CompTIA SY0-601 Online Practice
Questions and Exam Preparation
SY0-601 Exam Details
Exam Code
:SY0-601
Exam Name
:CompTIA Security+
Certification
:CompTIA Certifications
Vendor
:CompTIA
Total Questions
:1334 Q&As
Last Updated
:May 26, 2026
CompTIA SY0-601 Online Questions &
Answers
Question 141:
An organization has developed an application that needs a patch to fix a critical vulnerability In which of the following environments should the patch be deployed LAST?
A. Test B. Staging C. Development D. Production
D. Production Explanation Explanation/Reference:Production should be the last place where to apply patches as you have already tested properly
Question 142:
A developer is concerned about people downloading fake malware-infected replicas of a popular game. Which of the following should the developer do to help verify legitimate versions of the game for users?
A. Digitally sign the relevant game files. B. Embed a watermark using steganography. C. Implement TLS on the license activation server. D. Fuzz the application for unknown vulnerabilities.
A. Digitally sign the relevant game files.
Question 143:
A penetration tester is fuzzing an application to identify where the EIP of the stack is located on memory. Which of the following attacks is the penetration tester planning to execute?
A. Race-condition B. Pass-the-hash C. Buffer overflow D. XSS
C. Buffer overflow Explanation Explanation/Reference:The penetration tester is planning to execute a buffer overflow attack. A buffer overflow attack is a type of security vulnerability that occurs when a program attempts to write data to a memory buffer that is too small to hold it. This can cause the program to crash or, in some cases, allow an attacker to execute arbitrary code. One way to identify where the EIP of the stack is located on memory is to use a technique called fuzzing, which involves sending large amounts of data to an application in order to identify areas where the application is vulnerable to buffer overflow attacks
Question 144:
An email security vendor recently added a retroactive alert after discovering a phishing email had already been delivered to an inbox. Which of the following would be the best way for the security administrator to address this type of alert in the future?
A. Utilize a SOAR playbook to remove the phishing message. B. Manually remove the phishing emails when alerts arrive. C. Delay all emails until the retroactive alerts are received. D. Ingest the alerts into a SIEM to correlate with delivered messages.
A. Utilize a SOAR playbook to remove the phishing message. One possible way to address this type of alert in the future is to use a SOAR (Security Orchestration, Automation, and Response) playbook to automatically remove the phishing message from the inbox3. A SOAR playbook is a set of predefined actions that can be triggered by certain events or conditions. This can help reduce the response time and human error in dealing with phishing alerts.
Question 145:
A certificate vendor notified a company that recently invalidated certificates may need to be updated. Which of the following mechanisms should a security administrator use to determine whether the certificates installed on the company's machines need to be updated?
A. SCEP B. OCSP C. CSR D. CRL
B. OCSP OCSP (Online Certificate Status Protocol) is a protocol used to check the revocation status of a digital certificate. It allows a client to query a server (OCSP responder) about the current status of a certificate, which can inform the client whether the certificate has been revoked or is still valid. When a certificate authority (CA) invalidates or revokes a certificate, this information is updated in real-time on the OCSP responder. By using OCSP, the security administrator can determine whether any of the certificates installed on the company's machines have been revoked and need updating.
Question 146:
While reviewing an alert that shows a malicious request on one web application, a cybersecurity analyst is alerted to a subsequent token reuse moments later on a different service using the same single sign-on method. Which of the following would BEST detect a malicious actor?
A. Utilizing SIEM correlation engines B. Deploying Netflow at the network border C. Disabling session tokens for all sites D. Deploying a WAF for the web server
A. Utilizing SIEM correlation engines The initial compromise was a malicious request on a web server. Moments later the token created with SSO was used on another service, the question does not specify what type of service. Deploying a WAF on the web server will detect the attacker but only on that server. If the attacker issues the same malicious request to get another SSO token correlating that event with using that SSO token in other services would allows to detect the malicious activity.
Question 147:
Which of the following best describes a use case for a DNS sinkhole?
A. Attackers can see a DNS sinkhole as a highly valuable resource to identify a company's domain structure. B. A DNS sinkhole can be used to draw employees away from known-good websites to malicious ones owned by the attacker. C. A DNS sinkhole can be used to capture traffic to known-malicious domains used by attackers. D. A DNS sinkhole can be set up to attract potential attackers away from a company's network resources.
C. A DNS sinkhole can be used to capture traffic to known-malicious domains used by attackers.
Question 148:
Which of the following should an organization consider implementing in the event executives need to speak to the media after a publicized data breach?
A. incident response pian B. Business continuity plan C. Communication pian D. Disaster recovery plan
C. Communication pian A communication plan is a policy-driven approach to providing company stakeholders with certain information
Question 149:
Which of the following control sets should a well-written BCP include? (Select THREE)
A. Preventive B. Detective C. Deterrent D. Corrective E. Compensating F. Physical G. Recovery
A. Preventive D. Corrective G. Recovery
Question 150:
Which of the following techniques eliminates the use of rainbow tables for password cracking?
A. Hashing B. Tokenization C. Asymmetric encryption D. Salting
D. Salting Explanation Explanation/Reference:Rainbow table attacks can easily be prevented by using salt techniques, which is a random data that is passed into the hash function along with the plain text.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SY0-601 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.