Security+ Practice Test – Performance Based Question
The performance-based questions on the Security+ exam are by now somewhat notorious. Fundamentally the navigational aspect of it is no more than an enhanced drag and drop or list-and-reorder type question. What candidates are having a hard time with is understanding how to crack the “answer code”. When figuring them out where should I start? In this article, we will look at one example of a performance-based question type that addresses exam objective 1.3 on the CompTIA Security+ SY0-601 test. It’s very important that you know all objectives and Main Domain 1.0 “Threats, Attacks and Vulnerabilities”, sub-objective 1.3 is no exception. It covers “Given a scenario, analyze potential indicators associated with application attacks.”
The scenario that sub-objective 1.3 and this performance Based question puts you in, is one where you have been compromised by a hacker. The script they used and your server farm is shown. To answer the question you must figure out which server is the most likely to be under attack and then identify both the attack type and what you think is the best defense against that attack. We have developed a few of these types of questions in the CertBlaster Security+ practice test and the below example is taken from one of those questions.
Read the question carefully
Look at the output of the hacker’s machine below. (The script has been redacted to prevent giving away the answer). Determine the server being attacked and the attack method, then the best defense based on the available choices. If it’s too hard to read the screenshot then you can view this question on our YouTube Channel.
What server is under attack?
Now examine the evil hacker’s script for the clues. Right away even though the actual attack is redacted we can see by the filename that it’s an SSL-based attack based on Python scripting which is heavily used in web programming. The partial file name and .py file extension give us that information. This would lead us to the web server as the potential target.
What attack type is this?
Reading on in the script we see usernames and passwords being attempted. This indicates a brute force dictionary attack, and it was successful! Not good. The word dictionary is the term that was redacted in the script. Now we know which server was compromised and how.
What is the best defense?
Best practices would put a Strong/complex Password policy as your defense here. Review and identify each response in the fields provided and when you are satisfied click the answer button to check the scoring. Success! the question has been answered correctly! Along with the correctly answered question, there is a concise explanation of the attack, why it is successful, and how to harden your system against it.
Before you go up for the test be sure to check out the other resources available on our Learning Resources page.
Subscribe to our YouTube channel for videos showing this type of question. In the videos, they are both narrated and explained.
Was this article helpful? Useful? Could be improved? Leave a message below to let us know!