CompTIA SY0-601 Online Practice
Questions and Exam Preparation
SY0-601 Exam Details
Exam Code
:SY0-601
Exam Name
:CompTIA Security+
Certification
:CompTIA Certifications
Vendor
:CompTIA
Total Questions
:1334 Q&As
Last Updated
:May 26, 2026
CompTIA SY0-601 Online Questions &
Answers
Question 671:
While troubleshooting a firewall configuration, a technician determines that a "deny any" policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable. Which of the following actions would prevent this issue?
A. Documenting the new policy in a change request and submitting the request to change management B. Testing the policy in a non-production environment before enabling the policy in the production network C. Disabling any intrusion prevention signatures on the "deny any" policy prior to enabling the new policy D. Including an "allow any" policy above the "deny any" policy
A. Documenting the new policy in a change request and submitting the request to change management The analyst would need to have an entire second testing environment that emulates the ENTIRE infrastructure to be able to test that rule. The most logical and what is stated in all manuals is that before making a change, it should be documented and submitted for approval. In this process, the technical analysis of why the change is made is established, and it is also noted WHEN the testing of the rule will be conducted. A testing window is determined to implement the change in a way that does not affect operations or the availability of services.
Question 672:
Which of the following would BEST provide detective and corrective controls for thermal regulation?
A. A smoke detector B. A fire alarm C. An HVAC system D. A fire suppression system E. Guards
C. An HVAC system What are the functions of an HVAC system? An HVAC system is designed to control the environment in which it works. It achieves this by controlling the temperature (THERMAL) of a room through heating and cooling. It also controls the humidity level in that environment by controlling the movement and distribution of air inside the room. So it provides detective and corrective controls for THERMAL regulation.
Question 673:
A security Daalyst is taking part in an evaluation process that analyzes and categorizes threat actors of real-world events in order to improve the incident response team's process. Which of the following is the analyst MOST likely participating in?
A. MITRE ATTandCK B. Walk-through C. Red team D. Purple team E. TAXII
D. Purple team Explanation Explanation/Reference:A purple team is a group of cyber security professionals who simulate malicious attacks and penetration testing in order to identify security vulnerabilities and recommend remediation strategies for an organization's IT infrastructure. The term is derived from the color purple, which symbolizes the combination of both red and blue teams. Unlike traditional red team/blue teams, which are usually separate entities, the purple team works in close coordination, sharing information and insights in order to address acute weaknesses and improve the organization's overall security posture.
Question 674:
A company has determined that if its computer-based manufacturing is not functioning for 12 consecutive hours, it will lose more money that it costs to maintain the equipment. Which of the following must be less than 12 hours to maintain a positive total cost of ownership?
A. MTBF B. RPO C. RTO D. MTTR
D. MTTR RTO- What company expects to be the max time = 12 hours MTTR - Actual time to repair it - less than 12 hours . What is the question - Which of the following must be less than 12 hours = MTTR
Question 675:
A security manager needs to assess the security posture of one of the organization's vendors. The contract with the vendor does not allow for auditing of the vendor's security controls. Which of the following should the manager request to complete the assessment?
A. A service-level agreement B. A business partnership agreement C. A SOC 2 Type 2 report D. A memorandum of understanding
A. A service-level agreement
Question 676:
A Chief Security Officer (CSO) is concerned about the volume and integrity of sensitive information that is exchanged between the organization and a third party through email. The CSO is particularly concerned about an unauthorized party who is intercepting information that is in transit between the two organizations.
Which of the following would address the CSO's concerns?
A. SPF B. DMARC C. SSL D. DKIM E. TLS
E. TLS Explanation Explanation/Reference:DKIM (DomainKeys Identified Mail) is a protocol that allows an organization to take responsibility for transmitting a message by signing it in a way that mailbox providers can verify. DKIM record verification is made possible through cryptographic authentication. Transport Layer Security (TLS) encrypts data sent over the Internet to ensure that eavesdroppers and hackers are unable to see what you transmit which is particularly useful for private and sensitive information such as passwords, credit card numbers, and personal correspondence
Question 677:
A company has limited storage space available and an online presence that cannot be down for more than four hours.
Which of the following backup methodologies should the company implement to allow for the FASTEST database restore time in the event of a failure, while being mindful of the limited available storage space?
A. Implement full tape backups every Sunday at 8:00 p.m. and perform nightly tape rotations. B. Implement differential backups every Sunday at 8:00 p.m. and nightly incremental backups at 8:00 p.m. C. Implement nightly full backups every Sunday at 8:00 p.m. D. Implement full backups every Sunday at 8:00 p.m. and nightly differential backups at 8:00 p.m.
D. Implement full backups every Sunday at 8:00 p.m. and nightly differential backups at 8:00 p.m. Explanation Explanation/Reference:With this option, you have the most recent state of the database captured in the differential backup, which can be restored relatively quickly. The nightly differential backups minimize data loss compared to incremental backups. This approach strikes a balance between minimizing downtime and conserving storage space.
Question 678:
A new security engineer has started hardening systems. One of the hardening techniques the engineer is using involves disabling remote logins to the NAS. Users are now reporting the inability to use SCP to transfer files to the NAS, even through the data is still viewable from the user's PCs.
Which of the following is the most likely cause of this issue?
A. TFTP was disabled on the local hosts B. SSH was turned off instead of modifying the configuration file C. Remote login was disabled in the networkd.config instead of using the sshd.conf D. Network services are no longer running on the NAS
B. SSH was turned off instead of modifying the configuration file
Question 679:
After a phishing scam for a user's credentials, the red team was able to craft payload to deploy on a server. The attack allowed the installation of malicious software that initiates a new remote session
Which of the following types of attacks has occurred?
A. Privilege escalation B. Session replay C. Application programming interface D. Directory traversal
A. Privilege escalation Privilege escalation DOES NOT always mean you are escalating to elevated permissions. Privilege escalations can also be horiztonal movements. In this case, the red team compromises a user's account through the phising attack. The red team then deploys payload on the server through the comprised user account. The malware then initiates a new remote session, enabling the hackers to access the server directly. The comprised account is User A and the red team directly connected as a result of the malware can be thought of as User B. In this case, privilege escalation refers to user B being able to access user A resources.
Question 680:
A network administrator at a large organization is reviewing methods to improve the security of the wired LAN. Any security improvement must be centrally managed and allow corporate-owned devices to have access to the intranet but limit others to Internet access only. Which of the following should the administrator recommend?
A. 802.1X utilizing the current PKI infrastructure B. SSO to authenticate corporate users C. MAC address filtering with ACLS on the router D. PAM for user account management
A. 802.1X utilizing the current PKI infrastructure It's possible to combine an 802.1x server with other network elements such as a virtual local area network (VLAN). For example, imagine you want to provide visitors with Internet access, but prevent them from accessing internal network resources. You can configure the 802.1x server to grant full access to authorized clients, but redirect unauthorized clients to a guest area of the network via a VLAN.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SY0-601 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.