1. Home
  2. CompTIA
  3. SY0-601

CompTIA Security+

Exam Details

  • Exam Code
    :SY0-601
  • Exam Name
    :CompTIA Security+
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1334 Q&As
  • Last Updated
    :May 17, 2025

CompTIA CompTIA Certifications SY0-601 Questions & Answers

  • Question 941:

    Which of the following would a European company interested in implementing a technical, hands-on set of security standards MOST likely choose?

    A. GOPR

    B. CIS controls

    C. ISO 27001

    D. Is0 37000

  • Question 942:

    A security analyst is reviewing the following command-line output:

    Which of the following Is the analyst observing?

    A. IGMP spoofing

    B. URL redirection

    C. MAG address cloning

    D. DNS poisoning

  • Question 943:

    An end user reports a computer has been acting slower than normal for a few weeks, During an investigation, an analyst determines the system 3 sending the users email address and a ten-digit number ta an IP address once a day. The only resent log entry regarding the user's computer is the following:

    Which of the following is the MOST likely cause of the issue?

    A. The end user purchased and installed a PUP from a web browser

    B. A bot on the computer is brute forcing passwords against a website

    C. A hacker is attempting to exfiltrate sensitive data

    D. Ransomware is communicating with a command-and-control server.

  • Question 944:

    A security analyst is reviewing a penetration-testing report from a third-party contractor. The penetration testers used the organization's new API to bypass a driver to perform privilege escalation on the organization's web servers. Upon looking at the API, the security analyst realizes the particular API call was to a legacy system running an outdated OS.

    Which of the following is the MOST likely attack type?

    A. Request forgery

    B. Session replay

    C. DLL injection

    D. Shimming

  • Question 945:

    An attacker is attempting to harvest user credentials on a client's website. A security analyst notices multiple attempts of random usernames and passwords.

    When the analyst types in a random username and password, the logon screen displays the following message:

    The username you entered does not exist.

    Which of the following should the analyst recommend be enabled?

    A. Input validation

    B. Obfuscation

    C. Error handling

    D. Username lockout

  • Question 946:

    A financial nstitution wauid like to stare its customer data in a coud but still allaw the data ta he accessed and manipulated while encrypted. Doing so would prevent the claud servine provider from heing adle ta decipher the data due ta its sensitivity. The financial institutan is not concernec about computational averheads and slow speeds, Which of the follawing cryotographic techniques would BEST meet the requirement?

    A. Asymmatric

    B. Symmetric

    C. Homeomorphic

    D. Ephemeral

  • Question 947:

    A security analyst needs to find real-time data on the latest malware and IoCs. Which of the following BEST describes the solution the analyst should pursue?

    A. Advisories and bulletins

    B. Threat feeds

    C. Security news articles

    D. Peer-reviewed content

  • Question 948:

    A financial institution would like to stare is customer data a could but still allow the data ta he accessed and manipulated while encrypted. Doing se would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concern about computational overheads and slow speeds,

    Which of the following cryptographic techniques would BEST meet the requirement?

    A. Asymmatric

    B. Symmetric

    C. Homeomorphic

    D. Ephemeral

  • Question 949:

    A multinational organization that offers web-based services has datacenters that are located only in the United States; however, a large number of its customers are in Australia, Europe, and China. Payments for services are managed by a third party in the United Kingdom that specializes in payment gateways. The management team is concerned the organization is not compliant with privacy laws that cover some of its customers. Which of the following frameworks should the management team follow?

    A. Payment Card Industry Data Security Standard

    B. Cloud Security Alliance Best Practices

    C. ISO/IEC 27032 Cybersecurity Guidelines

    D. General Data Protection Regulation

  • Question 950:

    Which of the following should a data owner require all personnel to sign to legally protect intellectual property?

    A. An NDA

    B. An AUP

    C. An ISA

    D. An MOU

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SY0-601 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.