Successfully Passing CompTIA Security+ 601 Exam - Tips and Resources

   Exam Date: January 15, 2024

I am excited to share my journey and the strategies that led to my success in obtaining the CompTIA Security+ 601 certification. If you're gearing up for this challenging exam, here are the steps and resources that proved instrumental in my preparation:

Note - None of the practice papers I took were of the level of the actual exam. This caught me off guard since I wasn't expecting it.

1. Comprehensive Reading:

• Book Used: I relied on the Prowse CompTIA Security+ 601 edition and went through it thoroughly, reading it not once but twice.

2. Invaluable Free Resource:

• Professor Messer’s Online Tutorials: Undoubtedly the best free resource available, Professor Messer's tutorials provided me with a solid understanding of key concepts.

3. Targeted Practice:

• Practice Tests: I found the three practice tests from Professor Messer to be the closest match to the actual CompTIA Sec+ exam. They were essential for gauging my preparedness.

4. Effective Note-Taking:

• Personal Notes: I made detailed notes on every topic from the Pearson book. This hands-on approach significantly enhanced my learning and conceptual understanding.

5. Varied Practice Tests:

• Jason Dion’s Practice Papers: Although heavy on acronyms, Jason Dion's practice papers were valuable in honing my skills and preparing for the exam environment.

• Exam Premium and Exam Compass: I utilized the rich question banks from Exam Premium and Exam Compass for diverse practice scenarios.

Tips for Success:

1. Master Ports: While not always directly asked, knowing your ports is crucial, especially for Performance-Based Questions (PBQs).

2. Acronym Mastery: Learn and memorize acronyms as they can help eliminate incorrect options, aiding in educated guessing.

3. Focused Revision: Identify challenging topics and revise them daily. In my case, consistent revision of RAID and Radius topics proved beneficial.

4. Repeat Practice Tests: Don't hesitate to take practice tests multiple times. Your scores will improve gradually, and I recommend a 3-day gap if retaking the same test.

5. **Hashing Algorithms:** - MD-5 & NTLM: 128-bit - RIPEMD & SHA-1: 160-bit - SHA-2: 256-bit **Encryption Standards:** - RC4: Only stream cipher, not secure, 40-2048 bits key length. - DES: Data Encryption Standard, not secure, symmetric, 56-bit key length. - 3DES: Triple DES, not secure, 112-bit key length, symmetric. - AES: Advanced Encryption Standard, secure, key length of 128, 192, 256 bits, symmetric. - Blowfish: Block cipher, key length of 32 to 448 bits, no longer secure, symmetric. - Two Fish: Symmetric, block cipher, key length 128, 192, 256 bits, not secure. - RSA: Asymmetric, key length 1024-4096, secure if key is above 1028. - ECC: Elliptic Curve Cryptography, low computer power requirement, used in mobiles. - Diffie-Hellman: Asymmetric. **Secure Hash Algorithms:** - SHA and SHA1: 160-bit, no longer secure. - SHA2: Not secure. **Network Standards:** - 802.1x: Standard for port-based Network Access Control (NAC). - 802.11ac: Wi-Fi standard. **Directory Services:** - X.500: Defines directory services. - X.509: Defines the format of public-key certificates. **Important Port Numbers:** - 21: FTP (Insecure!) - 22: SSH/SCP/SFTP (Encrypted. Important!) - 23: Telnet (BAD! #closeport23. Boooo! Important!) - 25: SMTP (Email) - 53: DNS (Important!) - 69: TFTP - 80: HTTP (Bad! Insecure! Important!) - 88: Kerberos - 110: POP3 - 143: IMAP - 389: LDAP (Insecure! Important!) - 443: HTTPS (Encrypted HTTP. Important!) - 445: SMB - 514: Syslog - 636: LDAPS (Encrypted LDAP. Good. Important!) - 989/990: FTPS - 993: IMAP4 - 995: POP3 Encrypted - 3389: RDP (Very important) - 6514: Syslog (Encrypted Syslog)
   

I hope these insights and tips contribute to your success in the CompTIA Security+ 601 exam. Best of luck on your certification journey!

P.S- I do have my notes on me. In case you want the files, drop me a mail on hammazahmed40@gmail.com.

Thanks For Reading. :)