CompTIA Security+ SY0-601 – Performance Based Questions

1. Performance Based Questions Introduction

In this video, I’m going to be talking about this section, performance based questions. Now, this particular section, I want to be going over with you guys a variety of different performancebased questions that the exam may ask you. In this one, you’re basically just going to watch me do them, their points, when I’m going to tell you to pause the video so you can practice it and then try it, and then you’re going to see me do it. Remember something. Most performance based questions are basically where you have to drag things and put them there, match things up, put things in order, or maybe fix a particular issue with a firewall or something like that.

Most of the time, it’s what it’s going to be. So enjoy this section. I’m not going to be on camera in this section because they basically take up the whole screen. I don’t want to take up any real estate. Now, this is an evolving section, this section. I will be adding new contents to this section as more of these questions comes out. Initially, we may not have a lot, but over time and as the as the, you know, fleming this video, the exam came out two weeks ago. So as time progresses, I want to be adding more and more of these questions to this section. So enjoy this section, and good luck on your exam.

2. PBQ – Attack Types and Response

In this performance based question, we’re going to be taking a look at how to match up different attack descriptions with what type of attack it is and what type of security response it is, that this type of performance based question comes in many different variants. So you’re going to want to make sure that you study all the different attacks and basically how to fix them. Throughout this course, I went through all the different attacks attacks with you. So here’s what you’re going to do. You’re basically going to take these attack types and you’re going to put them into the boxes where it says type of attacks. And then you’re going to take the security response types and you’re going to put them how to respond to those attacks.

So let’s get started. So pause the video right now and go ahead and write it down on a piece of paper, or just write it out how you would do it and let’s resume the video and let’s get started. Okay, so the first thing says the first attack description is sending a large number of packets to the server. In this one, it has to be some kind of denial of service attacks. So we’re just going to put that right in there. Now obviously it’s not going to line up too well for me here, but that’s okay. And then how are we going to respond, security respond to this type of denial, denial of service attack. So for this, we’re going to enable the denial of service on the firewall itself.

So we’re just going to put that right in there. The next thing here now is being able to control a computer remotely. This has to be some kind of virus that’s installed on the computer. So we’re just going to drag that and put it on here. The next thing is we want to be able to respond to this. Now since this is a Trojan, this is going to be malware. We’re going to want to make sure we keep updated malware software on that computer, able to insert false records into a database. This has to be some kind of injection attack. So we’re just going to put can I grab that? Yes, I could okay it’s in SQL injection. And then to finally to respond to the actual there, we’re going to put an input validation.

Now one thing to keep in mind here is that when you’re doing this type of performance based question, they might have more choices than what would be here. So for example, they might have five or six different things, but they only have four or four different attacks. They may have a few different security responses, but they may apply to multiple things. So for this one, you really want to study the different types of attacks, what is being attacked, and you also want to study exactly how to respond to these particular types of attacks.

3. PBQ – Incident Response

In this video, we’re going to be taking a look at the incident response process. And in this PBq or performance based question, you’re going to have to put this performancebased question in order. Now, for this, you’re going to want to make sure that you had memorized this, and this comes right out of your exam objective. You can pause the video right now and see if you can put this in order. And if you could, great. Then resume the video and let’s get started. So the first thing you want to have is a good preparation, or you want to have good steps in place. You can’t respond to an incident if you didn’t have an entire process before you started.

The next thing you want to do is to be able to identify the incidents. Identification of incidents can come from things such as an intrusion detection system, antivirus or antimalware software, or even a user calling up a help desk stating that there is an incident on their computer.The next thing you want to do once you’ve identified an incident is to contain that incident. Containing the incident generally means to disconnect the computer off the network or disconnect that entire segment. That way the virus or the worm that’s infected cannot spread.

The next thing you want to do is you want to, once you’ve disconnected the system, is to eradicate it, go in there and take the virus off. This can include scanning the machine with antivirus or maybe even reinstalling Windows. The next thing you want to do is to be able to recover those systems after you have gotten rid of the malware. And this can be just restoring the user’s data. And then finally, you want to make sure that this does not happen again. So you do some lessons. Lauren okay, that is the Incident Response process in order. Make sure to memorize this so when you take your exam, you’ll be able to ace this performance based question.

