EXAM STRATEGY
Tactics for maximizing your score on exam day. Know the format, manage time, eliminate wrong answers.
EXAM FORMAT
The exam mixes two question types:
- Multiple Choice — Select one or more correct answers. ~85 questions. Some say "Choose TWO" or "Choose THREE" — read this carefully.
- Performance-Based Questions (PBQs) — Interactive simulations: drag-and-drop, matching, configuring a firewall rule, completing a network diagram. Usually 3-6 PBQs per exam.
Scoring is not straight percentage. CompTIA uses a scaled scoring algorithm. Some questions may be unscored research items — you won't know which, so treat every question as scored.
PBQ STRATEGY
The biggest tactical decision on the exam: PBQs appear first, but should you do them first?
FLAG AND RETURN (RECOMMENDED)
- + Guarantees you answer all multiple-choice first
- + MC questions warm up your brain for PBQ topics
- + MC answers sometimes hint at PBQ solutions
- + Prevents PBQ time sink from eating MC time
- - Requires discipline to flag and move on
DO PBQs FIRST
- + Gets the hardest questions done when freshest
- + No anxiety about returning to flagged items
- - Risk: one confusing PBQ eats 15 minutes
- - Risk: remaining MC gets rushed
- - Most test-takers report better results flagging
Our recommendation: Flag PBQs immediately. Burn through all MC questions first. Return to PBQs with remaining time and the full context of what MC questions reminded you about. If a PBQ feels straightforward when you see it, go ahead and do it — but the moment you hesitate, flag it.
TIME MANAGEMENT
Budget: 60 seconds per MC question. Reserve 15-20 minutes for PBQs.
| Phase | Time | Action |
|---|---|---|
| 0:00 - 0:02 | 2 min | Read PBQs, flag them, move on |
| 0:02 - 1:10 | 68 min | Answer all MC questions (~1 min each) |
| 1:10 - 1:25 | 15 min | Return to flagged PBQs |
| 1:25 - 1:30 | 5 min | Review flagged MC, gut-check changes |
Checkpoint rule: At question 45, you should have ~45 minutes left. If you're behind, speed up — stop second-guessing and trust your first instinct. If you're ahead, slow down and read more carefully.
COMPTIA QUESTION PATTERNS
CompTIA writes questions in predictable patterns. Learn to spot them:
THE "BEST" QUESTION
Multiple answers are technically correct, but one is most correct for the scenario. Key: read the scenario constraints carefully.
Example pattern:
"A company wants to prevent employees from accessing social media during work hours. Which of the following would BEST accomplish this?"
Wrong: Firewall rule (too broad), employee policy (not technical enforcement)
Right: Web content filter / URL filtering (most targeted, least disruptive)
THE "FIRST" QUESTION
Asks what to do first in a process. CompTIA always wants the textbook order.
Common traps:
- Incident response → Preparation comes first (not detection)
- Forensics → Secure the scene / identify (not collect evidence)
- Risk assessment → Identify assets (not calculate risk)
- Change management → Submit RFC (not implement)
THE "GIVEN A SCENARIO" QUESTION
These are PBQ-likely topics. The scenario constrains which answers work. Look for:
- Budget constraints → eliminates expensive options
- "Minimize disruption" → eliminates anything requiring downtime
- "Regulatory requirement" → must pick the compliance-focused answer
- "Legacy systems" → eliminates modern-only solutions
- Company size → small company = simpler solution, enterprise = scalable
THE DISTRACTOR PATTERN
CompTIA loves answers that are real things but wrong for the scenario:
- Right technology, wrong layer — IDS when they asked about IPS (detection vs prevention)
- Right category, wrong specificity — "encryption" when they want "AES-256-GCM"
- Right concept, wrong context — RAID 5 for performance (it's for redundancy)
- Deprecated answer — WEP, DES, SSL, PPTP when modern equivalent exists
ELIMINATION TECHNIQUES
When you don't know the answer, eliminate what you DO know is wrong.
- 1. Kill deprecated answers. If you see WEP, DES, 3DES, SSL, PPTP, NTLM, MD5 (for security), or PAP — and a modern alternative is listed — the deprecated one is almost certainly wrong. CompTIA sometimes tests "which should you NOT use" — but if the question asks what to implement, deprecated = wrong.
