CompTIA SY0-601 Online Practice
Questions and Exam Preparation
SY0-601 Exam Details
Exam Code
:SY0-601
Exam Name
:CompTIA Security+
Certification
:CompTIA Certifications
Vendor
:CompTIA
Total Questions
:1334 Q&As
Last Updated
:May 26, 2026
CompTIA SY0-601 Online Questions &
Answers
Question 171:
A security assessment found that several embedded systems are running unsecure protocols. These Systems were purchased two years ago and the company that developed them is no longer in business Which of the following constraints BEST describes the reason the findings cannot be remediated?
A. inability to authenticate B. Implied trust C. Lack of computing power D. Unavailable patch
D. Unavailable patch Explanation Explanation/Reference:The reason the findings cannot be remediated is due to the unavailability of patches. Since the company that developed the embedded systems is no longer in business, there is no one to provide updates, including security patches, for the systems. This lack of support leaves the systems vulnerable to the unsecure protocols they are running, and there is no feasible way to update or patch them to address the security issues.
Question 172:
Several universities are participating m a collaborative research project and need to share compute and storage resources Which of the following cloud deployment strategies would BEST meet this need?
A. Community B. Private C. Public D. Hybrid
A. Community Explanation Explanation/Reference:Community cloud storage is a variation of the private cloud storage model, which offers cloud solutions for specific businesses or communities. In this model, cloud storage providers offer their cloud architecture, software and other development tools to meet the requirements of the community. A community cloud in computing is a collaborative effort in which infrastructure is shared between several organizations from a specific community with common concerns (security, compliance, jurisdiction, etc.), whether managed internally or by a third-party and hosted internally or externally.
Question 173:
An employee used a corporate mobile device during a vacation Multiple contacts were modified in the device vacation.
Which of the following method did attacker to insert the contacts without having 'Physical access to device?
A. Jamming B. BluJacking C. Disassoaatm D. Evil twin
B. BluJacking bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers. Bluejacking does not involve device hijacking, despite what the name implies. In this context, a human might say that the best answer to the question is B. BluJacking, because it is a method that can insert contacts without having physical access to the device.
Question 174:
A company wants to build a new website to sell products online. The website will host a storefront application that will allow visitors to add products to a shopping cart and pay for the products using a credit card. Which of the following protocols would be the MOST secure to implement?
A. SSL B. FTP C. SNMP D. TLS
D. TLS Transport Layer Security (TLS) is the successor protocol to SSL. TLS is an improved version of SSL. It works in much the same way as the SSL, using encryption to protect the transfer of data and information. The two terms are often used interchangeably in the industry although SSL is still widely used. https://www.websecurity.digicert.com/security-topics/what-is-ssl-tls-https#:~:text=Transport%20Layer%20Security%20(TLS)%20is,SSL%20is%20still%20widely%20used.
Question 175:
A security analyst is creating baselines for the server team to follow when hardening new devices for deployment. Which of the following best describes what the analyst is creating?
A. Change management procedure B. Information security policy C. Cybersecurity framework D. Secure configuration guide
D. Secure configuration guide
Question 176:
A security engineer is concerned about using an agent on devices that relies completely on defined known-bad signatures. The security engineer wants to implement a tool with multiple components including the ability to track, analyze, and monitor devices without reliance on definitions alone. Which of the following solutions BEST fits this use case?
A. EDR B. DLP C. NGFW D. HIPS
A. EDR The acronym EDR stands for Endpoint Detection and Response and is also known as EDTR. It is an endpoint security solution that is responsible for continuous monitoring of endpoints. This permanent monitoring enables the technology to detect and respond to cyber threats such as malware or ransomware at an early stage. The basis for this is always the analysis of context-related information, which can be used to make corrective proposals for recovery.
Question 177:
Digital signatures use asymmetric encryption. This means the message is encrypted with:
A. the sender's private key and decrypted with the sender's public key B. the sender's public key and decrypted with the sender's private key C. the sender's private key and decrypted with the recipient's public key. D. the sender's public key and decrypted with the recipient's private key
A. the sender's private key and decrypted with the sender's public key Explanation Explanation/Reference: There are 2 general ways to use asymetric algorithm. 1 - For communication between 2 hosts: If bob sends a message to Alice, bob uses Alice's public key to encrypt the message, and Alice uses her private key to decrypt the message. 2 - For digital signature/Authentication: If ALice need to authenticate Bob, BOB uses his private key to sign the message, and Alice uses the public key of bob to decrypt the message. This process help to make sure the signature is owned by Bob. On this example, A is totally correct.
Question 178:
Which of the following will provide the BEST physical security countermeasures to stop intruders? (Select TWO.)
A. Alarms B. Signage C. Lighting D. Access control vestibules E. Fencing F. Sensors
D. Access control vestibules E. Fencing Alarms=deterrent, Signage=deterrent, Lighting=deterrent, Mantraps=physical countermeasure, Fencing=physical countermeasure and Sensors are either reactive or technical. https://www.professormesser.com/security-plus/sy0-501/physicalsecurity- controls-2/
Question 179:
Phishing and spear-phishing attacks have been occurring more frequently against a company's staff. Which of the following would MOST likely help mitigate this issue?
A. DNSSEC and DMARC B. DNS query logging C. Exact mail exchanger records in the DNS D. The addition of DNS conditional forwarders
C. Exact mail exchanger records in the DNS
Question 180:
An administrator needs to protect user passwords and has been advised to hash the passwords. Which of the following BEST describes what the administrator is being advised to do?
A. Perform a mathematical operation on the passwords that will convert them into umgue stnngs B. Add extra data to the passwords so their length is increased, making them harder to brute force C. Store all passwords in the system in a rainbow table that has a centralized location D. Enforce the use of one-time passwords that are changed for every login session.
A. Perform a mathematical operation on the passwords that will convert them into umgue stnngs Admin is being advised to hash. A is the definition of hashing
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SY0-601 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.