Are You Ready for Security+ Performance Based Questions?
If you’re planning to take the Security+ exam you can expect to see some Security+ performance based questions. They have also been added to the A+ and Network+ exams. You can read more about performance based questions here, but in short a performance based question requires you to perform a task rather than simply requiring you to answer a multiple choice question.
For example, do you know how to configure a WAP?
While CompTIA originally stated these would be task-based questions, they are often appearing as simpler drag and drop questions, or questions where you can select items from a drop down menu. The Security+ Blog Links page has a section with several links to blogs on Security+ performance based questions. Some of these blogs include comments by readers and test takers.
When Did They Start Appearing in Security+?
These Security+ performance based questions started to appear in the Security+ exam in the first quarter of 2013 and they have been appearing regularly. I’ve been updating the Security+ Blog Links page and the Security+ performance based questions periodically with new information on them. Many readers and test takers have left comments on this page at the end of the blog. I’m also grateful to the readers that have sent me notes about their experiences through my contact page.
Pass the Security+ exam the first time you take it
CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide
How Many Questions Are on The Security+ Exam?
When the Security+ exam had only multiple choice questions, you had 100 questions.
After performance based questions were added, test takers typically have 70 to 90 multiple choice questions, and anywhere between two and ten performance based questions. The Security+ Blog Links page includes a section listing many blogs with free practice test questions. Here are a couple of pages that give sample multiple choice questions:
- Security+ Practice Test Questions on Objective 2.1
- Security+ Practice Test Questions on Objective 3.2
Here are a few pages that give information on performance based questions.
- Security+ WAP Performance Based Questions
- Security+ Forensic Performance Based Question
- Identify Social Engineering Attacks
What Performance Based Questions Should I Expect?
The question types vary, but this section identifies many of the types of questions that people have reporting seeing.
Matching
You might be asked to match topics with each other. For example, you might have a list of port numbers and a list of protocols and then be tasked with matching the ports to the protocols. If you know the ports, this should be rather simple.
As another example, you might need to identify the type of security controls used to protect specific devices. Objective 2.1 mentions Technical, Management, and Operational controls. Controls can also be identified as preventative, detective, and corrective controls.
Matching questions might appear using a drag and drop format. For example, you might see security configurations on one side and devices on the other side and you’ll need to drag the relevant security method to the correct device. Consider these two lists:
Devices
- Mobile phone
- Server
Security methods
- Screen lock
- Strong password
You can lock a mobile phone with a screen lock so you would drag the screen lock method to the mobile phone.
You can use a simple password on a mobile phone but not a strong password. However, you can use a strong password on a server. In this case, you’d drag the strong password method to the server.
There’s a subtlety here though which makes it important to understand the concepts and match them to the question. If the question refers to mobile devices as smartphones, you can only use a simple password such as a personal identification number (PIN). If the question refers to mobile devices as laptops, than you can use strong passwords because laptops can have strong passwords just like a server. This is a perfect example of how a simple twist in the question can change the answer. However if you understand the concepts covered in the objectives, these questions won’t throw you.
This page gives a simple example of a matching type question: Security+ Match Device Controls.
Click on a Diagram
You might be asked to click on a diagram to select something. As a simple example, you might see a network diagram with multiple devices and be asked which device provides the best security during an attack.
Some devices have logs and you might need to open up logs and review the information to determine what happened. As you review these logs, you’ll see some errors listed in at least one of them that identifies the problem.
As another example, you might be tasked with giving a user appropriate permissions to perform job tasks. The diagram then shows a list of groups with specific permissions assigned. You then need to pick which group (or groups) to put the user into. The key here would be to remember the principle of least privilege and ensure that the user is granted enough rights and permissions to perform the job and no more.
Put a List in the Correct Order
You might be asked to arrange topics into a specific order. For example, a forensic analyst is required to know the order of volatility for data. You might see a list like this (though not in order) and be tasked with putting it in the correct order.
- Data in RAM, including cache, and recently used data and applications
- Data in RAM, including system and network processes
- Data stored on local disk drives
- Logs stored on remote systems
- Archive media
This page gives a simple example of a matching type question: Security+ Forensic Performance Based Question.
Create an ACL
You might be asked to provide details for an access control list on a router or firewall. Basic firewall filters can filter traffic based on IP addresses, ports, and some protocols. If you want to limit traffic, you can start with a deny all strategy where all traffic is blocked and then create exceptions to identify what is allowed.
For example, if you wanted to allow a certain IP address through, you could add an exception in the ACL to allow traffic from or to this IP address. Similarly, if you wanted to allow certain protocol traffic through, you could add an exception to allow traffic based on the protocol’s port number.
When preparing for a question like this make sure you know the ports for Security+.
Configure a WAP
Networks commonly use wireless access points (WAPs) and configuring security with them is an important skill to know. CompTIA stresses this on both the Network+ and Security+ exams. You should be able to configure basics such as:
- Change the SSID
- Enable/disable SSID broadcast
- Enable MAC address filtering
- Configure security such as WPA and WPA2
Larger enterprises, add additional security to WAPs with WPA2 Enterprise. WPA2 Enterprise requires an 802.1x server typically configured as a RADIUS server.
This page gives information needed for this type of question: Security+ WAP Performance Based Questions.
Command Prompt
You might be asked to perform a task from the command prompt. You’ll have access to a simulated command prompt and be required to perform a specific task.
In the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide, I gave an example with a couple of graphics that could easily be used in this exam.
The question could go like this: “Determine if the file shown in the graphic is valid.” The file in the graphic includes a valid MD5 hash.
You are then put into a command prompt with nothing more than a blinking cursor. What do you do?
The first step is to see what is in the current directory. You could do so with the dir command. More than likely, you’ll see the file that was displayed in the graphic, along with programs that can be used to create a hash such as md5sum and sha1sum.
Next, you’d calculate the hash on the file using the correct program. This requires you to know that the hash shown in the graphic is an MD5 hash. You’d then run the md5sum program against the file to calculate the hash. If the hash shown in the graphic was a SHA1 hash, you’d need to run sha1sum instead.
That’s it. In retrospect, you only need to enter two commands: dir and md5sum filename. However, you need to have some underlying knowledge to do so successfully.
