CompTIA SY0-601 Online Practice
Questions and Exam Preparation
SY0-601 Exam Details
Exam Code
:SY0-601
Exam Name
:CompTIA Security+
Certification
:CompTIA Certifications
Vendor
:CompTIA
Total Questions
:1334 Q&As
Last Updated
:May 26, 2026
CompTIA SY0-601 Online Questions &
Answers
Question 731:
A user is attempting to navigate to a website from inside the company network using a desktop. When the user types in the URL. https://www.site.com, the user is presented with a certificate mismatch warning from the browser. The user does not receive a warning when visiting http://www.anothersite.com. Which of the following describes this attack?
A. On-path B. Domain hijacking C. DNS poisoning D. Evil twin
C. DNS poisoning Explanation Explanation/Reference:DNS poisoning - DNS poisoning occurs when hackers gain access to a DNS server and begins to redirect traffic to a different IP address by alternating a DNS record. For this question, DNS poisoning on HTTPS will result in a certificate mismatch error, which means a DNS record has been altered.
Question 732:
While reviewing pcap data, a network security analyst is able to locate plaintext usernames and passwords being sent from workstations to network witches. Which of the following is the security analyst MOST likely observing?
A. SNMP traps B. A Telnet session C. An SSH connection D. SFTP traffic
B. A Telnet session
Question 733:
A company suspects that some corporate accounts were compromised. The number of suspicious logins from locations not recognized by the users is increasing Employees who travel need their accounts protected without the nsk of blocking legitimate login requests that may be made over new sign-in properties. Which of the following security controls can be implemented?
A. Enforce MFA when an account request reaches a nsk threshold B. Implement geofencing to only allow access from headquarters C. Enforce time-based login requests that align with business hours D. Shift the access control scheme to a discretionary access control
A. Enforce MFA when an account request reaches a nsk threshold Explanation Explanation/Reference:MFA increases security because even if one credential becomes compromised, unauthorized users will be unable to meet the second authentication requirement and will not be able to access the targeted physical space, computing device, network, or database. Enforce MFA when an account request reaches a risk threshold. This is likely the most convenient implementation that would work for all employees as an additional element(s) would need to be needed for authentication/authorization. ======================== (B) - Implementing geofencing to only allow access from headquarters might stop the suspicious logins, however, it would be inconvenient for employees not physically located near headquarters such as the traveling employees. (C) Enforcing time-based login requests to align with business hours could also be inconvenient for traveling/global employees that work in different times compared the business's normal business hours. (D) With Discretionary access control, the owner of a resource can decide who can have access to the resource and you can modify the access at anytime. The option to shift the access control scheme to a discretionary access control wouldn't really address the login issue either if the account of someone who is authorized to access a resource was compromised. The attacker can still access the resource using their credentials.
Question 734:
Which of the following is the most important security concern when using legacy systems to provide production service?
A. Instability B. Lack of vendor support C. Loss of availability D. Use of insecure protocols
B. Lack of vendor support
Question 735:
Which of the following control Types would be BEST to use in an accounting department to reduce losses from fraudulent transactions?
A. Recovery B. Deterrent C. Corrective D. Detective
D. Detective Explanation Explanation/Reference:Detective controls are designed to identify and report on security incidents, such as fraud or misuse of resources, and are best used to reduce losses from fraudulent transactions. Examples of detective controls in an accounting department include regular audits, transaction monitoring, and access logs that track who is making changes to financial records.
Question 736:
A cloud service provider has created an environment where customers can connect existing local networks to the cloud for additional computing resources and block internal HR applications from reaching the cloud. Which of the following cloud models is being used?
A. Public B. Community C. Hybrid D. Private
C. Hybrid Hybrid cloud refers to a mixed computing, storage, and services environment made up of on-premises infrastructure, private cloud services, and a public cloud--such as Amazon Web Services (AWS) or Microsoft Azure--with orchestration among the various platforms
Question 737:
After gaining access to a dual-homed (i.e.. wired and wireless) multifunction device by exploiting a vulnerability in the device's firmware, a penetration tester then gains shell access on another networked asset This technique is an example of: A. privilege escalation
B. footprinting
C. persistence
D. pivoting.
Correct Answer. D
D Pivoting -> The act of an attacker moving from one compromised system to one or more other systems on the network
Question 738:
A network administrator is setting up wireless access points in all the conference rooms and wants to authenticate device using PKI. Which of the following should the administrator configure?
A. A captive portal B. PSK C. 802.1X D. WPS
C. 802.1X Using a PKI for Wi-Fi authentication requires using the 802.1x standard for network access https://www.securew2.com/blog/configuring-pki-wi-fi
Question 739:
A security administrator currently spends a large amount of time on common security tasks, such as report generation, phishing investigations, and user provisioning and deprovisioning. This prevents the administrator from spending time on other security projects. The business does not have the budget to add more staff members. Which of the following should the administrator attempt?
A. DAC B. ABAC C. SCAP D. SOAR
D. SOAR https://searchsecurity.techtarget.com/definition/SOAR
Question 740:
A company recently experienced a data breach and the source was determined to be an executive who was charging a phone in a public area. Which of the following would MOST likely have prevented this breach?
A. A firewall B. A device pin C. A USB data blocker D. Biometrics
C. A USB data blocker https://www.promorx.com/blogs/blog/how-does-a-usb-data-blocker-work Connecting via the data port of your mobile device, the Data Blockers creates a barrier between your mobile device and the charging station. Your phone will draw power as usual, allowing you to use it normally and charge it at the same time, but this clever piece of equipment will prevent any data exchange. "Malicious USB charging cables and plugs are also a widespread problem. As with card skimming, a device may be placed over a public charging port at airports and other transit locations. A USB data blocker can provide mitigation against these juice- jacking attacks by preventing any sort of data transfer when the smartphone or laptop is connected to a charge point "
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SY0-601 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.