r/CompTIA_Security

An employee receives a text message asking them to verify their login credentials through a link that appears to come from the company’s IT department. After clicking the link, they are taken to a fake login page designed to steal their password.

Which of the following BEST describes this attack?

A) Brute-force attack

B ) Phishing

C) Tailgating

D) Privilege escalation

Drop your answer below 👇 explanation in the comments!

Hi. I'm looking to give my security+ exam soon. I've been looking at alot of reddit posts regarding prep and everyone seems to suggest professor messer's playlist. Now I've gone thru a few of his videos, and most of it feels too theoretical and basic, for such an important exam. Now, I may be 100% wrong here, theres obviously a reason that so many people suggest it, but I'm just making this post for some reassurance that is the playlist really worth it?

Okay so I was scoring 60% on practice exams and getting genuinely frustrated because every free resource either had wrong answers, wanted my email, or paywalled me after 5 questions.

So instead of studying I did what any reasonable IT student would do and spent a week building my own quiz site.

studypassplus.com

Here is what it actually does:

245 original SY0-701 practice questions covering all five exam domains

When you get something wrong it gives you an AI explanation of why the correct answer is right, not just "the answer is C"

Exam mode with a real 90 minute timer so you stop pretending you have unlimited time

Missed questions mode so you stop redoing questions you already know and actually fix your weak spots

No account, no email, just open and go

I went from 60% to consistently hitting 85%+ using my own site which is either a great sign or I just memorized my own questions. Either way I feel way better about my exam.

What domains are you struggling with? Genuinely curious what to add next.

Studying for security +

How did you guys retain the information. I’m using professor messer videos and I have his study guide. I just fear not remembering it at the end of all the videos. How often should I practice test or is there another option?

Here's a Domain 3 scenario for today.

A security architect is designing a protection strategy for a financial application. She plans to implement firewalls at the perimeter, intrusion detection systems on the internal network, endpoint antivirus, application-layer controls, and data encryption at rest. Which security principle does this layered strategy best represent?

A) Zero trust B) Separation of duties C) Defense in depth D) Secure by default

Take a moment to consider your answer before checking below.

Scroll slowly — answer below.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Answer: C

Explanation: Defense in depth involves implementing multiple, overlapping layers of security controls so that if one control fails, others remain to protect the asset. The described strategy applies controls at the perimeter, network, endpoint, application, and data layers.

Why the others don't fit: A: Zero trust focuses on explicit verification for every access request and is not specifically about stacking multiple control layers. B: Separation of duties divides tasks among multiple individuals to prevent fraud or error — it is a personnel/process control, not an architectural layering strategy. D: Secure by default means systems ship with secure configurations out of the box; it does not describe layering multiple controls across different tiers.

I failed because I didn't review quite enough to avoid falling for their traps, however since it was my first time I actually quite enjoyed the experience of taking the exam online. Make sure to be very punctual, though, I had to wait behind four other people before I could take the test.
Regarding the difficulty of the exam: The PBQs really threw me off quite a bit. I only encountered two of them, the rest consisted of 75 multiple choice questions. The first PBQ involved a firewall architecture configuration where I had to analyze logs to identify which server originated a threat and which ones were infected. The other PBQ was very easy: you are presented with a scenario and have to identify the name of the threat and select the best option to mitigate it. As for the multiple choice questions, they were actually quite easy compared to the Dion Training practice exams; the concepts were clearly distinct and easy to identify. However, the questions themselves were very tricky you really have to pay close attention to keywords and acronyms. There were also two or three questions that required multiple selections, as well as others featuring a lot of text or a confusing narrative. I also took the exam in modern Spanish, some of the translations really screwed me over, but luckily there’s a small button where you can view the original English translation. I ended up wasting time answering them and ran out of time before I could answer the last six questions, had I been able to answer them, I might have passed the exam with the minimum required score.

I have absolutely no prior IT experience. I’ve been studying for this exam for four months, and my study materials consisted of Professor Messer videos, Cyberkraft PBQs videos, and the Dion Training practice exams. My average score on the Dion exams was between 80% and 85% (so I knew the actual exam result would be a close call, but I decided to give it a shot anyway).

If anyone knows of a practice exam for training that is more difficult than Dion's, please post it here in the comments.

I hope my experience serves as a helpful set of tips for you to keep in mind, don't give up, study smartly, and make sure you clearly distinguish between concepts so you don't fall into any traps.If you do all that, you will pass. Good Luck!

I have been studying for over a month and a half and I have 3 years of experience in the security field, I am feeling a lil bit nervous about the exam, I used messers practice exams and course on YT, plus Prepforcerts app for a daily 30 free questions, feeling a lil bit confident too, I hope I can pass it, it will be my first Comptia cert, i appreciate if you give advise.

