Other types of questions on the Security+ exam [updated 2021]
Prep for a variety of exam questions
If you are preparing for the Security+ certification exam, you have probably realized that many questions involve the application of knowledge. The Security+ performance-based questions challenge test takers on given scenarios that must be solved using not only a sound theoretical background, but also practical skills and experience. Performance-based questions (PBQs) test a candidate’s ability to solve problems in a simulated, virtual environment (a firewall, network diagram, terminal window or operating system).
However, other types of questions might also be asked on the exam. Apart from PBQs for the Security+ exam, which has their own article, multiple-choice questions, fill in the blanks and drag-and-drop are included within the approximate 90 questions found on the test. While performance-based questions involve performing a task or solving a problem, multiple-choice questions require an applicant to select one or more correct answers to a specific question.
Test takers report that they spend around one-third of their time answering performance-based questions. Although the exam now places increasing importance on these types of questions to assess practical understanding, candidates are advised to time themselves and not get bogged down on questions they are struggling to answer; completing other types of security questions is just as important as tackling PBQs.
Security+ content changes
To maintain its International Organization/American National Standards Institute (ISO/ANSI) accreditation status, CompTIA is required to devise new exam questions about every three years. Changes are intended to mirror the evolving world of IT security as well as skills and job role requirements. To that end, CompTIA is continuously updating its PBQs as well as its multiple-choice questions in the Security+ exam.
There is about a 25% change in content between the SY0-501 and SY0-601 tests. The new exam focuses on the latest trends in risk assessment and management; principles of governance and compliance; ways to identify, analyze and respond to security events and incidents; skills required to assess the security posture of an enterprise environment and elements to recommend and implement appropriate security solutions; forensics; and hybrid/cloud operations, including mobile and IoT. As one can see, the credential provides recognition of skills required to perform different cybersecurity tasks in today’s IT world.
Be sure to view the content examples listed on the SY0-601 syllabus featuring new techniques and trends of threat management, intrusion detection and risk mitigation. “CompTIA Security+ (SY0-601) has 35 exam objectives, compared to 37 on SY0-501. The difference is that the exam objectives for SY0-601 include more examples under each objective — the number of examples increased by about 25%.”
What do I need to know about multiple-choice questions?
Multiple-choice questions have two further subcategories that include single-answer and multiple-answer questions (also called multiple response questions). Both types are imperative to understand for the Security+ exam.
This type of question allows only one answer to be chosen among the given choices. Below are some examples of Security+ single-answer questions.
You have developed a utility program for defragmenting the hard drives. There is a hidden code inside the source code of that program. This hidden code installs itself automatically and causes the infected system to erase sensitive data on the hard drive. In this case, which of the following types of attack is being used in the code?
- Trojan horse
- Logic bomb
You are working as a security analyst in an enterprise. Your company wants to take an electronic order from a partner company. However, the partner company expresses a concern that an unauthorized person may send an order. You have undertaken the responsibility to offer a solution that provides non-repudiation. Which of the following security solutions should you recommend?
- Perfect forward secrecy
- Digital signatures
Security professionals audit a database server to make sure that the right security measures are in place for the protection of employees’ data. The database fields contain an employee’s first name, last name, telephone number, date of birth and home address. Which of the listed terms below describe this type of data?
A multiple-answer question is also known as a multiple-response question. They allow the candidate to select more than one correct answer. (CompTIA has not publicly stated whether partial credit is given if part of your answer is correct. According to their site, “there may occasionally be a question for which partial credit is offered. However, exam questions are confidential to CompTIA, so no further information can be provided regarding which questions may offer partial credit.”)
To help you study, here are some Security+ practice questions that demonstrate the format of multiple-answer questions.
You must configure the authentication system of your enterprise to make sure that users will not be able to reuse their last 10 passwords within six months. Which of the following settings should you configure in this scenario? (Select TWO choices)
- Do not store passwords with reversible encryption
- Multi-factor authentication
- Minimum password length
- Password history
- Password complexity
- Minimum password age
Auditors have performed a periodic audit of an application hosting company. After the assessment, they recommended that a company should contract with an additional data service provider (ISP) for a redundant high-speed internet connection. In this case, what should be the MOST likely reason for this suggestion? (Select TWO choices)
- To improve intranet communications speed
- To allow for a hot site in the event of a disaster
- To eliminate a single point of failure
- To allow for business continuity if one provider goes out of business
- To allow a load balancing for cloud support
Identify the protocols that use TCP port 22 by default: (Select THREE)
What do I need to know about fill-in-the-blank questions?
A fill-in-the-blank question includes a sentence, phrase or a small paragraph with a blank space wherein a candidate provides the missing word. Below are the examples of such questions that might be asked in the Security+ exam.
NOTE: The format below is taken from a CompTIA exam video guide.
- What can security devices replicate on a Linux-based system using IP tables to examine and handle the network-based traffic? (Please enter only a single word answer and don’t duplicate answers in this field)
You will fill this answer in the text box:
What do I need to know about drag-and-drop questions?
The diagram below shows the format of a drag-and-drop question. Similar questions may be asked on the Security+ exam.
Are you a Security+ aspirant and looking for some help?
CompTIA offers exam preparation books and study guides covering all Security+ exam objectives. There are many reputable options for formal class attending or self-study type training to fit any learning style and timeline. Choose a course that not only focuses on the theory, but also reinforces knowledge with hands-on exercises that help you learn by performing tasks. To help you prepare check out our 10 tips for CompTIA Security+ exam success.
For more on the Security+ certification, view our Security+ certification hub.