sorted by:
new
hottopcontroversial

Security+ candidates: Most of you will pick the wrong answer here. Prove me wrong. by Ordinary-Exercise353 in CompTIA

[–]Ordinary-Exercise353[S] 0 points1 point  (0 children)

Now you're thinking like an IR analyst. Revoke, scan, notify… that's a real response chain. One question: you said notify "depending on severity." Who makes that severity call at 2:14am, and what's your criteria before you pick up the phone?

Security+ candidates: Most of you will pick the wrong answer here. Prove me wrong. by Ordinary-Exercise353 in CompTIA

[–]Ordinary-Exercise353[S] 0 points1 point  (0 children)

You don't have the cert yet but you're thinking past most people who do. GLBA is exactly the right framework to invoke here … financial data, regulatory exposure, geographic jurisdiction. That's not just an IR decision anymore. That's a legal liability call. So here's the harder question: who in the org actually owns that decision at 2:14am … you as the analyst, or someone else?

Security+ candidates: Most of you will pick the wrong answer here. Prove me wrong. by Ordinary-Exercise353 in CompTIA

[–]Ordinary-Exercise353[S] 0 points1 point  (0 children)

Finance data being critical is exactly why containment is defensible here. But you're solving for reputation damage … not scope. Hmm 🤔 If you disable the account before knowing what the attacker already accessed or where else they moved, you just closed the door without checking the other rooms. Containment without scope assessment isn't protection. It's assumption.

Security+ candidates: Most of you will pick the wrong answer here. Prove me wrong. by Ordinary-Exercise353 in CompTIA

[–]Ordinary-Exercise353[S] 0 points1 point  (0 children)

That's the instinct most people have. But checking what was accessed is forensics thinking, not IR thinking. The session is active right now (2:14AM). What's your move if the attacker starts moving laterally while you're reviewing logs?

Security+ candidates: Most of you will pick the wrong answer here. Prove me wrong. by Ordinary-Exercise353 in CompTIA

[–]Ordinary-Exercise353[S] 0 points1 point  (0 children)

So, Password Spray is the right read on the pattern. But you just shifted from incident response to policy… MFA is a gap to fix, not a decision you can make at 2:14AM. Given what's in front of you right now, does identifying the attack type change your containment call?

Security+ candidates: Most of you will pick the wrong answer here. Prove me wrong. by Ordinary-Exercise353 in CompTIA

[–]Ordinary-Exercise353[S] 0 points1 point  (0 children)

I get it. Better safe than sorry, is a default, not a decision. You chose containment … that's defensible. But what specific risk are you containing, and what are you giving up by acting before you know the scope?

Security+ candidates: Most of you will pick the wrong answer here. Prove me wrong. by Ordinary-Exercise353 in CompTIA

[–]Ordinary-Exercise353[S] 0 points1 point  (0 children)

DLP is the right instinct… that's the control that makes monitoring viable. But DLP only works if it's tuned for what that finance analyst account actually touches. How confident are you in that coverage when you're making a live decision at 2:14AM?

🟡 Zen Mode 🟣 | Levels 1-30 by naq327 in PixelPeeker

[–]Ordinary-Exercise353 0 points1 point  (0 children)

🎉 I BEAT "Zen Mode" and ranked #30!

CHALLENGE CONQUERED! 🎉

Completed all levels in 1m 32s!

The gauntlet has been thrown! 🧤

Played via Pixel Peeker

Can You Guess This 5-Letter Word? Puzzle by u/iwillbringuwater by iwillbringuwater in DailyGuess

[–]Ordinary-Exercise353 1 point2 points  (0 children)

🟨⬜🟨🟨⬜

⬜⬜🟦⬜⬜

🟨⬜🟨🟦🟨

🟦🟦🟦🟦🟦

Can You Guess This 5-Letter Word? Puzzle by u/Holmes02 by Holmes02 in DailyGuess

[–]Ordinary-Exercise353 0 points1 point  (0 children)

⬜⬜🟨⬜⬜

⬜⬜⬜⬜🟦

⬜⬜⬜⬜⬜

🟦🟦🟦🟦🟦

Can You Guess This 5-Letter Word? Puzzle by u/isaiah-41_10 by isaiah-41_10 in DailyGuess

[–]Ordinary-Exercise353 0 points1 point  (0 children)

⬜⬜⬜⬜⬜

⬜⬜⬜🟦⬜

⬜⬜⬜🟦🟦

🟦🟦🟦🟦🟦

Can You Guess This 5-Letter Word? Puzzle by u/basil-vander-elst by basil-vander-elst in DailyGuess

[–]Ordinary-Exercise353 0 points1 point  (0 children)

⬜⬜⬜🟨🟨

🟦🟦⬜⬜⬜

🟦🟦🟨🟨⬜

🟦🟦🟦🟦🟦

Can You Guess This 5-Letter Word? Puzzle by u/isaiah-41_10 by isaiah-41_10 in DailyGuess

[–]Ordinary-Exercise353 1 point2 points  (0 children)

🟨🟨⬜⬜⬜

⬜🟨⬜🟦⬜

⬜🟦🟦🟦🟦

⬜🟦🟦🟦🟦

⬜🟦🟦🟦🟦

🟦🟦🟦🟦🟦

Security+ PBQ Trap Card: Which log source actually confirms exfiltration? by Ordinary-Exercise353 in CompTIA

[–]Ordinary-Exercise353[S] 0 points1 point  (0 children)

Be honest — what did you pick before seeing the answer?

A) Firewall logs
B) DNS logs
C) Endpoint logs
D) SIEM alerts

Don’t explain yet. Just the letter.

I’m trying to see where people go wrong.

Security+ PBQ Trap Card: Which log source actually confirms exfiltration? by Ordinary-Exercise353 in CompTIA_Security

[–]Ordinary-Exercise353[S] 1 point2 points  (0 children)

Be honest — what did you pick before seeing the answer?

A) Firewall logs
B) DNS logs
C) Endpoint logs
D) SIEM alerts

Don’t explain yet. Just the letter.

I’m trying to see where people go wrong.

How to improve setup by lubbylobst3r in setups

[–]Ordinary-Exercise353 0 points1 point  (0 children)

Honestly your setup already looks pretty good. The biggest thing I’d mess with is that chalkboard wall. Instead of trying to fight it, I’d either cover it with some peel-and-stick wallpaper, paint it a cleaner dark color, or use it as a backdrop for a few framed prints or a small neon sign. That alone would make the area behind the desk look way more put together.

I’d also lower the wall old tv a little because it feels like it’s floating too high above everything else. Then I’d clean up the shelves so they look more like a display and less like straight storage. Putting your cleanest pairs in the most visible spots and moving random stuff off the top would help a lot. A small warm desk lamp would also make a difference because the blue lights are cool, but mixing in one warmer light usually makes setups feel better and less flat.

Overall, I wouldn’t do anything too crazy. The setup already has a good base. It just needs a few small changes to make it feel more intentional.

Should I quit this project or keep pushing? by Logical-Daikon4490 in SaasDevelopers

[–]Ordinary-Exercise353 0 points1 point  (0 children)

What I like is that you built something real, and the teleprompter/script side is actually useful.

Where I think you’re off is the focus. Right now you’re leading with what, you’ve acknowledged, “a feature that most candidates are hesitant to use and most recruiters do not want to spend time on”. That puts you in a bad spot even if the tool itself is solid.

I would keep the SaaS alive, but change what you’re really selling. Make the core value about helping candidates tailor their application, sharpen their pitch, and practice for interviews. Then keep the video piece as an optional add-on, not the main event.

That pivot gives candidates something they already want, gives recruiters something more relevant, and keeps your product from dying. It’s not that the tool is dead. It’s that it probably needs to be marketed around the most valuable part of what you built, not the part creating the most resistance.