What is the Biggest Challenge?
Many of the questions are straight forward and it’s easy to identify what is desired. However, the biggest challenge many people report with these types of questions is figuring out what some of the questions are actually asking. For example, the sample in the Command Prompt section earlier only states “Determine if the file shown in the graphic is valid” and shows a graphic. It doesn’t tell you to run the dir and the md5sum commands. However, this is the only way you can determine if the file is valid.
With that in mind, you often need to give these types of questions a little more thought and pay attention to the clues given in the question.
Should I Answer These Questions First?
The performance based questions are typically first in the exam and many times they surprise people. The biggest thing to consider is the amount of time you spend on these questions. Some people haven’t had time to answer the easier multiple choice questions after spending a significant amount of time on the harder performance based questions. In general, I give test takers the following advice with performance based questions:
- Look at each one.
- If you understand what is required to answer the question and you can answer it, then answer it and move on.
- If you don’t understand the question or don’t know the answer, mark it and move on. You can mark it by clicking a checkbox labeled Mark.
- After you complete the multiple choice questions, go back to the marked questions.
You aren’t penalized at all for marking a question or skipping it the first time through. If the question is answered correctly when you finish the test, you get credit for answering it correctly regardless of how many times you looked at it.
How Much Are These Questions Worth?
More than likely these questions are worth more than a typical multiple choice question. While CompTIA doesn’t release the actual value of any single question, it’s very likely that each question is worth a little more than 4 percent of the total.
If the original exam has 100 multiple choice questions and the new exam has 87 multiple choice questions with three performance based questions, these three performance based questions could be worth about 13 percent of the total. If you divide 13 percent by three, it’s a little over 4.
Do I Get Partial Credit?
A common question people ask when taking these types of questions is if they get partial credit if they correctly perform part of the problem but not all of it. CompTIA isn’t saying, but I wouldn’t be surprised if they don’t award partial credit for these performance based questions. In other words, the question is testing your ability to complete a task and either you can, or you can’t.
Some questions are asking you to match topics. If you match some of them correctly, it makes sense that you would get partial credit for what you matched correctly. Again though, this decision lies with CompTIA and I have not heard them say.
Will Books Be Updated to Include Performance Based Questions?
It’s unlikely that any books will be updated specifically for the Performance Based Questions. It takes an extensive amount of time and effort to rewrite, edit, layout, proof, and reprint books.
Certification books are typically only updated when the certification changes significantly. For example, the differences in the objectives between SY0-201 and SY0-301 Security+ objectives were significant. Publishers that had SY0-201 books in print published new books on the SY0-301 exam.
Further, most books include the content needed to successfully pass these performance based questions. The objectives aren’t changing. The only thing that is changing is the way that the objectives are being tested. If you understand the content, you will be able to answer the questions.
Update: The CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide is now available and includes information on performance-based questions.
Along these lines, I’ve been asked a few times if the CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide will be updated. This isn’t likely. I expect that CompTIA will be releasing new objectives for the SY0-401 exam sometime this year. When they do, I’ll be updating the SY0-301 Study Guide. You’ll probably still be able to take the SY0-301 exam through at least part of 2014.
Available through LearnZapp on your mobile phone
Summary
If you’re planning on taking the Security+ exam any time from today on, you can expect to see Security+ performance based questions. These questions are different than multiple choice questions but they are not impossible to answer. If you understand the content, you will likely be able to answer these questions without too much difficulty.
Failed the test with a 730 the other day and I’m pretty sure it was 2 simulation questions that killed me. Some of these were easy but others weren’t. I’ve been looking online for the questions or even the concepts I need to study and I’ve come up short. Especially with one simulation that wanted me to answer questions when all I was given were strings of encrypted data. I’ve found a lot of info on the 301 sim questions but not much for the 401 sim questions. Is the gcgapremium.com study package updated for 401 and do you think it’s my best bet to prepare for the simulated questions? Planning on retesting in a week.
Sorry to hear you dropped the exam, but the good news is that you’re close. You probably only missed it by one or two multiple choice questions
> Failed the test with a 730 the other day and I’m pretty sure it was
> 2 simulation questions that killed me.
Your message is similar to others I’ve heard and here’s what comes to mind.
The two simulations very likely did NOT kill you. You may have missed them, but they could just as easily have been beta questions. If you just skipped them and and got two more multiple-choice questions correct, you may have passed. Check out these blog posts:
Skip Performance-Based Questions
5 Performance-based Questions Tips
Performance-based Question FAQs
> Is the gcgapremium.com study package updated for 401
Yes. I hear from people almost every day telling me they’ve passed the exam using the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide and/or Security+ study packages available here.
More, new questions are regularly added. This page shows some of the updates.
Hi Darril,
I am planning to take this exam in September. I just get to know that my employer required Security + certification. I have a very basic question. is Sy0-301 & Sy0-401 same? They told me to take Sy0-301. Please advice.
> is Sy0-301 & Sy0-401 same?
No.
> They told me to take Sy0-301.
Sy0-301 has expired.
Check ou this post
https://blogs.getcertifiedgetahead.com/security-sy0-301-and-sy0-401-differences/
I am scheduled to take the exam on August 19th. So therefore I have about a month to study. Bottom line up front, what is going to be the most efficient tool for me to use to study in order to be ready for the exam?
I hear from people almost every day telling me that they’ve passed using the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide combined with a study package from the gcgapremium.com site.
My recommendation is get both the study guide and the Security+ Full Access Bonus Package, which includes several bonuses.
It’s a tough exam, so I’d encourage you to start immediately. You certainly don’t want to take this path.
Good luck.
Why are there no recent responses? Am I in the wrong spot?
You’re in the right place. People ask questions when something isn’t clear and my intention is to respond when they ask clear questions. If you explore the links on this page, you’ll find many recent queries by others.
so how do you learn from this if your job doesnt even use 98% of the material. i am an IAO but im primarily a paper pusher. everything at the facility i work at has been set up. we are told, by MANAGEMENT, to not mess with anything, to not pen test, to not vul scan as everything has been set up as it should be. i work in a classified environment where things are very very specialized and not to be played with. i have taken the test twice for security plus twice and each time the practical question kill me. i am prior navy and not from the IT world. cryptography is pretty confusing and the instructor kinda just read from the book
Hi Thomas,
Somehow I missed your post. I hear from many people in a similar situation that can and do pass the exam. You just need to study much harder than others. The content from the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide has the content you need to know and this page has a study plan you can use.
