compTIA Security+ SY0-601 Practice Questions
and Answers 2025 – 2026(Verified)complete sol,
Exams of Computer Communication Systems
An accounting clerk sent money to an attacker's bank account after receiving fraudulent
instructions to use a new account.
Which of the following would most likely prevent this activity in the future?
A. Standardizing security incident reporting
B. Executing regular phishing campaigns
C. Implementing insider threat detection measures
D. Updating processes for sending wire transfers
D. Updating processes for sending wire transfers
A systems administrator is creating a script that would save time and prevent human error when
performing account creation for a large number of end users.
Which of the following would be a good use case for this task?
A. Off-the-shelf software
B. Orchestration
C. Baseline
D. Policy enforcement
B. Orchestration
A company's marketing department collects, modifies, and stores sensitive customer data. The
infrastructure team is responsible for securing the data while in transit and at rest.
Which of the following data roles describes the customer?
A. Processor
B. Custodian
C. Subject
D. Owner
C. Subject
Which of the following describes the maximum allowance of accepted risk?
A. Risk indicator
B. Risk level
C. Risk score
D. Risk threshold
1|Page
,D. Risk threshold
A security analyst receives alerts about an internal system sending a large amount of unusual
DNS queries to systems on the internet over short periods of time during non-business hours.
Which of the following is most likely occurring?
A. A worm is propagating across the network.
B. Data is being exfiltrated.
C. A logic bomb is deleting data.
D. Ransomware is encrypting files.
B. Data is being exfiltrated.
A technician is opening ports on a firewall for a new system being deployed and supported by a
SaaS provider.
Which of the following is a risk in the new system?
A. Default credentials
B. Non-segmented network
C. Supply chain vendor
D. Vulnerable software
C. Supply chain vendor
A systems administrator is working on a solution with the following requirements:
• Provide a secure zone.
• Enforce a company-wide access control policy.
• Reduce the scope of threats.
Which of the following is the systems administrator setting up?
A. Zero Trust
B. AAA
C. Non-repudiation
D. CIA
A. Zero Trust
Which of the following involves an attempt to take advantage of database misconfigurations?
A. Buffer overflow
B. SQL injection
C. VM escape
D. Memory injection
B. SQL injection
2|Page
,Which of the following is used to validate a certificate when it is presented to a user?
A. OCSP
B. CSR
C. CA
D. CRC
C. CA
One of a company's vendors sent an analyst a security bulletin that recommends a BIOS
update.
Which of the following vulnerability types is being addressed by the patch?
A. Virtualization
B. Firmware
C. Application
D. Operating system
B. Firmware
Which of the following is used to quantitatively measure the criticality of a vulnerability?
A. CVE
B. CVSS
C. CIA
D. CERT
B. CVSS
Which of the following actions could a security engineer take to ensure workstations and
servers
are properly monitored for unauthorized changes and software?
A. Configure all systems to log scheduled tasks.
B. Collect and monitor all traffic exiting the network.
C. Block traffic based on known malicious signatures.
D. Install endpoint management software on all systems
D. Install endpoint management software on all systems
An organization is leveraging a VPN between its headquarters and a branch location.
Which of the following is the VPN protecting?
A. Data in use
B. Data in transit
C. Geographic restrictions
D. Data sovereignty
3|Page
, B. Data in transit
An organization disabled unneeded services and placed a firewall in front of a business-critical
legacy system.
Which of the following best describes the actions taken by the organization?
A. Exception
B. Segmentation
C. Risk transfer
D. Compensating controls
D. Compensating controls
Which of the following should a systems administrator use to ensure an easy deployment of
resources within the cloud provider?
A. Software as a service
B. Infrastructure as code
C. Internet of Things
D. Software-defined networking
B. Infrastructure as code
After a security awareness training session, a user called the IT help desk and reported a
suspicious call. The suspicious caller stated that the Chief Financial Officer wanted credit card
information in order to close an invoice.
Which of the following topics did the user recognize from the training?
A. Insider threat
B. Email phishing
C. Social engineering
D. Executive whaling
C. Social engineering
A security administrator is deploying a DLP solution to prevent the exfiltration of sensitive
customer data.
Which of the following should the administrator do first?
