Security+ Match Device Controls

Posted by in Security+ | 34 comments

Security+ Match Device Controls

The Security+ exam expects you to understand controls and you should be able to match device controls with specific devices. For example, can you match device controls used with mobile devices such as tablets and smartphones? Can you match device controls used on servers?

Performance Based Questions

Topics such as security controls for devices are ideally suited for the new performance based questions on the CompTIA Security+ exam. Instead of answering a multiple choice question, you might need to drag and drop different controls to the devices that they protect. If you’re unfamiliar with the new performance based questions, you might like to check out these blogs too:

Security+ Practice Test Questions

SYO-401 Practice Test Questions Now Available

Over 440 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 100 random questions. View 100 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 100 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of Security+ Practice Test Questions Here

 SYO-401 Practice Test Questions Now Available


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Additional Security+ questions to help you prepare for the new performance based questions. These are included with the full bank of Security+ practice test questions and are divided into different sections. For example, you'll have access to the following links:

- Performance Based Question - Set 1

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of security to mobile devices and servers in a data center. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 2

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 3

You'll see a graphic showing a network with computers and servers separated by a firewall. The firewall is used to control traffic between the computers and users using rules within an access control list (ACL).  You'll have three questions that test your knowledge and ability to correctly identify the relevant components of the rule. The incorrect answers and explanation provide you with insight into how to correctly answer this type of question on the actual exam.

- Performance Based Question - Set 4

You'll see a graphic explaining what you might be required to do on the actual exam related to what a forensic analyst would do during an investigation. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 5

You'll see a graphic explaining what you might be required to do on the actual exam to match protocols and ports. You'll then have seven questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 6

You'll see a list of security controls along with a graphic showing devices and locations within an organization, along with instructions on what you might be required to do on the actual exam to match the controls with the devices and locations. You'll then have four questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 7

You'll see a list of authentication methods and authentication factors along with instructions on what you might be required to do on the actual exam to match the authentication methods with the authentication factors. You'll then have six questions that test your knowledge and ability to correctly answer the questions. This set also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 8

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This is similar to Set 2 but expands on the possibilities. The set also includes a link to a page showing the end solution for the overall performance based question simulation.

New - Performance Based Question - Set 9

New questions recently added using a different testing engine. See a demo here. This set includes drag and drop and matching questions on ports.

New - Performance Based Question - Set 10

A random set of 20 performance-based questions using drag and drop, matching, sorting, and fill in-the blank. This set includes performance-based questions on RAID.

Get the full bank of Security+ Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Simulated Performance-based Questions

Bonus - Performance Based Questions

Simulated performance-based questions included with all

packages that include practice test questions.

Additional Security+ questions to help you prepare for the new performance based questions. These are included with the full bank of Security+ practice test questions and are divided into different sections. For example, you'll have access to the following links:

- Performance Based Question - Set 1

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of security to mobile devices and servers in a data center. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 2

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 3

You'll see a graphic showing a network with computers and servers separated by a firewall. The firewall is used to control traffic between the computers and users using rules within an access control list (ACL).  You'll have three questions that test your knowledge and ability to correctly identify the relevant components of the rule. The incorrect answers and explanation provide you with insight into how to correctly answer this type of question on the actual exam.

- Performance Based Question - Set 4

You'll see a graphic explaining what you might be required to do on the actual exam related to what a forensic analyst would do during an investigation. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 5

You'll see a graphic explaining what you might be required to do on the actual exam to match protocols and ports. You'll then have seven questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 6

You'll see a list of security controls along with a graphic showing devices and locations within an organization, along with instructions on what you might be required to do on the actual exam to match the controls with the devices and locations. You'll then have four questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 7

You'll see a list of authentication methods and authentication factors along with instructions on what you might be required to do on the actual exam to match the authentication methods with the authentication factors. You'll then have six questions that test your knowledge and ability to correctly answer the questions. This set also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 8

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This is similar to Set 2 but expands on the possibilities. The set also includes a link to a page showing the end solution for the overall performance based question simulation.

New - Performance Based Question - Set 9

New questions recently added using a different testing engine. See a demo here. This set includes drag and drop and matching questions on ports.

