CompTIA SY0-601 CompTIA Security+ Exam Online Training
CompTIA SY0-601 Online Training
The questions for SY0-601 were last updated at Oct 23,2025.
- Exam Code: SY0-601
- Exam Name: CompTIA Security+ Exam
- Certification Provider: CompTIA
- Latest update: Oct 23,2025
A security analyst is investigating a phishing email that contains a malicious document directed to the company’s Chief Executive Officer (CEO).
Which of the following should the analyst perform to understand the threat and retrieve possible IoCs?
- A . Run a vulnerability scan against the CEOs computer to find possible vulnerabilities
- B . Install a sandbox to run the malicious payload in a safe environment
- C . Perform a traceroute to identify the communication path
- D . Use netstat to check whether communication has been made with a remote host
A customer has reported that an organization’s website displayed an image of a smiley (ace rather than the expected web page for a short time two days earlier.
A security analyst reviews log tries and sees the following around the lime of the incident: 

Which of the following is MOST likely occurring?
- A . Invalid trust chain
- B . Domain hijacking
- C . DNS poisoning
- D . URL redirection
Which of the following would produce the closet experience of responding to an actual incident response scenario?
- A . Lessons learned
- B . Simulation
- C . Walk-through
- D . Tabletop
A security analyst was deploying a new website and found a connection attempting to authenticate on the site’s portal. While Investigating.
The incident, the analyst identified the following Input in the username field: 

Which of the following BEST explains this type of attack?
- A . DLL injection to hijack administrator services
- B . SQLi on the field to bypass authentication
- C . Execution of a stored XSS on the website
- D . Code to execute a race condition on the server
The Chief Information Security Officer directed a risk reduction in shadow IT and created a policy requiring all unsanctioned high-risk SaaS applications to be blocked from user access.
Which of the following is the BEST security solution to reduce this risk?
- A . CASB
- B . VPN concentrator
- C . MFA
- D . VPC endpoint
After a WiFi scan of a local office was conducted, an unknown wireless signal was identified Upon investigation, an unknown Raspberry Pi device was found connected to an Ethernet port using a single connection.
Which of the following BEST describes the purpose of this device?
- A . loT sensor
- B . Evil twin
- C . Rogue access point
- D . On-path attack
Remote workers in an organization use company-provided laptops with locally installed applications and locally stored data Users can store data on a remote server using an encrypted connection. The organization discovered data stored on a laptop had been made available to the public.
Which of the following security solutions would mitigate the risk of future data disclosures?
- A . FDE
- B . TPM
- C . HIDS
- D . VPN
A security researcher has alerted an organization that its sensitive user data was found for sale on a website.
Which of the following should the organization use to inform the affected parties?
- A . An incident response plan
- B . A communications plan
- C . A business continuity plan
- D . A disaster recovery plan
An organization’s Chief Information Security Officer is creating a position that will be responsible for implementing technical controls to protect data, including ensuring backups are properly maintained.
Which of the following roles would MOST likely include these responsibilities?
- A . Data protection officer
- B . Data owner
- C . Backup administrator
- D . Data custodian
- E . Internal auditor
Which of the following would MOST likely be identified by a credentialed scan but would be missed by an uncredentialed scan?
- A . Vulnerabilities with a CVSS score greater than 6.9.
- B . Critical infrastructure vulnerabilities on non-IP protocols.
- C . CVEs related to non-Microsoft systems such as printers and switches.
- D . Missing patches for third-party software on Windows workstations and servers.
 
	