SY0-601 CORE EXAM GUIDE 2025/2026 QUESTIONS AND
ANSWERS GUARANTEE A+
✔✔Which of the following environments minimizes end-user disruption and is MOST
likely to be used to
assess the impacts of any database migrations or major system changes by using the
final version of the
code? - ✔✔A. Staging
B. Test
C. Production
D. Development
Answer: B
✔✔Which of the following ISO standards is certified for privacy? - ✔✔A. ISO 9001
B. ISO 27002
C. ISO 27701
D. ISO 31000
Answer: C
✔✔A network administrator needs to build out a new datacenter, with a focus on
resiliency and uptime.
Which of the following would BEST meet this objective? (Choose two.) - ✔✔A. Dual
power supply
B. Off-site backups
C. Automatic OS upgrades
D. NIC teaming
E. Scheduled penetration testing
F. Network-attached storage
Answer: A,B
✔✔An organization has implemented a policy requiring the use of conductive metal
lockboxes for
personal electronic devices outside of a secure research lab.
Which of the following did the organization determine to be the GREATEST risk to
intellectual property
when creating this policy? - ✔✔A. The theft of portable electronic devices
B. Geotagging in the metadata of images
C. Bluesnarfing of mobile devices
D. Data exfiltration over a mobile hotspot
Answer: D
✔✔A company recently transitioned to a strictly BYOD culture due to the cost of
replacing lost or damaged
corporate-owned mobile devices.
,Which of the following technologies would be BEST to balance the BYOD culture while
also protecting the
company's data?
A. Containerization - ✔✔A. Containerization
B. Geofencing
C. Full-disk encryption
D. Remote wipe
Answer: C
✔✔Several employees return to work the day after attending an industry trade show.
That same day, the
security manager notices several malware alerts coming from each of the employee's
workstations. The
security manager investigates but finds no signs of an attack on the perimeter firewall or
the NIDS.
Which of the following is MOST likely causing the malware alerts? - ✔✔A. A worm that
has propagated itself across the intranet, which was initiated by presentation media
B. A fileless virus that is contained on a vCard that is attempting to execute an attack
C. A Trojan that has passed through and executed malicious code on the hosts
D. A USB flash drive that is trying to run malicious code but is being blocked by the host
firewall
Answer: A
✔✔The IT department's on-site developer has been with the team for many years. Each
time an
application is released, the security team is able to identify multiple vulnerabilities.
Which of the following would BEST help the team ensure the application is ready to be
released to production? - ✔✔A. Limit the use of third-party libraries.
B. Prevent data exposure queries.
C. Obfuscate the source code.
D. Submit the application to QA before releasing it.
Answer: D
✔✔A security analyst needs to implement an MDM solution for BYOD users that will
allow the company to
retain control over company emails residing on the devices and limit data exfiltration
that might occur if
the devices are lost or stolen.
Which of the following would BEST meet these requirements? (Select TWO). - ✔✔A.
Full-device encryption
B. Network usage rules
C. Geofencing
D. Containerization
E. Application whitelisting
F. Remote control
,Answer: A,B
✔✔A recently discovered zero-day exploit utilizes an unknown vulnerability in the SMB
network
protocol to rapidly infect computers. Once infected, computers are encrypted and held
for ransom.
Which of the following would BEST prevent this attack from reoccurring? - ✔✔A.
Configure the perimeter firewall to deny inbound external connections to SMB ports.
B. Ensure endpoint detection and response systems are alerting on suspicious SMB
connections.
C. Deny unauthenticated users access to shared network folders.
D. Verify computers are set to install monthly operating system, updates automatically.
Answer: A
✔✔A system administrator needs to implement an access control scheme that will allow
an object's
access policy be determined by its owner.
Which of the following access control schemes BEST fits the requirements? - ✔✔A.
Role-based access control
B. Discretionary access control
C. Mandatory access control
D. Attribute-based access control
Answer: B
✔✔An information security incident recently occurred at an organization, and the
organization was
required to report the incident to authorities and notify the affected parties. When the
organization's
customers became of aware of the incident, some reduced their orders or stopped
placing orders entirely.
