CompTIA SY0-601 Online Practice
Questions and Exam Preparation
SY0-601 Exam Details
Exam Code
:SY0-601
Exam Name
:CompTIA Security+
Certification
:CompTIA Certifications
Vendor
:CompTIA
Total Questions
:1334 Q&As
Last Updated
:Jul 15, 2026
CompTIA SY0-601 Online Questions &
Answers
Question 51:
An organization has hired a red team to simulate attacks on its security posture. Which of the following will the blue team do after detecting an IoC?
A. Reimage the impacted workstations B. Activate runbooks for incident response C. Conduct forensics on the compromised system D. Conduct passive reconnaissance to gather information
B. Activate runbooks for incident response
Question 52:
Which of the following social engineering attacks best describes an email that is primarily intended to mislead recipients into forwarding the email to others?
A. Hoaxing B. Pharming C. Watering-hole D. Phishing
A. Hoaxing Hoaxing is a type of social engineering attack that involves sending false or misleading information via email or other means to trick recipients into believing something that is not true. Hoaxing emails often contain a request or an incentive for the recipients to forward the email to others, such as a warning of a virus, a promise of a reward, or a petition for a cause. The goal of hoaxing is to spread misinformation, cause panic, waste resources, or damage reputations. A hoaxing email is primarily intended to mislead recipients into forwarding the email to others, which can increase the reach and impact of the hoax.
Question 53:
A company reduced the area utilized in its data center by creating virtual networking through automation and by creating provisioning routes and rules through scripting. Which of the following does this example describe?
A. IaC B. MSSP C. Containers D. SaaS
A. IaC The scenario described is an example of Infrastructure as Code (IaC). IaC is a key devOps practice that involves managing and provisioning computing infrastructure through machine-readable script files, rather than through physical hardware configuration or interactive configuration tools. This approach can help in automating the process of setting up, changing, and versioning infrastructure efficiently and it can be particularly useful in managing virtualized and cloud-based services, which is the case in the scenario provided.
Question 54:
A document that appears to be malicious has been discovered in an email that was sent to a company's Chief Financial Officer (CFO). Which of the following would be BEST to allow a security analyst to gather information and confirm it is a malicious document without executing any code it may contain?
A. Open the document on an air-gapped network B. View the document's metadata for origin clues C. Search for matching file hashes on malware websites D. Detonate the document in an analysis sandbox
C. Search for matching file hashes on malware websites Not every malicious doc has matching hash on malware website.
Question 55:
A cybersecurity analyst at Company A is working to establish a secure communication channel with a counter part at Company B, which is 3,000 miles (4.828 kilometers) away. Which of the following concepts would help the analyst meet this goal m a secure manner?
A. Digital signatures B. Key exchange C. Salting D. PPTP
B. Key exchange Key exchange Short Key exchange is the process of securely sharing cryptographic keys between two parties over a public network. This allows them to establish a secure communication channel and encrypt their messages. There are different methods of key exchange, such as Diffie-Hellman or RSA. References: https://www.comptia.org/content/guides/what-is-encryption
Question 56:
A security engineer was assigned to implement a solution to prevent attackers from gaining access by pretending to be authorized users. Which of the following technologies meets the requirement?
A. SSO B. IDS C. MFA D. TPM
C. MFA MFA = harder to impersonate due to having multifactor authentication.
Question 57:
A company wants the ability to restrict web access and monitor the websites that employees visit. Which of the following would BEST meet these requirements?
A. internet proxy B. VPN C. WAF D. Firewall
A. internet proxy An internet proxy (also known as a web proxy) would best meet the requirements of restricting web access and monitoring the websites that employees visit. An internet proxy acts as an intermediary between the users' web browsers and the internet. When employees access the internet through the proxy server, it can be configured to enforce access control policies, filter web content, and log user activities. Here's how an internet proxy can fulfill the requirements: Restrict web access: The proxy server can be configured with access control lists (ACLs) to block or allow access to specific websites or categories of websites based on company policies. This allows the organization to restrict access to inappropriate or non-work-related websites. Monitor website visits: The proxy server logs all web requests made by employees, providing detailed information about the websites they visit, the time of access, and the amount of data transferred. This monitoring helps the company track user activities and identify potential security risks or policy violations.
Question 58:
Which of the following involves the inclusion of code in the main codebase as soon as it is written?
A. Continuous monitoring B. Continuous deployment C. Continuous Validation D. Continuous integration
D. Continuous integration
Question 59:
A security analyst is investigation an incident that was first reported as an issue connecting to network shares and the internet, While reviewing logs and tool output, the analyst sees the following:
Which of the following attacks has occurred?
A. IP conflict B. Pass-the-hash C. MAC flooding D. Directory traversal E. ARP poisoning
E. ARP poisoning Explanation Explanation/Reference:Address Resolution Protocol (ARP) resolves IPv4 addresses to MAC addresses. MAC addresses are the physical addresses or hardware addresses. TCP/IP uses the IP address to get a packet to a destination network. ARP poisoning attacks use ARP packets to give clients false hardware address updates, and attackers use them to redirect or interrupt network traffic https://www.radware.com/security/ddos-knowledge-center/ddospedia/arp-poisoning
Question 60:
A cryptomining company recently deployed a new antivirus application to all of its mining systems. The installation of the antivirus application was tested on many personal devices, and no issues were observed. Once the antivirus application was rolled out to the servers, constant issues were reported. As a result, the company decided to remove the mining software. The antivirus application was MOST likely classifying the software as:
A. a rootkit B. a PUP C. a backdoor D. ransomware E. a RAT
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SY0-601 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.