If you’re planning to take the SY0-501 Security+ exam, you probably want to know how to interpret Security+ questions. Especially if you want to pass.
As an example, see if you can answer this question.
A coffee shop recently stopped broadcasting the SSID for their wireless network. Instead, paying customers can view it on their receipt and use it to connect to the coffee shop’s wireless network. Today, Lisa turned on her laptop computer and saw the SSID. Which of the following is the MOST likely reason why?
A. Rogue AP
B. Evil attacker
C. Jamming
D. Bluejacking
Do you know the answer?
RTFQ and RTFA
A simple, but important, test taking strategy is to read the full question and read the full answer.
Unfortunately, I frequently get the impression that all test takers aren’t using this strategy.
Even when doing practice tests, some people have queried me saying that there are errors in practice test questions because an answer is correct with one question, but incorrect with another answer.
Ultimately, I simplified my response in a FAQ.
Here’s a partial cut and paste from the FAQ:
If you memorize questions and answers (on purpose or inadvertently) it’s possible to see part of a question and assume it’s the same thing. However, a subtle change in the question results in a completely different answer.
As an example, compare the following two questions.
Q. Which of the following numbers is the greatest number?
A. 1
B. 2
C. 3
D. 4
E. 5
Q. Which of the following numbers is the greatest even number?
A. 1
B. 2
C. 3
D. 4
E. 5
Clearly the answer to the first question is 5. Of the given numbers, 5 is the greatest.
The answer to the second question is 4. If you overlook the word “even” in “greatest even number” you might answer this question with 5.
How to Interpret the First Question
Did you answer the first question correctly. Check out the full explanation here.
A coffee shop recently stopped broadcasting the SSID for their wireless network. Instead, paying customers can view it on their receipt and use it to connect to the coffee shop’s wireless network. Today, Lisa turned on her laptop computer and saw the SSID. Which of the following is the MOST likely reason why?
A. Rogue AP
B. Evil attacker
C. Jamming
D. Bluejacking
A is correct. This describes a rogue access point (AP). More specifically, it is an evil twin, which is a rogue AP with the same SSID as a legitimate access point.
While the person setting up the rogue AP may be evil, a CompTIA question won’t ask you to evaluate the character of an attacker.
Jamming typically prevents anyone from connecting to a wireless network.
Bluejacking is related to Bluetooth, not wireless networks.
Rogue (AP)
A rogue access point (rogue AP) is an AP placed within a network without official authorization. It might be an employee who is bypassing security or installed by an attacker.
If an employee installs a rogue AP, the chances are higher that this AP will not be managed properly, increasing vulnerabilities to the network.
If an attacker runs a rogue AP in a public place, users may connect to the AP thinking that it is legitimate. All of their Internet traffic will go through the rogue AP, allowing the attacker to capture and analyze all of their traffic.
A Second Practice Test Question
A coffee shop recently stopped broadcasting the SSID for their wireless network. Instead, paying customers can view it on their receipt and use it to connect to the coffee shop’s wireless network. Today, Lisa turned on
her laptop computer and saw the SSID. Which of the following is the MOST likely reason why?
A. Rogue AP
B. Evil twin
C. Jamming
D. Bluejacking
Do you know the answer?
The Dangers of Memorization
Candidates sometimes memorize key words in questions and answers. This helps them increase their scores when taking practice quizzes. However, it is not a recipe for success on the live exam.
I frequently mention the importance of knowing why the correct answers are correct and why the incorrect answers are incorrect. When taking practice test questions, this method forces you to slow down and look at each answer. It also helps you reaffirm concepts that may not be so clear to you.
Successful Security+ test takers frequently let me know how this method helped them on the live exam. Specifically, it helped them eliminate obvious incorrect answers. This process of elimination helped them find the correct answer, while it wasn’t so obvious at first.
The Answer to the Second Practice Test Question
A coffee shop recently stopped broadcasting the SSID for their wireless network. Instead, paying customers can view it on their receipt and use it to connect to the coffee shop’s wireless network. Today, Lisa turned on
her laptop computer and saw the SSID. Which of the following is the MOST likely reason why?
A. Rogue AP
B. Evil twin
C. Jamming
D. Bluejacking
An evil twin is a rogue access point (AP) with the same SSID as a legitimate access point. Because the SSID is the same, it is an evil twin.
While it is also a rogue AP, evil twin is a more accurate answer. Note if someone memorized the answer to the first question (either purposely or inadvertently), it would be quite easy to jump on Rogue AP as the correct answer here. However, the explanation of the previous question clearly indicated that
Jamming typically prevents anyone from connecting to a wireless network.
Bluejacking is related to Bluetooth, not wireless networks.
You might like to check out these other blog posts I’ve written on Security+ test taking strategies.
English Comprehension and Security+