- 2. Eliminate scope mismatches. Question asks about network security? Eliminate host-based answers. Question asks about data at rest? Eliminate TLS (that's in transit). Question about authentication? Eliminate encryption-only answers.
- 3. Check the verb. "Detect" = IDS, monitoring, logging. "Prevent" = IPS, firewall, access control. "Recover" = backup, DR plan. "Investigate" = forensics, SIEM. The answer must match the action the question asks for.
- 4. Use absolute language as a red flag. Answers with "always," "never," "all," "none," "guarantees" are usually wrong. Security is about risk reduction, not absolute certainty. Exception: "never store passwords in plaintext" — some absolutes are real.
- 5. When two answers look the same, one is wrong. If two options seem equivalent (e.g., "firewall" and "NGFW"), the more specific one is usually correct — CompTIA rewards precision.
DOMAIN WEIGHT STRATEGY
Not all domains are equal. Allocate study time proportionally:
Translation: Domains 4 + 2 are half the exam. If you're short on time, these two give the most points per hour studied. Domain 5 is the silent killer — governance and compliance questions are where people lose points they didn't expect to lose.
EXAM DAY
BEFORE THE EXAM
- Arrive 15-30 minutes early (testing center) or test your setup early (online)
- Bring two forms of ID (one with photo)
- Empty pockets — no phone, no smartwatch, no notes
- You'll get a dry-erase board or scratch paper — use it
- Brain dump: write down port numbers, acronyms, formulas immediately
DURING THE EXAM
- Read every word. CompTIA hides constraints in the scenario text.
- Watch for "NOT" and "LEAST." These invert the question completely.
- Don't change answers unless you have a specific reason. First instinct is usually right.
- Flag and move. If you've spent 2+ minutes on a question, flag it.
- Answer everything. No penalty for guessing. Never leave a blank.
BRAIN DUMP TEMPLATE
When you sit down, before touching question 1, write these on your scratch paper:
PORTS
22=SSH 23=Telnet 25=SMTP 53=DNS 80=HTTP 443=HTTPS
110=POP3 143=IMAP 389=LDAP 636=LDAPS 445=SMB
3389=RDP 1720=H.323 5060=SIP 161/162=SNMP
69=TFTP 20/21=FTP 990=FTPS 587=SMTP-TLS
514=Syslog 88=Kerberos 49=TACACS+ 1812/1813=RADIUS
RISK
SLE = AV × EF
ALE = SLE × ARO
Risk = Threat × Vulnerability × Impact
IR ORDER
Preparation → Detection → Analysis → Containment
→ Eradication → Recovery → Lessons Learned
SYMMETRIC: AES, 3DES, Blowfish, Twofish (shared key)
ASYMMETRIC: RSA, ECC, DH, DSA, ElGamal (key pair)
HASHING: SHA-256, SHA-3, MD5*, RIPEMD (* = broken)
RAID
0=stripe 1=mirror 5=stripe+parity(3+)
6=stripe+double-parity(4+) 10=mirror+stripe Memorize this before exam day. The act of writing it down frees your working memory for the actual questions. See the full port reference for the complete list.
MENTAL MODELS FOR HARD QUESTIONS
THE CIA FILTER
When stuck, ask: is this question really about confidentiality (encryption, access control, classification), integrity (hashing, digital signatures, FIM), or availability (redundancy, backups, load balancing)? The answer must protect the property the scenario is threatening.
THE COST-BENEFIT FILTER
CompTIA's "best" answer is usually the one that solves the problem with minimal cost, minimal disruption, and maximum coverage. If two answers work equally well, the simpler/cheaper one wins.
THE LAYER FILTER
Is the question about the network (firewall, IDS, segmentation), the host (EDR, patching, hardening), the application (WAF, input validation, code review), or the user (training, MFA, policy)? Match your answer to the right layer.
THE PREVENTIVE VS DETECTIVE FILTER
Does the question want you to stop something from happening (preventive: firewall, IPS, encryption, access control) or find out that it happened (detective: IDS, SIEM, logs, FIM)? Never answer "detect" when they ask "prevent" and vice versa.