CompTIA SY0-601 Practice Test

Prepare smarter and boost your chances of success with our CompTIA SY0-601 Practice test. This test helps you assess your knowledge, pinpoint strengths, and target areas for improvement. Surveys and user data from multiple platforms show that individuals who use SY0-601 practice exam are 40–50% more likely to pass on their first attempt.

Start practicing today and take the fast track to becoming CompTIA SY0-601 certified.

18860 already prepared
Updated On : 13-Aug-2025
886 Questions
4.8/5.0

Page 30 out of 89 Pages

Topic 3: Exam Pool C

A financial analyst has been accused of violating the company’s AUP and there is forensic
evidence to substantiate the allegation. Which of the following would dispute the analyst’s
claim of innocence?

A.

Legal hold

B.

Order of volatility

C.

Non-repudiation

D.

Chain of custody

D.   

Chain of custody

A security operations analyst is using the company's SIEM solution to correlate alerts.
Which of the following stages of the incident response process is this an example of?

A.

Eradication

B.

Recovery

C.

Identification

D.

Preparation

C.   

Identification

A company's help desk received several AV alerts indicating Mimikatz attempted to run on
the remote systems. Several users also reported that the new company flash drives they
picked up in the
break room only have 512KB of storage. Which of the following is MOST likely the cause?

A.

The GPO prevents the use of flash drives, which triggers a false positive AV indication
and restricts the drives to only 512KB of storage.

B.

The new flash drives need a driver that is being blocked by the AV software because the
flash drives are not on the application's allow list, temporarily restricting the drives to
512KB of storage.

C.

The new flash drives are incorrectly partitioned, and the systems are automatically trying
to use an unapproved application to repartition the drives.

D.

The GPO blocking the flash drives is being bypassed by a malicious flash drive that is
attempting to harvest plaintext credentials from memory.

D.   

The GPO blocking the flash drives is being bypassed by a malicious flash drive that is
attempting to harvest plaintext credentials from memory.

A customer called a company's security team to report that all invoices the customer has
received over the last five days from the company appear to have fraudulent banking
details. An investigation
into the matter reveals the following
* The manager of the accounts payable department is using the same password across
multiple external websites and the corporate account.
* One of the websites the manager used recently experienced a data breach.
* The manager's corporate email account was successfully accessed in the last five days
by an IP address located in a foreign country
Which of the following attacks has MOST likely been used to compromise the manager's
corporate account?

A.

Remote access Trojan

B.

Brute-force

C.

Dictionary

D.

Credential stuffing

E.

Password spraying

D.   

Credential stuffing

The spread of misinformation surrounding the outbreak of a novel virus on election day led to eligible voters choosing not to take the risk of going to the polls This is an example of:

A.

prepending.

B.

an influence campaign

C.

a watering-hole attack

D.

intimidation

E.

information elicitation

D.   

intimidation

A security analyst is investigating a vulnerability in which a default file permission was set
incorrectly. The company uses non-credentialed scanning for vulnerability management.
Which of the following tools can the analyst use to verify the permissions?

A.

ssh

B.

chmod

C.

1s

D.

setuid

E.

nessus

F.

nc

B.   

chmod

Which of the following would be BEST for a technician to review to determine the total risk
an organization can bear when assessing a "cloud-first" adoption strategy?

A.

Risk matrix

B.

Risk tolerance

C.

Risk register

D.

Risk appetite

D.   

Risk appetite

A500 is implementing an insider threat detection program, The primary concern is that users may be accessing confidential data without authorization. Which of the fallowing should be deployed to detect a potential insider threat?

A.

A honeyfile

B.

A DMZ

C.

ULF

D.

File integrity monitoring

A.   

A honeyfile

A company just developed a new web application for a government agency. The
application must be assessed and authorized prior to being deployed. Which of the following is required to assess the vulnerabilities resident in the application?

A.

Repository transaction logs

B.

Common Vulnerabilities and Exposures

C.

Static code analysis

D.

Non-credentialed scans

B.   

Common Vulnerabilities and Exposures

A security analyst was deploying a new website and found a connection attempting to authenticate on the site's portal. While Investigating The incident, the analyst identified the following Input in the username field:

Which of the following BEST explains this type of attack?

A.

DLL injection to hijack administrator services

B.

SQLi on the field to bypass authentication

C.

Execution of a stored XSS on the website

D.

Code to execute a race condition on the server

C.   

Execution of a stored XSS on the website
Page 30 out of 89 Pages
SY0-601 Practice Test Previous