I just passed my Security+ exam today and I can honestly say these videos helped me a lot. Slowing down and rereading the key words in questions definitely helped me on a lot of the tricky questions. Definitely learning the acronyms and having a general understanding of each of the exam objectives is essential.
Just finished taking and PASSING the 701 exam! Your breakdowns of seeing what the questions were asking for, and going through each answer right or wrong really helped changed the way I studied and attacked the exam. Appreciate you and keep up the good work!
I passed the sy0-701 a few hours ago! I've been watching your Security+ videos along with Professor Messer for about 2 weeks now, and it feels like your questions are a bit harder than what was on my real exam. I usually miss 3-4 questions from each of your five most recent Security+ videos I've watched from you, which had me worried, but I passed with a 775 so you helped me a lot. Thank you again!
Good morning! I just took it Saturday and made a 710. I had 1 PBQ I did not recognize at all and had to guess.. it was the Encrypting VPN concentrators one. I have booked again for July 5th and wanted to ask if you had any guidance on it bc I’m afraid I could get the same PBQ again. Thanks in advanced.
@@dawsonearhart7445 Hey! I don't recall getting a PB question for specifically encryption related to VPN concentrators, however, I did get a PB question for setting up two VPN concentrators for two hosts across the internet. To be honest, I didn't really study/care about the PBQs since you can pass without getting any of them right, so I mainly focused on the multiple choice questions. However, I've noticed that the knowledge required to correctly answer these PB questions is quite broad, meaning that there are multiple topics that you would need to understand in order to get one of the PB questions correct. I'm not a study expert, but given that you have about 2 weeks left until your next exam, depending on your dedication to passing the exam, it might be worth trying to practice setting up a VPN concentrator in a virtual environment or something related to hands-on practice if you want to specifically get that question right. I can't guarantee that my advice will help you, but hopefully I was able to help a bit. P.S. I hope I am not overstepping my boundaries by saying this, but seeing that you got a 710, I think it might help if you also get more practice on the multiple choice questions, as I doubt one PBQ would be the difference between you passing or not at your current score. I was a bit cheap on searching for practice questions, so I didn't use any paid services or products for practice questions. Here's a list of all the questions I practiced with: Cyber James' Security+ videos, Professor Messer's SY0-701 Study Group livestreams (on his youtube channel), Professor Messer's weekly quizzes on his website (www.professormesser.com/category/security-plus/sy0-701/sy0-701-pop-quiz/), and a few other 1-3 hour youtube videos on sy0-701 practice questions (preferably the ones that give explanations for all answer choices, as it's important to know why the other choices in a question might be wrong).
Hi, I"m using professer messer as well and i wanted to ask if you were able to go through all the videos and also, is the structure of the exam similar to the structure of james practice questions or even more complex?
@@damilolaadebayo8236 Hey, before taking the exam, I did watch his entire playlist for Sy0-701 (I didn't look at 601) over the course of about a couple weeks. I only watched the playlist once in its entirety and only revisited videos related to answers I got wrong on practice questions (not limited to Professor Messer's) to help remember the content better. As for the structure of the exam compared to his practice questions, the exam always starts off with around a few performance based questions (PBQs), which you can skip and revisit later (as with any other question). These PBQs are the most complex questions, often testing multiple learning objectives that CompTIA is looking for. For the multiple choice questions, which is what the rest of the test questions were, the real exam seemed to be worded a bit differently. Professor Messer's weekly quiz questions were simpler in the sense that the questions are consistent in what they are asking for (for example, the answer choices that Professor Messer provides are all short phrases or one-word answers). But for the exam, some questions will be similar to his questions, and some will be similar to what was in Cyber James' videos. His live study sessions however, do have a bit of variety, at least more so than the weekly quiz questions. Overall, I would say that regardless of the type of questions you get, just understanding the CompTIA learning objectives (either by doing lots of practice questions, or doing some other study method that you find helps you remember the material) should give you an immunity to whatever questions they may ask you. Also, just like in these Cyber James videos, they are quite deliberate on their wording, so it helped me to read the questions slowly and carefully, even if it felt like I already knew what the answer might be.
Question 2, nahh, it says you're walking by the cubicle, at that exact moment. The logical step to take immediately at that exact moment would be to warn the user about the POTENTIAL phishing attempt since you are walking past them at that time. By not warning the user and reporting to the IT department, you essentially risk the user clicking on the phishing link as you go and report.
100%. You would let them know and then report to IT. Still complying with the policy but uniting risk by taking immediate action. Plus you know that IT dept isn’t going to look into it for a few hours at least 😂
I agree with this, if the user is at their cubicle. An important thing to note, it never stated if the user was present in front of their computer. Going on a goose chase to find this individual might give adversaries more time to email different people in the company and possibly gain access through someone else. Addressing the issue with IT sooner rather than later can give awareness earlier and mitigate the Phishing attempt.
I've gone through two of your security+ videos and found myself answering wrong a lot in the beginning until you kept going back and saying, "Well, WHAT are they asking?". Ever since that has clicked in my head, I've been choosing the correct answer like 8-9/10 times now. My main issue is just remembering some definitions and the acronyms. Huge emphasis on acronyms, though. I'm a little over halfway through my associates in cybersecurity, and these videos are preparing me better for the CompTIA Sec+ more than my classes have. However, my associates is helping me build an understanding of the concepts for everything. Just to clarify, I am not saying my classes aren't worth it for me. They are, but this is way better for the Sec+ certification. TLDR: Good vids. Am improving. 👍
@@micheal67 I passed it in the beginning of June, I passed with a 750 haha. Didn’t think I was gonna pass it, there was like 2 questions from this guys videos that were on my exam!! I don’t remember which but I remember how many since it was a while ago now
Question 20 I have a different Answer than C.. I will go with A A. Analyzing the security posture of the cloud service provider.The primary focus for the security team should be A. Analyzing the security posture of the cloud service provider. Here's why: Cloud Service Provider Security: The cloud service provider's security measures are crucial because they will be handling and storing sensitive customer data. Ensuring that the provider has robust security practices, compliance certifications, and a strong track record is essential to protect the data. Third-Party Risk Management: Assessing the security posture of the cloud service provider helps identify potential risks associated with third-party services. This includes evaluating their data protection policies, incident response capabilities, and overall security infrastructure. The other answers are secondary and I go with A. Analyzing the security posture of the cloud service provider.
For question 9, the question says to minimize the risk not get rid of risk which is what answer A would be. We also don't know if the confidential information is backed up or not. It my head D makes the most sense to MINIMIZE the risk. Any help on clarification? Edit: Also great video and content, keep them coming!
Changing the user’s logon credentials doesn’t stop the data from being accessed. It doesn’t mention the hard drive being encrypted so you have to assume it isn’t, and whether the data is backed up is irrelevant to the question.
the questions on the exam are a lot harder. While most practice exams give you a obvious answer by doing process of elimination the exam tries to trick you by giving answers that are very similar. Sometimes they are all acronyms and sometimes they are rephrased differently. At the end of the day, memorizing all the acronyms and understanding the concept will help so much more in the long run.
@@JP-pq9xi well I’ve taken compTIA exams back to back this past year, so there is overlap and i know the style of how they ask questions now. You’ve got it man it’ll come to you👍👍
Sir, I really enjoy your videos and the way you use the process of elimination to find the best answers. If you’re ever interested in volunteering to teach classes for ISSA here in Vegas, let me know. We could probably arrange sponsorship for your hotel and flights.
Haha I hear you dude. I've almost given up like 5 times now. About to take the exam in like 3 weeks, i'm on my 5th practice exam and just now starting to gain some confidence.
I have my Security+ 701 exam tomorrow afternoon. I went through all the Dion Training videos awhile back. I’m taking several practice exams and scoring 73-75 on them the first go around and then studying why my answers were wrong. I’m going back and taking them again and scoring 93-94. Is there any other recommendations besides just taking a few more practice exams and reviewing some protocols anyone can suggest before tomorrow’s exam?
You’re on the right track. I would recommend spending time going over all the acronyms in the exam objective. Out of all the feedback my students have given after taking their exams knowing acronyms was mentioned the most. You got this, let me know how you do!!
@@ImCyberJames I just finished my exam and passed! All glory to God the Most High and Jesus Christ for answering my prayers. Your videos definitely were put before me at the right time because you helped me with really thinking about what they were asking. Thank you.
Anytime I've had a user not able to reach an internal website, it was in issue with their laptop either not being connected to the company's network or vpn being turned on while being onsite. I thought the answer was C too
Taking my exam next Friday November 8th!! Then my birthday the next week after that and all I want is to pass the exam and get this cert!! Finished Professor Messer’s entire playlist today (finally) and starting this series now so fingers crossed :)
I understand why the answer to question 7 is to quarantine the machine on it's own network but I disagree with that. If a machine is actively encrypting files, turning it off will make sure that stops happening. You can always pull the SSD from the system later to run it in a sandbox. The ransom note will remain one of the few unencrypted files so you don't even need the full-screen message. If you leave the computer turned on and quarantined, you risk losing local files that haven't yet been encrypted. You also mitigate the risk of further infection from a hijacked bluetooth radio or similar wireless commination.
Only problem with turning it off is it wipes forensic evidence if stored in memory. Here it’s pretty obvious where the attack came from but it’s best practice to isolate and leave device running.
recovering data would come after the incident has been dealt with in the recovery plan. the best option would be to isolate so the machine doesn't affect/infect other machines on the network. once it's isolated, and once you eradicate the threat, you can worry about data recovery with back-ups later. i believe the question also doesnt specify storage devices. for comptia, its best not to assume what resources or hardware a company has. it's probably best to just use the information given and pick the BEST answer with that information. if you power down and remove the device, theres a chance thats the only storage device on that machine, so you'd still have to isolate it to deal with the threat. idk thats just my opinion tho
I took a practice test from another guy on youtube and got 45/50, took this and got 14/20... much better questions I think. Remembering all of the acronyms is gonna be hard.
Still confused about the answer for Q16, because when someone calls IT helpdesk,its either from the bank or their company. Who else can you call for assistance?(exclude scammer since you are working in that department.lol) so Still B is correct to me.
Agreed. Bad advice. Either that answer was wrong or the question is. Nothing in any of the exam objectives ever mentions or implies calling a bank or company from an obvious phishing email is in any way an enterprises solution to advising the recipient.
Your videos are all vitally awesome! On question 7 why is powering down harmful, and if you take a machine that is telling you it encrypted files and adding it into a new segmented isolated network, doesn't it put anything else on that isolated natwork at risk?
Hi Jeff, great question. Powering down can erase what is stored in volatile memory, making it difficult to investigate. The second part to your question is yes, if you move a device that has been infected with malware to a different network anything on the same network would be at risk. The term "isolated" is referring to quarantining it, meaning no other device is on the same network reducing the chance of spreading malware. I hope that helps!
For question 3, SSL is not recommended for use as its a compromised port/service, and TLS is the upgraded alternative replacement. For the answer C, is it within the generalization of SSL/TLS?
you would be right. the best option would 100% be TLS, but since the question didn't list the answer its safe to assume they would mean SSL as in TLS. since these two words are almost used interchangeably now-a-days. if the question has you decide between SSL and TLS, always choose TLS. but if TLS is not an option, choose SSL if its encryption for COMMUNICATIONS.
Q2 driving me nuts. The order of operations is different for me. At my job I'm well trusted. I'd always have a conversation with the worker right away and then follow up with alerting I.T. as I can catch a problem early.
Ok question 16 has to be challenged cuz it's not fair to test takers. If I'm calling help desk then that means it's work related. The bank doesn't send email to your work email, they send it to your personal email and if that's the case I'm not calling help desk for a personal problem, in that scenario the answer would be D but given the scenario it def should be C!
No, SSL. This is a bit of a trick question, because yes SSL is considered insecure compared to TLS. However, the question asks which is most appropriate to secure the communication. Communication is key here. AES alone does not encrypt communication, but SSL can use AES as part of secure communications. If TLS was an option, the answer would be TLS. SSL is still on the 701 exam objectives.
if the question asks whats the best ENCRYPTION method in general/data at rest, 100% AES since its used by the us military. if the question asks about best encryption for COMMUNICATIONS 100% SSL/TLS.
@@ImCyberJames Hi! I learned that SSL is no longer used due to known vulnerabilities and it has been replaced by TLS. Do you confirm/agree with this? If so, can you explain how SSL can be the correct answer then? Thanks!
@@zannimo1 Correct, TLS replaced SSL. Even though the word SSL is still used today, 99% of the time they are referring to TLS. CompTIA still wants you to know what SSL is. Out of all the given answers for question 3, SSL, although technically not considered secure, is still the best answer for secure communication out of the possible answers.
I don't agree with your answer "C" for question #20....... I feel it is "D" ...... if the CBS is managing the customer support tickets and it is being integrated with CRM sensitive data... that data is at rest within the CBS --- wouldn't that be a priority to encrypt or secure as the system implies the integration of this new CSB with the CRM... how is it not answer "D" I got 19 - 20 correct on this video exam. I thank you for the review and a real honest answer back. I take my exam in Dec or Jan 2025
Question 7: Why would powering down the PC worsen the issue? Also, most of these questions are not focused on the objectives of the SY0-701. Looks more like the SY0-601. Thx for the effort..
The two main reasons why you should not immediately power down an endpoint suspected of ransomware is because 1. It could lead to permanent data loss and 2. You would not be able to continue analyzing the ransomware (if necessary) and volatile memory would be erased.
@@ImCyberJames It makes sense but could they not have written a program to automatically encrypt once you disconnect or isolate from the network? Some viruses will actually delete once they are no longer connected to the network? By powering off could you not boot in safe mode and start the scan after you isolate? I feel like that if the ransom was embedded in certain processes that would not run during the boot, you would be able to quarantine in a safe environment after the reboot and scan. If it is a active ransom attack they have already encrypted and gained the key before they reached out to you anyway..
B isn't a bad answer, the symptoms are similar. The reason why I went with A was because the scenario mentioned a web application. Web applications are connected to a database, and web applications are *often* targeted by SQL attacks. In my mind the specially crafted code was SQL code, and without input sanitation it left the database that connects the finance processes vulnerable.
I have beef with no 9. You cant access the computer if it isnt connect to any network. Which a thief/ hacker would not do. I would remove the storage from it. Which should be encrypted at rest or full disk encryption.
u mean question 3. SSL is right because MD5 is hashing technique, DSA is primarily used for Digital Signatures, AES is encryption technique used to encrypt data at rest and is used in protocols like SSL or TLS to enrypt data in transit so we select SSL as whole.
and to further strengthen his point, SSL is TLS, but TLS is a more updated version. if the question doesn't have TLS, pick SSL. and if the question has both, pick TLS.
Get my Security+ Practice exam course on Udemy for only $12.99! Use code: SEC1299 bit.ly/cyberjamessec
Just passed Comptia Security + certification. Thank you so much 🎉🎉🎉
@@nathaliefosso9345 Congrats!!!
@nathaliefosso9345 do you happen to have any notes or anything? I'm super stressing about this test!!
I just passed my security+ 701 exam today, first try,
This video was last thing I watched before entering the exam.
Thanks
Well done!
I just passed my Security+ exam today and I can honestly say these videos helped me a lot. Slowing down and rereading the key words in questions definitely helped me on a lot of the tricky questions. Definitely learning the acronyms and having a general understanding of each of the exam objectives is essential.
Congrats on passing! And yeah the acronyms are extremely important.
Just finished taking and PASSING the 701 exam! Your breakdowns of seeing what the questions were asking for, and going through each answer right or wrong really helped changed the way I studied and attacked the exam. Appreciate you and keep up the good work!
CONGRATS!!!
I passed the sy0-701 a few hours ago! I've been watching your Security+ videos along with Professor Messer for about 2 weeks now, and it feels like your questions are a bit harder than what was on my real exam. I usually miss 3-4 questions from each of your five most recent Security+ videos I've watched from you, which had me worried, but I passed with a 775 so you helped me a lot. Thank you again!
Congrats !
Good morning! I just took it Saturday and made a 710.
I had 1 PBQ I did not recognize at all and had to guess.. it was the Encrypting VPN concentrators one.
I have booked again for July 5th and wanted to ask if you had any guidance on it bc I’m afraid I could get the same PBQ again. Thanks in advanced.
@@dawsonearhart7445 Hey! I don't recall getting a PB question for specifically encryption related to VPN concentrators, however, I did get a PB question for setting up two VPN concentrators for two hosts across the internet. To be honest, I didn't really study/care about the PBQs since you can pass without getting any of them right, so I mainly focused on the multiple choice questions. However, I've noticed that the knowledge required to correctly answer these PB questions is quite broad, meaning that there are multiple topics that you would need to understand in order to get one of the PB questions correct. I'm not a study expert, but given that you have about 2 weeks left until your next exam, depending on your dedication to passing the exam, it might be worth trying to practice setting up a VPN concentrator in a virtual environment or something related to hands-on practice if you want to specifically get that question right. I can't guarantee that my advice will help you, but hopefully I was able to help a bit.