New - Performance Based Question - Set 10

A random set of 20 performance-based questions using drag and drop, matching, sorting, and fill in-the blank. This set includes performance-based questions on RAID.

Get the full bank of Security+ Practice Test Questions Here

Simulated performance-based questions included with

all packages that include practice test questions.

Match Device Controls Practice Question

The following list of controls includes some that are used with mobile devices such as smartphones, tablets, and laptops. It also includes some controls that are used with servers but not mobile devices. Do you know which ones are which?
Security+ Match Device Controls

Click the image for a larger view.

Some of these are used only on mobile devices, some are only used on servers, and some can be used on both.

Which security controls are for mobile devices? mobiledevicesicon
Which security controls are for servers? serversicon
Pass the Security+ exam the first time you take it:
CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide
CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

Match Device Controls for Mobile Devices

Here are the common security controls used for mobile devices:

  • Screen lock. Uses a passcode or password to lock the device. This prevents a thief from using a stolen device.
  • Strong password. Any time a password is used to protect a mobile device (or any device or system), it should be strong. This means they are at least eight characters and include multiple character types, such as upper case, lower case, numbers, and symbols. Laptops support strong passwords but smartphones and tablets typically only support simple passwords such as personal identification numbers (PINs) but since the question included laptops in the listing of mobile devices, strong passwords can be used. Two other blogs that cover password topics for the Security+ exam are Understanding Password History, and Three Factors of Authentication and Multifactor Authentication.
  • Data encryption. Encryption protects the confidentiality of data and smartphone security includes device encryption to protect the data against loss of confidentiality. It’s possible to selectively encrypt some data on a system, an entire drive, or an entire device.
  • Remote wipe/sanitation. Remote wipe capabilities are useful if the phone is lost. The owner can send a remote wipe signal to the phone to delete all the data on the phone. This also deletes any cached data, such as cached online banking passwords, and provides a complete sanitization of the device, ensuring that all valuable data is removed.
  • Voice encryption. It’s possible to use voice encryption with some phones to help prevent the interception of conversations
  • Global positioning system (GPS) tracking. A GPS pinpoints the location of the phone. Many phones include GPS applications that you can run on another computer. If you lose your phone, GPS can help you find it. Who knows? You may find that it just fell through the cushions in your couch. This is useful to know before you send a remote wipe signal.
  • TPM. Trusted platform modules (TPMs) are hardware encryption devices. You can read more about them in the TPM and HSM Hardware Encryption Devices blog.
  • Cable locks. The number of laptops stolen during lunches at conferences is astronomical. Many people don’t seem to know how common thefts are and often leave their laptops unprotected. Cable locks can secure a mobile computer. They often look about the same as a cable lock used to secure bicycles.
  • Locked cabinet or safe. Small devices can be secured within a locked cabinet or safe. When they aren’t in use, a locked cabinet helps prevent their theft.

Note about TPMs

This is a great example of how technology has changed since the original Security+ objectives were released. Back then, you would typically only find TPMs on laptops and some systems that needed full disk encryption, but not other mobile devices such as smartphones and tablets. Today, some smartphones and tablets include TPMs to encrypt data. If the Security+ exam questions are keeping up with the current technology, you could include TPMs with mobile devices.

You can read more about them in the TPM and HSM Hardware Encryption Devices blog.

If you were to match the controls to the Mobile devices, it might look like this. The idea is that you drag and drop individual controls from the area on the right to the area under Mobile Devices.

Security+ Match Device Controls to Mobile Devices

Click the image for a larger view.

Get Certified Get Ahead

Match Device Controls for Servers

If you were to match the controls to servers, it might look like this:

Security+ Match Device Controls to Servers

Click the image for a larger view.

