Other Types of Questions on the Security+ Exam

January 30, 2018 by Fakhar Imam


In addition to performance-based questions, the Security+ exam also includes other types of questions like Multiple Choice, Fill in the Blanks, and Drag-and-Drop, according to CompTIA’s general guidelines about in-person testing. The official CompTIA Security+ (SY0-501) Practice Questions mostly demonstrate Multiple Choice questions. However, other types of questions might also be asked in the exam. Apart from performance-based questions for the Security+ exam, which has its own article, Multiple Choice and other types of questions are discussed below.

Test takers report that they spend around a third of their time answering performance-based questions. However, candidates are advised to time themselves and not get bogged down on questions they are struggling to answer; completing other types of security questions is just as important and tackling performance-based questions.

Content Changes

The update to the Security+ exam includes changes to the cognitive level of the exam and the content/instructional design. New objectives cover lower Bloom’s taxonomy layers compared to the previous exam, focusing on entry-level skills, rather than intermediate and entry-level skills.

There is about a 25% change in content between the SY0-401 and SY0-501 exams. The latter focuses more on attacks, risk management, hands-on skills and new technologies, including:

  • Cloud security
  • Virtualization
  • Mobile device security
  • Secure eCommerce technology
  • Monitoring tools
  • Manufacturer-specific issues

What Do I Need to Know About Multiple Choice Questions?

Multiple choice questions have two further subcategories that include Single-answer questions and Multiple-answer questions (also called Multiple Response Questions). Both types are imperative to understand for the Security+ exam.

Single-answer Questions: This type of question allows only one answer to be chosen among the given choices. Below are some examples of Security+ single-answer questions.

  1. You have developed a utility program for defragmenting the hard drives. There is a hidden code inside the source code of that program. This hidden code installs itself automatically and causes the infected system to erase sensitive data on the hard drive. In this case, which of the following type of attacks is being used in the code?
    • Trojan horse
    • Logic bomb
    • Spoofing
    • Virus
The correct answer is Logic Bomb – The Logic bomb is a set of instructions that are secretly incorporated into a utility program (or any other) so that if a specific condition is fulfilled they will be executed with harmful effects. The choices A and D are not correct because a time element is involved with those types of attacks. Answer C is also incorrect because spoofing involves the modification of the source address of traffic.


  1. You are working as a security analyst in an enterprise. Your company wants to take an electronic order from a partner company. However, the partner company expresses a concern that an unauthorized person may send an order. You have undertaken the responsibility to offer a solution that provides non-repudiation. Which of the following security solutions should you recommend?
    • Perfect forward secrecy
    • Hashing
    • ​Steganography
    • ​Digital signatures
    • Encryption
The correct answer is Digital Signatures – You need to recommend Digital signatures in this particular scenario. The sender signs the electronic order with a digital signature to demonstrate the authenticity of his/her company’s electronic order. The remaining choices are unfit and don’t work in this particular scenario.


  1. Security professionals audit a database server to make sure that the right security measures are in place for the protection of employees’ data. The database fields contain an employee’s first name, last name, telephone number, date of birth, and home address. Which of the listed terms below describe this type of data?
    • Public
    • Low
    • PCI
    • PII
The correct answer is PII – PII stands for Personally Identifiable Information. PII is a category of sensitive information that’s associated with a specific person and can be used to distinguish a person from others or to locate/trace him/her. Providing security to PII is one of the primary responsibilities of any organization. Remaining choices are nonsense or invalid.

Multiple-answer questions: A Multiple-answer question is also known as Multiple Response Question that allows the candidate to select more than one correct answer for the given question. (CompTIA has not publicly stated whether partial credit is given if part of your answer is correct. According to their site, “there may occasionally be a question for which partial credit is offered. However, exam questions are confidential to CompTIA, so no further information can be provided regarding which questions may offer partial credit.”)

To help you study, here are some Security+ practice questions that demonstrate the format of multiple-answer questions.

  1. You must configure the authentication system of your enterprise to make sure that users will not be able to reuse their last ten passwords within a period of six months. Which of the following settings should you configure in this scenario? (Select TWO choices)
    • Do not store passwords with reversible encryption
    • Multi-factor authentication
    • Minimum password length
    • Password history
    • Password complexity
    • Minimum password age
The correct answers are Password History & Minimum Password Age – While configuring the authentication system of your enterprise for the aforementioned scenario, you must take password history and minimum password age into consideration. Remaining options are incorrect because they cannot help in this particular situation.


  1. Auditors have performed a periodic audit of an application hosting company. After the assessment, they recommended that a company should contract with an additional data service provider (ISP) for a redundant high-speed internet connection. In this case, what should be the MOST likely reason for this suggestion? (Select TWO choices)
    • To improve intranet communications speed
    • To allow for a hot site in the event disaster
    • To eliminate a single point of failure
    • To allow for business continuity if one provider goes out of business
    • To allow a load balancing for cloud support
The correct answers are “to eliminate a single point of failure” & “to allow for business continuity if one provider goes out of business” – The high-speed internet connection provided by the second data service provider would certainly help in keeping an up-to-date replicate of the primary site. In the event of a disaster, all operations can swiftly be transferred to a second site. Doing so prevents a single point of failure and ensures business continuity on the second site. The remaining options are incorrect in this scenario.


  1. Identify the protocols that use TCP port 22 by default: (Select THREE)
    • SNMP
    • FTPS
    • SMTP
    • SCP
    • TLS
    • SFTP
    • SSL
    • SSH
The correct answers are SCP, SFTP, and SSH – SSH utilizes TCP port 22 and, therefore, all other protocols that are encrypted by SSH, including SCP, SFTP, also employ port 22. Remaining choices are wrong. SNMP uses UDP ports 161 and 162, SMTP employs TCP port 25, FTPS utilizes ports 989 and 990, and TLS uses TCP ports 80 and 443.



What Do I Need to Know About Fill in the Blanks?

A “Fill in the Blank” question includes a sentence, phrase, or a small paragraph with a blank space wherein a candidate provides the missing word. Below are the examples of “Fill in the Blank” questions that might be asked in Security+ exam.
NOTE: The format below is taken from CompTIA Exam Video Guide.

  1. What can security devices replicate on a Linux-based system using IP tables to examine and handle the network-based traffic? (Please enter only a single word answer and don’t duplicate answers in this field)

Answer: Firewall

You will fill this answer in the text box and it should look like:

What Do I Need to Know About Drag and Drop Questions?

The diagram below shows the format of “Drag and Drop Question” and similar type might be asked in Security+ exam.

Are You a Security+ Aspirant and Looking for Some Help?

If yes, then InfoSec Institute is the right choice for you. The InfoSec offers a Security+ Boot Camp that teaches you the information theory, as well as reinforces theory with hands-on exercises that help you “learn by doing.” InfoSec Institute has been one of the most awarded (42 industry awards) and trusted information security training vendors for 17 years. It offers thousands of articles on all manner of security topics.

Read more about the differences between SYO-401 and SYO-501 here.

Posted: January 30, 2018
Articles Author
Fakhar Imam
View Profile

Fakhar Imam is a professional writer with a master’s program in Masters of Sciences in Information Technology (MIT). To date, he has produced articles on a variety of topics including on Computer Forensics, CISSP, and on various other IT related tasks.

Notice: Undefined index: visitor_id12882 in /www/resourcesinfosecinstitute_601/public/wp-content/plugins/infosec-user-info/infosec-user-info.php on line 117