2/22/25, 9:02 AM Comptia Security + SY0-601 (2025) comprehensive questions and verified answers ( detailed & elaborated) ACTUAL EXAM 2…
Comptia Security + SY0-601 (2025)
comprehensive questions and verified answers (
detailed & elaborated) ACTUAL EXAM 2025
TEST!!
Save
Terms in this set (232)
https://quizlet.com/1009137531/comptia-security-sy0-601-2025-comprehensive-questions-and-verified-answers-detailed-elaborated-actual-exa… 1/163
,2/22/25, 9:02 AM Comptia Security + SY0-601 (2025) comprehensive questions and verified answers ( detailed & elaborated) ACTUAL EXAM 2…
QUESTION 1 Firewall 1:
SIMULATION A company DNS Rule - ANY --> ANY --> DNS --> PERMIT
recently added a DR site HTTPS Outbound - 10.0.0.1/24 --> ANY --> HTTPS -->
and is redesigning the PERMIT Management - ANY --> ANY --> SSH -->
network. Users at the DR PERMIT
site are having issues HTTPS Inbound - ANY --> ANY --> HTTPS -->
browsing websites. PERMIT
INSTRUCTIONS Click on HTTP Inbound - ANY --> ANY --> HTTP --> DENY
each firewall to do the Firewall 2:
following: No changes should be made to this firewall
1. Deny cleartext web Firewall 3:
traffic. DNS Rule - ANY --> ANY --> DNS --> PERMIT
2. Ensure secure HTTPS Outbound - 192.168.0.1/24 --> ANY --> HTTPS
management protocols --> PERMIT
are used. Management - ANY --> ANY --> SSH --> PERMIT
3. Resolve issues at the HTTPS Inbound - ANY --> ANY --> HTTPS -->
DR site. PERMIT
The ruleset order cannot HTTP Inbound - ANY --> ANY --> HTTP --> DENY
be modified due to
outside constraints.
If at any time you would
like to bring back the
initial state of the
simulation, please click
the Reset All button.
https://quizlet.com/1009137531/comptia-security-sy0-601-2025-comprehensive-questions-and-verified-answers-detailed-elaborated-actual-exa… 2/163
,2/22/25, 9:02 AM Comptia Security + SY0-601 (2025) comprehensive questions and verified answers ( detailed & elaborated) ACTUAL EXAM 2…
QUESTION 2 ssh-keygen -t rsa
DRAG DROP A security ssh-copy-id -i ~/.ssh/id_rsa.pub user@server
engineer is setting up chmod 644 ~/.ssh/id_rsa
password less ssh root@server
authentication for the first
time. INSTRUCTIONS
Use the minimum set of
commands to set this up
and verify that it works.
Commands cannot be
reused. If at any time you
would like to bring back
the initial state of the
simulation, please click
the Reset All button
QUESTION 3 Botnet - Enable DDOS protection
HOTSPOT Select the RAT - Implement a host base IPS
appropriate attack and Worm - Change the default application password
remediation from each Keylogger - Disable vulnerable service
drop-down list to label Backdoor - Implement 2FA using push nofication
the corresponding attack
with its remediation.
https://quizlet.com/1009137531/comptia-security-sy0-601-2025-comprehensive-questions-and-verified-answers-detailed-elaborated-actual-exa… 3/163
, 2/22/25, 9:02 AM Comptia Security + SY0-601 (2025) comprehensive questions and verified answers ( detailed & elaborated) ACTUAL EXAM 2…
QUESTION 4 DF
Which of the following
will MOST likely
adversely impact the
operations of unpatched
traditional
programmable-logic
controllers, running a
back-end LAMP server
and OT systems with
humanmanagement
interfaces that are
accessible over the
Internet via a web
interface? (Choose two.)
