DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Prepare for CompTIA SY0-601 Exams Questions & Study Materials, CompTIA Security+ (Plus) Certification | SPOTO

The best way to prepare for the CompTIA Security+ (SY0-601) certification exam is by practicing the latest exam questions. This globally recognized certification validates essential skills for core security functions and is a gateway to a successful IT security career. The SY0-601 exam content is updated to address the latest cybersecurity trends and techniques, focusing on critical technical skills such as risk assessment, incident response, forensics, enterprise networks, hybrid/cloud operations, and security controls. By engaging with comprehensive study materials and practicing exam questions, you can ensure high performance on the exam and demonstrate your proficiency in key security domains. SPOTO offers top-notch preparation resources tailored to the SY0-601 exam, equipping you with the knowledge and skills needed to excel and achieve CompTIA Security+ certification success. Prepare effectively with SPOTO and embark on a rewarding journey in IT security.
Take other online exams

Question #1
A security engineer needs to implement the following requirements: All Layer 2 switches should leverage Active Directory for authentication. All Layer 2 switches should use local fallback authentication of Active Directory is offline. All Layer 2 switches are not the same and are manufactured by several vendors. Which of the following actions should the engineer take to meet these requirements? (Choose two.) A.Implement RADIUS.
B. Configure AAA on the switch with local login as secondary
E. Enable the local firewall on the Active Directory server
F. Implement a DHCP server
View answer
Correct Answer: AC
Question #2
A company is adopting a BYOD policy and is looking for a comprehensive solution to protect company information on user devices. Which of the following solutions would BEST support the policy? A.Mobile device management
B. Full-device encryption C
View answer
Correct Answer: A
Question #3
A network administrator has been asked to design a solution to improve a company’s security posture. The administrator is given the following requirements: The solution must be inline in the network. The solution must be able to block known malicious traffic. The solution must be able to stop network-based attacks. Which of the following should the network administrator implement to BEST meet these requirements? A.HIDS B.NIDS C.HIPS D.NIPS
A network administrator has been asked to design a solution to improve a company’s security posture. The administrator is given the following requirements: The solution must be inline in the network
View answer
Correct Answer: D
Question #4
A development team employs a practice of bringing all the code changes from multiple team members into the same development project through automation. A tool is utilized to validate the code and track source code through version control. Which of the following BEST describes this process?
A. Continuous delivery
B. Continuous integration C
View answer
Correct Answer: B
Question #5
An enterprise has hired an outside security firm to facilitate penetration testing on its network and applications. The firm has agreed to pay for each vulnerability that is discovered. Which of the following BEST represents the type of testing that is being used?
A. White-box
B. Red-team C
View answer
Correct Answer: C
Question #6
Which of the following BEST explains the reason why a server administrator would place a document named password.txt on the desktop of an administrator account on a server?
A. The document is a honeyfile and is meant to attract the attention of a cyberintruder
B. The document is a backup file if the system needs to be recovered
View answer
Correct Answer: A
Question #7
Joe, a user at a company, clicked an email links that led to a website that infected his workstation. Joe was connected to the network, and the virus spread to the network shares. The protective measures failed to stop this virus, and it has continued to evade detection. Which of the following should a security administrator implement to protect the environment from this malware?
A. Install a definition-based antivirus
View answer
Correct Answer: C
Question #8
A document that appears to be malicious has been discovered in an email that was sent to a company’s Chief Financial Officer (CFO). Which of the following would be BEST to allow a security analyst to gather information and confirm it is a malicious document without executing any code it may contain?
A. Open the document on an air-gapped network
B. View the document’s metadata for origin clues
View answer
Correct Answer: C
Question #9
A critical file server is being upgraded, and the systems administrator must determine which RAID level the new server will need to achieve parity and handle two simultaneous disk failures. Which of the following RAID levels meet this requirement? A.RAID 0+1 B.RAID 2 C.RAID 5 D.RAID 6
A critical file server is being upgraded, and the systems administrator must determine which RAID level the new server will need to achieve parity and handle two simultaneous disk failures. Which of the following RAID levels meet this requirement? A
View answer
Correct Answer: D
Question #10
A security auditor is reviewing vulnerability scan data provided by an internal security team. Which of the following BEST indicates that valid credentials were used?
A. The scan results show open ports, protocols, and services exposed on the target host
B. The scan enumerated software versions of installed programs C
View answer
Correct Answer: B
Question #11
Which of the following is a risk that is specifically associated with hosting applications in the public cloud?
A. Unsecured root accounts
B. Zero-day C
View answer
Correct Answer: BC
Question #12
An engineer wants to access sensitive data from a corporate-owned mobile device. Personal data is not allowed on the device. Which of the following MDM configurations must be considered when the engineer travels for business? A.Screen locks
B. Application management C
View answer
Correct Answer: D
Question #13
The human resources department of a large online retailer has received multiple customer complaints about the rudeness of the automated chatbots it uses to interface and assist online shoppers. The system, which continuously learns and adapts, was working fine when it was installed a few months ago. Which of the following BEST describes the method being used to exploit the system?
A. Baseline modification B
View answer
Correct Answer: C
Question #14
An organization that has a large number of mobile devices is exploring enhanced security controls to manage unauthorized access if a device is lost or stolen. Specifically, if mobile devices are more than 3mi (4.8km) from the building, the management team would like to have the security team alerted and server resources restricted on those devices. Which of the following controls should the organization implement? A.Geofencing
B. Lockout C
View answer
Correct Answer: A
Question #15
A Chief Executive Officer (CEO) is dissatisfied with the level of service from the company’s new service provider. The service provider is preventing the CEO from sending email from a work account to a personal account. Which of the following types of service providers is being used?
A. Telecommunications service provider
B. Cloud service provider C
View answer
Correct Answer: B
Question #16
A network administrator has been alerted that web pages are experiencing long load times. After determining it is not a routing or DNS issue, the administrator logs in to the router, runs a command, and receives the following output: Which of the following is the router experiencing? A.DDoS attack
B. Memory leak C
View answer
Correct Answer: D
Question #17
A technician needs to prevent data loss in a laboratory. The laboratory is not connected to any external networks. Which of the following methods would BEST prevent the exfiltration of data? (Choose two.) A.VPN
B. Drive encryption C
F. MFA
View answer
Correct Answer: A
Question #18
A company is designing the layout of a new datacenter so it will have an optimal environmental temperature. Which of the following must be included? (Choose two.)
A. An air gap B
E. An IoT thermostat
F. A humidity monitor
View answer
Correct Answer: BE
Question #19
A security analyst needs to be proactive in understanding the types of attacks that could potentially target the company’s executives. Which of the following intelligence sources should the security analyst review?
A. Vulnerability feeds
B. Trusted automated exchange of indicator information C
View answer
Correct Answer: D
Question #20
Which of the following would BEST identify and remediate a data-loss event in an enterprise using third-party, web-based services and file-sharing platforms? A.SIEM B.CASB C.UTM D.EDR
Which of the following would BEST identify and remediate a data-loss event in an enterprise using third-party, web-based services and file-sharing platforms? A. IEM B
View answer
Correct Answer: B
Question #21
An organization relies on third-party video conferencing to conduct daily business. Recent security changes now require all remote workers to utilize a VPN to corporate resources. Which of the following would BEST maintain high-quality video conferencing while minimizing latency when connected to the VPN?
A. Using geographic diversity to have VPN terminations closer to end users
B. Utilizing split tunneling so only traffic for corporate resources is encrypted C
View answer
Correct Answer: B
Question #22
Which of the following incident response steps involves actions to protect critical systems while maintaining business operations?
