DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Optimize Your CompTIA SY0-601 Exam Prep, Practice Tests, CompTIA Security+ (Plus) Certification | SPOTO

To optimize your preparation for the CompTIA Security+ (SY0-601) certification exam, practicing the latest exam questions is paramount. This certification validates foundational skills crucial for core security functions and is a gateway to a thriving IT security career. The SY0-601 exam content is meticulously curated to encompass the most recent cybersecurity trends and techniques, focusing on core technical competencies such as risk assessment, incident response, forensics, enterprise networks, hybrid/cloud operations, and security controls. By engaging in rigorous practice tests, you can enhance your understanding of these critical areas and boost your confidence for the exam. SPOTO offers comprehensive practice tests tailored to the SY0-601 exam, ensuring that you are well-prepared to demonstrate your expertise and excel in obtaining the CompTIA Security+ certification. Optimize your exam preparation with SPOTO's practice tests and pave the way for success in your IT security journey.
Take other online exams

Question #1
A remote user recently took a two-week vacation abroad and brought along a corporate-owned laptop. Upon returning to work, the user has been unable to connect the laptop to the VPN. Which of the following is the MOST likely reason for the user’s inability to connect the laptop to the VPN?
A. Due to foreign travel, the user’s laptop was isolated from the network
B. The user’s laptop was quarantined because it missed the latest path update
View answer
Correct Answer: C
Question #2
A user enters a password to log in to a workstation and is then prompted to enter an authentication code. Which of the following MFA factors or attributes are being utilized in the authentication process? (Choose two.)
A. Something you know
B. Something you have C
E. Something you are
F. Something you can do
View answer
Correct Answer: D
Question #3
In which of the following risk management strategies would cybersecurity insurance be used?
A. Transference
B. Avoidance C
View answer
Correct Answer: D
Question #4
A company provides mobile devices to its users to permit access to email and enterprise applications. The company recently started allowing users to select from several different vendors and device models. When configuring the MDM, which of the following is a key security implication of this heterogeneous device approach?
A. The most common set of MDM configurations will become the effective set of enterprise mobile security controls
B. All devices will need to support SCEP-based enrollment; therefore, the heterogeneity of the chosen architecture may unnecessarily expose private keys to adversaries
View answer
Correct Answer: D
Question #5
A security analyst is reviewing output of a web server log and notices a particular account is attempting to transfer large amounts of money: Which of the following types of attack is MOST likely being conducted? A.SQLi
B. CSRF C
View answer
Correct Answer: A
Question #6
A security analyst has been reading about a newly discovered cyberattack from a known threat actor. Which of the following would BEST support the analyst’s review of the tactics, techniques, and protocols the threat actor was observed using in previous campaigns?
A. Security research publications B
View answer
Correct Answer: A
Question #7
A security administrator is analyzing the corporate wireless network. The network only has two access points running on channels 1 and 11. While using airodump-ng. the administrator notices other access points are running with the same corporate ESSID on all available channels and with the same BSSID of one of the legitimate access points. Which of the following attacks is happening on the corporate network?
A. Man in the middle B
E. Disassociation
View answer
Correct Answer: B
Question #8
A company processes highly sensitive data and senior management wants to protect the sensitive data by utilizing classification labels. Which of the following access control schemes would be BEST for the company to implement? A.Discretionary
B. Rule-based C
View answer
Correct Answer: D
Question #9
A company recently moved sensitive videos between on-premises, company-owned websites. The company then learned the videos had been uploaded and shared to the Internet. Which of the following would MOST likely allow the company to find the cause?
A. Checksums B
E. A right-to-audit clause
View answer
Correct Answer: BCF
Question #10
Users have been issued smart cards that provide physical access to a building. The cards also contain tokens that can be used to access information systems. Users can log in to any thin client located throughout the building and see the same desktop each time. Which of the following technologies are being utilized to provide these capabilities? (Choose two.) A.COPE B.VDI C.GPS D.TOTP E.RFID
F. BYOD
View answer
Correct Answer: B
Question #11
An attacker is trying to gain access by installing malware on a website that is known to be visited by the target victims. Which of the following is the attacker MOST likely attempting?
A. A spear-phishing attack
B. A watering-hole attack C
View answer
Correct Answer: DF
Question #12
A user is concerned that a web application will not be able to handle unexpected or random inputs without crashing. Which of the following BEST describes the type of testing the user should perform?
A. Code signing B
View answer
Correct Answer: B
Question #13
Which of the following BEST describes a security exploit for which a vendor patch is not readily available?
A. Integer overflow
B. Zero-day C
View answer
Correct Answer: BF
Question #14
A global company is experiencing unauthorized logins due to credential theft and account lockouts caused by brute-force attacks. The company is considering implementing a third-party identity provider to help mitigate these attacks. Which of the following would be the BEST control for the company to require from prospective vendors? A.IP restrictions
B. Multifactor authentication C
View answer
Correct Answer: BE
Question #15
Which of the following would satisfy three-factor authentication?