P.S. I hope I am not overstepping my boundaries by saying this, but seeing that you got a 710, I think it might help if you also get more practice on the multiple choice questions, as I doubt one PBQ would be the difference between you passing or not at your current score. I was a bit cheap on searching for practice questions, so I didn't use any paid services or products for practice questions. Here's a list of all the questions I practiced with: Cyber James' Security+ videos, Professor Messer's SY0-701 Study Group livestreams (on his youtube channel), Professor Messer's weekly quizzes on his website (www.professormesser.com/category/security-plus/sy0-701/sy0-701-pop-quiz/), and a few other 1-3 hour youtube videos on sy0-701 practice questions (preferably the ones that give explanations for all answer choices, as it's important to know why the other choices in a question might be wrong).
Hi, I"m using professer messer as well and i wanted to ask if you were able to go through all the videos and also, is the structure of the exam similar to the structure of james practice questions or even more complex?
@@damilolaadebayo8236 Hey, before taking the exam, I did watch his entire playlist for Sy0-701 (I didn't look at 601) over the course of about a couple weeks. I only watched the playlist once in its entirety and only revisited videos related to answers I got wrong on practice questions (not limited to Professor Messer's) to help remember the content better.
As for the structure of the exam compared to his practice questions, the exam always starts off with around a few performance based questions (PBQs), which you can skip and revisit later (as with any other question). These PBQs are the most complex questions, often testing multiple learning objectives that CompTIA is looking for. For the multiple choice questions, which is what the rest of the test questions were, the real exam seemed to be worded a bit differently. Professor Messer's weekly quiz questions were simpler in the sense that the questions are consistent in what they are asking for (for example, the answer choices that Professor Messer provides are all short phrases or one-word answers). But for the exam, some questions will be similar to his questions, and some will be similar to what was in Cyber James' videos. His live study sessions however, do have a bit of variety, at least more so than the weekly quiz questions.
Overall, I would say that regardless of the type of questions you get, just understanding the CompTIA learning objectives (either by doing lots of practice questions, or doing some other study method that you find helps you remember the material) should give you an immunity to whatever questions they may ask you. Also, just like in these Cyber James videos, they are quite deliberate on their wording, so it helped me to read the questions slowly and carefully, even if it felt like I already knew what the answer might be.
Question 2, nahh, it says you're walking by the cubicle, at that exact moment. The logical step to take immediately at that exact moment would be to warn the user about the POTENTIAL phishing attempt since you are walking past them at that time. By not warning the user and reporting to the IT department, you essentially risk the user clicking on the phishing link as you go and report.
100%. You would let them know and then report to IT. Still complying with the policy but uniting risk by taking immediate action. Plus you know that IT dept isn’t going to look into it for a few hours at least 😂
I agree with this, if the user is at their cubicle.
An important thing to note, it never stated if the user was present in front of their computer. Going on a goose chase to find this individual might give adversaries more time to email different people in the company and possibly gain access through someone else. Addressing the issue with IT sooner rather than later can give awareness earlier and mitigate the Phishing attempt.
I take my test next month and I guess the key takeaway is to go literally based on what the question is asking instead of trying to interpret it.
For question 3, SSL has not been updated since SSL 3.0 in 1996 and is now considered to be deprecated.
Thanks for the insight. This will definitely be helpful fact to keep in mind when taking the exam.
I wactched all videos and I just passed Comptia Security + certification. Thank you so much 🎉🎉🎉
Hey Congrats!! Can u comment on PBQs like how many were there and their complexity?
Got the job yet?
Just passed my 701, thank you, these really helped. I went through them many times.
Congrats on passing!!!!
I answered 16 out of 20 questions right. Gaining confidence for my test on August 1st!
You got this! Let me know when you pass!
How’d it go bro?
Did you pass?
@@ImCyberJames I passed thanks for all your videos again!!
@@Unknownlifters I passed!!!!
I've gone through two of your security+ videos and found myself answering wrong a lot in the beginning until you kept going back and saying, "Well, WHAT are they asking?".
Ever since that has clicked in my head, I've been choosing the correct answer like 8-9/10 times now. My main issue is just remembering some definitions and the acronyms. Huge emphasis on acronyms, though.
I'm a little over halfway through my associates in cybersecurity, and these videos are preparing me better for the CompTIA Sec+ more than my classes have.
However, my associates is helping me build an understanding of the concepts for everything. Just to clarify, I am not saying my classes aren't worth it for me. They are, but this is way better for the Sec+ certification.
TLDR: Good vids. Am improving. 👍
This guy is a great teacher
Thank you so much!
Your videos are great man! Hoping to take SEC+ within a month, keep up the great work 💪🏼
More to come keep a lookout for more! And good luck with your exam.
