Security+ exam questions and answers: What to expect
Cyber Work Hacks is here to answer your questions about the CompTIA Security+ exam! Today, Infosec boot camp instructor Tommy Gober reviews Security+ exam sample questions and shares tips to pass your Security+ 701 exam.
0:00 - Security+ exam mechanics
1:15 - The different types of Security+ exam questions
3:55 - How do you see your Security+ exam results?
5:10 - Security+ exam example question 1
9:27 - Security+ exam example question 2
11:32- Security+ exam example question 3
15:08- Security+ practice exam
16:29 - Security+ exam day advice
18:05 - Outro
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
Infosec and Cyberwork hacks are here to help you pass the Security Plus exam. For today's hack, tommy Gober, infosec Bootcamp instructor extraordinaire, is walking us through some sample Security Plus questions, providing excellent strategies during exam time to narrow down potential answers in a logical and stress-free way. And the only way you're going to see it is by staying right here for this Cyberwork hack. Hey, welcome to a new episode of Cyberwork Hacks. The purpose of this spin-off of our popular Cyberwork podcast is to take a single fundamental question and give you a quick, clear and actionable solution or a new insight into how to utilize Infosec products and training to achieve your work and career goals. So our guest today, tommy Gober, is an Infosec instructor and, among his many areas of expertise, he is our Bootcamp instructor for what you probably all know as one of the most popular and in-demand certifications, and that's CompTIA's Security Plus certification. So for today's Cyberwork hack, tommy's prepared a couple of sample Security Plus questions and he's going to walk us through how they are constructed and how you should approach them when you're taking the exam. So thanks for joining me today, tommy. Hey, chris, good to be here. Thank you so, tommy. We heard from some Security Plus cert holders that the experience of studying for the exam and learning the concepts felt different from the experience of conveying the information and the methods required by the exam. So can you break down the different types of exam questions on the Security Plus?
Yeah. So there's a few different types that CompTIA likes to ask on really any of their certification exams. There's the multiple answer or, I'm sorry, the multiple choice. The multiple choice that's A, b, c or D right Multiple answer, and that's usually where you're going to see select two, select all that apply. Yeah, right, right, yeah, maybe you have a mix of those and it's like to pick the top two reasons why On the CompTIA exam format they will literally say select two. They're going to tell you exactly how many of the following answers you need to choose, gotcha, and it doesn't let you move on If you only answer one. It's like select two. It's going to be like hey, bozo, you need to go back and gotcha Out of curiosity on a question where you have to select two.
I'm assuming that it's an all or nothing. You don't get like half credit if you select one right one and one wrong one.
You know that's a good question. So that is a question that comes up quite a bit in our boot camps is how are these tests scored? And the official answer is nobody knows. Okay.
All right, it just goes into the board and that's it.
Yeah yeah, CompTIA has not been publicly open about how they assess these exams. That's set. After taking a few dozen CompTIA exams over the years, I have my suspicions and I believe that and this is complete conjecture on my part it's not official. But I think that the way that they score this is they have a certain number of correct answers expected for you. So if you answer all the questions with 100% accuracy, then you get the highest score based on the way statistics work. But if they say select two, I think you can get. You know you'll get. Like if they answers are A and B, I think you can get a half of it correct by answering one of those correct, Because I think that counts towards your correct answers. But officially, no idea.
Yeah yeah, and probably some sort of magical you know percentage, weight and so forth, like they do with everything. Yeah, yeah, when you've taken the exam, you've submitted it, and it comes back you've passed or failed. Do you get to see which questions you got wrong? Nope, none of it, it just goes into the box yeah, not directly.
So on the exam pass or fail they will tell you these are the objectives in which you missed at least one question. You don't know how many questions you missed in that domain it may have. Just you know that objective may have been represented in two different questions, but they presented the content differently and so you're not really sure how did I get that one incorrect or not? And so it just kind of gives you this list. So you don't really know exactly, but you do kind of have a ballpark idea of like, okay, this is where I kind of need to know more study. And so if you have done a personal inventory of you know I got the objectives from CompTIA, I went through and I listed all these things out and I know these questions are not. If you did an inventory like that, you know the places where you're weak and you might be looking at the test result. You're like, yeah, I kind of screwed that up because I didn't.
You know, I knew I was weak on that you can feel it, rather than like going question by question. Okay, so I think the best way to get a feeling for each of these types is to run a couple of example exam questions. Tommy, and you provided me some samples here, so I'm going to share my screen very quickly and once we have done this, then I can. I think it'll be easier for people to sort of understand in person here. So, Tommy, I'm just going to let I'll move the slides for you when you want, but just take away from here.
Thank you, vanna. So, yeah, the first question that we got here. So this one is an example of how they're going to throw these acronyms at you and, like I said, vocabulary is key on this exam. So, knowing how you, knowing what the question is, first of all, asking them, knowing what are my options, when you glance at these answers HTTPS, smtp, tls, sftp what the heck are those? Notice, I have not read the question yet, I'm just looking at the answers. I want to first glance at my answer choices and that's going to kind of frame my thinking. This is just kind of test taking steps in general, but this is going to frame my thinking so that when I go up and read the question I will then be able to understand what are my options. So, having glanced at the answers HTTPS, smtp, tls, sftp I don't even know what those are. Let's go back and look at the question and read through it. An organization's chief information officer recently received an email from human resources that contains sensitive information. The CIO noticed the email was sent via insecure means. A policy has since been put in place stating all emails must be transmitting using secure technologies. Which of the following should be implemented to address the new policy. So this is a wordy question, chris. There's a lot of stuff going on here, but what are they asking? It's saying which of the following options should be implemented to address the new policy. What's that new policy? The policy has been put in place stating all emails must be transmitted using secure technology. So we're transmitting something. It has to be secure, meaning we're looking for some form of encryption. Encryption is how we send things securely. Okay. So the question is really asking which of the following is a form of encryption that we can, by extension, send email with? And so our options are HTTPS, smtp, tls and SFTP. Let's unpack what each of those are. Through the bootcamp, we talk about these different technologies. I'll say these are protocols, and we discuss what they mean, and then we unpack what they are. So unpacking HTTPS hypertext transfer protocol, secure HTTPS that's for requesting web pages and whatnot. We were not transmitting data that way, though. These days, we do a lot of our web based email, don't we? So plausible answer. Let's keep that one in mind. Maybe SMTP, simple mail transfer protocol. This is what your mail transfer agent sends the email out. Whenever I send you an email across, it goes out from me through SMTP. Well, that's not really a secure protocol, as we discussed in the bootcamps, so that one's going to be off of our list. Smtp by itself is not secure, so we put a line through that. Next up is TLS transport layer security. This is a form of encryption that we actually will secure a lot of insecure protocols like SMTP. We would use TLS to encrypt that to have SMTPS, or we use that for encrypting hypertext transfer protocol, http, and what we do is we tack on that little S at the end and it suddenly is a secure protocol. So HTTPS uses TLS, smtps uses TLS. That's the security that those are providing. So very, very strong contender there. Looking down at our final option there on letter D, delta is SFTP, that is, secure file transfer protocol, that is FTP utilizing SSH or secure shell. So that's not really something we would use to normally send email via, and so of these four options, the best one if you go on the next slide it will highlight our correct answer is indeed C, charlie, tls. Yes, very good. So that's kind of an unpacking of how to interpret these questions.
Very good, sorry about that, let me get back on there. Ok, there, it is All right. Very good, cool. Ok, let's go up to the next one here.
This is number two More alphabet soup, ooh.
They like to throw these. The first one I knew some of those terms. This one I am out to see, so I'm excited to hear about this. But is that means, like I know some of?
these words. So which of the following should be used to validate the integrity of data? We got TLS, ssh, md5, and RSA. The reason I picked this one out. This is a prime example of how sometimes CompTIA plays their hand. They kind of clue us into what the answer is just by using a keyword in the question itself. So which of the following is just to validate the integrity of data? One of the things that we do in the boot camp is we talk about how, in CompTIA land, whenever you're taking one of these certifications, if they are talking about integrity they mean hashing, and if they're talking about hashing they are talking about integrity. It's a two-way street. If you see that keyword, just know that they are zeroing in on hashing or integrity. Those two go hand in hand. So our options are TLS Transport Layer Security we just talked about that SSH, just talked about that one earlier. That is what allows us to remotely connect to a remote host via encryption. I'm going to skip on down to Delta, letter D and RSA, another form of encryption. So TLS, ssh, rsa all deal with encryption. Only the letter C, charlie, uses a form of hashing known as MD5, not bulletproof form of hashing, but a very, very common, often used form of hashing. So the question itself is asking which of the following is a hashing format protocol algorithm? And the answer on this one is C, charlie MD5. It's the only one of those choices that has to deal with hashing and because we saw that keyword up there in the question integrity we know that hashing is what they're asking about.
Awesome, All right, ready, you have for one more here.
All right, well, thank you. There's three excellent examples there, so I want to, before we go. Infosec, security Plus Bootcamp ends with a practice exam before the actual exam. Right yeah, now can you tell us how that works and how it helps you to retain knowledge better when it's the moment of truth, to take these in?
Absolutely so. There are different approaches to this. Each instructor takes these approaches a little differently. What I like my folks to do for my bootcamp is we spend a little bit of time each evening, kind of as homework. Do it on your own. You don't have to do it right away at the end of the bootcamp. You can take a break, you can go for a walk, whatever, but at some point at the end of the day I want you to go through and take these practice exams. The reason I want you to do that is to get exposure to these concepts. How will these items be presented to you? In the form of a question and then, as we're going through the course, I want you to be able to. It creates this learning community where everybody's kind of racing and clamoring and be like hey, hey, hey, that was on the practice exam. I remember that, love it. It lets you see how these topics are going to be presented on the exam so that when you get to exam time you've got some practice under your back.
You're not going to get that sort of brain. Seize up where you're like. I've never seen this before. The structure yeah, right. So what's your best piece of advice for exam day?
Good vibes. Okay, total chill when I go to do this. You've put in the time, you've put in the effort, you've taken the practice exams, you have prepared for this. It's showtime. Be proud, go in confident, knowing what you know. You may not know everything on the exam. There are times when I go to take these refresher exams just to kind of understand what, how these tests have done. I don't, even after these many years, I still don't ace every one of these because sometimes the questions are just a little confusing order. But you know what? I still go in confident and I still walk out with my chin up held high because I prepared for this. I am successful with it. So my game day, test day I go to. I schedule my exam. If you're a morning person, schedule it in the morning. If you're an afternoon person, I need a little time to boot up. Take in the afternoon. I like to go. I like to schedule my exam kind of mid to late afternoon. I like to go and eat lunch at one of my favorite restaurants and I've got a nice cold drink with me. I've got some good tunes in the car and I'm headed down to the test center and I'm just kind of like in a vibe. I'm just like I'm zoned out, I'm just kind of walking in zen, fabulous.
Oh, that's great advice, so I'm gonna leave it there. So, Tommy Gober, thank you for making the Security Plus exam a little less mystifying. I think this is gonna be something people are really excited about. So thank you Absolutely. And to everyone else, thank you for watching this episode. If you enjoyed this video and felt it really helped you this one especially please share it with your colleagues, your forums and on your social media accounts. I'd love to see people letting us know if this really helped them out and definitely subscribe to our podcast feed and YouTube page. You can just type in Cyberwork Infosec on any of them and you're on your way. So there's plenty more to come, including a couple more Security Plus from Tommy here. So if you have any topics you want us to cover, feel free to drop them in the comments below. But until then, see you next time and happy learning. Hey, if you're worried about choosing the right cybersecurity career, click here to see the 12th most in-demand cybersecurity roles. I ask experts working in the field how to get hired and how to do the work of these security roles so you can choose your study with confidence. I'll see you there.
Subscribe to podcast
Free cybersecurity training resources!
Infosec recently developed 12 role-guided training plans — all backed by research into skills requested by employers and a panel of cybersecurity subject matter experts. Cyber Work listeners can get all 12 for free — plus free training courses and other resources.
Weekly career advice
Learn how to break into cybersecurity, build new skills and move up the career ladder. Each week on the Cyber Work Podcast, host Chris Sienko sits down with thought leaders from Booz Allen Hamilton, CompTIA, Google, IBM, Veracode and others to discuss the latest cybersecurity workforce trends.
Q&As with industry pros
Have a question about your cybersecurity career? Join our special Cyber Work Live episodes for a Q&A with industry leaders. Get your career questions answered, connect with other industry professionals and take your career to the next level.
Level up your skills
Hack your way to success with career tips from cybersecurity experts. Get concise, actionable advice in each episode — from acing your first certification exam to building a world-class enterprise cybersecurity culture.