CompTIA SY0-601 Online Practice
Questions and Exam Preparation
SY0-601 Exam Details
Exam Code
:SY0-601
Exam Name
:CompTIA Security+
Certification
:CompTIA Certifications
Vendor
:CompTIA
Total Questions
:1334 Q&As
Last Updated
:May 26, 2026
CompTIA SY0-601 Online Questions &
Answers
Question 1251:
An engineer is setting up a VDI environment for a factory location, and the business wants to deploy a low-cost solution to enable users on the shop floor to log in the VDI environment directly. Which of the following should the engineer select to meet these requirements?
A. Laptops B. Containers C. Thin clients D. Workstations
C. Thin clients Thin clients make the VDI world go round. A thin client is a slimmed-down endpoint device that doesn't do any of the computing processing on the device itself; it relies on a network connection to the data center, where the virtual desktop is hosted. https://www.techtarget.com/searchvirtualdesktop/essentialguide/Guide-to-choosing-and-managing-VDI-thin-clients
Question 1252:
A systems administrator is troubleshooting a server's connection to an internal web server. The administrator needs to determine the correct ports to use. Which of the following tools BEST shows which ports on the web server are in a listening state?
A. ipconfig B. ssh C. Ping D. Netstat
D. Netstat A. ipconfig - Just shows you the IP information for your current machine B. ssh - this is used for file transfers (ftp etc etc) C. ping - this is just to reach out to a node to get a response from it https://www.sciencedirect.com/topics/computer-science/listening-port
Question 1253:
The security team installed video cameras in a prominent location in the building lobby. Which of the following best describe this type of control? (Choose two.)
A. Technical B. Detective C. Deterrent D. Managerial E. Compensating F. Corrective
B. Detective C. Deterrent
Question 1254:
Which of the following would detect intrusions at the perimeter of an airport?
A. Signage B. Fencing C. Motion sensors D. Lighting E. Bollards
C. Motion sensors
Question 1255:
A developer is building a new portal to deliver single-pane-of-glass management capabilities to customers with multiple firewalls. To Improve the user experience, the developer wants to implement an authentication and authorization standard that uses security tokens that contain assertions to pass user Information between nodes.
Which of the following roles should the developer configure to meet these requirements?
A. Identity processor B. Service requestor C. Identity provider D. Service provider E. Tokenized resource F. Notarized referral
C. Identity provider D. Service provider service and identifty providers Security Assertion Markup Language 2.0 (SAML 2.0) is a version of the SAML standard for exchanging authentication and authorization identities between security domains. SAML 2.0 is an XML-based protocol that uses security tokens containing assertions to pass information about a principal (usually an end user) between a SAML authority, named an Identity Provider, and a SAML consumer, named a Service Provider. SAML 2.0 enables web-based, cross-domain single sign-on (SSO), which helps reduce the administrative overhead of distributing multiple authentication tokens to the user. https://www.nts-solutions.com/blog/saml-que-es.html
Question 1256:
Which of the following is best used to detect fraud by assigning employees to different roles?
A. Least privilege B. Mandatory vacation C. Separation of duties D. Job rotation
C. Separation of duties
Question 1257:
An attacked is attempting to exploit users by creating a fake website with the URL www.validwebsite.com.
The attacker's intent is to imitate the look and feel of a legitimate website to obtain personal information from unsuspecting users.
Which of the following social-engineering attacks does this describe?
A. Information elicitation B. Type squatting C. Impersonation D. Watering-hole attack
B. Type squatting Explanation Explanation/Reference:It's really the only logical answer. Everything else is more plausible to eliminate. Information elicitation is done directly in-person, meaning it's typically conversational in nature. Impersonation centers around PERSONS, not websites. You can't impersonate websites; you can only create similar-looking ones. Water-hole attacks are performed on third-party websites one suspects the targeted organization uses; this can't be the case here if the attacker created the website themselves. That leaves typosquatting. While it doesn't explicitly say it's a misspelling of another website, we can't outright rule out that possibility either. It's literally the only applicable answer for creating a website that imitates a legitimate one, after all, and it implies it's not the original site by saying it's emulating the "look and feel of a legitimate website." Either way, it's ridiculously ambiguous. I'm hoping CompTIA weights answers so that not ALL of them award zero points.
Question 1258:
An organization implemented a process that compares the settings currently configured on systems against secure configuration guidelines in order to identify any gaps Which of the following control types has the organization implemented?
A. Compensating B. Corrective C. Preventive D. Detective
D. Detective The organization has implemented a detective control. A detective control is a security control that is used to detect security incidents or policy violations after they have occurred. In this case, the organization has implemented a process that compares the settings currently configured on systems against secure configuration guidelines in order to identify any gaps. This is an example of a detective control, as it is designed to detect any deviations from the organization's secure configuration standards. Detective controls are typically used in conjunction with other types of controls, such as preventive controls, which are designed to prevent incidents from occurring, and corrective controls, which are used to correct any issues that are detected. Compensating controls are used to address risks that cannot be mitigated by other means.
Question 1259:
wo organizations are discussing a possible merger, Both organizations' Chief Financial Officers would like to safely share payroll data with each other to determine if the pay scales for different roles are similar at both organizations. Which of the following techniques would be BEST to protect employee data while allowing the companies to successfully share this information?
A. Pseudo-anonymization B. Tokenization C. Data masking D. Encryption
A. Pseudo-anonymization Data masking and pseudonymization are both methods to de-identify data, but they have some differences in terms of their goals, techniques, and outcomes. Data masking aims to make the data unusable and unrecognizable, while pseudonymization aims to make the data unlinkable and untraceable. Data masking usually involves modifying the data in a way that cannot be reversed, while pseudonymization usually involves replacing the data with a key that can be restored if needed. Data masking preserves the format and structure of the data, while pseudonymization may alter the format and structure of the data. Data masking is more suitable for data that does not need to be analyzed or processed, while pseudonymization is more suitable for data that needs to be aggregated or queried. From: www.linkedin.com/advice/3/how-do-you-balance-data-utility-privacy-when-using
Question 1260:
While troubleshooting a service disruption on a mission-critical server, a technician discovered the user account that was configured to run automated processes was disabled because the user's password failed to meet password complexity
requirements.
Which of the following would be the BEST solution to securely prevent future issues?
A. Using an administrator account to run the processes and disabling the account when it is not in use B. Implementing a shared account the team can use to run automated processes C. Configuring a service account to run the processes D. Removing the password complexity requirements for the user account
C. Configuring a service account to run the processes Explanation A service account is a user account that is created specifically to run automated processes and services. These accounts are typically not associated with an individual user, and are used for running background services and scheduled tasks. By configuring a service account to run the automated processes, you can ensure that the account will not be disabled due to password complexity requirements and other user- related issues. Reference: CompTIA Security+ Study Guide (SY0-601) 7th Edition by Emmett Dulaney, Chuck Easttom
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SY0-601 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.