How did it go
@@micheal67 I passed it in the beginning of June, I passed with a 750 haha. Didn’t think I was gonna pass it, there was like 2 questions from this guys videos that were on my exam!! I don’t remember which but I remember how many since it was a while ago now
Question 20 I have a different Answer than C.. I will go with A A. Analyzing the security posture of the cloud service provider.The primary focus for the security team should be A. Analyzing the security posture of the cloud service provider.
Here's why:
Cloud Service Provider Security: The cloud service provider's security measures are crucial because they will be handling and storing sensitive customer data. Ensuring that the provider has robust security practices, compliance certifications, and a strong track record is essential to protect the data.
Third-Party Risk Management: Assessing the security posture of the cloud service provider helps identify potential risks associated with third-party services. This includes evaluating their data protection policies, incident response capabilities, and overall security infrastructure.
The other answers are secondary and I go with A. Analyzing the security posture of the cloud service provider.
Thank you for doing this for us! Very informative!
Absolutely!
The legend returns!
💪 hope you’re doing well buddy
Thanks much!
very helpful
Planning to take security plus exam this month
Any suggestions for the prep!
I PASSED THANK YOU SO MUCH U HELPED ME A LOT
Congrats!!!!
For question 9, the question says to minimize the risk not get rid of risk which is what answer A would be. We also don't know if the confidential information is backed up or not. It my head D makes the most sense to MINIMIZE the risk. Any help on clarification?
Edit: Also great video and content, keep them coming!
Exactly what I was thinking lmao
Changing the user’s logon credentials doesn’t stop the data from being accessed. It doesn’t mention the hard drive being encrypted so you have to assume it isn’t, and whether the data is backed up is irrelevant to the question.
the questions on the exam are a lot harder. While most practice exams give you a obvious answer by doing process of elimination the exam tries to trick you by giving answers that are very similar. Sometimes they are all acronyms and sometimes they are rephrased differently. At the end of the day, memorizing all the acronyms and understanding the concept will help so much more in the long run.
Thank you. These seem way too simple. I should not be getting a 20/20 before even starting to study
@@ethanshihadeh5458lol the test is 100% just as easy.
Damn. I got like half of these wrong. I read the whole book and I have years of experience in I.T. too lmao.
@@JP-pq9xi well I’ve taken compTIA exams back to back this past year, so there is overlap and i know the style of how they ask questions now. You’ve got it man it’ll come to you👍👍
@@ethanshihadeh5458were the practice exam questions similar to the actual test questions?
Sir, I really enjoy your videos and the way you use the process of elimination to find the best answers. If you’re ever interested in volunteering to teach classes for ISSA here in Vegas, let me know. We could probably arrange sponsorship for your hotel and flights.
im getting really sad studying for this exam
Youre not alone
🩷
Haha I hear you dude. I've almost given up like 5 times now. About to take the exam in like 3 weeks, i'm on my 5th practice exam and just now starting to gain some confidence.
@@jeremytucker3106 how did it go??
@@Pedro-bt1sw Bro I passed on my first try! I was shocked, I totally thought I was going to fail during the test :P
This was really great thank you. I'm going to test in a couple hours and just wanted to go over some questions while I got ready. (:
Good luck! Let me know how it goes!
@@ImCyberJames I passed!
@@kianaaleigh Wooo! Let's go! Congrats!
@@ImCyberJames Thank you!!
I have my Security+ 701 exam tomorrow afternoon. I went through all the Dion Training videos awhile back. I’m taking several practice exams and scoring 73-75 on them the first go around and then studying why my answers were wrong. I’m going back and taking them again and scoring 93-94. Is there any other recommendations besides just taking a few more practice exams and reviewing some protocols anyone can suggest before tomorrow’s exam?
You’re on the right track. I would recommend spending time going over all the acronyms in the exam objective. Out of all the feedback my students have given after taking their exams knowing acronyms was mentioned the most. You got this, let me know how you do!!
@ I sure will. Thanks.
@@ImCyberJames I just finished my exam and passed! All glory to God the Most High and Jesus Christ for answering my prayers. Your videos definitely were put before me at the right time because you helped me with really thinking about what they were asking. Thank you.
Congrats!!! Thank you, but keep in mind YOURE the one who passed. Congratulations!
Anytime I've had a user not able to reach an internal website, it was in issue with their laptop either not being connected to the company's network or vpn being turned on while being onsite. I thought the answer was C too
Taking my exam next Friday November 8th!! Then my birthday the next week after that and all I want is to pass the exam and get this cert!! Finished Professor Messer’s entire playlist today (finally) and starting this series now so fingers crossed :)
good luck friend, taking mine on the 5th. praying i pass it first try 😭
@@MomoJawa did u pass?
@@walidpopal9076 yep! 763 was my score
I understand why the answer to question 7 is to quarantine the machine on it's own network but I disagree with that. If a machine is actively encrypting files, turning it off will make sure that stops happening. You can always pull the SSD from the system later to run it in a sandbox. The ransom note will remain one of the few unencrypted files so you don't even need the full-screen message. If you leave the computer turned on and quarantined, you risk losing local files that haven't yet been encrypted. You also mitigate the risk of further infection from a hijacked bluetooth radio or similar wireless commination.
Only problem with turning it off is it wipes forensic evidence if stored in memory. Here it’s pretty obvious where the attack came from but it’s best practice to isolate and leave device running.
recovering data would come after the incident has been dealt with in the recovery plan. the best option would be to isolate so the machine doesn't affect/infect other machines on the network. once it's isolated, and once you eradicate the threat, you can worry about data recovery with back-ups later. i believe the question also doesnt specify storage devices. for comptia, its best not to assume what resources or hardware a company has. it's probably best to just use the information given and pick the BEST answer with that information. if you power down and remove the device, theres a chance thats the only storage device on that machine, so you'd still have to isolate it to deal with the threat. idk thats just my opinion tho
GREAT VIDEO!!!! WE NEED PART 2
Thank you! It will be out in the next few days!
@@ImCyberJames WOOOOOO!!!!!!!
I took a practice test from another guy on youtube and got 45/50, took this and got 14/20... much better questions I think. Remembering all of the acronyms is gonna be hard.
Any videos with PBQS?
Still confused about the answer for Q16, because when someone calls IT helpdesk,its either from the bank or their company. Who else can you call for assistance?(exclude scammer since you are working in that department.lol) so Still B is correct to me.
Agreed. Bad advice. Either that answer was wrong or the question is. Nothing in any of the exam objectives ever mentions or implies calling a bank or company from an obvious phishing email is in any way an enterprises solution to advising the recipient.
Your videos are all vitally awesome! On question 7 why is powering down harmful, and if you take a machine that is telling you it encrypted files and adding it into a new segmented isolated network, doesn't it put anything else on that isolated natwork at risk?
Hi Jeff, great question. Powering down can erase what is stored in volatile memory, making it difficult to investigate. The second part to your question is yes, if you move a device that has been infected with malware to a different network anything on the same network would be at risk. The term "isolated" is referring to quarantining it, meaning no other device is on the same network reducing the chance of spreading malware. I hope that helps!
I chose not ssl for question 3, because I was like why not tls? :(
For question 3, SSL is not recommended for use as its a compromised port/service, and TLS is the upgraded alternative replacement. For the answer C, is it within the generalization of SSL/TLS?
you would be right. the best option would 100% be TLS, but since the question didn't list the answer its safe to assume they would mean SSL as in TLS. since these two words are almost used interchangeably now-a-days. if the question has you decide between SSL and TLS, always choose TLS. but if TLS is not an option, choose SSL if its encryption for COMMUNICATIONS.
Thank You James.
I refuse to believe question 12 is A over C
3 wrong and 17 right
Q2 driving me nuts. The order of operations is different for me. At my job I'm well trusted. I'd always have a conversation with the worker right away and then follow up with alerting I.T. as I can catch a problem early.
about to do a mock exam right after this and if i do good im taking my real exam immediately
Make sure you feel like you're ready, good luck!
On the 20th question, can you please explain why it shouldn’t be D? C makes equal sense to me too.
Hiw you can wioe dara remotely on laptop if you kost it and laptop offkine? First of all better ti change all pwd and then try to wipe data
Thank you for these :)
Ok question 16 has to be challenged cuz it's not fair to test takers. If I'm calling help desk then that means it's work related. The bank doesn't send email to your work email, they send it to your personal email and if that's the case I'm not calling help desk for a personal problem, in that scenario the answer would be D but given the scenario it def should be C!
