter their username and password into the application from their smartphone and the application logs their location using GPS. What type of authentication is being used?
A. One-factor
B. Dual-factor
C. Something you are
D. Somewhere you are
Can you answer it? Check out the answer and explanation at the end of this post.
Preparation
People that pass are prepared. That should be obvious to just about anyone.
What may not be obvious is how to prepare. The following steps show one path many people take when preparing for the Security+ exam.
- Review the objectives. You can download the objectives from the CompTIA site or look at the beginning of a study guide such as the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide.
- Learn the material related to the objectives. The best way to do this is to get a study guide that covers all the objectives and read it. When looking for a study guide, it’s often valuable to see what others are saying about it, such as on Amazon reviews. Some people are able to learn the objectives on their own with website searches, but this isn’t as common.
- Take practice questions. A key step when preparing for any certification exam is to make sure you can answer the exam questions. Yes, you need the knowledge but you also need the ability to read a question and select the correct answer. This often takes practice. When using practice test questions, ensure they have explanations.
- Read and understand the explanations. When preparing, you should ensure you know why the correct answers are correct and why the incorrect answers are incorrect. This will help you accurately interpret the questions on the live exam, and answer them correctly. The explanations provide this information and are worded to help you answer similar questions correctly.
Use All of the Materials
It’s also important to use all the materials you have available to you.
People that fail often haven’t taken the time to ensure they are prepared. Sometimes, they simply don’t study the materials they have.
As an example, I recently received the following email.
“I took the test this morning. I was scoring 90% on your online test but only scored a 730 on the test. Not sure when the last time you updated the questions but it was only about 40% close the the actual questions on he test. I’m gonna study for another month and try it again… :-(“
On the surface, it sounds like this person did take the steps to prepare. However, looking at his online scores, here’s what I saw:
Note that the quiz history only recorded three quizzes, each taken only once, and not a single one had a passing score.
Admittedly, some of the legacy online quizzes aren’t recorded so he might have been getting over 90% on some of the quizzes. However, he didn’t take all of the quizzes, missing the 32 performance-based questions in Set 10, and the 40 multiple-choice questions in the Extras quiz bank.
In my feedback, I encouraged him to check out this FAQ:
“Am I Ready?”
Among other things, the FAQ encourages people to use all the materials so that they see questions such as the following question that we recently added.
So, can you answer this question?
Q. Your organization recently updated an online application employees use to log in when working from home. Employees enter their username and password into the application from their smartphone and the application logs their location using GPS. What type of authentication is being used?
A. One-factor
B. Dual-factor
C. Something you are
D. Somewhere you are
If you weren’t prepared, you might jump on GPS and think this has something to do with somewhere you are or dual-factor authentication. However, if you are prepared, you know how to dissect the question and get the correct answer.
A is correct. This is using one-factor authentication – something you know. The application uses your username for identification and your password for authentication. Note that even though the application is logging your location using Global Positioning System (GPS), there isn’t any indication that it is using this information for authentication. It could simply be using it for auditing purposes.
B is incorrect. Dual-factor authentication requires another factor of authentication. If the application verified you were logging in from a specific GPS location, it would be dual-factor authentication (something you know and somewhere you are).
C is incorrect. Something you are refers to biometric authentication methods.
D is incorrect. The somewhere you are authentication method verifies you are somewhere such as in a specific GPS location, using an IP address from a specific location, or using a specific computer.
Hi Sir,
I am new to certifications and planning to give for CISSP. what is the right path for preparing CISSP Exam.Also is it good to start with CompTIA+ certification instead of CISSP.Please do suggest.
Here’s another blog post you can check out:
https://blogs.getcertifiedgetahead.com/what-is-the-best-security-certification-path/
I passed, BTW. Barely, with a 766, but a pass none the less.
Congratulations on the pass.
Good luck on your next adventure.