Passing the CompTIA Trifecta — A+, Network+, Security+
A practical, concept-first guide to earning the three foundational CompTIA certs — and the core IT knowledge each one is really testing.
CompTIA certifications are the classic on-ramp into IT: vendor-neutral, entry-friendly, and widely recognized by employers and government roles alike. The “trifecta” — A+, Network+, and Security+ — maps cleanly onto the first rungs of an IT career: fix the machine, connect the machines, then secure them.
This isn’t a brain-dump guide. The fastest way to pass these exams is to actually understand the concepts they test — so I’m going to walk through both the strategy and the foundational knowledge behind each cert.
The ladder, at a glance
All three exams are scored on a 100–900 scale, run up to 90 questions in 90 minutes, and mix multiple-choice with performance-based questions (PBQs) — interactive, hands-on simulations that appear first and carry heavy weight.
| Cert | Current exam(s) | Pass score | Focus |
|---|---|---|---|
| A+ | 220-1201 + 220-1202 (two exams) | 675 / 700 of 900 | Hardware, OS, troubleshooting |
| Network+ | N10-009 | 720 of 900 | Connectivity, protocols, topology |
| Security+ | SY0-701 | 750 of 900 | Threats, crypto, access control |
A+ is the only one requiring two exams (Core 1 and Core 2), and both must be passed to earn the certification. Note the rising bar: each step up the ladder demands a higher score, reflecting the higher stakes of the material.
A+ — the troubleshooting mindset
A+ is broad and shallow: a little of everything, from RAM and RAID to mobile OS settings. The trap is trying to memorize every connector and command. What examiners are really testing is whether you can reason through a problem methodically.
The single most important thing on A+ is CompTIA’s six-step troubleshooting methodology — it shows up directly and underpins countless scenario questions:
- Identify the problem (gather info, question the user, back up before making changes).
- Establish a theory of probable cause (question the obvious first).
- Test the theory to determine cause.
- Establish a plan of action and implement the solution.
- Verify full system functionality and implement preventive measures.
- Document findings, actions, and outcomes.
Memorize these six steps in order. If a question describes a tech jumping straight to a fix without identifying the problem or backing up data first, the “correct” answer is almost always the earlier step they skipped.
Beyond that: know the troubleshooting theory for hardware (POST beep codes, no-boot scenarios), operating systems (Windows tools like chkdsk, sfc, Task Manager), and the basics of safe practices (ESD straps, proper disposal). Breadth beats depth here.
Network+ — think in layers
Network+ is where IT stops being about one box and starts being about how boxes talk. The mental model that unlocks the whole exam is the OSI model — seven layers describing how data moves from an application down to the wire and back:
| Layer | Name | Example |
|---|---|---|
| 7 | Application | HTTP, DNS |
| 6 | Presentation | TLS, encoding |
| 5 | Session | session setup |
| 4 | Transport | TCP, UDP, ports |
| 3 | Network | IP, routing |
| 2 | Data Link | MAC, switches |
| 1 | Physical | cables, signals |
A common mnemonic for layers 1→7 is “Please Do Not Throw Sausage Pizza Away.” When you can place a device or protocol at its layer — a switch at Layer 2, a router at Layer 3, TLS at Layer 6 — most Network+ questions answer themselves.
Two more must-know areas:
- Ports and protocols. Drill the common ones cold:
22SSH,25SMTP,53DNS,80HTTP,443HTTPS,3389RDP,67/68DHCP. PBQs love asking you to open the right firewall port for a service. - Subnetting. Understand CIDR notation — a
/24is a255.255.255.0mask giving 256 addresses (254 usable hosts). Being able to carve a network into subnets and spot a valid host range is a guaranteed source of points.
Security+ — the CIA triad and everything under it
Security+ is the most career-defining of the three. It satisfies the U.S. DoD 8140/8570 baseline for many cybersecurity roles, which is why it’s so frequently required. It’s also the most conceptual — and it all hangs off one framework.
Every security control exists to protect the CIA triad:
- Confidentiality — keeping data secret (encryption, access controls).
- Integrity — ensuring data isn’t altered (hashing, digital signatures).
- Availability — keeping systems reachable (redundancy, backups, DDoS mitigation).
From there, the domains build outward. A few anchors worth internalizing:
- AAA — Authentication (who are you?), Authorization (what may you do?), Accounting (what did you do?).
- Symmetric vs. asymmetric crypto. Symmetric (e.g., AES) uses one shared key — fast, great for bulk data. Asymmetric (e.g., RSA) uses a public/private key pair — slower, but solves key exchange and enables digital signatures. Real systems use both: asymmetric to exchange a symmetric session key (exactly how TLS works).
- Defense in depth — layered controls, so no single failure is catastrophic.
Security+ leans heavily on scenario questions (“given this situation, which control is most appropriate?”), so rote definitions aren’t enough — you need to know why and when a control applies.
How to actually pass
Concepts get you most of the way; smart preparation closes the gap. What consistently works:
- Read the official exam objectives first. CompTIA publishes a free objectives PDF for every exam — it’s the literal blueprint. Every question maps to a bullet on that list. Use it as your checklist.
- Respect the PBQs. They come first and are worth the most. If one stalls you, flag it and move on — bank the quick multiple-choice points, then return. Don’t let a tricky simulation eat 20 minutes up front.
- Drill practice exams to ~90%. Quality practice tests (Jason Dion’s are a community favorite) train exam stamina and expose weak domains. Don’t sit the real thing until you’re consistently clearing 90% on fresh questions — not memorized ones.
- Use the free greats. Professor Messer’s video courses cover all three exams for free and are, frankly, enough to pass on their own. Pair with a book (Mike Meyers for A+/Network+) if you like depth.
- Get hands-on. Build a cheap home lab, spin up VMs, subnet on paper, sniff traffic with Wireshark. Concepts you’ve touched stick far better than ones you’ve only read.
A realistic cadence for a working beginner: A+ in 8–12 weeks, then Network+ and Security+ in 6–8 weeks each, since they build on the foundation A+ lays.
The payoff
Worried these feel basic? That’s the point. The trifecta isn’t meant to make you a specialist — it’s meant to prove you understand how computers, networks, and security fundamentals fit together. That fluency is exactly what every higher-level role assumes you already have. Earn it once, understand it deeply, and everything you learn afterward has somewhere solid to attach.
Further reading
- CompTIA A+ (Core 1 & 2, V15) — official objectives & exam details
- CompTIA Network+ (N10-009)
- CompTIA Security+ (SY0-701)
- Professor Messer — free, complete video courses for all three exams