Here's a Domain 1 scenario for today.

An attacker intercepts network traffic and silently reads confidential emails without altering them or disrupting the service. Which core security principle is being violated?

A) Integrity B) Availability C) Confidentiality D) Non-repudiation

Take a moment to consider your answer before checking below.

Scroll slowly — answer below.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

---

Answer: C

Explanation: Confidentiality means protecting sensitive information from unauthorized access or disclosure. In this scenario, the attacker reads confidential emails, so the information has been exposed to an unauthorized party.

Why the others don't fit: A: Integrity is about preventing unauthorized modification of data. The attacker did not alter anything. B: Availability is about keeping systems and services accessible. The service was not disrupted. D: Non-repudiation is about proving that an action or transaction occurred and cannot be denied later. That is not the issue here.

After years of watching brilliant security professionals struggle not with the technology — but with the boardroom, the budget table, and the C-suite — I wrote the book I wish had existed when I stepped into my first security leadership role.

Today, I'm proud to announce that THE SECURITY EXECUTIVE: Leading, Influencing, and Protecting in the Age of Cyber Risk is officially available on Amazon.

Here is what I know to be true after working across security programs, board rooms, and executive teams:

Technical competence earns the CISO title.

Organizational leadership determines whether the CISO keeps it — and whether the security program actually works.

The gap between those two things is where security programs fail. Not because of sophisticated attackers. Not because of inadequate budgets. But because the CISO who speaks fluent threat intelligence cannot always speak fluent board governance, financial risk quantification, or C-suite alliance building.

This book addresses that gap directly.

━━━━━━━━━━━━━━━━━━━━━━━

WHAT THE SECURITY EXECUTIVE COVERS:

━━━━━━━━━━━━━━━━━━━━━━━

✦ The identity shift from engineer to executive — and why it is the most important transition a security leader makes

✦ How to build a security strategy the business actually believes in — using the Business-Security Alignment Matrix

✦ Speaking the language of cyber risk in financial terms your CFO and board can govern with

✦ The board communication framework that produces governance decisions — not polite silence

✦ Building C-suite alliances so security is present before decisions are made — not at week six of a cloud migration you were never told about

✦ Incident response leadership in the first 24 hours — the calls, the command structure, the executive anxiety management

✦ The personal liability landscape every CISO must understand in the current regulatory environment

✦ Career architecture for longevity, legacy, and what comes next — board service, consulting, and the professional options that intentional design creates

━━━━━━━━━━━━━━━━━━━━━━━

20 chapters. 900+ pages. 20 Quick Reference Tools your team can use this week.

This is not a technical manual. It is the organizational leadership architecture that the security profession has needed and largely not had.

If you are a CISO, an aspiring security executive, a senior security professional preparing for the next level, or a board member responsible for security governance — this book was written for you.

📖 Now available on Amazon in Kindle and Paperback.

🔗 Link in comments.

I would love to hear from the security community: What is the single leadership challenge in your current role that no technical certification ever prepared you for?

#CISO #CybersecurityLeadership #ChiefInformationSecurityOfficer #SecurityStrategy #CyberRisk #EnterpriseSecurity #SecurityExecutive #BoardGovernance #InformationSecurity #CISOLeadership #SecurityManagement #CyberRiskManagement #SecurityProgramLeadership #InfoSec #CISOCommunity

Im preparing for security + and planning to complete it within a month, but a bit confused o study method,anybody who'd passed it earlier , help me out on how many hours and some study routine, would really appreciate it

I guess 4th time isnt the charm...

I just took my Sec+ for a 4th time, and failed with a 701... I am at a loss because I want to pass it so bad! This is the only comptia test I have taken and I need to get this cert for me to get a job advancement within my company. They are close to just hiring someone who has the cert already instead of me trying to pass it.

I have tried dion training practice exams, udemy videos and practice exams, listening to professor messer and doing his practice exams... I am just at a loss and in need of help on how I can pass this thing in the next 14 days when I can do my retake.

With this exam I was confident going in but then after some questions and having to reread and then I second guessed my first answers, then I started to panic if I couldnt remember an acronym or best practice to xyz.... yes I am already on anxiety and adhd medication and know I have bad test anxiety since childhood. I just want to feel like I can accomplish this and I won't stop till I do.

Please help my fellow reddit users on how you passed or what I should do to hopefully in my next (and hopefully final) retake i will pass above the 750 threshold...

I already have my A+ and i have been thinking about starting Security + but people keep recommending Network + first

Those who already have Security + did you do Network + beforehand or straight to Security +? I'm trying to figure out whether Network + is really necessary or if it's manageable to learn the networking concepts along the way while studying Security +.

Would appreciate your experiences and what worked for you