CompTIA SY0-601 Online Practice
Questions and Exam Preparation
SY0-601 Exam Details
Exam Code
:SY0-601
Exam Name
:CompTIA Security+
Certification
:CompTIA Certifications
Vendor
:CompTIA
Total Questions
:1334 Q&As
Last Updated
:Jul 15, 2026
CompTIA SY0-601 Online Questions &
Answers
Question 21:
Which of the following is a team of people dedicated testing the effectiveness of organizational security programs by emulating the techniques of potential attackers?
A. Red team B. While team C. Blue team D. Purple team
A. Red team Red team--performs the offensive role to try to infiltrate the target.
Question 22:
A company hired a consultant to perform an offensive security assessment covering penetration testing and social engineering. Which of the following teams will conduct this assessment activity?
A. White B. Purple C. Blue D. Red
D. Red Red Team is a term used in the context of offensive security assessments where a group of skilled security professionals, often external to the organization, are hired to simulate real-world attacks against the organization's systems, networks, and personnel. The goal of the Red Team is to identify vulnerabilities, weaknesses, and potential security gaps in the organization's defenses.
Question 23:
A user recently entered a username and password into a recruiting application website that had been forged to look like the legitimate site Upon investigation, a security analyst the identifies the following:
1.
The legitimate websites IP address is 10.1.1.20 and eRecruit local resolves to the IP
2.
The forged website's IP address appears to be 10.2.12.99. based on NetFtow records
3.
AH three at the organization's DNS servers show the website correctly resolves to the legitimate IP
4.
DNS query logs show one of the three DNS servers returned a result of 10.2.12.99 (cached) at the approximate time of the suspected compromise.
Which of the following MOST likely occurred?
A. A reverse proxy was used to redirect network traffic B. An SSL strip MITM attack was performed C. An attacker temporarily pawned a name server D. An ARP poisoning attack was successfully executed
C. An attacker temporarily pawned a name server DNS (server cache) poisoning is also referred to as a "Redirection Attack" per the official CompTIA Certmaster study guide. The user was redirected to a website that looked like the legitimate one.
Question 24:
Which of the following secure coding techniques makes compromised code more difficult for hackers to use?
A. Obfuscation B. Normalization C. Execution D. Reuse
A. Obfuscation https://en.wikipedia.org/wiki/Obfuscation_(software)
Question 25:
Which of the following roles, according to the shared responsibility model, is responsible for securing the company's database in an IaaS model for a cloud environment?
A. Client B. Third-party vendor C. Cloud provider D. OBA
A. Client Cloud provider is responsible for securing its infrastructure and any managed elements of the environment. Cloud customer (client) is responsible for securing its workloads, applications, and data.
Question 26:
A security analyst needs to determine how an attacker was able to use User3 to gain a foothold within a company's network. The company's lockout policy requires that an account be locked out for a minimum of 15 minutes after three unsuccessful attempts. While reviewing the log files, the analyst discovers the following:
Which of the following attacks MOST likely occurred?
A. Dictionary B. Credential-stuffing C. Password-spraying D. Brute-forcea
C. Password-spraying Password-spraying is an attack method where an attacker tries a few common or easily guessable passwords against multiple usernames. Instead of attempting numerous passwords for a single user (as in a brute-force attack), the attacker spreads out login attempts across many accounts using a small set of common passwords. They hope that at least one of these attempts will result in a successful login. We can see multiple failed login attempts (audit failures) for different usernames (USER1, USER2, USER3, USER4) with variations of "UNKNOWN USERNAME OR BAD PASSWORD." This indicates that the attacker attempted to log in with different usernames using a limited set of passwords. When they succeeded in gaining access to USER4 ("SUCCESSFUL LOGON"), it suggested that one of the username and password combinations used in the password-spraying attempt was correct.
Question 27:
A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system.
Which of the following would detect this behavior?
A. Implementing encryption B. Monitoring outbound traffic C. Using default settings D. Closing all open ports
B. Monitoring outbound traffic
Question 28:
A cybersecurity analyst reviews the log files from a web server and sees a series of files that indicates a directory-traversal attack has occurred. Which of the following is the analyst MOST likely seeing?
A. http://sample.url.com/Please-Visit-Our-Phishing-Site B. http://sample.url.com/someotherpageonsite/../../../etc/shadow C. http://sample.url.com/select-from-database-where-password-null D. http://redirect.sameple.url.sampleurl.com/malicious-dns-redirect
B. http://sample.url.com/someotherpageonsite/../../../etc/shadow Explanation Explanation/Reference:B. http://sample.url.com/someotherpageonsite/../../../etc/shadow is most likely a directory traversal attack. A directory traversal attack, also known as a "dot-dot-slash" attack, involves manipulating the directory structure of a web server to access restricted directories and files. This is typically done by using the "../" sequence to move up the directory tree and access directories that are outside the intended directory. In this scenario, the log files indicate that an attacker has used a directory traversal attack to access the "etc/shadow" file, which typically contains hashed passwords for system accounts. This is different from an SQL injection attack (C), which involves injecting malicious code into an SQL statement in order to access or modify data in a database, or a phishing attack (A), which involves tricking users into visiting a malicious website or divulging sensitive information. A malicious DNS redirect (D) involves redirecting a user to a different website than the one they intended to visit by manipulating the Domain Name System (DNS) records.
Question 29:
Users at organization have been installing programs from the internet on their workstations without first proper authorization. The organization maintains a portal from which users can install standardized programs. However, some users have administrative access on their workstations to enable legacy programs to function property. Which of the following should the security administrator consider implementing to address this issue?
A. Application code signing B. Application whitellsting C. Data loss prevention D. Web application firewalls
B. Application whitellsting Application whitelisting is the practice of specifying an index of approved software applications or executable files that are permitted to be present and active on a computer system. The goal of whitelisting is to protect computers and networks from potentially harmful applications. In general, a whitelist is an index of approved entities. In information security (infosec), whitelisting works best in centrally managed environments, where systems are subject to a consistent workload. https://searchsecurity.techtarget.com/definition/application-whitelisting
Question 30:
Which of the following concepts BEST describes tracking and documenting changes to software and managing access to files and systems?
A. Version control B. Continuous monitoring C. Stored procedures D. Automation
A. Version control Version control, also known as source control, is the process of tracking and managing changes to files over time. VCS -- version control systems -- are software tools designed to help teams work in parallel. https://www.perforce.com/blog/vcs/what-is-version-control
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SY0-601 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.