SY0-601 FINAL PAPER 2025/2026 QUESTIONS AND
ANSWERS GUARANTEE A+
✔✔An organization routes all of its traffic through a VPN Most users are remote and
connect into a corporate datacenter that houses confidential information There is a
firewall at the Internet border followed by a DIP appliance, the VPN server and the
datacenter itself. Which of the following is the WEAKEST design element? - ✔✔A. The
DLP appliance should be integrated into a NGFW.
B. Split-tunnel connections can negatively impact the DLP appliance's performance
C. Encrypted VPN traffic will not be inspected when entering or leaving the network
D. Adding two hops in the VPN tunnel may slow down remote connections
Answer: C
✔✔Joe, an employee, receives an email stating he won the lottery. The email includes a
link that requests a name, mobile phone number, address, and date of birth be provided
to confirm Joe's identity before sending him the prize. Which of the following BEST
describes this type of email? - ✔✔A. Spear phishing
B. Whaling
C. Phishing
D. Vishing
Answer: C
✔✔A company recently experienced a data breach and the source was determined to
be an executive who was charging a phone in a public area.
Which of the following would MOST likely have prevented this breach? - ✔✔A. A firewall
B. A device pin
C. A USB data blocker
D. Biometrics
Answer: C
✔✔A security analyst discovers several .jpg photos from a cellular phone during a
forensics investigation involving a compromised system. The analyst runs a forensics
tool to gather file metadata. Which of the following would be part of the images if all the
metadata is still intact? - ✔✔A. The GPS location
B. When the file was deleted
C. The total number of print jobs D. The number of copies made
Answer: A
✔✔A security analyst discovers that a company username and password database was
posted on an internet forum. The username and passwords are stored in plan text.
Which of the following would mitigate the damage done by this type of data exfiltration
in the future? - ✔✔A. Create DLP controls that prevent documents from leaving the
network
B. Implement salting and hashing C. Configure the web content filter to block access to
the forum. D. Increase password complexity requirements
,Answer: A
✔✔Which of the following would be BEST to establish between organizations that have
agreed cooperate and are engaged in early discussion to define the responsibilities of
each party, but do not want to establish a contractually binding agreement? - ✔✔A. An
SLA
B. AnNDA
C. ABPA
D. AnMOU
Answer: D
✔✔A RAT that was used to compromise an organization's banking credentials was
found on a user's computer. The RAT evaded antivirus detection. It was installed by a
user who has local administrator rights to the system as part of a remote management
tool set. Which of the following recommendations would BEST prevent this from
reoccurring? - ✔✔A. Create a new acceptable use policy.
B. Segment the network into trusted and untrusted zones.
C. Enforce application whitelisting.
D. Implement DLP at the network boundary.
Answer: C
✔✔Users have been issued smart cards that provide physical access to a building. The
cards also contain tokens that can be used to access information systems. Users can
log m to any thin client located throughout the building and see the same desktop each
time. Which of the following technologies are being utilized to provide these
capabilities? (Select TWO) - ✔✔A. COPE
B. VDI
C. GPS
D. TOTP
E. RFID
F. BYOD
Answer: B,E
✔✔A malicious actor recently penetration a company's network and moved laterally to
the datacenter. Upon investigation, a forensics firm wants to know was in the memory
on the compromised server. Which of the following files should be given to the forensics
firm? - ✔✔A. Security
B. Application
C. Dump
D. Syslog
Answer: C
✔✔A security administrator currently spends a large amount of time on common
security tasks, such aa report generation, phishing investigations, and user provisioning
and deprovisioning This prevents the administrator from spending time on other security
,projects. The business does not have the budget to add more staff members. Which of
the following should the administrator implement? - ✔✔A. DAC
B. ABAC
C. SCAP
D. SOAR
Answer: D
✔✔A security analyst needs to be proactive in understand the types of attacks that
could potentially target the company's execute. Which of the following intelligence
sources should to security analyst review? - ✔✔A. Vulnerability feeds
B. Trusted automated exchange of indicator information
C. Structured threat information expression
D. Industry information-sharing and collaboration groups
Answer: D
✔✔Which of the following organizational policies are MOST likely to detect fraud that is
being conducted by existing employees? (Select TWO). - ✔✔A. Offboarding
B. Mandatory vacation
C. Job rotation
D. Background checks
E. Separation of duties
F. Acceptable use
Answer: B,C
✔✔A user enters a password to log in to a workstation and is then prompted to enter an
authentication code. Which of the following MFA factors or attributes are being utilized
in the authentication process? (Select TWO). - ✔✔A. Something you know
B. Something you have
C. Somewhere you are
D. Someone you are
E. Something you are F. Something you can do
Answer: B,E
✔✔A network engineer has been asked to investigate why several wireless barcode
scanners and wireless computers in a warehouse have intermittent connectivity to the
shipping server. The barcode scanners and computers are all on forklift trucks and
move around the warehouse during their regular use. Which of the following should the
engineer do to determine the issue? (Choose two.) - ✔✔A. Perform a site survey
B. Deploy an FTK Imager
C. Create a heat map
D. Scan for rogue access points
E. Upgrade the security protocols F. Install a captive portal
Answer: A,C
, ✔✔Which of the following technical controls is BEST suited for the detection and
prevention of buffer overflows on hosts? - ✔✔A. DLP
B. HIDS
C. EDR
D. NIPS
Answer: C
✔✔A user recently attended an exposition and received some digital promotional
materials The user later noticed blue boxes popping up and disappearing on the
computer, and reported receiving several spam emails, which the user did not open.
