CompTIA Security+

Security+: Studying for the exam [updated 2021]

Daniel Brecht
January 25, 2021 by
Daniel Brecht

So, you’d like to become a computer security professional? Entering the field requires a combination of in-depth theoretical knowledge and practical skills: both are important to demonstrate, especially when applying for new jobs and higher positions. This is because roles entail the identification, analysis and addressing of security events or incidents (threats, attacks and vulnerabilities). 

Having a certification in the field can aid IT practitioners in proving their worth and well-roundedness to future employers. A particularly sought-after credential is the CompTIA Security+, a vendor-neutral program that covers essential principles in network security, risk management, data protection and breach prevention. Passing the Security+ exam and being certified demonstrates the technical know-how, hands-on experience and ability to perform core security functions in preventing cyberattacks.

The newest version of CompTIA Security+ (SY0-601), launched on November 12, 2020, tests on a wide range of IT security topics essential to master when jump-starting a career in this field or when interested in advancing in the sector. It features a maximum of 90 multiple choice and performance-based questions with 90 minutes to complete it. The passing score is 750 (on a scale of 100-900) and the exam costs $370.

How can a professional get ready to take and pass this exam? Which resources are available, and how long will it take to best prepare to face this challenge?

What's the best way to prep for the Security+ exam and how long will it take?

Having opted to pursue the CompTIA Security+ certification, you may now wonder if there is a best way to prepare for it. Preparation depends heavily on the learner’s particular learning style, professional background and schedule, as CompTIA notes on its training site.

Consumed professionals that just wish to fine-tune their knowledge on particular subjects might prefer a self-study approach to have the freedom to deepen their understanding only of needed topics. Beginner infosec professionals or IT practitioners that need a more structured approach could explore courses and practice modules from reputable computer-related schools.

People learn in many different ways, so it is up to the learners to choose the method that can help them get started to become certified. The first decision they need to make is whether to attend courses online or in traditional settings. Both options have pros and cons. 

A traditional setting affords students the comfort of having a facilitator at their disposal that can guide them through mastering the material and answer any questions and dispel any doubts on the spot. In-class training, however, can be demanding for a professional who already has a busy day schedule. 

Online courses (asynchronous options especially) afford the flexibility that many employed professionals need to fit learning in their schedule but require more self-discipline on the part of the students not to fall behind and need a stronger degree of independence during the learning process. Instructors are normally available but might be located anywhere in the world and at different time zones, so questions and doubts are not always addressed timely. The best method is always the one that matches the availability, needs and learning style of the student.

Many professionals also wonder how long it will take them to prepare to take the test. It’s a difficult question to answer, as too many factors come into play. The length of time necessary to train to pass the Security+ test depends on the background and previous knowledge of the student, the method chosen (formal class or self-study) and how much time can be dedicated weekly to preparation. 

A review of several certification-related forums reveals that students with prior knowledge take normally no longer than a month to fine-tune their preparation. Beginners with not much of an IT background will need the time to review all areas covered and therefore might take a few months to master the material effectively. A few preparation hints and test-taking tips can be picked up on a forum where members of the CompTIA Instructor Network (CIN), a worldwide community for instructors who provide CompTIA certification training, share their expert opinion with potential test-takers. 

What are the best training resources available?

CompTIA itself provides its own learning tool, the CertMaster Learn for Security+, to help students identify knowledge gaps and help them master the material. Practice questions are available too for knowledge assessment on targeted security topics, and labs help to learn by doing. On the official website, there is also a list of online, computer-based, classroom courses and books that are available for students.

Many other providers, however, offer a variety of trainings that can accommodate different schedules and learning styles. When selecting a training vendor to prepare for a CompTIA Security+ certification exam, it is recommended to look for only an Accredited Training Organization (ATO) or affiliate organizations that can demonstrate adherence to set preparation standards.

Many other options for self-study are (or will be soon) available too:

What are some tips for preparing for the exam?

It might be understood, but the first thing students should do is to perform a comprehensive review of topics tested in the certification exam. The CompTIA exam is based on the following breakdown:

  • Attacks, Threats and Vulnerabilities (24%)
  • Architecture and Design (21%)
  • Implementation (25%)
  • Operations and Incident Response (16%)
  • Governance, Risk and Compliance (14%) 

Some domains are weighted more heavily than others; however, it's important to study each topic with equal attention as exam questions can come from any of the objectives. After going through the exam objectives and identifying possible areas of concern and knowledge gaps (using tools provided online or through self-assessment) a study plan should be prepared to ascertain the best way to prepare (courses, books, instructor-led options).

The IT security field requires solid theoretical knowledge but also much practical experience due to the way it evolves fast. Whatever option is chosen, professionals should make sure to include some hands-on activities and plenty of sample questions that cover multiple topics to get used to the type of language and style used in the actual test.

Ready for the test? Once the training is completed, then it’s time to head over to the CompTIA Store and purchase an exam voucher needed to sign up for the test. A CompTIA ID#, which is also the candidate’s login name, is also needed to schedule your in-person exam on the Pearson VUE website.


There are many companies looking for more security staff with the ability to mitigate or respond to computer-related network threats or attacks; demand is growing and professionals need to be ready to compete for the best positions. One way to stand out and prove skills and experience is for professionals to acquire industry-recognized certifications related to their field. Security+ is one of the most regarded options for infosec/IT professionals.

So, what’s the best way to prepare for the CompTIA Security+ exam? Whatever works best for you depends on your availability, experience, knowledge and learning style. Much material is available online and in classrooms but sticking with approved vendors and identifying one’s own real training needs in advance can help shorten the time needed to be prepared and lower the costs involved.

For more on the Security+ certification, view our Security+ certification hub.


Daniel Brecht
Daniel Brecht

Daniel Brecht has been writing for the Web since 2007. His interests include computers, mobile devices and cyber security standards. He has enjoyed writing on a variety of topics ranging from cloud computing to application development, web development and e-commerce. Brecht has several years of experience as an Information Technician in the military and as an education counselor. He holds a graduate Certificate in Information Assurance and a Master of Science in Information Technology.