<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: NERDEXAM</title>
    <description>The latest articles on DEV Community by NERDEXAM (@nerdexam).</description>
    <link>https://dev.to/nerdexam</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3958747%2Fe0ad17c1-9430-4306-9b23-cb0477486462.png</url>
      <title>DEV Community: NERDEXAM</title>
      <link>https://dev.to/nerdexam</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/nerdexam"/>
    <language>en</language>
    <item>
      <title>Cisco 350-401 ENCOR (CCNP Enterprise Core): What's Actually Tested</title>
      <dc:creator>NERDEXAM</dc:creator>
      <pubDate>Thu, 09 Jul 2026 14:02:24 +0000</pubDate>
      <link>https://dev.to/nerdexam/cisco-350-401-encor-ccnp-enterprise-core-whats-actually-tested-1e1h</link>
      <guid>https://dev.to/nerdexam/cisco-350-401-encor-ccnp-enterprise-core-whats-actually-tested-1e1h</guid>
      <description>&lt;p&gt;The Cisco 350-401 ENCOR (Implementing and Operating Cisco Enterprise Network&lt;br&gt;
Core Technologies) is the core exam for CCNP Enterprise and doubles as the&lt;br&gt;
written qualifying exam for CCIE Enterprise Infrastructure and CCIE Enterprise&lt;br&gt;
Wireless. The exam costs $400, runs 120 minutes, has 90 to 110 questions, and&lt;br&gt;
requires a score of around 825 out of 1000 to pass. Cisco does not publish an&lt;br&gt;
official cut score, but that figure reflects consistent community consensus.&lt;br&gt;
Most experienced engineers need 10 to 14 weeks of focused study. The question&lt;br&gt;
mix is heavily scenario-based multiple choice and drag-and-drop, with far fewer&lt;br&gt;
hands-on simulations than CCNA. If you hold a CCNA and have worked in&lt;br&gt;
enterprise networks, this is the next logical credential. If you are brand new&lt;br&gt;
to Cisco gear, start with CCNA first.&lt;/p&gt;

&lt;h2&gt;
  
  
  The 90-second answer
&lt;/h2&gt;

&lt;p&gt;&lt;strong&gt;Take 350-401 ENCOR if&lt;/strong&gt; you are an experienced network engineer who wants&lt;br&gt;
to advance from CCNA to CCNP, or if your role already involves enterprise&lt;br&gt;
routing, switching, wireless, SD-WAN, or SD-Access. ENCOR is also the&lt;br&gt;
required qualifier if you are eventually targeting a CCIE lab. The credential&lt;br&gt;
is widely recognized by enterprise employers and represents a real knowledge&lt;br&gt;
step up from associate-level certs.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Skip 350-401 ENCOR if&lt;/strong&gt; you have not yet passed CCNA 200-301 or built&lt;br&gt;
genuine hands-on networking experience. There are no formal prerequisites,&lt;br&gt;
but Cisco recommends three to five years of enterprise networking experience,&lt;br&gt;
and that recommendation reflects the actual question difficulty. Going in&lt;br&gt;
underprepared costs $400 for the first attempt and $400 again for the&lt;br&gt;
retake, with a five-day wait between attempts.&lt;/p&gt;

&lt;h2&gt;
  
  
  What does the 350-401 actually test?
&lt;/h2&gt;

&lt;p&gt;ENCOR covers six domains. The current blueprint is version 1.1. Every&lt;br&gt;
question maps to one of these.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Domain&lt;/th&gt;
&lt;th&gt;Weight&lt;/th&gt;
&lt;th&gt;What it covers&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Architecture&lt;/td&gt;
&lt;td&gt;15%&lt;/td&gt;
&lt;td&gt;Enterprise network design, high availability, wireless deployment models, Cisco SD-WAN and SD-Access fabric design&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Virtualization&lt;/td&gt;
&lt;td&gt;10%&lt;/td&gt;
&lt;td&gt;Device virtualization (VMs, containers), data path virtualization (VRF, GRE, IPsec), network virtualization (LISP, VXLAN)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Infrastructure&lt;/td&gt;
&lt;td&gt;30%&lt;/td&gt;
&lt;td&gt;Layer 2 (VLANs, trunking, EtherChannel, STP), Layer 3 (OSPF, EIGRP, BGP), wireless (AP modes, WLC, roaming), IP services (NTP, NAT, DHCP, IP SLA, QoS)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Network Assurance&lt;/td&gt;
&lt;td&gt;10%&lt;/td&gt;
&lt;td&gt;SNMP, syslog, NetFlow/Flexible NetFlow, SPAN/RSPAN, IP SLA, Cisco DNA Center assurance, debugs and show commands&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Security&lt;/td&gt;
&lt;td&gt;20%&lt;/td&gt;
&lt;td&gt;Device access control (AAA, TACACS+, RADIUS), CoPP, ACLs, port security, 802.1X, MACsec, wireless security&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Automation&lt;/td&gt;
&lt;td&gt;15%&lt;/td&gt;
&lt;td&gt;Python basics, JSON, REST APIs, data models and YANG, EEM, Cisco DNA Center APIs, config management (Ansible, Puppet, Chef), SDN concepts&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;Infrastructure carries the highest weight at 30%, so routing protocol depth&lt;br&gt;
matters more here than on any other Cisco exam below the CCIE. You need to&lt;br&gt;
understand OSPF neighbor adjacencies, BGP path selection, EIGRP metric&lt;br&gt;
calculation, and STP root bridge election, not just recognize the terms.&lt;/p&gt;

&lt;p&gt;The Architecture and Automation domains together are 30% of the exam and they&lt;br&gt;
reward candidates who have worked with modern enterprise designs. SD-WAN and&lt;br&gt;
SD-Access questions describe a fabric or a deployment scenario and ask you to&lt;br&gt;
identify the correct component, design decision, or troubleshooting step.&lt;br&gt;
These are not conceptual-only questions. You need to know how SD-WAN control&lt;br&gt;
plane, data plane, and management plane separate, and where Cisco DNA Center&lt;br&gt;
fits in SD-Access fabric design.&lt;/p&gt;

&lt;p&gt;The Security domain at 20% is broader than most candidates expect. AAA using&lt;br&gt;
TACACS+ versus RADIUS is a common topic, as is CoPP (Control Plane Policing),&lt;br&gt;
which protects the router control plane itself. 802.1X and MACsec appear in&lt;br&gt;
scenario questions that mix wireless and wired access.&lt;/p&gt;

&lt;p&gt;Automation at 15% is not optional studying. Community feedback from recent&lt;br&gt;
exam sittings consistently flags Python, REST APIs, and YANG data models as&lt;br&gt;
live on exam day. You do not need to write production Python, but you do need&lt;br&gt;
to read a short script and understand what it does, parse a JSON payload, and&lt;br&gt;
describe how a RESTCONF or NETCONF call is structured.&lt;/p&gt;

&lt;h2&gt;
  
  
  How hard is the 350-401?
&lt;/h2&gt;

&lt;p&gt;ENCOR is a difficulty 4 out of 5. Clearly harder than CCNA 200-301, which is&lt;br&gt;
a 3.5, and significantly broader in scope. Cisco does not publish a pass rate,&lt;br&gt;
but community surveys suggest first-time pass rates are lower than CCNA,&lt;br&gt;
largely because the breadth and depth of six domains is genuinely demanding&lt;br&gt;
even for working engineers.&lt;/p&gt;

&lt;p&gt;The hard parts are specific:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;The Infrastructure domain alone is 30% of the exam and it expects depth
on three routing protocols plus wireless and QoS, not just awareness of them&lt;/li&gt;
&lt;li&gt;SD-WAN and SD-Access are tested at a design and troubleshooting level that
many engineers have not encountered in day-to-day operations, especially
those in shops that have not deployed Viptela or Catalyst Center&lt;/li&gt;
&lt;li&gt;Automation questions require you to read and reason about code, JSON, and
API calls even if you are not primarily a programmer&lt;/li&gt;
&lt;li&gt;No back button. Cisco exams lock each question on submission, so a
scenario you get stuck on burns time you cannot recover&lt;/li&gt;
&lt;li&gt;At 90 to 110 questions in 120 minutes, you average just over one minute
per question. Scenario-based items that require you to work through a
multi-step design problem will consume two to three minutes each if you
are not prepared&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The most common failure pattern is candidates who know routing and switching&lt;br&gt;
well but underestimate the Architecture and Automation domains. Solid OSPF&lt;br&gt;
and BGP knowledge is necessary but not sufficient. Someone who scored well&lt;br&gt;
on CCNA by memorizing show commands and protocol theory will struggle with&lt;br&gt;
ENCOR's SD-WAN design and Python-parsing questions.&lt;/p&gt;

&lt;h2&gt;
  
  
  How long should you study for 350-401?
&lt;/h2&gt;

&lt;p&gt;Cisco recommends three to five years of enterprise networking experience before&lt;br&gt;
sitting the exam. That is not a suggestion to ignore. For actual study time:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;With 3+ years enterprise networking and CCNP-level exposure at work&lt;/strong&gt;:
8 to 10 weeks at 10 to 15 hours per week&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;With CCNA and 1 to 3 years networking experience&lt;/strong&gt;: 12 to 14 weeks at
10 to 15 hours per week&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;With CCNA and less than one year of hands-on work&lt;/strong&gt;: 16 to 20 weeks,
and seriously consider accumulating more lab and production experience
before booking&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Coming from a different vendor or role type (Juniper, cloud, security)&lt;/strong&gt;:
12 to 16 weeks to ramp on Cisco-specific implementations of shared concepts&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;A realistic week-by-week pace for a 12-week plan looks like:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Week 1: Enterprise architecture fundamentals, high availability designs,
SD-WAN overview (Architecture domain foundation)&lt;/li&gt;
&lt;li&gt;Week 2: SD-Access fabric design, overlay and underlay, Catalyst Center
role&lt;/li&gt;
&lt;li&gt;Week 3: Virtualization - VRF, GRE, IPsec, LISP, VXLAN concepts and use
cases&lt;/li&gt;
&lt;li&gt;Week 4: Layer 2 deep dive - VLANs, trunking, EtherChannel, STP variants&lt;/li&gt;
&lt;li&gt;Week 5: OSPF areas, LSA types, neighbor adjacency troubleshooting&lt;/li&gt;
&lt;li&gt;Week 6: EIGRP metrics and tuning, BGP path selection, route
redistribution&lt;/li&gt;
&lt;li&gt;Week 7: Wireless - AP modes, WLC architecture, roaming, wireless security&lt;/li&gt;
&lt;li&gt;Week 8: IP services - QoS, NTP, NAT, DHCP, IP SLA&lt;/li&gt;
&lt;li&gt;Week 9: Security - AAA, TACACS+ vs RADIUS, CoPP, 802.1X, MACsec, ACLs&lt;/li&gt;
&lt;li&gt;Week 10: Network Assurance - SNMP, NetFlow, SPAN, DNA Center assurance,
debug and show command strategy&lt;/li&gt;
&lt;li&gt;Week 11: Automation - Python basics, JSON, REST APIs, YANG, DNA Center
APIs, Ansible fundamentals, EEM&lt;/li&gt;
&lt;li&gt;Week 12: Full timed practice exams, review weak domains, scenario
drilling&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;The biggest waste of study time on ENCOR is focusing almost exclusively on&lt;br&gt;
Infrastructure and ignoring Automation and Architecture. Many experienced&lt;br&gt;
engineers come in strong on routing and switching, then get blindsided by&lt;br&gt;
SD-WAN design questions and Python-parsing items that together account for&lt;br&gt;
nearly a third of the exam.&lt;/p&gt;

&lt;h2&gt;
  
  
  What does the 350-401 cost?
&lt;/h2&gt;

&lt;p&gt;The exam itself is $400 USD plus any local taxes. That is $100 more than CCNA,&lt;br&gt;
and Cisco does not routinely issue discounted retake vouchers, so a failed&lt;br&gt;
attempt means another $400 after the mandatory five-day wait.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Component&lt;/th&gt;
&lt;th&gt;Range&lt;/th&gt;
&lt;th&gt;Notes&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Exam fee&lt;/td&gt;
&lt;td&gt;$400&lt;/td&gt;
&lt;td&gt;One attempt. Retake is another $400 with a 5-day wait after a fail.&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Study course&lt;/td&gt;
&lt;td&gt;$0 to $200&lt;/td&gt;
&lt;td&gt;Nick Russo's free materials, Cisco's own dCloud labs, or a paid Udemy course at $15 to $30 on sale&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Practice questions&lt;/td&gt;
&lt;td&gt;$0 to $60&lt;/td&gt;
&lt;td&gt;NerdExam has 1,356 ENCOR questions if you want a free option&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Lab access&lt;/td&gt;
&lt;td&gt;$0 to $200&lt;/td&gt;
&lt;td&gt;Cisco dCloud is free; CML Personal or EVE-NG with IOS-XE images for deeper routing scenarios&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Books&lt;/td&gt;
&lt;td&gt;$0 to $80&lt;/td&gt;
&lt;td&gt;Cisco Press ENCOR Official Cert Guide by Chapple and Lacoste is the standard reference&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Total realistic spend&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;$400 to $700&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Cheapest viable path: $400 (exam only, if you leverage free resources)&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;Given the $400 per-attempt cost, the "do not book until your practice scores&lt;br&gt;
are consistently above 80%" rule matters more here than on almost any other&lt;br&gt;
associate or professional cert. Cisco occasionally runs promotional pricing or&lt;br&gt;
partner voucher bundles through the Cisco Learning Network Store, so check&lt;br&gt;
before you buy.&lt;/p&gt;

&lt;h2&gt;
  
  
  What salary can you expect after passing?
&lt;/h2&gt;

&lt;p&gt;CCNP-level credentials move you from entry-to-mid into mid-to-senior&lt;br&gt;
compensation territory. ENCOR alone qualifies you for CCNP Enterprise once&lt;br&gt;
you add a concentration exam, and that combination is a recognized signal&lt;br&gt;
for senior-level roles. 2026 US estimates from job boards:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Network Engineer with CCNP Enterprise&lt;/strong&gt;: $95,000 to $130,000&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Senior Network Engineer or Network Architect with CCNP&lt;/strong&gt;: $130,000 to
$175,000&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Network Operations lead or consultant with CCNP&lt;/strong&gt;: $100,000 to $145,000&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;CCNP holders in enterprise networking consistently out-earn CCNA-only&lt;br&gt;
candidates by a meaningful margin. The gap widens further once CCNP is&lt;br&gt;
combined with three or more years of production enterprise experience. At the&lt;br&gt;
CCIE level, which ENCOR partially qualifies you for, total compensation&lt;br&gt;
packages regularly exceed $175,000 in major markets.&lt;/p&gt;

&lt;p&gt;The cert itself is the signal that gets you past resume filters for senior&lt;br&gt;
network engineer and architect roles. The real pay trajectory requires the&lt;br&gt;
cert plus actual work delivering SD-WAN rollouts, BGP policy changes, or&lt;br&gt;
wireless infrastructure at scale.&lt;/p&gt;

&lt;h2&gt;
  
  
  What study resources actually work?
&lt;/h2&gt;

&lt;p&gt;The candidates who pass ENCOR on the first attempt tend to use a consistent&lt;br&gt;
stack:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;One structured course for breadth.&lt;/strong&gt; Cisco Press's Official Cert Guide
is the most thorough single resource; INE and CBT Nuggets both have video
courses that are strong on the Infrastructure and Automation domains&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;A real lab, not just Packet Tracer.&lt;/strong&gt; ENCOR covers IOS-XE behaviors,
SD-WAN control plane, and YANG that Packet Tracer does not model well.
Cisco dCloud is free and has pre-built ENCOR topology labs. CML (Cisco
Modeling Labs) Personal is worth the cost if you plan to push toward CCIE&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Dedicated automation practice.&lt;/strong&gt; Do not just read about Python and REST
APIs. Write a short Python script that calls a DNA Center sandbox API.
Cisco DevNet has a free always-on DNA Center sandbox at
&lt;a href="https://developer.cisco.com/" rel="noopener noreferrer"&gt;developer.cisco.com&lt;/a&gt;. Parsing JSON by hand
in a sandbox makes the automation questions concrete&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;At least 600 practice questions&lt;/strong&gt; before exam day, weighted toward
Infrastructure and Security, with scenario-based items so design and
troubleshooting questions do not surprise you&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Two full-length timed practice exams in the final two weeks.&lt;/strong&gt; Treat
them like the real thing. If you are scoring below 80%, postpone the real
exam. At $400 an attempt, postponing is almost always the right financial
decision&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Avoid brain-dump sites. Cisco actively updates ENCOR question pools and brain&lt;br&gt;
dumps go stale quickly. More importantly, ENCOR rewards the ability to reason&lt;br&gt;
through a scenario, not recognize a memorized answer string. The Cisco&lt;br&gt;
Learning Network forums and Reddit's r/ccnp have current, crowdsourced&lt;br&gt;
guidance on which resources are working this quarter.&lt;/p&gt;

&lt;p&gt;For practice questions, NerdExam has 1,356 enriched 350-401 ENCOR questions&lt;br&gt;
with full explanations. &lt;a href="https://nerdexam.com/exams/350-401/questions/1?utm_source=devto&amp;amp;utm_medium=referral&amp;amp;utm_campaign=hermes&amp;amp;utm_content=cisco-350-401-encor-overview" rel="noopener noreferrer"&gt;Start with a free ENCOR practice question&lt;/a&gt;&lt;br&gt;
to see the question style and reasoning depth before you commit to a study plan.&lt;br&gt;
Working through explanations for Infrastructure and Automation items shows you&lt;br&gt;
exactly how Cisco frames scenario logic, which is easier to absorb from worked&lt;br&gt;
examples than from video summaries.&lt;/p&gt;

&lt;h2&gt;
  
  
  Who should NOT take 350-401?
&lt;/h2&gt;

&lt;p&gt;The exam is wrong for these candidates:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;You are&lt;/th&gt;
&lt;th&gt;Take instead&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Brand new to networking with no Cisco experience&lt;/td&gt;
&lt;td&gt;CCNA 200-301 first to build the foundation&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;A pure cloud engineer who never configures Cisco gear&lt;/td&gt;
&lt;td&gt;AWS, Azure, or GCP networking certifications&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Security-focused and not doing network operations&lt;/td&gt;
&lt;td&gt;CCNP Security (SCOR 350-701) or CompTIA Security+&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Looking for vendor-neutral fundamentals validation&lt;/td&gt;
&lt;td&gt;CompTIA Network+ is broader and cheaper&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;A network engineer who only needs CCNA-level validation&lt;/td&gt;
&lt;td&gt;Stay at CCNA until you have the production experience ENCOR expects&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;The investment here is not just the $400 exam fee. It is 10 to 14 weeks of&lt;br&gt;
serious study time. That time is well spent for a working network engineer&lt;br&gt;
ready to move into senior roles. It is a poor investment for someone who&lt;br&gt;
wants a cert badge without the underlying experience the badge implies to&lt;br&gt;
hiring managers who actually verify it in interviews.&lt;/p&gt;

&lt;h2&gt;
  
  
  What's next after 350-401?
&lt;/h2&gt;

&lt;p&gt;Passing ENCOR opens several paths:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Complete CCNP Enterprise&lt;/strong&gt;: Add one concentration exam. The most common
pick is 300-410 ENARSI (Advanced Routing and Services), which deepens
OSPF, BGP, EIGRP, and VPN troubleshooting. Other concentration options
include 300-415 ENSDWI (SD-WAN) and 300-435 ENAUTO (Automation), depending
on where your career is pointing.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;CCIE Enterprise lab path&lt;/strong&gt;: ENCOR satisfies the written/qualifying
requirement for both CCIE Enterprise Infrastructure and CCIE Enterprise
Wireless. The lab exams are a separate and significantly harder undertaking,
but ENCOR is the required gateway. Most engineers spend one to two years in
production and focused lab work between passing ENCOR and attempting the
CCIE lab.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;SD-WAN or Automation specialization&lt;/strong&gt;: 300-415 ENSDWI and 300-435 ENAUTO
are both viable concentration choices if your shop is deep in Viptela SD-WAN
or Catalyst Center automation. Either makes a strong resume signal in
enterprise sales engineering and network architect roles.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;DevNet Professional&lt;/strong&gt;: If the Automation domain on ENCOR sparked genuine
interest in network programmability, the Cisco DevNet Professional path
(350-901 DEVCOR) builds directly on those skills.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Note that Cisco certifications expire after three years. ENCOR's three-year&lt;br&gt;
clock starts on your pass date. You can renew by passing any 300-level or&lt;br&gt;
higher Cisco exam, or by passing ENCOR again, or by completing continuing&lt;br&gt;
education credits through the Cisco Learning Network.&lt;/p&gt;

&lt;p&gt;Ready to start? &lt;a href="https://nerdexam.com/catalog/350-401?utm_source=devto&amp;amp;utm_medium=referral&amp;amp;utm_campaign=hermes&amp;amp;utm_content=cisco-350-401-encor-overview" rel="noopener noreferrer"&gt;Browse all 350-401 ENCOR practice questions on NerdExam&lt;/a&gt;&lt;br&gt;
or jump straight into the &lt;a href="https://nerdexam.com/exams/350-401/questions/1?utm_source=devto&amp;amp;utm_medium=referral&amp;amp;utm_campaign=hermes&amp;amp;utm_content=cisco-350-401-encor-overview" rel="noopener noreferrer"&gt;free per-question explanations&lt;/a&gt;.&lt;br&gt;
If you want to explore the official blueprint before you buy study materials,&lt;br&gt;
the current exam topics are published on the&lt;br&gt;
&lt;a href="https://learningnetwork.cisco.com/s/ccnp-enterprise" rel="noopener noreferrer"&gt;Cisco Learning Network&lt;/a&gt;.&lt;/p&gt;

</description>
      <category>cisco</category>
      <category>networking</category>
      <category>ccna</category>
      <category>certification</category>
    </item>
    <item>
      <title>Certified Ethical Hacker (CEH v13, 312-50): What's Actually Tested</title>
      <dc:creator>NERDEXAM</dc:creator>
      <pubDate>Tue, 07 Jul 2026 14:04:04 +0000</pubDate>
      <link>https://dev.to/nerdexam/certified-ethical-hacker-ceh-v13-312-50-whats-actually-tested-2n7a</link>
      <guid>https://dev.to/nerdexam/certified-ethical-hacker-ceh-v13-312-50-whats-actually-tested-2n7a</guid>
      <description>&lt;p&gt;The Certified Ethical Hacker (CEH v13, exam 312-50) is the single most&lt;br&gt;
recognized name in offensive security certification. The exam voucher runs&lt;br&gt;
about $1,199, the clock is 4 hours, and you face 125 multiple-choice&lt;br&gt;
questions across 20 hacking domains. The passing threshold is not a fixed&lt;br&gt;
number - EC-Council uses per-form cut scores that range from 60% to 85%&lt;br&gt;
depending on how the question set is calibrated, often cited around 70%.&lt;br&gt;
Version 13 layers generative AI throughout every module, so expect&lt;br&gt;
questions on using AI to assist each phase of hacking and on securing AI&lt;br&gt;
systems. Most candidates need 6 to 10 weeks of focused prep. If you are&lt;br&gt;
already working in security operations or penetration testing, 4 to 6 weeks&lt;br&gt;
is realistic. If you are coming from a general IT background, budget the&lt;br&gt;
full 10 weeks and go domain by domain.&lt;/p&gt;

&lt;h2&gt;
  
  
  The 90-second answer
&lt;/h2&gt;

&lt;p&gt;&lt;strong&gt;Take CEH v13 if&lt;/strong&gt; you need the credential for a specific reason: DoD&lt;br&gt;
8570/8140 compliance, a government or defense-contractor role that&lt;br&gt;
explicitly lists it, or an employer whose HR checklist requires it. CEH is&lt;br&gt;
the dominant name-recognition cert in offensive security, and its DoD&lt;br&gt;
approval is the primary reason thousands of candidates pay $1,199 for an&lt;br&gt;
exam that is otherwise considered broad and not deeply technical.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Skip CEH v13 if&lt;/strong&gt; you want to prove hands-on hacking ability. CEH is&lt;br&gt;
widely described as "a mile wide and an inch deep." It tests whether you&lt;br&gt;
can recognize tools, phases, and terminology, not whether you can exploit a&lt;br&gt;
live target. If your goal is to impress a hands-on hiring team, OSCP&lt;br&gt;
carries far more weight. If budget is the constraint, CompTIA PenTest+&lt;br&gt;
(PT0-003) covers similar ground for roughly a third of the price.&lt;/p&gt;

&lt;h2&gt;
  
  
  What does the CEH v13 actually test?
&lt;/h2&gt;

&lt;p&gt;CEH v13 spans 20 hacking modules mapped to nine broad domain groups. The&lt;br&gt;
blueprint weights below are approximate and established across recent&lt;br&gt;
versions. Version 13's headline change is that generative AI appears across&lt;br&gt;
all 20 modules - questions cover AI-assisted recon, malware that leverages&lt;br&gt;
AI techniques, and defending AI infrastructure, so do not ignore those additions.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Domain&lt;/th&gt;
&lt;th&gt;Approx. Weight&lt;/th&gt;
&lt;th&gt;What it covers&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Information Security and Ethical Hacking Overview&lt;/td&gt;
&lt;td&gt;~6%&lt;/td&gt;
&lt;td&gt;Hacking concepts, attack phases, the cyber kill chain, ethics, laws and standards&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Reconnaissance Techniques&lt;/td&gt;
&lt;td&gt;~21%&lt;/td&gt;
&lt;td&gt;Footprinting, OSINT, scanning networks (Nmap), enumeration&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;System Hacking Phases and Attack Techniques&lt;/td&gt;
&lt;td&gt;~17%&lt;/td&gt;
&lt;td&gt;Vulnerability analysis, system hacking, privilege escalation, malware (trojans, viruses, worms, fileless)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Network and Perimeter Hacking&lt;/td&gt;
&lt;td&gt;~14%&lt;/td&gt;
&lt;td&gt;Sniffing, social engineering, denial of service, session hijacking, evading IDS/firewalls/honeypots&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Web Application Hacking&lt;/td&gt;
&lt;td&gt;~16%&lt;/td&gt;
&lt;td&gt;Hacking web servers and web apps, SQL injection, OWASP-style flaws&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Wireless Network Hacking&lt;/td&gt;
&lt;td&gt;~6%&lt;/td&gt;
&lt;td&gt;Wireless encryption, wireless attacks, and tools&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Mobile, IoT, and OT Hacking&lt;/td&gt;
&lt;td&gt;~8%&lt;/td&gt;
&lt;td&gt;Mobile platform attacks, IoT and operational-technology threats&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Cloud Computing&lt;/td&gt;
&lt;td&gt;~6%&lt;/td&gt;
&lt;td&gt;Cloud concepts, container and serverless security, cloud attack vectors&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Cryptography&lt;/td&gt;
&lt;td&gt;~6%&lt;/td&gt;
&lt;td&gt;Ciphers, PKI, encryption tools, cryptanalysis attacks&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;Reconnaissance is the heaviest single area at roughly 21%, which reflects&lt;br&gt;
how much of real-world offensive work starts with Nmap scans, OSINT&lt;br&gt;
gathering, and enumeration before anything touches an exploit. Web&lt;br&gt;
application hacking at ~16% is the second-heaviest block, and SQL injection&lt;br&gt;
appears repeatedly across multiple question styles there.&lt;/p&gt;

&lt;p&gt;The exam rewards breadth over depth. A typical question presents a scenario&lt;br&gt;
and a list of tools, then asks which tool fits the described technique, or&lt;br&gt;
which phase of hacking the described activity belongs to. You will see&lt;br&gt;
Nmap, Metasploit, Wireshark, John the Ripper, Aircrack-ng, SQLmap, and&lt;br&gt;
several dozen other tools referenced by name. Knowing what each tool does&lt;br&gt;
and which phase it maps to is more important than knowing how to run them&lt;br&gt;
in a live shell.&lt;/p&gt;

&lt;h2&gt;
  
  
  How hard is the CEH v13?
&lt;/h2&gt;

&lt;p&gt;CEH v13 is a difficulty 3 out of 5. It is broader than Security+, but the&lt;br&gt;
questions are more recall-oriented than the deep analysis that OSCP or even&lt;br&gt;
CASP+ requires. The "mile wide, inch deep" criticism is accurate and worth&lt;br&gt;
taking seriously when you plan your prep strategy.&lt;/p&gt;

&lt;p&gt;The genuinely hard parts are:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;The sheer volume of tools, techniques, and acronyms across 20 domains.
There are hundreds of named tools in the blueprint and you need to know
roughly what each one does.&lt;/li&gt;
&lt;li&gt;The AI additions in v13 are newer, so practice materials for those topics
are thinner than for the core domains. Budget extra time for AI-assisted
attack and defense content.&lt;/li&gt;
&lt;li&gt;The variable cut score. You do not know whether you landed a 60%-cut or
an 85%-cut form until you sit down. Scoring in the high 70s on practice
exams is not a safe buffer.&lt;/li&gt;
&lt;li&gt;The eligibility barrier before you even book the exam. You either complete
official EC-Council training (which bundles the voucher and typically
costs $2,000 or more) or you pay a $100 non-refundable application fee
and document at least 2 years of information-security work experience.
No shortcut around that gate.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The most common failure pattern is underestimating the tool and technique&lt;br&gt;
volume. Candidates who consume a single video course and skip the tool&lt;br&gt;
flashcard work tend to blank on the scenario questions that ask "which of&lt;br&gt;
these tools performs passive fingerprinting" or "which malware type&lt;br&gt;
self-replicates without user interaction." The breadth is the difficulty,&lt;br&gt;
not the depth of any single topic.&lt;/p&gt;

&lt;h2&gt;
  
  
  How long should you study for CEH v13?
&lt;/h2&gt;

&lt;p&gt;EC-Council recommends candidates have a background in information security&lt;br&gt;
before attempting the exam. That recommendation is real - the domains&lt;br&gt;
assume you already know networking basics and general security concepts.&lt;br&gt;
For actual study time:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;With 2+ years of security operations or pen testing experience&lt;/strong&gt;: 4 to
6 weeks at 8 to 10 hours per week&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;With a general IT or networking background and Security+&lt;/strong&gt;: 6 to 8
weeks at 8 to 12 hours per week&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;New to security but with solid IT fundamentals&lt;/strong&gt;: 10 weeks, and
consider CompTIA Security+ first to build the foundational vocabulary&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Switching from a purely defensive (blue team) background&lt;/strong&gt;: 6 to 8
weeks, focused on offensive phases, tools, and the attack-centric
framing the exam uses&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The biggest study mistake is drilling only the domains you already know.&lt;br&gt;
Reconnaissance is ~21% of the exam and most security practitioners have&lt;br&gt;
gaps in wireless (~6%), IoT/OT (~8%), or the specific cryptanalysis&lt;br&gt;
vocabulary. Map your weak domains in week 1 and weight your time there.&lt;/p&gt;

&lt;p&gt;A realistic week-by-week pace for an 8-week plan looks like:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Week 1: Hacking overview, attack phases, kill chain, laws and ethics;
begin tool inventory flashcards&lt;/li&gt;
&lt;li&gt;Week 2: Footprinting, OSINT tools, Nmap scanning, enumeration techniques&lt;/li&gt;
&lt;li&gt;Week 3: Vulnerability analysis, system hacking phases, privilege
escalation methods&lt;/li&gt;
&lt;li&gt;Week 4: Malware types, sniffing, social engineering, DoS/DDoS,
session hijacking&lt;/li&gt;
&lt;li&gt;Week 5: IDS/firewall/honeypot evasion, web server and web app hacking,
SQL injection, OWASP flaws&lt;/li&gt;
&lt;li&gt;Week 6: Wireless attacks, mobile hacking, IoT and OT threats&lt;/li&gt;
&lt;li&gt;Week 7: Cloud security, cryptography, and the AI-assisted techniques
added in v13&lt;/li&gt;
&lt;li&gt;Week 8: Full timed practice exams, tool and phase flashcard review,
weak-domain sweep&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Most shortfalls trace back to the tool-recognition questions in week 2 and&lt;br&gt;
3 content. Reconnaissance and system hacking together account for nearly&lt;br&gt;
40% of the exam. If your flashcards are not covering named tools per phase&lt;br&gt;
by week 3, the timed practice exams in week 8 will feel thin.&lt;/p&gt;

&lt;h2&gt;
  
  
  What does the CEH v13 cost?
&lt;/h2&gt;

&lt;p&gt;The exam voucher alone is about $1,199. That is one of the most expensive&lt;br&gt;
single-exam vouchers in the certification market, and the total cost depends&lt;br&gt;
heavily on which eligibility path you take.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Component&lt;/th&gt;
&lt;th&gt;Range&lt;/th&gt;
&lt;th&gt;Notes&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Exam voucher (remote proctored)&lt;/td&gt;
&lt;td&gt;~$1,199&lt;/td&gt;
&lt;td&gt;One attempt via EC-Council's ECC Exam platform&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Official EC-Council training&lt;/td&gt;
&lt;td&gt;$2,000+&lt;/td&gt;
&lt;td&gt;Bundles the voucher; required unless you apply via experience path&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Experience-path application fee&lt;/td&gt;
&lt;td&gt;$100 non-refundable&lt;/td&gt;
&lt;td&gt;Requires 2+ years documented infosec experience; no training required&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Study course (third-party)&lt;/td&gt;
&lt;td&gt;$30 to $200&lt;/td&gt;
&lt;td&gt;Matt Walker, Total Seminars, or Pluralsight if you go the experience path&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Practice questions&lt;/td&gt;
&lt;td&gt;$0 to $60&lt;/td&gt;
&lt;td&gt;NerdExam has 627 CEH questions; official iLabs is a separate paid add-on&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Total via official training path&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;$2,000 to $3,000+&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Voucher typically bundled but training cost dominates&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Total via experience path&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;$1,300 to $1,600&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;$100 app fee + $1,199 voucher + third-party study materials&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;The price is the most common reason candidates hesitate. CompTIA PenTest+&lt;br&gt;
(PT0-003) covers much of the same conceptual ground for roughly $404. The&lt;br&gt;
reason CEH stays popular despite the cost is its DoD 8570 approval and its&lt;br&gt;
presence on HR job-requirement checklists for government and contractor&lt;br&gt;
roles. For those specific roles, the premium is often unavoidable.&lt;/p&gt;

&lt;p&gt;EC-Council also charges an annual ECE membership fee during the 3-year&lt;br&gt;
cert validity period. Factor that in if you are calculating total cost of&lt;br&gt;
ownership. Retake policy and fees vary; check the EC-Council site before&lt;br&gt;
you book.&lt;/p&gt;

&lt;h2&gt;
  
  
  What salary can you expect after passing?
&lt;/h2&gt;

&lt;p&gt;CEH is primarily a compliance and name-recognition cert, so the salary&lt;br&gt;
ranges reflect the roles it unlocks rather than a direct premium for the&lt;br&gt;
cert itself. 2026 US data from job boards shows:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;SOC analyst or security analyst with CEH&lt;/strong&gt;: $75,000 to $110,000&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Vulnerability analyst or assessor with CEH&lt;/strong&gt;: $90,000 to $125,000&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Penetration tester with CEH&lt;/strong&gt;: $95,000 to $140,000&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Senior offensive security roles with CEH plus 5+ years&lt;/strong&gt;: $130,000 to
$170,000&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;A realistic note on what the cert does and does not do: CEH functions&lt;br&gt;
largely as a hiring filter and a compliance checkbox, especially in&lt;br&gt;
government and defense-contractor environments that require DoD 8570/8140&lt;br&gt;
alignment. You will often see it listed as required for roles where the&lt;br&gt;
actual work is more audit-style than active exploitation. For hands-on&lt;br&gt;
penetration testing teams, OSCP carries significantly more weight with&lt;br&gt;
technical hiring managers. CEH gets you past the HR screen; OSCP gets you&lt;br&gt;
respect in the room. Many candidates hold both.&lt;/p&gt;

&lt;h2&gt;
  
  
  What study resources actually work?
&lt;/h2&gt;

&lt;p&gt;The candidates who pass on the first attempt tend to use a consistent stack&lt;br&gt;
built around breadth and tool recognition:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;One structured course&lt;/strong&gt; covering all 20 modules. Matt Walker's CEH
study guides are the community standard for the experience-path self-
study approach. Total Seminars and Pluralsight both offer solid
video-based coverage.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;A dedicated tool inventory.&lt;/strong&gt; Build a flashcard deck mapping every
named tool to its phase (recon, exploitation, post-exploitation, etc.)
and its category (network scanner, password cracker, packet sniffer,
wireless cracker, web app scanner). The exam uses tool names constantly.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Phase mapping practice.&lt;/strong&gt; Know the five phases of hacking (recon,
scanning, gaining access, maintaining access, covering tracks) and map
every domain activity to one of those phases. Many questions are just
"which phase does this describe."&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;At least 500 practice questions&lt;/strong&gt; before exam day. Include questions
that test tool recognition and attack/defense framing, not just
definitions. Practice under time pressure: 125 questions in 4 hours is
about 115 seconds per question, which is tighter than it sounds when
long scenarios are involved.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Two full-length timed practice exams&lt;/strong&gt; in the final two weeks. If
your score is below the 75% mark on both, push the exam date and work
the weak domains. The variable cut score means you want a real buffer.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Skip brain-dump sites. EC-Council actively pursues cert fraud, and more&lt;br&gt;
practically, the questions on the actual exam are scenario-based in ways&lt;br&gt;
that brain dumps do not prepare you for. You will recognize a question's&lt;br&gt;
answer without understanding why, which leaves you flat when the scenario&lt;br&gt;
twists slightly.&lt;/p&gt;

&lt;p&gt;For the practice question portion, NerdExam has 627 enriched CEH 312-50&lt;br&gt;
questions with full explanations. &lt;a href="https://nerdexam.com/exams/312-50v13/questions/1?utm_source=devto&amp;amp;utm_medium=referral&amp;amp;utm_campaign=hermes&amp;amp;utm_content=ceh-v13-312-50-overview" rel="noopener noreferrer"&gt;Start practicing CEH v13 questions&lt;/a&gt;&lt;br&gt;
to see the tool-recognition and scenario framing before you commit to a&lt;br&gt;
study plan. The explanations map answers back to the five hacking phases&lt;br&gt;
and the relevant domain, which is exactly the mental model the exam tests.&lt;/p&gt;

&lt;h2&gt;
  
  
  Who should NOT take the CEH v13?
&lt;/h2&gt;

&lt;p&gt;The cert is the wrong fit for several common candidate profiles:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;You are&lt;/th&gt;
&lt;th&gt;Take instead&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;On a budget and want hands-on proof of offensive skill&lt;/td&gt;
&lt;td&gt;OSCP or CompTIA PenTest+ (PT0-003) at roughly one-third the cost&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Brand new to security entirely&lt;/td&gt;
&lt;td&gt;CompTIA Security+ first to build the foundational vocabulary&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;A blue-team defender who has no offensive requirement&lt;/td&gt;
&lt;td&gt;CySA+ or GIAC GCIH, which are purpose-built for detection and response&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;A cloud security specialist&lt;/td&gt;
&lt;td&gt;A cloud security cert (AWS Security Specialty, Google PCSE, or CCSP)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Someone who needs pen test credibility with technical teams&lt;/td&gt;
&lt;td&gt;OSCP; CEH is a box-check, OSCP is a proof of work&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;The price-to-value calculation is honest: if you do not need CEH for a&lt;br&gt;
specific role requirement or DoD compliance, you can cover the same&lt;br&gt;
conceptual material for far less money and earn more hands-on credibility&lt;br&gt;
with OSCP or PenTest+. CEH's value is real but narrow. It is the standard&lt;br&gt;
HR filter for government and contractor offensive security roles, and that&lt;br&gt;
is the use case it is optimized for.&lt;/p&gt;

&lt;h2&gt;
  
  
  What's next after CEH v13?
&lt;/h2&gt;

&lt;p&gt;Once CEH is in hand, several paths branch depending on your goal:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Hands-on credibility track&lt;/strong&gt;: CEH Practical (the lab-based companion
exam) is the natural next step. Pass CEH Practical alongside CEH ANSI and
you become a CEH Master, which signals hands-on ability that the multiple-
choice exam alone cannot prove. After that, OSCP is the gold standard for
offensive security credibility with technical teams.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Broader pen testing track&lt;/strong&gt;: CompTIA PenTest+ (PT0-003) or GIAC GPEN
if you want more structured coverage of the pen testing lifecycle beyond
CEH's breadth-over-depth approach.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Defense and detection track&lt;/strong&gt;: If you discover that your work is more
detection and response than offensive, pivot to CompTIA CySA+ or GIAC
GCIH. Many CEH holders end up in hybrid roles where both views matter.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Cloud offensive track&lt;/strong&gt;: CCSP or AWS Security Specialty if your
environment is heavily cloud-based and the Cloud Computing domain was the
area where you felt most engaged.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Most people take 6 to 12 months between CEH and their next cert. Use that&lt;br&gt;
window to put the domains into practice - run a home lab, work through a&lt;br&gt;
CTF platform, or move into a role where you are doing actual vulnerability&lt;br&gt;
assessments. CEH on a resume paired with real work experience is a strong&lt;br&gt;
combination. CEH alone, without applied experience, gets you past the&lt;br&gt;
filter but not much further.&lt;/p&gt;

&lt;p&gt;Ready to start? &lt;a href="https://nerdexam.com/catalog/312-50v13?utm_source=devto&amp;amp;utm_medium=referral&amp;amp;utm_campaign=hermes&amp;amp;utm_content=ceh-v13-312-50-overview" rel="noopener noreferrer"&gt;Browse the full CEH 312-50 question bank on NerdExam&lt;/a&gt;&lt;br&gt;
or jump straight into the &lt;a href="https://nerdexam.com/exams/312-50v13/questions/1?utm_source=devto&amp;amp;utm_medium=referral&amp;amp;utm_campaign=hermes&amp;amp;utm_content=ceh-v13-312-50-overview" rel="noopener noreferrer"&gt;free per-question explanations&lt;/a&gt;.&lt;br&gt;
If you are still weighing whether CEH is the right cert for your situation,&lt;br&gt;
the official EC-Council program page at&lt;br&gt;
&lt;a href="https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/" rel="noopener noreferrer"&gt;eccouncil.org/programs/certified-ethical-hacker-ceh&lt;/a&gt;&lt;br&gt;
has the current eligibility requirements, approved training providers, and&lt;br&gt;
the official blueprint mapped to each domain.&lt;/p&gt;

</description>
      <category>security</category>
      <category>certification</category>
      <category>career</category>
      <category>learning</category>
    </item>
    <item>
      <title>Cisco Certified Network Associate (CCNA 200-301): What's Actually Tested</title>
      <dc:creator>NERDEXAM</dc:creator>
      <pubDate>Mon, 06 Jul 2026 14:01:52 +0000</pubDate>
      <link>https://dev.to/nerdexam/cisco-certified-network-associate-ccna-200-301-whats-actually-tested-ce4</link>
      <guid>https://dev.to/nerdexam/cisco-certified-network-associate-ccna-200-301-whats-actually-tested-ce4</guid>
      <description>&lt;p&gt;The Cisco Certified Network Associate (CCNA 200-301) is the single most&lt;br&gt;
recognized entry credential in networking. The exam is $300, runs 120&lt;br&gt;
minutes, has roughly 100 questions, and requires about 825 out of 1000 to&lt;br&gt;
pass. Most candidates need 10 to 16 weeks of focused study. The questions&lt;br&gt;
mix multiple choice with drag-and-drop and live router/switch simulations,&lt;br&gt;
so pure memorization does not cut it. If you already configure Cisco gear&lt;br&gt;
at work, you can pass in a couple of months. If you are new to networking,&lt;br&gt;
budget the full 16 weeks and spend real time in a lab.&lt;/p&gt;

&lt;h2&gt;
  
  
  The 90-second answer
&lt;/h2&gt;

&lt;p&gt;&lt;strong&gt;Take CCNA 200-301 if&lt;/strong&gt; you want a networking career and you are willing&lt;br&gt;
to learn subnetting, routing, and switching by actually configuring&lt;br&gt;
devices. It is the credential that gets your resume past the filter for&lt;br&gt;
network technician, NOC, help desk, and junior network engineer roles. No&lt;br&gt;
single cert is more widely requested in networking job postings.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Skip CCNA 200-301 if&lt;/strong&gt; you have zero interest in command-line device&lt;br&gt;
configuration or you are chasing cloud or security roles that do not touch&lt;br&gt;
Cisco gear. If you only want to validate general IT fundamentals, CompTIA&lt;br&gt;
Network+ is a gentler, vendor-neutral starting point. Going straight to&lt;br&gt;
CCNA with no networking exposure usually ends in a failed first attempt&lt;br&gt;
and another $300.&lt;/p&gt;

&lt;h2&gt;
  
  
  What does the CCNA 200-301 actually test?
&lt;/h2&gt;

&lt;p&gt;CCNA 200-301 covers six domains. The blueprint has been stable since the&lt;br&gt;
exam consolidated to a single test in 2020, with minor refreshes. Every&lt;br&gt;
question maps to one of these.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Domain&lt;/th&gt;
&lt;th&gt;Weight&lt;/th&gt;
&lt;th&gt;What it covers&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Network Fundamentals&lt;/td&gt;
&lt;td&gt;20%&lt;/td&gt;
&lt;td&gt;OSI/TCP-IP models, cabling, IPv4/IPv6 addressing, subnetting, switches vs routers&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Network Access&lt;/td&gt;
&lt;td&gt;20%&lt;/td&gt;
&lt;td&gt;VLANs, trunking, EtherChannel, STP, wireless LAN concepts, WLC config&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;IP Connectivity&lt;/td&gt;
&lt;td&gt;25%&lt;/td&gt;
&lt;td&gt;Routing tables, static routing, OSPFv2, default gateways, FHRP basics&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;IP Services&lt;/td&gt;
&lt;td&gt;10%&lt;/td&gt;
&lt;td&gt;DHCP, DNS, NAT, NTP, SNMP, syslog, QoS concepts&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Security Fundamentals&lt;/td&gt;
&lt;td&gt;15%&lt;/td&gt;
&lt;td&gt;Access control, port security, ACLs, VPN concepts, WPA, layer 2 threats&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Automation and Programmability&lt;/td&gt;
&lt;td&gt;10%&lt;/td&gt;
&lt;td&gt;REST APIs, JSON, controller-based networking, Ansible/Puppet/Chef concepts, SDN&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;The exam rewards hands-on muscle memory. A simulation question may drop&lt;br&gt;
you into a router CLI and ask you to configure OSPF or fix a VLAN trunk,&lt;br&gt;
then grade your actual configuration. Subnetting shows up everywhere, and&lt;br&gt;
you have to do it fast and in your head, because there is no calculator.&lt;/p&gt;

&lt;p&gt;If you have heard "CCNA is the cert that finally makes subnetting click,"&lt;br&gt;
that is because the exam forces it.&lt;/p&gt;

&lt;h2&gt;
  
  
  How hard is the CCNA 200-301?
&lt;/h2&gt;

&lt;p&gt;CCNA 200-301 is a difficulty 3.5 out of 5. Harder than CompTIA Network+,&lt;br&gt;
much easier than CCNP Enterprise (ENCOR 350-401). Cisco does not publish a&lt;br&gt;
pass rate, but community surveys put first-time pass rates in the 60% to&lt;br&gt;
70% range for people who studied at least 10 weeks and did real labs.&lt;/p&gt;

&lt;p&gt;The hard parts are specific:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Subnetting under time pressure, including VLSM, with no calculator&lt;/li&gt;
&lt;li&gt;Live simulation questions that grade your actual device configuration,
not a multiple-choice guess&lt;/li&gt;
&lt;li&gt;The breadth: six domains spanning switching, routing, services,
security, and automation, so you cannot specialize your way through&lt;/li&gt;
&lt;li&gt;No back button. Cisco exams do not let you flag and return to
questions, so a simulation you get stuck on burns time you cannot recover&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;People who fail CCNA usually fail on pacing and subnetting speed, not on&lt;br&gt;
concepts they never saw. The simulation questions early in the exam are&lt;br&gt;
the classic trap.&lt;/p&gt;

&lt;p&gt;The most common failure pattern looks like this: candidate watches an&lt;br&gt;
entire video course, never racks up real CLI hours, walks in, hits an OSPF&lt;br&gt;
simulation at question 12, spends 18 minutes on it, then rushes the rest&lt;br&gt;
and runs out of time. Final result: fail. Build CLI fluency in week 4,&lt;br&gt;
not week 12, and drill subnetting until you can do a /26 split in under 30&lt;br&gt;
seconds.&lt;/p&gt;

&lt;h2&gt;
  
  
  How long should you study for CCNA 200-301?
&lt;/h2&gt;

&lt;p&gt;Cisco lists no formal prerequisites, but recommends roughly one year of&lt;br&gt;
networking experience. That assumption is baked into the question&lt;br&gt;
difficulty. For actual study time:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;With 1+ year hands-on networking experience&lt;/strong&gt;: 8 to 10 weeks at 8 to
12 hours per week&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;With CompTIA Network+ or some IT background&lt;/strong&gt;: 12 to 14 weeks at 8 to
12 hours per week&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Brand new to networking&lt;/strong&gt;: 16 to 20 weeks, and consider Network+ first
to build vocabulary&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Switching from another vendor (Juniper, Aruba)&lt;/strong&gt;: 8 to 10 weeks,
mostly to learn Cisco IOS syntax and the CCNA blueprint's edges&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The biggest waste of study time is watching videos without touching a CLI.&lt;br&gt;
Build a lab. Cisco Packet Tracer is free and covers most of the blueprint;&lt;br&gt;
GNS3 or EVE-NG with real IOS images go further. Configure VLANs and&lt;br&gt;
trunks, stand up OSPF between three routers, break STP on purpose and fix&lt;br&gt;
it. That hands-on work is what makes simulation questions painless.&lt;/p&gt;

&lt;p&gt;A realistic week-by-week pace for a 12-week plan looks like:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Week 1: OSI/TCP-IP models, cabling, switch vs router basics&lt;/li&gt;
&lt;li&gt;Week 2: IPv4 addressing and subnetting (start drilling now)&lt;/li&gt;
&lt;li&gt;Week 3: VLSM, IPv6 addressing, subnetting speed drills&lt;/li&gt;
&lt;li&gt;Week 4: Switch configuration, VLANs, access vs trunk ports&lt;/li&gt;
&lt;li&gt;Week 5: Spanning Tree Protocol, EtherChannel, port security&lt;/li&gt;
&lt;li&gt;Week 6: Static routing, routing tables, default gateways&lt;/li&gt;
&lt;li&gt;Week 7: OSPFv2 single-area, neighbor adjacencies, troubleshooting&lt;/li&gt;
&lt;li&gt;Week 8: Wireless LAN concepts, WLC configuration, AP modes&lt;/li&gt;
&lt;li&gt;Week 9: IP services (DHCP, DNS, NAT, NTP, SNMP, syslog)&lt;/li&gt;
&lt;li&gt;Week 10: Security (ACLs, VPN concepts, layer 2 threats, WPA)&lt;/li&gt;
&lt;li&gt;Week 11: Automation and programmability (REST, JSON, SDN, Ansible)&lt;/li&gt;
&lt;li&gt;Week 12: Full timed practice exams, simulation drills, subnetting speed&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Most failures trace back to skipping the subnetting reps in weeks 2 and 3.&lt;br&gt;
Subnetting touches Network Fundamentals, IP Connectivity, and IP Services,&lt;br&gt;
which together are well over half the exam.&lt;/p&gt;

&lt;h2&gt;
  
  
  What does the CCNA 200-301 cost?
&lt;/h2&gt;

