Sample Performance-Based Question

Posted by in Security+ | 0 comments

A reader recently queried about a sample performance-based question he saw on CompTIA’s website. He was confused by it and wanted to know how he could answer it.

Normally, it’s easy to answer these types of queries. I encourage the reader to read the explanation and point out that questions without explanations may be brain dumps. One of the dangers with brain dumps is that they often have incorrect answers. This combined with no explanations encourage people to memorize incorrect answers causing them to fail the live exam without knowing why.

Unfortunately, CompTIA chose not to give an explanation with the sample.

Similar Sample Performance-Based Question

Here’s a similar sample Performance-Based Question based on the sample posted by Comptia. It’s not exact, but if you apply the same knowledge learned with this, you can correctly answer the CompTIA sample.

Question. After a recent attack, security administrators configured a DMZ and placed appropriate servers within it.

After completing their work, one of the users on the 2nd floor reported that he could no longer access the getcertifiedgetahead.com site on the Internet. The following graphic shows part of the network:

Instructions. 

Check the IP addresses and connectivity for each of the relevant computers to determine which computer has been impacted by this change.

Check the ACL and change the rule causing the problem.

Performance-Based Question Function

When you click on Bart’s computer, you’ll see the command line. What command would you enter to check its connectivity?  What command would you enter to determine its IP address?

Similarly, when you click on Homer’s computer, you’ll see the command line. What command would you enter to check its connectivity?  What command would you enter to determine its IP address?

Last, when you click on the router, you can see the configuration for each of the interfaces, and the access control list.

Performance-Based Question Answer Which Computer

Click on Homer’s computer and enter:

ping getcertifiedgetahead.com

It fails.

Because you have verified that Homer’s computer is the one having the problem, you may think you don’t need to repeat this step on Bart’s computer. However, if you skip it, you’ won’t get one of the available points from the question.

Remember, the instructions stated:

“Check the IP addresses and connectivity for each of the relevant computers to determine which computer has been impacted by this change.”

The relevant computers are on Floor 2. Click on Bart’s computer and enter

ping getcertifiedgetahead.com

It succeeds.

At this point, you have answered one part of the question. You know which computer (Homer’s) was affected by the change.

What about Lisa and Marge’s computers? They are on floor 1 and the question states the problem is limited to one of the computers on floor 2.

Performance-Based Question Answer Check IP Addresses

Return to Homer’s computer and enter

ipconfig

You see

IPv4 Address …….: 192.168.0.82

Subnet Mask ……..:255.255.255.224

Default Gateway….:192.168.0.65

Because Homer’s computer is the one having the problem, you may think you don’t need to repeat this step on Bart’s computer. However, if you skip it, you’ won’t get one of the available points from the question.

Remember, the instructions stated:

“Check the IP addresses and connectivity for each of the relevant computers to determine which computer has been impacted by this change.”

The relevant computers are on Floor 2. Click on Bart’s computer and enter

ipconfig

You see

IPv4 Address …….: 192.168.0.68

Subnet Mask ……..:255.255.255.224

Default Gateway….:192.168.0.65

It succeeds.

At this point, you have answered two parts of the question. You know which computer was affected by the change (Homer) and you know the IP addresses of both the computers on floor 2.

Performance-Based Question Answer Check Interfaces

Click on the router. You’ll see the configuration for each of the interfaces.

eth1

  • Address: 192.168.0.65
  • Netmask: 255.255.255.224
  • Network: 162.168.0.64/27
  • Broadcast: 192.168.0.95

eth2

  • Address: 192.168.0.33
  • Netmask: 255.255.255.224
  • Network: 162.168.0.32/27
  • Broadcast: 192.1680.63

eth3

  • Address: 192.0.2.2
  • Netmask: 255.255.255.252
  • Network: 192.0.2.0/30
  • Broadcast: 192.0.2.3

Everything looks good here. Note that floor 2 connects to the eth1 interface of the router. It’s IP address is 192.168.0.65. Each computer on floor 2 should use this as its default gateway, and they do.

Performance-Based Question Answer Subnetting

Have you learned subnetting yet? If not, it’s time. There isn’t enough room in this short blog to teach subnetting, but you should be aware of the range of valid IP addresses in a subnet. Especially if you’re planning on taking the Network+ exam.

The eth1 interface is configured for the network 192.168.0.64.27 as shown when you look at the interfaces.

What is the valid range of IP addresses for this network?

The first IP address is 192.168.0.64/27 but you can’t use it because it is the network address. The valid IP address is found by adding 1. It is 192.168.0.65/27.

The last IP address is 192.168.0.95/27 but you can’t use it because it is the broadcast address. The question doesn’t require you to figure this out because it shows the broadcast address. The last valid IP address is found by subtracting one from the broadcast address. It is 192.168.0.94/27.

In other words, the range of valid IP addresses in the network is

192.168.0.65 to 192.168.0.94

Homer’s computer failed the connectivity test, but it has an assigned address (192.168.0.82) within the range of valid IP addresses. The subnet mask also matches. The CIDR notation of /27 is the same as a subnet mask of 255.255.255.224.

Check out the Subnetting and Security+ blog post for more detailed information on identifying the first and last valid IP addresses in a subnet.

Performance-Based Question Answer Check ACL

Click on the Access Control List for the router. You’ll see the following rules:

RuleSourceDestinationProtocolPortAccess
1192.168.0.64/27192.168.0.32/37AnyAnyAccept
2192.168.0.64/27AnyTCP/UDP22, 3389Deny
3Any192.168.0.32/27TCP80, 443Accept
4192.168.0.80/28AnyAnyAnyDeny
5192.168.0.64/27AnyAny123Allow
6AnyAnyAnyAnyDeny

Do you see which rule is at fault?

Rule 1 specifies that all traffic from Floor 2 to the DMZ is accepted.

Rule 2 denies all traffic from Floor 2 using port 22 or 3389. Port 22 is used by Secure Shell (SSH) and port 3389 is used by the Remote Desktop Protocol (RDP).

Rule 3 accepts any traffic from anywhere and destined for the DMZ using ports 80 and 443. Port 80 is used by the HyperText Transfer Protocol (HTTP) and port 443 is used by HTTP Secure (HTTPS).

Rule 4 denies all traffic from 192.168.0.80/28.

Rule 5 allows all traffic from the DMZ using port 123. Port 123 is used by the Network Time Protocol (NTP)

Rule 6 is an implicit deny rule. All traffic that isn’t expressly allowed by a previous rule is denied.

If you can identify the rule causing the problem, just click it.

Performance-Based Question Answer Subnetting Pt 2

Can you identify the range of address for the address of 19.168.0.80/28?

The first address is 192.168.0.80, which is the network ID. The first usable address is 192.168.0.81.

The last address is 192.168.0.95 which is the broadcast ID. The last usable address is 192.168.0.94.

In other words, this defines a range of addresses from 192.168.0.81 to 192.168.0.94.

Because Homer’s computer is in this range (192.168.0.82), rule 4 blocks all traffic from Homer’s computer.

Deleting rule 4 resolves the problem. If you do so, you will get the remaining two points available for this question.

CompTIA Sample Performance-Based Question

Try it yourself. See if you can get all four available points from the sample provided by CompTIA.

You may also like to check out this page that discusses the Performance-Based Questions

 

 

 

 

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide

Subscribe To Our Newsletter

Join our mailing list and get a free excerpt of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide.  This excerpt includes the introduction and Chapter 1. 

You have Successfully Subscribed!

Get Certified Get Ahead is a participant in the Amazon Services LLC Associates Program,
an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.

Copyright © 2015 Get Certified Get Ahead. All Rights Reserved.