A. Investigation
B. Containment C
View answer
Correct Answer: D
Question #23
A symmetric encryption algorithm is BEST suited for:
A. key-exchange scalability
B. protecting large amounts of data
View answer
Correct Answer: B
Question #24
A security analyst needs to perform periodic vulnerability scans on production systems. Which of the following scan types would produce the BEST vulnerability scan report? A.Port
B. Intrusive C
View answer
Correct Answer: D
Question #25
An organization is concerned that its hosted web servers are not running the most updated version of the software. Which of the following would work BEST to help identify potential vulnerabilities?
A. hping3 –S comptia
B. nc –l –v comptia
View answer
Correct Answer: C
Question #26
An organization blocks user access to command-line interpreters, but hackers still managed to invoke the interpreters using native administrative tools. Which of the following should the security team do to prevent this from happening in the future?
A. Implement HIPS to block inbound and outbound SMB ports 139 and 445
B. Trigger a SIEM alert whenever the native OS tools are executed by the user
View answer
Correct Answer: C
Question #27
A company is upgrading its wireless infrastructure to WPA2-Enterprise using EAP-TLS. Which of the following must be part of the security architecture to achieve AAA? (Choose two.) A.DNSSEC
B. Reverse proxy C
F. RADIUS
View answer
Correct Answer: EF
Question #28
A security analyst receives a SIEM alert that someone logged in to the appadmin test account, which is only used for the early detection of attacks. The security analyst then reviews the following application log: Which of the following can the security analyst conclude?
A. A replay attack is being conducted against the application
B. An injection attack is being conducted against a user authentication system
View answer
Correct Answer: C
Question #29
Ann, a forensic analyst, needs to prove that the data she originally acquired has remained unchanged while in her custody. Which of the following should Ann use?
A. Chain of custody
B. Checksums C
View answer
Correct Answer: B
Question #30
The SOC is reviewing processes and procedures after a recent incident. The review indicates it took more than 30 minutes to determine that quarantining an infected host was the best course of action. This allowed the malware to spread to additional hosts before it was contained. Which of the following would be BEST to improve the incident response process?
A. Updating the playbooks with better decision points
B. Dividing the network into trusted and untrusted zones C
View answer
Correct Answer: D
Question #31
Users at an organization have been installing programs from the Internet on their workstations without first receiving proper authorization. The organization maintains a portal from which users can install standardized programs. However, some users have administrative access on their workstations to enable legacy programs to function properly. Which of the following should the security administrator consider implementing to address this issue?
A. Application code signing
B. Application whitelisting C
View answer
Correct Answer: C
Question #32
After entering a username and password, an administrator must draw a gesture on a touch screen. Which of the following demonstrates what the administrator is providing?
A. Multifactor authentication
B. Something you can do C
View answer
Correct Answer: D
Question #33
A network administrator would like to configure a site-to-site VPN utilizing IPsec. The administrator wants the tunnel to be established with data integrity, encryption, authentication, and anti-replay functions. Which of the following should the administrator use when configuring the VPN? A.AH B.EDR C.ESP D.DNSSEC
A network administrator would like to configure a site-to-site VPN utilizing IPsec. The administrator wants the tunnel to be established with data integrity, encryption, authentication, and anti-replay functions
View answer
Correct Answer: C
Question #34
Which of the following technical controls is BEST suited for the detection and prevention of buffer overflows on hosts?
A. DLP
B. HIDS C
View answer
Correct Answer: C
Question #35
The following are the logs of a successful attack: Which of the following controls would be BEST to use to prevent such a breach in the future?
A. Password history
B. Account expiration C
View answer
Correct Answer: D
Question #36
A security analyst is performing a forensic investigation involving compromised account credentials. Using the Event Viewer, the analyst was able to detect the following message: “Special privileges assigned to new logon.” Several of these messages did not have a valid logon associated with the user before these privileges were assigned. Which of the following attacks is MOST likely being detected?