&lt;p&gt;The exam itself is $300 USD plus any local taxes. Beyond that, total cost&lt;br&gt;
depends on your study path:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Component&lt;/th&gt;
&lt;th&gt;Range&lt;/th&gt;
&lt;th&gt;Notes&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Exam fee&lt;/td&gt;
&lt;td&gt;$300&lt;/td&gt;
&lt;td&gt;One attempt. Retake is another $300, with a 5-day wait after a fail.&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Study course&lt;/td&gt;
&lt;td&gt;$0 to $150&lt;/td&gt;
&lt;td&gt;Jeremy's IT Lab (free on YouTube) or a paid Udemy course at ~$15 on sale&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Practice questions&lt;/td&gt;
&lt;td&gt;$0 to $60&lt;/td&gt;
&lt;td&gt;NerdExam has 1794 CCNA questions if you want a free option&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Lab software&lt;/td&gt;
&lt;td&gt;$0&lt;/td&gt;
&lt;td&gt;Cisco Packet Tracer is free; GNS3 and EVE-NG are free too&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Books&lt;/td&gt;
&lt;td&gt;$0 to $60&lt;/td&gt;
&lt;td&gt;Wendell Odom's Official Cert Guide library is the standard reference&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Total realistic spend&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;$300 to $500&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Cheapest viable path: $300 (exam only)&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;Unlike some vendors, Cisco does not routinely hand out 50% retake&lt;br&gt;
vouchers, so a failed attempt costs the full $300 again. That makes the&lt;br&gt;
"do not book until your practice scores are solid" rule more important here&lt;br&gt;
than on cheaper exams. Cisco does occasionally run promotional pricing or&lt;br&gt;
voucher bundles through partners and the Cisco Learning Network Store, so&lt;br&gt;
check before you buy.&lt;/p&gt;

&lt;h2&gt;
  
  
  What salary can you expect after passing?
&lt;/h2&gt;

&lt;p&gt;CCNA is an entry-to-mid credential, so the salary range is wide and&lt;br&gt;
depends heavily on the role and your experience. 2026 US data from job&lt;br&gt;
boards shows:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Help desk or NOC technician with CCNA&lt;/strong&gt;: $50,000 to $70,000&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Network administrator with CCNA&lt;/strong&gt;: $70,000 to $95,000&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Network engineer with CCNA&lt;/strong&gt;: $90,000 to $130,000&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Senior network engineer with CCNA plus 3+ years&lt;/strong&gt;: $120,000 to
$150,000, often on the path to CCNP&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The cert alone does not deliver the top numbers. CCNA opens the door; the&lt;br&gt;
pay jumps come from production experience and, usually, a follow-on cert&lt;br&gt;
like CCNP. Where you see CCNA pay $60K, the holder is early-career. Where&lt;br&gt;
you see $130K, the holder has years of real network operations behind the&lt;br&gt;
cert.&lt;/p&gt;

&lt;p&gt;A practical note: CCNA is most valuable as a hiring filter. Many network&lt;br&gt;
engineer and NOC postings list it as required or strongly preferred, which&lt;br&gt;
means not having it quietly removes you from the pile before a human reads&lt;br&gt;
your resume. The salary lift is real but indirect. It comes from getting&lt;br&gt;
access to roles you could not apply for without it.&lt;/p&gt;

&lt;h2&gt;
  
  
  What study resources actually work?
&lt;/h2&gt;

&lt;p&gt;The candidates who pass on the first attempt use a consistent stack:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;One structured course&lt;/strong&gt; for breadth. Jeremy's IT Lab on YouTube is
the community favorite and completely free; Wendell Odom's Official
Cert Guide pair is the gold-standard book set if you prefer reading&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;A lab, used daily.&lt;/strong&gt; Cisco Packet Tracer (free) covers most of the
blueprint. GNS3 or EVE-NG with real IOS images go deeper for OSPF and
automation topics&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;A dedicated subnetting drill.&lt;/strong&gt; subnettingpractice.com or a flashcard
app, every day, until a /26 or /28 split is automatic&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;At least 500 practice questions&lt;/strong&gt; before exam day, including
simulation-style questions so the live labs do not surprise you&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Two full-length timed practice exams&lt;/strong&gt; in the final two weeks. Treat
them like the real thing, no breaks, and score honestly. If you are
below 80% on the second one, postpone the real exam&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Skip the brain-dump sites that sell "real exam questions." They are&lt;br&gt;
against Cisco policy, frequently wrong, and they teach you to recognize&lt;br&gt;
answers instead of configure devices, which is exactly what the&lt;br&gt;
simulations punish. Reddit's r/ccna has the most current crowd-sourced&lt;br&gt;
advice on which resources are working this quarter.&lt;/p&gt;

&lt;p&gt;For the practice question portion, NerdExam has 1794 enriched CCNA 200-301&lt;br&gt;
questions with full explanations. &lt;a href="https://nerdexam.com/exams/200-301/questions/1?utm_source=devto&amp;amp;utm_medium=referral&amp;amp;utm_campaign=hermes&amp;amp;utm_content=ccna-200-301-overview" rel="noopener noreferrer"&gt;Start practicing CCNA 200-301 questions&lt;/a&gt;&lt;br&gt;
to see the question style before you commit to a study plan. The free&lt;br&gt;
question explanations alone show you the reasoning the exam expects,&lt;br&gt;
especially for subnetting and routing logic that is hard to absorb from&lt;br&gt;
videos.&lt;/p&gt;

&lt;h2&gt;
  
  
  Who should NOT take CCNA 200-301?
&lt;/h2&gt;

&lt;p&gt;The cert is wrong for these candidates:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;You are&lt;/th&gt;
&lt;th&gt;Take instead&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Brand new to IT entirely&lt;/td&gt;
&lt;td&gt;CompTIA Network+ (or A+) first to build fundamentals&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Focused on cybersecurity, not networking&lt;/td&gt;
&lt;td&gt;CompTIA Security+ or the Cisco CyberOps Associate path&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;A cloud engineer who never touches Cisco gear&lt;/td&gt;
&lt;td&gt;AWS, Azure, or GCP networking certs&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;An experienced network engineer with CCNP-level skills&lt;/td&gt;
&lt;td&gt;Skip CCNA, go straight to CCNP Enterprise (ENCOR 350-401)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Only validating general IT for a help desk role&lt;/td&gt;
&lt;td&gt;CompTIA A+ plus Network+ is a cheaper, broader fit&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;The path matters more than the badge. CCNA is excellent when networking is&lt;br&gt;
your career direction. It is a poor use of three months if your role lives&lt;br&gt;
in the cloud console and never opens an IOS prompt. Hiring managers do not&lt;br&gt;
penalize cloud or security candidates for lacking CCNA; they penalize&lt;br&gt;
networking candidates who cannot subnet.&lt;/p&gt;

&lt;h2&gt;
  
  
  What's next after CCNA 200-301?
&lt;/h2&gt;

&lt;p&gt;Once CCNA is in hand, a few paths open depending on where you want to go:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Enterprise track&lt;/strong&gt;: CCNP Enterprise (ENCOR 350-401 plus a
concentration exam). The natural follow-on for network engineers, and
where the real salary jumps live. Most people do this 12 to 24 months
after CCNA.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Security track&lt;/strong&gt;: CCNP Security, or pivot toward Cisco CyberOps and
CompTIA Security+ if you want to move into a SOC.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Automation track&lt;/strong&gt;: Cisco DevNet Associate (200-901). Pairs well with
CCNA as networking shifts toward automation and infrastructure-as-code.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Data center or service provider track&lt;/strong&gt;: CCNP Data Center or CCNP
Service Provider, if your employer runs that kind of environment.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Most people take 12 to 24 months between CCNA and CCNP. Use that window to&lt;br&gt;
ship real network operations work. CCNA pays off when a hiring manager&lt;br&gt;
sees it next to actual experience, not when it is the only line on your&lt;br&gt;
resume. Note that Cisco certifications expire after three years, so plan to&lt;br&gt;
recertify or move up to CCNP before then.&lt;/p&gt;

&lt;p&gt;Ready to start? &lt;a href="https://nerdexam.com/catalog/200-301?utm_source=devto&amp;amp;utm_medium=referral&amp;amp;utm_campaign=hermes&amp;amp;utm_content=ccna-200-301-overview" rel="noopener noreferrer"&gt;Practice with real CCNA 200-301 questions on NerdExam&lt;/a&gt;&lt;br&gt;
or jump straight into the &lt;a href="https://nerdexam.com/exams/200-301/questions/1?utm_source=devto&amp;amp;utm_medium=referral&amp;amp;utm_campaign=hermes&amp;amp;utm_content=ccna-200-301-overview" rel="noopener noreferrer"&gt;free per-question explanations&lt;/a&gt;.&lt;br&gt;
If you are still building fundamentals first, download Cisco Packet Tracer&lt;br&gt;
from the &lt;a href="https://www.netacad.com/courses/packet-tracer" rel="noopener noreferrer"&gt;Cisco Networking Academy&lt;/a&gt;&lt;br&gt;
and start configuring before you spend a dollar on the exam.&lt;/p&gt;

</description>
      <category>cisco</category>
      <category>networking</category>
      <category>ccna</category>
      <category>certification</category>
    </item>
    <item>
      <title>What's Actually Tested on CAS-005</title>
      <dc:creator>NERDEXAM</dc:creator>
      <pubDate>Sun, 05 Jul 2026 14:01:09 +0000</pubDate>
      <link>https://dev.to/nerdexam/whats-actually-tested-on-cas-005-30fo</link>
      <guid>https://dev.to/nerdexam/whats-actually-tested-on-cas-005-30fo</guid>
      <description>&lt;h2&gt;
  
  
  What the CompTIA SecurityX (CAS-005) Exam Actually Tests
&lt;/h2&gt;

&lt;p&gt;The CAS-005 is CompTIA's advanced-level security certification, replacing CAS-004 and rebranded under the SecurityX name. It targets practitioners with at least ten years of IT experience, including five or more in hands-on security roles. This is not a memorization exam. It tests your ability to analyze scenarios, synthesize competing priorities, and make defensible security decisions in complex enterprise environments.&lt;/p&gt;

&lt;p&gt;If you are preparing, start by reviewing the &lt;a href="https://nerdexam.com/study-guide/cas-005" rel="noopener noreferrer"&gt;CAS-005 study guide&lt;/a&gt; to map your existing knowledge against the domains before you commit to a study schedule.&lt;/p&gt;

&lt;p&gt;The four domain areas below represent the actual content the exam covers. Each section describes what skills are tested, what conceptual depth is expected, and where candidates typically struggle.&lt;/p&gt;




&lt;h2&gt;
  
  
  Governance, Risk, and Compliance
&lt;/h2&gt;

&lt;p&gt;This domain is broader than it sounds. CAS-005 does not test whether you can define risk terminology. It tests whether you can apply risk frameworks to real enterprise scenarios and make trade-off decisions under constraints.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;What is actually tested:&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Selecting and integrating risk frameworks (NIST RMF, ISO 27001, COBIT) in context. You need to know not just what each framework contains but when to use one over another, and how to reconcile conflicting requirements when an organization spans multiple regulatory jurisdictions.&lt;/li&gt;
&lt;li&gt;Third-party and supply chain risk. This includes vendor risk assessment, contractual controls, and evaluating the security posture of partners who have access to your environment or data. Expect scenario-based questions where a supplier introduces risk and you have to determine the appropriate control or response.&lt;/li&gt;
&lt;li&gt;Compliance mapping across overlapping frameworks. Many organizations must satisfy PCI-DSS, HIPAA, SOC 2, and state-level privacy laws simultaneously. The exam tests your ability to identify gaps, avoid duplicating controls, and prioritize remediation based on risk exposure.&lt;/li&gt;
&lt;li&gt;Policy development and enforcement mechanisms. You will be expected to understand how policies cascade from governance documents into technical controls, and how to evaluate whether a policy is enforceable or merely aspirational.&lt;/li&gt;
&lt;li&gt;Risk appetite and risk tolerance. These are not interchangeable terms on this exam. Expect questions that require you to distinguish between the two and justify a security investment or exception decision based on organizational risk appetite.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;Where candidates struggle:&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Most test-takers underestimate this domain because they treat it as soft knowledge. The harder questions here involve multi-part scenarios where legal, operational, and security requirements are in tension. You must be able to articulate why one control satisfies a compliance requirement better than another in a specific context, not just generically.&lt;/p&gt;




&lt;h2&gt;
  
  
  Security Architecture
&lt;/h2&gt;

&lt;p&gt;This is one of the highest-weighted domains on CAS-005 and the area where the exam demands the most systems-level thinking. Architecture questions require you to design, evaluate, and improve security controls across complex, heterogeneous environments.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;What is actually tested:&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Zero Trust architecture principles. This goes well beyond the buzzword. You are expected to understand identity-centric access, micro-segmentation, continuous verification, and how to transition a legacy perimeter-based network toward a Zero Trust model without breaking operations.&lt;/li&gt;
&lt;li&gt;Cloud and hybrid environment design. Questions cover multi-cloud security architecture, workload isolation, cloud-native controls versus third-party solutions, and shared responsibility boundaries. You need to understand how security architecture decisions differ between IaaS, PaaS, and SaaS deployments.&lt;/li&gt;
&lt;li&gt;Secure network design. This includes defense-in-depth segmentation, secure remote access architectures (ZTNA versus traditional VPN), and how to architect networks that support both operational technology (OT) and information technology (IT) environments.&lt;/li&gt;
&lt;li&gt;Cryptographic architecture. Expect questions on key management at scale, public key infrastructure design, certificate lifecycle management, and the architectural implications of algorithm deprecation (including post-quantum considerations).&lt;/li&gt;
&lt;li&gt;Resilience and redundancy. Architecture is not just about preventing attacks. The exam tests your understanding of high availability design, failover strategies, backup architecture, and disaster recovery planning from a security perspective.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;Where candidates struggle:&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Candidates with strong hands-on backgrounds sometimes answer these questions too tactically. When the exam asks what architecture best supports a given requirement, it is looking for design rationale, not a list of specific tools. Practice thinking in terms of trust boundaries, data flows, and control placement.&lt;/p&gt;

&lt;p&gt;The &lt;a href="https://nerdexam.com/exams/cas-005/questions" rel="noopener noreferrer"&gt;CAS-005 practice questions&lt;/a&gt; on NerdExam include scenario-based architecture items that help you develop this kind of structured reasoning.&lt;/p&gt;




&lt;h2&gt;
  
  
  Security Engineering
&lt;/h2&gt;

&lt;p&gt;Security engineering tests your ability to implement and evaluate technical security controls. The difference from architecture is the level of specificity - engineering questions get into the mechanics of how controls work, not just where they fit in a design.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;What is actually tested:&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Identity and access management implementation. This includes federated identity, SAML, OAuth, OIDC, privileged access management (PAM), and how to evaluate IAM implementations for weaknesses. You need to understand not just how these protocols work but what attack vectors they introduce when misconfigured.&lt;/li&gt;
&lt;li&gt;Endpoint and application hardening. Secure baseline configurations, application control, firmware security, and OS-level hardening are all in scope. The exam often presents a scenario where a system is partially hardened and asks you to identify the remaining gaps.&lt;/li&gt;
&lt;li&gt;Vulnerability management at scale. This covers the full cycle from discovery to remediation prioritization. Expect questions on CVSS scoring interpretation, exploitability context, compensating controls, and how to communicate risk from vulnerability findings to non-technical stakeholders.&lt;/li&gt;
&lt;li&gt;Security automation and orchestration. SOAR platforms, scripting for security tasks, and integrating disparate security tools into a cohesive workflow are tested. You do not need to write production code, but you do need to understand how automation changes detection and response timelines.&lt;/li&gt;
&lt;li&gt;Secure development and DevSecOps. The exam covers how to integrate security into CI/CD pipelines, including static analysis, software composition analysis, container security, and secrets management in development workflows.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;Where candidates struggle:&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Engineering questions reward depth. Candidates who know a topic at a conceptual level often lose points here because they cannot distinguish between two technically valid answers that are appropriate in different contexts. Precision matters.&lt;/p&gt;




&lt;h2&gt;
  
  
  Security Operations
&lt;/h2&gt;

&lt;p&gt;This domain tests your ability to respond to threats, investigate incidents, and operate security programs in a sustained way. It is not just about incident response process - it emphasizes analytical judgment and operational decision-making.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;What is actually tested:&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Threat intelligence integration. Consuming, evaluating, and acting on threat intelligence is a core skill. This includes understanding threat actor taxonomy, campaign attribution, indicator management, and how to operationalize intelligence in detection and hunting workflows.&lt;/li&gt;
&lt;li&gt;Incident response and forensics. Expect scenarios that test your ability to prioritize containment versus evidence preservation, scope an incident from initial indicators, and determine appropriate escalation paths. Digital forensics questions cover memory acquisition, log analysis, and chain of custody.&lt;/li&gt;
&lt;li&gt;Detection engineering. Writing and tuning detection logic, reducing false positives, and aligning detections to frameworks like MITRE ATT&amp;amp;CK are all tested. The exam expects you to evaluate detection coverage, not just describe how SIEM tools work.&lt;/li&gt;
&lt;li&gt;Threat hunting. You will be expected to describe a hypothesis-driven hunting approach, identify data sources required for specific hunts, and evaluate the results of a hunt against a known threat model.&lt;/li&gt;
&lt;li&gt;Monitoring and logging architecture. Centralized logging, log retention requirements, and the trade-offs between log fidelity and storage cost are fair game. Expect questions where you must select the most relevant data sources for a given investigation.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;Where candidates struggle:&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Operations candidates who are strong practitioners sometimes rely on experience rather than framework knowledge. This exam rewards candidates who can articulate their operational decisions in structured terms. If you know what you would do in an incident but cannot explain why it aligns with a specific phase of the NIST incident response lifecycle or a comparable framework, you will leave points on the table.&lt;/p&gt;




&lt;h2&gt;
  
  
  How to Use This Structure in Your Prep
&lt;/h2&gt;

&lt;p&gt;The four domains are not equal in weight, and your study plan should reflect that. Start with your weakest area based on an honest self-assessment, then use structured practice to identify specific gaps rather than broad topic review.&lt;/p&gt;

&lt;p&gt;The &lt;a href="https://nerdexam.com/catalog/cas-005" rel="noopener noreferrer"&gt;CAS-005 exam catalog page&lt;/a&gt; has the current domain weightings and exam logistics you need before you register.&lt;/p&gt;

&lt;p&gt;Focus especially on scenario-based practice. The CAS-005 uses performance-based and scenario-anchored questions heavily. Drilling isolated facts will not prepare you for questions that require you to synthesize information across multiple domains and justify a course of action. Practice making decisions, not just recalling definitions.&lt;/p&gt;

</description>
      <category>security</category>
      <category>comptia</category>
      <category>certification</category>
      <category>learning</category>
    </item>
    <item>
      <title>Microsoft Azure DevOps Engineer (AZ-400): What's Actually Tested</title>
      <dc:creator>NERDEXAM</dc:creator>
      <pubDate>Fri, 03 Jul 2026 14:01:51 +0000</pubDate>
      <link>https://dev.to/nerdexam/microsoft-azure-devops-engineer-az-400-whats-actually-tested-53e6</link>
      <guid>https://dev.to/nerdexam/microsoft-azure-devops-engineer-az-400-whats-actually-tested-53e6</guid>
      <description>&lt;p&gt;The Microsoft AZ-400 is the exam that earns you the Azure DevOps Engineer&lt;br&gt;
Expert certification. It runs 100 minutes, costs $165, has roughly 40 to&lt;br&gt;
60 questions, and requires 700 out of 1000 to pass. One critical detail&lt;br&gt;
before you register: passing AZ-400 alone does not award the Expert cert.&lt;br&gt;
You must also hold either AZ-104 (Azure Administrator Associate) or AZ-204&lt;br&gt;
(Azure Developer Associate). If you do not have one of those already, earn&lt;br&gt;
it first. The exam questions assume you are already comfortable operating&lt;br&gt;
Azure at associate level. Most candidates with that foundation need 8 to&lt;br&gt;
12 weeks of focused study to pass.&lt;/p&gt;

&lt;h2&gt;
  
  
  The 90-second answer
&lt;/h2&gt;

&lt;p&gt;&lt;strong&gt;Take AZ-400 if&lt;/strong&gt; you are already an AZ-104 or AZ-204 holder and you&lt;br&gt;
work in, or want to move into, a DevOps or platform engineering role on&lt;br&gt;
Azure. The exam is heavy on Azure Pipelines and GitHub Actions, Git&lt;br&gt;
strategy, Infrastructure as Code, and pipeline security. It validates&lt;br&gt;
exactly the skills those job postings ask for, and it is the only&lt;br&gt;
Microsoft cert that explicitly owns the DevOps Engineer Expert title.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Skip AZ-400 if&lt;/strong&gt; you do not yet have AZ-104 or AZ-204. Go earn one of&lt;br&gt;
those first because you need it anyway. If you are new to Azure entirely,&lt;br&gt;
start with AZ-900 then work toward AZ-104 or AZ-204 before touching this&lt;br&gt;
exam. If your DevOps focus is on AWS, the AWS DevOps Engineer Professional&lt;br&gt;
(DOP-C02) is the better match for your stack.&lt;/p&gt;

&lt;h2&gt;
  
  
  What does the AZ-400 actually test?
&lt;/h2&gt;

&lt;p&gt;AZ-400 covers five domains. The build-and-release-pipeline domain is&lt;br&gt;
enormous and dominates the exam. Everything else is real but secondary&lt;br&gt;
to pipeline fluency.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Domain&lt;/th&gt;
&lt;th&gt;Weight&lt;/th&gt;
&lt;th&gt;What it covers&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Design and implement processes and communications&lt;/td&gt;
&lt;td&gt;10 to 15%&lt;/td&gt;
&lt;td&gt;Agile and DevOps practices, work traceability, metrics and dashboards, notifications, Azure Boards and GitHub integration with Teams&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Design and implement a source control strategy&lt;/td&gt;
&lt;td&gt;15 to 20%&lt;/td&gt;
&lt;td&gt;Git branching models, repository structure, monorepos, Git LFS, pull-request workflows, code review policies&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Design and implement build and release pipelines&lt;/td&gt;
&lt;td&gt;40 to 45%&lt;/td&gt;
&lt;td&gt;Azure Pipelines and GitHub Actions, YAML pipelines, self-hosted and Microsoft-hosted agents, deployment patterns (blue/green, canary, rings), ARM/Bicep/Terraform IaC, Azure Artifacts package management, secrets and quality gates&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Develop a security and compliance plan&lt;/td&gt;
&lt;td&gt;10 to 15%&lt;/td&gt;
&lt;td&gt;Securing pipelines and secrets via Key Vault, dependency and code scanning, GitHub Advanced Security, least-privilege service connections&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Implement an instrumentation strategy&lt;/td&gt;
&lt;td&gt;5 to 10%&lt;/td&gt;
&lt;td&gt;Application Insights and Azure Monitor telemetry, log queries and alerts, feedback loops, site reliability practices&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;The pipeline domain is nearly half the exam on its own. If you are not&lt;br&gt;
comfortable writing YAML pipelines from scratch, fixing broken stage&lt;br&gt;
dependencies, and wiring in Key Vault secret references, that gap will&lt;br&gt;
show on exam day. The exam tests pipeline mechanics at a real depth, not&lt;br&gt;
just conceptual awareness.&lt;/p&gt;

&lt;p&gt;Case-study sections appear in many AZ-400 sittings. Once you submit answers&lt;br&gt;
inside a case-study and move on, Microsoft does not let you return to those&lt;br&gt;
questions. Read each case-study scenario carefully before answering anything&lt;br&gt;
in it.&lt;/p&gt;

&lt;p&gt;The branching strategy questions go deeper than most candidates expect.&lt;br&gt;
You should understand trunk-based development, Gitflow, GitHub Flow, and&lt;br&gt;
the tradeoffs for large teams and release-train models. Monorepo design&lt;br&gt;
and Git LFS also show up, especially in the source control domain.&lt;/p&gt;

&lt;h2&gt;
  
  
  How hard is the AZ-400?
&lt;/h2&gt;

&lt;p&gt;AZ-400 is a difficulty 4 out of 5. It is an expert-level cert by design,&lt;br&gt;
and Microsoft positions it above all Associate certs. The breadth is the&lt;br&gt;
main challenge: you need real fluency across culture and process, source&lt;br&gt;
control, CI/CD pipelines, infrastructure as code, pipeline security, and&lt;br&gt;
monitoring, all within one exam. Community surveys suggest first-time pass&lt;br&gt;
rates for candidates who studied 8 or more weeks sit somewhere in the 55%&lt;br&gt;
to 70% range, though Microsoft does not publish official figures.&lt;/p&gt;

&lt;p&gt;The hard parts are specific:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;YAML pipeline syntax at depth. Multi-stage pipelines with environments,
approvals, variable groups, and Key Vault linkage are common question
territory. You cannot bluff YAML mechanics with conceptual understanding.&lt;/li&gt;
&lt;li&gt;Infrastructure as Code scope. ARM, Bicep, and Terraform all appear.
You do not need to be an expert in all three, but you need to recognize
correct syntax and understand the deployment model for each.&lt;/li&gt;
&lt;li&gt;Case-study no-return rule. Once you advance past a case-study section you
cannot go back, so misreading the scenario burns points you cannot recover.&lt;/li&gt;
&lt;li&gt;The security domain is narrower than a dedicated security cert but tricky.
Questions on GitHub Advanced Security features, service connection
permissions, and Key Vault secret scoping are easy to confuse if you
lack hands-on time with them.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The most common failure pattern is candidates who know Azure Pipelines from&lt;br&gt;
using it but have never written a YAML pipeline from a blank file, managed&lt;br&gt;
a variable group with Key Vault linkage, or configured an environment with&lt;br&gt;
approval gates. Knowing how a CI/CD tool works at a user level is not the&lt;br&gt;
same as knowing how to design and secure one. Build that gap in your study&lt;br&gt;
plan before you book the exam.&lt;/p&gt;

&lt;h2&gt;
  
  
  How long should you study for AZ-400?
&lt;/h2&gt;