Darril,
I just picked up your latest book the dy0-401 and in going through the finals questions at the end of the book I noticed an error on question number 9.
It states
Which if the following choices is an AAA protocol that uses shared secrets as a method of security.
The answer the book has is marked a “b” when the actual correct answer is C “radius”
If you go further and ready the explanation, you will be able to figure out the right answer but just wanted to let you know.
thanks,
Ninja
Yes. It seems like no matter how hard we try, some errors, like the one you mentioned, sneak in.
You can find the errata page here.
Thanks for the feedback.
Darril
Hello Darril,
Just wanted to say thank you, I passed my SY0-401 exam with a score of 787. I have to say with your website it would have been very difficult for me to pass. For the most part there was no surprise for me on the exam, I thought I should have scored much higher score but then who is counting. A pass is a pass!!!
Hi Ladi,
That’s great news. Congratulations! And it’s always good to hear that the online resources help people like you.
Good luck with your next adventure.
Darril
Darril,
Thanks for producing such a great study guide! I passed the Security + test a couple days ago on my first try with a 809. I used your book and the paid content on your website. I will recommend this book to all my colleagues!
James
Congratulations James. That’s always great to hear and good to know that the book and content on the website helped.
And I really appreciate you recommending the book to your colleagues.
Good luck with your next adventure.
Darril
Hi Gibson,
I would like to thank you very much for the performance based questions which you provided in this website. It was really very helpful for me in passing the exam. I scored 847/900 and I think I am the last person to take up security + in this year, ha ha. I purchased your official text book for the exam and it was very helpful.
Thanks a lot and would definitely recommend this book to everyone.
Congratulations on the pass. Glad to hear that the website and book helped you. You probably aren’t the last person to take the 301 exam though. I know that many testing centers have extended hours and extra testing seats to accommodate some of the last-minute test takers.
Passed with 878 on the weekend. I had 74 questions in total with the following performance-based:
1) Configure the WAP router(basically all familiar stuff with RADIUS server details, port number was provided there). The default name of SSID was named ‘DEFAULT’ and i am assuming part of the test was to remove this and provide another value up to 32 characters long which is what i did. There were also other servers like DNS and WEB that were on the diagram but they had nothing to do with this configuration
2)Factor of Authentication(something you know, have, are)
3) Physical security controls for unsupervised lab,offsite laptops, server room, office
4) Controls for Smartphone vs Terminal Server. Out of all the known controls I was a bit surprised with PopUp Blocker and Cable Locks. I am assuming PopUp Blocker will be going for Smartphone as modern smartphone browsers have that function built-in. I also put Cable Lock to the smartphone as I know many telco shops protect their display smartphone models using this method.
Congratulations on the pass Denis. Great score and excellent information in your post. I wish you the best of luck in your next adventure.
Congratulations Teresa. Great to hear that the new 401 study guide and the premium website helped you. But it really seems like you took the time to learn this material inside and out and it paid off. Congratulations again!
I took the 401 version of the Security + certification exam this past Friday and passed with flying colors. My score was 793/900, which computes out to be 88.11 % and that is fine. Based on others are saying about the simulations for the exams, I saw most of simulations that were on the premium website were also the exam. All of the simulations were the first questions on the exam.
Sim 1: Configure a firewall to allow certain computers access other computer through ports and protocols (know your port numbers and whether they are UDP or TCP or both, along with IP addresses for the computers).
Sim 2. Drag and drop security features for Mobile Device and Terminal Server.
Sim 3. Configure a WAP to highest level of security, you are given the info for 4 servers and go configure it to the best of your ability using the information you have been given.
Sim 4: Given a list of items and match them to the appropriate authentication factors ( Something you know, are, or have)
Sim 5: Match security controls to devices in the floor plan of the building
The security + study guide for the 401 version of the exam along the premium access was really instrumental helping me pass the exam. I studied the content in the guide and the site as much as I could along with looking at the blogs to get some insight about the performance based questions. I had 5 simulations to complete before the form based question came in to play. 5 simulations and 65 form based questions gave me 70 questions in all to go through and complete. I gave a month after I had a week long training class that taught me what to look out for when taking the live exam. The class sort of help, but textbook didn’t help understand the material, so I ordered the 401 version of Get Certified Ahead for Security +. It really helped understand the material and how it all comes together.
Passed today with a 865. Thanks Darril your book really helped a lot. Thanks again!
Congrats Dryden. That’s always great news and good to know the book helped.
Good luck with your next adventure.
Hey Darril,
Just passed my Sec+ today and wanted to let you know that your book was instrumental in getting my passing score (872). I was getting really nervous because I looked elsewhere around the internet for more and more practice questions and they were really tough! But i trusted in your book and all these testimonies and stuck with it. I will definitely come to your study aids first for any other Certs that come my way in the future. Thanks for all the hard work you have done to help schmo’s like me pass this thing.
Congratulations Scott. That’s great news and 872 is a great score. It shows you really understood the material. Thanks for the kind words and compliments. I wish you the best in your next adventure.
Darril,
I see that you wrote the SSCP Systems Security Certified Practitioner Exam Guide: All-In-One book. Do know if there is going to be an updated edition anytime soon?
Thanks
Yes, but not soon. I’m working with the publisher to update it but we can’t move forward until ISC2 updates their objectives. I really expected them to have updated the objectives by now. That said, I get a lot of feedback from people saying the book has helped them pass the SSCP exam using the current objectives.
Hope this helps.
I passed the Security+ exam this week with an 865/900 using only Darril’s book: ” Security+ Get Certified Get Ahead” & all of Professor Messer’s Security+ videos on youtube. I have a Master’s degree in Information Systems with a concentration on Network Security Management, which helped quite a bit also, but I found using Darril’s book the easiest due to him breaking down material and concepts using great examples. Finding time to read and watch the videos was not easy as I work full time and I have a family, including a 6 month old daughter, but the little time I did have, I used to prepare for the exam. I spent a total of about 2 weeks, give or take, preparing for the exam. I plan to do either CASP, CCNA Security next or the CEH. Thanks again.
Congratulations on the pass Terrance. That’s a great score, especially with only two weeks of studying. Thanks for the kind words about the book – I appreciate it.
Good luck with whatever cert you choose to purchase next.
Darril, thank you for the resources you provide for the SY0-301 Security + exam. I took my exam yesterday and passed with a score of 841. I had 6 simulation questions in the beginning, and 74 questions total. Your resources were awesome. I purchased the SY0-301 Study Guide as well as the Practice Test book. The exam definitely threw me a bit on several questions b/c I could conceptually get it down to 2 possible answers, and then had to figure out which of the 2 was the “BEST” answer. There were many questions that asked for the “BEST” answer, so if you did not understand the concepts really well, it could go 50/50 for those questions with narrowing it down to 2 possible answers. About 1/3 of the questions were probably almost identical to the ones in the study guides, and the other 2/3 you had to understand the concepts pretty well to answer them. The performance based ?’s I had that I can remember were matching security controls (cable locks, biometrics, proximity cards, locked cabinets, safes) to their respective places like lab, office, datacenter, remote laptops; forensic order of volatility; configuring a secure WAP w/ RADIUS;security controls for smartphone vs terminal server;match items in the list with the 3 types/factors of authentication. Thanks again Darril for your resources!
Just passed my exam about 2 hours ago. Many thanks to Darril; the book and app helped tremendously. I had about 6 performance based questions on my exam. Two of them were fairly difficult and involved setting up a secure wireless network and securing an office, datacenter and unsupervised lab. The other four were mainly matching and not hard at all. The wording of many of the questions were different than the ones I had seen on practice tests and so forth, but, as Darril repeatedly points out, if you know the material, you can figure out the answer. I didn’t feel any of the questions were designed to ‘trip’ me up, but they were constructed to verify that I knew the material.
Congratulations Joe. Glad that the book and app helped.
Good luck with your next adventure.
Thanks for good feedback, before taking the exam.
@Darril: Just want to know what can be the next step once you complete your Security+.
Cheers
Many people pursue the SSCP or CISSP certification. The SSCP is a good stepping stone to the CISSP.
Good luck.
I took the exam on Saturday. Scored an 801!!!! My performace based had a bunch but one was configuring a WEP. I was suprised as I have only seen WAP and WPA2 and my router uses WPA2. I just did the basics of what I knew – disable and change the SSID, configure raidus with port 1812 and the port #. I also had one on matching the control to the place in the data center – like putting locks on laptops, mantrap in server room etc.
Congratulations Angie. Good luck with your next adventure.
Darril
I’ve got my exam this coming Monday and have been using the study guide and am doing well with the multiple choice questions.
Has anyone taken the exam recently and seen any different performance based questions other than what has already been mentioned?
Thanks
Passed the test on 4/16/14 scoring an 858 with the help of both your book and the mobile app. I did have all six performance based questions on my test. Thanks again Darril!
Congratulations Joe. That’s always good to hear and glad to know that the book and mobile app helped you.
Good luck with your next adventure.
Congratulations Miguel. That’s great news and always good to hear that the book and other resources help people.
Can you take CEH, CASP, or SSCP? Absolutely. I’d suggest you focus on one at a time though.
Hello,
I just passed the test today. Your book helped me very well. As a native Spanish speaking I was afraid if I cant understand the wording on the question. In the very beginning I have to complete 3 simulation questions.
One for firewall configuration , another one to implement security in your environment (locks, CCTV, etc), and to read some logs from different devices to find the attack. I also used the membership here to practice the test.
I would like to know now if I can take CEH, CASP, or SSCP ( I am starting the basic, cause I know that doing that it gives you a better understanding of subjects)
Thanks Mr. Gibson, I was able to get 852 out of 900.
Thank you Mr. Gibson, I passed the exam today to with the score of 810. Your book and audio are really helpful.
I studied only this book and used the premium membership for about a week or two and passed with a score of 862! Thank you very much Mr. Gibson!
Congratulations David. Great score and it’s always good to hear when people pass the exam after using some of my resources. I’m receiving so many positive comments about the resources on the premium site (https://gcgapremium.com/) and I am very grateful the book and those resources are helping people like you pass the exam the first time they take it. Good luck with your next adventure.
In the section of Devices and Security Methonds, I noticed that you said a mobile device simple password, not a strong password. Then in the diagram, it shows a mobile device and strong password is an anwser. Which one should it be?
Hi Adam, I’m assuming you mean the diagram in the other post (https://blogs.getcertifiedgetahead.com/security-match-device-controls/).
The other post is referring to mobile devices as smartphones, tablets, and laptops though that wasn’t completely clear and I just edited it. Laptops can support strong passwords.
I also just added the following text to this post:
There’s a subtlety here though which makes it important to understand the concepts and match them to the question. If the question refers to mobile devices as smartphones, you can only use a simple password such as a personal identification number (PIN). If the question refers to mobile devices as laptops, than you can use strong passwords because laptops can have strong passwords just like a server. This is a perfect example of how a simple twist in the question can change the answer. However if you understand the concepts covered in the objectives, these questions won’t throw you.
Hope that helps.
Mr. Gibson, Your Security + book and online premium content were of most value in passing today’s test with an 830 score. Thank you.
Congratulations U. Glad to hear the book and other resources helped you pass – 830 is a great score. Good luck with your next adventure.
Mr. Gibson, your Security + book along with the online trauning were instrumental on passing today’s test. Thank you!
Hello I took my Security + today and I passed it! I bought your book off of amazon! Your book was such a huge help! I read the book the twice and I also studied too. I scored a 785. I didn’t get the highest score but I was able to pass. The simulation questions were the worst. I had 75 questions with 5 performance based questions. The simulation made me feel very nervous, but I calm down and I survive the test!
Congratulations Keisha. Glad to hear that the book helped and you found this page to help with the simulation questions. Good luck with your next adventure.
I just passed the test about an hour ago and it feels great thanks Darril
Congratulations Joy. That’s great news. Good luck with your next adventure.
I read the book wrote by Mr. Gibson and passed today with an 816. I have no prior knowledge of computer systems or networks and I must say the book was the key to success. The questions helped but I think the test mainly re-words the the questions and tries to confuse the test taker. Overall I am excited to try and get my network plus and my CEH! Can someone tell me what is the best book out there for CEH?
Congratulations on the pass Aaron.. With a score of 816, you clearly had a solid understanding of the topics. Glad the book helped. Good luck with the CEH.
Hi Darril, I took the test and passed this morning, scored 852 points.
A Big THANK YOU to you, your book and this blog.
Regards from Ireland,
Marcin
Congratulations Marcin! Glad to hear that the resources helped and you received such as a good score.
Hi Darril,
I hope this email finds you well,
I have brought your book CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide a couple of weeks , just to take the exam CompTia Security + SY0-301 but now I see it ‘s change with CompTia Security + SY0-401 . do I need other stuff to take the new exam , Please let me know what to do , I really need your advice before proceed
Kind Regards and waiting for your promt answer
If you look here (http://certification.comptia.org/getCertified/certifications/security.aspx), you’ll see that the 301 is the current version.
CompTIA is coming out with a 401 version probably in April or so but you can still take the 301 probably for six months after the new version goes live. I say probably because everything is tentative until CompTIA formally announces things.
That said, you have plenty of time to take and pass the 301 exam.
Hi Darril ,
I hope this message finds you well, I have brought your book for CompTia Security but there is a last exam for CompTia Security + , SY0-401. Do I need other books to pass it or your books cover all the stuff for the exam .
I have commented twice in here but it never posted?
Hi Lili,
I”m not sure I understand what you’re saying here.
> Failed:
> I just did 100 on randomized mode
Darril’s response> Are you talking about the practice test questions on this site: http://gcgapremium.com/security/ptqs/?
> If the test was changed please give us an option to learn Simulations, maybe you need to update the book?
Darril’s response>CompTIA changed the testing in midstream by adding the new performance based questions. They are now working on the next version of the exam (probably called SY0-401). The cost to upgrade a book is expensive and with it being useless in a short time, most publishers are not willing to upgrade the books. I’m trying to give people as much information as possible here, and have added simulated performance based questions on the other site: http://gcgapremium.com/security/ptqs/
>And let us know when is out to purchase a new version and upgraded version.
Darril’s response>Best option now is here: http://gcgapremium.com/security/ptqs/
>Simulations:
>Failed: Configure Firewall for 3 computers Input the 4 rules, ip address of source and destination, Port >number of services. The drop down in the firewall didn’t have an option to type the correct IP addresses.
>How to analyze the log files from each of four different devices (a Windows host, a NIPS, a router, and a >firewall) to determine which one had failed in the most secure way.
>I am broke and not able to pay for these tests, I am using my credit card.
>Please help!
Darril’s response>I’m really not sure what you’re saying here. Are you saying you failed the simulated practice test questions on this site (http://gcgapremium.com/security/ptqs) or that you failed the questions on the actual exam. Unless CompTIA just changed the feedback, you normally never know which questions you answered correctly, and which ones you answered incorrectly.
I certainly understand that the exam is expensive and you want to only take it once. One thing I like to stress is the importance of reading the explanations. Ideally you should know exactly why the correct answers are correct, and why the incorrect answers are incorrect. This way no matter how CompTIA words the questions, you can answer them correctly. Last, you can skip any questions that aren’t clear and come back to them later.
Hope this helps.
Failed:
I just did 100 on randomized mode
If the test was changed please give us an option to learn Simulations, maybe you need to update the book? And let us know when is out to purchase a new version and upgraded version.
Simulations:
Failed: Configure Firewall for 3 computers Input the 4 rules, ip address of source and destination, Port number of services. The drop down in the firewall didn’t have an option to type the correct IP addresses.
How to analyze the log files from each of four different devices (a Windows host, a NIPS, a router, and a firewall) to determine which one had failed in the most secure way.
I am broke and not able to pay for these tests, I am using my credit card.
Please help!
Hi Darril,
I took the Security+ exam this morning and passed with a score of 810! Your book was indispensable and I highly recommend it over Sybex. Thank you for presenting the material in a easy to understand format and one that wasn’t dry.
As others have stated above, you will encounter multiple performance based questions (I had seven) at the beginning of the exam. I would recommend flagging the ones that will take over 5 minutes to complete. Make sure you get to the multiple choice questions as soon as possible. I ended up using every single minute given to complete it.
Hi James,
Congratulations on the pass – Great score and good advice.
Good luck with your next adventure.
Hi Darril,
I’m a web developer, and most of the work I do is for government contractor organizations. I wanted to get the Sec+ cert in order to fulfill the DoDD 8570 Level II IAT cert requirement I see on so many positions, plus I’m genuinely interested in the subject matter, so I got your book. I read through every page carefully, read all the blogs, took a bunch of practice assessments, and even got the review app to prepare myself as best I could. I took the test a couple of hours ago, and, to pull from the book here, Ip@$$ed. 830 of 900!
Like so many others, I wasn’t made aware of the performance-based questions until a few days out, so I’m very glad to have the blog posts about the questions with which to prepare myself. I had five question performance-based questions on the exam right off the bat. CompTIA sure does a good job at throwing you off on just about every single question as well, but luckily I was armed with some solid knowledge.
I believe an understanding of at least the basic principles of IT security is kind of a must-have these days, so I’m happy to have both that solid understanding, and a brand new item to add to my resume. Thanks!
Congratulations on the pass, Nick. Great to hear that the book helped and that you got a heads up on the new performance based questions before the exam. As a web developer, I understand that some of this is outside your normal knowledge, so the pass is that much more of an outstanding achievement for you.
If you’ve never looked at a log, a simple solution is to do a Google search on something like “firewall logs” to see what they look like. You can also enable logging on your computer or it’s firewall and look at it.
Good luck.
