Introduction

IT security is vital to organizations as cloud computing, and mobile devices have revolutionized the way we do business. With the immense amounts of data transmitted and stored on networks all over the world, it is necessary to have effective security practices in place. That is where CompTIA Security+ comes in.

CompTIA Security+ certification is internationally trusted to certify foundational, vendor-neutral IT security knowledge and skills. As a benchmark for best practices in IT security, Security+ covers the fundamental principles of network security and risk management – making it a significant stepping stone to an IT security career. There is a significant emphasis on testing for hands-on troubleshooting skills.

The exam is regularly updated to reflect the latest cybersecurity technology and workforce trends at the Security+ level. In addition, ISO/ANSI 17024 approval requires an exam update every three years. To ensure that a successful candidate possesses the complete knowledge and expertise to handle and manage security functions, the CompTIA has made some amendments to their Security+ certification.

Certifications like CompTIA Cybersecurity Analyst (CSA+) and CompTIA Penetration Tester (CPT) have taken on the role of specialized certifications. The updated Security+ certification covers the baseline skills needed to perform core security functions, and functions as an introduction to more specialized certifications.

Performance-based questions are included along with Multiple-Choice Questions (MCQs) in the CompTIA Security+ exam. MCQs in CompTIA exams require an applicant to select one or more correct answers to a specific question. However, a performance-based question involves performing a task or solving a problem. The exam now places increasing importance on these performance-based questions to assess the practical understanding of the candidate.

Performance-based changes

Changes are intended to mirror the changing world of cybersecurity skills and role requirements.

  • There is now a significant emphasis on testing for hands-on troubleshooting skills.
  • The exam will focus less on analysis and far more on immediate issue resolution and understanding. Objectives cover mostly lower-level learning objectives through knowledge, comprehension, and application.
  • A new theme is the importance of risk mitigation concepts, best practices and techniques.
  • The exam now also includes a new emphasis on policy-based decisions and security procedures, especially as they relate to privacy.
  • The latest exam version has a somewhat lower cognitive level. The reason for this is that research done by CompTIA indicates that cybersecurity jobs are becoming more specialized, and more complex skills are now covered in intermediate-level certifications. This means that entry-level skills in Security+ should become a baseline for all cybersecurity jobs and not increase in difficulty.

Changes in the exam show that some topics are covered in more difficult but focus on the application of knowledge rather than the analysis of it. The intention is that the questions are more comprehensive but less difficult. Below is a list of possible performance-based questions:

  • Install and configure network components, both hardware- and software-based, to support organizational security
  • Given a scenario, implement secure network architecture concepts
  • Given a scenario, implement secure protocols
  • Given a scenario, install and configure wireless security settings
  • Explain the importance of policies, plans and procedures related to organizational security
  • Summarize business impact analysis concepts
  • Explain use cases and purpose for frameworks, best practices and secure configuration guides
  • Explain the importance of policies, plans and procedures related to organizational security
  • Explain risk management processes and concepts
  • Summarize basic concepts of forensics
  • Given a scenario, follow incident response procedures
  • Explain the importance of policies, plans and procedures related to organizational security
  • Given a scenario, carry out data security and privacy practices
  • Explain the security implications of embedded systems
  • Explain the importance of physical security controls
  • Compare and contrast various types of controls
  • Explain how resiliency and automation strategies reduce risk
  • Explain disaster recovery and continuity of operation concepts
  • Explain the importance of physical security controls
  • Given a scenario, analyze indicators of compromise and determine the type of malware
  • Compare and contrast types of attacks
  • Given a scenario, troubleshoot common security issues
  • Given a scenario, use appropriate software tools to assess the security posture of an organization
  • Explain penetration testing concepts
  • Explain vulnerability scanning concepts
  • Explain risk management processes and concepts
  • Summarize secure application development and deployment concepts
  • Given a scenario, deploy mobile devices securely
  • Given a scenario, troubleshoot common security issues
  • Given a scenario, analyze and interpret output from security technologies
  • Given a scenario, implement secure systems design
  • Given a scenario, deploy mobile devices securely
  • Summarize cloud and virtualization concepts
  • Given a scenario, carry out data security and privacy practices
  • Given a scenario, implement secure network architecture concepts
  • Explain the security implications of embedded systems
  • Given a scenario, install and configure identity and access services
  • Compare and contrast identity and access management concepts
  • Given a scenario, implement identity and access management controls
  • Given a scenario, implement identity and access management controls
  • Given a scenario, differentiate common account management practices
  • Compare and contrast basic concepts of cryptography
  • Explain cryptography algorithms and their basic characteristics
  • Given a scenario, implement public key infrastructure
  • Explain threat actor types and attributes
  • Explain the impact associated with types of vulnerabilities
  • Explain the importance of secure staging deployment concepts

