compTIA Security+ SY0-601 Practice Questions
and Answers 2025 – 2026(Verified)complete sol,
Exams of Computer Communication Systems
Chief Security Office's (CSO's) key priorities are to improve preparation, response, and
recovery practices to minimize system downtime and enhance organizational resilience to
ransomware attacks. Which of the following would BEST meet the CSO's objectives?
(A). Use email-filtering software and centralized account management, patch high-risk systems,
and
restrict administration privileges on fileshares.
(B). Purchase cyber insurance from a reputable provider to reduce expenses during an incident.
(C). Invest in end-user awareness training to change the long-term culture and behavior of staff
and
executives, reducing the organization's susceptibility to phishing attacks.
(D). Implement application whitelisting and centralized event-log management, and perform
regular
testing and validation of full backups. (D). Implement application whitelisting and
centralized event-log management, and perform regular
testing and validation of full backups.
An organization just experienced a major cyberattack incident. The attack was well
coordinated sophisticated and highly skilled. Which of the following targeted the organization?
(A). Shadow IT
(B). An insider threat
(C). A hacktivist
(D). An advanced persistent threat (D). An advanced persistent threat
The Chief Financial Officer (CFO) of an insurance company received an email from Ann, the
1|Page
,company's Chief Executive Officer (CEO), requesting a transfer of $10,000 to an account. The
email
states Ann is on vacation and has lost her purse, containing cash and credit cards. Which of the
following social-engineering techniques is the attacker using?
(A). Phishing
(B). Whaling
(C). Typo squatting
(D). Pharming (B). Whaling
A nuclear plant was the victim of a recent attack, and all the networks were air gapped. A
subsequent investigation revealed a worm as the source of the issue. Which of the following
BEST
explains what happened?
(A). A malicious USB was introduced by an unsuspecting employee.
(B). The ICS firmware was outdated
(C). A local machine has a RAT installed.
(D). The HVAC was connected to the maintenance vendor. (A). A malicious USB was introduced
by an unsuspecting employee.
Several employees have noticed other bystanders can clearly observe a terminal where
passcodes are being entered. Which of the following can be eliminated with the use of a privacy
screen?
(A). Shoulder surfing
(B). Spear phishing
(C). Impersonation attack
(D). Card cloning (A). Shoulder surfing
A bad actor tries to persuade someone to provide financial information over the phone in
order to gain access to funds. Which of the following types of attacks does this scenario
describe?
2|Page
,(A). Vishing
(B). Phishing
(C). Spear phishing
(D). Whaling (A). Vishing
A user's PC was recently infected by malware. The user has a legacy printer without vendor
support, and the user's OS is fully patched. The user downloaded a driver package from the
internet.
No threats were found on the downloaded file, but during file installation, a malicious runtime
threat
was detected. Which of the following is MOST likely cause of the infection?
(A). The driver has malware installed and was refactored upon download to avoid detection.
(B). The user's computer has a rootkit installed that has avoided detection until the new driver
overwrote key files.
(C). The user's antivirus software definition were out of date and were damaged by the
installation of
the driver
(D). The user's computer has been infected with a logic bomb set to run when new driver was
installed. (B). The user's computer has a rootkit installed that has avoided detection until
the new driver
A security analyst b concerned about traffic initiated to the dark web from the corporate
LAN. Which of the following networks should he analyst monitor?
(A). SFTP
(B). AS
(C). Tor
(D). IoC (C). Tor
3|Page
, A small business just recovered from a ransomware attack against its file servers by purchasing
the decryption keys from the attackers. The issue was triggered by a phishing email and
the IT administrator wants to ensure it does not happen again. Which of the following should
the IT
administrator do FIRST after recovery?
(A). Scan the NAS for residual or dormant malware and take new daily backups that are tested
on a
frequent basis
(B). Restrict administrative privileges and patch ail systems and applications.
(C). Rebuild all workstations and install new antivirus software
(D). Implement application whitelisting and perform user application hardening (A). Scan the
NAS for residual or dormant malware and take new daily backups that are tested on a
frequent basis
An engineer needs to deploy a security measure to identify and prevent data tampering
within the enterprise. Which of the following will accomplish this goal?
(A). Antivirus
(B). IPS
(C). FTP
(D). FIM (D). FIM
The SIEM at an organization has detected suspicious traffic coming a workstation in its
internal network. An analyst in the SOC the workstation and discovers malware that is
associated
with a botnet is installed on the device A review of the logs on the workstation reveals that the
privileges of the local account were escalated to a local administrator. To which of the following
groups should the analyst report this real-world event?
(A). The NOC team
(B). The vulnerability management team
4|Page
and Answers 2025 – 2026(Verified)complete sol,
Exams of Computer Communication Systems
Chief Security Office's (CSO's) key priorities are to improve preparation, response, and
recovery practices to minimize system downtime and enhance organizational resilience to
ransomware attacks. Which of the following would BEST meet the CSO's objectives?
(A). Use email-filtering software and centralized account management, patch high-risk systems,
and
restrict administration privileges on fileshares.
(B). Purchase cyber insurance from a reputable provider to reduce expenses during an incident.
(C). Invest in end-user awareness training to change the long-term culture and behavior of staff
and
executives, reducing the organization's susceptibility to phishing attacks.
(D). Implement application whitelisting and centralized event-log management, and perform
regular
testing and validation of full backups. (D). Implement application whitelisting and
centralized event-log management, and perform regular
testing and validation of full backups.
An organization just experienced a major cyberattack incident. The attack was well
coordinated sophisticated and highly skilled. Which of the following targeted the organization?
(A). Shadow IT
(B). An insider threat
(C). A hacktivist
(D). An advanced persistent threat (D). An advanced persistent threat
The Chief Financial Officer (CFO) of an insurance company received an email from Ann, the
1|Page
,company's Chief Executive Officer (CEO), requesting a transfer of $10,000 to an account. The
states Ann is on vacation and has lost her purse, containing cash and credit cards. Which of the
following social-engineering techniques is the attacker using?
(A). Phishing
(B). Whaling
(C). Typo squatting
(D). Pharming (B). Whaling
A nuclear plant was the victim of a recent attack, and all the networks were air gapped. A
subsequent investigation revealed a worm as the source of the issue. Which of the following
BEST
explains what happened?
(A). A malicious USB was introduced by an unsuspecting employee.
(B). The ICS firmware was outdated
(C). A local machine has a RAT installed.
(D). The HVAC was connected to the maintenance vendor. (A). A malicious USB was introduced
by an unsuspecting employee.
Several employees have noticed other bystanders can clearly observe a terminal where
passcodes are being entered. Which of the following can be eliminated with the use of a privacy
screen?
(A). Shoulder surfing
(B). Spear phishing
(C). Impersonation attack
(D). Card cloning (A). Shoulder surfing
A bad actor tries to persuade someone to provide financial information over the phone in
order to gain access to funds. Which of the following types of attacks does this scenario
describe?
2|Page
,(A). Vishing
(B). Phishing
(C). Spear phishing
(D). Whaling (A). Vishing
A user's PC was recently infected by malware. The user has a legacy printer without vendor
support, and the user's OS is fully patched. The user downloaded a driver package from the
internet.
No threats were found on the downloaded file, but during file installation, a malicious runtime
threat
was detected. Which of the following is MOST likely cause of the infection?
(A). The driver has malware installed and was refactored upon download to avoid detection.
(B). The user's computer has a rootkit installed that has avoided detection until the new driver
overwrote key files.
(C). The user's antivirus software definition were out of date and were damaged by the
installation of
the driver
(D). The user's computer has been infected with a logic bomb set to run when new driver was
installed. (B). The user's computer has a rootkit installed that has avoided detection until
the new driver
A security analyst b concerned about traffic initiated to the dark web from the corporate
LAN. Which of the following networks should he analyst monitor?
(A). SFTP
(B). AS
(C). Tor
(D). IoC (C). Tor
3|Page
, A small business just recovered from a ransomware attack against its file servers by purchasing
the decryption keys from the attackers. The issue was triggered by a phishing email and
the IT administrator wants to ensure it does not happen again. Which of the following should
the IT
administrator do FIRST after recovery?
(A). Scan the NAS for residual or dormant malware and take new daily backups that are tested
on a
frequent basis
(B). Restrict administrative privileges and patch ail systems and applications.
(C). Rebuild all workstations and install new antivirus software
(D). Implement application whitelisting and perform user application hardening (A). Scan the
NAS for residual or dormant malware and take new daily backups that are tested on a
frequent basis
An engineer needs to deploy a security measure to identify and prevent data tampering
within the enterprise. Which of the following will accomplish this goal?
(A). Antivirus
(B). IPS
(C). FTP
(D). FIM (D). FIM
The SIEM at an organization has detected suspicious traffic coming a workstation in its
internal network. An analyst in the SOC the workstation and discovers malware that is
associated
with a botnet is installed on the device A review of the logs on the workstation reveals that the
privileges of the local account were escalated to a local administrator. To which of the following
groups should the analyst report this real-world event?
(A). The NOC team
(B). The vulnerability management team
4|Page