&lt;p&gt;Microsoft recommends having the AZ-104 or AZ-204 associate cert plus&lt;br&gt;
practical experience with Azure DevOps and GitHub before sitting this exam.&lt;br&gt;
That is the right baseline. For actual study time from that starting point:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;With daily hands-on Azure Pipelines and GitHub Actions work&lt;/strong&gt;: 6 to 8
weeks at 8 to 10 hours per week&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;With AZ-104 or AZ-204 but limited pipeline experience&lt;/strong&gt;: 10 to 12 weeks
at 8 to 12 hours per week&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;With an associate cert and some pipeline exposure but not deep YAML
experience&lt;/strong&gt;: 12 weeks, weighted toward the pipeline domain in weeks 4
through 9&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Switching from AWS DevOps or another cloud's CI/CD tooling&lt;/strong&gt;: 8 to 10
weeks, mostly to learn Azure-specific pipeline mechanics and IaC tooling&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The single biggest study mistake is treating this as a read-heavy cert.&lt;br&gt;
Azure Pipelines and GitHub Actions reward hands-on reps. Create a free&lt;br&gt;
Azure DevOps organization, build multi-stage YAML pipelines, deploy to&lt;br&gt;
environments with approval gates, link a variable group to Key Vault, and&lt;br&gt;
run a Bicep or Terraform deployment from a pipeline stage. These tasks take&lt;br&gt;
an hour each to set up, and they make the exam questions feel concrete&lt;br&gt;
rather than abstract.&lt;/p&gt;

&lt;p&gt;A realistic week-by-week pace for a 10-week plan looks like:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Week 1: DevOps culture, Agile practices, Azure Boards and GitHub
integration, work traceability and metrics&lt;/li&gt;
&lt;li&gt;Week 2: Git fundamentals review, branching strategies (trunk-based,
Gitflow, GitHub Flow), pull-request policies, code review configuration&lt;/li&gt;
&lt;li&gt;Week 3: Monorepo design, Git LFS, repository scaling approaches&lt;/li&gt;
&lt;li&gt;Week 4: Azure Pipelines foundations, classic vs YAML, agents, triggers&lt;/li&gt;
&lt;li&gt;Week 5: Multi-stage YAML pipelines, environments, approvals, gates&lt;/li&gt;
&lt;li&gt;Week 6: GitHub Actions, reusable workflows, secrets, runner types,
comparison with Azure Pipelines&lt;/li&gt;
&lt;li&gt;Week 7: IaC with ARM, Bicep, and Terraform; pipeline-driven deployments;
deployment patterns (blue/green, canary, rings)&lt;/li&gt;
&lt;li&gt;Week 8: Azure Artifacts, package management, upstream sources, feed
permissions; quality gates and test result integration&lt;/li&gt;
&lt;li&gt;Week 9: Pipeline security, Key Vault integration, service connections,
GitHub Advanced Security, dependency scanning&lt;/li&gt;
&lt;li&gt;Week 10: Application Insights, Azure Monitor, log alerts, feedback
loops; full timed practice exams and case-study drills&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Most failures trace to weeks 4 through 7. If your YAML pipeline skills are&lt;br&gt;
weak, double the time there and cut from the monitoring week, which is the&lt;br&gt;
lightest domain on the exam.&lt;/p&gt;

&lt;h2&gt;
  
  
  What does the AZ-400 cost?
&lt;/h2&gt;

&lt;p&gt;The exam itself is $165 USD plus any applicable local taxes. Total cost&lt;br&gt;
depends on how you study:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Component&lt;/th&gt;
&lt;th&gt;Range&lt;/th&gt;
&lt;th&gt;Notes&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Exam fee&lt;/td&gt;
&lt;td&gt;$165&lt;/td&gt;
&lt;td&gt;One attempt. Retake requires a 24-hour wait after a fail.&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Microsoft Learn&lt;/td&gt;
&lt;td&gt;$0&lt;/td&gt;
&lt;td&gt;The official AZ-400 learning path is free and covers all five domains&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Study course&lt;/td&gt;
&lt;td&gt;$0 to $50&lt;/td&gt;
&lt;td&gt;Many instructors publish AZ-400 courses on Udemy at $12 to $15 on sale&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Practice questions&lt;/td&gt;
&lt;td&gt;$0 to $40&lt;/td&gt;
&lt;td&gt;NerdExam has 619 AZ-400 questions if you want a structured practice option&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Azure DevOps org&lt;/td&gt;
&lt;td&gt;$0&lt;/td&gt;
&lt;td&gt;Free Azure DevOps organization with Basic plan for labs; Azure free tier for resource deployments&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Total realistic spend&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;$165 to $250&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Cheapest viable path: $165 (exam only, using free Microsoft Learn content and free Azure DevOps)&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;Microsoft certification prices vary by country. The $165 figure is the US&lt;br&gt;
price; check the Microsoft Learn certification page for your region before&lt;br&gt;
registering. Microsoft occasionally offers exam vouchers through partners,&lt;br&gt;
learning challenges, and Microsoft events such as Ignite and Build, so&lt;br&gt;
watch for promotions before paying full price.&lt;/p&gt;

&lt;p&gt;One cost that is easy to forget: the annual renewal. Unlike CompTIA or&lt;br&gt;
Cisco certifications with multi-year cycles, Microsoft role-based&lt;br&gt;
certifications expire after one year. Renewal is free and unproctored via&lt;br&gt;
a short online assessment on Microsoft Learn, available within 6 months of&lt;br&gt;
your cert expiry date. Set a calendar reminder. A lapsed cert means the&lt;br&gt;
Expert badge disappears from your transcript until you renew it.&lt;/p&gt;

&lt;h2&gt;
  
  
  What salary can you expect after passing?
&lt;/h2&gt;

&lt;p&gt;AZ-400 is an expert-level cert, and the associated roles sit at mid to&lt;br&gt;
senior levels. 2026 US salary estimates from job boards show:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;DevOps Engineer with AZ-400&lt;/strong&gt;: $115,000 to $155,000&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Azure DevOps / Release Engineer with AZ-400&lt;/strong&gt;: $110,000 to $150,000&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Senior DevOps or Platform Engineer&lt;/strong&gt;: $145,000 to $185,000&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Cloud Engineer with DevOps focus&lt;/strong&gt;: $120,000 to $160,000&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The cert is a hiring signal for roles that already pay well. It will not&lt;br&gt;
turn a junior engineer into a senior one overnight, but it removes you from&lt;br&gt;
the automatic screen-out pile for mid-level DevOps roles, and it gives you&lt;br&gt;
a credible answer when a hiring manager asks how you know Azure pipelines.&lt;br&gt;
The salary impact is clearest when the cert is combined with two or more&lt;br&gt;
years of hands-on Azure DevOps or GitHub Actions work. On a resume with&lt;br&gt;
real project experience behind it, AZ-400 is a genuine differentiator for&lt;br&gt;
Azure-heavy employers.&lt;/p&gt;

&lt;h2&gt;
  
  
  What study resources actually work?
&lt;/h2&gt;

&lt;p&gt;The candidates who pass on the first attempt tend to use a similar stack:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Microsoft Learn AZ-400 learning path&lt;/strong&gt; for breadth. It is official,
free, and maps to every exam domain. Treat it as your outline, not your
only resource. The hands-on exercises in the labs are more valuable than
the reading.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;A personal Azure DevOps organization, used daily.&lt;/strong&gt; Free to create.
Build pipelines that fail, fix them, add environments and approvals, link
Key Vault. Passive reading about YAML pipelines does not prepare you for
writing one under exam conditions.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;GitHub Actions practice.&lt;/strong&gt; Create a free GitHub repository and
replicate your Azure Pipelines workflows as Actions. The comparison
between the two tools is a recurring exam theme, and hands-on experience
with both makes those questions easy.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;An IaC lab.&lt;/strong&gt; Deploy a simple Azure resource via Bicep and via
Terraform from a pipeline stage each. You do not need to be an IaC expert;
you need to know how pipelines consume templates and what the deployment
flow looks like for each.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;At least 400 to 600 practice questions&lt;/strong&gt; before exam day, including
questions on pipeline security and case-study formats.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Two full timed practice exams&lt;/strong&gt; in the final two weeks. If you are
below 75% on the second one, postpone the real exam and spend the extra
time in the pipeline domain.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Skip any site that claims to sell "real exam questions." Beyond the ethical&lt;br&gt;
issue, those dumps train you to recognize memorized answers, not to reason&lt;br&gt;
through a scenario you have never seen, which is exactly what AZ-400's&lt;br&gt;
case-study and design questions require.&lt;/p&gt;

&lt;p&gt;For the practice question portion, NerdExam has 619 enriched AZ-400&lt;br&gt;
questions with full explanations. &lt;a href="https://nerdexam.com/exams/az-400/questions/1?utm_source=devto&amp;amp;utm_medium=referral&amp;amp;utm_campaign=hermes&amp;amp;utm_content=azure-devops-engineer-az-400-overview" rel="noopener noreferrer"&gt;Start practicing AZ-400 questions&lt;/a&gt;&lt;br&gt;
to see the question style and the reasoning the exam expects, particularly&lt;br&gt;
for pipeline design and IaC scenarios where the right answer hinges on a&lt;br&gt;
detail you can only internalize from doing the work.&lt;/p&gt;

&lt;h2&gt;
  
  
  Who should NOT take AZ-400?
&lt;/h2&gt;

&lt;p&gt;The cert is wrong for these candidates:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;You are&lt;/th&gt;
&lt;th&gt;Take instead&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;No Azure associate cert yet&lt;/td&gt;
&lt;td&gt;AZ-104 or AZ-204 first (you need one to earn the Expert cert anyway)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Brand new to Azure entirely&lt;/td&gt;
&lt;td&gt;AZ-900 then AZ-104 or AZ-204 before AZ-400&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;AWS-focused DevOps engineer&lt;/td&gt;
&lt;td&gt;AWS DevOps Engineer Professional (DOP-C02)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Only want CI/CD basics, no cert needed&lt;/td&gt;
&lt;td&gt;Skip and learn Azure Pipelines or GitHub Actions directly on the job&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Targeting Azure architecture, not DevOps&lt;/td&gt;
&lt;td&gt;AZ-305 (Azure Solutions Architect Expert) is the better path&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;The prerequisite structure matters here more than on most exams. If you sit&lt;br&gt;
AZ-400 without an associate cert and somehow pass, you still do not earn&lt;br&gt;
the Expert certification. The badge requires both. That makes attempting&lt;br&gt;
AZ-400 without AZ-104 or AZ-204 a pure waste of a $165 exam fee. Get the&lt;br&gt;
associate cert first. It also ensures your Azure fundamentals are solid&lt;br&gt;
enough that the exam questions on resource configuration and access control&lt;br&gt;
do not slow you down.&lt;/p&gt;

&lt;h2&gt;
  
  
  What's next after AZ-400?
&lt;/h2&gt;

&lt;p&gt;AZ-400 is already an expert-level cert, so there is no natural "next rung"&lt;br&gt;
on the same ladder. The paths from here depend on where you want to grow:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Architecture track&lt;/strong&gt;: AZ-305 (Azure Solutions Architect Expert) pairs
naturally with a DevOps background. The overlap in IaC, networking, and
security design is real, and many senior platform engineers hold both.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Security specialization&lt;/strong&gt;: the Microsoft Cybersecurity Architect (SC-100)
or the AZ-500 (Azure Security Engineer Associate) if you want to deepen
the pipeline security and identity work from AZ-400 into a dedicated
security credential.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Lateral depth&lt;/strong&gt;: AI-900 or AI-102 if your team is adding AI workloads
to the pipelines you already own. Not a deep technical extension, but
useful for teams building ML deployment pipelines.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Renewal, annually.&lt;/strong&gt; Set the reminder now. Microsoft role-based certs
expire after one year. The renewal assessment is free and unproctored on
Microsoft Learn, but you have to do it. A lapsed Expert cert is
surprisingly common and looks careless to hiring managers who check
transcript dates.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The most direct value from AZ-400 comes from the 12 to 24 months after&lt;br&gt;
passing, when you are operating Azure DevOps environments at scale and the&lt;br&gt;
cert maps directly to what you do every day. The Expert badge earns its&lt;br&gt;
keep when a job posting lists it as preferred and you can click through on&lt;br&gt;
your Microsoft Learn transcript to prove it.&lt;/p&gt;

&lt;p&gt;Ready to start? &lt;a href="https://nerdexam.com/catalog/az-400?utm_source=devto&amp;amp;utm_medium=referral&amp;amp;utm_campaign=hermes&amp;amp;utm_content=azure-devops-engineer-az-400-overview" rel="noopener noreferrer"&gt;Browse AZ-400 practice questions on NerdExam&lt;/a&gt;&lt;br&gt;
or jump straight into the&lt;br&gt;
&lt;a href="https://nerdexam.com/exams/az-400/questions/1?utm_source=devto&amp;amp;utm_medium=referral&amp;amp;utm_campaign=hermes&amp;amp;utm_content=azure-devops-engineer-az-400-overview" rel="noopener noreferrer"&gt;free per-question explanations&lt;/a&gt;.&lt;br&gt;
If you want the official exam outline before you plan your study path, the&lt;br&gt;
&lt;a href="https://learn.microsoft.com/credentials/certifications/devops-engineer/" rel="noopener noreferrer"&gt;Microsoft AZ-400 certification page&lt;/a&gt;&lt;br&gt;
has the current skills-measured document and a link to register.&lt;/p&gt;

</description>
      <category>azure</category>
      <category>cloud</category>
      <category>certification</category>
      <category>learning</category>
    </item>
    <item>
      <title>Microsoft Azure Fundamentals (AZ-900): What's Actually Tested</title>
      <dc:creator>NERDEXAM</dc:creator>
      <pubDate>Wed, 01 Jul 2026 14:02:23 +0000</pubDate>
      <link>https://dev.to/nerdexam/microsoft-azure-fundamentals-az-900-whats-actually-tested-8li</link>
      <guid>https://dev.to/nerdexam/microsoft-azure-fundamentals-az-900-whats-actually-tested-8li</guid>
      <description>&lt;p&gt;Microsoft Azure Fundamentals (AZ-900) is the on-ramp to every other Azure&lt;br&gt;
certification and the credential most often listed as "nice to have" in&lt;br&gt;
cloud-adjacent job postings. The exam is $99, runs 45 minutes, has roughly&lt;br&gt;
40 to 60 questions, and requires 700 out of 1000 to pass. Most candidates&lt;br&gt;
need 2 to 4 weeks of light study. The questions test whether you can&lt;br&gt;
describe Azure concepts, not configure them, which makes AZ-900 the&lt;br&gt;
easiest real certification in the Microsoft catalog. If you work in IT in&lt;br&gt;
any capacity, you can pass this with a couple of weekends of focused&lt;br&gt;
reading.&lt;/p&gt;

&lt;h2&gt;
  
  
  The 90-second answer
&lt;/h2&gt;

&lt;p&gt;&lt;strong&gt;Take AZ-900 if&lt;/strong&gt; you're new to cloud, you're about to start an Azure&lt;br&gt;
role, or you need a recognizable credential to put on a resume while you&lt;br&gt;
study for something harder. It's also the right pick if your employer is&lt;br&gt;
moving to Azure and you want shared vocabulary with the people who run it.&lt;br&gt;
At $99 and a 45-minute sitting, the cost-to-credibility ratio is excellent.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Skip AZ-900 if&lt;/strong&gt; you already have hands-on Azure experience and you're&lt;br&gt;
aiming for an admin or engineering role. In that case go straight to&lt;br&gt;
AZ-104 (Azure Administrator). AZ-900 is a knowledge check, not a skills&lt;br&gt;
check, so experienced practitioners often find it too shallow to bother&lt;br&gt;
with on its own.&lt;/p&gt;

&lt;h2&gt;
  
  
  What does the AZ-900 actually test?
&lt;/h2&gt;

&lt;p&gt;AZ-900 tests three domains. Microsoft refreshed the objectives on&lt;br&gt;
January 14, 2026, but only with minor wording changes. The weights below&lt;br&gt;
are the current published ranges. Every question maps to one of these.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Domain&lt;/th&gt;
&lt;th&gt;Weight&lt;/th&gt;
&lt;th&gt;What it covers&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Describe cloud concepts&lt;/td&gt;
&lt;td&gt;25-30%&lt;/td&gt;
&lt;td&gt;Cloud computing, shared responsibility model, public/private/hybrid, IaaS/PaaS/SaaS, consumption-based pricing, serverless&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Describe Azure architecture and services&lt;/td&gt;
&lt;td&gt;35-40%&lt;/td&gt;
&lt;td&gt;Regions, availability zones, resource groups, subscriptions, management groups, VMs, networking, storage, Entra ID, RBAC, Zero Trust&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Describe Azure management and governance&lt;/td&gt;
&lt;td&gt;30-35%&lt;/td&gt;
&lt;td&gt;Cost management, tags, Azure Policy, resource locks, Azure portal, Cloud Shell, Azure Monitor, Advisor, Service Health&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;Notice the word "describe" in every domain title. That's deliberate. You&lt;br&gt;
are never asked to build a virtual network or write a policy. You're asked&lt;br&gt;
which service solves a stated problem, what the shared responsibility&lt;br&gt;
model means, or why you'd use a resource lock. It is recognition and&lt;br&gt;
recall, not configuration.&lt;/p&gt;

&lt;p&gt;The architecture and services domain is the largest at 35 to 40%, so&lt;br&gt;
that's where your study time should concentrate. Most people lose points&lt;br&gt;
there by confusing similar services: Entra ID versus Entra Domain&lt;br&gt;
Services, availability zones versus region pairs, or which storage&lt;br&gt;
redundancy option survives a regional outage.&lt;/p&gt;

&lt;h2&gt;
  
  
  How hard is the AZ-900?
&lt;/h2&gt;

&lt;p&gt;AZ-900 is a difficulty 1 out of 5. It is the gentlest paid certification&lt;br&gt;
Microsoft offers. There is no scenario you have to architect, no command&lt;br&gt;
syntax to memorize, and no time pressure worth worrying about: 45 minutes&lt;br&gt;
for 40 to 60 questions is comfortable.&lt;/p&gt;

&lt;p&gt;The exam is genuinely fair, but a few things still trip people up:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Marketing-sounding answer choices that all "sound right" until you know
the exact service definitions&lt;/li&gt;
&lt;li&gt;Microsoft renaming things (Azure Active Directory became Microsoft Entra
ID, and older study material still uses the old name)&lt;/li&gt;
&lt;li&gt;Drag-and-drop and "select all that apply" questions where you need the
complete set, not just one correct item&lt;/li&gt;
&lt;li&gt;Governance terms that blur together (Azure Policy, resource locks,
management groups, and tags all sound like cost or compliance tools)&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;People who fail AZ-900 almost always studied from outdated free dumps with&lt;br&gt;
wrong service names, or they skipped the management and governance domain&lt;br&gt;
because it sounded boring. That domain is 30 to 35% of the exam. You&lt;br&gt;
cannot afford to skip a third of the test.&lt;/p&gt;

&lt;h2&gt;
  
  
  How long should you study for AZ-900?
&lt;/h2&gt;

&lt;p&gt;Microsoft positions AZ-900 as having no prerequisites and no required&lt;br&gt;
experience. The study time depends entirely on your starting point:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Working in IT already (any stack)&lt;/strong&gt;: 1 to 2 weeks at 5 to 6 hours per
week&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;New to cloud but technically literate&lt;/strong&gt;: 3 to 4 weeks at 5 to 6 hours
per week&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Complete beginner, non-technical background&lt;/strong&gt;: 4 to 6 weeks at 4 to 5
hours per week&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Already using Azure at work&lt;/strong&gt;: a few days of review to map your
hands-on knowledge to the exam's vocabulary&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The most efficient path is Microsoft's own free Learn modules, because the&lt;br&gt;
exam questions are written from the same source material. Create a free&lt;br&gt;
Azure account and click through the portal while you read. Seeing a&lt;br&gt;
resource group, a storage account, and the pricing calculator in the&lt;br&gt;
actual portal makes the abstract terms stick far faster than video&lt;br&gt;
courses do.&lt;/p&gt;

&lt;p&gt;A realistic week-by-week pace for a 3-week study plan looks like:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Week 1: Cloud concepts (IaaS/PaaS/SaaS, public/private/hybrid, shared
responsibility, consumption pricing, serverless)&lt;/li&gt;
&lt;li&gt;Week 2: Azure architecture (regions, availability zones, resource
groups, subscriptions, VMs, virtual networks, storage tiers and
redundancy, Entra ID and RBAC)&lt;/li&gt;
&lt;li&gt;Week 3: Management and governance (cost management, tags, Azure Policy,
resource locks, the portal, Cloud Shell, Azure Monitor and Advisor),
plus practice questions and the free Microsoft practice assessment&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Take the official free practice assessment on Microsoft Learn at least&lt;br&gt;
once before exam day. If you score above 80% on it cold, you're ready.&lt;/p&gt;

&lt;h2&gt;
  
  
  What does the AZ-900 cost?
&lt;/h2&gt;

&lt;p&gt;The exam itself is $99 USD plus any local taxes. Total cost stays low&lt;br&gt;
because the best resources are free:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Component&lt;/th&gt;
&lt;th&gt;Range&lt;/th&gt;
&lt;th&gt;Notes&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Exam fee&lt;/td&gt;
&lt;td&gt;$99&lt;/td&gt;
&lt;td&gt;One attempt. Retake is another $99 if you fail.&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Microsoft Learn modules&lt;/td&gt;
&lt;td&gt;$0&lt;/td&gt;
&lt;td&gt;Official free training, same source as the exam&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Practice questions&lt;/td&gt;
&lt;td&gt;$0 to $30&lt;/td&gt;
&lt;td&gt;NerdExam has 332 AZ-900 questions if you want a free option&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Azure free account&lt;/td&gt;
&lt;td&gt;$0&lt;/td&gt;
&lt;td&gt;Free tier plus $200 credit for the first 30 days&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Official practice assessment&lt;/td&gt;
&lt;td&gt;$0&lt;/td&gt;
&lt;td&gt;Free on Microsoft Learn, mirrors the real exam style&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Total realistic spend&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;$99 to $130&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Cheapest viable path: $99 (exam only)&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;Microsoft regularly runs free AZ-900 voucher campaigns tied to Virtual&lt;br&gt;
Training Days. If you attend one of those free online events, you often&lt;br&gt;
receive a 100% exam voucher afterward, which drops your total cost to&lt;br&gt;
zero. Check the Microsoft Events page before you pay full price.&lt;/p&gt;

&lt;h2&gt;
  
  
  What salary can you expect?
&lt;/h2&gt;

&lt;p&gt;AZ-900 is a foundational cert, so be honest about what it does. It rarely&lt;br&gt;
lands a job on its own, but it signals cloud literacy and is a real&lt;br&gt;
resume line for career changers. US salary data for 2026 shows a wide&lt;br&gt;
range that reflects how varied the roles are:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Entry-level cloud-adjacent roles with AZ-900&lt;/strong&gt;: $65,000 to $90,000&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Average across all "Azure Fundamentals" titled roles&lt;/strong&gt;: $110,000 to
$120,000 (skewed by experienced people who happen to hold it)&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Typical bump from adding AZ-900 to an existing IT salary&lt;/strong&gt;: $5,000 to
$8,000&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;With AZ-900 plus AZ-104 and real Azure work&lt;/strong&gt;: $120,000 to $140,000&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The honest read: AZ-900 by itself is worth a few thousand dollars and a&lt;br&gt;
foot in the door, not a six-figure jump. The real money comes from the&lt;br&gt;
role-based certs it leads to (AZ-104, AZ-204, AZ-305) paired with&lt;br&gt;
hands-on experience. Treat AZ-900 as the cheapest way to prove you're&lt;br&gt;
serious about cloud, then keep going.&lt;/p&gt;

&lt;h2&gt;
  
  
  What study resources actually work?
&lt;/h2&gt;

&lt;p&gt;The candidates who pass on the first attempt keep it simple:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Microsoft Learn AZ-900 learning path&lt;/strong&gt; (free). It's the primary
source the exam is written from. Do not skip the management and
governance modules.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;A free Azure account&lt;/strong&gt; so you can click through the portal, the
pricing calculator, and a sample resource group while you read&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;The official Microsoft practice assessment&lt;/strong&gt; (free), taken at least
twice in your final week&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;John Savill's AZ-900 study cram on YouTube&lt;/strong&gt; (free), a single
recorded session that condenses the whole syllabus for review&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;At least 200 practice questions&lt;/strong&gt; to confirm you recognize service
names and definitions under exam phrasing&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Be careful with free "dump" sites. Many use outdated service names&lt;br&gt;
(Azure Active Directory instead of Microsoft Entra ID) and have wrong&lt;br&gt;
answers that teach you the test incorrectly. Stick to current sources.&lt;/p&gt;

&lt;p&gt;For the practice question portion, NerdExam has 332 enriched AZ-900&lt;br&gt;
questions with full explanations. &lt;a href="https://nerdexam.com/exams/az-900/questions/1?utm_source=devto&amp;amp;utm_medium=referral&amp;amp;utm_campaign=hermes&amp;amp;utm_content=az-900-azure-fundamentals-overview" rel="noopener noreferrer"&gt;Start practicing AZ-900 questions&lt;/a&gt;&lt;br&gt;
to see the exact "describe the service" phrasing before exam day. The free&lt;br&gt;
explanations walk through why each distractor is wrong, which is the&lt;br&gt;
fastest way to stop confusing similar Azure services.&lt;/p&gt;

&lt;h2&gt;
  
  
  Who should NOT take AZ-900?
&lt;/h2&gt;

&lt;p&gt;The cert is the wrong move for these candidates:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;You are&lt;/th&gt;
&lt;th&gt;Take instead&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;An experienced Azure admin&lt;/td&gt;
&lt;td&gt;AZ-104 (Azure Administrator Associate)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;A developer building on Azure&lt;/td&gt;
&lt;td&gt;AZ-204 (Azure Developer Associate)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Targeting a solutions architect role&lt;/td&gt;
&lt;td&gt;AZ-305, after AZ-104&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;A data or AI professional&lt;/td&gt;
&lt;td&gt;DP-900 or AI-900 (the matching fundamentals tracks)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Working primarily in AWS or GCP&lt;/td&gt;
&lt;td&gt;AWS Cloud Practitioner (CLF-C02) or Google Cloud Digital Leader. Match the cert to your stack.&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;The only real mistake with AZ-900 is over-investing in it. It's a&lt;br&gt;
two-to-four-week credential, not a multi-month project. If you find&lt;br&gt;
yourself studying it for two months, you're either using bad materials or&lt;br&gt;
you should have started on a role-based cert.&lt;/p&gt;