Some of these items are the same as the mobile devices, and some of the items are unique for servers:

  • Strong password. Any time a password is used to protect a mobile device (or any device or system), it should be strong. This means they are at least eight characters and include multiple character types, such as upper case, lower case, numbers, and symbols. Two other blogs that cover password topics for the Security+ exam are Understanding Password History, and Three Factors of Authentication and Multifactor Authentication.
  • Least privilege. Least privilege is a technical control. It specifies that individuals or processes are granted only those rights and permissions needed to perform their assigned tasks or functions. Rights and permissions are commonly assigned on servers, but rarely on mobile devices such as tablets and smartphones.
  • Data encryption. Encryption protects the confidentiality of data on servers just as it can protect the confidentiality of data on mobile devices. It’s possible to selectively encrypt individual files or entire disk volumes.
  • Mantrap, cipher lock, and proximity lock. This are examples of physical security and they can be used to restrict access to a server room.
  • Firewall. Software-based firewalls are commonly used on servers but are extremely rare on mobile devices.
  • HSM. Hardware security modules (HSMs) are hardware encryption devices. You can read more about them in the TPM and HSM Hardware Encryption Devices blog.

Security+ Full Access Package

Get Certified Get Ahead Security+

Pass the First Time!

Up-to-date Content

New multiple-choice and performance-based questions added regularly

Pass the first time with quality practice test questions, performance-based questions, flashcards, and audio.

Buy The Full Access Study Package Today

60 Days Access For Only $55.98

Need more time? You can easily renew for another 60 days at a significantly reduced price.

All materials are available online shortly after making your payment.

Get the Security+ Full Access Study Package Here

Our online Security+ study materials are the perfect complement to the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. They can also be used to help ensure you're ready no matter what study guide you're using.

This exam is expensive.

Make sure you're ready before exam day. 

Here's what you'll get:
  • All of the multiple-choice questions from the best-selling CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. See a demo here. All questions have full explanations so you'll know why the correct answers are correct and why the incorrect answers are incorrect.
  • Over 35 new multiple-choice questions we've added after publishing the study guide.
  • Over 70 performance-based questions. See a demo here.
  • All of the flashcards from the study guide. View them in any Web browser.
  • All of the audio from the study guide. Listen to a sample here.
  • A subnetting mini-tutorial to help you answer key question types in the Security+ exam.
  • Access to a free discount code for 10% off your Security+ voucher. Save $31.10 off the US retail cost for this voucher.

Buy The Full Access Study Package Today

60 Days Access For Only $55.98

All materials are available online shortly after making your payment.

Get the Security+ Full Access Study Package Here

CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

Security+ Match Device Controls Summary

You can expect to see some performance based questions on the Security+ exam and you might even see one requiring you to match device controls to specific devices. While these are different from a typical multiple choice question, you can still answer them correctly as long as you know the content. The information from this blog was derived from the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide, and it covers all of the security controls in the Security+ exam.

34 Comments

  1. Hi John,

    The Learnzapp app is awesome but it doesn’t include performance-based question samples. This site does include simulated performance-based questions.

    If the “copy of the book” is the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide, I hear from people almost every day telling me that they passed the exam the first time they took it using that study guide. It has several examples of performance-based questions.

    Hope this helps.

    Darril

  2. Hi Darril,

    I’m contemplating on buying your learnZapp CompTIA Security+ and Network+ bundled app on App store.

    Does the Security+ app include the performance based question samples?

    I attended the Security+ bootcamp and got a copy of the book. I’m just brushing up before taking the exam.

    Will the app be enough to prepare me?

  3. Thanks Darril for the material. I am writing my security+ exam on 3/10/15
    My questions is,
    If the laptop is considered a mobile device, should n’t we move the firewall to both mobile side as well as server side since we have windows firewall which we can set up on our laptops?
    Thanks
    James

    • Hi James,

      I was away from home so didn’t see this right away.

      Short answer: Possibly. But if I was taking the exam today, I would stick with firewalls on servers only in this context. .

      Mobile devices make some of the topics fuzzy unless you’re clear about what devices CompTIA is talking about. Also, I am getting the perception that CompTIA is moving away from laptops as mobile devices though it isn’t alwayss easy to know what they’re thinking.

      One of my goals is to get people to really think about the topics so that the actual questions are much easier. Hopefully that was the case for you today. Clearly, you were digging into why the correct answers were correct, and why the incorrect answers are incorrect.

      Forget the question for a minute. Should you enable a firewall on a laptop. Yes, whenever posssible.

