DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Best CompTIA SY0-601 Practice Questions and Exam Preparation Resources, CompTIA Security+ (Plus) Certification | SPOTO

For those aiming to excel in the CompTIA Security+ (SY0-601) certification exam, thorough preparation is key. This globally recognized certification validates essential skills needed for core security functions and is a gateway to a successful IT security career. The SY0-601 exam content is meticulously crafted to encompass the latest cybersecurity trends and techniques, focusing on core technical skills like risk assessment, incident response, forensics, enterprise networks, hybrid/cloud operations, and security controls. To achieve optimal results in the exam, practicing the latest practice questions and utilizing the best exam preparation resources is crucial. SPOTO offers top-notch CompTIA SY0-601 practice questions and exam preparation materials, ensuring that you are well-equipped to succeed in the exam and demonstrate your proficiency in critical security domains. Start preparing effectively with SPOTO today for your CompTIA Security+ journey.
Take other online exams
Question #1
A manufacturing company has several one-off legacy information systems that cannot be migrated to a newer OS due to software compatibility issues. The OSs are still supported by the vendor, but the industrial software is no longer supported. The Chief Information Security Officer (CISO) has created a resiliency plan for these systems that will allow OS patches to be installed in a non-production environment, while also creating backups of the systems for recovery. Which of the following resiliency technique
A. Redundancy B
View answer
Correct Answer: C
Question #2
An organization has hired a security analyst to perform a penetration test. The analyst captures 1Gb worth of inbound network traffic to the server and transfers the pcap back to the machine for analysis. Which of the following tools should the analyst use to further review the pcap? A.Nmap B.cURL C.Netcat D.Wireshark
An organization has hired a security analyst to perform a penetration test. The analyst captures 1Gb worth of inbound network traffic to the server and transfers the pcap back to the machine for analysis
View answer
Correct Answer: B
Question #3
An analyst needs to identify the applications a user was running and the files that were open before the user’s computer was shut off by holding down the power button. Which of the following would MOST likely contain that information? A.NGFW
B. Pagefile C
View answer
Correct Answer: C
Question #4
The Chief Financial Officer (CFO) of an insurance company received an email from Ann, the company’s Chief Executive Officer (CEO), requesting a transfer of $10,000 to an account. The email states Ann is on vacation and has lost her purse, containing cash and credit cards. Which of the following social-engineering techniques is the attacker using?
A. Phishing
B. Whaling C
View answer
Correct Answer: C
Question #5
A consultant is configuring a vulnerability scanner for a large, global organization in multiple countries. The consultant will be using a service account to scan systems with administrative privileges on a weekly basis, but there is a concern that hackers could gain access to the account and pivot throughout the global network. Which of the following would be BEST to help mitigate this concern?
A. Create different accounts for each region, each configured with push MFA notifications
B. Create one global administrator account and enforce Kerberos authentication
View answer
Correct Answer: B
Question #6
Which of the following would be BEST for a technician to review to determine the total risk an organization can bear when assessing a “cloud-first” adoption strategy? A.Risk matrix B.Risk tolerance C.Risk register D.Risk appetite
Which of the following would be BEST for a technician to review to determine the total risk an organization can bear when assessing a “cloud-first” adoption strategy? A. isk matrix B
View answer
Correct Answer: D
Question #7
A security analyst discovers that a company’s username and password database was posted on an Internet forum. The usernames and passwords are stored in plain text. Which of the following would mitigate the damage done by this type of data exfiltration in the future?
A. Create DLP controls that prevent documents from leaving the network
B. Implement salting and hashing
View answer
Correct Answer: D
Question #8
The facilities supervisor for a government agency is concerned about unauthorized access to environmental systems in the event the staff WiFi network is breached. Which of the following would BEST address this security concern? A.Install a smart meter on the staff WiFi.
B. Place the environmental systems in the same DHCP scope as the staff WiFi
View answer
Correct Answer: A
Question #9
Which of the following will provide the BEST physical security countermeasures to stop intruders? (Choose two.) A.Alarms
B. Signage C
E. Fencing
F. Sensors
View answer
Correct Answer: E
Question #10
An organization has implemented a policy requiring the use of conductive metal lockboxes for personal electronic devices outside of a secure research lab. Which of the following did the organization determine to be the GREATEST risk to intellectual property when creating this policy?
