CompTIA SY0-601 Online Practice
Questions and Exam Preparation
SY0-601 Exam Details
Exam Code
:SY0-601
Exam Name
:CompTIA Security+
Certification
:CompTIA Certifications
Vendor
:CompTIA
Total Questions
:1334 Q&As
Last Updated
:May 26, 2026
CompTIA SY0-601 Online Questions &
Answers
Question 71:
A company has drafted an insider-threat policy that prohibits the use of external storage devices. Which of the following would BEST protect the company from data exfiltration via removable media?
A. Monitoring large data transfer transactions in the firewall logs B. Developing mandatory training to educate employees about the removable media policy C. Implementing a group policy to block user access to system files D. Blocking removable-media devices and write capabilities using a host-based security tool
D. Blocking removable-media devices and write capabilities using a host-based security tool
Question 72:
A security analyst is receiving several alerts per user and is trying to determine If various logins are malicious. The security analyst would like to create a baseline of normal operations and reduce noise. Which of the following actions should the security analyst perform?
A. Adjust the data flow from authentication sources to the SIEM. B. Disable email alerting and review the SIEM directly. C. Adjust the sensitivity levels of the SIEM correlation engine. D. Utilize behavioral analysis to enable the SIEM's learning mode.
D. Utilize behavioral analysis to enable the SIEM's learning mode. Utilize behavioral analysis to enable the SIEM's learning mode. UBA or User Behavior Analytics and is a threat detection analysis technology that uses AI to understand how users normally behave and then find anomalous activities, which deviate from their normal behavior and may be indicative of a threat. For this scenario, the SIEM will first learn what is normal behavior then when a baseline is created, it will know if any of the logins are malicious. Likely determined by when and where the logins are occurring and if it's different from the baseline. This should hopefully reduce the amount of alerts occurring.
Question 73:
DDoS attacks are causing an overload on the cluster of cloud servers. A security architect is researching alternatives to make the cloud environment respond to load fluctuation in a cost-effective way.
Which of the following options BEST fulfils the architect's requirements?
A. An orchestration solution that can adjust scalability of cloud assets B. Use of multipath by adding more connections to cloud storage C. Cloud assets replicated on geographically distributed regions D. An on-site backup that is deployed and only used when the load increases
A. An orchestration solution that can adjust scalability of cloud assets Scaling cloud infrastructures can experience lag during the periods of high activity, where other assets have to either be added, or become active. This is the compromise for a cost- effective solution that scales. The company could go for a system that is absolutely overkill on assets at all times, in preparation for those brief peak moments. But this is expensive, and unlikely to be taken by most companies. Only case you would want to use one of these is if you have a sensitive or critical service that MUST remain online. Stock exchange servers, military servers, bank servers, etc. come to mind for this criteria.
Question 74:
A website user is locked out of an account after clicking an email link and visiting a different website. Web server logs show the user’s password was changed, even though the user did not change the password. Which of the following is the most likely cause?
A. Cross-site request forgery B. Directory traversal C. ARP poisoning D. SQL injection
A. Cross-site request forgery
Question 75:
A company needs to validate its updated incident response plan using a real-world scenario that will test decision points and relevant incident response actions without interrupting daily operations. Which of the following would BEST meet the company's requirements?
A. Red-team exercise B. Capture-the-flag exercise C. Tabletop exercise D. Phishing exercise
C. Tabletop exercise
Question 76:
Which of the following security program audits includes a comprehensive evaluation of the security controls in place at an organization over a six- to 12-month time period?
A. NIST CSF B. SOC 2 Type II C. ISO 27001 D. PCI DSS
B. SOC 2 Type II
Question 77:
A systems analyst determines the source of a high number of connections to a web server that were initiated by ten different IP addresses that belong to a network block in a specific country. Which of the following techniques will the systems analyst MOST likely implement to address this issue?
A. Content filter B. SIEM C. Firewall rules D. DLP
C. Firewall rules
Question 78:
Which of the following is a targeted attack aimed at compromising users within a specific industry or group?
A. Watering hole B. Typosquatting C. Hoax D. Impersonation
A. Watering hole A targeted attack refers to a type of threat in which threat actors actively pursue and compromise a target entity's infrastructure while maintaining anonymity. These attackers have a certain level of expertise and have sufficient resources to conduct their schemes over a long-term period. They can adapt, adjust, or improve their attacks to counter their victim's defenses.BackgroundTargeted attacks often employ similar methods found in traditional online threats such as malicious emails, compromised or malicious sites, exploits, and malware. Targeted attacks differ from traditional online threats in many ways:?Targeted attacks are typically conducted as campaigns. APTs are often conducted in campaigns--a series of failed and successful attempts over time to get deeper and deeper into a target's network--and are thus not isolated incidents.?They usually target specific industries such as businesses, government agencies, or political groups. Attackers often have long-term goals in mind, with motives that include, but are not limited to, political gain, monetary profit, or business data theft.Attackers often customize, modify and improve their methods depending on the nature of their target sector and to circumvent any security measures implemented.Phases of a Targeted Attack?Intelligence gathering. Threat actors identify and gather publicly available information about their target to customize their attacks. This initial phase aims to gain strategic information not only on the intended target's IT environment but also on its organizational structure. The information gathered can range from the business applications and software an enterprise utilizes to the roles and relationships that exist within it. This phase also utilizes social engineering techniques that leverage recent events, work-related issues or concerns, and other areas of interest for the intended target.?Point of entry. Threat actors may use varied methods to infiltrate a target's infrastructure. Common methods include customized spearphishing email, zero- day or software exploits, and watering hole techniques. Attackers also utilize instant- messaging and social networking platforms to entice targets to click a link or download malware. Eventually, establishing a connection with the target is acquired.?Command- and-control (CandC) communication. After security has been breached, threat actors constantly communicate to the malware to either execute malicious routines or gather information within the company network. Threat actors use techniques to hide this communication and keep their movements under the radar.?Lateral movement. Once inside the network, threat actors move laterally throughout the network to seek key information or infect other valuable systems.?Asset/Data Discovery. Notable assets or data are determined and isolated for future data exfiltration. Threat actors have access to "territories" that contain valuable information and noteworthy assets. These data are then identified and transferred through tools like remote access Trojans (RATs) and customized and legitimate tools. A possible technique used in this stage may be sending back file lists in different directories so attackers can identify what are valuable.?Data Exfiltration. This is the main goal of targeted attacks. An attack's objective is to gather key information and transfer this to a location that the attackers control. Transferring such data can be conducted quickly or gradually. Targeted attacks strive to remain undetected in the network in order to gain access to the company's crown jewels or valuable data. These valuable data include intellectual property, trade secrets, and customer information. Inaddition, threat actors may also seek other sensitive data such as top-secret documents from government or military institutions. Once a targeted attack is successful and has reached as far as the data exfiltration stage, it is not difficult for attackers to draw out the data. Although targeted attacks are not known to specifically target consumers, their data are also at risk once target business sectors have been infiltrated. As a result, such attacks (if successful) may damage a company's reputation. https://www.trendmicro.com/vinfo/us/security/definition/targeted- attacks#:~:text=A%20targeted%20attack% 20refers% 20to,over%20a%20long%2Dterm%20 period.
Question 79:
Which of the following procedures would be performed after the root cause of a security incident has been identified to help avoid future incidents from occurring?
A. Walk-throughs B. Lessons learned C. Attack framework alignment D. Containment
B. Lessons learned After the root cause of a security incident has been identified, it is important to take the time to analyze what went wrong and how it could have been prevented. This process is known as "lessons learned" and allows organizations to identify potential improvements to their security processes and protocols. Lessons learned typically involve a review of the incident and the steps taken to address it, a review of the security systems and procedures in place, and an analysis of any potential changes that can be made to prevent similar incidents from occurring in the future.
Question 80:
Which of the following provides a catalog of security and privacy controls related to the United States federal information systems?
A. GDPR B. PCI DSS C. ISO 27000 D. NIST 800-53
D. NIST 800-53 NIST 800-53 (National Institute of Standards and Technology Special Publication 800-53) is a catalog of security and privacy controls for United States federal information systems. It provides guidelines and recommendations for implementing a comprehensive security program to protect the confidentiality, integrity, and availability of sensitive information and systems. NIST 800-53 is widely used by government agencies and organizations to ensure compliance with security and privacy requirements.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SY0-601 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.