When were performance-based questions added to the exam?

The Security+ performance-based questions started to appear from the first quarter of 2013 in the Security+ exam. At that time, the Security+ exam had only 100 Multiple Choice questions. After performance-based questions were introduced, candidates typically had 70 to 90 Multiple Choice questions, and somewhere between two and ten performance-based questions.

How much they worth?

Performance-based questions are valued more than a usual Multiple Choice question. While CompTIA does not make public the actual value of any single question, it is very expected that each question is worth a little more than 4 percent of the entirety.

If the original exam has 100 Multiple Choice questions and the new exam has 87 Multiple Choice questions with three performance-based questions, these three performance-based questions could be worth about 13 percent of the total. If you divide 13 percent by three, it is a little over 4.

Test-takers report that performance-based questions take up about one-third of their total time on the exam.

Do they give partial credit?

It is not clear or stated by CompTIA that they give partial credit.

Sec+ Training – Resources (InfoSec)

What performance-based questions should I expect?

As the CompTIA security+ exam updated regularly, it is difficult to predict the exact questions. However, here are some types of questions that reportedly appear in the exam:

Matching: You might be asked to match topics with each other. For example, you might have a list of port numbers and a list of protocols and then be tasked with matching the ports to the protocols.

Diagram: You might be asked to click on a diagram to select something. As a simple example, you might see a network diagram with multiple devices and be asked which device provides the best security during an attack.

Correct Order: You might be asked to arrange topics into a specific order. For example, a forensic analyst is required to know the order of volatility for data and given a list to put it in the correct order:

  • Data in RAM, including cache, and recently used data and applications
  • Data in RAM, including system and network processes
  • Data stored on local disk drives
  • Logs stored on remote systems
  • Archive media

ACL: You might be asked to give details for an access control list on a router or firewall. For example, if you required allowing a certain IP address through, you might add an exception in the ACL to allow traffic from or to this IP address.

Configure a WAP: Networks commonly use wireless access points (WAPs) and configuring security with them is a significant skill to know. You should be able to configure basics such as:

  • Change the SSID
  • Enable/disable SSID broadcast
  • Enable MAC address filtering
  • Configure security such as WPA and WPA2

Command Prompt: You might be asked to achieve a task from the command prompt. You will have access to a simulated command prompt and be required to perform a specific task.

Tip: Be careful how much time you spend on performance-based questions. Some students report on forums that they ran out of time to tackle the Multiple Choice questions adequately.

Conclusion

At Infosec Institute, training material for the exam is updated in a timely fashion so that there is no ambiguity about the course material and the exam questions. To pass the exam successfully, purchasing the training material only from authentic sources is recommended. Learning hard is the key to success; don’t study for the exam, but study to gain some skills.

Be Safe

Section Guide

Penny
Hoelscher

View more articles from Penny

Earn your Sec+ the first time with InfoSec Institute and pass your exam, GUARANTEED!

Section Guide

Penny
Hoelscher

View more articles from Penny
[Free Guide]
[Free Guide]