SYO 601 Exam Questions with Correct Answers Latest Version 2025 Graded A+
A user is attempting to navigate to a website from inside the company network using a desktop. When
the user types in the URL, https://www.site.com, the user is presented with a certificate mismatch
warning from the browser. The user does not receive a warning when visiting
http://www.anothersite.com. Which of the following describes this attack?
A. On-path
B. Domain hijacking
C. DNS poisoning
D. Evil twin - Answers C. DNS Poisoning
Which of the following tools is effective in preventing a user from accessing unauthorized removable
media?
A. USB data blocker
B. Faraday cage
C. Proximity reader
D. Cable lock - Answers A. USB Data Blocker
A Chief Security Officer is looking for a solution that can provide increased scalability and flexibility for
back-end infrastructure, allowing it to be updated and modified without disruption to services. The
security architect would like the solution selected to reduce the back-end server resources and has
highlighted that session persistence is not important for the applications running on the back-end
servers. Which of the following would BEST meet the requirements?
A. Reverse proxy
B. Automated patch management
C. Snapshots
D. NIC teaming - Answers A. Reverse proxy
Which of the following describes a social engineering technique that seeks to exploit a person's sense of
urgency?
A. A phishing email stating a cash settlement has been awarded but will expire soon
B. A smishing message stating a package is scheduled for pickup
C. A vishing call that requests a donation be made to a local charity
,D. A SPIM notification claiming to be undercover law enforcement investigating a cybercrime - Answers
A. A phishing email stating a cash settlement has been awarded but will expire soon
A security analyst is reviewing application logs to determine the source of a breach and locates the
following log: https://www.comptia.com/login.php?id='%20or%20'1'1='1
Which of the following has been observed?
A. DLL Injection
B. API attack
C. SQLi
D. XSS - Answers C. SQLi
An audit identified PII being utilized in the development environment of a critical application. The Chief
Privacy Officer (CPO) is adamant that this data must be removed; however, the developers are
concerned that without real data they cannot perform functionality tests and search for specific data.
Which of the following should a security professional implement to BEST satisfy both the CPO's and the
development team's requirements?
A. Data anonymization
B. Data encryption
C. Data masking
D. Data tokenization - Answers
A company is implementing a DLP solution on the file server. The file server has PII, financial
information, and health information stored on it. Depending on what type of data that is hosted on the
file server, the company wants different DLP rules assigned to the data. Which of the following should
the company do to help accomplish this goal?
A. Classify the data.
B. Mask the data.
C. Assign the application owner.
D. Perform a risk analysis. - Answers
A forensics investigator is examining a number of unauthorized payments that were reported on the
company's website. Some unusual log entries show users received an email for an unwanted mailing list
and clicked on a link to attempt to unsubscribe. One of the users reported the email to the phishing
team, and the forwarded email revealed the link to be:
,<a href="https://www.company.com/payto.do?
routing=00001111&acct=22223334&amount=250">Click here to unsubscribe</a>
Which of the following will the forensics investigator MOST likely determine has occurred?
A. SQL injection
B. Broken authentication
C. XSS
D. XSRF - Answers
A report delivered to the Chief Information Security Officer (CISO) shows that some user credentials
could be exfiltrated. The report also indicates that users tend to choose the same credentials on
different systems and applications. Which of the following policies should the CISO use to prevent
someone from using the exfiltrated credentials?
A. MFA
B. Lockout
C. Time-based logins
D. Password history - Answers
A company wants to simplify the certificate management process. The company has a single domain
with several dozen subdomains, all of which are publicly accessible on the internet. Which of the
following BEST describes the type of certificate the company should implement?
A. Subject alternative name
B. Wildcard
C. Self-signed
D. Domain validation - Answers
Which of the following is an effective tool to stop or prevent the exfiltration of data from a network?
A. DLP
B. NIDS
C. TPM
D. FDE - Answers
, Several attempts have been made to pick the door lock of a secure facility. As a result, the security
engineer has been assigned to implement a stronger preventative access control. Which of the following
would BEST complete the engineer's assignment?
A. Replacing the traditional key with an RFID key
B. Installing and monitoring a camera facing the door
C. Setting motion-sensing lights to illuminate the door on activity
D. Surrounding the property with fencing and gates - Answers
Which of the following can be used by a monitoring tool to compare values and detect password leaks
without providing the actual credentials?
A. Hashing
B. Tokenization
C. Masking
D. Encryption - Answers
A security engineer is building a file transfer solution to send files to a business partner. The users would
like to drop off the files in a specific directory and have the server send the file to the business partner.
The connection to the business partner is over the internet and needs to be secure. Which of the
following can be used?
A. S/MIME
B. LDAPS
C. SSH
D. SRTP - Answers
An administrator needs to protect user passwords and has been advised to hash the passwords. Which
of the following BEST describes what the administrator is being advised to do?
A. Perform a mathematical operation on the passwords that will convert them into unique strings.
B. Add extra data to the passwords so their length is increased, making them harder to brute force.
C. Store all passwords in the system in a rainbow table that has a centralized location.
D. Enforce the use of one-time passwords that are changed for every login session. - Answers
Which of the following would be indicative of a hidden audio file found inside of a piece of source code?
A user is attempting to navigate to a website from inside the company network using a desktop. When
the user types in the URL, https://www.site.com, the user is presented with a certificate mismatch
warning from the browser. The user does not receive a warning when visiting
http://www.anothersite.com. Which of the following describes this attack?
A. On-path
B. Domain hijacking
C. DNS poisoning
D. Evil twin - Answers C. DNS Poisoning
Which of the following tools is effective in preventing a user from accessing unauthorized removable
media?
A. USB data blocker
B. Faraday cage
C. Proximity reader
D. Cable lock - Answers A. USB Data Blocker
A Chief Security Officer is looking for a solution that can provide increased scalability and flexibility for
back-end infrastructure, allowing it to be updated and modified without disruption to services. The
security architect would like the solution selected to reduce the back-end server resources and has
highlighted that session persistence is not important for the applications running on the back-end
servers. Which of the following would BEST meet the requirements?
A. Reverse proxy
B. Automated patch management
C. Snapshots
D. NIC teaming - Answers A. Reverse proxy
Which of the following describes a social engineering technique that seeks to exploit a person's sense of
urgency?
A. A phishing email stating a cash settlement has been awarded but will expire soon
B. A smishing message stating a package is scheduled for pickup
C. A vishing call that requests a donation be made to a local charity
,D. A SPIM notification claiming to be undercover law enforcement investigating a cybercrime - Answers
A. A phishing email stating a cash settlement has been awarded but will expire soon
A security analyst is reviewing application logs to determine the source of a breach and locates the
following log: https://www.comptia.com/login.php?id='%20or%20'1'1='1
Which of the following has been observed?
A. DLL Injection
B. API attack
C. SQLi
D. XSS - Answers C. SQLi
An audit identified PII being utilized in the development environment of a critical application. The Chief
Privacy Officer (CPO) is adamant that this data must be removed; however, the developers are
concerned that without real data they cannot perform functionality tests and search for specific data.
Which of the following should a security professional implement to BEST satisfy both the CPO's and the
development team's requirements?
A. Data anonymization
B. Data encryption
C. Data masking
D. Data tokenization - Answers
A company is implementing a DLP solution on the file server. The file server has PII, financial
information, and health information stored on it. Depending on what type of data that is hosted on the
file server, the company wants different DLP rules assigned to the data. Which of the following should
the company do to help accomplish this goal?
A. Classify the data.
B. Mask the data.
C. Assign the application owner.
D. Perform a risk analysis. - Answers
A forensics investigator is examining a number of unauthorized payments that were reported on the
company's website. Some unusual log entries show users received an email for an unwanted mailing list
and clicked on a link to attempt to unsubscribe. One of the users reported the email to the phishing
team, and the forwarded email revealed the link to be:
,<a href="https://www.company.com/payto.do?
routing=00001111&acct=22223334&amount=250">Click here to unsubscribe</a>
Which of the following will the forensics investigator MOST likely determine has occurred?
A. SQL injection
B. Broken authentication
C. XSS
D. XSRF - Answers
A report delivered to the Chief Information Security Officer (CISO) shows that some user credentials
could be exfiltrated. The report also indicates that users tend to choose the same credentials on
different systems and applications. Which of the following policies should the CISO use to prevent
someone from using the exfiltrated credentials?
A. MFA
B. Lockout
C. Time-based logins
D. Password history - Answers
A company wants to simplify the certificate management process. The company has a single domain
with several dozen subdomains, all of which are publicly accessible on the internet. Which of the
following BEST describes the type of certificate the company should implement?
A. Subject alternative name
B. Wildcard
C. Self-signed
D. Domain validation - Answers
Which of the following is an effective tool to stop or prevent the exfiltration of data from a network?
A. DLP
B. NIDS
C. TPM
D. FDE - Answers
, Several attempts have been made to pick the door lock of a secure facility. As a result, the security
engineer has been assigned to implement a stronger preventative access control. Which of the following
would BEST complete the engineer's assignment?
A. Replacing the traditional key with an RFID key
B. Installing and monitoring a camera facing the door
C. Setting motion-sensing lights to illuminate the door on activity
D. Surrounding the property with fencing and gates - Answers
Which of the following can be used by a monitoring tool to compare values and detect password leaks
without providing the actual credentials?
A. Hashing
B. Tokenization
C. Masking
D. Encryption - Answers
A security engineer is building a file transfer solution to send files to a business partner. The users would
like to drop off the files in a specific directory and have the server send the file to the business partner.
The connection to the business partner is over the internet and needs to be secure. Which of the
following can be used?
A. S/MIME
B. LDAPS
C. SSH
D. SRTP - Answers
An administrator needs to protect user passwords and has been advised to hash the passwords. Which
of the following BEST describes what the administrator is being advised to do?
A. Perform a mathematical operation on the passwords that will convert them into unique strings.
B. Add extra data to the passwords so their length is increased, making them harder to brute force.
C. Store all passwords in the system in a rainbow table that has a centralized location.
D. Enforce the use of one-time passwords that are changed for every login session. - Answers
Which of the following would be indicative of a hidden audio file found inside of a piece of source code?