4. PBQ – Social Engineering

In this performance based question. What we’re going to be doing is we’re going to be matching up the attack to the type of the attack. Now this is going to be a social engineering one. So in order to do this question, you’re going to want to make sure that you review all your social engineering attacks and make sure you know them well. This is a very simple and easy performance based question to line up. So let’s take a look at how this is done. So we’re going taken the type of attacks and put it in the correspondent box. On the real exam, it could be as simple as just having three things like I have, or it could be four or five things. So pause the video right now and go ahead and see which one belongs in which box. And let’s resume the video now. And let’s go ahead and put them in the box. So the first thing up, it says receiving text messages with links to malicious websites.

This year it would be submission. This would be anything that’s really involved in text messaging would be submission. Receiving phone calls, asking for personal information while impersonating a bank. This would be a type of voice vision. So this would be known as vision. And telling the CEO to try to get the CEO of a company to click on a link, on a link to a malicious website. This would be a form of whalen. Whalen is a type of fishing attack where you are going after the biggest fish in the ocean, also known as the CEO or the most senior executive within that business. Now, once again, this particular performance based question could have a variety of different social engineering parts to it. They may have four or five different things and you may have to line them up. But once you know the definition, you know what they are, you should be able to ace this performance based question.

5. PBQ – Firewalls

In this video we’re going to be taking a look at how to configure firewall rules in case there is a problem on your network. Now, this is a very famous security plus performance based question that was on multiple security plus exams. Now, I’m going to do it using a live sonic wall router, basically the same router that I was using for the class. This is just a demo of it, but the one on the exam is going to be different. The one on the exam is going to be some kind of simulation, some kind of graphics that they created. They basically want you to know how to configure firewall rules by knowing source and destination and services. So let’s go through it and then we’ll see how to configure it. Now, I’m not going to be able to save the configuration because this is a demo firewall.

So the problem says that users report they cannot access the web server on the wang. So there’s a couple of things to realize that this web server is on the wang, the users are taught to be on the land side. So right now it seems like the wang is being denied access to a web server on the wang. So in order to configure this firewall rule set, we have to know the actual service to run it. So a web server we can assume is going to be Http and Https. So we’ll add a rule, we’ll configure it to add Http on it. So we’ll go to now generally when you click on the firewall on the exam, it’s going to bring up something that looks somewhat similar to this but you’re just going to have to put in some of the source, what’s going to be called source and destination.

So the source would be we’re going from the land to the wang. Now, sometimes this is done with IP address and so keep in mind of the subnet IP that you’re going to be looking at. So source from the land to the wang and you’re going to want to make sure that we look for Http in the services or Https. You’re going to have to read the question to determine which one they want. If they want a secure version of it, you’re going to look for Https. If not, you just do Http. That would be the service, the source port. The service would also be the same Http and that would basically be it. Now you could go in and select networks and you have to be careful on the exam when they start talking about networks because you have to watch.

The IP address sometime on the diagrams they’ll have IP address and so you’ll want to keep an eye on that. Okay, so let’s take a look at the next problem here. No, I can’t save this. I’m going to close that. Users cannot send emails to the email server in the DMZ. So once again, we got to know that this is located in the DMZ. The users are going to be in the land. So we’ll add another rule and from we’re going to be doing from the land interface to the DMZ. Now because this is a sonic one, this is going to have much more options than your exam would. It’s going to be a little more complex. So they want to be able to access their email server. So this is probably going to be an SMTP.

Now it could have been an IMAP or a Pop Three. But assuming that they want to send email on the exam, they may just give this option. Instead of saying four and two interfaces, they may make you select specific type of networks, but it’ll have the actual subnet, not just the interface names. Okay, so make sure you understand how to do firewall rules on your exam. They should not be too complex. You have to understand a firewall blocks traffic, traffic coming from one section of it to another section. Generally. If you understand that, you should be able to ace this particular question.

• Category: Uncategorized