Security+ Performance Based Questions
Are You Ready for Security+ Performance Based Questions?
If you’re planning to take the Security+ exam you can expect to see some Security+ performance based questions. They have also been added to the A+ and Network+ exams. You can read more about performance based questions here, but in short a performance based question requires you to perform a task rather than simply requiring you to answer a multiple choice question.
For example, do you know how to configure a WAP?
While CompTIA originally stated these would be task-based questions, they are often appearing as simpler drag and drop questions, or questions where you can select items from a drop down menu. The Security+ Blog Links page has a section with several links to blogs on Security+ performance based questions. Some of these blogs include comments by readers and test takers.
When Did They Start Appearing in Security+?
These Security+ performance based questions started to appear in the Security+ exam in the first quarter of 2013 and they have been appearing regularly. I’ve been updating the Security+ Blog Links page and the Security+ performance based questions periodically with new information on them. Many readers and test takers have left comments on this page at the end of the blog. I’m also grateful to the readers that have sent me notes about their experiences through my contact page.
Pass the Security+ exam the first time you take it
CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide
How Many Questions Are on The Security+ Exam?
When the Security+ exam had only multiple choice questions, you had 100 questions.
After performance based questions were added, test takers typically have 70 to 90 multiple choice questions, and anywhere between two and ten performance based questions. The Security+ Blog Links page includes a section listing many blogs with free practice test questions. Here are a couple of pages that give sample multiple choice questions:
- Security+ Practice Test Questions on Objective 2.1
- Security+ Practice Test Questions on Objective 3.2
Here are a few pages that give information on performance based questions.
- Security+ WAP Performance Based Questions
- Security+ Forensic Performance Based Question
- Identify Social Engineering Attacks
What Performance Based Questions Should I Expect?
The question types vary, but this section identifies many of the types of questions that people have reporting seeing.
You might be asked to match topics with each other. For example, you might have a list of port numbers and a list of protocols and then be tasked with matching the ports to the protocols. If you know the ports, this should be rather simple.
As another example, you might need to identify the type of security controls used to protect specific devices. Objective 2.1 mentions Technical, Management, and Operational controls. Controls can also be identified as preventative, detective, and corrective controls.
Matching questions might appear using a drag and drop format. For example, you might see security configurations on one side and devices on the other side and you’ll need to drag the relevant security method to the correct device. Consider these two lists:
- Mobile phone
- Screen lock
- Strong password
You can lock a mobile phone with a screen lock so you would drag the screen lock method to the mobile phone.
You can use a simple password on a mobile phone but not a strong password. However, you can use a strong password on a server. In this case, you’d drag the strong password method to the server.
There’s a subtlety here though which makes it important to understand the concepts and match them to the question. If the question refers to mobile devices as smartphones, you can only use a simple password such as a personal identification number (PIN). If the question refers to mobile devices as laptops, than you can use strong passwords because laptops can have strong passwords just like a server. This is a perfect example of how a simple twist in the question can change the answer. However if you understand the concepts covered in the objectives, these questions won’t throw you.
This page gives a simple example of a matching type question: Security+ Match Device Controls.
Click on a Diagram
You might be asked to click on a diagram to select something. As a simple example, you might see a network diagram with multiple devices and be asked which device provides the best security during an attack.
Some devices have logs and you might need to open up logs and review the information to determine what happened. As you review these logs, you’ll see some errors listed in at least one of them that identifies the problem.
As another example, you might be tasked with giving a user appropriate permissions to perform job tasks. The diagram then shows a list of groups with specific permissions assigned. You then need to pick which group (or groups) to put the user into. The key here would be to remember the principle of least privilege and ensure that the user is granted enough rights and permissions to perform the job and no more.
Put a List in the Correct Order
You might be asked to arrange topics into a specific order. For example, a forensic analyst is required to know the order of volatility for data. You might see a list like this (though not in order) and be tasked with putting it in the correct order.
- Data in RAM, including cache, and recently used data and applications
- Data in RAM, including system and network processes
- Data stored on local disk drives
- Logs stored on remote systems
- Archive media
This page gives a simple example of a matching type question: Security+ Forensic Performance Based Question.
Create an ACL
You might be asked to provide details for an access control list on a router or firewall. Basic firewall filters can filter traffic based on IP addresses, ports, and some protocols. If you want to limit traffic, you can start with a deny all strategy where all traffic is blocked and then create exceptions to identify what is allowed.
For example, if you wanted to allow a certain IP address through, you could add an exception in the ACL to allow traffic from or to this IP address. Similarly, if you wanted to allow certain protocol traffic through, you could add an exception to allow traffic based on the protocol’s port number.
When preparing for a question like this make sure you know the ports for Security+.