Hi Darril,
As I am preparing to take the SY0-301 and am looking at the performance-based question blogs, I am realizing that I am very ill-prepared for questions which would ask me to interpret logs (device/firewall/system/etc). Can you suggest any materials or practical methods of honing these skills? I am interested in learning how they might be formatted and what types of flags I should expect to see.
Thanks in advance
Hi Darril,
I am currently studying for the Security+ exam using your book and hope I will be ready to take the exam in mid November. I already took and passed Microsoft’s version of the exam MTA: 98-367 (also by studying with your book).
After I have passed the Security+ exam I am going to take on the new CASP exam: CompTIA Advanced Security Practitioner. Is there any chance that you will be releasing a book to help prepare for this exam as well? I believe you also took and passed the exam yourself.
Thanks Darril!
~Sanjay
Congrats on the MTA pass and good luck with the Security+ exam. Yes, I did take and pass the CASP exam but I do not see myself writing a book on this exam in the near future. It’s not due to a lack of interest but instead because I have so many other projects in my pipeline. I wish you luck with it after the Security+.
Darril,
I passed the Security Plus test this morning, scored 785. Your book and the Performance-based blogs are extremely helpful. However, I think the test questions are more difficult than questions in your book. I self-studied using only your Get Certified Get Ahead book and the performance-based blogs.
I had 6 performance-based questions which identical to what had been reported in you blogs by previous test-takers.
Thanks again for your book, your blog and your attention to my previous comments before the test. My next exam probably will be CCNA or CISSP. Do you write any books for those exams?
Congratulations on the pass. Great to hear that you passed using only the book and the blogs. Good luck with the CCNA and CISSP. I coauthored this book CISSP: Certified Information Systems Security Professional Study Guide (http://ow.ly/pgOsj ) with a couple of talented authors and it provides full coverage of the CISSP objectives.
Also, I wrote the CISSP Rapid Review book (http://ow.ly/pgONh ) as a late stage review for the CISSP – it doesn’t go in-depth to explain the concepts but instead reminds you of what’s important. Many people take six months or longer to study for the CISSP digging into a wealth of material and it’s easy to get overwhelmed with it all. This book helps bring everything back into focus prior to the exam.
Good luck.
Hi Darril;
Page 161 of your CompTIASecurity+: Get Certified Get Ahead book discusses Firewall Rules that are based on protocol and port number such as: Allow TCP 80, Allow TCP 25 etc…
Could you provide the format to allow or deny source and destination’s IP addresses?
Thanks
Most firewalls use a GUI so you point and click based on the GUI.
There are multiple formats for commands but they are different for different vendors. Here are two examples from Microsoft based firewalls to open port 80.
netsh firewall add portopening TCP 80 “Open Port 80″
netsh advfirewall firewall add rule name=”Open Port 80” dir=in action=allow protocol=TCP localport=80
Here’s one from a Linux firewall
iptables -A INPUT -i eth0 -p tcp –dport 80 -j ACCEPT
Here’s one for a Cisco firewall allowing traffic from a specific client to any port 80 destination
access-list http_client extended permit tcp host 192.168.1.1 any eq 80
TD-
I am taking my exam this week on Friday and I am nervous about performance based questions. I saw that in your previous question to Darril, you asked about 3 performance based questions: How did you do on those questions? I am not sure what to study for performance based questions so I’m a little nervous plus I didn’t quite got most of the questions asked from other test takers.
“1. Analyze log files from 4 different devices (a Windows host, a NIPS, a router, and a firewall) to determine which one had failed in the most secure way.
I assume fail close would be the most secure way to fail but how do we determine that by viewing the log files?
2. Given a video of network diagram being attacked. You have to select what type of attack is taking place?
What do we look for to know what type of attack is taking place?
3. Check out the log files of 4 different devices (firewall, NIPS, router, server) and identify which one failed to do what the organization wants?”
Congratulations on the pass. I’ve been trying to raise the awareness of these new performance based questions though blog posts, comments, forum replies, the Get Certified Get Ahead newsletter, tweets, and the Get Certified Get Ahead Facebook page but people are still getting surprised by them. Still, great to hear that you passed. Good luck with your next adventure.
I passed? I must say I was completely caught by surprise with the simulation questions. I think I had about 5-6 simulation questions and yes they were my introduction to the test. I had to check at the top of the screen to make sureI was taking the right exam after the first 2! I got a 779 and was too shaken to be excited. But a pass is a pass!
TD. It sounds like you’re asking for exact answers but it isn’t appropriate to give the exact answers. If you understand the underlying content, you will be able to answer them correctly. On the log files, look for the time stamps and then read the most recent log file entries. Also, if a performance based question isn’t clear, mark it, skip it, and then return to it after completing the rest of the questions. Last, make sure you read the blogs on the performance based questions here: https://blogs.getcertifiedgetahead.com/security-blog-links/#Performance
Good luck.
Hi Darril,
I went over your book a few times and am working on the performance based questions. The comments from previous test takers on your blogs are extremely helpful. There are some comments that I would like to get your opinion in anwsering them:
1. Analyze log files from 4 different devices (a Windows host, a NIPS, a router, and a firewall) to determine which one had failed in the most secure way.
I assume fail close would be the most secure way to fail but how do we determine that by viewing the log files?
2. Given a video of network diagram being attacked. You have to select what type of attack is taking place?
What do we look for to know what type of attack is taking place?
3. Check out the log files of 4 different devices (firewall, NIPS, router, server) and identify which one failed to do what the organization wants?
Any idea on this one?
Thank you much Darril.
Do you have any study guies for the CASP exam?
Sorry, but no I do not have any study guides for the CASP exam. I have written some blogs. This link shows the result of a search on “Casp” in this site: https://blogs.getcertifiedgetahead.com//?s=casp&x=-1124&y=-237
Hi Darril
Thanks for your book and especially the heads up on the performance questions. That would have been a real shock if I had not read these pages this morning. Luckily I did, and I passed :=)
The performance questions were basically what Allen described above. I had one illustrating an attack and had to select the type. Knowing the ports for Radius server and TFTP (!) really helped too.
The logs question I found really difficult. How to determine which device “failed” in the most secure manner? Practice on real world firewalls and WAPs over the last few years really helped too.
