Security+ Practice Test – Performance Based Question
The performance based questions on the Security+ exam are by now somewhat notorious. Fundamentally the navigational aspect of it is no more than an enhanced drag and drop or list-and-reorder type question. What candidates are having a hard time with is understanding how to crack the “answer code”. When figuring them out where should I start? In this article we will look at one example of a performance based question type that addresses exam objective 5.3 on the CompTIA Security+ SY0-401 test. It’s very important that you know all objectives 5.3 is no exception as it covers “Install and configure security controls when performing account management, based on best practices.”
The scenario that sub-objective 5.3 and this performance Based question puts you in, is one where you have been compromised by a hacker. The script they used and your server farm are shown. To answer the question you must figure out which server is the most likely to be under attack and then the identify both the attack type and what you think is the best defense against that attack. We have developed a few of these types of questions in the CertBlaster Security+ practice test and below example is taken from one of those questions.
Read the question carefully
Look at the output of the hacker’s machine below. (The script has been redacted to prevent giving away the answer). Determine the server being attacked and the attack method, then the best defense based on the available choices. If its too hard to read the screenshot then you can view this question on our YouTube Channel.
What server is under attack?
Now examine the evil hacker’s script for the clues. Right away even though the actual attack is redacted we can see by the filename that it’s an SSL based attack based on Python scripting which is heavily used in web programming. The partial file name and .py file extension gives us that information. This would lead us to the web server as the potential target.
What attack type is this?
Reading on in the script we see usernames and passwords being attempted. This indicates a brute force dictionary attack, and it was successful! Not good. The word dictionary is the term that was redacted in the script. Now we know which server was compromised and how.
What is the best defense?
Best practices would put a Strong/complex Password policy as your defense here. Review and identify each response in the fields provided and when you are satisfied click the answer button to check the scoring. Success the question has been answered correctly! Along with the correctly answered question there is a concise explanation of the attack, why it is successful and how to harden your system against it.
Before you go up for the test be sure to check out the other resources available at our Learning Resources page.
Subscribe to our YouTube channel for videos showing this type of questions. In the videos they are both narrated and explained.
Was this article helpful? Useful? Could be improved? Leave a message below to let us know!