CompTIA SY0-601 Online Practice
Questions and Exam Preparation
SY0-601 Exam Details
Exam Code
:SY0-601
Exam Name
:CompTIA Security+
Certification
:CompTIA Certifications
Vendor
:CompTIA
Total Questions
:1334 Q&As
Last Updated
:May 26, 2026
CompTIA SY0-601 Online Questions &
Answers
Question 991:
A company recently set up an e-commerce portal to sell its product online. The company wants to start accepting credit cards for payment, which requires compliance with a security standard. Which of the following standards must the company comply with before accepting credit cards on its e-commerce platform?
A. PCI DSS B. ISO 22301 C. ISO 27001 D. NIST CSF
A. PCI DSS Additionally, many organizations should abide by certain standards. For example, organizations handling credit card information need to comply with the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS includes six control objectives and 12 specific requirementsthat help prevent fraud
Question 992:
An analyst is trying to identify insecure services that are running on the internal network. After performing a port scan, the analyst identifies that a server has some insecure services enabled on default ports. Which of the following BEST describes the services that are currently running and the secure alternatives for replacing them? (Choose three.)
A. SFTP, FTPS B. SNMPv2, SNMPv3 C. HTTP, HTTPS D. TEIP, FIP E. SNMPv1, SNMPv2 F. Telnet, SSH G. TLS, SSL H. POP, IMAP I. Login, rlogin
B. SNMPv2, SNMPv3 C. HTTP, HTTPS F. Telnet, SSH A. SFTP, FTPS -SFTP is FTP over SSH, FTPS is FTP over SSL/TLS which means they both have encryption mechanisms built in. B. SNMPv2, SNMPv3 -v2 has no encryption. v3 does. C. HTTP, HTTPS -HTTP is plaintext. HTTPS is HTTP Secure (SSL and now TLS). D. TFTP, FTP -Neither of these are secure protocols. E. SNMPv1, SNMPv2 -Neither of these feature encryption, although as stated up v3 does. F. Telnet, SSH -Telnet is in the clear. SSH in encrypted. G. TLS, SSL -Both cryptographic protocols, TLS is an upgrade to SSL, not the other way around. While SSL in considered insecure, it's supposed to be, and these protocols don't have "default ports". H. POP, IMAP -You'd probably be looking for POP->POP3 or IMAP->IMAPS here. These email protocols that work a bit differently. I. Login, rlogin -These are not in the SY0-601 objectives from what I remember. I had to do a quick search: rlogin is a remote access protocol for Linux that sends passwords in-the-clear and was basically replaced by SSH. Telnet - Telnet is a remote terminal protocol that allows users to connect to and control a remote system over a network. It is considered insecure because it does not encrypt the data transmitted between the client and server, allowing attackers to easily intercept and read sensitive information. A secure alternative to Telnet is Secure Shell (SSH), which encrypts the data transmitted between the client and server. HTTP - Hypertext Transfer Protocol (HTTP) is a protocol for transferring web-based content over a network. It is considered insecure because it does not encrypt the data transmitted between the client and server, allowing attackers to easily intercept and read sensitive information. A secure alternative to HTTP is HTTPS, which encrypts the data transmitted between the client and server.
Question 993:
A company recently upgraded its authentication infrastructure and now has more computing power. Which of the following should the company consider using to ensure user credentials are being transmitted and stored more securely?
A. Blockchain B. Salting C. Quantum D. Digital signature
B. Salting Salting is a technique that adds random data to user credentials before hashing them. This makes the hashed credentials more secure and resistant to brute-force attacks or rainbow table attacks. Salting also ensures that two users with the same password will have different hashed credentials. A company that has more computing power can consider using salting to ensure user credentials are being transmitted and stored more securely. Salting can increase the complexity and entropy of the hashed credentials, making them harder to crack or reverse.
Question 994:
A systems administrator works for a local hospital and needs to ensure patient data is protected and secure. Which of the following data classifications should be used to secure patient data?
A. Private B. Critical C. Sensitive D. Public
C. Sensitive In the context of securing patient data in a hospital setting, the most appropriate data classification to use is "Sensitive." Patient data is considered sensitive information that must be protected from unauthorized access, disclosure, or alteration. It often contains personally identifiable information (PII) and protected health information (PHI), which is subject to strict privacy regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) in the United States. Safeguarding sensitive data is crucial to maintaining patient privacy and complying with relevant data protection laws and regulations. In section 5.5 of Professor Messer's course notes he has PHI, PII, and Intellectual Property as Sensitive data. https://www.youtube.com/watch?v=wt1HwxaCx3Uandlist=PLG49S3nxzAnkL2ulFS3132mOVKuzzBxA8andindex=175 Go to 2:30
Question 995:
A Chief Information Officer is concerned about employees using company-issued laptops to steal data when accessing network shares. Which of the following should the company implement?
A. DLP B. CASB C. HIDS D. EDR E. UEFI
A. DLP
Question 996:
Which of the following would MOST likely be identified by a credentialed scan but would be missed by an uncredentialed scan?
A. Vulnerabilities with a CVSS score greater than 6.9. B. Critical infrastructure vulnerabilities on non-IP protocols. C. CVEs related to non-Microsoft systems such as printers and switches. D. Missing patches for third-party software on Windows workstations and servers.
D. Missing patches for third-party software on Windows workstations and servers. https://subscription.packtpub.com/book/networking_and_servers/9781789348019/8/ch08lvl1sec91/ credentialed-versus-non-credentialed-scans A non-credentialed scan will monitor the network and see any vulnerabilities that an attacker would easily find; we should fix the vulnerabilities found with a non-credentialed scan first, as this is what the hacker will see when they enter your network. For example, an administrator runs a non-credentialed scan on the network and finds that there are three missing patches. The scan does not provide many details on these missing patches. The administrator installs the missing patches to keep the systems up to date as they can only operate on the information produced for them.
Question 997:
Which of the following is a security implication of newer 1CS devices that are becoming more common in corporations?
A. Devices with celular communication capabilities bypass traditional network security controls B. Many devices do not support elliptic-curve encryption algorithms due to the overhead they require. C. These devices often lade privacy controls and do not meet newer compliance regulations D. Unauthorized voice and audio recording can cause loss of intellectual property
D. Unauthorized voice and audio recording can cause loss of intellectual property Industrial control systems (ICS) are devices that monitor and control physical processes, such as power generation, manufacturing, or transportation. Newer ICS devices may have voice and audio capabilities that can be exploited by attackers to eavesdrop on sensitive conversations or capture confidential information. This can result in the loss of intellectual property or trade secrets. References: https://www.comptia.org/content/guides/what-is-industrial-control-system-security
Question 998:
An administrator is experiencing issues when trying to upload a support file to a vendor A pop-up message reveals that a payment card number was found in the file, and the file upload was Mocked. Which of the following controls is most likely causing this issue and should be checked FIRST?
A. DLP B. Firewall rule C. Content filter D. MDM E. Application allow list
A. DLP Explanation Explanation/Reference:DLP - Data Loss Prevention uses exact data matching or regex matching in this case a regex rule for detecting credit card numbers could be in place that is actively blocking the upload of the document Regex for detecting and Amex Card: ^3[47][0-9]{13}$ Source https://stackoverflow.com/questions/9315647/regex-credit-card-number-tests
Question 999:
An organization just experienced a major cyberattack modem. The attack was well coordinated sophisticated and highly skilled. Which of the following targeted the organization?
A. Shadow IT B. An insider threat C. A hacktivist D. An advanced persistent threat
D. An advanced persistent threat https://www.imperva.com/learn/application-security/apt-advanced-persistent-threat/ https://csrc.nist.gov/glossary/term/advanced_persistent_threat
Question 1000:
A company uses a SaaS vendor to host its customer database. The company would like to reduce the risk of customer data exposure if the systems are breached. Which of the following risks should the company focus on to achieve this objective?
A. Access auditing B. Outsourced code development C. Supply chain D. Open ports and services
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SY0-601 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.