DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Comprehensive CompTIA SY0-601 Exam Test Questions & Answers, CompTIA Security+ (Plus) Certification | SPOTO

Prepare comprehensively for the CompTIA SY0-601 exam with SPOTO's extensive collection of exam test questions and answers. Our resources include practice tests, free tests, sample questions, and exam dumps, all designed to enhance your exam preparation. Engage with our online exam questions and mock exams to refine your understanding of core technical skills like risk assessment, incident response, and network security. With CompTIA Security+ (SY0-601) certification, you'll master the latest cybersecurity techniques and validate essential skills for a successful IT security career. Our exam materials cover a range of topics, from enterprise networks to hybrid/cloud operations and security controls, ensuring you're fully prepared to excel on the exam and in your professional role. Elevate your certification prep with SPOTO and achieve success in the CompTIA SY0-601 exam.
Take other online exams

Question #1
A host was infected with malware. During the incident response, Joe, a user, reported that he did not receive any emails with links, but he had been browsing the Internet all day. Which of the following would MOST likely show where the malware originated?
A. The DNS logs
B. The web server logs
C. The SIP traffic logs
D. The SNMP logs
View answer
Correct Answer: B
Question #2
An organization has a growing workforce that is mostly driven by additions to the sales department. Each newly hired salesperson relies on a mobile device to conduct business. The Chief Information Officer (CIO) is wondering it the organization may need to scale down just as quickly as it scaled up. The ClO is also concerned about the organization's security and customer privacy. Which of the following would be BEST to address the ClO’s concerns?
A. Disallow new hires from using mobile devices for six months
B. Select four devices for the sales department to use in a CYOD model
C. Implement BYOD for the sates department while leveraging the MDM
D. Deploy mobile devices using the COPE methodology
View answer
Correct Answer: AB
Question #3
A security monitoring company offers a service that alerts its customers if their credit cards have been stolen. Which of the following is the MOST likely source of this information?
A. STIX
B. The dark web
C. TAXI
D. Social media
E. PCI
View answer
Correct Answer: B
Question #4
A security administrator currently spends a large amount of time on common security tasks, such aa report generation, phishing investigations, and user provisioning and deprovisioning This prevents the administrator from spending time on other security projects. The business does not have the budget to add more staff members. Which of the following should the administrator implement?
A. DAC
B. ABAC
C. SCAP
D. SOAR
View answer
Correct Answer: B
Question #5
A security analyst is reviewing a new website that will soon be made publicly available. The analyst sees the following in the URL: http://dev-site.comptia.org/home/show.php?sessionID=77276554&loc=us The analyst then sends an internal user a link to the new website for testing purposes, and when the user clicks the link, the analyst is able to browse the website with the following URL: http://dev-site.comptia.org/home/show.php?sessionID=98988475&loc=us Which of the following application attacks is being tes
A. Pass-the-hash
B. Session replay
C. Object deference
D. Cross-site request forgery
View answer
Correct Answer: C
Question #6
A recent phishing campaign resulted in several compromised user accounts. The security incident response team has been tasked with reducing the manual labor of filtering through all the phishing emails as they arrive and blocking the sender's email address, along with other time-consuming mitigation actions. Which of the following can be configured to streamline those tasks?
A. SOAR playbook
B. MOM policy
C. Firewall rules
D. URL filter
E. SIEM data collection
View answer
Correct Answer: C
Question #7
A security analyst receives an alert from trie company's SIEM that anomalous activity is coming from a local source IP address of 192.168.34.26. The Chief Information Security Officer asks the analyst to block the originating source Several days later, another employee opens an internal ticket stating that vulnerability scans are no longer being performed properly. The IP address the employee provides is 192 168.3426. Which of the following describes this type of alert?
A. True positive
B. True negative
C. False positive
D. False negative
View answer
Correct Answer: B
Question #8
A company provides mobile devices to its users to permit access to email and enterprise applications. The company recently started allowing users to select from several different vendors and device models. When configuring the MDM, which of the following is a key security implication of this heterogeneous device approach?
A. The most common set of MDM configurations will become the effective set of enterprise mobile security controls
B. All devices will need to support SCEP-based enrollment; therefore, the heterogeneity of the chosen architecture may unnecessarily expose private keys to adversaries
C. Certain devices are inherently less secure than others, so compensatory controls will be needed to address the delta between device vendors
D. MDMs typically will not support heterogeneous deployment environments, so multiple MDMs will need to be installed and configured
View answer
Correct Answer: B
Question #9
A major political party experienced a server breach. The hacker then publicly posted stolen internal communications concerning campaign strategies to give the opposition party an advantage. Which of the following BEST describes these threat actors?
A. Semi-authorized hackers
B. State actors
C. Script kiddies
D. Advanced persistent threats
View answer
Correct Answer: AE
Question #10
Which of the following typically uses a combination of human and artificial intelligence to analyze event data and take action without intervention?
A. TTP
B. OSINT
C. SOAR
D. SIEM
View answer
Correct Answer: C
Question #11
A Chief Information Security Officer (CISO) is concerned about the organization's ability to continue business operation in the event of a prolonged DDoS attack on its local datacenter that consumes database resources. Which of the following will the CISO MOST likely recommend to mitigate this risk?
A. Upgrade the bandwidth available into the datacenter
B. Implement a hot-site failover location
C. Switch to a complete SaaS offering to customers
D. Implement a challenge response test on all end-user queries
View answer
Correct Answer: C
Question #12
Which of the following prevents an employee from seeing a colleague who is visiting an inappropriate website?
A. Job rotation policy
B. NDA
C. AUP
D. Separation Of duties policy
View answer
Correct Answer: A
Question #13
A network engineer created two subnets that will be used for production and development servers. Per security policy, production and development servers must each have a dedicated network that cannot communicate with one another directly. Which of the following should be deployed so that server administrators can access these devices?
A. VLANS
B. Internet proxy servers
C. NIDS
D. Jump servers
View answer
Correct Answer: AE
Question #14
A security engineer needs to Implement the following requirements: ? All Layer 2 switches should leverage Active Directory tor authentication. ? All Layer 2 switches should use local fallback authentication If Active Directory Is offline. ? All Layer 2 switches are not the same and are manufactured by several vendors. Which of the following actions should the engineer take to meet these requirements? (Select TWO). Implement RADIUS.
A. Configure AAA on the switch with local login as secondary
B. Configure port security on the switch with the secondary login method
C. Implement TACACS+
D. Enable the local firewall on the Active Directory server
E. Implement a DHCP server
View answer
Correct Answer: A
Question #15
An organization is planning to roll out a new mobile device policy and issue each employee a new laptop, These laptops would access the users' corporate operating system remotely and allow them to use the laptops for purposes outside of their job roles. Which of the following deployment models is being utilized?
A. MDM and application management
B. BYOO and containers
C. COPE and VDI
D. CYOD and VMs
View answer
Correct Answer: C
Question #16
A systems analyst is responsible for generating a new digital forensics chain-of-custody form. Which of the following should the analyst include in this documentation? (Select TWO).
A. The order of volatility
B. A CRC32 checksum
C. The provenance of the artifacts
D. The vendor's name
E. The date time
F. A warning banner
View answer
Correct Answer: B
Question #17
A security analyst is tasked with defining the “something you are“ factor of the company’s MFA settings. Which of the following is BEST to use to complete the configuration?
A. Gait analysis
B. Vein
C. Soft token
D. HMAC-based, one-time password
View answer
Correct Answer: DEG
Question #18
A Chief Security Office's (CSO's) key priorities are to improve preparation, response, and recovery practices to minimize system downtime and enhance organizational resilience to ransomware attacks. Which of the following would BEST meet the CSO's objectives?
A. Use email-filtering software and centralized account management, patch high-risk systems, and restrict administration privileges on fileshares
B. Purchase cyber insurance from a reputable provider to reduce expenses during an incident
C. Invest in end-user awareness training to change the long-term culture and behavior of staff and executives, reducing the organization's susceptibility to phishing attacks
D. Implement application whitelisting and centralized event-log management, and perform regular testing and validation of full backups
View answer
Correct Answer: C
Question #19
Which of the following would satisfy three-factor authentication?
A. Password, retina scanner, and NFC card
B. Password, fingerprint scanner, and retina scanner
C. Password, hard token, and NFC card
D. Fingerpnint scanner, hard token, and retina scanner
View answer
Correct Answer: B
Question #20
A company is required to continue using legacy software to support a critical service. Which of the following BEST explains a risk of this practice?
A. Default system configuration
B. Unsecure protocols
C. Lack of vendor support
D. Weak encryption
View answer
Correct Answer: B
Question #21
The facilities supervisor for a government agency is concerned about unauthorized access to environmental systems in the event the staff WiFi network is breached. Which of the blowing would BEST address this security concern?
A. install a smart meter on the staff WiFi
B. Place the environmental systems in the same DHCP scope as the staff WiFi
C. Implement Zigbee on the staff WiFi access points
D. Segment the staff WiFi network from the environmental systems network
View answer
Correct Answer: D
Question #22
A penetration tester is fuzzing an application to identify where the EIP of the stack is located on memory. Which of the following attacks is the penetration tester planning to execute?
A. Race-condition
B. Pass-the-hash
C. Buffer overflow
D. XSS
View answer
Correct Answer: D
Question #23
hich of the following is the BEST method for ensuring non-repudiation?
A. SSO
B. Digital certificate
C. Token
D. SSH key
View answer
Correct Answer: B
Question #24
A commercial cyber-threat intelligence organization observes IoCs across a variety of unrelated customers. Prior to releasing specific threat intelligence to other paid subscribers, the organization is MOST likely obligated by contracts to:
A. perform attribution to specific APTs and nation-state actors
B. anonymize any PII that is observed within the IoC data
C. add metadata to track the utilization of threat intelligence reports
D. assist companies with impact assessments based on the observed data
View answer
Correct Answer: D
Question #25
Which of the following documents provides guidance regarding the recommended deployment of network security systems from the manufacturer?
A. Cloud control matrix
B. Reference architecture
C. NIST RMF
D. CIS Top 20
View answer
Correct Answer: C
Question #26
A security engi is cor that the gy tor on endpoints ts too heavily dependent on previously defined attacks. The engineer would like a tool to monitor for changes to key Mes and network traffic on the device. Which of the following tools BEST addresses both detection and prevention?
A. NIDS
B. HIPS
C. AV
D. NGFW
View answer
Correct Answer: B
Question #27
A network engineer has been asked to investigate why several wireless barcode scanners and wireless computers in a warehouse have intermittent connectivity to the shipping server. The barcode scanners and computers are all on forklift trucks and move around the warehouse during their regular use. Which of the following should the engineer do to determine the issue? (Choose two.)
A. Perform a site survey
B. Deploy an FTK Imager
C. Create a heat map
D. Scan for rogue access points
E. Upgrade the security protocols
View answer
Correct Answer: C
Question #28
An enterprise has hired an outside security firm lo conduct a penetration test on its network and applications, The enterprise provided the firm with access to a guest account. Which af the following BEST represents the type of testing that is being used?
A. Black-box
B. Red-team
C. Gray-box
D. Bug bounty
E. White-box
View answer
Correct Answer: B
Question #29
Server administrator want to configure a cloud solution so that computing memory and processor usage is maximized most efficiently acress a number of virtual servers. They also need to avoid potential denial-of-service situations caused by availiability. Which of the following should administrator configure to maximize system availability while efficiently utilizing available computing power?
A. Dynamic resource allocation
B. High availability
C. Segmentation
D. Container security
View answer
Correct Answer: A
Question #30
A research company discovered that an unauthorized piece of software has been detected on a small number of machines in its lab. The researchers collaborate with other machines using port 445 and on the Internet using port 443. The unauthorized software is starting to be seen on additional machines outside of the lab and is making outbound communications using HTTPS and SMB. The security team has been instructed to resolve the problem as quickly as possible causing minimal disruption to the researchers. Whi
A. Update the host firewalls to block outbound SMB
B. Place the machines with the unapproved software in containment
C. Place the unauthorized application in a blocklist
D. Implement a content filter to block the unauthorized software communication
View answer
Correct Answer: B
Question #31
Which of the following BEST explains the difference between a data owner and a data custodian?
A. The data owner is responsible for adhering to the rules for using the data, while the data custodian is responsible for determining the corporate governance regarding the data
B. The data owner is responsible for determining how the data may be used, while the data custodian is responsible for implementing the protection to the data
C. The data owner is responsible for controlling the data, while the data custodian is responsible for maintaining the chain of custody when handling the data
D. The data owner grants the technical permissions for data access, while the data custodian maintains the database access controls to the data
View answer
Correct Answer: C
Question #32
An attacker has determined the best way to impact operations is to infiltrate third-party software vendors. Which of the following vectors is being exploited?
A. Social media
B. Cloud
C. Supply chain
D. Social engineering
View answer
Correct Answer: C
Question #33
A root cause analysis reveals that a web application outage was caused by one of the company’s developers uploading a newer version of the third-party libraries that were shared among several applications. Which of the following implementations would be BEST to prevent the issue from reoccurring?
A. CASB
B. SWG
C. Containerization
D. Automated failover
View answer
Correct Answer: C

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: