Performance-based questions on the Security+ exam aren't trivia — they're little slices of real life.
Below are six of the most memorable scenarios from our practice bank, retold in plain English with true U.S. incidents, easy-to-remember analogies, and a quick jab at every wrong answer. Drop these stories into your mental flashcards and you'll walk into the test feeling like you've already lived it.

---

1. Sideloading: The Back-Alley App Store

Picture this: you skip Google Play, grab a random APK from a forum, and hit install. That shortcut is called sideloading — and it's exactly how the vast majority of iOS and Android malware still sneaks in. Apple's own threat analysis on sideloading (2021) blamed non-App-Store installs for nearly every iPhone infection they investigated.

• Why the wrong picks miss the mark: Jailbreaking and rooting give you super-user powers (and often lead to sideloading later), but the act of installing the rogue app itself is sideloading. Carrier unlocking just lets your SIM hop networks.

Why sideloading, jailbreaking, and rooting overlap — and where each one is unique

---

2. Jailbreaking & Rooting: Master Keys You Probably Don't Need

On iPhones it's called jailbreaking; on Android it's rooting. Either way you're ripping out the manufacturer's safety rails so you (or an attacker) can poke around the entire OS. Need proof it matters? Pegasus spyware used zero-click jailbreaks to spy on U.S. diplomats for years before Apple closed the hole.

• Tip for the exam: If the question shouts "remove restrictions on iOS," the test wants "jailbreaking." If it's Android, answer "rooting."

---

3. Zero-Day: Beaten Before the Patch Drops

A zero-day is basically a cheat code the vendor hasn't seen yet. Remember the MOVEit file-transfer fiasco in 2023? CL0P ransomware crews found an SQL injection nobody knew about, looted data across the U.S., then the patch arrived. That's zero-day in action.

• Replay and on-path attacks recycle or intercept traffic — they don't rely on brand-new bugs.
• IV attacks target ancient WEP Wi-Fi; fun history, but not a zero-day.

Zero-day exploits race ahead of the vendor's patch cycle

---

4. Ransomware: Digital Kidnapping at Scale

You know the drill: files encrypted, a skull-and-crossbones note, "Pay us ₿ or else." In 2024 BlackCat/ALPHV froze Change Healthcare billing systems, snarling U.S. pharmacies nationwide — a reminder that ransomware isn't theoretical and definitely isn't going away.

• Viruses replicate, spyware snoops, adware spams. Only ransomware locks your stuff and demands cash.

Average ransomware payouts keep climbing — especially in finance

---

5. RATs: Remote Access Trojans That Turn Your PC Into a Puppet

Slip a RAT onto a machine and you're basically sitting at the keyboard from miles away. In 2024 the FBI warned about HiatusRAT hijacking American webcams and DVRs, proving that old-school remote-control malware is alive and well.

• APT = the threat group, MaaS = "malware-as-a-service" business model, PUP = annoying bloatware. RAT is the one that opens the backdoor and hands you full admin.

---

6. SQL Injection: Sweet-Talking the Database Into Spilling Everything

Feed crafty SQL into a login box and you can make the database hand over the keys — that's a classic SQL injection. The MOVEit breach started with an SQLi zero-day that dropped web shells and siphoned gigabytes before anyone knew.

• XSS targets browsers, not databases.
• RCE goes after the OS layer.
• CSRF tricks users into sending requests. SQLi speaks directly to the DB.

One unsanitised query can route an attacker straight to sensitive data

---

Turning Stories Into Exam Points

• Link every term to a headline (Change Healthcare, MOVEit, Pegasus). Stories stick.
• When you see a PBQ, trace the chain: attack → impact → fix. That mental flowchart scores easy points.
• If two answers feel right, ask "What's the attacker's goal in this story?" Extortion? Theft? Remote control? Match goal to term.

---

Visual Learning: Attack Patterns at a Glance

The images throughout this post illustrate key attack patterns and methodologies. Understanding these visual representations can help you quickly identify scenarios in PBQs:

• Mobile Attack Vectors: Shows how sideloading, jailbreaking, and rooting create different security risks
• Zero-Day Timeline: Illustrates the race between attackers and defenders
• Ransomware Economics: Demonstrates why certain industries are targeted more frequently
• SQL Injection Flow: Traces the path from malicious input to data breach

References

1. CompTIA. "CompTIA Security+ (SY0-701) Exam Objectives." comptia.org/certifications/security. PBQ format, domain coverage, and exam structure.
2. Krebs, Brian. "BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare." krebsonsecurity.com. March 2024. Reporting on the Change Healthcare ransomware incident.
3. CISA & FBI. "#StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability." cisa.gov/cybersecurity-advisories/aa23-158a. June 2023. Joint advisory on the MOVEit Transfer SQL injection zero-day exploited by CL0P.
4. Citizen Lab, University of Toronto. "NSO Group's Pegasus Spyware." citizenlab.ca. Research on commercial spyware and zero-day exploits.

Note: All real-world incidents mentioned are based on publicly reported cybersecurity events. Company and malware names are used for educational purposes to provide context for Security+ exam preparation.