&lt;h2&gt;
  
  
  What's next after AZ-900?
&lt;/h2&gt;

&lt;p&gt;AZ-900 is a launching pad, and three paths open up depending on your role:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Administrator track&lt;/strong&gt;: AZ-104 (Azure Administrator Associate). The
most common next step and the one most job postings actually require.
Expect a real jump in difficulty: AZ-104 is hands-on and config-heavy.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Developer track&lt;/strong&gt;: AZ-204 (Azure Developer Associate), for engineers
who build and deploy applications on Azure.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Other fundamentals&lt;/strong&gt;: DP-900 (Data), AI-900 (AI), or SC-900
(Security). These are sibling exams at the same easy level, and stacking
two or three fundamentals signals broad cloud literacy cheaply.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Most people move from AZ-900 to AZ-104 within 3 to 6 months. Use that&lt;br&gt;
window to get real hands-on time in the Azure portal, because every cert&lt;br&gt;
above the fundamentals level assumes you've actually built things, not&lt;br&gt;
just read about them.&lt;/p&gt;

&lt;p&gt;Ready to start? &lt;a href="https://nerdexam.com/catalog/az-900?utm_source=devto&amp;amp;utm_medium=referral&amp;amp;utm_campaign=hermes&amp;amp;utm_content=az-900-azure-fundamentals-overview" rel="noopener noreferrer"&gt;Practice with real AZ-900 questions on NerdExam&lt;/a&gt;&lt;br&gt;
or jump straight into the &lt;a href="https://nerdexam.com/exams/az-900/questions/1?utm_source=devto&amp;amp;utm_medium=referral&amp;amp;utm_campaign=hermes&amp;amp;utm_content=az-900-azure-fundamentals-overview" rel="noopener noreferrer"&gt;free per-question explanations&lt;/a&gt;.&lt;br&gt;
The official Microsoft study guide is also worth a read first:&lt;br&gt;
&lt;a href="https://learn.microsoft.com/en-us/credentials/certifications/resources/study-guides/az-900" rel="noopener noreferrer"&gt;see the AZ-900 skills measured here&lt;/a&gt;.&lt;/p&gt;

</description>
      <category>azure</category>
      <category>cloud</category>
      <category>certification</category>
      <category>learning</category>
    </item>
    <item>
      <title>What's Actually Tested on AZ-305</title>
      <dc:creator>NERDEXAM</dc:creator>
      <pubDate>Wed, 17 Jun 2026 14:02:02 +0000</pubDate>
      <link>https://dev.to/nerdexam/whats-actually-tested-on-az-305-43m7</link>
      <guid>https://dev.to/nerdexam/whats-actually-tested-on-az-305-43m7</guid>
      <description>&lt;h2&gt;
  
  
  What Is on the AZ-305 Exam, and How Should You Prepare?
&lt;/h2&gt;

&lt;p&gt;The AZ-305 Designing Microsoft Azure Infrastructure Solutions exam is not a knowledge quiz. It is a scenario-based assessment that asks you to make architectural decisions under constraint - balancing cost, security, performance, and operational maturity across four core domains. Candidates who pass are not just familiar with Azure services; they can reason through trade-offs and justify a design choice against competing options. If you want to calibrate where your gaps actually are before diving into study, &lt;a href="https://nerdexam.com/exams/az-305/questions" rel="noopener noreferrer"&gt;practice with free AZ-305 questions on NerdExam&lt;/a&gt; and see how you perform against real scenario formats.&lt;/p&gt;

&lt;p&gt;The exam targets architects and senior engineers who are expected to translate business requirements into technical designs. The four domains - design infrastructure solutions, design identity, governance, and monitoring solutions, design data storage solutions, and design business continuity solutions - map directly to the decisions a cloud architect makes every day. Here is what each domain tests, and more importantly, how you need to think to answer correctly.&lt;/p&gt;




&lt;h2&gt;
  
  
  Domain 1: Design Infrastructure Solutions
&lt;/h2&gt;

&lt;p&gt;This domain covers compute, networking, and migration architecture. The core skill is not knowing which Azure services exist - it is knowing when to use one over another, and why.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;The decision framework:&lt;/strong&gt; Every infrastructure question puts a constraint in front of you: lift-and-shift urgency, a specific SLA requirement, a team with no containerization experience, a workload with unpredictable traffic spikes. Your job is to match those constraints to the right architecture tier.&lt;/p&gt;

&lt;p&gt;Consider the compute layer. Azure has at minimum four distinct ways to run application code - Virtual Machines, Azure Kubernetes Service, App Service, and Azure Container Apps - and the exam tests your ability to distinguish them by fit, not by definition. The question is never "what is AKS?" The question is "given a team that already manages Helm charts and needs node-level GPU access, which compute option is correct?" That is a different cognitive task.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Worked example:&lt;/strong&gt; A company needs to migrate a monolithic .NET application with stateful Windows services and a dependency on a third-party COM component. The team wants minimal rearchitecting and a six-week timeline. The answer is Azure Virtual Machines, probably with Azure Migrate to lift the existing workload. App Service would require rearchitecting the COM dependency. AKS would require containerization. The constraint - COM dependency and zero rearchitect budget - makes VM the defensible choice even if containers are the cleaner long-term path.&lt;/p&gt;

&lt;p&gt;Networking architecture within this domain is equally scenario-heavy. Hub-and-spoke topology, Azure Virtual WAN, peering versus VPN Gateway, private endpoints versus service endpoints - these all appear in scenarios that require you to reason about traffic flow, latency, and cost at scale, not just recite definitions.&lt;/p&gt;




&lt;h2&gt;
  
  
  Domain 2: Design Identity, Governance, and Monitoring Solutions
&lt;/h2&gt;

&lt;p&gt;This domain is where many candidates underestimate the complexity. It tests three distinct skill sets that share a single domain bucket: identity and access design, policy and governance architecture, and observability strategy.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;The decision framework for identity:&lt;/strong&gt; Microsoft Entra ID scenarios require you to understand federation, B2B versus B2C, Conditional Access, and Privileged Identity Management at an architectural level. The key discriminator is usually trust boundary - where does the identity originate, and how much control does your tenant have over it?&lt;/p&gt;

&lt;p&gt;For governance, the exam consistently tests management group hierarchy design and Azure Policy versus RBAC as enforcement mechanisms. The distinction matters: RBAC controls what a principal can do with a resource after it exists; Azure Policy controls what resources can exist in the first place. An exam scenario that says "the company needs to ensure no storage accounts are created without private endpoints" is testing Policy, not RBAC.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Worked example:&lt;/strong&gt; A financial services company with three subsidiaries needs each subsidiary to manage its own resources while a central security team enforces encryption-at-rest and approved regions. The correct architecture uses a management group hierarchy with the company root at the top, one management group per subsidiary below it, and policy assignments at the root level for compliance requirements. Subscription-level RBAC then grants each subsidiary team Contributor rights within their own subscriptions. RBAC alone cannot prevent a subsidiary from creating non-compliant resources; only Policy at a parent scope achieves that.&lt;/p&gt;

&lt;p&gt;For monitoring, the exam tests the integration between Azure Monitor, Log Analytics workspaces, Diagnostic Settings, and Microsoft Defender for Cloud. The architectural question is typically about workspace design - centralized versus distributed - and the trade-offs between cost (ingestion, egress) and operational simplicity.&lt;/p&gt;




&lt;h2&gt;
  
  
  Domain 3: Design Data Storage Solutions
&lt;/h2&gt;

&lt;p&gt;This domain covers relational databases, NoSQL, object storage, caching, and data integration. The surface area is large, but the exam focuses tightly on selection criteria and architecture patterns rather than service internals.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;The decision framework:&lt;/strong&gt; Every data storage question has at least one constraint that rules out most options. Query pattern, consistency requirement, data volume, geographic distribution, and team SQL familiarity are the most common discriminators. Learn these as filters, not as a memorization list.&lt;/p&gt;

&lt;p&gt;Azure SQL Database, Azure SQL Managed Instance, and SQL Server on VMs form a spectrum. SQL Database is PaaS with the highest abstraction and lowest operational overhead. Managed Instance adds near-full SQL Server compatibility, including SQL Agent, linked servers, and cross-database queries. SQL on VMs is for scenarios where OS-level access, specific SQL Server versions, or third-party integrations require control that PaaS tiers cannot provide.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Worked example:&lt;/strong&gt; A legacy application uses SQL Server's cross-database queries and SQL Agent jobs extensively. The team wants to reduce patching overhead and move to Azure. Azure SQL Database does not support cross-database queries or SQL Agent. SQL on VMs removes the patching benefit. Azure SQL Managed Instance supports both features and provides managed patching. This is exactly the Managed Instance design sweet spot the exam targets repeatedly.&lt;/p&gt;

&lt;p&gt;For NoSQL storage, Cosmos DB questions test partition key selection strategy - the architectural decision with the largest downstream consequence in Cosmos designs. An exam scenario will describe an access pattern and ask you to identify the correct partition key; the right answer minimizes cross-partition queries for the hot path. The &lt;a href="https://nerdexam.com/study-guide/az-305" rel="noopener noreferrer"&gt;AZ-305 study guide on NerdExam&lt;/a&gt; covers data storage decision trees in depth and is worth working through alongside official Microsoft documentation.&lt;/p&gt;




&lt;h2&gt;
  
  
  Domain 4: Design Business Continuity Solutions
&lt;/h2&gt;

&lt;p&gt;This domain is deceptively specific. It does not test general availability concepts - it tests Azure's concrete mechanisms for backup, disaster recovery, and high availability, and when to use which one.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;The decision framework:&lt;/strong&gt; Every business continuity question begins with two numbers: the Recovery Time Objective (RTO) and the Recovery Point Objective (RPO). RTO is how long you can be down; RPO is how much data you can afford to lose. These two constraints drive the entire architecture. A workload with a 4-hour RTO and 1-hour RPO has completely different design requirements than one with a 15-minute RTO and near-zero RPO.&lt;/p&gt;

&lt;p&gt;Azure Site Recovery, Azure Backup, geo-redundant storage with failover, and Always On availability groups for SQL are the primary mechanisms. The exam tests your ability to match RTO/RPO requirements to the right mechanism and configuration - not just to name the service, but to defend why it fits while the alternatives do not.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Worked example:&lt;/strong&gt; A company runs a Tier-1 ERP application on SQL Server in Azure VMs. The business requires a 30-minute RTO and a 5-minute RPO after a regional failure. Azure Backup alone cannot meet either target - restore times for VMs typically exceed 30 minutes, and backup frequency cannot achieve a 5-minute RPO. The correct design uses Azure Site Recovery for VM replication (enabling near-zero RPO and sub-30-minute failover) combined with SQL Always On availability groups with a replica in the secondary region for the database layer specifically. Azure Backup remains appropriate for long-term retention, but it is not the DR mechanism here.&lt;/p&gt;

&lt;p&gt;Availability Zones versus regional redundancy is another recurring decision in this domain. Availability Zones protect against datacenter-level failure within a region; they do not protect against regional outages. Exam scenarios that describe a legal requirement to maintain data within a single geography while surviving a datacenter fire are testing Availability Zone design, not geo-redundancy.&lt;/p&gt;




&lt;h2&gt;
  
  
  Pulling It Together
&lt;/h2&gt;

&lt;p&gt;The AZ-305 rewards architects who think in constraints rather than catalogs. Memorizing Azure services is insufficient - the exam presents realistic scenarios where three different services could all technically work, and your job is to identify which one fits the specific combination of requirements in front of you.&lt;/p&gt;

&lt;p&gt;Practical preparation involves working through scenario-based questions that reflect actual exam depth. The &lt;a href="https://nerdexam.com/catalog/az-305" rel="noopener noreferrer"&gt;full AZ-305 exam catalog on NerdExam&lt;/a&gt; gives you a structured view of coverage alongside practice resources aligned to each domain. Study the decision frameworks above, practice applying them under timed conditions, and pay particular attention to scenarios where two options seem equally valid - those are the questions where understanding the trade-offs separates passing candidates from repeaters.&lt;/p&gt;

</description>
      <category>azure</category>
      <category>cloud</category>
      <category>certification</category>
      <category>learning</category>
    </item>
    <item>
      <title>AWS Certified Developer Associate (DVA-C02): What's Actually Tested</title>
      <dc:creator>NERDEXAM</dc:creator>
      <pubDate>Mon, 15 Jun 2026 14:02:31 +0000</pubDate>
      <link>https://dev.to/nerdexam/aws-certified-developer-associate-dva-c02-whats-actually-tested-f6o</link>
      <guid>https://dev.to/nerdexam/aws-certified-developer-associate-dva-c02-whats-actually-tested-f6o</guid>
      <description>&lt;p&gt;The AWS Certified Developer Associate (DVA-C02) is the certification for&lt;br&gt;
developers who build and deploy applications on AWS. The exam is $150, runs&lt;br&gt;
130 minutes, has 65 questions, and requires 720 out of 1000 to pass. Most&lt;br&gt;
candidates need 8 to 10 weeks of focused study on top of real development&lt;br&gt;
experience. The questions are almost entirely scenario-based. You are not&lt;br&gt;
reciting API names. You are picking the right Lambda concurrency model, the&lt;br&gt;
right DynamoDB partition key design, or the right CodeDeploy deployment&lt;br&gt;
strategy for a given situation. If you have spent a year writing code that&lt;br&gt;
runs on AWS, you can pass without a course. If you have not, budget the full&lt;br&gt;
10 weeks and build real serverless applications.&lt;/p&gt;

&lt;h2&gt;
  
  
  The 90-second answer
&lt;/h2&gt;

&lt;p&gt;&lt;strong&gt;Take DVA-C02 if&lt;/strong&gt; you write code for a living and your work runs on AWS.&lt;br&gt;
It is the credential that proves you can build with Lambda, DynamoDB, API&lt;br&gt;
Gateway, SQS, and the AWS SDK, not just click through the console. Hiring&lt;br&gt;
managers at companies running serverless workloads specifically screen for&lt;br&gt;
this cert, and it pairs well with SAA-C03 if you already have that one.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Skip DVA-C02 if&lt;/strong&gt; you have never deployed a function to Lambda or read&lt;br&gt;
from DynamoDB in production code. Start with AWS Cloud Practitioner&lt;br&gt;
(CLF-C02) to build vocabulary, or work through SAA-C03 first if you want&lt;br&gt;
the architecture angle before the coding angle. Going into DVA-C02 without&lt;br&gt;
hands-on developer experience usually means a failed first attempt and&lt;br&gt;
another $150.&lt;/p&gt;

&lt;h2&gt;
  
  
  What does the DVA-C02 actually test?
&lt;/h2&gt;

&lt;p&gt;DVA-C02 tests four domains. The weights below are from the official AWS&lt;br&gt;
exam guide and have been stable since the exam launched in 2023. Every&lt;br&gt;
question maps to one of them.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Domain&lt;/th&gt;
&lt;th&gt;Weight&lt;/th&gt;
&lt;th&gt;What it covers&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Development with AWS Services&lt;/td&gt;
&lt;td&gt;32%&lt;/td&gt;
&lt;td&gt;Lambda, containers, API Gateway, DynamoDB data modeling, SQS, SNS, EventBridge, Step Functions, SDK and CLI usage&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Security&lt;/td&gt;
&lt;td&gt;26%&lt;/td&gt;
&lt;td&gt;IAM roles and policies, Cognito user pools and identity pools, KMS encryption, Secrets Manager, SSM Parameter Store, secure API access patterns&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Deployment&lt;/td&gt;
&lt;td&gt;24%&lt;/td&gt;
&lt;td&gt;CI/CD with CodePipeline, CodeBuild, and CodeDeploy; SAM and CloudFormation; Elastic Beanstalk; canary, blue/green, and rolling deployment strategies&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Troubleshooting and Optimization&lt;/td&gt;
&lt;td&gt;18%&lt;/td&gt;
&lt;td&gt;CloudWatch logs and metrics, X-Ray tracing, caching strategies, Lambda cold start optimization, cost and performance tuning&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;The exam rewards developers who have actually shipped code to AWS. A typical&lt;br&gt;
question describes a scenario ("a Lambda function is hitting concurrency&lt;br&gt;
limits during peak traffic, and the team needs to handle the overflow without&lt;br&gt;
dropping events") and asks which combination of services and settings to&lt;br&gt;
apply. You are choosing the solution that fits the stated constraints, not&lt;br&gt;
the most sophisticated one.&lt;/p&gt;

&lt;p&gt;If you have heard "DVA-C02 is all about knowing when NOT to use a service,"&lt;br&gt;
that captures it well. Questions routinely give you four architectures that&lt;br&gt;
all technically work and ask which one is cheapest, most scalable, or&lt;br&gt;
easiest to maintain for a development team.&lt;/p&gt;

&lt;h2&gt;
  
  
  How hard is the DVA-C02?
&lt;/h2&gt;

&lt;p&gt;DVA-C02 is a difficulty 3 out of 5. About the same difficulty as SAA-C03,&lt;br&gt;
but the focus shifts from designing infrastructure to writing and deploying&lt;br&gt;
application code. It is harder than AWS Cloud Practitioner (CLF-C02) and&lt;br&gt;
much easier than AWS DevOps Engineer Professional (DOP-C02). Community&lt;br&gt;
surveys suggest first-time pass rates are in the 65% to 75% range for&lt;br&gt;
candidates who studied at least 6 weeks and had real development experience.&lt;/p&gt;

&lt;p&gt;The hard parts are specific:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;DynamoDB data modeling: partition keys, sort keys, GSIs, LSIs, and access
patterns come up constantly, and wrong design decisions at the data layer
break everything else&lt;/li&gt;
&lt;li&gt;Lambda execution model: cold starts, concurrency limits (reserved vs.
provisioned), event source mappings, and retry behavior are tested deeply&lt;/li&gt;
&lt;li&gt;Security at the code level: knowing the difference between an IAM role
attached to a Lambda, a Cognito identity pool, and a resource-based
policy matters, and the exam distinguishes them carefully&lt;/li&gt;
&lt;li&gt;"Pick TWO" multi-select questions where partial credit does not exist&lt;/li&gt;
&lt;li&gt;Time pressure: 65 questions in 130 minutes is exactly 2 minutes per
question, with no buffer for review&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The most common failure pattern looks like this: candidate takes a video&lt;br&gt;
course, never deploys a real serverless application, walks into the exam,&lt;br&gt;
hits a DynamoDB access-pattern question at question 20, spends 5 minutes&lt;br&gt;
second-guessing, and then rushes the CI/CD section. Final score: 690.&lt;br&gt;
Build real applications in week 2, not week 9. Deploy a Lambda behind an&lt;br&gt;
API Gateway with a DynamoDB table before you have finished your first week&lt;br&gt;
of study.&lt;/p&gt;

&lt;h2&gt;
  
  
  How long should you study for DVA-C02?
&lt;/h2&gt;

&lt;p&gt;AWS recommends at least 1 year of hands-on development experience with AWS&lt;br&gt;
services and proficiency in at least one high-level language (Python, Java,&lt;br&gt;
JavaScript, etc.) plus the AWS SDK and CLI. That baseline is baked into the&lt;br&gt;
question difficulty. For actual study time on top of that experience:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;With 1+ year AWS developer experience&lt;/strong&gt;: 4 to 6 weeks at 8 to 10 hours
per week&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;With 6 to 12 months AWS experience&lt;/strong&gt;: 8 to 10 weeks at 8 to 10 hours
per week&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;No AWS experience&lt;/strong&gt;: 14 to 16 weeks, and you should take CLF-C02 or
SAA-C03 first anyway&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Coming from SAA-C03&lt;/strong&gt;: 4 to 6 weeks; you already know the service
landscape, now learn the SDK and coding patterns deeply&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The biggest waste of study time is reading documentation without writing&lt;br&gt;
code. Build at least three real projects in your AWS account: a Lambda&lt;br&gt;
function triggered by SQS with a dead-letter queue for failures; an API&lt;br&gt;
Gateway endpoint backed by Lambda with Cognito authorizer protecting it;&lt;br&gt;
and a SAM template that deploys all of the above via CodePipeline. That&lt;br&gt;
hands-on work is what makes the scenario questions click. Reading about&lt;br&gt;
Lambda cold starts is forgettable. Debugging one in a real function is not.&lt;/p&gt;

&lt;p&gt;A realistic week-by-week pace for an 8-week study plan looks like:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Week 1: IAM deeply (roles, policies, trust relationships), Lambda
fundamentals, function execution model&lt;/li&gt;
&lt;li&gt;Week 2: API Gateway (REST and HTTP APIs), Lambda integrations, Cognito
user pools and identity pools&lt;/li&gt;
&lt;li&gt;Week 3: DynamoDB data modeling (partition keys, GSIs, query vs. scan,
DAX caching)&lt;/li&gt;
&lt;li&gt;Week 4: SQS, SNS, EventBridge, Step Functions (event-driven patterns)&lt;/li&gt;
&lt;li&gt;Week 5: CodePipeline, CodeBuild, CodeDeploy, Elastic Beanstalk (CI/CD
and deployment strategies)&lt;/li&gt;
&lt;li&gt;Week 6: CloudFormation and SAM, ECS and Fargate basics, S3 events and
presigned URLs&lt;/li&gt;
&lt;li&gt;Week 7: CloudWatch, X-Ray, KMS, Secrets Manager, SSM Parameter Store,
security and observability&lt;/li&gt;
&lt;li&gt;Week 8: Practice exams, weak-area cleanup, exam-day pacing drills&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Most failures happen because candidates treat this like SAA-C03 and focus&lt;br&gt;
on architecture breadth. DVA-C02 goes narrow and deep on the developer&lt;br&gt;
services. Lambda, DynamoDB, and the CI/CD pipeline together cover well over&lt;br&gt;
half the exam.&lt;/p&gt;

&lt;h2&gt;
  
  
  What does the DVA-C02 cost?
&lt;/h2&gt;

&lt;p&gt;The exam itself is $150 USD plus any local taxes. Beyond that, real total&lt;br&gt;
cost depends on your study path:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Component&lt;/th&gt;
&lt;th&gt;Range&lt;/th&gt;
&lt;th&gt;Notes&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Exam fee&lt;/td&gt;
&lt;td&gt;$150&lt;/td&gt;
&lt;td&gt;One attempt. Retake is another $150 if you fail.&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Study course&lt;/td&gt;
&lt;td&gt;$0 to $150&lt;/td&gt;
&lt;td&gt;Stephane Maarek's DVA-C02 course on Udemy at ~$15 during sales&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Practice questions&lt;/td&gt;
&lt;td&gt;$0 to $50&lt;/td&gt;
&lt;td&gt;NerdExam has 803 DVA-C02 questions if you want a free option&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;AWS lab costs&lt;/td&gt;
&lt;td&gt;$20 to $60&lt;/td&gt;
&lt;td&gt;Free tier covers most Lambda and DynamoDB usage; watch your API Gateway call counts&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Books or whitepapers&lt;/td&gt;
&lt;td&gt;$0&lt;/td&gt;
&lt;td&gt;AWS Well-Architected Framework and Serverless Application Lens are free&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Total realistic spend&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;$150 to $400&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Cheapest viable path: $150 (exam only)&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;AWS offers a 50% retake voucher if you fail your first attempt, but only if&lt;br&gt;
you book the retake within 14 days. AWS also drops 50% vouchers for&lt;br&gt;
completing Skill Builder learning plans, so check your Skill Builder account&lt;br&gt;
before you pay full price.&lt;/p&gt;

&lt;h2&gt;
  
  
  What salary can you expect after passing?
&lt;/h2&gt;

&lt;p&gt;DVA-C02 sits in the developer tier, which commands a solid premium over&lt;br&gt;
generalist development roles. Developers who can demonstrate AWS-specific&lt;br&gt;
skills in Lambda, DynamoDB, and CI/CD pipelines routinely close the gap&lt;br&gt;
with their infrastructure-focused peers. 2026 salary estimates from US job&lt;br&gt;
boards show:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Cloud developer or software engineer (cloud)&lt;/strong&gt;: $110,000 to $150,000&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Back-end developer with AWS skills&lt;/strong&gt;: $100,000 to $140,000&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;DevOps-leaning developer roles&lt;/strong&gt;: $120,000 to $160,000&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;With 3+ years and SAA-C03 plus DVA-C02&lt;/strong&gt;: $160,000 and up at companies
running serverless-first workloads&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The cert alone does not deliver those numbers. It signals to hiring managers&lt;br&gt;
that you know how to use AWS as a developer, not just as a console user. The&lt;br&gt;
salary lift is most visible at companies running heavily on Lambda and&lt;br&gt;
managed services, where DVA-C02 skills are directly billable.&lt;/p&gt;

&lt;p&gt;A practical note on negotiation: if you pass DVA-C02 while currently&lt;br&gt;
employed, bring it up before your next performance cycle, not after. The&lt;br&gt;
cert validates a skill set your employer is already benefiting from. Internal&lt;br&gt;
moves with a fresh DVA-C02 alongside real AWS production work historically&lt;br&gt;
clear 8 to 15% base bumps. External moves with DVA-C02 plus 1 to 2 years of&lt;br&gt;
serverless development experience routinely clear 20 to 30%.&lt;/p&gt;

&lt;h2&gt;
  
  
  What study resources actually work?
&lt;/h2&gt;

&lt;p&gt;The candidates who pass on the first attempt use a consistent stack:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;One video course&lt;/strong&gt; for breadth. Stephane Maarek's "Ultimate AWS
Certified Developer Associate" on Udemy is the community favorite at
around $15 on sale. It covers the SDK patterns and DynamoDB modeling
in more depth than most alternatives.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;The AWS Serverless Application Model (SAM) documentation&lt;/strong&gt; (free).
Read the full developer guide and deploy a real SAM application. SAM
questions appear on every sitting.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;A free AWS account&lt;/strong&gt; for hands-on labs (set a $10 billing alert
immediately; Lambda and DynamoDB free tiers are generous but API
Gateway and X-Ray add up quickly in lab scenarios)&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;At least 500 practice questions&lt;/strong&gt; before exam day to build pacing and
expose weak areas in DynamoDB and deployment strategies&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Two full-length timed practice exams&lt;/strong&gt; in the final week. Take them on
a Saturday morning, treat them like the real exam, score honestly. If
you are below 75% on the second one, postpone the real exam.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Skip the brain-dump sites. AWS refreshes DVA-C02 questions regularly, and&lt;br&gt;
the scenario-based format means memorized answers fail in practice anyway.&lt;br&gt;
Reddit's r/AWSCertifications has the most current crowd-sourced advice on&lt;br&gt;
which resources are working this quarter.&lt;/p&gt;

&lt;p&gt;For the practice question portion, NerdExam has 803 enriched DVA-C02&lt;br&gt;
questions with full explanations. &lt;a href="https://nerdexam.com/exams/dva-c02/questions/1?utm_source=devto&amp;amp;utm_medium=referral&amp;amp;utm_campaign=hermes&amp;amp;utm_content=aws-developer-associate-dva-c02-overview" rel="noopener noreferrer"&gt;Start practicing DVA-C02 questions&lt;/a&gt;&lt;br&gt;
to see the question style before you commit to a study plan. The free&lt;br&gt;
explanations show you the reasoning pattern the exam expects, especially for&lt;br&gt;
DynamoDB access patterns and Lambda concurrency, which are harder to absorb&lt;br&gt;
from videos than from working through the questions.&lt;/p&gt;

&lt;h2&gt;
  
  
  Who should NOT take DVA-C02?
&lt;/h2&gt;

&lt;p&gt;The cert is wrong for these candidates:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;You are&lt;/th&gt;
&lt;th&gt;Take instead&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;New to cloud entirely&lt;/td&gt;
&lt;td&gt;AWS Cloud Practitioner (CLF-C02) first&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Focused on cloud architecture and design, not coding&lt;/td&gt;
&lt;td&gt;AWS Solutions Architect Associate (SAA-C03)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;An infrastructure or ops engineer, not a developer&lt;/td&gt;
&lt;td&gt;AWS SysOps Administrator (SOA-C02)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;A non-developer who wants a cloud credential&lt;/td&gt;
&lt;td&gt;SAA-C03 or CLF-C02 - DVA-C02 assumes you write application code&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Already holding SAA-C03 and targeting a senior architecture role&lt;/td&gt;
&lt;td&gt;Solutions Architect Professional (SAP-C02) is the higher-leverage move&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;The path matters more than the individual cert. DVA-C02 is excellent when&lt;br&gt;
your daily work involves writing and deploying application code on AWS. It&lt;br&gt;
is a poor use of 8 weeks if your role lives in Terraform and CloudFormation&lt;br&gt;
templates and you rarely touch the SDK. Hiring managers do not penalize&lt;br&gt;
architects for skipping DVA-C02; they penalize developers who cannot explain&lt;br&gt;
why their Lambda function is timing out.&lt;/p&gt;

&lt;h2&gt;
  
  
  What's next after DVA-C02?
&lt;/h2&gt;

&lt;p&gt;Once DVA-C02 is in hand, three paths open up depending on where you want&lt;br&gt;
to go:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;DevOps and operations track&lt;/strong&gt;: AWS DevOps Engineer Professional
(DOP-C02) is the natural step up. It builds directly on DVA-C02's CI/CD
and deployment knowledge and adds infrastructure automation, monitoring
at scale, and incident response. Most developers do this 12 to 18 months
after DVA-C02.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Architecture breadth track&lt;/strong&gt;: Add SAA-C03 if you do not already have
it, or SOA-C02 for the operations angle. Holding DVA-C02 plus SAA-C03
covers both the build and design sides and makes you competitive for
senior cloud engineer roles.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Specialty track&lt;/strong&gt;: AWS Certified Security (SCS-C02) pairs exceptionally
well with DVA-C02. The security domain is 26% of DVA-C02, and SCS-C02
deepens that into a standalone credential for developers working in
regulated industries.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Most people take 12 to 24 months between DVA-C02 and their next cert. Use&lt;br&gt;
that time to ship real Lambda and serverless production work. The cert pays&lt;br&gt;
off when hiring managers see it alongside actual shipped applications, not&lt;br&gt;
when it is the only AWS line on your resume.&lt;/p&gt;

&lt;p&gt;Ready to start? &lt;a href="https://nerdexam.com/catalog/dva-c02?utm_source=devto&amp;amp;utm_medium=referral&amp;amp;utm_campaign=hermes&amp;amp;utm_content=aws-developer-associate-dva-c02-overview" rel="noopener noreferrer"&gt;Practice with real DVA-C02 questions on NerdExam&lt;/a&gt;&lt;br&gt;
or jump straight into the &lt;a href="https://nerdexam.com/exams/dva-c02/questions/1?utm_source=devto&amp;amp;utm_medium=referral&amp;amp;utm_campaign=hermes&amp;amp;utm_content=aws-developer-associate-dva-c02-overview" rel="noopener noreferrer"&gt;free per-question explanations&lt;/a&gt;.&lt;br&gt;
The official AWS exam guide is also worth reading first:&lt;br&gt;
&lt;a href="https://aws.amazon.com/certification/certified-developer-associate/" rel="noopener noreferrer"&gt;AWS Certified Developer Associate exam page&lt;/a&gt;.&lt;/p&gt;

</description>
      <category>aws</category>
      <category>cloud</category>
      <category>certification</category>
      <category>learning</category>
    </item>
    <item>
      <title>AWS Certified Cloud Practitioner (CLF-C02): What's Actually Tested</title>
      <dc:creator>NERDEXAM</dc:creator>
      <pubDate>Sun, 14 Jun 2026 14:01:52 +0000</pubDate>
      <link>https://dev.to/nerdexam/aws-certified-cloud-practitioner-clf-c02-whats-actually-tested-395</link>
      <guid>https://dev.to/nerdexam/aws-certified-cloud-practitioner-clf-c02-whats-actually-tested-395</guid>
      <description>&lt;p&gt;The AWS Certified Cloud Practitioner (CLF-C02) is the foundational AWS cert and&lt;br&gt;
the most common first step into cloud careers. The exam is $100, runs 90&lt;br&gt;
minutes, has 65 questions, and requires 700 out of 1000 to pass. Most&lt;br&gt;
candidates need 2 to 6 weeks of part-time study. The questions are mostly&lt;br&gt;
definitional and conceptual, not deeply technical. If you already work near&lt;br&gt;
cloud or IT, you can pass in a couple of weekends. If you're brand new to&lt;br&gt;
technology entirely, budget the full 6 weeks and watch a full course.&lt;/p&gt;

&lt;h2&gt;
  
  
  The 90-second answer
&lt;/h2&gt;

&lt;p&gt;&lt;strong&gt;Take CLF-C02 if&lt;/strong&gt; you're new to cloud and want a recognized credential that&lt;br&gt;
proves you understand the AWS vocabulary, the shared responsibility model, and&lt;br&gt;
how billing works. It's the right first cert for career switchers, salespeople,&lt;br&gt;
project managers, recruiters, and anyone supporting cloud teams without writing&lt;br&gt;
infrastructure code.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Skip CLF-C02 if&lt;/strong&gt; you already have hands-on AWS experience and a technical&lt;br&gt;
role. If you can comfortably describe EC2, S3, VPC, and IAM from real work, go&lt;br&gt;
straight to AWS Solutions Architect Associate (SAA-C03). CLF-C02 is foundational&lt;br&gt;
on purpose. Hiring managers for engineering roles rarely weight it, and you'll&lt;br&gt;
get more career return from the associate-level cert.&lt;/p&gt;

&lt;h2&gt;
  
  
  What does the CLF-C02 actually test?
&lt;/h2&gt;

&lt;p&gt;CLF-C02 tests four domains. The current weights took effect with the C02 version&lt;br&gt;
in 2023 and shifted security up and billing down compared to the old C01 exam.&lt;br&gt;
Every scored question maps to one of these.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Domain&lt;/th&gt;
&lt;th&gt;Weight&lt;/th&gt;
&lt;th&gt;What it covers&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Cloud Concepts&lt;/td&gt;
&lt;td&gt;24%&lt;/td&gt;
&lt;td&gt;Benefits of cloud, the AWS Cloud value proposition, cloud economics, the Well-Architected Framework, migration basics&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Security and Compliance&lt;/td&gt;
&lt;td&gt;30%&lt;/td&gt;
&lt;td&gt;Shared responsibility model, IAM, AWS compliance programs, security services (GuardDuty, Shield, WAF), data protection&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Cloud Technology and Services&lt;/td&gt;
&lt;td&gt;34%&lt;/td&gt;
&lt;td&gt;Core compute, storage, networking, database services, ways to deploy and operate, AWS global infrastructure&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Billing, Pricing, and Support&lt;/td&gt;
&lt;td&gt;12%&lt;/td&gt;
&lt;td&gt;Pricing models, Cost Explorer, Budgets, the Pricing Calculator, support plans, account structures&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;The exam is light on tradeoffs and heavy on definitions. A typical question&lt;br&gt;
describes a need ("a company wants to reduce the operational burden of patching&lt;br&gt;
servers") and asks which AWS concept or service fits. You're matching the right&lt;br&gt;
term to the right scenario, not designing an architecture.&lt;/p&gt;

&lt;p&gt;If you've heard CLF-C02 called "the AWS vocabulary test," that's a fair summary.&lt;br&gt;
Knowing what each service does matters far more than knowing how to configure it.&lt;/p&gt;

&lt;h2&gt;
  
  
  How hard is the CLF-C02?
&lt;/h2&gt;

&lt;p&gt;CLF-C02 is a difficulty 1.5 out of 5. It's the easiest AWS cert and one of the&lt;br&gt;
easier entry IT certs overall. Easier than CompTIA A+, much easier than AWS&lt;br&gt;
Solutions Architect Associate (SAA-C03). AWS doesn't publish pass rates, but&lt;br&gt;
community surveys put first-time pass rates well above 80% for candidates who&lt;br&gt;
studied even two weeks.&lt;/p&gt;

&lt;p&gt;The exam is approachable, but people still fail it. The common reasons:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Underestimating it and walking in with zero study, expecting general tech
knowledge to carry them&lt;/li&gt;
&lt;li&gt;Confusing similar service names (Inspector vs Macie vs GuardDuty, or EBS vs
EFS vs S3)&lt;/li&gt;
&lt;li&gt;Missing the shared responsibility model, which shows up repeatedly and trips
up people who guess instead of memorizing the line between "AWS" and "you"&lt;/li&gt;
&lt;li&gt;Skipping billing and support plans because the domain is only 12%, then
losing easy points&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Pacing is not a concern here. 65 questions in 90 minutes is roughly 1.4 minutes&lt;br&gt;
per question, which is generous. Most candidates finish with 30 minutes to spare.&lt;/p&gt;

&lt;p&gt;The most common failure pattern is overconfidence. Someone reads "foundational,"&lt;br&gt;
assumes it means trivial, studies for an afternoon, and gets caught on the&lt;br&gt;
service-identification questions. Two focused weeks beats one rushed evening&lt;br&gt;
every time.&lt;/p&gt;

&lt;h2&gt;
  
  
  How long should you study for CLF-C02?
&lt;/h2&gt;

&lt;p&gt;AWS recommends about 6 months of general AWS exposure before CLF-C02, but unlike&lt;br&gt;
the associate exams, you can pass this one with study alone and no production&lt;br&gt;
experience. Realistic study time:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;With any IT or cloud background&lt;/strong&gt;: 1 to 2 weeks at 5 to 8 hours per week&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Career switcher, non-technical&lt;/strong&gt;: 4 to 6 weeks at 5 to 8 hours per week&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Already work adjacent to AWS (sales, PM, support)&lt;/strong&gt;: 2 to 3 weeks, mostly
to learn service names and the billing model&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Coming from Azure or GCP fundamentals&lt;/strong&gt;: 1 week to map equivalent terms&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The biggest time waster is over-studying. People watch a 14-hour course twice&lt;br&gt;
and grind 1,000 practice questions for an exam that mostly asks "what does this&lt;br&gt;
service do." You do not need labs for CLF-C02, though spinning up one free-tier&lt;br&gt;
EC2 instance and one S3 bucket makes the concepts stick faster than any video.&lt;/p&gt;

&lt;p&gt;A realistic week-by-week pace for a 4-week plan looks like:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Week 1: Cloud concepts, the six benefits of cloud, the Well-Architected
Framework, global infrastructure (Regions, Availability Zones, edge locations)&lt;/li&gt;
&lt;li&gt;Week 2: Core services. Compute (EC2, Lambda), storage (S3, EBS, EFS),
databases (RDS, DynamoDB), networking (VPC, Route 53, CloudFront)&lt;/li&gt;
&lt;li&gt;Week 3: Security and compliance. Shared responsibility model, IAM, security
services, AWS Artifact and compliance programs&lt;/li&gt;
&lt;li&gt;Week 4: Billing and support. Pricing models, Cost Explorer, Budgets, support
plans, then practice exams and weak-area cleanup&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Most people who fail skip week 3. Security and Compliance is the second-heaviest&lt;br&gt;
domain at 30%, and the shared responsibility model alone shows up in several&lt;br&gt;
questions.&lt;/p&gt;

&lt;h2&gt;
  
  
  What does the CLF-C02 cost?
&lt;/h2&gt;

&lt;p&gt;The exam itself is $100 USD plus any local taxes. Beyond that, real total cost&lt;br&gt;
depends on your study path:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Component&lt;/th&gt;
&lt;th&gt;Range&lt;/th&gt;
&lt;th&gt;Notes&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Exam fee&lt;/td&gt;
&lt;td&gt;$100&lt;/td&gt;
&lt;td&gt;One attempt. Retake is another $100 if you fail.&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Study course&lt;/td&gt;
&lt;td&gt;$0 to $20&lt;/td&gt;
&lt;td&gt;AWS Skill Builder has a free official course; Stephane Maarek or Neal Davis on Udemy run ~$15 during sales&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Practice questions&lt;/td&gt;
&lt;td&gt;$0 to $30&lt;/td&gt;
&lt;td&gt;NerdExam has 893 CLF-C02 questions if you want a free option&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;AWS lab costs&lt;/td&gt;
&lt;td&gt;$0&lt;/td&gt;
&lt;td&gt;Free tier covers everything you'd touch for this cert&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Books or whitepapers&lt;/td&gt;
&lt;td&gt;$0&lt;/td&gt;
&lt;td&gt;AWS Cloud Adoption Framework and Well-Architected PDFs are free&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Total realistic spend&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;$100 to $150&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Cheapest viable path: $100 (exam only)&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;AWS offers a 50% retake voucher if you fail your first attempt, but only if you&lt;br&gt;
book the retake within 14 days. AWS also runs free digital training through&lt;br&gt;
Skill Builder, and the AWS Educate program offers exam vouchers to eligible&lt;br&gt;
students, so check before paying full price.&lt;/p&gt;

&lt;h2&gt;
  
  
  What salary can you expect after passing?
&lt;/h2&gt;

&lt;p&gt;CLF-C02 is a door-opener, not a salary multiplier. It signals cloud literacy for&lt;br&gt;
entry roles and adjacent positions, but it doesn't carry the earning power of the&lt;br&gt;
associate and professional certs. 2026 US salary data from job boards shows:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Entry-level cloud support or associate roles&lt;/strong&gt;: $65,000 to $85,000&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Cloud-adjacent roles (sales engineering, project coordination, recruiting)&lt;/strong&gt;:
$75,000 to $95,000&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;National average for CLF-C02 holders early in a cloud career&lt;/strong&gt;: roughly
$85,000&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;With CLF-C02 plus 2 to 3 years experience&lt;/strong&gt;: $95,000 to $120,000, usually
after adding an associate cert&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The honest framing: CLF-C02 helps you get the interview and clear an HR keyword&lt;br&gt;
filter, but it rarely moves a salary number on its own. The real jump comes when&lt;br&gt;
you pair it with hands-on work and follow up with SAA-C03 or a developer cert.&lt;br&gt;
Treat CLF-C02 as the cheapest, fastest way to prove you belong in cloud&lt;br&gt;
conversations, then climb from there.&lt;/p&gt;

&lt;h2&gt;
  
  
  What study resources actually work?
&lt;/h2&gt;

&lt;p&gt;Candidates who pass on the first attempt tend to use a small, simple stack:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;One video course&lt;/strong&gt; for breadth. AWS Skill Builder's official Cloud
Practitioner Essentials course is free; Stephane Maarek's Udemy course (around
$15 on sale) is the community favorite for a slightly faster pace&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;The AWS Cloud Adoption Framework and Well-Architected overview&lt;/strong&gt; (free
PDFs, short reads that map directly to the Cloud Concepts domain)&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;The shared responsibility model diagram&lt;/strong&gt;, printed and memorized. It is the
single highest-yield page for this exam&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;At least 200 practice questions&lt;/strong&gt; to learn the service-identification style
and find your weak domains&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;One full-length timed practice exam&lt;/strong&gt; in your final few days. If you score
above 80%, you're ready. CLF-C02 doesn't need two or three full mocks the way
the associate exams do&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Skip the bootcamps. A $300 course for a $100 foundational exam is poor value.&lt;br&gt;
Skip the printed books, which go stale as AWS renames and adds services. Reddit's&lt;br&gt;
r/AWSCertifications has current crowd-sourced advice on which free resources are&lt;br&gt;
working this quarter.&lt;/p&gt;

&lt;p&gt;For the practice question portion, NerdExam has 893 enriched CLF-C02 questions&lt;br&gt;
with full explanations. &lt;a href="https://nerdexam.com/exams/clf-c02/questions/1?utm_source=devto&amp;amp;utm_medium=referral&amp;amp;utm_campaign=hermes&amp;amp;utm_content=aws-cloud-practitioner-clf-c02-overview" rel="noopener noreferrer"&gt;Start practicing CLF-C02 questions&lt;/a&gt;&lt;br&gt;
to see the question style before you commit to a study plan. The free question&lt;br&gt;
explanations show you the service-matching pattern the exam expects, which is the&lt;br&gt;
exact skill CLF-C02 rewards.&lt;/p&gt;

&lt;h2&gt;
  
  
  Who should NOT take CLF-C02?
&lt;/h2&gt;

&lt;p&gt;The cert is wrong for these candidates:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;You are&lt;/th&gt;
&lt;th&gt;Take instead&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;An engineer with real AWS production experience&lt;/td&gt;
&lt;td&gt;AWS Solutions Architect Associate (SAA-C03) directly&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;A developer building on AWS&lt;/td&gt;
&lt;td&gt;AWS Certified Developer Associate (DVA-C02)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;A SysOps or operations admin&lt;/td&gt;
&lt;td&gt;AWS Certified SysOps Administrator (SOA-C02)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Already holding any AWS associate cert&lt;/td&gt;
&lt;td&gt;Skip CLF-C02 entirely. It's foundational and adds nothing on top&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Working primarily in Azure or GCP&lt;/td&gt;
&lt;td&gt;The matching Azure (AZ-900) or Google (Cloud Digital Leader) fundamentals cert. Don't context-switch unless your job requires AWS&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;The risk with CLF-C02 is spending money to prove something you've already&lt;br&gt;
outgrown. If you can already explain the core services from memory, the exam is&lt;br&gt;
a formality that won't change how hiring managers see you. Foundational means&lt;br&gt;
foundational. Use it as a starting line, not a destination.&lt;/p&gt;

&lt;h2&gt;
  
  
  What's next after CLF-C02?
&lt;/h2&gt;

&lt;p&gt;Once CLF-C02 is in hand, the path forward is clear:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Architect track&lt;/strong&gt;: AWS Solutions Architect Associate (SAA-C03). The natural,
highest-value next step and the cert most cloud job postings actually ask for.
Most people move here within 3 to 6 months of CLF-C02&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Developer track&lt;/strong&gt;: AWS Certified Developer Associate (DVA-C02) if you write
application code that runs on AWS&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Operations track&lt;/strong&gt;: AWS Certified SysOps Administrator (SOA-C02) if you run
and monitor infrastructure&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Multi-cloud literacy&lt;/strong&gt;: Azure Fundamentals (AZ-900) or Google Cloud Digital
Leader if your organization runs more than one cloud&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Most people take 1 to 4 months between CLF-C02 and an associate cert. Use that&lt;br&gt;
time to get real hands-on practice in a free-tier account. CLF-C02 proves you&lt;br&gt;
know the words. The associate certs prove you can build, and that's where the&lt;br&gt;
salary lives.&lt;/p&gt;

&lt;p&gt;Ready to start? &lt;a href="https://nerdexam.com/catalog/clf-c02?utm_source=devto&amp;amp;utm_medium=referral&amp;amp;utm_campaign=hermes&amp;amp;utm_content=aws-cloud-practitioner-clf-c02-overview" rel="noopener noreferrer"&gt;Practice with real CLF-C02 questions on NerdExam&lt;/a&gt;&lt;br&gt;
or browse the &lt;a href="https://nerdexam.com/exams/clf-c02/questions/1?utm_source=devto&amp;amp;utm_medium=referral&amp;amp;utm_campaign=hermes&amp;amp;utm_content=aws-cloud-practitioner-clf-c02-overview" rel="noopener noreferrer"&gt;free per-question explanations&lt;/a&gt;.&lt;br&gt;
The AWS Cloud Practitioner Essentials course is also worth working through first:&lt;br&gt;
&lt;a href="https://aws.amazon.com/certification/certified-cloud-practitioner/" rel="noopener noreferrer"&gt;start it on AWS Skill Builder&lt;/a&gt;.&lt;/p&gt;

</description>
      <category>aws</category>
      <category>cloud</category>
      <category>certification</category>
      <category>learning</category>
    </item>
    <item>
      <title>CompTIA Security+ Study Guide: A 10-Week Plan for SY0-701</title>
      <dc:creator>NERDEXAM</dc:creator>
      <pubDate>Mon, 08 Jun 2026 14:01:58 +0000</pubDate>
      <link>https://dev.to/nerdexam/comptia-security-study-guide-a-10-week-plan-for-sy0-701-2610</link>
      <guid>https://dev.to/nerdexam/comptia-security-study-guide-a-10-week-plan-for-sy0-701-2610</guid>
      <description>&lt;p&gt;The CompTIA Security+ SY0-701 exam is the most popular entry-level&lt;br&gt;
cybersecurity certification and one of the most-cited credentials in&lt;br&gt;
DoD 8140 baseline job postings. Pass at 750 out of 900. 90 questions in&lt;br&gt;
90 minutes. $404 USD per attempt. Most candidates need 8 to 12 weeks of&lt;br&gt;
focused study to pass on the first try. This guide is the actual&lt;br&gt;
week-by-week plan, the resources that work, and the exam-day mistakes&lt;br&gt;
that cost people their voucher.&lt;/p&gt;

&lt;h2&gt;
  
  
  The 90-second answer
&lt;/h2&gt;

&lt;p&gt;&lt;strong&gt;Plan 10 weeks at 8 to 10 hours per week.&lt;/strong&gt; Professor Messer's free&lt;br&gt;
YouTube series carries the instruction. NerdExam covers the practice&lt;br&gt;
questions. A printed exam objectives document is your single source of&lt;br&gt;
truth for scope. That's the entire stack. Total cash spend if you&lt;br&gt;
self-fund: $404 for the voucher.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Add Mike Chapple's Sybex book if&lt;/strong&gt; you prefer reading to watching.&lt;br&gt;
Add CertMaster Labs ($175) if you have zero hands-on security&lt;br&gt;
experience. Skip the $300 bootcamps. They compress 10 weeks of&lt;br&gt;
material into 1 week of cramming and the retention rate is terrible.&lt;/p&gt;

&lt;p&gt;The first-attempt pass rate among candidates who score 80%+ on three&lt;br&gt;
full timed practice exams (90 questions, 90 minutes, no breaks) is&lt;br&gt;
roughly 90%. The pass rate among candidates who skip practice exams is&lt;br&gt;
roughly 50%. Practice exams are the single most useful activity in&lt;br&gt;
this plan and the easiest to skip.&lt;/p&gt;

&lt;h2&gt;
  
  
  How long should I study for Security+?
&lt;/h2&gt;

&lt;p&gt;Most candidates need 8 to 12 weeks at 8 to 10 hours per week. The&lt;br&gt;
honest variance comes from prior experience, not study material&lt;br&gt;
quality.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Your background&lt;/th&gt;
&lt;th&gt;Realistic study window&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;2+ years IT admin experience, no security focus&lt;/td&gt;
&lt;td&gt;8 to 10 weeks&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Active sysadmin or net admin role&lt;/td&gt;
&lt;td&gt;6 to 8 weeks&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Network+ certified, some security exposure&lt;/td&gt;
&lt;td&gt;6 to 8 weeks&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Career changer with no IT background&lt;/td&gt;
&lt;td&gt;14 to 18 weeks; consider Network+ first&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Active SOC analyst or security engineer&lt;/td&gt;
&lt;td&gt;4 to 6 weeks for refresher only&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;College student studying cybersecurity&lt;/td&gt;
&lt;td&gt;10 to 14 weeks&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;The biggest predictor of pass-on-first-try is hands-on time, not study&lt;br&gt;
hours. Two candidates with the same 80 hours of study will see very&lt;br&gt;
different scores if one of them did command-line work (nmap, Wireshark&lt;br&gt;
captures, SSH key generation) and the other watched videos. Build at&lt;br&gt;
least 20 hours of lab time into the 10-week plan.&lt;/p&gt;

&lt;h2&gt;
  
  
  What's actually tested on Security+ SY0-701?
&lt;/h2&gt;

&lt;p&gt;Security+ SY0-701 tests five domains. CompTIA updated the weights when&lt;br&gt;
they retired SY0-601 in mid-2024. Every question maps to one domain.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Domain&lt;/th&gt;
&lt;th&gt;Weight&lt;/th&gt;
&lt;th&gt;What it covers&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;General Security Concepts&lt;/td&gt;
&lt;td&gt;12%&lt;/td&gt;
&lt;td&gt;CIA triad, AAA, change management, cryptographic solutions, zero trust&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Threats, Vulnerabilities, and Mitigations&lt;/td&gt;
&lt;td&gt;22%&lt;/td&gt;
&lt;td&gt;Threat actors, attack surfaces, malware classification, vuln analysis, indicators of compromise&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Security Architecture&lt;/td&gt;
&lt;td&gt;18%&lt;/td&gt;
&lt;td&gt;Network, infra, application, and cloud security architecture; resilience and recovery&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Security Operations&lt;/td&gt;
&lt;td&gt;28%&lt;/td&gt;
&lt;td&gt;Hardening, asset management, vuln management, monitoring, incident response, forensics&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Security Program Management and Oversight&lt;/td&gt;
&lt;td&gt;20%&lt;/td&gt;
&lt;td&gt;Risk, governance, audit, vendor assessment, security awareness, compliance&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;Two domains carry 50% of the weight: Security Operations (28%) and&lt;br&gt;
Threats / Vulnerabilities / Mitigations (22%). Spend the most study&lt;br&gt;
time there and the math works in your favor.&lt;/p&gt;

