compTIA Security+ SY0-601 Practice Questions and Answers
2025 – 2026(Verified)complete sol, Exams of Computer
Communication Systems
An administrator is replacing a wireless router. The configuration of the old wireless router was
not documented before it stopped functioning. The equipment connecting to the wireless
network uses older legacy equipment that was manufactured prior to the release of the 802.11i
standard. Which of the following configuration options should the administrator select for the
new wireless router?
A. WPA+CCMP
B. WPA2+CCMP
C. WPA+TKIP
D. WPA2+TKIPC: WPA+TKIP
Which of the following threat actors is MOST likely to steal a company's proprietary information
to gain a market edge and reduce time to market?
A. Competitor
B. Hacktivist
C. Insider
D. Organized crime A. Competitor
Which of the following BEST describes an important security advantage yielded by
implementing vendor diversity?
A. Sustainability
B. Homogeneity
C. Resiliency
D. Configurability C. Resiliency
Which of the following specifically describes the exploitation of an interactive process to access
otherwise restricted areas of the OS?
A. Pivoting
1|Page
,B. Process affinity
C. Buffer overflow
D. XSS C. Buffer overflow
Which of the following differentiates a collision attack from a rainbow table attack?
A. A rainbow table attack performs a hash lookup.
B. A rainbow table attack uses the hash as a password. C. In a collision attack, the hash and the
input data are equivalent.
D. In a collision attack, the same input results in different hashes. A. A rainbow table attack
performs a hash lookup.
A security technician has been receiving alerts from several servers that indicate load balancers
have had a significant increase in traffic. The technician initiates a system scan. The scan results
illustrate that the disk space on several servers has reached capacity. The scan also indicates
that incoming internet traffic to the servers has increased. Which of the following is the MOST
likely cause of the decreased disk space?
A. Misconfigured devices
B. Logs and events anomalies
C. Authentication issues
D. Unauthorized software D. Unauthorized software
Which of the following is used to validate the integrity of data?
A. CBC
B. Blowfish
C. MD5
D. RSA C. MD5
A user typically works remotely over the holidays using a web-based VPN to access corporate
resources. The user reports getting untrusted host errors and being unable to connect. Which of
the following is MOST likely the case?
A. The certificate has expired
2|Page
,B. The browser does not support SSL
C. The user's account is locked out
D. The VPN software has reached the seat license maximum A. The certificate has expired
When it comes to cloud computing, if one of the requirements for a project is to have the most
control over the systems in the cloud, which of the following is a service model that would be
BEST suited for this goal?
A. Infrastructure
B. Platform
C. Software
D. Virtualization A. Infrastructure
A company was recently audited by a third party. The audit revealed the company's network
devices were transferring files in the clear. Which of the following protocols should the company
use to transfer files?
A. HTTPS
B. LDAPS
C. SCP
D. SNMPv3 C. SCP
A security analyst is acquiring data from a potential network incident. Which of the following
evidence is the analyst MOST likely to obtain to determine the incident?
A. Volatile memory capture
B. Traffic and logs
C. Screenshots
D. System image capture B. Traffic and logs
A cybersecurity analyst is looking into the payload of a random packet capture file that was
selected for analysis. The analyst notices that an internal host had a socket established with
another internal host over a non-standard port. Upon investigation, the origin host that initiated
the socket shows this output:
3|Page
, usera@host>history mkdir /local/usr/bin/somedirectory
nc -1 192.168.5.1 -p 9856
ping -c 30 8.8.8.8 -a 600 rm /etc/dir2/somefile
rm -rm /etc/dir2/
traceroute 8.8.8.8
pakill pid 9487
usera@host>
Given the above output, which of the following commands would have established the
questionable socket?
A. traceroute 8.8.8.8
B. ping -1 30 8.8.8.8 -a 600
C. nc -1 192.168.5.1 -p 9856
D. pskill pid 9487 C. nc -1 192.168.5.1 -p 9856
A security administrator has written a script that will automatically upload binary and text-
based configuration files onto a remote server using a scheduled task. The configuration files
contain sensitive information. Which of the following should the administrator use? (Select
TWO)
A. TOPT
B. SCP
C. FTP over a non-standard pot
D. SRTP
E. Certificate-based authentication
F. SNMPv3 b/e
A security analyst conducts a manual scan on a known hardened host that identifies many non-
compliant items. Which of the following BEST describe why this has occurred? (Select TWO)
A. Privileged-user certificated were used to scan the host
B. Non-applicable plug ins were selected in the scan policy
4|Page
2025 – 2026(Verified)complete sol, Exams of Computer
Communication Systems
An administrator is replacing a wireless router. The configuration of the old wireless router was
not documented before it stopped functioning. The equipment connecting to the wireless
network uses older legacy equipment that was manufactured prior to the release of the 802.11i
standard. Which of the following configuration options should the administrator select for the
new wireless router?
A. WPA+CCMP
B. WPA2+CCMP
C. WPA+TKIP
D. WPA2+TKIPC: WPA+TKIP
Which of the following threat actors is MOST likely to steal a company's proprietary information
to gain a market edge and reduce time to market?
A. Competitor
B. Hacktivist
C. Insider
D. Organized crime A. Competitor
Which of the following BEST describes an important security advantage yielded by
implementing vendor diversity?
A. Sustainability
B. Homogeneity
C. Resiliency
D. Configurability C. Resiliency
Which of the following specifically describes the exploitation of an interactive process to access
otherwise restricted areas of the OS?
A. Pivoting
1|Page
,B. Process affinity
C. Buffer overflow
D. XSS C. Buffer overflow
Which of the following differentiates a collision attack from a rainbow table attack?
A. A rainbow table attack performs a hash lookup.
B. A rainbow table attack uses the hash as a password. C. In a collision attack, the hash and the
input data are equivalent.
D. In a collision attack, the same input results in different hashes. A. A rainbow table attack
performs a hash lookup.
A security technician has been receiving alerts from several servers that indicate load balancers
have had a significant increase in traffic. The technician initiates a system scan. The scan results
illustrate that the disk space on several servers has reached capacity. The scan also indicates
that incoming internet traffic to the servers has increased. Which of the following is the MOST
likely cause of the decreased disk space?
A. Misconfigured devices
B. Logs and events anomalies
C. Authentication issues
D. Unauthorized software D. Unauthorized software
Which of the following is used to validate the integrity of data?
A. CBC
B. Blowfish
C. MD5
D. RSA C. MD5
A user typically works remotely over the holidays using a web-based VPN to access corporate
resources. The user reports getting untrusted host errors and being unable to connect. Which of
the following is MOST likely the case?
A. The certificate has expired
2|Page
,B. The browser does not support SSL
C. The user's account is locked out
D. The VPN software has reached the seat license maximum A. The certificate has expired
When it comes to cloud computing, if one of the requirements for a project is to have the most
control over the systems in the cloud, which of the following is a service model that would be
BEST suited for this goal?
A. Infrastructure
B. Platform
C. Software
D. Virtualization A. Infrastructure
A company was recently audited by a third party. The audit revealed the company's network
devices were transferring files in the clear. Which of the following protocols should the company
use to transfer files?
A. HTTPS
B. LDAPS
C. SCP
D. SNMPv3 C. SCP
A security analyst is acquiring data from a potential network incident. Which of the following
evidence is the analyst MOST likely to obtain to determine the incident?
A. Volatile memory capture
B. Traffic and logs
C. Screenshots
D. System image capture B. Traffic and logs
A cybersecurity analyst is looking into the payload of a random packet capture file that was
selected for analysis. The analyst notices that an internal host had a socket established with
another internal host over a non-standard port. Upon investigation, the origin host that initiated
the socket shows this output:
3|Page
, usera@host>history mkdir /local/usr/bin/somedirectory
nc -1 192.168.5.1 -p 9856
ping -c 30 8.8.8.8 -a 600 rm /etc/dir2/somefile
rm -rm /etc/dir2/
traceroute 8.8.8.8
pakill pid 9487
usera@host>
Given the above output, which of the following commands would have established the
questionable socket?
A. traceroute 8.8.8.8
B. ping -1 30 8.8.8.8 -a 600
C. nc -1 192.168.5.1 -p 9856
D. pskill pid 9487 C. nc -1 192.168.5.1 -p 9856
A security administrator has written a script that will automatically upload binary and text-
based configuration files onto a remote server using a scheduled task. The configuration files
contain sensitive information. Which of the following should the administrator use? (Select
TWO)
A. TOPT
B. SCP
C. FTP over a non-standard pot
D. SRTP
E. Certificate-based authentication
F. SNMPv3 b/e
A security analyst conducts a manual scan on a known hardened host that identifies many non-
compliant items. Which of the following BEST describe why this has occurred? (Select TWO)
A. Privileged-user certificated were used to scan the host
B. Non-applicable plug ins were selected in the scan policy
4|Page