A. Pass-the-hash
B. Buffer overflow C
View answer
Correct Answer: A
Question #37
A malicious actor recently penetrated a company’s network and moved laterally to the datacenter. Upon investigation, a forensics firm wants to know what was in the memory on the compromised server. Which of the following files should be given to the forensics firm? A.Security
B. Application C
View answer
Correct Answer: C
Question #38
A security analyst is reviewing information regarding recent vulnerabilities. Which of the following will the analyst MOST likely consult to validate which platforms have been affected? A.OSINT B.SIEM C.CVSS D.CVE
A security analyst is reviewing information regarding recent vulnerabilities. Which of the following will the analyst MOST likely consult to validate which platforms have been affected? A
View answer
Correct Answer: B
Question #39
During an incident, an EDR system detects an increase in the number of encrypted outbound connections from multiple hosts. A firewall is also reporting an increase in outbound connections that use random high ports. An analyst plans to review the correlated logs to find the source of the incident. Which of the following tools will BEST assist the analyst?
A. A vulnerability scanner B
View answer
Correct Answer: D
Question #40
After a hardware incident, an unplanned emergency maintenance activity was conducted to rectify the issue. Multiple alerts were generated on the SIEM during this period of time. Which of the following BEST explains what happened?
A. The unexpected traffic correlated against multiple rules, generating multiple alerts
B. Multiple alerts were generated due to an attack occurring at the same time C
View answer
Correct Answer: D
Question #41
An organization with a low tolerance for user inconvenience wants to protect laptop hard drives against loss or data theft. Which of the following would be the MOST acceptable? A.SED B.HSM C.DLP D.TPM
An organization with a low tolerance for user inconvenience wants to protect laptop hard drives against loss or data theft. Which of the following would be the MOST acceptable? A
View answer
Correct Answer: A
Question #42
A security analyst is configuring a large number of new company-issued laptops. The analyst received the following requirements: The devices will be used internationally by staff who travel extensively. Occasional personal use is acceptable due to the travel requirements. Users must be able to install and configure sanctioned programs and productivity suites. The devices must be encrypted. The devices must be capable of operating in low-bandwidth environments. Which of the following would provide the GREATE
A. Configuring an always-on VPN
B. Implementing application whitelisting C
View answer
Correct Answer: D
Question #43
A smart switch has the ability to monitor electrical levels and shut off power to a building in the event of power surge of power surge or other fault situation. The switch was installed on a wired network in a hospital and is monitored by the facilities department via a cloud application. The security administrator isolated the switch on a separate VLAN and set up a patching routine. Which of the following steps should also be taken to harden the smart switch?
A. Set up an air gap for the switch
B. Change the default password for the switch
View answer
Correct Answer: B
Question #44
A user reports constant lag and performance issues with the wireless network when working at a local coffee shop. A security analyst walks the user through an installation of Wireshark and gets a fiveminute pcap to analyze. The analyst observes the following output: Which of the following attacks does the analyst MOST likely see in this packet capture?
A. Session replay B
View answer
Correct Answer: B
Question #45
A privileged user at a company stole several proprietary documents from a server. The user also went into the log files and deleted all records of the incident. The systems administrator has just informed investigators that other log files are available for review. Which of the following did the administrator MOST likely configure that will assist the investigators?
A. Memory dumps
B. The syslog server C
View answer
Correct Answer: C
Question #46
Which of the following ISO standards is certified for privacy?
A. ISO 9001
B. ISO 27002 C
View answer
Correct Answer: BE
Question #47
A security analyst is reviewing the following attack log output: Which of the following types of attacks does this MOST likely represent?
A. Rainbow table B
View answer
Correct Answer: C
Question #48
When selecting a technical solution for identity management, an architect chooses to go from an in-house solution to a thirdparty SaaS provider. Which of the following risk management strategies is this an example of?