&lt;p&gt;The exam mix is roughly 75% multiple-choice and 25% performance-based&lt;br&gt;
questions (PBQs). PBQs are simulated environments where you might be&lt;br&gt;
asked to drag firewall rules into the right order, classify network&lt;br&gt;
traffic from a Wireshark snippet, or identify the attack from a syslog&lt;br&gt;
sample. PBQs are time-expensive and stress-inducing. Plan to skip them&lt;br&gt;
on the first pass and return when you've answered the easier MCQs.&lt;/p&gt;

&lt;h2&gt;
  
  
  How do I structure a 10-week study plan?
&lt;/h2&gt;

&lt;p&gt;The 10-week structure below tracks the official exam objectives in&lt;br&gt;
roughly the order CompTIA presents them, with the heaviest-weight&lt;br&gt;
domains getting extra time. Hours assume 8 to 10 hours per week.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Week&lt;/th&gt;
&lt;th&gt;Focus&lt;/th&gt;
&lt;th&gt;Deliverable&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;1&lt;/td&gt;
&lt;td&gt;General security concepts, CIA, AAA, change management&lt;/td&gt;
&lt;td&gt;Watch Messer 1.1-1.4, write a 1-page CIA summary in your own words&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;2&lt;/td&gt;
&lt;td&gt;Cryptographic solutions, PKI, hashing, key exchange&lt;/td&gt;
&lt;td&gt;Generate an RSA key pair, sign and verify a file with openssl, document the steps&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;3&lt;/td&gt;
&lt;td&gt;Threat actors, attack surfaces, social engineering&lt;/td&gt;
&lt;td&gt;Map a phishing email's red flags. Read CISA's Known Exploited Vulnerabilities catalog.&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;4&lt;/td&gt;
&lt;td&gt;Malware classification, indicators of compromise&lt;/td&gt;
&lt;td&gt;Capture a process tree on your own machine. Identify 3 normal vs 3 suspicious patterns.&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;5&lt;/td&gt;
&lt;td&gt;Network and infra security architecture, zero trust&lt;/td&gt;
&lt;td&gt;Build a home lab firewall (pfSense or OPNsense in a VM). Configure two zones.&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;6&lt;/td&gt;
&lt;td&gt;Application and cloud security architecture&lt;/td&gt;
&lt;td&gt;Walk through OWASP Top 10. Run a SQL injection demo on a deliberately vulnerable app.&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;7&lt;/td&gt;
&lt;td&gt;Security operations: hardening, monitoring, incident response&lt;/td&gt;
&lt;td&gt;Set up Splunk Free or Wazuh. Ingest your own VM logs. Build 2 alert rules.&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;8&lt;/td&gt;
&lt;td&gt;Forensics, automation, vendor management&lt;/td&gt;
&lt;td&gt;Take 2 full practice exams under timed conditions. Score honestly.&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;9&lt;/td&gt;
&lt;td&gt;Risk, governance, audit, compliance frameworks&lt;/td&gt;
&lt;td&gt;Map NIST CSF v2.0 functions to specific Azure or AWS services.&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;10&lt;/td&gt;
&lt;td&gt;Practice exams + weak-area cleanup&lt;/td&gt;
&lt;td&gt;Take 3 timed practice exams. Postpone exam if you're not at 80%+.&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;The single biggest miss in self-study plans is skipping week 8 lab&lt;br&gt;
work for incident response. Roughly a quarter of SY0-701 questions&lt;br&gt;
expect you to know what a real alert looks like, what triage steps&lt;br&gt;
follow, and what evidence preservation requires. Reading about it&lt;br&gt;
doesn't stick. Configuring Splunk or Wazuh does.&lt;/p&gt;

&lt;p&gt;If you fall behind in any week, push schedule by 1 week rather than&lt;br&gt;
compressing material. Compressed material doesn't retain. The exam&lt;br&gt;
asks you to recognize patterns under time pressure, not regurgitate&lt;br&gt;
facts.&lt;/p&gt;

&lt;h2&gt;
  
  
  Which Security+ study resources are worth using?
&lt;/h2&gt;

&lt;p&gt;The candidates who pass on the first attempt use a consistent stack&lt;br&gt;
of free and low-cost resources. Anything beyond this stack is&lt;br&gt;
optional.&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Professor Messer's SY0-701 video series&lt;/strong&gt; (free, ~50 hours of
YouTube videos). The community gold standard. Watch at 1.25x
playback for first pass, real-time for review.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;CompTIA Security+ SY0-701 exam objectives PDF&lt;/strong&gt; (free, 24 pages).
Print it. Highlight every sub-objective as you cover it. Don't
trust any study material that doesn't map to this document.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Mike Chapple "CompTIA Security+ Study Guide: SY0-701"&lt;/strong&gt; ($40
Sybex book). Strong supplement if you prefer reading. Skip if
Messer's videos work for you.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;A practice question bank with 800+ questions&lt;/strong&gt; for pacing and
weak-area discovery&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;CertMaster Labs SY0-701&lt;/strong&gt; ($175). Worth it if you have zero
security hands-on experience. Skip if you've ever configured a
firewall, run nmap, or read Wireshark output.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;3 full-length timed practice exams&lt;/strong&gt; in weeks 8 and 10. Take
them on a Saturday morning, treat them like the real exam, score
honestly. If you're below 80%, postpone the real exam.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Skip the $300 bootcamps. They compress 10 weeks into 5 days and the&lt;br&gt;
material doesn't stick. Skip the $80 mobile flashcard apps unless&lt;br&gt;
you're a flashcard person already; the time is better spent on&lt;br&gt;
practice questions with explanations.&lt;/p&gt;

&lt;p&gt;For the practice question portion, NerdExam has 1,056 enriched&lt;br&gt;
SY0-701 questions with full explanations covering all five domains.&lt;br&gt;
&lt;a href="https://nerdexam.com/exams/sy0-701/questions/1" rel="noopener noreferrer"&gt;Start practicing Security+ questions&lt;/a&gt; to&lt;br&gt;
see the question style before you commit to the full plan. The&lt;br&gt;
explanations show the reasoning pattern the exam expects, which is&lt;br&gt;
harder to learn from videos than from doing the questions.&lt;/p&gt;

&lt;h2&gt;
  
  
  How do I practice for the performance-based questions?
&lt;/h2&gt;

&lt;p&gt;PBQs require hands-on configuration, not memorization. The fastest&lt;br&gt;
way to prepare is to build a small home lab and practice the same&lt;br&gt;
five scenarios that CompTIA cycles through on every exam version.&lt;/p&gt;

&lt;p&gt;The five PBQ scenarios you should drill before exam day:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Firewall rule ordering&lt;/strong&gt;: given a set of rules and a desired
policy, drag the rules into the right order. Practice in pfSense
or OPNsense in a VM.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Log analysis&lt;/strong&gt;: identify the attack from a 10 to 20 line syslog
or Wireshark snippet. Practice with Wireshark sample captures and
sample Splunk logs.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Cryptography selection&lt;/strong&gt;: pick the right algorithm for a given
use case (data at rest, data in transit, integrity verification).&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Wireless security configuration&lt;/strong&gt;: configure WPA3 vs WPA2-PSK
vs Enterprise auth correctly for a stated scenario.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Incident response sequencing&lt;/strong&gt;: drag the IR phases into the
right order for a stated breach scenario (NIST 800-61 sequence).&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;The home lab to support this fits on any modern laptop. A free&lt;br&gt;
VirtualBox installation, two Linux VMs (one Ubuntu, one Kali), a&lt;br&gt;
pfSense VM as the firewall between them, and a Windows 10 evaluation&lt;br&gt;
VM as a Windows attack target. Total hardware cost: zero. Build time:&lt;br&gt;
about 4 hours.&lt;/p&gt;

&lt;p&gt;CertMaster Labs replicates a similar environment in-browser at $175&lt;br&gt;
if you'd rather not build it yourself. The decision usually comes&lt;br&gt;
down to whether you'll re-use the home lab after Security+ (Net+,&lt;br&gt;
SY0-701 to CySA+ to Pentest+, or self-directed security learning).&lt;br&gt;
The candidates who go on to a security analyst role get more value&lt;br&gt;
from owning the lab. The candidates who just want the cert get more&lt;br&gt;
value from CertMaster Labs.&lt;/p&gt;

&lt;h2&gt;
  
  
  What are the biggest exam-day mistakes?
&lt;/h2&gt;

&lt;p&gt;Most Security+ failures happen because of pacing or PBQ mismanagement,&lt;br&gt;
not because of knowledge gaps. The same 4 mistakes show up in&lt;br&gt;
post-mortems on Reddit's r/CompTIA every week:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Spending 8+ minutes on the first PBQ.&lt;/strong&gt; The exam often opens
with one. People panic, over-invest, and run out of time on the
easier MCQs at the end. Skip every PBQ on the first pass. Flag
them. Return after answering all MCQs.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Reading every question word-by-word.&lt;/strong&gt; 90 questions in 90
minutes is 1 minute average. Reading 200-word questions twice
eats your buffer. Read once, decide, move on.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Second-guessing 10+ answers.&lt;/strong&gt; Statistically, your first answer
is right 75% of the time. Don't change answers unless you spot a
clear word you misread.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Skipping the timed practice exams.&lt;/strong&gt; Candidates who never time
themselves discover their pace problem on exam day. By then it's
too late.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;A practical pre-exam check: take a 90-question practice exam under&lt;br&gt;
real conditions in week 9 (no breaks, no notes, no internet). If you&lt;br&gt;
score 750+ in 75 minutes or less, book the real exam within 7 days.&lt;br&gt;
If you score 700 to 749, study weak areas one more week. If you score&lt;br&gt;
below 700, postpone by 2 to 3 weeks. The voucher fee is too high to&lt;br&gt;
gamble with.&lt;/p&gt;

&lt;h2&gt;
  
  
  What's next after Security+?
&lt;/h2&gt;

&lt;p&gt;Once Security+ is in hand, three paths open up depending on what you&lt;br&gt;
want from your career:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Analyst track&lt;/strong&gt;: CySA+ (CompTIA Cybersecurity Analyst). The
natural follow-on. Focuses on SIEM operations, threat hunting, and
vulnerability management. Most analysts do this within 6 to 12
months of Security+.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Offensive security track&lt;/strong&gt;: Pentest+ (CompTIA Pentest+) or
OSCP. Pentest+ stays in the CompTIA ecosystem; OSCP is the gold
standard but takes 6 to 9 months of study.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Cloud security track&lt;/strong&gt;: AWS Certified Security Specialty or
Azure AZ-500 (Security Engineer). Pairs well with Security+ for
cloud-focused security analyst roles.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Most people take 6 to 12 months between Security+ and their next&lt;br&gt;
cert. Use that time to ship real production security work in a SOC,&lt;br&gt;
GRC, or pentest role. The cert pays off when hiring managers see it&lt;br&gt;
alongside actual experience, not when it's the only line on your&lt;br&gt;
resume.&lt;/p&gt;

&lt;p&gt;Ready to start? &lt;a href="https://nerdexam.com/catalog/sy0-701" rel="noopener noreferrer"&gt;Practice with 1,056 real Security+ SY0-701 questions&lt;br&gt;
on NerdExam&lt;/a&gt; or browse the&lt;br&gt;
&lt;a href="https://nerdexam.com/exams/sy0-701/questions/1" rel="noopener noreferrer"&gt;free per-question explanations&lt;/a&gt;.&lt;br&gt;
CompTIA's free exam objectives PDF is also worth downloading first if&lt;br&gt;
you haven't: &lt;a href="https://www.comptia.org/certifications/security" rel="noopener noreferrer"&gt;CompTIA Security+ exam objectives&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;Adjacent reading: &lt;a href="https://nerdexam.com/blog/comptia-security-plus-exam-voucher" rel="noopener noreferrer"&gt;Where to actually buy a Security+ voucher and&lt;br&gt;
which discounts work&lt;/a&gt;,&lt;br&gt;
&lt;a href="https://nerdexam.com/glossary/mfa" rel="noopener noreferrer"&gt;What is MFA&lt;/a&gt;, &lt;a href="https://nerdexam.com/glossary/zero-trust" rel="noopener noreferrer"&gt;What is Zero Trust&lt;/a&gt;,&lt;br&gt;
&lt;a href="https://nerdexam.com/glossary/cve" rel="noopener noreferrer"&gt;What is a CVE&lt;/a&gt;, and&lt;br&gt;
&lt;a href="https://nerdexam.com/blog/7-most-common-reasons-people-fail-it-certification-exams" rel="noopener noreferrer"&gt;7 most common reasons people fail IT certification exams&lt;/a&gt;.&lt;/p&gt;

</description>
      <category>security</category>
      <category>comptia</category>
      <category>certification</category>
      <category>learning</category>
    </item>
    <item>
      <title>CompTIA Security+ Exam Voucher: Cost, Discounts, and Where to Buy</title>
      <dc:creator>NERDEXAM</dc:creator>
      <pubDate>Sun, 07 Jun 2026 14:02:01 +0000</pubDate>
      <link>https://dev.to/nerdexam/comptia-security-exam-voucher-cost-discounts-and-where-to-buy-3bjn</link>
      <guid>https://dev.to/nerdexam/comptia-security-exam-voucher-cost-discounts-and-where-to-buy-3bjn</guid>
      <description>&lt;p&gt;The CompTIA Security+ SY0-701 exam voucher costs $404 USD direct from&lt;br&gt;
CompTIA. That's the sticker price. Almost nobody pays it. Bundled&lt;br&gt;
vouchers from Total Seminars, ITPro.TV, and Get Certified Get Ahead&lt;br&gt;
drop the effective cost to $280 to $300 when bought with study material.&lt;br&gt;
Student discounts shave another 10%. Military gets the voucher free&lt;br&gt;
through the COOL program. Cash-paying retail buyers are the only people&lt;br&gt;
paying $404, and there's no good reason to be one.&lt;/p&gt;

&lt;h2&gt;
  
  
  The 90-second answer
&lt;/h2&gt;

&lt;p&gt;&lt;strong&gt;Buy the voucher direct from CompTIA&lt;/strong&gt; if your employer is paying or&lt;br&gt;
you need a fast turnaround. The full $404 fee gets you the voucher&lt;br&gt;
within minutes via email and the longest validity window (12 months).&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Buy a voucher bundle from Total Seminars or Get Certified Get Ahead&lt;/strong&gt;&lt;br&gt;
if you're self-funding. The bundle includes study material plus a&lt;br&gt;
voucher for $280 to $300 total. The voucher is identical to the one&lt;br&gt;
you'd buy from CompTIA. You get a discount because CompTIA wholesales&lt;br&gt;
vouchers to publishers and they pass on part of the margin.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Skip eBay vouchers, Reddit DMs, and "I have an extra voucher" offers&lt;br&gt;
from strangers.&lt;/strong&gt; Most of them are stolen, refunded, or already&lt;br&gt;
redeemed. Pearson VUE has flagged accounts and revoked seats for buyers&lt;br&gt;
who used compromised vouchers, and CompTIA doesn't refund when that&lt;br&gt;
happens.&lt;/p&gt;

&lt;h2&gt;
  
  
  How much does the Security+ exam actually cost?
&lt;/h2&gt;

&lt;p&gt;The Security+ SY0-701 exam costs $404 USD purchased directly from&lt;br&gt;
CompTIA's online store. The price increased from $370 in 2023. Outside&lt;br&gt;
the US, the price varies by region but typically stays within $390 to&lt;br&gt;
$420 USD-equivalent. Pearson VUE adds local tax at checkout for&lt;br&gt;
testing-center delivery.&lt;/p&gt;

&lt;p&gt;The full cost breakdown for a typical self-funded candidate:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Component&lt;/th&gt;
&lt;th&gt;Range&lt;/th&gt;
&lt;th&gt;Notes&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Exam voucher (direct CompTIA)&lt;/td&gt;
&lt;td&gt;$404&lt;/td&gt;
&lt;td&gt;One attempt. Voucher valid 12 months.&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Voucher (bundled with study material)&lt;/td&gt;
&lt;td&gt;$280 to $310&lt;/td&gt;
&lt;td&gt;Same voucher, packaged with a course or book&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;CompTIA CertMaster Practice&lt;/td&gt;
&lt;td&gt;$159&lt;/td&gt;
&lt;td&gt;Optional. Adaptive practice from CompTIA.&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Professor Messer course&lt;/td&gt;
&lt;td&gt;$0&lt;/td&gt;
&lt;td&gt;Free YouTube series. The default starter for most candidates.&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Mike Chapple book (Sybex)&lt;/td&gt;
&lt;td&gt;$40&lt;/td&gt;
&lt;td&gt;Solid printed reference. Skip if you do CertMaster.&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Practice exam access (NerdExam)&lt;/td&gt;
&lt;td&gt;$0&lt;/td&gt;
&lt;td&gt;
&lt;a href="https://nerdexam.com/exams/sy0-701/questions" rel="noopener noreferrer"&gt;1,056 SY0-701 questions&lt;/a&gt; with explanations.&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Retake voucher&lt;/td&gt;
&lt;td&gt;$0 to $404&lt;/td&gt;
&lt;td&gt;Free if you bought a CompTIA bundle. Otherwise full price.&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Realistic self-funded total&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;$280 to $500&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Cheapest viable path: voucher bundle plus free resources.&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;The cheapest path that actually works is: Total Seminars voucher bundle&lt;br&gt;
at $280, Professor Messer YouTube videos for instruction, and free&lt;br&gt;
NerdExam practice questions. That stack passes the exam if you put in&lt;br&gt;
8 to 10 weeks. Adding $200 of paid material on top of that doesn't&lt;br&gt;
move the pass rate much.&lt;/p&gt;

&lt;h2&gt;
  
  
  What's the cheapest way to get a Security+ voucher?
&lt;/h2&gt;

&lt;p&gt;The cheapest legitimate Security+ voucher is the Total Seminars&lt;br&gt;
voucher bundle at approximately $280, sold via the CompTIA-affiliated&lt;br&gt;
training partner channel. It includes the voucher plus a short course.&lt;br&gt;
The voucher itself is identical to the direct-from-CompTIA voucher.&lt;/p&gt;

&lt;p&gt;The realistic ranking of voucher sources from cheapest to most&lt;br&gt;
expensive:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Get Certified Get Ahead bundle&lt;/strong&gt;: ~$280 with their study guide&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Total Seminars bundle&lt;/strong&gt;: ~$295 with their Udemy course&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;CompTIA Marketplace academic bundle&lt;/strong&gt;: ~$315 with CertMaster Learn&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;CompTIA Marketplace standard bundle&lt;/strong&gt;: ~$350 with CertMaster Practice&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Direct from CompTIA&lt;/strong&gt;: $404&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;eBay / Reddit "spare voucher" sellers&lt;/strong&gt;: varies, often $200 to $250
but high risk of fraud (see the section below)&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Be aware that "bundle" pricing changes whenever CompTIA runs a&lt;br&gt;
promotion. Check the bundle price the day you buy. If the bundle costs&lt;br&gt;
more than direct purchase, just buy direct.&lt;/p&gt;

&lt;h2&gt;
  
  
  Are CompTIA Marketplace bundles worth it?
&lt;/h2&gt;

&lt;p&gt;The CompTIA Marketplace bundles are worth it only if you actually use&lt;br&gt;
the CertMaster product. CertMaster Learn and CertMaster Practice are&lt;br&gt;
solid tools but they retail for $159 to $359. The bundle pricing&lt;br&gt;
effectively gives you both the voucher and the tool for less than the&lt;br&gt;
voucher alone at retail.&lt;/p&gt;

&lt;p&gt;The catch is most candidates don't finish CertMaster. The product is&lt;br&gt;
designed for slow, methodical learning. If you prefer Professor&lt;br&gt;
Messer's faster video pace or a printed book, you'll buy the bundle,&lt;br&gt;
log into CertMaster twice, and never use it again. The math breaks the&lt;br&gt;
moment you stop touching the tool.&lt;/p&gt;

&lt;p&gt;The bundles worth buying:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;CertMaster Practice + voucher&lt;/strong&gt; at $350: skip if you already have
another adaptive practice tool or 800+ practice questions elsewhere&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;CertMaster Labs + voucher&lt;/strong&gt; at $400: worth it for hands-on
candidates who learn by doing, not reading&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;CertMaster Learn + voucher&lt;/strong&gt; at $440: roughly equivalent to a
Udemy course plus the voucher; skip if you already have a video course&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The third-party bundle from Total Seminars at $295 beats every CompTIA&lt;br&gt;
Marketplace option on pure cost if you don't care about CertMaster.&lt;/p&gt;

&lt;h2&gt;
  
  
  Can my employer pay for Security+?
&lt;/h2&gt;

&lt;p&gt;Most US employers in IT, defense, and federal contracting will pay for&lt;br&gt;
Security+ because it appears on DoD 8570 and DoD 8140 baseline lists&lt;br&gt;
for over 40 cybersecurity job roles. If your role is government-adjacent&lt;br&gt;
or you handle CUI (Controlled Unclassified Information), the employer&lt;br&gt;
typically has a budget line item for it.&lt;/p&gt;

&lt;p&gt;What to ask for, in this order:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Voucher reimbursement&lt;/strong&gt; if you've already passed and paid out of
pocket. Most companies reimburse after a passing score is verified.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Pre-paid voucher&lt;/strong&gt; through the company's training partner account.
Many companies have CompTIA accounts with discounted bulk vouchers.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Combined tuition + voucher reimbursement&lt;/strong&gt; if you also took a
course (most tuition assistance policies cap at $5,250 annually,
tax-free under IRS §127).&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Bring the official cost ($404), the bundle alternative ($280-$310),&lt;br&gt;
and a short note on why the cert matters for your specific role. The&lt;br&gt;
DoD 8570 mapping is the strongest argument if you work in a federal&lt;br&gt;
contracting role.&lt;/p&gt;

&lt;p&gt;If you're self-funded and US-based, the exam fee is potentially&lt;br&gt;
tax-deductible as a job-related expense under IRS §162 if it maintains&lt;br&gt;
or improves skills required in your current job. Talk to your tax&lt;br&gt;
preparer; "improving career prospects" is not deductible but&lt;br&gt;
"maintaining existing job skills" is.&lt;/p&gt;

&lt;h2&gt;
  
  
  Do military and student discounts apply?
&lt;/h2&gt;

&lt;p&gt;Active-duty US military can get the Security+ voucher free through the&lt;br&gt;
Air Force COOL, Navy COOL, Army COOL, or DANTES programs. Veterans can&lt;br&gt;
use GI Bill benefits to cover the voucher cost at approved test&lt;br&gt;
delivery centers. Spouses of active-duty members qualify under MyCAA&lt;br&gt;
if pursuing IT careers.&lt;/p&gt;

&lt;p&gt;Verified students get a 10% discount through the CompTIA Marketplace&lt;br&gt;
academic store, applied to the bundle price. The discount stacks with&lt;br&gt;
some seasonal promotions but not with employer-paid voucher accounts.&lt;br&gt;
Verification happens through SheerID and requires a .edu email or a&lt;br&gt;
matched institution document.&lt;/p&gt;

&lt;p&gt;The discounts that DO NOT exist, despite many forum threads claiming&lt;br&gt;
otherwise:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;"First-time taker" discount (doesn't exist)&lt;/li&gt;
&lt;li&gt;"Tech industry employee" generic discount (doesn't exist)&lt;/li&gt;
&lt;li&gt;"Career changer" discount (doesn't exist)&lt;/li&gt;
&lt;li&gt;25% off codes from random YouTubers (the channel link is usually
just an affiliate URL with no real discount on top of the bundle)&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Don't waste time hunting for a code that beats the Total Seminars&lt;br&gt;
bundle. The bundle floor is roughly $280, and the only path lower than&lt;br&gt;
that is military-free or stolen.&lt;/p&gt;

&lt;h2&gt;
  
  
  What's the catch with cheap eBay or Reddit vouchers?
&lt;/h2&gt;

&lt;p&gt;Cheap eBay and Reddit Security+ vouchers usually fall into one of three&lt;br&gt;
categories: stolen, already redeemed, or sold by someone planning to&lt;br&gt;
charge back the original purchase. All three end with Pearson VUE&lt;br&gt;
canceling your exam appointment, often hours before the test, with no&lt;br&gt;
recourse to recover your money.&lt;/p&gt;

&lt;p&gt;The fraud pattern most candidates fall into:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Find a voucher on Reddit or eBay for $200&lt;/li&gt;
&lt;li&gt;Pay via PayPal Friends and Family (no buyer protection)&lt;/li&gt;
&lt;li&gt;Receive a voucher code that works at registration&lt;/li&gt;
&lt;li&gt;Book an exam appointment 1 to 2 weeks out&lt;/li&gt;
&lt;li&gt;Voucher gets revoked when the original buyer charges back&lt;/li&gt;
&lt;li&gt;Show up to the test center, learn the seat is gone&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;CompTIA doesn't replace canceled exam seats for fraud cases. You lose&lt;br&gt;
both the $200 you paid the scammer and the test date you scheduled.&lt;br&gt;
Most people then buy a real voucher at full price and start over.&lt;/p&gt;

&lt;p&gt;The only safe third-party vouchers are bundles from named training&lt;br&gt;
partners with CompTIA Authorized Partner status. If the seller isn't a&lt;br&gt;
listed partner on CompTIA's site, treat the voucher as fraudulent.&lt;/p&gt;

&lt;h2&gt;
  
  
  How long does a Security+ voucher stay valid?
&lt;/h2&gt;

