CompTIA SY0-601 Online Practice
Questions and Exam Preparation
SY0-601 Exam Details
Exam Code
:SY0-601
Exam Name
:CompTIA Security+
Certification
:CompTIA Certifications
Vendor
:CompTIA
Total Questions
:1334 Q&As
Last Updated
:May 26, 2026
CompTIA SY0-601 Online Questions &
Answers
Question 641:
An attack relies on an end user visiting a website the end user would typically visit; however, the site is compromised and uses vulnerabilities in the end user's browser to deploy malicious software. Which of the following types of attacks does this describe?
A. Smishing B. Whaling C. Watering hole D. Phishing
C. Watering hole A. Smishing - Can't be because it's fishing through text. B. Whaling - Question doesn't mention a high ranking position target. C. Watering hole - C is my answer. D. Phishing - If you know the definition of this you know it's not this one.
Question 642:
A company uses specially configured workstations for any work that requires administrator privileges to its Tier 0 and Tier 1 systems. The company follows a strict process to harden systems immediately upon delivery. Even with these strict security measures in place, an incident occurred from one of the workstations. The root cause appears to be that the SoC was tampered with or replaced. Which of the following MOST likely occurred?
A. Fileless malware B. A downgrade attack C. A supply-chain attack D. A logic bomb E. Misconfigured BIOS
C. A supply-chain attack
Question 643:
An attacker was eavesdropping on a user who was shopping online. The attacker was able to spoof the IP address associated with the shopping site. Later, the user received an email regarding the credit card statement with unusual purchases. Which of the following attacks took place?
A. On-path attack B. Protocol poisoning C. Domain hijacking D. Bluejacking
A. On-path attack On path attack is often known as man in the middle.
Question 644:
A company wants to implement MFA. Which of the following enables the additional factor while using a smart card?
A. PIN B. Hardware token C. User ID D. SMS
A. PIN
Question 645:
The Chief Technology Officer of a local college would like visitors to utilize the school's Wi-Fi but must be able to associate potential malicious activity to a specific person. Which of the following would best allow this objective to be met?
A. Requiring all new. on-site visitors to configure their devices to use WPS B. Implementing a new SSID for every event hosted by the college that has visitors C. Creating a unique PSK for every visitor when they arrive at the reception area D. Deploying a captive portal to capture visitors' MAC addresses and names
D. Deploying a captive portal to capture visitors' MAC addresses and names Deploying a captive portal to capture visitors' MAC addresses and names: A captive portal forces all users trying to access the Internet over Wi-Fi to view a special web page and take action, usually authentication or acceptance of terms and conditions, before they can get connected. In this scenario, by capturing visitors' names along with their device's MAC address, the college can associate network activity with specific individuals.
Question 646:
Which of the following would be MOST effective to contain a rapidly spreading attack that is affecting a large number of organizations?
A. Machine learning B. DNS sinkhole C. Blocklist D. Honeypot
B. DNS sinkhole The question states that the attack is happening, DNS Sink hole is a disruption technique that can be used to disrupt malware transmission at the very point of connection. Moreover, it can route suspect traffic to a different network, such as a honeynet, where it can be analyzed. See the following link: https://resources.infosecinstitute.com/topic/dns-sinkhole-can-protect-malware/
Question 647:
Which of the following should a technician consider when selecting an encryption method for data that needs to remain confidential for a specific length of time?
A. The key length of the encryption algorithm B. The encryption algorithm's longevity C. A method of introducing entropy into key calculations D. The computational overhead of calculating the encryption key
B. The encryption algorithm's longevity SY0-601 Student guide, "In another sense, longevity is the consideration of how long data must be kept secure. If you assume that a ciphertext will be exposed at some point, how long must that ciphertext resist cryptanalysis? For example, imagine an NSA operative's laptop is stolen. The thief cannot hope to break the encryption with current computing resources, but how long must that encryption mechanism continue to protect the data? If advances in cryptanalysis will put it at risk within 5 years, or 10 years, or 20 years, could a more secure algorithm have been chosen?"
Question 648:
A pharmaceutical sales representative logs on to a laptop and connects to the public WiFi to check emails and update reports. Which of the following would be BEST to prevent other devices on the network from directly accessing the laptop? (Choose two.)
A. Trusted Platform Module B. A host-based firewall C. A DLP solution D. Full disk encryption E. A VPN F. Antivirus software
B. A host-based firewall E. A VPN BandE are the only ones that protect against anyone that wanted to snoop via the open WIFI connection. A host based fire wall makes a firewall on your device, think of this as window's firewall. A VPN is used to make a secure connection which helps when you are in a public WIFI setting. A TPM or choice A would not help as its only to store/manage cryptographic keys not deal with people snooping on open WIFI B: Host based firewall on laptop E: VPN to create a secure connection. These questions needed to be review so that people don't get confused with their concepts.
Question 649:
Which of the following is a solution that can be used to stop a disgruntled employee from copying confidential data to a USB drive?
A. DLP B. TLS C. AV D. IDS
A. DLP DLP stands for data loss prevention, which is a set of tools and processes that aim to prevent unauthorized access, use, or transfer of sensitive data. DLP can help mitigate the risk of data exfiltration by disgruntled employees or external attackers by monitoring and controlling data flows across endpoints, networks, and cloud services. DLP can also detect and block attempts to copy, transfer, or upload sensitive data to a USB drive or other removable media based on predefined policies and rules. References: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://www.microsoft.com/en-us/security/business/ security-101/what-is-data-loss- prevention-dlp
Question 650:
A company wants to improve end users experiences when they tog in to a trusted partner website The company does not want the users to be issued separate credentials for the partner website Which of the following should be implemented to allow users to authenticate using their own credentials to log in to the trusted partner's website?
A. Directory service B. AAA server C. Federation D. Multifactor authentication
C. Federation Explanation Explanation/Reference:Federation means the company trusts accounts created and managed by a different network. It connects the identity management services of multiple systems
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SY0-601 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.