A. Block access to cloud storage websites.
B. Create a rule to block outgoing email attachments.
C. Apply classifications to the data.
D. Remove all user permissions from shares on the file server.
C. Apply classifications to the data.
4|Page
and Answers 2025 – 2026(Verified)complete sol,
Exams of Computer Communication Systems
An accounting clerk sent money to an attacker's bank account after receiving fraudulent
instructions to use a new account.
Which of the following would most likely prevent this activity in the future?
A. Standardizing security incident reporting
B. Executing regular phishing campaigns
C. Implementing insider threat detection measures
D. Updating processes for sending wire transfers
D. Updating processes for sending wire transfers
A systems administrator is creating a script that would save time and prevent human error when
performing account creation for a large number of end users.
Which of the following would be a good use case for this task?
A. Off-the-shelf software
B. Orchestration
C. Baseline
D. Policy enforcement
B. Orchestration
A company's marketing department collects, modifies, and stores sensitive customer data. The
infrastructure team is responsible for securing the data while in transit and at rest.
Which of the following data roles describes the customer?
A. Processor
B. Custodian
C. Subject
D. Owner
C. Subject
Which of the following describes the maximum allowance of accepted risk?
A. Risk indicator
B. Risk level
C. Risk score
D. Risk threshold
1|Page
,D. Risk threshold
A security analyst receives alerts about an internal system sending a large amount of unusual
DNS queries to systems on the internet over short periods of time during non-business hours.
Which of the following is most likely occurring?
A. A worm is propagating across the network.
B. Data is being exfiltrated.
C. A logic bomb is deleting data.
D. Ransomware is encrypting files.
B. Data is being exfiltrated.
A technician is opening ports on a firewall for a new system being deployed and supported by a
SaaS provider.
Which of the following is a risk in the new system?
A. Default credentials
B. Non-segmented network
C. Supply chain vendor
D. Vulnerable software
C. Supply chain vendor
A systems administrator is working on a solution with the following requirements:
• Provide a secure zone.
• Enforce a company-wide access control policy.
• Reduce the scope of threats.
Which of the following is the systems administrator setting up?
A. Zero Trust
B. AAA
C. Non-repudiation
D. CIA
A. Zero Trust
Which of the following involves an attempt to take advantage of database misconfigurations?
A. Buffer overflow
B. SQL injection
C. VM escape
D. Memory injection
B. SQL injection
2|Page
,Which of the following is used to validate a certificate when it is presented to a user?
A. OCSP
B. CSR
C. CA
D. CRC
C. CA
One of a company's vendors sent an analyst a security bulletin that recommends a BIOS
update.
Which of the following vulnerability types is being addressed by the patch?
A. Virtualization
B. Firmware
C. Application
D. Operating system
B. Firmware
Which of the following is used to quantitatively measure the criticality of a vulnerability?
A. CVE
B. CVSS
C. CIA
D. CERT
B. CVSS
Which of the following actions could a security engineer take to ensure workstations and
servers
are properly monitored for unauthorized changes and software?
A. Configure all systems to log scheduled tasks.
B. Collect and monitor all traffic exiting the network.
C. Block traffic based on known malicious signatures.
D. Install endpoint management software on all systems
D. Install endpoint management software on all systems
An organization is leveraging a VPN between its headquarters and a branch location.
Which of the following is the VPN protecting?
A. Data in use
B. Data in transit
C. Geographic restrictions
D. Data sovereignty
3|Page
, B. Data in transit
An organization disabled unneeded services and placed a firewall in front of a business-critical
legacy system.
Which of the following best describes the actions taken by the organization?
A. Exception
B. Segmentation
C. Risk transfer
D. Compensating controls
D. Compensating controls
Which of the following should a systems administrator use to ensure an easy deployment of
resources within the cloud provider?
A. Software as a service
B. Infrastructure as code
C. Internet of Things
D. Software-defined networking
B. Infrastructure as code
After a security awareness training session, a user called the IT help desk and reported a
suspicious call. The suspicious caller stated that the Chief Financial Officer wanted credit card
information in order to close an invoice.
Which of the following topics did the user recognize from the training?
A. Insider threat
B. Email phishing
C. Social engineering
D. Executive whaling
C. Social engineering
A security administrator is deploying a DLP solution to prevent the exfiltration of sensitive
customer data.
Which of the following should the administrator do first?
A. Block access to cloud storage websites.
B. Create a rule to block outgoing email attachments.
C. Apply classifications to the data.
D. Remove all user permissions from shares on the file server.
C. Apply classifications to the data.
4|Page