Which of the following is MOST likely the cause of the reported issue? - ✔✔A. There
was a drive-by download of malware
B. The user installed a cryptominer
C. The OS was corrupted
D. There was malicious code on the USB drive
Answer: D
✔✔A company is upgrading its wireless infrastructure to WPA2-Enterprise using EAP-
TLS. Which of the following must be part of the security architecture to achieve AAA?
(Select TWO) - ✔✔A. DNSSEC
B. Reverse proxy
C. VPN concentrator
D. PKI
E. Active Directory
F. RADIUS
Answer: E,F
✔✔A company recently experienced an attack in which a malicious actor was able to
exfiltrate data by cracking stolen passwords, using a rainbow table the sensitive data.
Which of the following should a security engineer do to prevent such an attack in the
future? - ✔✔A. Use password hashing.
B. Enforce password complexity. C. Implement password salting.
D. Disable password reuse.
Answer: D
✔✔A vulnerability assessment report will include the CVSS score of the discovered
vulnerabilities because the score allows the organization to better. - ✔✔A. validate the
vulnerability exists in the organization's network through penetration testing
B. research the appropriate mitigation techniques in a vulnerability database
C. find the software patches that are required to mitigate a vulnerability
D. prioritize remediation of vulnerabilities based on the possible impact.
Answer: D
✔✔A company's Chief Information Office (CIO) is meeting with the Chief Information
Security Officer (CISO) to plan some activities to enhance the skill levels of the
ANSWERS GUARANTEE A+
✔✔An organization routes all of its traffic through a VPN Most users are remote and
connect into a corporate datacenter that houses confidential information There is a
firewall at the Internet border followed by a DIP appliance, the VPN server and the
datacenter itself. Which of the following is the WEAKEST design element? - ✔✔A. The
DLP appliance should be integrated into a NGFW.
B. Split-tunnel connections can negatively impact the DLP appliance's performance
C. Encrypted VPN traffic will not be inspected when entering or leaving the network
D. Adding two hops in the VPN tunnel may slow down remote connections
Answer: C
✔✔Joe, an employee, receives an email stating he won the lottery. The email includes a
link that requests a name, mobile phone number, address, and date of birth be provided
to confirm Joe's identity before sending him the prize. Which of the following BEST
describes this type of email? - ✔✔A. Spear phishing
B. Whaling
C. Phishing
D. Vishing
Answer: C
✔✔A company recently experienced a data breach and the source was determined to
be an executive who was charging a phone in a public area.
Which of the following would MOST likely have prevented this breach? - ✔✔A. A firewall
B. A device pin
C. A USB data blocker
D. Biometrics
Answer: C
✔✔A security analyst discovers several .jpg photos from a cellular phone during a
forensics investigation involving a compromised system. The analyst runs a forensics
tool to gather file metadata. Which of the following would be part of the images if all the
metadata is still intact? - ✔✔A. The GPS location
B. When the file was deleted
C. The total number of print jobs D. The number of copies made
Answer: A
✔✔A security analyst discovers that a company username and password database was
posted on an internet forum. The username and passwords are stored in plan text.
Which of the following would mitigate the damage done by this type of data exfiltration
in the future? - ✔✔A. Create DLP controls that prevent documents from leaving the
network
B. Implement salting and hashing C. Configure the web content filter to block access to
the forum. D. Increase password complexity requirements
,Answer: A
✔✔Which of the following would be BEST to establish between organizations that have
agreed cooperate and are engaged in early discussion to define the responsibilities of
each party, but do not want to establish a contractually binding agreement? - ✔✔A. An
SLA
B. AnNDA
C. ABPA
D. AnMOU
Answer: D
✔✔A RAT that was used to compromise an organization's banking credentials was
found on a user's computer. The RAT evaded antivirus detection. It was installed by a
user who has local administrator rights to the system as part of a remote management
tool set. Which of the following recommendations would BEST prevent this from
reoccurring? - ✔✔A. Create a new acceptable use policy.
