CompTIA SY0-601 Practice Test

Prepare smarter and boost your chances of success with our CompTIA SY0-601 Practice test. This test helps you assess your knowledge, pinpoint strengths, and target areas for improvement. Surveys and user data from multiple platforms show that individuals who use SY0-601 practice exam are 40–50% more likely to pass on their first attempt.

Start practicing today and take the fast track to becoming CompTIA SY0-601 certified.

18860 already prepared
Updated On : 13-Aug-2025
886 Questions
4.8/5.0

Page 9 out of 89 Pages

Topic 2: Exam Pool B

A systems analyst is responsible for generating a new digital forensics chain-of-custody form Which of the following should the analyst Include in this documentation? (Select
TWO).

A.

The order of volatility

B.

A checksum

C.

The location of the artifacts

D.

The vendor's name

E.

The date and time

F.

A warning bnner

A.   

The order of volatility


E.   

The date and time

A malicious actor recently penetration a company’s network and moved laterally to the datacenter. Upon investigation, a forensics firm wants to know was in the memory on thecompromised server. Which of the following files should be given to the forensics firm?

A.

Security

B.

Application

C.

Dump

D.

Syslog

A.   

Security

A company's Chief Information Security Officer (CISO) recently warned the security
manager that the company’s Chief Executive Officer (CEO) is planning to publish a
controversial option article in a national newspaper, which may result in new cyberattacks
Which of the following would be BEST for the security manager to use in a threat mode?

A.

Hacktivists

B.

White-hat hackers

C.

Script kiddies

D.

Insider threats

A.   

Hacktivists

An employee has been charged with fraud and is suspected of using corporate assets. As authorities collect evidence, and to preserve the admissibility of the evidence, which of the following forensic techniques should be used?

A.

Order of volatility

B.

Data recovery

C.

Chain of custody

D.

Non-repudiation

C.   

Chain of custody

A company has decided to move its operations to the cloud. It wants to utilize technology
that will prevent users from downloading company applications for personal use, restrict
data that is uploaded, and have visibility into which applications are being used across the
company. Which of the following solutions will BEST meet these requirements?

A.

An NGFW

B.

A CASB

C.

Application whitelisting

D.

An NG-SWG

B.   

A CASB

Company engineers regularly participate in a public Internet forum with other engineers throughout the industry. Which of the following tactics would an attacker MOST likely use in this scenario?

A.

Watering-hole attack

B.

Credential harvesting

C.

Hybrid warfare

D.

Pharming

A.   

Watering-hole attack

A security modern may have occurred on the desktop PC of an organization's Chief
Executive Officer (CEO) A duplicate copy of the CEO's hard drive must be stored securely
to ensure appropriate forensic processes and the chain of custody are followed. Which of
the following should be performed to accomplish this task?

A.

Install a new hard drive in the CEO's PC, and then remove the old hard drive and place it in a tamper-evident bag

B.

Connect a write blocker to the hard drive Then leveraging a forensic workstation, utilize
the dd command m a live Linux environment to create a duplicate copy

C.

Rmove the CEO's hard drive from the PC, connect to the forensic workstation, and
copy all the contents onto a remote fileshare while the CEO watches

D.

Refrain from completing a forensic analysts of the CEO's hard drive until after the
incident is confirmed, duplicating the hard drive at this stage could destroy evidence

B.   

Connect a write blocker to the hard drive Then leveraging a forensic workstation, utilize
the dd command m a live Linux environment to create a duplicate copy



Explanation: “To obtain a forensically sound image from nonvolatile storage, you need to
ensure that nothing you do alters data or metadata (properties) on the source disk or file
system. A write blocker assures this process by preventing any data on the disk or volume
from being changed by filtering write commands at the driver and OS level. Data
acquisition would normally proceed by attaching the target device to a forensics
workstation or field capture device equipped with a write blocker.”
For purposes of knowing, https://security.opentext.com/tableau/hardware/details/t8u write
blockers like this are the most popular hardware blockers

A researcher has been analyzing large data sets for the last ten months. The researcherworks with colleagues from other institutions and typically connects via SSH to retrieve additional data. Historically, this setup has worked without issue, but the researcher recently started getting the following message:

Which of the following network attacks is the researcher MOST likely experiencing?

A.

MAC cloning

B.

Evil twin

C.

Man-in-the-middle

D.

ARP poisoning

C.   

Man-in-the-middle

A user recent an SMS on a mobile phone that asked for bank delays. Which of the
following social-engineering techniques was used in this case?

A.

SPIM

B.

Vishing

C.

Spear phishing

D.

Smishing

D.   

Smishing

A network engineer notices the VPN concentrator overloaded and crashes on days when there are a lot of remote workers. Senior management has placed greater importance on the availability of VPN resources for the remote workers than the security of the end users’ traffic. Which of the following would be BEST to solve this issue?

A.

iPSec

B.

Always On

C.

Split tunneling

D.

L2TP

B.   

Always On
Page 9 out of 89 Pages
SY0-601 Practice Test Previous