I found the wording of the questions more difficult to pull apart than the ones in the book. Maybe the examiners are just getting more clever. ;=)
Anyway, thanks again
regards from Switzerland
Martin
Congrats on the pass. Glad to hear that the book and blogs helped. I wish you the best of luck in your next adventure.
Darril
Hi Darril, I passed my Security+ examination today. I am glad that I checked out the website and saw the performance based questions. My first six questions were all performance based. Sim 1. Drag and drop security features for Mobile Device and Terminal Server.
Sim 2. Drag and drop Services to correct port number
Sim 3 Configure Firewall for 2 computers. Input the 4 rules asked by the question. (ie. ip address of source and dest, TCP or UDP Port number of services.
Sim 4. Read scripts form Firewall, IDS, and Router. Which network device failed. Don’t remember the others. Then I only had 75 questions left to answer. My final score was 762. Not bad but I was aiming for 800 but I was happy I passed. I plan to take my Network+ next. Do you have a book for that? Thanks for all the preparation and for having such a great book.
Congrats on the pass. Glad to hear that the book and the website helped – thanks for the kind words. I do have some resources for the Network+ exam but I don’t have a full study guide available yet. This page gives an overview on the Network+ and includes links to the available resources: http://getcertifiedgetahead.com/wpb/index.php/network/.
This page includes links to many blogs I’ve written on the Network+ exam: https://blogs.getcertifiedgetahead.com/network-blog-links/
Good luck.
hello,
may I have other description of Sim 5?what would you understand with”which network device failde?”thank you so much.
Marco
I just ordered your book last week and I am feeling very confident about taking the Security+ next week. I took the pre-test and scored 68 out of 100 and after I finished the book I scored a 84 out of 100 on the post test. A nice improvement but could be better. I tried reading another book but I couldn’t stay focused. Your book was great and provided me with explanations to things I didn’t at first understand. Especially cryptography! I am glad I visited your site because I would had been lost on the performance based questions. Will let you know how it goes!!
Thanks
Great to hear. Thanks for the kind words. While it is great that you’re seeing improved scores with the tests, one thing I like to repeat is that it’s important to look at the explanations too. Ideally, you should be able to look at any question and not only know the correct answer, but why the correct answer is correct, and why each of the incorrect answers are incorrect. That way, no matter how CompTIA words the questions, you’ll be able to answer them correctly.
Good luck.
Hi Darril,
I am reading your Security+ Get Certified Get Ahead book and will take the test at the end of September. I have some IT technical knowledge but don’t have any hand on experience. My biggest concern is the large percentage of perform based questions on the test. Could you recommend websites/ books etc. so that I can prepare for those performance based questions?
Thanks.
Check out the links here:
https://blogs.getcertifiedgetahead.com/security-blog-links/#Performance
That section of the https://blogs.getcertifiedgetahead.com/security-blog-links/ page has seven blogs on the performance based questions. Make sure you read the comments from other readers on all the pages, including this page.
Good luck.
I read all 7 blogs. Great information and I feel a lot more confidence. I will be back and update after taking my test at the end of September. Thank you for your quick respone.
Good luck. Let us know how you did.
Darril,
One more thing, my employer provided me a voucher to take the JKO-018 Security + exam since it is a lot cheaper than the SYO-301 exam, they assured me this is the same as the SYO-301 exam. I am reading your book that has the title SYO-301 Study Guide. Based on your experience, are those 2 exams exactly the same?
Yes they are the same exams. The JK0-018 voucher is typically only available in education institutions and but it is still the same exam.
Good luck.
Just took the Test and made a 89.
Sim 1. Drag and drop security features for Mobile Device and Terminal Server.
Sim 2. Drag and drop Services to correct port number
Sim 3 Configure Firewall for 2 computers. Input the 4 rules asked by the question. (ie. ip address of source and dest, TCP or UDP Port number of services.
Sim 4. Read scripts form Firewall, IDS, and Router. Which network device failed.
Sim 5. Secure WAP to connect to your domain RADIUS server.
Sim 6. Network diagram, What type of an attack is happening.
Sim 7.Five different Social Engineering scenarios. select from a dropdown list what is happening (ie. Phishing, Hoax, Pharming etc…)
Thanks for the help Darril
Congratulations on the pass. An 890 out of 900 is an excellent score.
Good luck on your next adventure.
I took the test and passed this morning. I bought this book two months ago and attended a class locally for a week in early June. I could’t tell you anything I learned in the class ($2000) but this book is the reason I passed. I had the EXACT eight performance based questions outlined by Amit in his June 29th 2013 comment.
Thanks, Darril, for the outstanding book. I am looking forward to CISSP now!
Congratulations Dave. That’s great news and glad to hear the book helped.
I wish you the best of luck on the CISSP exam.
Just took the exam today and passed. I am glad I came across Darril’s blog just one day before my exam. I was presented an exam with 70 questions of which 8 were performance based:
1. Configure a corporate WAP (expected RADIUS port, non-default SSID, disabled SSID, channel number and mode (mixed, B or G)).
2. Identify type of attack from an animation (confusion was created between smurf attack and ping of death).
3. Another animation which contained two attacks to be identified (DNS spoofing and ARP poisoning).
4. Check out logs of 4 different devices (firewall, NIPS, router, server) and identify which one failed to do what the organization wanted.
5. Identify forensic gathering steps – cache, RAM, swap, hard disk.
6. Described some method (such as email sent about fake antivirus product) in one column and target in second column (such as CEO of company, general public, etc). Had to identify type of attack – whaling, phishing, spam, etc.
7. Configure firewall rules – one had to identify ports on which services ran to configure the firewall (TFTP was one).
8. Identify protection mechanisms required for mobile vs server in a data center. You had to drag and drop from a list of mechanisms in the column under the appropriate device.
Congratulations on the pass. Glad to hear the blogs helped. I wish you the best of luck on your next adventure.
The problem I have with the new Sec+ test, is that performance needs to be tested based on the training provided. When I teach a task to someone, I don’t just explain the terms and tell him/her what the process is like and then give him the task to perform; that’s just not educationally sound. Testing should mirror the training. If I expect someone to “Configure a Wap” (for instance), that means that the training should have not only explained the terms involved with their purpose and function, but have walked the person through the steps to do so, and have given the person a scenario for training in which they have to actually configure a Wap based on a scenario. Then it’s educationally sound to test them using scenario-based simulations.
