What are performance-based exam questions?

What are performance-based exam questions?

Henry Dalziel | CISSP, CompTIA, ISC2, Mile2 | June 7, 2013

A lot of our students ask how information security certs are assessed. In general, all the major infosec vendor neutral certifications are multiple choice, between 90 and 200 minutes, and the pass-mark is over 60%. Each of the certifications that we offer is different so please refer specifically to your course of interest:

Certified Ethical Hacker Exam and course information – or for CEH exam practice.
CISSP Exam and course information – or for CISSP exam practice.
Security+ Exam and course information – or for Security+ exam practice.
Mile2 CPTE Exam and course information – or for CPTE exam practice.

However – one increasingly popular mode of assessment for these security certifications is a “performance-based” principle. CompTIA was one of the first to introduce this concept, with the other awarding bodies likely to follow shortly. Performance-based questions have been applied to the CompTIA A+, CompTIA Network+ and CompTIA Security+ certification exams.

The tradition route with multiple-choice certification exams was that a student simply answer a question correctly (or several questions, or true or false statements) to achieve a ‘point’. Performance-based questions require that a student actually perform a task or solve a specific problem in a simulated IT environments, in our case this would be within an information security realm. Each question within the exam is purposely designed around real-life!

CompTIA’s insistence on combining real-life simulations into the exam environment in a sense has been matched by EC-Council’s Aspen Product. The CEH (Certified Ethical Hacker) course, often referred to as CEHv8, has integrated realism into their content in much the same way as you would with a performance based exam question. With Aspen EC-Council connect a student with real life infosec problem solving skills. Awarding bodies like CompTIA pushing their students to fully immerse themselves into realistic simulated environments that include different aspects of IT information security networking and infrastructure.

Within a performance-based exam setting the student would perform tasks to solve a problem or for example, patch a vulnerability, and then submit their answer to be awarded the mark for that particular exam question.

Have you taken the CompTIA Security+ exam recently? If so we’d love to hear your thoughts!

  • Robert Sheahan

    First 5 questions were performance based which through me off, as the study guide has one at the end of each quiz. That said, I found them difficult to understand what they wanted and part of the screen was covered by a window that could not go away. I have found only a few sample PBQ on the Internet to practice with.

Leave a comment or reply below...thanks!