      However, I’m unaware of any firewalls for tablets and smartphones. They might be trickling in, but I haven’t seen them.

      Compare this to passwords. Even though you can’t create a very strong password on mobile devices, you can use PINs and configure the device to lock after x number of incorrect PINs. It’s not a perfect correlation, but there is a connection.

      Hope the exam was a breeze for you.

      Best regards,

      Darril

  4. Great material which really helped me prepare and pass the Security+ exam. Thanks Darril!

    • Congratulations Chuck. Great to hear that you passed and I appreciate the kind words. Good luck with your next adventure.

      • Thanks Darril for the material
        If the laptop is considered a mobile device, should n’t we move the firewall to both mobile side as well as server side since we have windows firewall which we can set up on our laptops?
        Thanks
        James

  5. I passed my exam yesterday with an 858/900. I had 74 questions, 5 sims all from this site (ACL,volitile mem,password types,map of rooms to drag/drop security items,port number/protocol matching). this site and book were pivotal to my success and will definitely be using it again when time to prepare for the 401. Thanks so much!!

    • Congratulations CJ. Great to hear that you passed and good to know that the site and the book helped. Good luck with your next adventure.

  6. Yes. I keep people updated via the newsletter. The Kindle version is coming out this week and will be sale for only $2.99 one day. I’ll let newsletter subscribers know what day in advance.

  7. Wondering if there will be new study guides for SYO-401? Since 301 is retiring in a few months.

  8. I believe you can secure servers in cabinets, what about rack mounted servers in specialized enclosures that can be locked, would those not be considered a “cabinet”?

    • In the real world, yes, though they are typically called locking server cabinets or locking server rack cabinets. However, in the context of the Security+ exam, they are looking at a cabinet as a file cabinet.

      Hope this helps.

      • Yes that did, tremendously, thanks!

  9. Thanks Darril. I passed by specifically reading your book and taking the questions at the end. I took the test on Friday the 13th, not such an unlucky day after all. Your simulation questions are spot on. I find that taking the tests at the end of the chapter helped tremendously in memorizing the concepts. Thanks again Darril and have a happy Holidays.

    • Congratulations Chris. That’s great news and glad to hear that the book and other resources helped you.

      Happy Holidays to you too.

  10. It wouldn’t. At least not that I”ve seen. However, it would be used for a laptop and both laptops and cellphones are mobile devices.

    In contrast, it is extremely rare to ever use a cable lock with a server. Server rooms have other physical security so cable locks aren’t needed. I hesitate to say they are NEVER used with a server but for the exam they aren’t.

  11. Im just confused why there would be a cable lock for a cell phone. I bought your book and its helping. Taking the test on Friday 13th. I know what a wonderful day to take a test :-).

  12. So is a Mobile device considered a laptop or are they strictly referring to cellphones/ipads?

    • It’s not either/or. Mobile devices that can easily be transported includes laptop, smartphones, and tablets.

  13. Thank you Mr. Darril for the questions site, I well study the Q&A from your book Get Certified Get Ahead Gibson, Darril, and well study all the performance based questions in this blog 🙂

  14. TPM. A Trusted Platform Module (TPM) can be used to assist with hash key generation. TPM is the name assigned to a chip that can store cryptographic keys, passwords, or certificates. TPM can be used to protect cell phones and devices other than PCs as well.

    So it should be in the mobile side to right?

    thanks for the great example hope it comes in the exam 🙂

    • Thanks for the feedback.

      This is a great example of how technology has changed since the original Security+ objectives were released. Back then, you would typically only find TPMs on laptops and some systems that needed full disk encryption, but not other mobile devices such as smartphones and tablets.

      With that in mind, I originally put TPMs in with the HSMs.

      After receiving your comment, I see that some smartphones and tablets include TPMs to encrypt data. If the Security+ exam questions are keeping up with the current technology, you could include TPMs with mobile devices so I modified the blog.

      Good luck on the exam.

  15. I well take my exam at the end of this month, I would like to point out that these performance based questions mentioned in this blog are to the point and are very helpful to those who seek real examples of performance based questions that come in the exam.

