How to Interpret Security+ Questions

Posted by in Security+ | 6 comments

Do you know how to interpret Security+ questions? It’s often easier than you think, as long as you understand the underlying content.

People that memorize practice test questions and answers often fail the exam and don’t understand why. Instead, they blame CompTIA for creating “trick” questions.

In truth, the only people that are tricked by slightly modified questions are people that memorize them.

However, people that learn how to interpret Security+ questions typically pass the exam the first time they take it.

You might also like to view this video:

How to Practice Interpreting Security+ Questions

First, try to identify the correct answer without looking at the answers.

If you don’t see your answer as one of the possible answers, see if you can throw out two of them.

Last, identify the best answer between them.

When doing practice Security+ questions, your score isn’t the best measure of your readiness.  Instead, your understanding is.

Ideally, you should:

  • Understand why the correct answer is correct
  • Understand why the incorrect answers are incorrect

This way, no matter how CompTIA words the questions, you can answer them correctly.


Pass the First Time
CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide


Try This

With this in mind, consider this Security+ question derived from the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide.

Note that this question assumes you have an understanding of core cryptography concepts. If you don’t, review the notes on this page.

Q1. Homer needs to send an email to his HR department with an attachment that includes PII. He wants to maintain the confidentiality of this attachment. Which of the following choices is the BEST choice to meet his needs?

Notice that the first question sets up the scenario:

Homer needs to send an email to his HR department with an attachment that includes PII.

Homer is sending personally identifiable information (PII) as an email attachment.

The second sentence gives the requirement.

He wants to maintain the confidentiality of this attachment.

This is a key sentence. One of the primary ways that you maintain confidentiality is with encryption so I would be looking for encryption in the answer.

The third sentence just asks the question.

Which of the following choices is the BEST choice to meet his needs?

Here are the answers:

A. Hashing

B. Digital signature

C. Encryption

D. Certificate

Because encryption is the best choice to provide confidentiality of any type of information, including PII, I’d jump on answer C.

Even if I didn’t know encryption was the best answer, I could easily throw out two other answers – hashing and digital signatures.

Hashing provides integrity, not confidentiality.

Digital signatures provide authentication (verified identification) of the sender, non-repudiation, and integrity of the message. They do not provide confidentiality.

Now, which answer is the best answer – encryption or certificates?

Encryption speaks directly to the core requirement of confidentiality in the question.

Certificates are used for a variety of purposes, including encryption, authentication, and digital signatures. Because a certificate can have limited use (such as for authentication), it isn’t the best answer.

Security+ Practice Test Questions

SY0-501 Practice Test Questions 

Over 300 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 75 random questions. View 75 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 75 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of SY0-501 Practice Test Questions Here

 SY0-501 Practice Test Questions


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Three sets of performance-based questions including over 30 questions. These questions show you what you can expect in the live exam. They include drag and drop, matching, sorting, and fill in the blank questions. See a demo here.

Bonus - Extra Practice Test Questions

New multiple-choice questions in the extra test bank. Questions are added occasionally. You can see what has been added recently here.

Get the full bank of Security+ (SYO-501) Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Click here if you're looking for SY0-501 Full Study Package

Can You Interpret this Security+ Question?

Q2. Homer needs to send an email to his HR department with an attachment that includes PII. He wants to provide assurances to the recipient that the email came from him. Which of the following choices is the BEST choice to meet his needs?

Notice that the first and last sentences, are exactly the same as the previous question.

If you memorized the question, you might not read past the first sentence and look for encryption as the answer. Unfortunately, you’d get the question wrong and might not understand why.

Notice how the second sentence completely changes the question.

He wants to provide assurances to the recipient that the email came from him.

A key phrase in this sentence is “provide assurances to the recipient that the email came from him.” This is the same as providing authentication or a verified identification.

Because a digital signature provides authentication (verified identification) of the sender, it is the clear answer so I’d be looking for digital signatures as an answer.

Here are the answers. Note that they are exactly the same as the previous question.

A. Hashing

B. Digital signature

C. Encryption

D. Certificate

Can you see two that you can throw out right away?

Hashing provides integrity, not authentication.

Encryption provides confidentiality, not authentication.

Now, which answer is the best answer – a digital signature or a certificate?

While a digital signature uses a certificate, the certificate itself doesn’t necessarily meet the needs in the scenario. Because a certificate can have limited use (such as for encryption), it isn’t the best answer to provide authentication for an email.

Security+ Full Access Package

Get Certified Get Ahead Security+

Pass the First Time!

Up-to-date Content

New multiple-choice and performance-based questions added regularly

Pass the first time with quality practice test questions, performance-based questions, flashcards, and audio.

Buy The Full Access Study Package Today

60 Days Access

Need more time? You can easily renew for another 60 days at a significantly reduced price.

All materials are available online shortly after making your payment.

Get the Security+ Full Access Study Package Here

Our online Security+ study materials are the perfect complement to the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. They can also be used to help ensure you're ready no matter what study guide you're using.

This exam is expensive.

Make sure you're ready before exam day. 

Here's what you'll get:
  • All of the multiple-choice questions from the best-selling CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. See a demo here. All questions have full explanations so you'll know why the correct answers are correct and why the incorrect answers are incorrect.
  • Over 40 new multiple-choice questions we've added after publishing the study guide.
  • Over 30 performance-based questions. See a demo here.
  • All of the flashcards from the study guide. View them in any Web browser.
  • All of the audio from the study guide. Listen to a sample here.
  • Access to a free discount code for 10% off your Security+ voucher.

Buy The Full Access Study Package Today

60 Days Access

All materials are available online shortly after making your payment.

Get the Security+ Full Access Study Package Here

How to Interpret Security+ Questions Summary

CompTIA changes their questions regularly to prevent people from simply memorizing practice test questions to pass the exam. However, by taking the time to understand the underlying content, you can interpret Security+ questions and correctly take them.

Remember, when taking practice test questions, your goal isn’t simply to get a good score. Instead, your goal is to ensure you understand the content.

With this in mind, it’s important to use quality practice test questions with explanations. This way you can:

  • Understand why the correct answer is correct
  • Understand why the incorrect answers are incorrect

And, no matter how CompTIA words the questions, you can answer them correctly.

6 Comments

  1. I have recently taken the CompTIA Security + exam and scored a 720. However, is there any form of the Microsoft-written questions/answers that I can read and answer to gain more understanding to give the correct answers? They are longer questions and the answers are too. I believe that because there is so much information in their questions I am getting lost in developing the correct answer. I am planning on retaking the exam in a few weeks. Thank you for your time and products.

    v/r
    Thomas

    • Hi Thomas,

      Sorry to hear you didn’t pass. The good news is that you’re close (probably missing it only by a couple of questions).

      I hear from people almost every day (including today) telling me that they passed the exam using the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide and/or packages on the gcgapremium site such as the Security+ Study Package.

      Here’s the key.

      Ideally, you should be able to look at any practice test question and not just know the correct answer. You should also know why the correct answer is correct, and also why the incorrect answers are incorrect. This way, you have the best chance of accurately interpreting the actual questions on the CompTIA exam and answering them correctly.

      When people tell me that they’ve failed after using the materials on the site, I typically see one (or more) of the following issues:

      – They didn’t use all the materials.
      – They didn’t get recommended scores of 90% on all the materials.
      – They memorized the questions and answers.

      As an example, if someone only took the Extras quiz once and only scored a 60% on it, they wouldn’t be prepared to answer similar questions on the live exam. Similarly, if someone took Set 10 of the performance-based questions but never scored higher than 60%, they wouldn’t be prepared to answer similar questions on the live exam.

      In contrast, if someone used all the materials, received passing scores on all the quizzes, received scores over 90% on the important quizzes, and understood why the correct answers are correct, and why the incorrect answers are incorrect, that person would be prepared for the exam.

      You might like to check out this FAQ: Am I Ready?

  2. Please explain this: In your book (page 407), it explains the steps of having Lisa sending encrypted email to Bart. Summarily, the recipient’s public key encrypts when encrypting an email message and the recipient uses the recipient’s private key to decrypt an encrypted email message.

    In the practice exam, the question asks “Joe, a user, wants to send an encrypted email to Ann. Which of the following will Ann need to use to verify that the email came from Joe and decrypt it? (Select TWO).”

    A. The CA’s public key
    B. Ann’s public key
    C. Joe’s private key
    D. Ann’s private key
    E. The CA’s private key
    F. Joe’s public key

    Answer: D,F I do not understand why the answer is D, F.

    Should it be B and D?

    • Hi Matthew,

      I saw your question and my first reaction was that that the explanation has the answer.

      However, I can’t figure out what book you’re using or where that question came from. If your source doesn’t have explanations, it might be causing you to memorize inaccurate information.

      I know that the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide has similar questions and explanations. I also know that the explanation on page 407 that you reference is accurate.

    • Hi Matthew,

      Joe is using Ann´s public key to encrypt the message and his own private key to sign it.

      So Ann does need her own private key (D) to decrypt it and Joe´s public key (F) to verify his signature.

      The difficulty of this question is to recognize that Joe is sending the email but the question is what Ann has to do with it.

      Kind regards,
      Sol

      • Perfect Sol. That’s the primary intention of this post – how to interpret questions.

        Some people still focus on memorizing questions and answers from sources without explanations. (Without a response from Matthew, I suspect that was the case with his question.) This memorization technique doesn’t translate well to a pass on the exam.

        However, seeking to interpret the questions and understand the underlying content provides a successful path to success.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide

Subscribe To Our Newsletter

Join our mailing list and get a free excerpt of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide.  This excerpt includes the introduction and Chapter 1. 

You have Successfully Subscribed!

Get Certified Get Ahead is a participant in the Amazon Services LLC Associates Program,
an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.

Copyright © 2020 Get Certified Get Ahead. All Rights Reserved.