I am required to pass Security + just so I have knowledge about what it is and understand networks and network security better because I work with IT people. However, I am an Instructional Designer, and have never worked on computers; only used computers. When I took the test I know I would have passed the knowledge questions; but the performance-based questions were too deep for me.
Hopefully the next time I take the test I will get one with mostly questions, because I just flunked the 70 question one with quite a few simulations. I ran out of time because it took me too long to try to understand the simulations, and I ended up with 18 unanswered questions.
Sorry to hear you dropped the exam. I can’t speak for CompTIA, but you might be the type of person that they are specifically targeting with these types of questions – someone who has “never worked on computers.” The Security+ objectives expect you to have skills and knowledge required of an information technology (IT) security professional with:
 A minimum of 2 years experience in IT administration with a focus on security
 Day to day technical information security experience
 Broad knowledge of security concerns and implementation including the topics in the Security+ domains
Your employer’s requirement for you to get this certification might be unreasonable.
Three things come to mind for the next time you retake it.
1) Expect 7-10 performance based questions. This is what I am consistently hearing from test takers.
2) Get some experience. For example, go through all the settings on a WAP and see how to do it. You don’t need to modify the settings but you can look at them to see how it’s done.
3) Mark and skip the performance based questions if it isn’t clear what they’re asking. After you complete the multiple choice questions, go back and do the performance based questions.
Good luck.
Hello everyone,
I took and passed my Security+ exam on Thursday, March 14th 2013. As others have posted, my first three questions were performance based, leaving me with 91 multiple choice questions. The performance based questions I received consisted of building an ACL on a firewall, placing memory in the proper order of volatility, and matching authentication factors.
For me, I found the performance based questions to be very easy. The directions are clear and they tell you exactly what they are expecting. If you know the material from Darril’s book, you should have no problem figuring out the performance based questions. And if you truly understand the material, you’ll probably find these questions to be easy, just as I did.
My main study material consisted of Darril’s SY0-301 study guide and practice test questions (two separate books). I also found a second book to compliment everything I learned in Darril’s book and to make sure I wasn’t missing any content.
Overall, if you have some experience and match that up with Darril’s study material, you have a pretty good chance at passing. The test is not easy, but if you go into it with a full understanding of the material, you should have no problem deciphering the CompTIA questions to formulate your answers.
Good luck! –Tracey
I just passed the Security+ exam today March 11th 2013. I wanted to provide a little insight on the exam, the first 3 questions are simulations. #1: You are given situations with pictures and there is a drop down to select which one it is, for example: vishing, spam, phishing, etc. #2. The second was a video of a network diagram being attacked, you have to select what type of attack is taking place. #3. The third sim was configuring a WAP to the highest security level, you are given 4 servers and you have to take the info from all 4 and configure the WAP. Thanks again Darril you helped me a lot through my journey!
Congratulations on the pass Danny and thanks for the information.
I just took the security+ this morning, and let me tell you….I winged it and barely passed. You would not believe the score I got: 751. Also, the first 3 questions I had were performance based questions. I actually couldn’t answer the first one because of some error or malfunction as I didn’t see anything but the question and a blank screen. So I just flagged that question. What does flagging a question mean? Does it affect your score in any way?
Congrats on the pass. Flagging a question is simply marking it so that you can easily find it. If you have time after answering all the questions, you can then easily go back to flagged questions and give them more time. Flagging a question doesn’t affect your score at all.
I took the test last week and passed! (835). Your book was great, as was the practice tests on the Kindle.
Like others I had 3 performance based questions (91 questions overall). I had the same question (still not sure if i was right) as Lukas did. I also had a question about matching ports to services, and one that had me drag and drop security features to a terminal server in a data center and a mobile phone. The security features to choose from were things like A/V, remote wipe, etc. Had to put the features under each one (could put each under both if one thought it should go to both, and some were not used at all).
The performance questions were very interesting, and sometimes a little ambigous as to what they were looking for. But overall not bad.
Thanks again,
Greg
Congrats on the pass Greg. Thanks for the information.
Good luck on your next adventure.
Darril
Hey there Darril,
Just passed my Security + test today ( Scored an 829)! Your book helped tremendously in passing, no question. There were three performance based questions on my test. All three were first three questions of the test. There were a total of 91 questions.
1. Configure Firewall Access Control List for three devices accessing different resources on the network. (Know your ports and whether they are TCP, UDP or both on this one)
2. Place items in the order of volatility. (Most volatile to least volatile)
3. Given items in a list, match them with their Factors of Authentication. (Know the three factors of authentication: Something you know, Something you have, and Something you are)
Thanks again for writing such a comprehensive book!
Congrats on the pass. That’s a great score.
Thanks for the kind words about the book and thanks for providing some insight into what you saw.
Good luck with your next adventure.
I had an EPIC fail today! (Scored 678) Will try again in March…. Used exam cram and NO questions from practice tests from book were on exam. I am going to purchase your book to get another angle…Was clearly not prepared for so many situational type questions.
Karen, sorry to hear you dropped the exam but great to hear that you’re not letting it beat you. When using the CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide, make sure you read the explanations for the questions. Ideally, you should be able to look at any question and know why the correct answers are correct and why the incorrect answers are incorrect. This way, no matter how CompTIA words the questions, you’ll be able to answer it correctly. Also, if you want some practice test questions on a mobile device, check out LearnZapp’s apps: http://www.learnzapp.com/apps/securityplus/index.html
Good luck.
Just took and passed my Security+ exam today…and it did include 3 of the performance based questions. The most complicated of the questions I had to analyze the log files from each of four different devices (a Windows host, a NIPS, a router, and a firewall) to determine which one had failed in the most secure way.
Congrats on the pass.
Some of the performance questions were tough, but I owe much of my success to Darril Gibson’s book Get Certified Get Ahead. I took the exam last year and failed by one question. This time I passed, I read the entire book and completed all review questions. Thanks Darril.
Congratulations on the pass, Adam. Great to hear the book helped.
Good luck with your next adventure.