B. Segment the network into trusted and untrusted zones.
C. Enforce application whitelisting.
D. Implement DLP at the network boundary.
Answer: C
✔✔Users have been issued smart cards that provide physical access to a building. The
cards also contain tokens that can be used to access information systems. Users can
log m to any thin client located throughout the building and see the same desktop each
time. Which of the following technologies are being utilized to provide these
capabilities? (Select TWO) - ✔✔A. COPE
B. VDI
C. GPS
D. TOTP
E. RFID
F. BYOD
Answer: B,E
✔✔A malicious actor recently penetration a company's network and moved laterally to
the datacenter. Upon investigation, a forensics firm wants to know was in the memory
on the compromised server. Which of the following files should be given to the forensics
firm? - ✔✔A. Security
B. Application
C. Dump
D. Syslog
Answer: C
✔✔A security administrator currently spends a large amount of time on common
security tasks, such aa report generation, phishing investigations, and user provisioning
and deprovisioning This prevents the administrator from spending time on other security
,projects. The business does not have the budget to add more staff members. Which of
the following should the administrator implement? - ✔✔A. DAC
B. ABAC
C. SCAP
D. SOAR
Answer: D
✔✔A security analyst needs to be proactive in understand the types of attacks that
could potentially target the company's execute. Which of the following intelligence
sources should to security analyst review? - ✔✔A. Vulnerability feeds
B. Trusted automated exchange of indicator information
C. Structured threat information expression
D. Industry information-sharing and collaboration groups
Answer: D
✔✔Which of the following organizational policies are MOST likely to detect fraud that is
being conducted by existing employees? (Select TWO). - ✔✔A. Offboarding
B. Mandatory vacation
C. Job rotation
D. Background checks
E. Separation of duties
F. Acceptable use
Answer: B,C
✔✔A user enters a password to log in to a workstation and is then prompted to enter an
authentication code. Which of the following MFA factors or attributes are being utilized
in the authentication process? (Select TWO). - ✔✔A. Something you know
B. Something you have
C. Somewhere you are
D. Someone you are
E. Something you are F. Something you can do
Answer: B,E
✔✔A network engineer has been asked to investigate why several wireless barcode
scanners and wireless computers in a warehouse have intermittent connectivity to the
shipping server. The barcode scanners and computers are all on forklift trucks and
move around the warehouse during their regular use. Which of the following should the
engineer do to determine the issue? (Choose two.) - ✔✔A. Perform a site survey
B. Deploy an FTK Imager
C. Create a heat map
D. Scan for rogue access points
E. Upgrade the security protocols F. Install a captive portal
Answer: A,C
, ✔✔Which of the following technical controls is BEST suited for the detection and
prevention of buffer overflows on hosts? - ✔✔A. DLP
B. HIDS
C. EDR
D. NIPS
Answer: C
✔✔A user recently attended an exposition and received some digital promotional
materials The user later noticed blue boxes popping up and disappearing on the
computer, and reported receiving several spam emails, which the user did not open.
Which of the following is MOST likely the cause of the reported issue? - ✔✔A. There
was a drive-by download of malware
B. The user installed a cryptominer
C. The OS was corrupted
D. There was malicious code on the USB drive
Answer: D
✔✔A company is upgrading its wireless infrastructure to WPA2-Enterprise using EAP-
TLS. Which of the following must be part of the security architecture to achieve AAA?
(Select TWO) - ✔✔A. DNSSEC
B. Reverse proxy
C. VPN concentrator
D. PKI
E. Active Directory
F. RADIUS
Answer: E,F
✔✔A company recently experienced an attack in which a malicious actor was able to
exfiltrate data by cracking stolen passwords, using a rainbow table the sensitive data.
Which of the following should a security engineer do to prevent such an attack in the
future? - ✔✔A. Use password hashing.
B. Enforce password complexity. C. Implement password salting.
D. Disable password reuse.
Answer: D
✔✔A vulnerability assessment report will include the CVSS score of the discovered
vulnerabilities because the score allows the organization to better. - ✔✔A. validate the
vulnerability exists in the organization's network through penetration testing
B. research the appropriate mitigation techniques in a vulnerability database
C. find the software patches that are required to mitigate a vulnerability
D. prioritize remediation of vulnerabilities based on the possible impact.
Answer: D
✔✔A company's Chief Information Office (CIO) is meeting with the Chief Information
Security Officer (CISO) to plan some activities to enhance the skill levels of the
