Chris Sonko tech blog

I recently cleared the Security+ exam from CompTIA and wanted to give my perspective on my certification experience as someone only used to Microsoft exams.

Security+ is a vendor agnostic cybersecurity certification that covers a broad range of security topics including threat analysis, risk mitigation, security controls for applications, networks and devices, and relevant security laws and regulations.

Exam structure
The Security+ exam is in many ways structured the same way as the Microsoft exams I have taken. Most questions are multiple choice, some drag and drop or similar task, and then some sort of case study. Microsoft exams have a passing score of 700 out of 1000 possible points while the Security+ has a passing score of 750 out of 900 possible points. Since we don’t know quite how the exams are scored, it is hard to say if this means you have less room for error with the Security+ but it might seem that way.

Resources used
My main learning resource for this exam was the official textbook from Sybex. In addition to this I watched a video course on YouTube and took a bunch of practice tests. The textbook I used came with it’s own practice tests with almost 1000 practice questions, which was great. The book had great coverage and everything I was asked on the exam was information contained in this book. In preparation for my previous Microsoft exams, I usually used Microsoft learn among other things. For every exam there is always a recommended collection of learn modules on the official exam site. While this is a great resource, I often got questions on the exams that was not covered at all in these modules. Microsoft documentation in general is fantastic , but vast, and it would be great if the specific “learning path” had some better coverage for preparing for the exam. I have not had any experience with any official Microsoft textbook, so maybe that’s what I will use for my next Microsoft exam.

Question structure
I believe that some of the reason why I felt the Microsoft learn path often is not enough for preparing for the exams is the type of questions on these exams. Microsoft sometimes likes to throw in some very granular questions like how to perform a very specific task, some weird limitation a service has, or in which sub-menu a function can be found. I did not experience any of this with the Security+ exam, however CompTIA does like to ask questions where there is more than one answer one could say is correct. Then you have to try to figure out what they deem the most correct answer, which can sometimes be frustrating.

Certification maintenance
CompTIA certifications last for three years before they expire or have to be renewed. To renew you can pass the latest version of the exam in question, or you can obtain a higher-level certification. In addition there are other options like partner certifications, courses, publishing articles etc. These additional options requires that you also pay a fee. That means that the certification will have an ongoing cost for its valid duration. Microsoft has a much easier renewal process. While most certifications expire after one year, the renewal process consists of completing an online assessment which is free and can be attempted multiple times if needed.

Conclusion
Overall I am happy with the CompTIA certification process. Compared to Microsoft exams there has been some things that were better and some things that were worse. It has been interesting to experience an exam from a different vendor that I was used to and I expect to go for more certifications in the future, both from Microsoft and from CompTIA.