    • Thanks for the comment Hisham. Good luck with the exam. If you’re looking for some reasonably priced online practice test questions questions, check out this page: http://gcgapremium.com/security/ptqs/. You can get 30 days access to 468 practice test questions for only $14.99.

      Good luck.

      • Dear Mr. Darril my exam is in than one week and I feel my self weak in performance based questions, well the 468 practice questions include performance based questions and well they be different from the ones that are mentioned in this blog?

        Regards

        • Hi Hisham,

          I understand. These new performance based questions are concerning many people and there aren’t many people that have the extra money to take the exam more than once.

          The full bank of 468 practice test questions mentioned above (http://gcgapremium.com/security/ptqs/) now includes ten additional simulated performance based questions. While I can’t think of the specific pages where this content is directly covered in a blog, I wouldn’t be surprised if the content was here somewhere. The objectives haven’t changed. CompTIA only changed the way they are testing them and one of the goals of the new site is to allow you to see the questions from a different perspective so that these questions don’t surprise you.

          At the moment, I have three sets of performance based questions on that site:

          – Performance Based Question – Set 1

          You’ll see a graphic explaining what you might be required to do on the actual exam to match different types of security to mobile devices and servers in a data center. You’ll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

          Note: This is not the same as the content in the article on this page.

          – Performance Based Question – Set 2

          You’ll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You’ll then have five questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

          – Performance Based Question – Set 3

          You’ll see a graphic showing a network with computers and servers separated by a firewall. The firewall is used to control traffic between the computers and users using rules within an access control list (ACL). You’ll have three questions that test your knowledge and ability to correctly identify the relevant components of the rule. The incorrect answers and explanation provide you with insight into how to correctly answer this type of question on the actual exam..

          When anyone purchases the full bank of 468 practice test questions from here (http://gcgapremium.com/security/ptqs/) or as one of the value packages from here (http://gcgapremium.com/security/pass-the-security-exam-the-first-time-you-take-it/), they also have access to additional practice test questions that are simulated performance based questions.

          Hope this helps.

  16. This topic was on my test today (along with five other performance based questions!) Thank you for your great information on this type of question. Just looking over your examples helped me put the answers in the proper order. Reading over your helpful site helped me pass with a 804 today. Thanks!

    • Congratulations on the pass. Great to hear that the resources helped.

      Good luck on your next adventure.

  17. Hi Darril,
    In the CompTIA Security+ Study Guide I am using it states that TPM can be used to protect cell phones and devices other than PCs. The TPM and HSM blog also states that many laptop computers include a TPM. So, should it be included with the mobile devices as well as the servers? Thanks for your insight, I’m taking Sec+ on Friday and want to make sure I know the device controls.

    • My intent in this blog was to differentiate between servers and highly mobile devices such as tablets and smartphones. After reading your query, I realized I didn’t define mobile devices as tablets and smartphones but only used graphics. I edited it some to spell out tablets and smartphones.

      You’re correct that a TPM is commonly used on laptops and a laptop is a mobile device. If a test question included laptops and a TPM, it would be appropriate to match them.

      However, a TPM is very rare on tablets and smartphones due to the processing overhead required. I searched for where the study guide says that a TPM can be used to protect cell phones, but I couldn’t find it. I’m not saying it’s not there, but I couldn’t find it. In contrast, a TPM is a perfect match for a laptop computer.

      Good luck on Friday. Let us know how you did.

  18. Are you planning to make a study guide or reference manual for COMPTIA CASP certification?

    • Hi Alex,
      It’s a possibility, but probably not until CompTIA updates it to the next version. I currently have other books in the pipeline. I will say that with the knowledge I had from the Security+ certification and real world experience, I was able to study topics from the objectives through self-study and pass the exam. That was back when it was in Beta stage. Good luck if you go for it.

Leave a Comment

CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

Subscribe To Our Newsletter

Join our mailing list and get a free excerpt of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide.  This excerpt includes the introduction and Chapter 1. 

You have Successfully Subscribed!

Get Certified Get Ahead is a participant in the Amazon Services LLC Associates Program,
an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.

Copyright © 2015 Get Certified Get Ahead. All Rights Reserved.