CompTIA SY0-601 Online Practice
Questions and Exam Preparation
SY0-601 Exam Details
Exam Code
:SY0-601
Exam Name
:CompTIA Security+
Certification
:CompTIA Certifications
Vendor
:CompTIA
Total Questions
:1334 Q&As
Last Updated
:May 26, 2026
CompTIA SY0-601 Online Questions &
Answers
Question 1281:
A security team has been alerted to a flood of incoming emails that have various subject lines and are addressed to multiple email inboxes. Each email contains a URL shortener link that is redirecting to a dead domain. Which of the following is the best step for the security team to take?
A. Create a blocklist for all subject lines. B. Send the dead domain to a DNS sinkhole. C. Quarantine all emails received and notify all employees. D. Block the URL shortener domain in the web proxy.
B. Send the dead domain to a DNS sinkhole.
Question 1282:
Which of the following threat actors is most likely to be motivated by ideology?
A. Business competitor B. Hacktivist C. Criminal syndicate D. Script kiddie E. Disgruntled employee
B. Hacktivist A hacktivist is a threat actor who is motivated by ideology or a social or political cause. They use their hacking skills to carry out cyber-attacks against organizations or individuals that they believe are against their ideology or principles. Hacktivists often engage in website defacements, data breaches, and distributed denial-of-service (DDoS) attacks to spread their message or achieve their objectives. Their actions are typically driven by social or political motivations rather than financial gain or personal amusement, which differentiates them from other types of threat actors.
Question 1283:
A security investigation revealed mat malicious software was installed on a server using a server administrator credentials. During the investigation the server administrator explained that Telnet was regularly used to log in. Which of the blowing most likely occurred?
A. A spraying attack was used to determine which credentials to use B. A packet capture tool was used to steal the password C. A remote-access Trojan was used to install the malware D. A directory attack was used to log in as the server administrator
B. A packet capture tool was used to steal the password Telnet is an insecure protocol that transmits data in cleartext over the network. This means that anyone who can intercept the network traffic can read the data, including the username and password of the server administrator. A packet capture tool is a software or hardware device that can capture and analyze network packets. An attacker can use a packet capture tool to steal the password and use it to install malicious software on the server. References: https:// www.comptia.org/content/guides/what-is-network-security
Question 1284:
Which Of the following control types is patch management classified under?
A. Deterrent B. Physical C. Corrective D. Detective
C. Corrective Patch management is a process that involves applying updates or fixes to software to address bugs, vulnerabilities, or performance issues. Patch management is classified under corrective control type, which is a type of control that aims to restore normal operations after an incident or event has occurred. Corrective controls can help mitigate the impact or damage caused by an incident or event and prevent it from happening again. References: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://www.csoonline.com/article/2124681/why-third-party-security-is-your- security.html
Question 1285:
Which of the following would an organization use to assign a value to risks based on probability of occurrence and impact?
A. Risk matrix B. Risk register C. Risk appetite D. Risk mitigation plan
B. Risk register
Question 1286:
An IT manager is estimating the mobile device budget for the upcoming year Over the last five years, the number of devices that were replaced due to loss damage or theft steadily increased by 10%. Which of the following would BEST describe the estimated number of devices to be replaced next year?
A. ALE B. ARO C. RPO D. SLE
B. ARO ARO - annualized rate of occurrence is a representation of the frequency of the event, measured in a standard year. In our case number of the defecive device per year. Annual loss expectancy (ALE) is the loss (amount of money) due ARO.
Question 1287:
A Chief Security Officer (CSO) is concerned about the amount of PII that is stored locally on each salesperson's laptop. The sales department has a higher-than-average rate of lost equipment. Which of the following recommendations would BEST address the CSO's concern?
A. Deploy an MDM solution. B. Implement managed FDE. C. Replace all hard drives with SEDs. D. Install DLP agents on each laptop.
B. Implement managed FDE. Explanation Explanation/Reference:What is Full-Disk Encryption (FDE) and What are Self-Encrypting Drives (SED)? Full-disk encryption (FDE) and self-encrypting drives (SED) encrypt data as it is written to the disk and decrypt data as it is read off the disk. FDE makes sense for laptops, which are highly susceptible to loss or theft.
Question 1288:
A security engineer needs to select a primary authentication source for use with a client application. The application requires the user to log in with a username, password, and, when needed, a challenge response. Which of the following solutions BEST meets this requirement?
A. PSK B. LDAP C. RADIUS D. PAP
B. LDAP
Question 1289:
A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?
A. Testing input validation on the user input fields B. Performing code signing on company-developed software C. Performing static code analysis on the software D. Ensuring secure cookies are used
B. Performing code signing on company-developed software Code signing is a cryptographic process where a digital signature is applied to software to verify its authenticity and integrity. When the software is signed, it provides a way for users or systems to confirm that the code has not been tampered with since it was signed by the trusted entity (in this case, the company). This helps prevent unauthorized modifications and ensures that the code being executed is from a legitimate source. Performing code signing is an essential practice in software development, particularly for software that will be distributed or downloaded by end-users. It helps build trust with users and ensures they can verify that the software they are running is from a trusted source and has not been altered by malicious actors.
Question 1290:
A penetration tester is brought on site to conduct a full attack simulation at a hospital. The penetration tester notices a WAP that is hanging from the drop ceiling by its cabling and is reachable. Which of the following recommendations would the penetration tester MOST likely make given this observation?
A. Employ a general contractor to replace the drop-ceiling tiles. B. Place the network cabling inside a secure conduit. C. Secure the access point and cabling inside the drop ceiling. D. Utilize only access points that have internal antennas.
C. Secure the access point and cabling inside the drop ceiling.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SY0-601 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.