Critical Thinking

Posted on by Darril Gibson

You’ll often find that a CompTIA Security+ question will either lack details or contain a large amount of superfluous information. CompTIA is checking to see if test-takers can apply basic critical thinking skills. As an example, consider this question which could be for an SY0-501 or SY0-601 Security+ exam.

An organization recently updated its security policy outlining how to handle sensitive data. It includes the following requirements:

  • Digital copies of PII must be encrypted
  • Printed copies of Pll must be stored in a locked container
  • Digital copies of PHI must be encrypted and inventoried quarterly
  • Printed copies of PHI must be placed in a locked container and inventoried quarterly
  • Locked containers must be approved and designated for document storage, and employees must report any violations to the chief information officer (CIO).

While searching for coffee in the kitchen, Homer unlocks a cabinet and discovers a list of customer names and phone numbers. Which of the following identifies the BEST action Homer should take to comply with the updated security policy?

A.  Take custody of the document, secure it at his desk, and report his discovery to the CIO.

B.  Take custody of the document and report his discovery to the CIO.

C. Return the document to the cabinet,  lock it, and report his discovery to the CIO.

D. Inventory the contents of the cabinet, return all documents to the cabinet, lock it, and report his discovery to the CIO.

Do you know the answer? More, do you know why the correct answer is correct and the incorrect answers are incorrect? The question is surprisingly easy if you know what PII and PHI is, and you can apply basic critical thinking skills.

What is Critical Thinking?

In short, critical thinking is the process of analyzing the facts you have to make a judgment or decision. Admittedly, critical thinking is a complex topic. While the single sentence description explains what you need for the CompTIA Security+ exam, there are several definitions. Here are a few:

  • “Disciplined thinking that is clear, rational, open-minded, and informed by evidence.” (dictionary.com)
  • “Critical thinking is the ability to think in an organized and rational manner in order to understand connections between ideas and/or facts.” (zety.com)
  • “Critical thinking is the intellectually disciplined process of actively and skillfully conceptualizing, applying, analyzing, synthesizing, and/or evaluating information gathered from, or generated by, observation, experience, reflection, reasoning, or communication, as a guide to belief and action.”  (criticalthinking.org)

PII vs PHI

The only facts you need to bring to this question is the difference between PII and PHI.

  • PII (Personally Identifiable Information) is personal information that can identify an individual, such as a name.
  • PHI (Personal Health Information) is PII that includes health information.

Whenever you see an acronym in a question, I encourage you to say it in your mind as you read it. As an example, when you see “Digital copies of PII must be encrypted,” read it as “Digital copies of Personally Identifiable Information” must be encrypted. If you what the acronym represents, it often makes the question trivial.

The question states that “Homer unlocks a cabinet and discovers a list of customer names and phone numbers.”

Is the PII or PHI?

There isn’t any health information, so it is not PHI, but it does include customer names, so it is at least PII.

How to Apply Critical Thinking to this Question

Critical thinking is the process of analyzing the facts you have to make a judgment or decision. If you can define PII and PHI, you only need to apply this knowledge to the scenario. The relevant information that the question provides you with is:

  • Printed copies of Pll must be stored in a locked container.
  • Locked containers must be approved and designated for document storage, and employees must report any violations to the chief information officer (CIO).

And “Homer unlocks a cabinet and discovers a list of customer names and phone numbers.”

Using critical thinking skills, you can logically surmise:

  • The list of customer names and phone numbers is printed PII. (It’s not a digital copy such as a file on a USB device. Otherwise, the scenario would have indicated Homer found a USB device or found the files after opening them from the USB device.)
  • The printed PII is stored in a locked container. (Homer only discovered it after unlocking a cabinet.)

Still the scenario omits an important fact. Is the locked container approved and designated for document storage? It could be. But if so, it requires the test-taker to take a leap of assumption.

Security+ (SY0-601) Practice Test Questions

SY0-601 Practice Test Questions 

Over 385 realistic Security+ practice test questions

At least 10 performance-based questions

All questions include explanations so you’ll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Upgrade Your Resume with the Security+ New Version

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode – randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you’ll see the explanation. Click here to see how learn mode works.
  • Test mode – randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode – 75 random questions. View 75 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 75 multiple choice questions.

Pass the First Time You Take It

Get the full bank of SY0-601 Practice Test Questions Here

Click here if you’re looking for SY0-501 Online Study Package

Eliminating Incorrect Answers

I frequently encourage people to know why the correct answer is correct and why the incorrect answers are incorrect. This gives you the best chance of accurately interpreting the CompTIA exam questions and answering them correctly.  Many people report this helps them eliminate incorrect answers on the live exam.

Let’s apply this concept to the given answers.

A.  Take custody of the document, secure it at his desk, and report his discovery to the CIO.
No, this can’t be a correct answer. It’s already in a locked cabinet, and securing it at his desk (which isn’t a cabinet and isn’t approved and designated for document storage) violates the policy.

B.  Take custody of the document and report his discovery to the CIO.
Maybe. It’s already in a locked cabinet, and the cabinet may be approved and designated for document storage. However, this answer requires that you assume the cabinet is NOT approved and designated for document storage.

C. Return the document to the cabinet, lock it, and report his discovery to the CIO.
Yes. Putting it back the way he found it complies with the part of the policy that states printed copies of Pll must be stored in a locked container. He should report his discovery to the CIO because it is unclear if this cabinet is approved and designated for document storage.

D. Inventory the contents of the cabinet, return all documents to the cabinet, lock it, and report his discovery to the CIO.
No. According to the policy, the only data that should be inventoried is PHI so there is no need to inventory the cabinet.

This eliminates answers A and D. B might be correct if you take a leap and assume the cabinet isn’t approved and designated for document storage. However, answer C is clearly correct.

Using Braindumps

A reader recently sent me an email saying he failed the exam after using my online materials. It’s rare, but it does happen. Looking at his quiz history, I saw that he didn’t use all the materials. Additionally, of the quizzes he took, he took over and over on the same day until he got an acceptable score. This encourages a healthy brain to memorize questions and answers without mastering the content. Memorization is not a recipe for success.

I mentioned the importance of knowing why the correct answer is correct and why the incorrect answers are incorrect and offered to help him with a different studying strategy. However, knowing that unsolicited feedback is rarely appreciated, I didn’t provide it.

He never asked.

He replied with “I really don’t care why the answer is this or why not? That doesn’t really help me….” He cut and paste a question he said came from a braindump saying he couldn’t answer the question using my study materials.

The question in this blog is derived from the question he provided. I modified it but kept the core testable concepts: PII and PHI.

Simplified, the question could be:

Which of the following is a list of customer names and phone numbers?

A. PII

B. PHI

C. PKI

D. PEM

However, the simplified question doesn’t require the test-taker to apply any critical thinking skills.

Summary

The CompTIA exam tests your knowledge of facts. Some questions also test your understanding of acronyms and your ability to read a question and apply critical thinking skills. You can correctly answer these questions if you know what the acronyms are, and you take some time to critically analyze them. Beware though. Braindumps with incorrect answers and no explanations encourage people to memorize incorrect answers. Too many people fail the exam after using braindumps, but still insist they don’t need to know why correct answers are correct, or incorrect answers are incorrect.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide

Subscribe To Our Newsletter

Join our mailing list and get a free excerpt of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide.  This excerpt includes the introduction and Chapter 1. 

You have Successfully Subscribed!