Which of the following is the organization experiencing? - ✔✔A. Reputation damage
B. Identity theft
C. Anonymlzation D. Interrupted supply chain
Answer: A
✔✔A security engineer needs to implement an MDM solution that complies with the
corporate mobile
device policy.
The policy states that in order for mobile users to access corporate resources on their
devices the
following requirements must be met:
• Mobile device OSs must be patched up to the latest release
• A screen lock must be enabled (passcode or biometric)
• Corporate data must be removed if the device is reported lost or stolen
, Which of the following controls should the security engineer configure? (Select TWO) -
✔✔A. Containerization
B. Storage segmentation
C. Posturing
D. Remote wipe
E. Full-device encryption
F. Geofencing
Answer: D,E
✔✔The IT department at a university is concerned about professors placing servers on
the university
network in an attempt to bypass security controls.
Which of the following BEST represents this type of threat? - ✔✔A. A script kiddie
B. Shadow IT
C. Hacktivism
D. White-hat
Answer: B
✔✔An organization is concerned that its hosted web servers are not running the most
updated version of
the software.
Which of the following would work BEST to help identify potential vulnerabilities? -
✔✔A. hping3 -S corsptia.org -p 80
B. nc —1 —v comptia.org -p 80
C. nmap comptia.org -p 80 —sV
D. nslookup -port=80 comptia.org
Answer: C
✔✔An attacker is trying to gain access by installing malware on a website that is known
to be visited by
the target victims.
Which of the following is the attacker MOST likely attempting? - ✔✔A. A spear-phishing
attack
B. A watering-hole attack
C. Typo squatting
D. A phishing attack
Answer: B
✔✔A critical file server is being upgraded and the systems administrator must
determine which RAID level
the new server will need to achieve parity and handle two simultaneous disk failures.
Which of the following RAID levels meets this requirements? - ✔✔A. RAID 0+1
B. RAID 2
C. RAID 5
D. RAID 6
ANSWERS GUARANTEE A+
✔✔Which of the following environments minimizes end-user disruption and is MOST
likely to be used to
assess the impacts of any database migrations or major system changes by using the
final version of the
code? - ✔✔A. Staging
B. Test
C. Production
D. Development
Answer: B
✔✔Which of the following ISO standards is certified for privacy? - ✔✔A. ISO 9001
B. ISO 27002
C. ISO 27701
D. ISO 31000
Answer: C
✔✔A network administrator needs to build out a new datacenter, with a focus on
resiliency and uptime.
Which of the following would BEST meet this objective? (Choose two.) - ✔✔A. Dual
power supply
B. Off-site backups
C. Automatic OS upgrades
D. NIC teaming
E. Scheduled penetration testing
F. Network-attached storage
Answer: A,B
✔✔An organization has implemented a policy requiring the use of conductive metal
lockboxes for
personal electronic devices outside of a secure research lab.
Which of the following did the organization determine to be the GREATEST risk to
intellectual property
when creating this policy? - ✔✔A. The theft of portable electronic devices
B. Geotagging in the metadata of images
C. Bluesnarfing of mobile devices
D. Data exfiltration over a mobile hotspot
Answer: D
✔✔A company recently transitioned to a strictly BYOD culture due to the cost of
replacing lost or damaged
corporate-owned mobile devices.
,Which of the following technologies would be BEST to balance the BYOD culture while
also protecting the
company's data?
A. Containerization - ✔✔A. Containerization
B. Geofencing
C. Full-disk encryption
D. Remote wipe
Answer: C
✔✔Several employees return to work the day after attending an industry trade show.
That same day, the
security manager notices several malware alerts coming from each of the employee's
workstations. The
security manager investigates but finds no signs of an attack on the perimeter firewall or
the NIDS.
