Other types of questions on the Security+ exam [updated 2021]
Prep for a variety of exam questions
If you are preparing for the Security+ certification exam, you have probably realized that many questions involve the application of knowledge. The Security+ performance-based questions challenge test takers on given scenarios that must be solved using not only a sound theoretical background, but also practical skills and experience. Performance-based questions (PBQs) test a candidate’s ability to solve problems in a simulated, virtual environment (a firewall, network diagram, terminal window or operating system).
However, other types of questions might also be asked on the exam. Apart from PBQs for the Security+ exam, which has their own article, multiple-choice questions, fill in the blanks and drag-and-drop are included within the approximate 90 questions found on the test. While performance-based questions involve performing a task or solving a problem, multiple-choice questions require an applicant to select one or more correct answers to a specific question.
Test takers report that they spend around one-third of their time answering performance-based questions. Although the exam now places increasing importance on these types of questions to assess practical understanding, candidates are advised to time themselves and not get bogged down on questions they are struggling to answer; completing other types of security questions is just as important as tackling PBQs.
Security+ content changes
To maintain its International Organization/American National Standards Institute (ISO/ANSI) accreditation status, CompTIA is required to devise new exam questions about every three years. Changes are intended to mirror the evolving world of IT security as well as skills and job role requirements. To that end, CompTIA is continuously updating its PBQs as well as its multiple-choice questions in the Security+ exam.
There is about a 25% change in content between the SY0-501 and SY0-601 tests. The new exam focuses on the latest trends in risk assessment and management; principles of governance and compliance; ways to identify, analyze and respond to security events and incidents; skills required to assess the security posture of an enterprise environment and elements to recommend and implement appropriate security solutions; forensics; and hybrid/cloud operations, including mobile and IoT. As one can see, the credential provides recognition of skills required to perform different cybersecurity tasks in today’s IT world.
Be sure to view the content examples listed on the SY0-601 syllabus featuring new techniques and trends of threat management, intrusion detection and risk mitigation. “CompTIA Security+ (SY0-601) has 35 exam objectives, compared to 37 on SY0-501. The difference is that the exam objectives for SY0-601 include more examples under each objective — the number of examples increased by about 25%.”
What do I need to know about multiple-choice questions?
Multiple-choice questions have two further subcategories that include single-answer and multiple-answer questions (also called multiple response questions). Both types are imperative to understand for the Security+ exam.
This type of question allows only one answer to be chosen among the given choices. Below are some examples of Security+ single-answer questions.
You have developed a utility program for defragmenting the hard drives. There is a hidden code inside the source code of that program. This hidden code installs itself automatically and causes the infected system to erase sensitive data on the hard drive. In this case, which of the following types of attack is being used in the code?
- Trojan horse
- Logic bomb
|The correct answer is logic bomb. The logic bomb is a set of instructions that are secretly incorporated into a utility program (or any other) so that if a specific condition is fulfilled, it will be executed with harmful effects. The choices A and D are not correct because a time element is involved with those types of attacks. Answer C is also incorrect because spoofing involves the modification of the source address of the traffic.|
You are working as a security analyst in an enterprise. Your company wants to take an electronic order from a partner company. However, the partner company expresses a concern that an unauthorized person may send an order. You have undertaken the responsibility to offer a solution that provides non-repudiation. Which of the following security solutions should you recommend?
- Perfect forward secrecy
- Digital signatures
|The correct answer is digital signatures. You need to recommend digital signatures in this particular scenario. The sender signs the electronic order with a digital signature to demonstrate the authenticity of their company’s electronic order. The remaining choices are unfit and don’t work in this particular scenario.|
Security professionals audit a database server to make sure that the right security measures are in place for the protection of employees’ data. The database fields contain an employee’s first name, last name, telephone number, date of birth and home address. Which of the listed terms below describe this type of data?
|The correct answer is PII. PII stands for personally identifiable information. PII is a category of sensitive information that’s associated with a specific person and can be used to distinguish a person from others or to locate or trace them. Providing security to PII is one of the primary responsibilities of any organization. The other choices are nonsense or invalid.|
A multiple-answer question is also known as a multiple-response question. They allow the candidate to select more than one correct answer. (CompTIA has not publicly stated whether partial credit is given if part of your answer is correct. According to their site, “there may occasionally be a question for which partial credit is offered. However, exam questions are confidential to CompTIA, so no further information can be provided regarding which questions may offer partial credit.”)
To help you study, here are some Security+ practice questions that demonstrate the format of multiple-answer questions.
You must configure the authentication system of your enterprise to make sure that users will not be able to reuse their last 10 passwords within six months. Which of the following settings should you configure in this scenario? (Select TWO choices)
- Do not store passwords with reversible encryption
- Multi-factor authentication
- Minimum password length
- Password history
- Password complexity
- Minimum password age
|The correct answers are password history and minimum password age. While configuring the authentication system of your enterprise for the aforementioned scenario, you must take password history and minimum password age into consideration. The remaining options are incorrect because they cannot help in this particular situation.|
Auditors have performed a periodic audit of an application hosting company. After the assessment, they recommended that a company should contract with an additional data service provider (ISP) for a redundant high-speed internet connection. In this case, what should be the MOST likely reason for this suggestion? (Select TWO choices)
- To improve intranet communications speed
- To allow for a hot site in the event of a disaster
- To eliminate a single point of failure
- To allow for business continuity if one provider goes out of business
- To allow a load balancing for cloud support
|The correct answers are to eliminate a single point of failure and to allow for business continuity if one provider goes out of business. The high-speed internet connection provided by the second data service provider would certainly help in keeping an up-to-date replicate of the primary site. In the event of a disaster, all operations can swiftly be transferred to a second site. Doing so prevents a single point of failure and ensures business continuity on the second site. The remaining options are incorrect in this scenario.|
Identify the protocols that use TCP port 22 by default: (Select THREE)
|The correct answers are SCP, SFTP and SSH. SSH utilizes TCP port 22 and, therefore, all other protocols that are encrypted by SSH, including SCP and SFTP, also employ port 22. The remaining choices are wrong. SNMP uses UDP ports 161 and 162, SMTP employs TCP port 25, FTPS utilizes ports 989 and 990 and TLS uses TCP ports 80 and 443.|
What do I need to know about fill-in-the-blank questions?
A fill-in-the-blank question includes a sentence, phrase or a small paragraph with a blank space wherein a candidate provides the missing word. Below are the examples of such questions that might be asked in the Security+ exam.
NOTE: The format below is taken from a CompTIA exam video guide.
- What can security devices replicate on a Linux-based system using IP tables to examine and handle the network-based traffic? (Please enter only a single word answer and don’t duplicate answers in this field)
You will fill this answer in the text box:
What do I need to know about drag-and-drop questions?
The diagram below shows the format of a drag-and-drop question. Similar questions may be asked on the Security+ exam.
Are you a Security+ aspirant and looking for some help?
CompTIA offers exam preparation books and study guides covering all Security+ exam objectives. There are many reputable options for formal class attending or self-study type training to fit any learning style and timeline. Choose a course that not only focuses on the theory, but also reinforces knowledge with hands-on exercises that help you learn by performing tasks. To help you prepare check out our 10 tips for CompTIA Security+ exam success.
For more on the Security+ certification, view our Security+ certification hub.