01b Compare and Contrast security control and framework types performance based Question

Steps

1. Select User Menu > Policy Management, select Security controls.

   The Security Controls grid shows a list existing security controls, if there are any.

2. Select the name of an existing security control to edit, or select Add security control to create one.

3. In the panel that opens, specify this information:

   • Name

   • Language: Select Java , .NET Framework, or .NET Core.

   • Type: Select either one of these methods:

     • Input validators accept user input and take corrective action if unsafe data is received.

     • Sanitizers clean the data that is passed in, making it safe for consumption by any interpreter. Many sanitizers prevent one type of attack, but not another.

   • API: When specifying the API, consider these conventions:

     • Java must include method name and parameters. Use fully qualified types, intended to target only java.lang.String parameters (not boolean, int, long, short double, float, and so forth).

     • .NET Framework and .NET Core :

       • Include a return type (or void), method name and parameters. Use fully qualified types, intended to target only System.String parameters.

       • Verify that no white space exists between the parameters.

     • Mark the parameters that are going to be validated or sanitized with an asterisk ( * ).

   • Applicable vulnerability rules: You can choose All, or select one or more individual vulnerabilities.

4. Select Save to create a new security control. If you are editing an existing security control, you also have the option to delete the security control from this panel with the Delete icon.

5. At the bottom of the table, you will see Suggestions for potential security controls that Contrast detects, along with their class and method. (You can hide the section by clicking on the caret in the header row.)

   If a security control is automatically discovered for the first time, a notification is sent to all users with at least Viewer permissions for the corresponding applications.

   Hover over the API to see where this suggestion was discovered, and optionally, select the name of the application to see the vulnerabilities in context of that application.

   The Security+ Certification Study Guide will teach you the fundamental principles of installing and configuring cybersecurity controls and participating in incident response and risk mitigation. It will prepare you to take the CompTIA Security+ SY0-501 exam by providing 100% coverage of the objectives and content examples listed on the syllabus.

   After reading the text, you will be able to:

   • Identify strategies developed by cyber adversaries to attack networks and hosts and the countermeasures deployed to defend them.
   • Understand the principles of organizational security and the elements of effective security policies.
   • Know the technologies and uses of cryptographic standards and products.
   • Install and configure network- and host-based security technologies.
   • Describe how wireless and remote access security is enforced.
   • Describe the standards and products used to enforce security on web and communications technologies.
   • Identify strategies for ensuring business continuity, fault tolerance, and disaster recovery.
   • Summarize application and coding vulnerabilities and identify development and deployment methods designed to mitigate them.
   • Prerequisites

   To get the most out of the CompTIA Security+ Study Guide and be able to prepare for your exam you should have successfully passed the CompTIA Network+ certification exam and have acquired 24 months of experience in networking support and IT administration. We also recommend the following skills and knowledge before starting this course:

   If you’re planning to take the  Security+ exam you can expect to see some Security+ performance based questions. They have also been added to the A+ and Network+ exams. You can read more about performance based questions here, but in short a performance based question requires you to perform a task rather than simply requiring you to answer a multiple choice question.

   For example, do you know how to configure a WAP?

   

   While CompTIA originally stated these would be task-based questions, they are often appearing as simpler drag and drop questions, or questions where you can select items from a drop down menu. The Security+ Blog Links page has a section with several links to blogs on . Some of these blogs include comments by readers and test takers.

   Full Security+ Course

   SY0-601 Full Security+ Course

   Helping you Pass the First Time

   ---

   This course includes all of the multiple-choice practice test questions, performance-based questions, audio, and flashcards from the but adds the CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide within an online course.

   Test your readiness with these quality materials

   Here’s what you get

   All of the content from the CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide

   Random 75-question tests

   Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide. All questions include explanations so you’ll know why the correct answers are correct, and why the incorrect answers are incorrect.

   Performance-based Questions

   These questions show you what you can expect in the live exam. They include drag and drop, matching, sorting, and fill in the blank questions.

   Online Flashcard Set

   • Online Security+ Remember This Slide from the popular CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide
   • Online Security+ Question and Answer Flashcards organized by domain
   • Online Security+ Acronyms Flashcards

   Audio – SY0-601 Security+ Remember This Audio Files

   Learn by Listening (MP3 downloads.)

   Audio – SY0-601 Security+ Question and Answer Audio Files

   Learn by Listening (MP3 downloads.)

   Bonus #1

   The same set of questions organized by domain including questions in the CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide plus extra practice test questions.

   Bonus #2

   Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide.

   Bonus #3 

   Access to all of the online content that is available for free to anyone that purchases the CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide. This includes labs, extra practice test questions, and supplementary materials.

   Bonus #4 

   Extended access. Access the study materials for a total of 60 days because sometimes life happens.

   Bonus #5 

   10% off Voucher Code. Access to a coupon code that will give you 10% off your exam voucher. At the current price of $370 USD for the Security+ voucher, this can save you $37.

   Get the SY0-601 Full Security+ Course Here

   When Did They Start Appearing in Security+?

   These Security+ performance based questions started to appear in the Security+ exam in the first quarter of 2013 and they have been appearing regularly. I’ve been updating the Security+ Blog Links page and the  periodically with new information on them. Many readers and test takers have left comments on this page at the end of the blog. I’m also grateful to the readers that have sent me notes about their experiences through my contact page.

   ---

   Pass the Security+ exam the first time you take it
   CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

   ---

   How Many Questions Are on The Security+ Exam?

   When the Security+ exam had only multiple choice questions, you had 100 questions.

   After performance based questions were added, test takers typically have 70 to 90 multiple choice questions, and anywhere between two and ten performance based questions. The Security+ Blog Links page includes a . Here are a couple of pages that give sample multiple choice questions:

   • Security+ Practice Test Questions on Objective 2.1
   • Security+ Practice Test Questions on Objective 3.2

   Here are a few pages that give information on performance based questions.

   • Security+ WAP Performance Based Questions
   • Security+ Forensic Performance Based Question
   • Identify Social Engineering Attacks

   Security+ (SY0-601) Practice Test Questions

   SY0-601 Practice Test Questions 

   Over 385 realistic Security+ practice test questions

   At least 10 performance-based questions

   All questions include explanations so you’ll know why the correct answers are correct,

   and why the incorrect answers are incorrect.

   Upgrade Your Resume with the Security+ New Version

   Multiple quiz formats to let you use these questions based on the way you learn.

   • Learn mode – randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you’ll see the explanation. Click here to see how learn mode works.
   • Test mode – randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
   • Test mode – 75 random questions. View 75 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 75 multiple choice questions.

   Pass the First Time You Take It

   Get the full bank of SY0-601 Practice Test Questions Here

   Click here if you’re looking for SY0-501 Online Study Package

   What Performance Based Questions Should I Expect?

   The question types vary, but this section identifies many of the types of questions that people have reporting seeing.

   

   Matching

   You might be asked to match topics with each other. For example, you might have a list of port numbers and a list of protocols and then be tasked with matching the ports to the protocols. If you know the ports, this should be rather simple.

   As another example, you might need to identify the type of security controls used to protect specific devices. Objective 2.1 mentions Technical, Management, and Operational controls. Controls can also be identified as preventative, detective, and corrective controls.

   Matching questions might appear using a drag and drop format. For example, you might see security configurations on one side and devices on the other side and you’ll need to drag the relevant security method to the correct device. Consider these two lists:

   Devices

   • Mobile phone
   • Server

   Security methods

   • Screen lock
   • Strong password

   You can lock a mobile phone with a screen lock so you would drag the screen lock method to the mobile phone.

   You can use a simple password on a mobile phone but not a strong password. However, you can use a strong password on a server. In this case, you’d drag the strong password method to the server.

   There’s a subtlety here though which makes it important to understand the concepts and match them to the question. If the question refers to mobile devices as smartphones, you can only use a simple password such as a personal identification number (PIN). If the question refers to mobile devices as laptops, than you can use strong passwords because laptops can have strong passwords just like a server. This is a perfect example of how a simple twist in the question can change the answer. However if you understand the concepts covered in the objectives, these questions won’t throw you.

   This page gives a simple example of a matching type question: Security+ Match Device Controls.

   Security+ (SY0-601) Practice Test Questions

   SY0-601 Practice Test Questions 

   Over 385 realistic Security+ practice test questions

   At least 10 performance-based questions

   All questions include explanations so you’ll know why the correct answers are correct,

   and why the incorrect answers are incorrect.

   Upgrade Your Resume with the Security+ New Version

   Multiple quiz formats to let you use these questions based on the way you learn.

   • Learn mode – randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you’ll see the explanation. Click here to see how learn mode works.
   • Test mode – randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
   • Test mode – 75 random questions. View 75 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 75 multiple choice questions.

   Pass the First Time You Take It

   Get the full bank of SY0-601 Practice Test Questions Here

   Click here if you’re looking for SY0-501 Online Study Package

   Security+ Full Access Package

   

   Pass the First Time!

   Up-to-date Content

   New multiple-choice and performance-based questions added regularly

   Pass the first time with quality practice test questions, performance-based questions, flashcards, and audio.

   Buy The Full Access Study Package Today

   60 Days Access

   Need more time? You can easily renew for another 60 days at a significantly reduced price.

   All materials are available online shortly after making your payment.

   Get the Security+ Full Access Study Package Here

   Our online Security+ study materials are the perfect complement to the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. They can also be used to help ensure you’re ready no matter what study guide you’re using.

   This exam is expensive.

   Make sure you’re ready before exam day. 

   Here’s what you’ll get:

   • All of the multiple-choice questions from the best-selling CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. See a demo here. All questions have full explanations so you’ll know why the correct answers are correct and why the incorrect answers are incorrect.
   • Over 40 multiple-choice questions we’ve added after publishing the study guide.
   • Over 30 performance-based questions. See a demo here.
   • All of the flashcards from the study guide. View them in any Web browser.
   • All of the audio from the study guide. Listen to a sample here.
   • Access to a free discount code for 10% off your Security+ voucher.

   Buy The Full Access Study Package Today

   60 Days Access

   All materials are available online shortly after making your payment.

   Get the Security+ Full Access Study Package Here

   Click on a Diagram

   You might be asked to click on a diagram to select something. As a simple example, you might see a network diagram with multiple devices and be asked which device provides the best security during an attack.

   Some devices have logs and you might need to open up logs and review the information to determine what happened. As you review these logs, you’ll see some errors listed in at least one of them that identifies the problem.

   As another example, you might be tasked with giving a user appropriate permissions to perform job tasks. The diagram then shows a list of groups with specific permissions assigned. You then need to pick which group (or groups) to put the user into. The key here would be to remember the principle of least privilege and ensure that the user is granted enough rights and permissions to perform the job and no more.

   Put a List in the Correct Order

   You might be asked to arrange topics into a specific order. For example, a forensic analyst is required to know the order of volatility for data. You might see a list like this (though not in order) and be tasked with putting it in the correct order.

   • Data in RAM, including cache, and recently used data and applications
   • Data in RAM, including system and network processes
   • Data stored on local disk drives
   • Logs stored on remote systems
   • Archive media

   This page gives a simple example of a matching type question: Security+ Forensic Performance Based Question.

   Create an ACL

   You might be asked to provide details for an access control list on a router or firewall. Basic firewall filters can filter traffic based on IP addresses, ports, and some protocols. If you want to limit traffic, you can start with a deny all strategy where all traffic is blocked and then create exceptions to identify what is allowed.

   For example, if you wanted to allow a certain IP address through, you could add an exception in the ACL to allow traffic from or to this IP address. Similarly, if you wanted to allow certain protocol traffic through, you could add an exception to allow traffic based on the protocol’s port number.

   When preparing for a question like this make sure you know the ports for Security+.

   Configure a WAP

   Networks commonly use wireless access points (WAPs) and configuring security with them is an important skill to know. CompTIA stresses this on both the Network+ and Security+ exams. You should be able to configure basics such as:

   • Change the SSID
   • Enable/disable SSID broadcast
   • Enable MAC address filtering
   • Configure security such as WPA and WPA2

   Larger enterprises, add additional security to WAPs with WPA2 Enterprise. WPA2 Enterprise requires an 802.1x server typically configured as a RADIUS server.

   This page gives information needed for this type of question: Security+ WAP Performance Based Questions.

   ---

   Pass the Security+ the first time you take it.
   

   

   ---

   Command Prompt

   You might be asked to perform a task from the command prompt. You’ll have access to a simulated command prompt and be required to perform a specific task.

   In the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide, I gave an example with a couple of graphics that could easily be used in this exam.

   The question could go like this: “Determine if the file shown in the graphic is valid.”  The file in the graphic includes a valid MD5 hash.

   You are then put into a command prompt with nothing more than a blinking cursor. What do you do?

   The first step is to see what is in the current directory. You could do so with the dir command. More than likely, you’ll see the file that was displayed in the graphic, along with programs that can be used to create a hash such as md5sum and sha1sum.

   Next, you’d calculate the hash on the file using the correct program. This requires you to know that the hash shown in the graphic is an MD5 hash. You’d then run the md5sum program against the file to calculate the hash. If the hash shown in the graphic was a SHA1 hash, you’d need to run sha1sum instead.

   That’s it. In retrospect, you only need to enter two commands: dir and md5sum filename. However, you need to have some underlying knowledge to do so successfully.

   ---

   Security+ Full Access Package

   Pass the First Time!

   Up-to-date Content

   New multiple-choice and performance-based questions added regularly

   Pass the first time with quality practice test questions, performance-based questions, flashcards, and audio.

   Buy The Full Access Study Package Today

   60 Days Access

   Need more time? You can easily renew for another 60 days at a significantly reduced price.

   All materials are available online shortly after making your payment.

   Get the Security+ Full Access Study Package Here

   Our online Security+ study materials are the perfect complement to the CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide. They can also be used to help ensure you’re ready no matter what study guide you’re using.

   This exam is expensive.

   Make sure you’re ready before exam day. 

   Here’s what you’ll get:

   • All of the multiple-choice questions from the best-selling CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide. See a demo here. All questions have full explanations so you’ll know why the correct answers are correct and why the incorrect answers are incorrect.
   • Realistic SY0-601 Security+ Practice Test Questions
   • Performance-based questions.
   • All of the flashcards from the study guide. View them in any Web browser. See demo here
   • All of the audio from the study guide.
   • Access to a free discount code for 10% off your Security+ voucher.

   Buy The Full Access Study Package Today

   60 Days Access

   All materials are available online shortly after making your payment.

   Get the Security+ Full Access Study Package Here

   ---

   What is the Biggest Challenge?

   Many of the questions are straight forward and it’s easy to identify what is desired. However, the biggest challenge many people report with these types of questions is figuring out what some of the questions are actually asking. For example, the sample in the Command Prompt section earlier only states “Determine if the file shown in the graphic is valid” and shows a graphic. It doesn’t tell you to run the dir and the md5sum commands. However, this is the only way you can determine if the file is valid.

   With that in mind, you often need to give these types of questions a little more thought and pay attention to the clues given in the question.

   Should I Answer These Questions First?

   The performance based questions are typically first in the exam and many times they surprise people. The biggest thing to consider is the amount of time you spend on these questions. Some people haven’t had time to answer the easier multiple choice questions after spending a significant amount of time on the harder performance based questions. In general, I give test takers the following advice with performance based questions:

   1. Look at each one.
   2. If you understand what is required to answer the question and you can answer it, then answer it and move on.
   3. If you don’t understand the question or don’t know the answer, mark it and move on. You can mark it by clicking a checkbox labeled Mark.
   4. After you complete the multiple choice questions, go back to the marked questions.

   You aren’t penalized at all for marking a question or skipping it the first time through. If the question is answered correctly when you finish the test, you get credit for answering it correctly regardless of how many times you looked at it.

   How Much Are These Questions Worth?

   More than likely these questions are worth more than a typical multiple choice question. While CompTIA doesn’t release the actual value of any single question, it’s very likely that each question is worth a little more than 4 percent of the total.

   If the original exam has 100 multiple choice questions and the new exam has 87 multiple choice questions with three performance based questions, these three performance based questions could be worth about 13 percent of the total. If you divide 13 percent by three, it’s a little over 4.

   Do I Get Partial Credit?

   A common question people ask when taking these types of questions is if they get partial credit if they correctly perform part of the problem but not all of it. CompTIA isn’t saying, but I wouldn’t be surprised if they don’t award partial credit for these performance based questions. In other words, the question is testing your ability to complete a task and either you can, or you can’t.

   Some questions are asking you to match topics. If you match some of them correctly, it makes sense that you would get partial credit for what you matched correctly. Again though, this decision lies with CompTIA and I have not heard them say.

   Will Books Be Updated to Include Performance Based Questions?

   It’s unlikely that any books will be updated specifically for the Performance Based Questions. It takes an extensive amount of time and effort to rewrite, edit, layout, proof, and reprint books.

   Certification books are typically only updated when the certification changes significantly. For example, the differences in the objectives between SY0-201 and SY0-301 Security+ objectives were significant. Publishers that had SY0-201 books in print published new books on the SY0-301 exam.

   Further, most books include the content needed to successfully pass these performance based questions. The objectives aren’t changing. The only thing that is changing is the way that the objectives are being tested. If you understand the content, you will be able to answer the questions.

   Update: The CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide is now available and includes information on performance-based questions.

   Along these lines, I’ve been asked a few times if the CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide will be updated. This isn’t likely. I expect that CompTIA will be releasing new objectives for the SY0-401 exam sometime this year. When they do, I’ll be updating the SY0-301 Study Guide. You’ll probably still be able to take the SY0-301 exam through at least part of 2014.

   Realistic practice test questions for the Security+ SY0-401 exam
   Available through LearnZapp on your mobile phone

   Summary

   If you’re planning on taking the Security+ exam any time from today on, you can expect to see Security+ performance based questions. These questions are different than multiple choice questions but they are not impossible to answer. If you understand the content, you will likely be able to answer these questions without too much difficulty.

   Which security control psychologically discourages an attacker from attempting an intrusion but may not physically or logically prevent access?

   Deterrent—The control may not physically or logically prevent access, but psychologically discourages an attacker from attempting an intrusion. This could include signs and warnings of legal penalties against trespass or intrusion.

   Is the control that may not prevent or deter access but will identify and record any attempted or successful intrusion?

   Detective—the control may not prevent or deter access, but it will identify and record any attempted or successful intrusion. Corrective—the control responds to and fixes an incident and may also prevent its reoccurrence.