CompTIA Security+ (SY0-601) Exam
2025 Questions and Answers
Phishing - ANSWER✔✔-A type of social engineering attack often used to steal user data, including
login credentials and credit card numbers.
Smishing - ANSWER✔✔-The act of committing text message fraud to try to lure victims into
revealing account information or installing malware.
Vishing - ANSWER✔✔-An electronic fraud tactic in which individuals are tricked into revealing
critical financial or personal information to unauthorized entities.
Spam - ANSWER✔✔-An unsolicited bulk messages sent to multiple recipients who did not ask for
them.
Spam over instant messaging (SPIM) - ANSWER✔✔-Refers to unsolicited instant messages.
Spear phishing - ANSWER✔✔-An email or electronic communications scam targeted towards a
specific individual, organization or business.
Dumpster diving - ANSWER✔✔-A technique used to retrieve information that could be used to
carry out an attack on a computer network.
FOR STUDY PURPOSES ONLY COPYRIGHT © 2025 ALL RIGHTS RESERVED 1
,Shoulder surfing - ANSWER✔✔-A direct observation techniques, such as looking over someone's
shoulder, to get information.
Pharming - ANSWER✔✔-A form of online fraud involving malicious code and fraudulent websites.
Tailgating - ANSWER✔✔-A physical security breach in which an unauthorized person follows an
authorized individual to enter a secured premise.
Eliciting information - ANSWER✔✔-A reporting format designed to elicit as much information as
possible about individuals involved in a group or network.
Whaling - ANSWER✔✔-A method used by cybercriminals to masquerade as a senior player at an
organization and directly target senior individuals, with the aim of stealing or gaining access to their
computer systems for criminal purposes.
Prepending - ANSWER✔✔-A technique used to deprioritize a route in a netork.
Identity fraud - ANSWER✔✔-A crime in which an imposter obtains key pieces of personally
identifiable information (PII) to impersonate someone else.
Invoice scams - ANSWER✔✔-A fraudulent way of receiving money or by prompting a victim to
put their credentials into a fake login screen.
Credential harvesting - ANSWER✔✔-The process of gathering valid usernames, passwords, private
emails, and email addresses through infrastructure breaches.
Reconnaissance - ANSWER✔✔-A term for testing for potential vulnerabilities in a computer
network.
FOR STUDY PURPOSES ONLY COPYRIGHT © 2025 ALL RIGHTS RESERVED 2
, Hoax - ANSWER✔✔-A message warning the recipients of a non-existent computer virus threat.
Impersonation - ANSWER✔✔-A form of fraud in which attackers pose as a known or trusted
person to dupe an employee into transferring money to a fraudulent account, sharing sensitive
information or revealing login credentials.
Watering hole attack - ANSWER✔✔-A targeted attack designed to compromise users within a
specific industry by infecting websites they typically visit and luring them to a malicious site.
Typosquatting - ANSWER✔✔-A form of cybersquatting which relies on mistakes such as typos
made by Internet users when inputting a website address into a web browser.
Pretexting - ANSWER✔✔-A form of social engineering in which an individual lies to obtain
privileged data.
Social media - ANSWER✔✔-A computer-based technology that allows the sharing of ideas,
thoughts, and information through the building of virtual networks.
Authority - ANSWER✔✔-The power to enforce rules or give orders.
Consensus - ANSWER✔✔-Allows anyone in the network to join dynamically and participate
without prior permission.
Ransomware - ANSWER✔✔-A malicious software that infects your computer and displays
messages demanding a fee to be paid in order for your system to work again.
Trojans - ANSWER✔✔-A type of malware that is often disguised as legitimate software.
FOR STUDY PURPOSES ONLY COPYRIGHT © 2025 ALL RIGHTS RESERVED 3
2025 Questions and Answers
Phishing - ANSWER✔✔-A type of social engineering attack often used to steal user data, including
login credentials and credit card numbers.
Smishing - ANSWER✔✔-The act of committing text message fraud to try to lure victims into
revealing account information or installing malware.
Vishing - ANSWER✔✔-An electronic fraud tactic in which individuals are tricked into revealing
critical financial or personal information to unauthorized entities.
Spam - ANSWER✔✔-An unsolicited bulk messages sent to multiple recipients who did not ask for
them.
Spam over instant messaging (SPIM) - ANSWER✔✔-Refers to unsolicited instant messages.
Spear phishing - ANSWER✔✔-An email or electronic communications scam targeted towards a
specific individual, organization or business.
Dumpster diving - ANSWER✔✔-A technique used to retrieve information that could be used to
carry out an attack on a computer network.
FOR STUDY PURPOSES ONLY COPYRIGHT © 2025 ALL RIGHTS RESERVED 1
,Shoulder surfing - ANSWER✔✔-A direct observation techniques, such as looking over someone's
shoulder, to get information.
Pharming - ANSWER✔✔-A form of online fraud involving malicious code and fraudulent websites.
Tailgating - ANSWER✔✔-A physical security breach in which an unauthorized person follows an
authorized individual to enter a secured premise.
Eliciting information - ANSWER✔✔-A reporting format designed to elicit as much information as
possible about individuals involved in a group or network.
Whaling - ANSWER✔✔-A method used by cybercriminals to masquerade as a senior player at an
organization and directly target senior individuals, with the aim of stealing or gaining access to their
computer systems for criminal purposes.
Prepending - ANSWER✔✔-A technique used to deprioritize a route in a netork.
Identity fraud - ANSWER✔✔-A crime in which an imposter obtains key pieces of personally
identifiable information (PII) to impersonate someone else.
Invoice scams - ANSWER✔✔-A fraudulent way of receiving money or by prompting a victim to
put their credentials into a fake login screen.
Credential harvesting - ANSWER✔✔-The process of gathering valid usernames, passwords, private
emails, and email addresses through infrastructure breaches.
Reconnaissance - ANSWER✔✔-A term for testing for potential vulnerabilities in a computer
network.
FOR STUDY PURPOSES ONLY COPYRIGHT © 2025 ALL RIGHTS RESERVED 2
, Hoax - ANSWER✔✔-A message warning the recipients of a non-existent computer virus threat.
Impersonation - ANSWER✔✔-A form of fraud in which attackers pose as a known or trusted
person to dupe an employee into transferring money to a fraudulent account, sharing sensitive
information or revealing login credentials.
Watering hole attack - ANSWER✔✔-A targeted attack designed to compromise users within a
specific industry by infecting websites they typically visit and luring them to a malicious site.
Typosquatting - ANSWER✔✔-A form of cybersquatting which relies on mistakes such as typos
made by Internet users when inputting a website address into a web browser.
Pretexting - ANSWER✔✔-A form of social engineering in which an individual lies to obtain
privileged data.
Social media - ANSWER✔✔-A computer-based technology that allows the sharing of ideas,
thoughts, and information through the building of virtual networks.
Authority - ANSWER✔✔-The power to enforce rules or give orders.
Consensus - ANSWER✔✔-Allows anyone in the network to join dynamically and participate
without prior permission.
Ransomware - ANSWER✔✔-A malicious software that infects your computer and displays
messages demanding a fee to be paid in order for your system to work again.
Trojans - ANSWER✔✔-A type of malware that is often disguised as legitimate software.
FOR STUDY PURPOSES ONLY COPYRIGHT © 2025 ALL RIGHTS RESERVED 3