&lt;p&gt;A CompTIA Security+ voucher purchased direct or through an Authorized&lt;br&gt;
Partner stays valid for 12 months from the date of purchase. You must&lt;br&gt;
schedule and complete the exam within that window or the voucher&lt;br&gt;
expires with no refund and no extension.&lt;/p&gt;

&lt;p&gt;Bundled vouchers sometimes have shorter validity (90 or 180 days)&lt;br&gt;
depending on the partner's contract with CompTIA. Read the partner&lt;br&gt;
terms before buying. Total Seminars and Get Certified Get Ahead&lt;br&gt;
typically include 12-month validity; some smaller partners use 6-month&lt;br&gt;
validity to pressure faster turnaround.&lt;/p&gt;

&lt;p&gt;If you bought a voucher and realize you won't make the deadline:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;CompTIA does not extend or refund expired vouchers&lt;/li&gt;
&lt;li&gt;You can occasionally transfer a voucher to another person before
expiration (one transfer maximum, no fee, requires written request)&lt;/li&gt;
&lt;li&gt;Pearson VUE will let you reschedule a booked exam up to 24 hours
before the appointment without penalty&lt;/li&gt;
&lt;li&gt;After the 24-hour mark, rescheduling costs $25 to $50 depending on
region&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The cleanest move if your deadline is slipping: schedule an exam date&lt;br&gt;
inside the validity window even if you're not ready, then reschedule&lt;br&gt;
later. The booked appointment locks in the voucher consumption record.&lt;/p&gt;

&lt;h2&gt;
  
  
  What about the retake voucher?
&lt;/h2&gt;

&lt;p&gt;CompTIA does not sell a discounted retake voucher. If you fail&lt;br&gt;
Security+, the second attempt costs the same $404 (or the bundle price&lt;br&gt;
again). The only way to get a discounted retake is to buy a bundle&lt;br&gt;
that includes one upfront, like the CompTIA Marketplace&lt;br&gt;
"Voucher + Retake" package at approximately $479.&lt;/p&gt;

&lt;p&gt;CompTIA's retake policy:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;24-hour wait between attempts 1 and 2&lt;/li&gt;
&lt;li&gt;14-day wait between attempts 2 and 3&lt;/li&gt;
&lt;li&gt;14-day wait between attempts 3 and 4 and beyond&lt;/li&gt;
&lt;li&gt;No limit on total attempts&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Most candidates don't need a retake voucher in advance. The Security+&lt;br&gt;
pass rate for prepared candidates (who scored 75% or higher on&lt;br&gt;
practice exams in the final week) is around 85%. If you're under that&lt;br&gt;
benchmark, postpone the exam rather than buying retake insurance.&lt;/p&gt;

&lt;p&gt;A practical pre-exam test: take a full timed practice exam under real&lt;br&gt;
conditions (90 questions, 90 minutes, no breaks). If you score 750 or&lt;br&gt;
higher, book the real exam within 7 days. If you score 700 to 749,&lt;br&gt;
study one more week. If you score below 700, postpone by 2 to 3 weeks.&lt;/p&gt;

&lt;p&gt;The candidates who actually use the retake voucher are the ones who&lt;br&gt;
booked the real exam without doing a timed practice run. The retake&lt;br&gt;
insurance ends up being a vote of low confidence rather than a smart&lt;br&gt;
hedge.&lt;/p&gt;

&lt;h2&gt;
  
  
  Where do you actually buy a Security+ voucher?
&lt;/h2&gt;

&lt;p&gt;The right buying decision depends on three things: who's paying, how&lt;br&gt;
fast you need it, and whether you want bundled study material.&lt;/p&gt;

&lt;p&gt;Use this decision matrix:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Your situation&lt;/th&gt;
&lt;th&gt;Where to buy&lt;/th&gt;
&lt;th&gt;Effective cost&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Employer-funded, need it today&lt;/td&gt;
&lt;td&gt;Direct from CompTIA Marketplace&lt;/td&gt;
&lt;td&gt;$404&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Self-funded, need study material too&lt;/td&gt;
&lt;td&gt;Total Seminars or Get Certified Get Ahead bundle&lt;/td&gt;
&lt;td&gt;$280 to $310&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Self-funded, already have a course&lt;/td&gt;
&lt;td&gt;Total Seminars voucher-only bundle&lt;/td&gt;
&lt;td&gt;~$280&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Active-duty US military&lt;/td&gt;
&lt;td&gt;COOL program (free)&lt;/td&gt;
&lt;td&gt;$0&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Verified student&lt;/td&gt;
&lt;td&gt;CompTIA Marketplace academic bundle&lt;/td&gt;
&lt;td&gt;$315 (with 10% off)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Veteran with GI Bill benefits&lt;/td&gt;
&lt;td&gt;VA-approved testing center&lt;/td&gt;
&lt;td&gt;$0 (after benefits)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;First-time CompTIA candidate, wants safety net&lt;/td&gt;
&lt;td&gt;CompTIA Marketplace voucher + retake bundle&lt;/td&gt;
&lt;td&gt;~$479&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;The cheapest legitimate voucher is the Total Seminars bundle at $280&lt;br&gt;
to $295. Add free Professor Messer videos, free NerdExam practice&lt;br&gt;
questions, and you have a complete study stack under $300.&lt;/p&gt;

&lt;p&gt;Ready to start? &lt;a href="https://nerdexam.com/exams/sy0-701/questions/1" rel="noopener noreferrer"&gt;Browse NerdExam's free Security+ SY0-701 practice&lt;br&gt;
questions&lt;/a&gt; to see the question style before&lt;br&gt;
you commit to a voucher. The 1,056 enriched questions cover all five&lt;br&gt;
SY0-701 domains, and the explanations show the reasoning pattern the&lt;br&gt;
exam expects. Practicing 200 to 300 questions before you buy the&lt;br&gt;
voucher means you'll know whether you're 4 weeks or 12 weeks from&lt;br&gt;
ready.&lt;/p&gt;

&lt;p&gt;Adjacent reading: the&lt;br&gt;
&lt;a href="https://nerdexam.com/study-guide/sy0-701" rel="noopener noreferrer"&gt;CompTIA Security+ SY0-701 study guide&lt;/a&gt;,&lt;br&gt;
&lt;a href="https://nerdexam.com/glossary/mfa" rel="noopener noreferrer"&gt;What is MFA and why does the Security+ exam ask&lt;br&gt;
about it constantly&lt;/a&gt;,&lt;br&gt;
&lt;a href="https://nerdexam.com/glossary/zero-trust" rel="noopener noreferrer"&gt;What is Zero Trust&lt;/a&gt;, and&lt;br&gt;
&lt;a href="https://nerdexam.com/blog/7-most-common-reasons-people-fail-it-certification-exams" rel="noopener noreferrer"&gt;7 most common reasons people fail IT certification exams&lt;/a&gt;.&lt;/p&gt;

</description>
      <category>security</category>
      <category>comptia</category>
      <category>certification</category>
      <category>learning</category>
    </item>
    <item>
      <title>CompTIA Security+ Exam Objectives (SY0-701): Domain-by-Domain Breakdown</title>
      <dc:creator>NERDEXAM</dc:creator>
      <pubDate>Sat, 06 Jun 2026 14:01:33 +0000</pubDate>
      <link>https://dev.to/nerdexam/comptia-security-exam-objectives-sy0-701-domain-by-domain-breakdown-2h7k</link>
      <guid>https://dev.to/nerdexam/comptia-security-exam-objectives-sy0-701-domain-by-domain-breakdown-2h7k</guid>
      <description>&lt;p&gt;The CompTIA Security+ SY0-701 exam tests five domains across 90&lt;br&gt;
questions in 90 minutes. CompTIA updated the domain weights when they&lt;br&gt;
retired SY0-601 in mid-2024. Two domains, Security Operations (28%)&lt;br&gt;
and Threats/Vulnerabilities/Mitigations (22%), carry exactly half the&lt;br&gt;
exam weight. The other three domains share the rest. If you study&lt;br&gt;
the official objectives PDF without understanding the weights, you'll&lt;br&gt;
waste 30 to 40 hours on the lower-weight domains and run out of time&lt;br&gt;
on the high-impact ones.&lt;/p&gt;

&lt;h2&gt;
  
  
  The 90-second answer
&lt;/h2&gt;

&lt;p&gt;&lt;strong&gt;Study the high-weight domains first.&lt;/strong&gt; Security Operations (28%)&lt;br&gt;
and Threats/Vulnerabilities/Mitigations (22%) together account for&lt;br&gt;
50% of the exam. If you can answer 90% of questions in these two&lt;br&gt;
domains, you're already at 45 points out of a passing 750. Combined&lt;br&gt;
with average performance elsewhere, that's the path to a pass.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;The traps:&lt;/strong&gt; General Security Concepts (12%) feels easy because it&lt;br&gt;
covers vocabulary, so candidates skip it during review. Then 5 to 7&lt;br&gt;
questions tripped on technical definitions of things like&lt;br&gt;
"compensating control" or "deterrent vs preventive" cost the exam.&lt;br&gt;
Security Program Management (20%) feels boring (policies, governance,&lt;br&gt;
audit) so candidates skim it. Both are deceptively trap-heavy.&lt;/p&gt;

&lt;p&gt;The good news: every SY0-701 question maps to one of these five&lt;br&gt;
domains, and the official objectives PDF lists every sub-objective.&lt;br&gt;
There are no surprises if you actually read it.&lt;/p&gt;

&lt;h2&gt;
  
  
  What does Domain 1 (General Security Concepts) cover?
&lt;/h2&gt;

&lt;p&gt;Domain 1 covers the foundational vocabulary every security question&lt;br&gt;
relies on, weighted at 12%. Roughly 11 questions on a 90-question&lt;br&gt;
exam. The CIA triad, AAA (authentication, authorization, accounting),&lt;br&gt;
non-repudiation, security controls classifications, change management,&lt;br&gt;
zero trust principles, and basic cryptography fall here.&lt;/p&gt;

&lt;p&gt;Specific objectives you'll see on the exam:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Topic&lt;/th&gt;
&lt;th&gt;What's tested&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;CIA triad&lt;/td&gt;
&lt;td&gt;Distinguishing confidentiality, integrity, availability concerns in scenario questions&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Security control types&lt;/td&gt;
&lt;td&gt;Technical vs administrative vs physical; preventive vs detective vs corrective vs compensating vs deterrent&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Change management&lt;/td&gt;
&lt;td&gt;The PMBOK-style process of impact assessment, approval, testing, documentation&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Cryptographic solutions&lt;/td&gt;
&lt;td&gt;PKI, symmetric vs asymmetric, hashing (SHA-256, SHA-3), digital signatures, certificates&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Zero trust principles&lt;/td&gt;
&lt;td&gt;Adaptive identity, threat scope reduction, policy-driven access, control plane vs data plane&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;This domain is mostly vocabulary memorization. The fastest study&lt;br&gt;
approach is reading Professor Messer's 1.1 through 1.4 videos at 1.5x&lt;br&gt;
speed, then making a one-page summary in your own words. Most&lt;br&gt;
candidates rate this the easiest domain after taking it.&lt;/p&gt;

&lt;h2&gt;
  
  
  What does Domain 2 (Threats, Vulnerabilities, and Mitigations) cover?
&lt;/h2&gt;

&lt;p&gt;Domain 2 weighs 22% and covers everything attackers do plus how&lt;br&gt;
defenders respond. Roughly 20 questions per exam. Threat actors,&lt;br&gt;
attack surfaces, malware classifications, social engineering, network&lt;br&gt;
attacks, application attacks, vulnerability classifications, indicators&lt;br&gt;
of compromise, and mitigation techniques all fall here.&lt;/p&gt;

&lt;p&gt;The sub-objectives that show up most often:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Threat actor motivations and capabilities&lt;/strong&gt;: nation-state vs
organized crime vs hacktivist vs insider; you need to map a scenario
description to the right threat actor type&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Attack vectors and attack surfaces&lt;/strong&gt;: differentiating attack
vectors (how) from attack surfaces (where)&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Malware classifications&lt;/strong&gt;: virus vs worm vs trojan vs ransomware vs
rootkit vs spyware vs keylogger vs logic bomb. Several questions
per exam.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Social engineering&lt;/strong&gt;: phishing variants (spear, whaling, vishing,
smishing), pretexting, watering hole attacks, business email compromise&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Network attacks&lt;/strong&gt;: DDoS variants (volumetric, protocol, application
layer), MITM, DNS attacks, wireless attacks, replay attacks&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Application attacks&lt;/strong&gt;: SQL injection, XSS (stored vs reflected vs
DOM-based), CSRF, directory traversal, buffer overflow, race
conditions, malicious code injection&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Indicators of compromise (IoC)&lt;/strong&gt;: account lockouts, concurrent
session usage, blocked content, impossible travel, resource
consumption, OOM errors, missing logs&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Mitigation techniques&lt;/strong&gt;: segmentation, access control, monitoring,
least privilege, defense in depth, hardening&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Most candidates lose points here on the indicator-of-compromise&lt;br&gt;
questions and the social engineering variants. The fix is doing 50 to&lt;br&gt;
80 practice questions in this domain specifically before exam day.&lt;/p&gt;

&lt;h2&gt;
  
  
  What does Domain 3 (Security Architecture) cover?
&lt;/h2&gt;

&lt;p&gt;Domain 3 weighs 18% and covers architectural design choices that&lt;br&gt;
shape security posture. Roughly 16 questions per exam. Network, infra,&lt;br&gt;
application, and cloud security architecture; resilience and recovery&lt;br&gt;
patterns; secure data classification all fall here.&lt;/p&gt;

&lt;p&gt;The sub-objectives that show up most:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Network security architecture&lt;/strong&gt;: firewall placement, DMZ design,
network segmentation, VLANs, micro-segmentation, screened subnets,
east-west vs north-south traffic&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Cloud security architecture&lt;/strong&gt;: shared responsibility model
(specifically AWS / Azure / GCP variations), serverless vs
containers, SaaS-specific concerns, IaC security, hybrid cloud&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Application security architecture&lt;/strong&gt;: secure coding practices,
input validation, output encoding, parameterized queries, secure
defaults, secure libraries&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Resilience and recovery&lt;/strong&gt;: high availability designs, fault
tolerance, redundancy, backup strategies (3-2-1 rule), RTO/RPO
calculations, hot/warm/cold sites&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Data classification and protection&lt;/strong&gt;: sensitive data
identification, encryption at rest, encryption in transit, DLP,
tokenization, data masking, secure data disposal&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This domain often surprises candidates because it overlaps with the&lt;br&gt;
CompTIA Cloud+ exam content. If you've done any cloud work,&lt;br&gt;
expect to score higher here than you expect. If you haven't, this is&lt;br&gt;
the domain where simulated labs help most.&lt;/p&gt;

&lt;h2&gt;
  
  
  What does Domain 4 (Security Operations) cover?
&lt;/h2&gt;

&lt;p&gt;Domain 4 weighs 28%, the highest of any domain. About 25 questions&lt;br&gt;
per exam. Hardening, asset management, vulnerability management,&lt;br&gt;
monitoring, incident response, digital forensics, and identity&lt;br&gt;
management all fall here.&lt;/p&gt;

&lt;p&gt;The sub-objectives that show up most:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Hardening techniques&lt;/strong&gt;: secure baselines, configuration
management, disabling unnecessary services, default credential
changes, patch management, endpoint hardening&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Vulnerability management&lt;/strong&gt;: scanning (authenticated vs
unauthenticated, internal vs external), CVSS scoring, prioritization
by risk, remediation strategies&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Monitoring and SIEM&lt;/strong&gt;: log aggregation, correlation rules, alert
tuning, dashboards, retention policies, common SIEM platforms
(Splunk, Sentinel, Elastic, QRadar)&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Incident response&lt;/strong&gt;: NIST 800-61 lifecycle (preparation, detection,
containment, eradication, recovery, lessons learned), playbooks,
chain of custody, tabletop exercises&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Digital forensics&lt;/strong&gt;: evidence preservation, chain of custody,
volatile vs non-volatile data, timeline analysis, hash verification,
legal holds&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Identity and access management&lt;/strong&gt;: SSO, MFA, federation, just-in-time
access, privileged access management, identity proofing, account
lifecycle&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Automation and orchestration&lt;/strong&gt;: SOAR platforms, scripted responses,
ticket integration, API-driven workflows&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This domain has the most performance-based questions (PBQs). Expect&lt;br&gt;
2 to 3 PBQs that drop you into a simulated SIEM dashboard or ask you&lt;br&gt;
to drag IR phases into the right order. The home-lab investment from&lt;br&gt;
the &lt;a href="https://nerdexam.com/blog/comptia-security-plus-study-guide-sy0-701" rel="noopener noreferrer"&gt;Security+ study guide&lt;/a&gt;&lt;br&gt;
pays off most here.&lt;/p&gt;

&lt;h2&gt;
  
  
  What does Domain 5 (Security Program Management) cover?
&lt;/h2&gt;

&lt;p&gt;Domain 5 weighs 20%, the second-largest after Operations. About 18&lt;br&gt;
questions per exam. Risk management, governance, audit, vendor risk&lt;br&gt;
management, security awareness, and compliance frameworks all fall&lt;br&gt;
here.&lt;/p&gt;

&lt;p&gt;The sub-objectives that show up most:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Risk management&lt;/strong&gt;: risk identification, assessment (qualitative
vs quantitative), treatment (accept, avoid, mitigate, transfer),
monitoring, risk appetite vs tolerance, risk register&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Governance&lt;/strong&gt;: policies, standards, procedures, guidelines,
centralized vs decentralized governance, governance structures&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Compliance frameworks&lt;/strong&gt;: NIST CSF v2.0, ISO 27001, PCI DSS, GDPR,
HIPAA, SOX, CCPA, regional data sovereignty rules&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Vendor risk management&lt;/strong&gt;: due diligence, contracts and SLAs,
third-party assessments, supply chain attacks, fourth-party risk&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Audit and assessment&lt;/strong&gt;: internal vs external audit, attestation
reports (SOC 1, SOC 2 Type I vs II, ISO certifications), gap
analysis, control testing&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Security awareness&lt;/strong&gt;: training programs, phishing simulations,
password policies, acceptable use policies, role-based training&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Privacy considerations&lt;/strong&gt;: data subject rights, consent
management, privacy impact assessments, breach notification timelines&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This domain trips technical candidates because it asks process&lt;br&gt;
questions, not technical ones. The framework-mapping questions (NIST&lt;br&gt;
CSF function to a specific control) are where most points get lost.&lt;br&gt;
Spend at least 8 hours on this domain even though it feels&lt;br&gt;
"boring" to technical readers.&lt;/p&gt;

&lt;h2&gt;
  
  
  How do the domain weights compare to SY0-601?
&lt;/h2&gt;

&lt;p&gt;CompTIA shifted weight toward Security Operations and Security Program&lt;br&gt;
Management when they updated to SY0-701 in mid-2024. The old SY0-601&lt;br&gt;
breakdown was:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Domain&lt;/th&gt;
&lt;th&gt;SY0-601 weight&lt;/th&gt;
&lt;th&gt;SY0-701 weight&lt;/th&gt;
&lt;th&gt;Change&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Attacks, Threats, Vulnerabilities&lt;/td&gt;
&lt;td&gt;24%&lt;/td&gt;
&lt;td&gt;22%&lt;/td&gt;
&lt;td&gt;-2% (now "Threats, Vulnerabilities, Mitigations")&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Architecture and Design&lt;/td&gt;
&lt;td&gt;21%&lt;/td&gt;
&lt;td&gt;18%&lt;/td&gt;
&lt;td&gt;-3% (now "Security Architecture")&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Implementation&lt;/td&gt;
&lt;td&gt;25%&lt;/td&gt;
&lt;td&gt;merged into Architecture + Operations&lt;/td&gt;
&lt;td&gt;removed as standalone&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Operations and Incident Response&lt;/td&gt;
&lt;td&gt;16%&lt;/td&gt;
&lt;td&gt;28%&lt;/td&gt;
&lt;td&gt;
&lt;strong&gt;+12%&lt;/strong&gt; (now "Security Operations")&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Governance, Risk, Compliance&lt;/td&gt;
&lt;td&gt;14%&lt;/td&gt;
&lt;td&gt;20%&lt;/td&gt;
&lt;td&gt;+6% (now "Security Program Management")&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;The big shift is Security Operations going from 16% to 28%. If you're&lt;br&gt;
using older study material that pre-dates SY0-701, you'll under-prepare&lt;br&gt;
on the most important domain. Verify your course version covers&lt;br&gt;
SY0-701 explicitly before you spend study time on it.&lt;/p&gt;

&lt;h2&gt;
  
  
  How do I use the domain weights to plan study time?
&lt;/h2&gt;

&lt;p&gt;Allocate study hours proportional to domain weights, with a 1.2x&lt;br&gt;
multiplier for domains where you have weaker hands-on experience. A&lt;br&gt;
realistic 80-hour study budget breaks down like this:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Domain&lt;/th&gt;
&lt;th&gt;Weight&lt;/th&gt;
&lt;th&gt;Base hours&lt;/th&gt;
&lt;th&gt;Adjusted hours (for typical IT admin)&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Security Operations&lt;/td&gt;
&lt;td&gt;28%&lt;/td&gt;
&lt;td&gt;22&lt;/td&gt;
&lt;td&gt;24-28 (most candidates need extra lab time)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Threats, Vulnerabilities, Mitigations&lt;/td&gt;
&lt;td&gt;22%&lt;/td&gt;
&lt;td&gt;18&lt;/td&gt;
&lt;td&gt;18-20&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Security Program Management&lt;/td&gt;
&lt;td&gt;20%&lt;/td&gt;
&lt;td&gt;16&lt;/td&gt;
&lt;td&gt;18-20 (process-heavy, often skipped)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Security Architecture&lt;/td&gt;
&lt;td&gt;18%&lt;/td&gt;
&lt;td&gt;14&lt;/td&gt;
&lt;td&gt;14-16&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;General Security Concepts&lt;/td&gt;
&lt;td&gt;12%&lt;/td&gt;
&lt;td&gt;10&lt;/td&gt;
&lt;td&gt;8-10 (vocabulary, fast to learn)&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;If you're a process-oriented person (project manager, GRC analyst),&lt;br&gt;
flip the multiplier: spend MORE time on Architecture and Operations,&lt;br&gt;
less on Program Management.&lt;/p&gt;

&lt;p&gt;The candidates who pass on the first try track their per-domain&lt;br&gt;
practice-question accuracy weekly. Practice tools like NerdExam break&lt;br&gt;
their question banks by domain, so you can see where you're at 85%&lt;br&gt;
and where you're at 60%, then allocate the next week's study time&lt;br&gt;
accordingly.&lt;/p&gt;

&lt;p&gt;For practice questions filtered by domain, NerdExam has 1,056&lt;br&gt;
enriched SY0-701 questions with full explanations.&lt;br&gt;
&lt;a href="https://nerdexam.com/exams/sy0-701/questions/1" rel="noopener noreferrer"&gt;Start practicing Security+ questions&lt;/a&gt; to&lt;br&gt;
see the question style before you commit to a study plan.&lt;/p&gt;

&lt;h2&gt;
  
  
  What's NOT on the SY0-701 exam?
&lt;/h2&gt;

&lt;p&gt;CompTIA explicitly excludes several topics that show up in study&lt;br&gt;
forums but never appear on the real exam:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Specific vendor product configuration (no exam questions on
"configure Cisco ASA firewall syntax")&lt;/li&gt;
&lt;li&gt;Programming syntax (you might see PowerShell or Bash pseudo-code in
a PBQ but never write code)&lt;/li&gt;
&lt;li&gt;Deep cryptography math (you need to know SHA-256 exists, not
implement it)&lt;/li&gt;
&lt;li&gt;Specific CVE numbers (you need to know what CVSS is, not memorize
CVE-2024-1234)&lt;/li&gt;
&lt;li&gt;Detailed legal case law (you need to know HIPAA exists and its
general scope, not memorize which exception applies in subsection
164.512)&lt;/li&gt;
&lt;li&gt;Specific tool keyboard shortcuts or menu paths&lt;/li&gt;
&lt;li&gt;Vendor-specific cloud service names (you need "object storage",
not "S3 vs Azure Blob vs GCS")&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;If a YouTube prep video spends 20 minutes on any of these, switch&lt;br&gt;
videos. The exam doesn't reward that level of detail.&lt;/p&gt;

&lt;p&gt;Ready to start? &lt;a href="https://nerdexam.com/catalog/sy0-701" rel="noopener noreferrer"&gt;Practice with 1,056 real Security+ SY0-701 questions&lt;br&gt;
on NerdExam&lt;/a&gt; or browse the&lt;br&gt;
&lt;a href="https://nerdexam.com/exams/sy0-701/questions/1" rel="noopener noreferrer"&gt;free per-question explanations&lt;/a&gt;.&lt;br&gt;
CompTIA's free exam objectives PDF is also worth downloading first if&lt;br&gt;
you haven't: &lt;a href="https://www.comptia.org/certifications/security" rel="noopener noreferrer"&gt;CompTIA Security+ exam objectives&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;Adjacent reading: &lt;a href="https://nerdexam.com/blog/comptia-security-plus-study-guide-sy0-701" rel="noopener noreferrer"&gt;CompTIA Security+ Study Guide: 10-Week Plan&lt;/a&gt;,&lt;br&gt;
&lt;a href="https://nerdexam.com/blog/comptia-security-plus-exam-voucher" rel="noopener noreferrer"&gt;Where to actually buy a Security+ voucher&lt;/a&gt;,&lt;br&gt;
&lt;a href="https://nerdexam.com/glossary/mfa" rel="noopener noreferrer"&gt;What is MFA&lt;/a&gt;, &lt;a href="https://nerdexam.com/glossary/cve" rel="noopener noreferrer"&gt;What is a CVE&lt;/a&gt;,&lt;br&gt;
&lt;a href="https://nerdexam.com/glossary/zero-trust" rel="noopener noreferrer"&gt;What is Zero Trust&lt;/a&gt;.&lt;/p&gt;

</description>
      <category>security</category>
      <category>comptia</category>
      <category>certification</category>
      <category>learning</category>
    </item>
  </channel>
</rss>