A. Transference
B. Avoidance C
View answer
Correct Answer: A
Question #49
An organization wants to implement a third factor to an existing multifactor authentication. The organization already uses a smart card and password. Which of the following would meet the organization’s needs for a third factor? A.Date of birth
B. Fingerprints C
View answer
Correct Answer: B
Question #50
Which of the following describes the BEST approach for deploying application patches?
A. Apply the patches to systems in a testing environment, then to systems in a staging environment, and finally to production systems
B. Test the patches in a staging environment, develop against them in the development environment, and then apply them to the production systems
View answer
Correct Answer: A
Question #51
During a routine scan of a wireless segment at a retail company, a security administrator discovers several devices are connected to the network that do not match the company’s naming convention and are not in the asset inventory. WiFi access is protected with 256-bit encryption via WPA2. Physical access to the company’s facility requires two-factor authentication using a badge and a passcode. Which of the following should the administrator implement to find and remediate the issue? (Choose two.)
A. Check the SIEM for failed logins to the LDAP directory
B. Enable MAC filtering on the switches that support the wireless network
E. Scan the wireless network for rogue access points
F. Deploy a honeypot on the network
View answer
Correct Answer: BE
Question #52
Which of the following cryptographic concepts would a security engineer utilize while implementing non-repudiation? (Choose two.) A.Block cipher
B. Hashing C
E. Salting
F. Symmetric keys
View answer
Correct Answer: C
Question #53
During an incident, a company’s CIRT determines it is necessary to observe the continued network-based transactions between a callback domain and the malware running on an enterprise PC. Which of the following techniques would be BEST to enable this activity while reducing the risk of lateral spread and the risk that the adversary would notice any changes?
A. Physically move the PC to a separate Internet point of presence
B. Create and apply microsegmentation rules
View answer
Correct Answer: B
Question #54
Which of the following should a technician consider when selecting an encryption method for data that needs to remain confidential for a specific length of time?
A. The key length of the encryption algorithm
B. The encryption algorithm’s longevity C
View answer
Correct Answer: A
Question #55
A commercial cyber-threat intelligence organization observes IoCs across a variety of unrelated customers. Prior to releasing specific threat intelligence to other paid subscribers, the organization is MOST likely obligated by contracts to:
A. perform attribution to specific APTs and nation-state actors
B. anonymize any PII that is observed within the IoC data
View answer
Correct Answer: B
Question #56
When implementing automation with IoT devices, which of the following should be considered FIRST to keep the network secure?
A. Z-Wave compatibility
B. Network range C
View answer
Correct Answer: D
Question #57
A security engineer at an offline government facility is concerned about the validity of an SSL certificate. The engineer wants to perform the fastest check with the least delay to determine if the certificate has been revoked. Which of the following would BEST meet these requirements?
A. RA B
View answer
Correct Answer: C
Question #58
Joe, an employee, receives an email stating he won the lottery. The email includes a link that requests a name, mobile phone number, address, and date of birth be provided to confirm Joe’s identity before sending him the prize. Which of the following BEST describes this type of email?
A. Spear phishing
B. Whaling C
View answer
Correct Answer: C
Question #59
A security engineer needs to implement an MDM solution that complies with the corporate mobile device policy. The policy states that in order for mobile users to access corporate resources on their devices, the following requirements must be met: Mobile device OSs must be patched up to the latest release. A screen lock must be enabled (passcode or biometric). Corporate data must be removed if the device is reported lost or stolen. Which of the following controls should the security engineer configure? (Choo
A. Containerization
B. Storage segmentation C
E. Full-device encryption
F. Geofencing
View answer
Correct Answer: CD
Question #60
An organization is developing an authentication service for use at the entry and exit ports of country borders. The service will use data feeds obtained from passport systems, passenger manifests, and high-definition video feeds from CCTV systems that are located at the ports. The service will incorporate machine-learning techniques to eliminate biometric enrollment processes while still allowing authorities to identify passengers with increasing accuracy over time. The more frequently passengers travel, th
E. Retina
F. Fingerprint
View answer
Correct Answer: BD

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: