Do you know how to interpret Security+ questions? It’s often easier than you think, as long as you understand the underlying content.
People that memorize practice test questions and answers often fail the exam and don’t understand why. Instead, they blame CompTIA for creating “trick” questions.
In truth, the only people that are tricked by slightly modified questions are people that memorize them.
However, people that learn how to interpret Security+ questions typically pass the exam the first time they take it.
You might also like to view this video:
How to Practice Interpreting Security+ Questions
First, try to identify the correct answer without looking at the answers.
If you don’t see your answer as one of the possible answers, see if you can throw out two of them.
Last, identify the best answer between them.
When doing practice Security+ questions, your score isn’t the best measure of your readiness. Instead, your understanding is.
Ideally, you should:
- Understand why the correct answer is correct
- Understand why the incorrect answers are incorrect
This way, no matter how CompTIA words the questions, you can answer them correctly.
Pass the First Time
CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide
Try This
With this in mind, consider this Security+ question derived from the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide.
Note that this question assumes you have an understanding of core cryptography concepts. If you don’t, review the notes on this page.
Q1. Homer needs to send an email to his HR department with an attachment that includes PII. He wants to maintain the confidentiality of this attachment. Which of the following choices is the BEST choice to meet his needs?
Notice that the first question sets up the scenario:
Homer needs to send an email to his HR department with an attachment that includes PII.
Homer is sending personally identifiable information (PII) as an email attachment.
The second sentence gives the requirement.
He wants to maintain the confidentiality of this attachment.
This is a key sentence. One of the primary ways that you maintain confidentiality is with encryption so I would be looking for encryption in the answer.
The third sentence just asks the question.
Which of the following choices is the BEST choice to meet his needs?
Here are the answers:
A. Hashing
B. Digital signature
C. Encryption
D. Certificate
Because encryption is the best choice to provide confidentiality of any type of information, including PII, I’d jump on answer C.
Even if I didn’t know encryption was the best answer, I could easily throw out two other answers – hashing and digital signatures.
Hashing provides integrity, not confidentiality.
Digital signatures provide authentication (verified identification) of the sender, non-repudiation, and integrity of the message. They do not provide confidentiality.
Now, which answer is the best answer – encryption or certificates?
Encryption speaks directly to the core requirement of confidentiality in the question.
Certificates are used for a variety of purposes, including encryption, authentication, and digital signatures. Because a certificate can have limited use (such as for authentication), it isn’t the best answer.
Can You Interpret this Security+ Question?
Q2. Homer needs to send an email to his HR department with an attachment that includes PII. He wants to provide assurances to the recipient that the email came from him. Which of the following choices is the BEST choice to meet his needs?
Notice that the first and last sentences, are exactly the same as the previous question.
If you memorized the question, you might not read past the first sentence and look for encryption as the answer. Unfortunately, you’d get the question wrong and might not understand why.
Notice how the second sentence completely changes the question.
He wants to provide assurances to the recipient that the email came from him.
A key phrase in this sentence is “provide assurances to the recipient that the email came from him.” This is the same as providing authentication or a verified identification.
Because a digital signature provides authentication (verified identification) of the sender, it is the clear answer so I’d be looking for digital signatures as an answer.
Here are the answers. Note that they are exactly the same as the previous question.
A. Hashing
B. Digital signature
C. Encryption
D. Certificate
Can you see two that you can throw out right away?
Hashing provides integrity, not authentication.
Encryption provides confidentiality, not authentication.
Now, which answer is the best answer – a digital signature or a certificate?
While a digital signature uses a certificate, the certificate itself doesn’t necessarily meet the needs in the scenario. Because a certificate can have limited use (such as for encryption), it isn’t the best answer to provide authentication for an email.
 | Pass the First Time! |
Up-to-date Content
New multiple-choice and performance-based questions added regularly
Pass the first time with quality practice test questions, performance-based questions, flashcards, and audio.Buy The Full Access Study Package Today
60 Days Access
Need more time? You can easily renew for another 60 days at a significantly reduced price.
All materials are available online shortly after making your payment.
Get the Security+ Full Access Study Package Here
Our online Security+ study materials are the perfect complement to the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. They can also be used to help ensure you’re ready no matter what study guide you’re using.
This exam is expensive.
Make sure you’re ready before exam day.
Here’s what you’ll get:- All of the multiple-choice questions from the best-selling CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. See a demo here. All questions have full explanations so you’ll know why the correct answers are correct and why the incorrect answers are incorrect.
- Over 40 new multiple-choice questions we’ve added after publishing the study guide.
- Over 30 performance-based questions. See a demo here.
- All of the flashcards from the study guide. View them in any Web browser.
- All of the audio from the study guide. Listen to a sample here.
- Access to a free discount code for 10% off your Security+ voucher.
Buy The Full Access Study Package Today
60 Days Access
All materials are available online shortly after making your payment.
How to Interpret Security+ Questions Summary
CompTIA changes their questions regularly to prevent people from simply memorizing practice test questions to pass the exam. However, by taking the time to understand the underlying content, you can interpret Security+ questions and correctly take them.
Remember, when taking practice test questions, your goal isn’t simply to get a good score. Instead, your goal is to ensure you understand the content.
With this in mind, it’s important to use quality practice test questions with explanations. This way you can:
- Understand why the correct answer is correct
- Understand why the incorrect answers are incorrect
And, no matter how CompTIA words the questions, you can answer them correctly.
I have recently taken the CompTIA Security + exam and scored a 720. However, is there any form of the Microsoft-written questions/answers that I can read and answer to gain more understanding to give the correct answers? They are longer questions and the answers are too. I believe that because there is so much information in their questions I am getting lost in developing the correct answer. I am planning on retaking the exam in a few weeks. Thank you for your time and products.
v/r
Thomas
Hi Thomas,
Sorry to hear you didn’t pass. The good news is that you’re close (probably missing it only by a couple of questions).
I hear from people almost every day (including today) telling me that they passed the exam using the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide and/or packages on the gcgapremium site such as the Security+ Study Package.
Here’s the key.
Ideally, you should be able to look at any practice test question and not just know the correct answer. You should also know why the correct answer is correct, and also why the incorrect answers are incorrect. This way, you have the best chance of accurately interpreting the actual questions on the CompTIA exam and answering them correctly.
When people tell me that they’ve failed after using the materials on the site, I typically see one (or more) of the following issues:
– They didn’t use all the materials.
– They didn’t get recommended scores of 90% on all the materials.
– They memorized the questions and answers.
As an example, if someone only took the Extras quiz once and only scored a 60% on it, they wouldn’t be prepared to answer similar questions on the live exam. Similarly, if someone took Set 10 of the performance-based questions but never scored higher than 60%, they wouldn’t be prepared to answer similar questions on the live exam.
In contrast, if someone used all the materials, received passing scores on all the quizzes, received scores over 90% on the important quizzes, and understood why the correct answers are correct, and why the incorrect answers are incorrect, that person would be prepared for the exam.
You might like to check out this FAQ: Am I Ready?
Please explain this: In your book (page 407), it explains the steps of having Lisa sending encrypted email to Bart. Summarily, the recipient’s public key encrypts when encrypting an email message and the recipient uses the recipient’s private key to decrypt an encrypted email message.
In the practice exam, the question asks “Joe, a user, wants to send an encrypted email to Ann. Which of the following will Ann need to use to verify that the email came from Joe and decrypt it? (Select TWO).”
A. The CA’s public key
B. Ann’s public key
C. Joe’s private key
D. Ann’s private key
E. The CA’s private key
F. Joe’s public key
Answer: D,F I do not understand why the answer is D, F.
Should it be B and D?
Hi Matthew,
I saw your question and my first reaction was that that the explanation has the answer.
However, I can’t figure out what book you’re using or where that question came from. If your source doesn’t have explanations, it might be causing you to memorize inaccurate information.
I know that the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide has similar questions and explanations. I also know that the explanation on page 407 that you reference is accurate.
Hi Matthew,
Joe is using Ann´s public key to encrypt the message and his own private key to sign it.
So Ann does need her own private key (D) to decrypt it and Joe´s public key (F) to verify his signature.
The difficulty of this question is to recognize that Joe is sending the email but the question is what Ann has to do with it.
Kind regards,
Sol
Perfect Sol. That’s the primary intention of this post – how to interpret questions.
Some people still focus on memorizing questions and answers from sources without explanations. (Without a response from Matthew, I suspect that was the case with his question.) This memorization technique doesn’t translate well to a pass on the exam.
However, seeking to interpret the questions and understand the underlying content provides a successful path to success.