Configure a WAP
Networks commonly use wireless access points (WAPs) and configuring security with them is an important skill to know. CompTIA stresses this on both the Network+ and Security+ exams. You should be able to configure basics such as:
- Change the SSID
- Enable/disable SSID broadcast
- Enable MAC address filtering
- Configure security such as WPA and WPA2
Larger enterprises, add additional security to WAPs with WPA2 Enterprise. WPA2 Enterprise requires an 802.1x server typically configured as a RADIUS server.
This page gives information needed for this type of question: Security+ WAP Performance Based Questions.
You might be asked to perform a task from the command prompt. You’ll have access to a simulated command prompt and be required to perform a specific task.
In the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide, I gave an example with a couple of graphics that could easily be used in this exam.
The question could go like this: “Determine if the file shown in the graphic is valid.” The file in the graphic includes a valid MD5 hash.
You are then put into a command prompt with nothing more than a blinking cursor. What do you do?
The first step is to see what is in the current directory. You could do so with the dir command. More than likely, you’ll see the file that was displayed in the graphic, along with programs that can be used to create a hash such as md5sum and sha1sum.
Next, you’d calculate the hash on the file using the correct program. This requires you to know that the hash shown in the graphic is an MD5 hash. You’d then run the md5sum program against the file to calculate the hash. If the hash shown in the graphic was a SHA1 hash, you’d need to run sha1sum instead.
That’s it. In retrospect, you only need to enter two commands: dir and md5sum filename. However, you need to have some underlying knowledge to do so successfully.
What is the Biggest Challenge?
Many of the questions are straight forward and it’s easy to identify what is desired. However, the biggest challenge many people report with these types of questions is figuring out what some of the questions are actually asking. For example, the sample in the Command Prompt section earlier only states “Determine if the file shown in the graphic is valid” and shows a graphic. It doesn’t tell you to run the dir and the md5sum commands. However, this is the only way you can determine if the file is valid.
With that in mind, you often need to give these types of questions a little more thought and pay attention to the clues given in the question.
Should I Answer These Questions First?
The performance based questions are typically first in the exam and many times they surprise people. The biggest thing to consider is the amount of time you spend on these questions. Some people haven’t had time to answer the easier multiple choice questions after spending a significant amount of time on the harder performance based questions. In general, I give test takers the following advice with performance based questions:
- Look at each one.
- If you understand what is required to answer the question and you can answer it, then answer it and move on.
- If you don’t understand the question or don’t know the answer, mark it and move on. You can mark it by clicking a checkbox labeled Mark.
- After you complete the multiple choice questions, go back to the marked questions.
You aren’t penalized at all for marking a question or skipping it the first time through. If the question is answered correctly when you finish the test, you get credit for answering it correctly regardless of how many times you looked at it.
How Much Are These Questions Worth?
More than likely these questions are worth more than a typical multiple choice question. While CompTIA doesn’t release the actual value of any single question, it’s very likely that each question is worth a little more than 4 percent of the total.
If the original exam has 100 multiple choice questions and the new exam has 87 multiple choice questions with three performance based questions, these three performance based questions could be worth about 13 percent of the total. If you divide 13 percent by three, it’s a little over 4.
Do I Get Partial Credit?
A common question people ask when taking these types of questions is if they get partial credit if they correctly perform part of the problem but not all of it. CompTIA isn’t saying, but I wouldn’t be surprised if they don’t award partial credit for these performance based questions. In other words, the question is testing your ability to complete a task and either you can, or you can’t.
Some questions are asking you to match topics. If you match some of them correctly, it makes sense that you would get partial credit for what you matched correctly. Again though, this decision lies with CompTIA and I have not heard them say.
Will Books Be Updated to Include Performance Based Questions?
It’s unlikely that any books will be updated specifically for the Performance Based Questions. It takes an extensive amount of time and effort to rewrite, edit, layout, proof, and reprint books.
Certification books are typically only updated when the certification changes significantly. For example, the differences in the objectives between SY0-201 and SY0-301 Security+ objectives were significant. Publishers that had SY0-201 books in print published new books on the SY0-301 exam.
Further, most books include the content needed to successfully pass these performance based questions. The objectives aren’t changing. The only thing that is changing is the way that the objectives are being tested. If you understand the content, you will be able to answer the questions.
Update: The CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide is now available and includes information on performance-based questions.
Along these lines, I’ve been asked a few times if the CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide will be updated. This isn’t likely. I expect that CompTIA will be releasing new objectives for the SY0-401 exam sometime this year. When they do, I’ll be updating the SY0-301 Study Guide. You’ll probably still be able to take the SY0-301 exam through at least part of 2014.
If you’re planning on taking the Security+ exam any time from today on, you can expect to see Security+ performance based questions. These questions are different than multiple choice questions but they are not impossible to answer. If you understand the content, you will likely be able to answer these questions without too much difficulty.