CompTIA SY0-601 Online Practice
Questions and Exam Preparation
SY0-601 Exam Details
Exam Code
:SY0-601
Exam Name
:CompTIA Security+
Certification
:CompTIA Certifications
Vendor
:CompTIA
Total Questions
:1334 Q&As
Last Updated
:May 26, 2026
CompTIA SY0-601 Online Questions &
Answers
Question 151:
Which of the following risk management strategies would an organization use to maintain a legacy system with known risks for operational purposes?
A. Acceptance B. Transference C. Avoidance D. Mitigation
A. Acceptance Explanation Explanation/Reference:The key word in the question is "Legacy". Legacy equipment is no longer supported by the vendor, which means no new patches will ever be released for this equipment again, there is no mitigation here. If a company is using legacy equipment with known risks, they have accepted those risks.
Question 152:
Which of the following would best enable a systems administrator to easily determine which devices are located at a remote facility and allow policy to be pushed to only those devices?
A. Baseline configurations B. Network diagrams C. Standard naming conventions D. Hot sites
C. Standard naming conventions Standard naming conventions allow the system administrator to identify the devices by their location, function, or other criteria, and apply policy settings accordingly.
Question 153:
An organization is tuning SIEM rules based off of threat intelligence reports. Which of the following phases of the incident response process does this scenario represent?
A. Lessons learned B. Eradication C. Recovery D. Preparation
D. Preparation Explanation Explanation/Reference:The preparation phase is when the organization is preparing for the attack. Tuning the SIEM is just providing the latest threat information to the system for preparation. Phases of the Incident Response Plan: 1. Preparation - Preparing for an attack and how to respond 2. Identification - Identifying the threat 3. Containment - Containing the threat 4. Eradication - Removing the threat 5. Recovery - Recovering affected systems 6. Lessons Learned - Evaluating the incident response, see where there can be improvements for a future incident.
Question 154:
A company's legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries. Which of the following is the most effective way to limit this access?
A. Data masking B. Encryption C. Geolocation policy D. Data sovereignty regulation
C. Geolocation policy A geolocation policy allows you to restrict access to resources based on the geographical location of users or devices. It can be an effective way to ensure that sensitive documents are not accessible by individuals in high-risk countries or regions. Geolocation policies can be implemented using various security tools or features, such as a content delivery network (CDN) or access control lists (ACLs), to restrict access to the SaaS application from specific geographic locations.
Question 155:
During a routine scan of a wireless segment at a retail company, a security administrator discovers several devices are connected to the network that do not match the company's naming convention and are not in the asset Inventory. WiFi access Is protected with 255-Wt encryption via WPA2. Physical access to the company's facility requires two-factor authentication using a badge and a passcode
Which of the following should the administrator implement to find and remediate the Issue? (Select TWO).
A. Check the SIEM for failed logins to the LDAP directory. B. Enable MAC filtering on the switches that support the wireless network. C. Run a vulnerability scan on all the devices in the wireless network D. Deploy multifactor authentication for access to the wireless network E. Scan the wireless network for rogue access points. F. Deploy a honeypot on the network
B. Enable MAC filtering on the switches that support the wireless network. E. Scan the wireless network for rogue access points. Explanation Explanation/Reference:MFA doesn't disable the rogue access point, especially if someone has the credentials to access the network. This is under the assumption that employees are using their own devices. Find the rogue access point, do whatever with that, and enable MAC filtering to block access. Not the best thing to do realistically, but doing something like a captive portal isn't MFA. It's the same factor, something you know.
Question 156:
A security engineer is reviewing log files after a third discovered usernames and passwords for the organization's accounts. The engineer sees there was a change in the IP address for a vendor website one earlier. This change lasted eight hours. Which of the following attacks was MOST likely used?
A. Man-in- the middle B. Spear-phishing C. Evil twin D. DNS poising
D. DNS poising DNS spoofing, also referred to as DNS cache poisoning, is a form of computer security hacking in which corrupt Domain Name System data is introduced into the DNS resolver's cache, causing the name server to return an incorrect result record, e.g. an IP address. This results in traffic being diverted to the attacker's computer (or any other computer). https://en.wikipedia.org/wiki/DNS_spoofing
Question 157:
A company wants to deploy decoy systems alongside production systems in order to entice threat actors and to learn more about attackers. Which of the following BEST describes these systems?
A. DNS sinkholes B. Hafieypots C. Virtual machines D. Neural networks
B. Hafieypots Honeypots are decoy systems or resources intentionally set up by an organization to attract and monitor unauthorized users, attackers, or malware. These systems are isolated from the production network and have no legitimate purpose, making any activity on them highly suspicious. The primary goal of honeypots is to gather information about the tactics, techniques, and procedures used by attackers and to learn more about their motives and potential threats to the organization.
Question 158:
Which of Ihe following control types is patch management classified under?
A. Deterrent B. Physical C. Corrective D. Detective
C. Corrective Patch management is classified as a corrective control because it is used to correct vulnerabilities or weaknesses in systems and applications after they have been identified. It is a reactive approach that aims to fix problems that have already occurred rather than prevent them from happening in the first place. Reference: CompTIA Security+ SY0-601 Official Textbook, page 109.
Question 159:
Physical access to the organization's servers in the data center requires entry and exit through multiple access points: a lobby, an access control vestibule, three doors leading to the server floor itself and eventually to a caged area solely for the organization's hardware. Which of the following controls is described in this scenario?
A. Compensating B. Deterrent C. Preventive D. Detective
C. Preventive The scenario describes preventive controls, which are designed to stop malicious actors from gaining access to the organization's servers. This includes using multiple access points, such as a lobby, an access control vestibule, and multiple doors leading to the server floor, as well as caging the organization's hardware. According to the CompTIA Security+ SY0-601 document, preventive controls are "designed to stop malicious actors from performing a malicious activity or gaining access to an asset." These controls can include technical solutions, such as authentication and access control systems, physical security solutions, such as locks and barriers, and administrative solutions such as policy enforcement.
Question 160:
A RAT that was used to compromise an organization's banking credentials was found on a user's computer.
The RAT evaded antivirus detection. It was installed by a user who has local administrator rights to the system as part of a remote management tool set. Which of the following recommendations would BEST prevent this from reoccurring?
A. Create a new acceptable use policy. B. Segment the network into trusted and untrusted zones. C. Enforce application whitelisting. D. Implement DLP at the network boundary
C. Enforce application whitelisting. Explanation Explanation/Reference:Having a list of allowed apps decreases the risk of an unwanted application with malware being installed.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SY0-601 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.