The newest Security+ test seems to be a bit more even-handed than earlier versions. It seems like no new simulations or exhibits are present. And, perhaps, there are fewer of them. The breadth of topics is wider. Much more on authentication systems, some in sparse use, like Shiboleth.?! The topics are changed around from one chapter to another.
Expect 80+ items, with probably 2-4 simulations, likely just 3. The simulations really do not seem to be too bad. Mix and match descriptions and terms. Exhibits to analyze. No genuine ‘simulations’, like configuring a firewall or WAP. This is good news.
For defensive tools, expect more. They are testing your knowledge of what typical output looks like: tcpdump, antivirus, netstat, ping and more. RAID might have slipped off the list this time. Probably, the Cisco-specific stuff is gone. At least, it seems so.
Expect to have to identify vulnerabilities by a short verbal description. An exhibit might show netstat output or even a code snippet. This can be challenging.
Overall, it is doable within the 90 minutes, as long as you know all the tools and output. The quiz covers all this.