If you haven’t read Part 1, you can find it here. This is part 2, in which I consider how the exam is structured as part of my exam preparation.
After I’ve done the basic research about the test and how to take it, the next thing I look at is what’s on the test and if there’s a breakdown on questions. For instance, if I was going to take the Security+ exam, this page would be invaluable because it has those breakdowns:
- General Security Concepts – 12%
- Threats, Vulnerabilities, and Mitigations – 22%
- Security Architecture – 18%
- Security Operations – 28%
- Security Program Management and Oversight – 20%
Passing is 750 out of a test range of 100-900. That roughly corresponds to getting 81% of the points to pass. If I look at the three areas with the highest percentages, if I am weak on any of those three, I won’t have a good chance of passing. Therefore, I know I have to work hard to understand those portions of the exam well. It’s not to say I can take the other sections lightly, but sections with 20%, 22%, and 28% of the exam coverage have to be solid.
Knowing the percentages, if I take a practice exam as I’m finishing up studying, I can see how I’ve done and determine which areas I am weakest. Obviously, if I am running out of time and I have to make a choice between working on Security Operations or General Security Concepts, I’m going to spend most of my effort in General Security Concepts. That’s the advantage of understanding the make-up of the exam: I can tailor my efforts for best results.