compTIA Security+ SY0-601 Test bank 500
Questions and Answers 2025 –
2026(Verified)complete sol, Exams of Computer
Communication Systems
A security researcher is attempting to gather data on the widespread use of a Zero-day exploit.
Which of the following will the researcher MOST likely use to capture this data?
A. A DNS sinkhole
B. A honeypot
C. A vulnerability scan
D. CVSS Answer: B. A honeypot
400. An external forensics investigator has been hired to investigate a data breach at a large
enterprise with numerous assets. It is known that the breach started in the DMZ and moved to
the sensitive information, generating multiple logs as the attacker traversed through the
network.
A. Perform a vulnerability scan to identity the weak spots.
B. Use a packet analyzer to Investigate the NetFlow traffic.
C. Check the SIEM to review the correlated logs.
D. Require access to the routers to view current sessions. Answer: C. Check the SIEM to review
the correlated logs.
400. A security analyst is investigating multiple hosts that are communicating to external IP
addresses during the hours of 2:00 a.m - 4:00 am. The malware has evaded detection by
traditional antivirus software.
A. RAT
B. Ransomware
C. Logic bomb
D. A worm A RAT
1|Page
,400. Which of the following would satisfy three-factor authentication?
A. Password, retina scanner, and NFC card
B. Password, fingerprint scanner, and retina scanner
C. Password, hard token, and NFC card
D. Fingerprint scanner, hard token, and retina scanner A. Password, retina scanner, and NFC
card
400. As part of a company's ongoing SOC maturation process, the company wants to implement
a method to share cyberthreat intelligence data with outside security partners.
A. TAXII
B. TLP
C. TTP
D. STIX D. STIX
400. The website http://companywebsite.com requires users to provide personal information
including security responses, for registration.
A. LACK OF INPUT VALIDATION
B. OPEN PERMISSIONS
C. UNSCECURE PROTOCOL
D. MISSING PATCHES C. UNSCECURE PROTOCOL
400. An information security policy states that separation of duties is required for all highly
sensitive database changes that involve customers' financial data.
A. Least privilege
B. An insider threat
C. A data breach
2|Page
,D. A change control violation B. An insider threat
400. Which of the following environments utilizes dummy data and is MOST likely to be installed
locally on a system that allows code to be assessed directly and modified easily with each build?
A. Production
B. Test
C. Staging
D. Development D. Development
400. A user reports trouble using a corporate laptop. The laptop freezes and responds slowly
when writing documents and the mouse pointer occasional disappears.
The task list shows the following results: CPU and RAM really high
A. RAT
B. PUP
C. Spyware
D. Keylogger A. RAT
400. Which of the following corporate policies is used to help prevent employee fraud and to
detect system log modifications or other malicious activity based on tenure?
A. Background checks
B. Mandatory vacation
C. Social media analysis
D. Separation of duties B. Mandatory vacation
400. company needs to validate its updated incident response plan using a real-world scenario
that will test decision points and relevant incident response actions without interrupting daily
operations.
A. Red-team exercise
B. Capture-the-flag exercise
3|Page
, C. Tabletop exercise
D. Phishing exercise C. Tabletop exercise
400. An organization is moving away from the use of client-side and server-side certificates for
EAR. The company would like for the new EAP solution to have the ability to detect rogue access
points.
Which of the following would accomplish these requirements?
A. PEAP
B. EAP-FAST
C. EAP-TLS
D. EAP-TTLS A. PEAP
400. A company is receiving emails with links to phishing sites that look very similar to the
company's own website address and content.
A. Create a honeynet to trap attackers who access the VPN with credentials obtained by
phishing.
B. Generate a list of domains similar to the company's own and implement a DNS sinkhole for
each.
C. Disable POP and IMAP on all Internet-facing email servers and implement SMTPS.
D. Use an automated tool to flood the phishing websites with fake usernames and passwords.
B. Generate a list of domains similar to the company's own and implement a DNS
sinkhole for each.
400. A security architect at a large, multinational organization is concerned about the
complexities and overhead of managing multiple encryption keys securely in a multicloud
provider environment. The security architect is looking for a solution with reduced latency to
allow the incorporation of the organization's existing keys and to maintain consistent,
centralized control and management regardless of the data location.
Which of the following would BEST meet the architect's objectives?
4|Page
Questions and Answers 2025 –
2026(Verified)complete sol, Exams of Computer
Communication Systems
A security researcher is attempting to gather data on the widespread use of a Zero-day exploit.
Which of the following will the researcher MOST likely use to capture this data?
A. A DNS sinkhole
B. A honeypot
C. A vulnerability scan
D. CVSS Answer: B. A honeypot
400. An external forensics investigator has been hired to investigate a data breach at a large
enterprise with numerous assets. It is known that the breach started in the DMZ and moved to
the sensitive information, generating multiple logs as the attacker traversed through the
network.
A. Perform a vulnerability scan to identity the weak spots.
B. Use a packet analyzer to Investigate the NetFlow traffic.
C. Check the SIEM to review the correlated logs.
D. Require access to the routers to view current sessions. Answer: C. Check the SIEM to review
the correlated logs.
400. A security analyst is investigating multiple hosts that are communicating to external IP
addresses during the hours of 2:00 a.m - 4:00 am. The malware has evaded detection by
traditional antivirus software.
A. RAT
B. Ransomware
C. Logic bomb
D. A worm A RAT
1|Page
,400. Which of the following would satisfy three-factor authentication?
A. Password, retina scanner, and NFC card
B. Password, fingerprint scanner, and retina scanner
C. Password, hard token, and NFC card
D. Fingerprint scanner, hard token, and retina scanner A. Password, retina scanner, and NFC
card
400. As part of a company's ongoing SOC maturation process, the company wants to implement
a method to share cyberthreat intelligence data with outside security partners.
A. TAXII
B. TLP
C. TTP
D. STIX D. STIX
400. The website http://companywebsite.com requires users to provide personal information
including security responses, for registration.
A. LACK OF INPUT VALIDATION
B. OPEN PERMISSIONS
C. UNSCECURE PROTOCOL
D. MISSING PATCHES C. UNSCECURE PROTOCOL
400. An information security policy states that separation of duties is required for all highly
sensitive database changes that involve customers' financial data.
A. Least privilege
B. An insider threat
C. A data breach
2|Page
,D. A change control violation B. An insider threat
400. Which of the following environments utilizes dummy data and is MOST likely to be installed
locally on a system that allows code to be assessed directly and modified easily with each build?
A. Production
B. Test
C. Staging
D. Development D. Development
400. A user reports trouble using a corporate laptop. The laptop freezes and responds slowly
when writing documents and the mouse pointer occasional disappears.
The task list shows the following results: CPU and RAM really high
A. RAT
B. PUP
C. Spyware
D. Keylogger A. RAT
400. Which of the following corporate policies is used to help prevent employee fraud and to
detect system log modifications or other malicious activity based on tenure?
A. Background checks
B. Mandatory vacation
C. Social media analysis
D. Separation of duties B. Mandatory vacation
400. company needs to validate its updated incident response plan using a real-world scenario
that will test decision points and relevant incident response actions without interrupting daily
operations.
A. Red-team exercise
B. Capture-the-flag exercise
3|Page
, C. Tabletop exercise
D. Phishing exercise C. Tabletop exercise
400. An organization is moving away from the use of client-side and server-side certificates for
EAR. The company would like for the new EAP solution to have the ability to detect rogue access
points.
Which of the following would accomplish these requirements?
A. PEAP
B. EAP-FAST
C. EAP-TLS
D. EAP-TTLS A. PEAP
400. A company is receiving emails with links to phishing sites that look very similar to the
company's own website address and content.
A. Create a honeynet to trap attackers who access the VPN with credentials obtained by
phishing.
B. Generate a list of domains similar to the company's own and implement a DNS sinkhole for
each.
C. Disable POP and IMAP on all Internet-facing email servers and implement SMTPS.
D. Use an automated tool to flood the phishing websites with fake usernames and passwords.
B. Generate a list of domains similar to the company's own and implement a DNS
sinkhole for each.
400. A security architect at a large, multinational organization is concerned about the
complexities and overhead of managing multiple encryption keys securely in a multicloud
provider environment. The security architect is looking for a solution with reduced latency to
allow the incorporation of the organization's existing keys and to maintain consistent,
centralized control and management regardless of the data location.
Which of the following would BEST meet the architect's objectives?
4|Page