A. Password, retina scanner, and NFC card
B. Password, fingerprint scanner, and retina scanner C
View answer
Correct Answer: AB
Question #16
An analyst is trying to identify insecure services that are running on the internal network. After performing a port scan, the analyst identifies that a server has some insecure services enabled on default ports. Which of the following BEST describes the services that are currently running and the secure alternatives for replacing them? (Choose three.) A.SFTP, FTPS B.SNMPv2, SNMPv3 C.HTTP, HTTPS D.TFTP, FTP E.SNMPv1, SNMPv2
F. Telnet, SSH G
View answer
Correct Answer: C
Question #17
An organization plans to transition the intrusion detection and prevention techniques on a critical subnet to an anomalybased system. Which of the following does the organization need to determine for this to be successful?
A. The baseline
B. The endpoint configurations C
View answer
Correct Answer: C
Question #18
A new vulnerability in the SMB protocol on the Windows systems was recently discovered, but no patches are currently available to resolve the issue. The security administrator is concerned that servers in the company's DMZ will be vulnerable to external attack; however, the administrator cannot disable the service on the servers, as SMB is used by a number of internal systems and applications on the LAN. Which of the following TCP ports should be blocked for all external inbound connections to the DMZ as a
A. 135
B. 139 C
E. 443
F. 445
View answer
Correct Answer: E
Question #19
A company is required to continue using legacy software to support a critical service. Which of the following BEST explains a risk of this practice?
A. Default system configuration
B. Unsecure protocols C
View answer
Correct Answer: A
Question #20
After a ransomware attack, a forensics company needs to review a cryptocurrency transaction between the victim and the attacker. Which of the following will the company MOST likely review to trace this transaction?
A. The public ledger
B. The NetFlow data C
View answer
Correct Answer: B
Question #21
A database administrator needs to ensure all passwords are stored in a secure manner, so the administrator adds randomly generated data to each password before storing. Which of the following techniques BEST explains this action? A.Predictability B.Key stretching C.Salting D.Hashing
A database administrator needs to ensure all passwords are stored in a secure manner, so the administrator adds randomly generated data to each password before storing. Which of the following techniques BEST explains this action? A
View answer
Correct Answer: A
Question #22
Which of the following BEST describes the method a security analyst would use to confirm a file that is downloaded from a trusted security website is not altered in transit or corrupted using a verified checksum?
A. Hashing
B. Salting C
View answer
Correct Answer: B
Question #23
Several employees return to work the day after attending an industry trade show. That same day, the security manager notices several malware alerts coming from each of the employee’s workstations. The security manager investigates but finds no signs of an attack on the perimeter firewall or the NIDS. Which of the following is MOST likely causing the malware alerts?
A. A worm that has propagated itself across the intranet, which was initiated by presentation media
B. A fileless virus that is contained on a vCard that is attempting to execute an attack C
View answer
Correct Answer: B
Question #24
An organization routes all of its traffic through a VPN. Most users are remote and connect into a corporate datacenter that houses confidential information. There is a firewall at the Internet border, followed by a DLP appliance, the VPN server, and the datacenter itself. Which of the following is the WEAKEST design element?
A. The DLP appliance should be integrated into a NGFW
B. Split-tunnel connections can negatively impact the DLP appliance’s performance C
View answer
Correct Answer: A
Question #25
After installing a Windows server, a cybersecurity administrator needs to harden it, following security best practices. Which of the following will achieve the administrator’s goal? (Choose two.)
A. Disabling guest accounts
B. Disabling service accounts C
E. Storing LAN manager hash values
F. Enabling NTLM
View answer
Correct Answer: C
Question #26
A security analyst needs to complete an assessment. The analyst is logged into a server and must use native tools to map services running on it to the server’s listening ports. Which of the following tools can BEST accomplish this task? A.Netcat
B. Netstat C
View answer
Correct Answer: C
Question #27
Which of the following threat actors is MOST likely to be motivated by ideology?
A. Business competitor B
E. Disgruntled employee
View answer
Correct Answer: C
Question #28
A security assessment determines DES and 3DES are still being used on recently deployed production servers. Which of the following did the assessment identify?
A. Unsecure protocols
B. Default settings C
View answer
Correct Answer: A
Question #29
An enterprise needs to keep cryptographic keys in a safe manner. Which of the following network appliances can achieve this goal? A.HSM B.CASB C.TPM D.DLP
An enterprise needs to keep cryptographic keys in a safe manner. Which of the following network appliances can achieve this goal? A
View answer
Correct Answer: B
Question #30
Under GDPR, which of the following is MOST responsible for the protection of privacy and website user rights?
A. The data protection officer
B. The data processor C
View answer
Correct Answer: D
Question #31
The concept of connecting a user account across the systems of multiple enterprises is BEST known as:
A. federation
B. a remote access policy
View answer
Correct Answer: A
Question #32
A security analyst wants to verify that a client-server (non-web) application is sending encrypted traffic. Which of the following should the analyst use?
A. openssl
B. hping C
View answer
Correct Answer: A
Question #33
Following a prolonged datacenter outage that affected web-based sales, a company has decided to move its operations to a private cloud solution. The security team has received the following requirements: There must be visibility into how teams are using cloud-based services. The company must be able to identify when data related to payment cards is being sent to the cloud. Data must be available regardless of the end user’s geographic location. Administrators need a single pane-of-glass view into traffic an
A. Create firewall rules to restrict traffic to other cloud service providers
B. Install a DLP solution to monitor data in transit
View answer
Correct Answer: D
Question #34
The manager who is responsible for a data set has asked a security engineer to apply encryption to the data on a hard disk. The security engineer is an example of a:
A. data controller
B. data owner
View answer
Correct Answer: D
Question #35
In which of the following common use cases would steganography be employed?
A. Obfuscation B
View answer
Correct Answer: B
Question #36
A security incident may have occurred on the desktop PC of an organization’s Chief Executive Officer (CEO). A duplicate copy of the CEO’s hard drive must be stored securely to ensure appropriate forensic processes and the chain of custody are followed. Which of the following should be performed to accomplish this task?
A. Install a new hard drive in the CEO’s PC, and then remove the old hard drive and place it in a tamper-evident bag
B. Connect a write blocker to the hard drive
View answer
Correct Answer: A
Question #37
A security analyst has received an alert about PII being sent via email. The analyst’s Chief Information Security Officer (CISO) has made it clear that PII must be handled with extreme care. From which of the following did the alert MOST likely originate? A.S/MIME
B. DLP C
View answer
Correct Answer: B
Question #38
Which of the following types of controls is a CCTV camera that is not being monitored? A.Detective
B. Deterrent C
View answer
Correct Answer: C
Question #39
A security engineer is reviewing log files after a third party discovered usernames and passwords for the organization’s accounts. The engineer sees there was a change in the IP address for a vendor website one week earlier. This change lasted eight hours. Which of the following attacks was MOST likely used?
A. Man-in-the-middle
B. Spear phishing C
View answer
Correct Answer: A
Question #40
Which of the following describes the ability of code to target a hypervisor from inside a guest OS?
A. Fog computing B
E. Container breakout
View answer
Correct Answer: AD
Question #41
A security analyst needs to determine how an attacker was able to use User3 to gain a foothold within a company’s network. The company’s lockout policy requires that an account be locked out for a minimum of 15 minutes after three unsuccessful attempts. While reviewing the log files, the analyst discovers the following: Which of the following attacks MOST likely occurred? A.Dictionary
B. Credential-stuffing C
View answer
Correct Answer: A
Question #42
A company recently experienced a data breach and the source was determined to be an executive who was charging a phone in a public area. Which of the following would MOST likely have prevented this breach? A.A firewall
B. A device pin C
View answer
Correct Answer: A
Question #43
A network administrator has been asked to install an IDS to improve the security posture of an organization. Which of the following control types is an IDS? A.Corrective B.Physical C.Detective D.Administrative
A network administrator has been asked to install an IDS to improve the security posture of an organization. Which of the following control types is an IDS? A
View answer
Correct Answer: D
Question #44
A cybersecurity department purchased a new PAM solution. The team is planning to randomize the service account credentials of the Windows servers first. Which of the following would be the BEST method to increase the security on the Linux servers?
A. Randomize the shared credentials
B. Use only guest accounts to connect
View answer
Correct Answer: C
Question #45
A security analyst is using a recently released security advisory to review historical logs, looking for the specific activity that was outlined in the advisory. Which of the following is the analyst doing? A.A packet capture
B. A user behavior analysis C
View answer
Correct Answer: B
Question #46
A security engineer obtained the following output from a threat intelligence source that recently performed an attack on the company’s server: Which of the following BEST describes this kind of attack? A.Directory traversal
B. SQL injection C
View answer
Correct Answer: A
Question #47
A Chief Security Office's (CSO's) key priorities are to improve preparation, response, and recovery practices to minimize system downtime and enhance organizational resilience to ransomware attacks. Which of the following would BEST meet the CSO's objectives?
A. Use email-filtering software and centralized account management, patch high-risk systems, and restrict administration privileges on fileshares
B. Purchase cyber insurance from a reputable provider to reduce expenses during an incident
View answer
Correct Answer: B
Question #48
A security administrator suspects there may be unnecessary services running on a server. Which of the following tools will the administrator MOST likely use to confirm the suspicions?
A. Nmap B
View answer
Correct Answer: D
Question #49
Which of the following would MOST likely support the integrity of a voting machine? A.Asymmetric encryption B.Blockchain C.Transport Layer Security D.Perfect forward secrecy
Which of the following would MOST likely support the integrity of a voting machine? A. symmetric encryption B
View answer
Correct Answer: B
Question #50
Which of the following policies would help an organization identify and mitigate potential single points of failure in the company’s IT/security operations?
A. Least privilege
B. Awareness training C
View answer
Correct Answer: A
Question #51
Which of the following environments minimizes end-user disruption and MOST likely to be used to assess the impacts of any database migrations or major system changes by using the final version of the code?
A. Staging B
View answer
Correct Answer: A
Question #52
A recent audit uncovered a key finding regarding the use of a specific encryption standard in a web application that is used to communicate with business customers. Due to the technical limitations of its customers, the company is unable to upgrade the encryption standard. Which of the following types of controls should be used to reduce the risk created by this scenario? A.Physical B.Detective C.Preventive D.Compensating
A recent audit uncovered a key finding regarding the use of a specific encryption standard in a web application that is used to communicate with business customers. Due to the technical limitations of its customers, the company is unable to upgrade the encryption standard
View answer
Correct Answer: B
Question #53
Which of the following will MOST likely adversely impact the operations of unpatched traditional programmable-logic controllers, running a back-end LAMP server and OT systems with human-management interfaces that are accessible over the Internet via a web interface? (Choose two.) A.Cross-site scripting
B. Data exfiltration C
E. SQL injection
F. Server-side request forgery
View answer
Correct Answer: A
Question #54
A financial organization has adopted a new secure, encrypted document-sharing application to help with its customer loan process. Some important PII needs to be shared across this new platform, but it is getting blocked by the DLP systems. Which of the following actions will BEST allow the PII to be shared with the secure application without compromising the organization’s security posture?
A. Configure the DLP policies to allow all PII
B. Configure the firewall to allow all ports that are used by this application C
E. Configure the application to encrypt the PII
View answer
Correct Answer: C
Question #55
A bank detects fraudulent activity on user’s account. The user confirms transactions completed yesterday on the bank’s website at https:/www.company.com. A security analyst then examines the user’s Internet usage logs and observes the following output: Which of the following has MOST likely occurred?
A. Replay attack
B. SQL injection C
View answer
Correct Answer: B
Question #56
SIMULATION A newly purchased corporate WAP needs to be configured in the MOST secure manner possible. INSTRUCTIONS Please click on the below items on the network diagram and configure them accordingly: (cid:127) WAP (cid:127) DHCP Server (cid:127) AAA Server (cid:127) Wireless Controller (cid:127) LDAP Server If at any time you would like to bring back the initial state of the simulation, please click the Reset All button. A.See explanation below.
SIMULATION A newly purchased corporate WAP needs to be configured in the MOST secure manner possible. INSTRUCTIONS Please click on the below items on the network diagram and configure them accordingly: (cid:127) WAP (cid:127) DHCP Server (cid:127) AAA Server (cid:127) Wireless Controller (cid:127) LDAP Server If at any time you would like to bring back the initial state of the simulation, please click the Reset All button
View answer
Correct Answer: A
Question #57
A company’s Chief Information Officer (CIO) is meeting with the Chief Information Security Officer (CISO) to plan some activities to enhance the skill levels of the company’s developers. Which of the following would be MOST suitable for training the developers?
A. A capture-the-flag competition
B. A phishing simulation C
View answer
Correct Answer: B
Question #58
A cybersecurity administrator needs to add disk redundancy for a critical server. The solution must have a two-drive failure for better fault tolerance. Which of the following RAID levels should the administrator select? A.0 B.1 C.5 D.6
A cybersecurity administrator needs to add disk redundancy for a critical server. The solution must have a two-drive failure for better fault tolerance
View answer
Correct Answer: A
Question #59
Several large orders of merchandise were recently purchased on an e-commerce company’s website. The totals for each of the transactions were negative values, resulting in credits on the customers’ accounts. Which of the following should be implemented to prevent similar situations in the future?
A. Ensure input validation is in place to prevent the use of invalid characters and values
B. Calculate all possible values to be added together and ensure the use of the proper integer in the code
View answer
Correct Answer: D
Question #60
A security analyst is preparing a threat brief for an upcoming internal penetration test. The analyst needs to identify a method for determining the tactics, techniques, and procedures of a threat actor against the organization’s network. Which of the following will the analyst MOST likely use to accomplish the objective?
A. A tabletop exercise B
View answer
Correct Answer: D

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: