CompTIA SY0-601 Online Practice
Questions and Exam Preparation
SY0-601 Exam Details
Exam Code
:SY0-601
Exam Name
:CompTIA Security+
Certification
:CompTIA Certifications
Vendor
:CompTIA
Total Questions
:1334 Q&As
Last Updated
:May 26, 2026
CompTIA SY0-601 Online Questions &
Answers
Question 1231:
A financial nstitution wauid like to stare its customer data in a coud but still allaw the data ta he accessed and manipulated while encrypted. Doing so would prevent the claud servine provider from heing adle ta decipher the data due ta its sensitivity. The financial institutan is not concernec about computational averheads and slow speeds, Which of the follawing cryotographic techniques would BEST meet the requirement?
A. Asymmatric B. Symmetric C. Homeomorphic D. Ephemeral
C. Homeomorphic Explanation Explanation/Reference:
Question 1232:
Which of the following is a security best practice that ensures the integrity of aggregated log files within a SIEM?
A. Set up hashing on the source log file servers that complies with local regulatory requirements, B. Back up the aggregated log files at least two times a day or as stated by local regulatory requirements. C. Write protect the aggregated log files and move them to an isolated server with limited access. D. Back up the source log files and archive them for at least six years or in accordance with local regulatory requirements.
A. Set up hashing on the source log file servers that complies with local regulatory requirements, Explanation Explanation/Reference:Log File Integrity Validation in AWS This feature informs you on any modifications or deletions to CloudTrail logs. By using SHA-256 for hashing and SHA-256 with RSA for digital signing, AWS claims, "This makes it computationally infeasible to modify, delete, or forge CloudTrail log files without detection."
Question 1233:
If a current private key is compromised, which of the following would ensure it cannot be used to decrypt all historical data?
A. Perfect forward secrecy B. Elliptic-curve cryptography C. Key stretching D. Homomorphic encryption
A. Perfect forward secrecy Explanation Explanation/Reference:What is Perfect Forward Secrecy? Perfect forward secrecy helps protect session keys against being compromised even when the server's private key may be vulnerable. A feature of specific key agreement protocols, an encryption system with forward secrecy generates a unique session key for every user initiated session. In this way, should any single session key be compromised, the rest of the data on the system remains protected. Only the data guarded by the compromised key is vulnerable. Before perfect forward secrecy, the Heartbleed bug affected OpenSSL, one of the common SSL/TLS protocols. With forward secrecy in place, even man-in-the-middle attacks and similar attempts fail to retrieve and decrypt sessions and communications despite compromise of passwords or secret long-term keys. https://avinetworks.com/glossary/perfect-forward-secrecy/#:~:text=Perfect%20Forward%20Secrecy%20(PFS)%2C,of%20sensitive%20data%20is%20exposed
Question 1234:
Which of the technologies is used to actively monitor for specific file types being transmitted on the network?
A. File integrity monitoring B. Honeynets C. Tcpreplay D. Data loss prevention
D. Data loss prevention
Question 1235:
In a phishing attack, the perpetrator is pretending to be someone in a position of power in an effort to influence the target to click or follow the desired response. Which of the following principles is being used?
A. Authority B. Intimidation C. Consensus D. Scarcity
B. Intimidation Whaling is highly tailored to their audiences and often include: the victim's name, job title, and basic details that make the communications look legitimate.
Question 1236:
A remote user recently took a two-week vacation abroad and brought along a corporate- owned laptop. Upon returning to work, the user has been unable to connect the laptop to the VPN.
Which of the following is the MOST likely reason for the user's inability to connect the laptop to the VPN?
A. Due to foreign travel, the user's laptop was isolated from the network. B. The user's laptop was quarantined because it missed the latest path update. C. The VPN client was blacklisted. D. The user's account was put on a legal hold
A. Due to foreign travel, the user's laptop was isolated from the network.
Question 1237:
An engineer wants to inspect traffic to a cluster of web servers in a cloud environment. Which of the following solutions should the engineer implement?
A. CASB B. WAF C. Load balancer D. VPN
A. CASB
Question 1238:
Sales team members have been receiving threatening voicemail messages and have reported these incidents to the IT security team. Which of the following would be MOST appropriate for the IT security team to analyze?
A. Access control B. Syslog C. Session Initiation Protocol traffic logs D. Application logs
C. Session Initiation Protocol traffic logs
Question 1239:
Multiple beaconing activities to a malicious domain have been observed. The malicious domain is hosting malware from various endpoints on the network. Which of the following technologies would be best to correlate the activities between the different endpoints?
A. Firewall B. SIEM C. IPS D. Protocol analyzer
B. SIEM SIEM stands for Security Information and Event Management, which is a technology that collects, analyzes, and correlates data from multiple sources, such as firewall logs, IDS/IPS alerts, network devices, applications, and endpoints. SIEM provides real-time monitoring and alerting of security events, as well as historical analysis and reporting for compliance and forensic purposes. A SIEM technology would be best to correlate the activities between the different endpoints that are beaconing to a malicious domain. A SIEM can detect the malicious domain by comparing it with threat intelligence feeds or known indicators of compromise (IOCs). A SIEM can also identify the endpoints that are communicating with the malicious domain by analyzing the firewall logs and other network traffic data. A SIEM can alert the security team of the potential compromise and provide them with relevant information for investigation and remediation. A security analyst reviews web server logs and notices the following line: 104.35. 45.53 [22/May/2020:07 : 00:58 +0100] "GET . UNION ALL SELECT user login, user _ pass, user email from wp users---- HTTP/I.I" 200 1072 http://www.example.com/wordpress/wp--admin/
Question 1240:
During an incident response, an analyst applied rules to all inbound traffic on the border firewall and implemented ACLs on each critical server Following an investigation, the company realizes it is still vulnerable because outbound traffic is not restricted and the adversary is able lo maintain a presence in the network. In which of the following stages of the Cyber Kill Chain is the adversary currently operating?
A. Reconnaissance B. Command and control C. Actions on objective D. Exploitation
B. Command and control Explanation Explanation/Reference:Command and control (C2)--establishment of outbound communications from a victim system for secure communications between victim and adversary systems. Compromised hosts typically beacon out and await further instruction or exploit when higher order interaction or data exchange is required. This is the hallmark of advanced persistent threat (APT) attacks and data exfiltration.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SY0-601 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.