Question 3 is supposed to be AES Advanced Encryption Standard which is a cryptographic solution ? SSL is replaced by TLS 🤔
No, SSL. This is a bit of a trick question, because yes SSL is considered insecure compared to TLS. However, the question asks which is most appropriate to secure the communication. Communication is key here. AES alone does not encrypt communication, but SSL can use AES as part of secure communications. If TLS was an option, the answer would be TLS. SSL is still on the 701 exam objectives.
if the question asks whats the best ENCRYPTION method in general/data at rest, 100% AES since its used by the us military. if the question asks about best encryption for COMMUNICATIONS 100% SSL/TLS.
Well done and thanks for your effort. Question 3, SSL is already deprecated. Does that mean these questions are not recent?
Thank you, and no these questions were made using the 701 objectives.
@@ImCyberJames Hi! I learned that SSL is no longer used due to known vulnerabilities and it has been replaced by TLS. Do you confirm/agree with this? If so, can you explain how SSL can be the correct answer then? Thanks!
@@zannimo1 Correct, TLS replaced SSL. Even though the word SSL is still used today, 99% of the time they are referring to TLS. CompTIA still wants you to know what SSL is. Out of all the given answers for question 3, SSL, although technically not considered secure, is still the best answer for secure communication out of the possible answers.
Thanks!
How can I register for CompTIA Security+
How much is it today
??
Question 10: I would of thought SSH would be the answer because they are remotely managing their accounts
Is this how the questions will look on pearsonvue?
Hey James,
Just want to let you know. You have the network + log instead of the sec+. Which may confuse some of your viewers. Just try to help.
Thank you for the heads up, I blurred that out.
I don't agree with your answer "C" for question #20....... I feel it is "D" ...... if the CBS is managing the customer support tickets and it is being integrated with CRM sensitive data... that data is at rest within the CBS --- wouldn't that be a priority to encrypt or secure as the system implies the integration of this new CSB with the CRM... how is it not answer "D" I got 19 - 20 correct on this video exam. I thank you for the review and a real honest answer back. I take my exam in Dec or Jan 2025
Question 7: Why would powering down the PC worsen the issue? Also, most of these questions are not focused on the objectives of the SY0-701. Looks more like the SY0-601. Thx for the effort..
The two main reasons why you should not immediately power down an endpoint suspected of ransomware is because 1. It could lead to permanent data loss and 2. You would not be able to continue analyzing the ransomware (if necessary) and volatile memory would be erased.
@@ImCyberJames It makes sense but could they not have written a program to automatically encrypt once you disconnect or isolate from the network? Some viruses will actually delete once they are no longer connected to the network? By powering off could you not boot in safe mode and start the scan after you isolate?
I feel like that if the ransom was embedded in certain processes that would not run during the boot, you would be able to quarantine in a safe environment after the reboot and scan. If it is a active ransom attack they have already encrypted and gained the key before they reached out to you anyway..
Bro my exam is on 8th june, please release all parts
Sorry I wish I could but it's not up to me! The questions have to be made and then sent to me to take
@@ImCyberJamesyou have have 4 videos for 601 are they similar to 701?
Did u pass your exam?
@@BoomBoom-bu2no yes got 767
@@akshatkembhavi9837 do you have any tips or advice for the test i take it this monday?
Hey I don't understand why B is not a good option for the 20th question ? (Nice video ty)
B isn't a bad answer, the symptoms are similar. The reason why I went with A was because the scenario mentioned a web application. Web applications are connected to a database, and web applications are *often* targeted by SQL attacks. In my mind the specially crafted code was SQL code, and without input sanitation it left the database that connects the finance processes vulnerable.
Anyone can help me with Security+ Performance Based Questions (PBQs) SY0-701 ? i weak at this.
I have beef with no 9. You cant access the computer if it isnt connect to any network. Which a thief/ hacker would not do. I would remove the storage from it. Which should be encrypted at rest or full disk encryption.
quite confused on Q4,,, isnt SSL outdated and insecure?
u mean question 3.
SSL is right because MD5 is hashing technique, DSA is primarily used for Digital Signatures, AES is encryption technique used to encrypt data at rest and is used in protocols like SSL or TLS to enrypt data in transit so we select SSL as whole.
and to further strengthen his point, SSL is TLS, but TLS is a more updated version. if the question doesn't have TLS, pick SSL. and if the question has both, pick TLS.
Thanks !
hello where did u find this practice exam?
They’re created based on the comptia objectives for me to take and record.
Where did you find these questions?
The answer is C.
I got 18 out of 20 : \
add a camera with you talking. Make it way better to keep focus.
The ads interrupting on every question not helping dude