A. The theft of portable electronic devices
B. Geotagging in the metadata of images C
View answer
Correct Answer: AB
Question #11
A security analyst is investigating an incident that was first reported as an issue connecting to network shares and the Internet. While reviewing logs and tool output, the analyst sees the following: Which of the following attacks has occurred? A.IP conflict
B. Pass-the-hash C
E. ARP poisoning
View answer
Correct Answer: A
Question #12
A network engineer has been asked to investigate why several wireless barcode scanners and wireless computers in a warehouse have intermittent connectivity to the shipping server. The barcode scanners and computers are all on forklift trucks and move around the warehouse during their regular use. Which of the following should the engineer do to determine the issue? (Choose two.)
A. Perform a site survey
B. Deploy an FTK Imager C
F. Install a captive portal
View answer
Correct Answer: EF
Question #13
A Chief Security Officer (CSO) is concerned about the volume and integrity of sensitive information that is exchanged between the organization and a third party through email. The CSO is particularly concerned about an unauthorized party who is intercepting information that is in transit between the two organizations. Which of the following would address the CSO’s concerns? A.SPF B.DMARC C.SSL D.DKIM
E. TLS
View answer
Correct Answer: B
Question #14
An organization recently acquired an ISO 27001 certification. Which of the following would MOST likely be considered a benefit of this certification?
A. It allows for the sharing of digital forensics data across organizations
B. It provides insurance in case of a data breach
E. It assures customers that the organization meets security standards
View answer
Correct Answer: CE
Question #15
A security researcher is attempting to gather data on the widespread use of a zero-day exploit. Which of the following will the researcher MOST likely use to capture this data? A.A DNS sinkhole
B. A honeypot C
View answer
Correct Answer: C
Question #16
A company just implemented a new telework policy that allows employees to use personal devices for official email and file sharing while working from home. Some of the requirements are: Employees must provide an alternate work location (i.e., a home address). Employees must install software on the device that will prevent the loss of proprietary data but will not restrict any other software from being installed. Which of the following BEST describes the MDM options the company is using?
A. Geofencing, content management, remote wipe, containerization, and storage segmentation
B. Content management, remote wipe, geolocation, context-aware authentication, and containerization C
View answer
Correct Answer: A
Question #17
Which of the following should a data owner require all personnel to sign to legally protect intellectual property?
A. An NDA B
View answer
Correct Answer: AC
Question #18
Company engineers regularly participate in a public Internet forum with other engineers throughout the industry. Which of the following tactics would an attacker MOST likely use in this scenario?
A. Watering-hole attack
B. Credential harvesting C
View answer
Correct Answer: D
Question #19
Which of the following would be BEST to establish between organizations to define the responsibilities of each party, outline the key deliverables, and include monetary penalties for breaches to manage third-party risk? A.An ARO B.An MOU C.An SLA D.A BPA
Which of the following would be BEST to establish between organizations to define the responsibilities of each party, outline the key deliverables, and include monetary penalties for breaches to manage third-party risk? A. n ARO B
View answer
Correct Answer: C
Question #20
A security engineer has enabled two-factor authentication on all workstations. Which of the following approaches are the MOST secure? (Choose two.)
A. Password and security question
B. Password and CAPTCHA C
E. Password and one-time token
F. Password and voice
View answer
Correct Answer: B
Question #21
A cybersecurity administrator has a reduced team and needs to operate an on-premises network and security infrastructure efficiently. To help with the situation, the administrator decides to hire a service provider. Which of the following should the administrator use? A.SDP B.AAA C.IaaS D.MSSP E.Microservices
A cybersecurity administrator has a reduced team and needs to operate an on-premises network and security infrastructure efficiently. To help with the situation, the administrator decides to hire a service provider
View answer
Correct Answer: A
Question #22
An organization’s Chief Security Officer (CSO) wants to validate the business’s involvement in the incident response plan to ensure its validity and thoroughness. Which of the following will the CSO MOST likely use?
A. An external security assessment B
View answer
Correct Answer: B
Question #23
A Chief Information Security Officer (CISO) needs to create a policy set that meets international standards for data privacy and sharing. Which of the following should the CISO read and understand before writing the policies? A.PCI DSS B.GDPR C.NIST D.ISO 31000
A Chief Information Security Officer (CISO) needs to create a policy set that meets international standards for data privacy and sharing. Which of the following should the CISO read and understand before writing the policies? A
View answer
Correct Answer: D
Question #24
Which of the following environments would MOST likely be used to assess the execution of component parts of a system at both the hardware and software levels and to measure performance characteristics? A.Test
B. Staging C
View answer
Correct Answer: A
Question #25
A company’s bank has reported that multiple corporate credit cards have been stolen over the past several weeks. The bank has provided the names of the affected cardholders to the company’s forensics team to assist in the cyber-incident investigation. An incident responder learns the following information: The timeline of stolen card numbers corresponds closely with affected users making Internet-based purchases from diverse websites via enterprise desktop PCs. All purchase connections were encrypted, and t
A. HTTPS sessions are being downgraded to insecure cipher suites
B. The SSL inspection proxy is feeding events to a compromised SIEM C
View answer
Correct Answer: A
Question #26
A security analyst sees the following log output while reviewing web logs: Which of the following mitigation strategies would be BEST to prevent this attack from being successful?
A. Secure cookies
B. Input validation C
View answer
Correct Answer: D
Question #27
Which of the following refers to applications and systems that are used within an organization without consent or approval?
A. Shadow IT B
View answer
Correct Answer: CD
Question #28
A global pandemic is forcing a private organization to close some business units and reduce staffing at others. Which of the following would be BEST to help the organization’s executives determine their next course of action?
A. An incident response plan
B. A communications plan C
View answer
Correct Answer: A
Question #29
A university with remote campuses, which all use different service providers, loses Internet connectivity across all locations. After a few minutes, Internet and VoIP services are restored, only to go offline again at random intervals, typically within four minutes of services being restored. Outages continue throughout the day, impacting all inbound and outbound connections and services. Services that are limited to the local LAN or WiFi network are not impacted, but all WAN and VoIP services are affected.
A. DoS
B. SSL stripping C
F. Refactoring
View answer
Correct Answer: EF
Question #30
A worldwide manufacturing company has been experiencing email account compromises. In one incident, a user logged in from the corporate office in France, but then seconds later, the same user account attempted a login from Brazil. Which of the following account policies would BEST prevent this type of attack?
A. Network location
B. Impossible travel time C
View answer
Correct Answer: AC
Question #31
A security administrator needs to inspect in-transit files on the enterprise network to search for PII, credit card data, and classification words. Which of the following would be the BEST to use?
A. IDS solution
B. EDR solution C
View answer
Correct Answer: A
Question #32
A major political party experienced a server breach. The hacker then publicly posted stolen internal communications concerning campaign strategies to give the opposition party an advantage. Which of the following BEST describes these threat actors?
A. Semi-authorized hackers B
View answer
Correct Answer: A
Question #33
The website http://companywebsite.com requires users to provide personal information, including security questionresponses, for registration. Which of the following would MOST likely cause a data breach?
A. Lack of input validation
B. Open permissions C
View answer
Correct Answer: D
Question #34
A RAT that was used to compromise an organization’s banking credentials was found on a user’s computer. The RAT evaded antivirus detection. It was installed by a user who has local administrator rights to the system as part of a remote management tool set. Which of the following recommendations would BEST prevent this from reoccurring?
A. Create a new acceptable use policy
B. Segment the network into trusted and untrusted zones
View answer
Correct Answer: C
Question #35
A network engineer is troubleshooting wireless network connectivity issues that were reported by users. The issues are occurring only in the section of the building that is closest to the parking lot. Users are intermittently experiencing slow speeds when accessing websites and are unable to connect to network drives. The issues appear to increase when laptop users return to their desks after using their devices in other areas of the building. There have also been reports of users being required to enter th
A. An external access point is engaging in an evil-twin attack
B. The signal on the WAP needs to be increased in that section of the building
View answer
Correct Answer: A
Question #36
The lessons-learned analysis from a recent incident reveals that an administrative office worker received a call from someone claiming to be from technical support. The caller convinced the office worker to visit a website, and then download and install a program masquerading as an antivirus package. The program was actually a backdoor that an attacker could later use to remote control the worker’s PC. Which of the following would be BEST to help prevent this type of attack in the future?
A. Data loss prevention
B. Segmentation C
View answer
Correct Answer: C
Question #37
A security analyst is reviewing the following command-line output: Which of the following is the analyst observing?
A. ICMP spoofing
B. URL redirection C
View answer
Correct Answer: C
Question #38
A small business just recovered from a ransomware attack against its file servers by purchasing the decryption keys from the attackers. The issue was triggered by a phishing email and the IT administrator wants to ensure it does not happen again. Which of the following should the IT administrator do FIRST after recovery?
A. Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis
B. Restrict administrative privileges and patch all systems and applications
View answer
Correct Answer: D
Question #39
A website developer is working on a new e-commerce website and has asked an information security expert for the most appropriate way to store credit card numbers to create an easy reordering process. Which of the following methods would BEST accomplish this goal?
A. Salting the magnetic strip information
B. Encrypting the credit card information in transit C
View answer
Correct Answer: B
Question #40
A Chief Security Officer (CSO) is concerned about the amount of PII that is stored locally on each salesperson’s laptop. The sales department has a higher-than-average rate of lost equipment. Which of the following recommendations would BEST address the CSO’s concern?
A. Deploy an MDM solution
B. Implement managed FDE
View answer
Correct Answer: C
Question #41
A user must introduce a password and a USB key to authenticate against a secure computer, and authentication is limited to the state in which the company resides. Which of the following authentication concepts are in use?
A. Something you know, something you have, and somewhere you are
B. Something you know, something you can do, and somewhere you are C
View answer
Correct Answer: A
Question #42
Which of the following would cause a Chief Information Security Officer (CISO) the MOST concern regarding newly installed Internet-accessible 4K surveillance cameras?
A. An inability to monitor 100% of every facility could expose the company to unnecessary risk
B. The cameras could be compromised if not patched in a timely manner
View answer
Correct Answer: A
Question #43
A security operations analyst is using the company’s SIEM solution to correlate alerts. Which of the following stages of the incident response process is this an example of? A.Eradiction B.Recovery C.Identification D.Preparation
A security operations analyst is using the company’s SIEM solution to correlate alerts. Which of the following stages of the incident response process is this an example of? A
View answer
Correct Answer: C
Question #44
The Chief Executive Officer (CEO) of an organization would like staff members to have the flexibility to work from home anytime during business hours, including during a pandemic or crisis. However, the CEO is concerned that some staff members may take advantage of the flexibility and work from high-risk countries while on holiday or outsource work to a third-party organization in another country. The Chief Information Officer (CIO) believes the company can implement some basic controls to mitigate the majo
A. Geolocation
B. Time-of-day restrictions C
E. Geotagging
F. Role-based access controls
View answer
Correct Answer: A
Question #45
During an incident response, a security analyst observes the following log entry on the web server: Which of the following BEST describes the type of attack the analyst is experiencing?
A. SQL injection B
View answer
Correct Answer: B
Question #46
A security administrator suspects an employee has been emailing proprietary information to a competitor. Company policy requires the administrator to capture an exact copy of the employee’s hard disk. Which of the following should the administrator use?
A. dd
B. chmod C
View answer
Correct Answer: B
Question #47
A vulnerability assessment report will include the CVSS score of the discovered vulnerabilities because the score allows the organization to better:
A. validate the vulnerability exists in the organization’s network through penetration testing
B. research the appropriate mitigation techniques in a vulnerability database
View answer
Correct Answer: B
Question #48
A developer is building a new portal to deliver single-pane-of-glass management capabilities to customers with multiple firewalls. To improve the user experience, the developer wants to implement an authentication and authorization standard that uses security tokens that contain assertions to pass user information between nodes. Which of the following roles should the developer configure to meet these requirements? (Choose two.)
A. Identity processor
B. Service requestor C
E. Tokenized resource
F. Notarized referral
View answer
Correct Answer: B
Question #49
An incident, which is affecting dozens of systems, involves malware that reaches out to an Internet service for rules and updates. The IP addresses for the Internet host appear to be different in each case. The organization would like to determine a common IoC to support response and recovery actions. Which of the following sources of information would BEST support this solution?
A. Web log files B
View answer
Correct Answer: D
Question #50
Entering a secure area requires passing through two doors, both of which require someone who is already inside to initiate access. Which of the following types of physical security controls does this describe? A.Cameras
B. Faraday cage C
E. Guards
View answer
Correct Answer: A
Question #51
After a phishing scam for a user’s credentials, the red team was able to craft a payload to deploy on a server. The attack allowed the installation of malicious software that initiates a new remote session. Which of the following types of attacks has occurred?
A. Privilege escalation
B. Session replay C
View answer
Correct Answer: C
Question #52
On which of the following is the live acquisition of data for forensic analysis MOST dependent? (Choose two.)
A. Data accessibility
B. Legal hold C
E. Value and volatility of data
F. Right-to-audit clauses
View answer
Correct Answer: B
Question #53
Which of the following are the MOST likely vectors for the unauthorized or unintentional inclusion of vulnerable code in a software company’s final software releases? (Choose two.)
A. Unsecure protocols
B. Use of penetration-testing utilities C
E. Vendors/supply chain
F. Outdated anti-malware software
View answer
Correct Answer: B
Question #54
A security analyst is reviewing a new website that will soon be made publicly available. The analyst sees the following in the URL: http://dev-site.comptia.org/home/show.php?sessionID=77276554&loc=us The analyst then sends an internal user a link to the new website for testing purposes, and when the user clicks the link, the analyst is able to browse the website with the following URL: http://dev-site.comptia.org/home/show.php?sessionID=98988475&loc=us Which of the following application attacks is being tes
A. Pass-the-hash
B. Session replay C
View answer
Correct Answer: D
Question #55
Which of the following BEST describes the MFA attribute that requires a callback on a predefined landline?
A. Something you exhibit
B. Something you can do C
View answer
Correct Answer: AD
Question #56
A university is opening a facility in a location where there is an elevated risk of theft. The university wants to protect the desktops in its classrooms and labs. Which of the following should the university use to BEST protect these assets deployed in the facility?
A. Visitor logs
B. Cable locks C
E. Motion detection
View answer
Correct Answer: C
Question #57
Which of the following should be put in place when negotiating with a new vendor about the timeliness of the response to a significant outage or incident? A.MOU B.MTTR C.SLA D.NDA
Which of the following should be put in place when negotiating with a new vendor about the timeliness of the response to a significant outage or incident? A. OU B
View answer
Correct Answer: E
Question #58
An employee has been charged with fraud and is suspected of using corporate assets. As authorities collect evidence, and to preserve the admissibility of the evidence, which of the following forensic techniques should be used? A.Order of volatility
B. Data recovery C
View answer
Correct Answer: A
Question #59
Which of the following BEST explains the difference between a data owner and a data custodian?
A. The data owner is responsible for adhering to the rules for using the data, while the data custodian is responsible for determining the corporate governance regarding the data
B. The data owner is responsible for determining how the data may be used, while the data custodian is responsible for implementing the protection to the data C
View answer
Correct Answer: C
Question #60
A company has decided to move its operations to the cloud. It wants to utilize technology that will prevent users from downloading company applications for personal use, restrict data that is uploaded, and have visibility into which applications are being used across the company. Which of the following solutions will BEST meet these requirements? A.An NGFW B.A CASB C.Application whitelisting D.An NG-SWG
A company has decided to move its operations to the cloud. It wants to utilize technology that will prevent users from downloading company applications for personal use, restrict data that is uploaded, and have visibility into which applications are being used across the company
View answer
Correct Answer: D

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.