Which of the following is MOST likely causing the malware alerts? - ✔✔A. A worm that
has propagated itself across the intranet, which was initiated by presentation media
B. A fileless virus that is contained on a vCard that is attempting to execute an attack
C. A Trojan that has passed through and executed malicious code on the hosts
D. A USB flash drive that is trying to run malicious code but is being blocked by the host
firewall
Answer: A
✔✔The IT department's on-site developer has been with the team for many years. Each
time an
application is released, the security team is able to identify multiple vulnerabilities.
Which of the following would BEST help the team ensure the application is ready to be
released to production? - ✔✔A. Limit the use of third-party libraries.
B. Prevent data exposure queries.
C. Obfuscate the source code.
D. Submit the application to QA before releasing it.
Answer: D
✔✔A security analyst needs to implement an MDM solution for BYOD users that will
allow the company to
retain control over company emails residing on the devices and limit data exfiltration
that might occur if
the devices are lost or stolen.
Which of the following would BEST meet these requirements? (Select TWO). - ✔✔A.
Full-device encryption
B. Network usage rules
C. Geofencing
D. Containerization
E. Application whitelisting
F. Remote control
,Answer: A,B
✔✔A recently discovered zero-day exploit utilizes an unknown vulnerability in the SMB
network
protocol to rapidly infect computers. Once infected, computers are encrypted and held
for ransom.
Which of the following would BEST prevent this attack from reoccurring? - ✔✔A.
Configure the perimeter firewall to deny inbound external connections to SMB ports.
B. Ensure endpoint detection and response systems are alerting on suspicious SMB
connections.
C. Deny unauthenticated users access to shared network folders.
D. Verify computers are set to install monthly operating system, updates automatically.
Answer: A
✔✔A system administrator needs to implement an access control scheme that will allow
an object's
access policy be determined by its owner.
Which of the following access control schemes BEST fits the requirements? - ✔✔A.
Role-based access control
B. Discretionary access control
C. Mandatory access control
D. Attribute-based access control
Answer: B
✔✔An information security incident recently occurred at an organization, and the
organization was
required to report the incident to authorities and notify the affected parties. When the
organization's
customers became of aware of the incident, some reduced their orders or stopped
placing orders entirely.
Which of the following is the organization experiencing? - ✔✔A. Reputation damage
B. Identity theft
C. Anonymlzation D. Interrupted supply chain
Answer: A
✔✔A security engineer needs to implement an MDM solution that complies with the
corporate mobile
device policy.
The policy states that in order for mobile users to access corporate resources on their
devices the
following requirements must be met:
• Mobile device OSs must be patched up to the latest release
• A screen lock must be enabled (passcode or biometric)
• Corporate data must be removed if the device is reported lost or stolen
, Which of the following controls should the security engineer configure? (Select TWO) -
✔✔A. Containerization
B. Storage segmentation
C. Posturing
D. Remote wipe
E. Full-device encryption
F. Geofencing
Answer: D,E
✔✔The IT department at a university is concerned about professors placing servers on
the university
network in an attempt to bypass security controls.
Which of the following BEST represents this type of threat? - ✔✔A. A script kiddie
B. Shadow IT
C. Hacktivism
D. White-hat
Answer: B
✔✔An organization is concerned that its hosted web servers are not running the most
updated version of
the software.
Which of the following would work BEST to help identify potential vulnerabilities? -
✔✔A. hping3 -S corsptia.org -p 80
B. nc —1 —v comptia.org -p 80
C. nmap comptia.org -p 80 —sV
D. nslookup -port=80 comptia.org
Answer: C
✔✔An attacker is trying to gain access by installing malware on a website that is known
to be visited by
the target victims.
Which of the following is the attacker MOST likely attempting? - ✔✔A. A spear-phishing
attack
B. A watering-hole attack
C. Typo squatting
D. A phishing attack
Answer: B
✔✔A critical file server is being upgraded and the systems administrator must
determine which RAID level
the new server will need to achieve parity and handle two simultaneous disk failures.
Which of the following RAID levels meets this requirements? - ✔✔A. RAID 0+1
B. RAID 2
C. RAID 5
D. RAID 6