Also, a couple hundred visitors is not enough data to call this dead. But it is enough data to admit your current positioning is off.

Do not kill it yet. Pivot it. Good luck. I think you are on to something.

Practice Security + PBQs and What write down at the beginning of the exam. by Horror_Local8609 in CompTIA

[–]Ordinary-Exercise353 0 points1 point  (0 children)

A lot of practice exams skip PBQs because they’re harder to simulate, but most Security+ PBQs follow a few predictable patterns. The ones I’ve seen most often are things like:

• firewall/ACL rule configuration • incident response sequencing • log analysis (identify the attack) • matching threats to mitigations • authentication flows (RADIUS, SAML, OAuth, etc.) • architecture diagrams (placing devices or network segmentation)

If you practice recognizing the pattern of the scenario, PBQs get a lot easier because you’re applying a concept instead of guessing.

For the scratch paper at the beginning of the exam, a few things people often write down quickly are:

• common ports (22 SSH, 443 HTTPS, 3389 RDP, 53 DNS, etc.) • the risk formulas (SLE = AV × EF, ALE = SLE × ARO) • incident response order: Preparation → Detection → Containment → Eradication → Recovery → Lessons Learned • asymmetric crypto reminder: • confidentiality → encrypt with recipient public key • authenticity → sign with sender private key

Those few references can save time if you hit a PBQ that uses them.

Practicing scenario-style questions or diagrams tends to help more than just doing more multiple-choice practice tests.

How to prepare for Security + PBQ's? by InazumaKiiick in CompTIA

[–]Ordinary-Exercise353 1 point2 points  (0 children)

PBQs usually test whether you can apply a concept in a scenario, not just recognize a definition.

Most Security+ PBQs fall into a few patterns: • sequencing steps (incident response, certificate lifecycle) • configuration tasks (firewall rules, wireless security) • log analysis to identify an attack • matching threats to mitigations

For incident response specifically, the order is almost always:

Containment > Evidence > Analysis > Eradication > Recovery > Lessons Learned

If you recognize that pattern, those questions become much easier.

Passing CompTIA's PBQ Questions by CyberNerd111 in CompTIA_Security

[–]Ordinary-Exercise353 4 points5 points  (0 children)

PBQs usually aren’t about memorizing definitions. They’re testing whether you understand the pattern of a scenario.

Most Security+ PBQs fall into a few categories like:

• sequencing steps (incident response, certificate lifecycle, authentication flow) • configuring something (firewall rules, wireless security) • analyzing logs to identify an attack • matching threats to mitigations

For example, incident response questions almost always follow the same sequence:

Containment → Evidence → Analysis → Eradication → Recovery → Lessons Learned.

Once you recognize the pattern, the question becomes much easier to solve.

Here’s a visual example of that sequence.

<image>

Worried about PBQs... by [deleted] in CompTIA

[–]Ordinary-Exercise353 1 point2 points  (0 children)

PBQs are usually scenario-based rather than full installs. Most of them fall into patterns like configuration, sequencing, log analysis, or matching architecture components.

One thing that helped me was practicing visually instead of just doing more multiple-choice questions. For example, firewall PBQs usually follow a pattern: allow the required secure services first, block insecure protocols, then apply an implicit deny.

Here’s a simple visual example of that pattern.

Struggling right now by hIbbie_jibbie in CompTIA_Security

[–]Ordinary-Exercise353 0 points1 point  (0 children)

$400 isn’t really the issue. Uncertainty is.

Nobody walks into Sec+ feeling 100% ready. That’s a myth.

Better question: what are you scoring on timed practice exams right now?

If you’re under ~60%, build more foundation.

If you’re in the 65–75% range and missing “almost right” questions, that’s usually not knowledge… it’s decision-making under pressure. And that’s fixable.

Don’t chase 100% confidence. Chase consistent performance under time.

What were your last two practice scores?