CompTIA SY0-601 Online Practice
Questions and Exam Preparation
SY0-601 Exam Details
Exam Code
:SY0-601
Exam Name
:CompTIA Security+
Certification
:CompTIA Certifications
Vendor
:CompTIA
Total Questions
:1334 Q&As
Last Updated
:Jul 15, 2026
CompTIA SY0-601 Online Questions &
Answers
Question 1291:
Which of the following terms describes a broad range of information that is sensitive to a specific organization?
A. Public B. Top secret C. Proprietary D. Open-source
C. Proprietary Proprietary information, also known as a trade secret, is information a company wishes to keep confidential
Question 1292:
To further secure a company's email system, an administrator is adding public keys to DNS records in the company's domain. Which of the following is being used?
A. PFS B. SPF C. DMARC D. DNSSEC
C. DMARC Explanation Explanation/Reference:
Question 1293:
The human resources department of a large online retailer has received multiple customer complaints about the rudeness of the automated chatbots it uses to interface and assist online shoppers. The system, which continuously learns and adapts, was working fine when it was installed a few months ago. Which of the following BEST describes the method being used to exploit the system?
A. Baseline modification B. A fileless virus C. Tainted training data D. Cryptographic manipulation
C. Tainted training data Tainted Training Data for Machine Learning (ML): Machine learning (ML) is one of the techniques used in AI. ML works by using a training data set to calibrate the detection model to enable detection on sample data. One of the weaknesses of ML is this training set dependency. The ability of the model to detect is a function of the efficacy of the training data set. A good training data set can build a solid detection model. A deficient training set of data can build a model with holes in it--holes that allow conditions to go undetected. Tainting the training data is one of the attack vectors that attackers can use against ML systems. Over time, as conditions change, an ML algorithm needs retraining or updating to make it effective against differing inputs. Each of these updates represents an opportunity to taint the input data set. Also, if you train the algorithm against normal network traffic, marking it as good when in fact there is an adversary already in that training data set, you effectively blind the algorithm to the attack by having already labeled it as good.
Question 1294:
Which of the following control types fixes a previously identified issue and mitigates a risk?
A. Detective B. Corrective C. Preventative D. Finalized
B. Corrective
Question 1295:
Which of the following would be BEST for a technician to review to determine the total risk an organization can bear when assessing a "cloud-first" adoption strategy?
A. Risk matrix B. Risk tolerance C. Risk register D. Risk appetite
D. Risk appetite Risk appetite is the total risk that an organization chooses to or is otherwise able to bear. This is the aggregate of all residual risk after selected countermeasures are in place. Risk tol- erance is the ability of an organization to absorb the losses associated with realized risks on an individual threat basis. Thus, risk appetite is the overall acceptance of the accumulation of individual risk tolerance issues.
Question 1296:
A technician needs to prevent data loss in a laboratory. The laboratory is not connected to any external networks. Which of the following methods would BEST prevent the exfiltration of data? (Select TWO).
A. VPN B. Drive encryption C. Network firewall D. File level encryption E. USB blocker F. MFA
B. Drive encryption E. USB blocker No USBs are the first level of removing exfiltration on a non-network connected device. However, the choice then comes down to Drive Encryption or File-Level Encryption. FDE once you login the encryption is no longer present so data COULD be exfiltrated at that point via bluetooth, CDs, or other. FLE is encrypted even after login so even if stolen that data would remain unreadable. However, with no external access and no USBs the next step could be to remove the drive completely and exfiltrate that. Nothing would be able to be read. With FE only those files that have been encrypted are unreadable. I would choose FDE as we are talking specifically about exfiltrating data but no specification of which files being important vs all information being important.
Question 1297:
The security operations center is researching an event concerning a suspicious IP address. A security analyst looks at the following event logs and discovers that a significant portion of the user accounts have experienced failed log-in attempts when authenticating from the same IP address: Which of the following most likely describes the attack that took place?
A. Spraying B. Brute-force C. Dictionary D. Rainbow table
A. Spraying Explanation Explanation/Reference:The answer should be spraying because they were attempting to log in with different user accounts.
Question 1298:
A security analyst needs to produce a document that details how a security incident occurred, the steps that were taken for recovery, and how future incidents can be avoided. During which of the following stages of the response process will this activity take place?
A. Recovery B. Identification C. Lessons learned D. Preparation
C. Lessons learned Lessons learned or remediation step is the final phase of the incident response. It examines and documents how well the team responded, discovers what caused the incident, and determines how the incident can be avoided in the future. ======================= Phases of the Incident Response Plan: 1. Preparation - Preparing for an attack and how to respond 2. Identification - Identifying the threat 3. Containment - Containing the threat 4. Eradication - Removing the threat 5. Recovery - Recovering affected systems 6. Lessons Learned - Evaluating the incident response, see where there can be improvements for a future incident.
Question 1299:
A social media company based in North Amenca is looking to expand into new global markets and needs to maintain compliance with international standards With which of the following is the company's data protection officer MOST likely concerned''
A. NIST Framework B. ISO 27001 C. GDPR D. PCI-DSS
B. ISO 27001 ISO 27001 is an international standard and companies servicing global will want to be certified to stay competitive. Although, GDPR is a law and not a standard, it is still a concern when serving EU customers. In addition, ISO 27001 talks about complying with laws and regulations for those in scope of a company's ISMS, which may very well include GDPR, among others.
Question 1300:
While investigating a recent security breach, an analyst finds that an attacker gained access by SQL injection through a company website. Which of the following should the analyst recommend to the website developers to prevent this from reoccurring?
A. Secure cookies B. Input sanitization C. Code signing D. Blocklist
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SY0-601 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.