A. Cross-site scripting
B. Data exfiltration
C. Poor system logging
D. Weak encryption
E. SQL injection
F. Server-side request
forgery
https://quizlet.com/1009137531/comptia-security-sy0-601-2025-comprehensive-questions-and-verified-answers-detailed-elaborated-actual-exa… 4/163
Comptia Security + SY0-601 (2025)
comprehensive questions and verified answers (
detailed & elaborated) ACTUAL EXAM 2025
TEST!!
Save
Terms in this set (232)
https://quizlet.com/1009137531/comptia-security-sy0-601-2025-comprehensive-questions-and-verified-answers-detailed-elaborated-actual-exa… 1/163
,2/22/25, 9:02 AM Comptia Security + SY0-601 (2025) comprehensive questions and verified answers ( detailed & elaborated) ACTUAL EXAM 2…
QUESTION 1 Firewall 1:
SIMULATION A company DNS Rule - ANY --> ANY --> DNS --> PERMIT
recently added a DR site HTTPS Outbound - 10.0.0.1/24 --> ANY --> HTTPS -->
and is redesigning the PERMIT Management - ANY --> ANY --> SSH -->
network. Users at the DR PERMIT
site are having issues HTTPS Inbound - ANY --> ANY --> HTTPS -->
browsing websites. PERMIT
INSTRUCTIONS Click on HTTP Inbound - ANY --> ANY --> HTTP --> DENY
each firewall to do the Firewall 2:
following: No changes should be made to this firewall
1. Deny cleartext web Firewall 3:
traffic. DNS Rule - ANY --> ANY --> DNS --> PERMIT
2. Ensure secure HTTPS Outbound - 192.168.0.1/24 --> ANY --> HTTPS
management protocols --> PERMIT
are used. Management - ANY --> ANY --> SSH --> PERMIT
3. Resolve issues at the HTTPS Inbound - ANY --> ANY --> HTTPS -->
DR site. PERMIT
The ruleset order cannot HTTP Inbound - ANY --> ANY --> HTTP --> DENY
be modified due to
outside constraints.
If at any time you would
like to bring back the
initial state of the
simulation, please click
the Reset All button.
https://quizlet.com/1009137531/comptia-security-sy0-601-2025-comprehensive-questions-and-verified-answers-detailed-elaborated-actual-exa… 2/163
,2/22/25, 9:02 AM Comptia Security + SY0-601 (2025) comprehensive questions and verified answers ( detailed & elaborated) ACTUAL EXAM 2…
QUESTION 2 ssh-keygen -t rsa
DRAG DROP A security ssh-copy-id -i ~/.ssh/id_rsa.pub user@server
engineer is setting up chmod 644 ~/.ssh/id_rsa
password less ssh root@server
authentication for the first
time. INSTRUCTIONS
Use the minimum set of
commands to set this up
and verify that it works.
Commands cannot be
reused. If at any time you
would like to bring back
the initial state of the
simulation, please click
the Reset All button
QUESTION 3 Botnet - Enable DDOS protection
HOTSPOT Select the RAT - Implement a host base IPS
appropriate attack and Worm - Change the default application password
remediation from each Keylogger - Disable vulnerable service
drop-down list to label Backdoor - Implement 2FA using push nofication
the corresponding attack
with its remediation.
https://quizlet.com/1009137531/comptia-security-sy0-601-2025-comprehensive-questions-and-verified-answers-detailed-elaborated-actual-exa… 3/163
, 2/22/25, 9:02 AM Comptia Security + SY0-601 (2025) comprehensive questions and verified answers ( detailed & elaborated) ACTUAL EXAM 2…
QUESTION 4 DF
Which of the following
will MOST likely
adversely impact the
operations of unpatched
traditional
programmable-logic
controllers, running a
back-end LAMP server
and OT systems with
humanmanagement
interfaces that are
accessible over the
Internet via a web
interface? (Choose two.)
A. Cross-site scripting
B. Data exfiltration
C. Poor system logging
D. Weak encryption
E. SQL injection
F. Server-side request
forgery
https://quizlet.com/1009137531/comptia-security-sy0-601-2025-comprehensive-questions-and-verified-answers-detailed-elaborated-actual-exa… 4/163
