SY0-601: COMPTIA SECURITY CERTIFICATION EXAM 2025 QUESTIONS AND ANSWERS

SY0-601: COMPTIA SECURITY
CERTIFICATION EXAM 2025
QUESTIONS AND ANSWERS


Which of the following is an important aspect of evidence-gathering?
Back up all log files and audit trails.
Purge transaction logs.
Restore damaged data from backup media.

Monitor user access to compromised systems. - ANS Back up all log files and audit trails.


Which of the following items would be implemented at the Network layer of the security
model?
Wireless networks
Network plans
Firewalls using ACLs

Penetration testing - ANS Penetration testing


Prepare to Document means establishing the process you will use to document your network.
Which of the following makes this documentation more useful?
Identify the choke points on the network.
Automate administration as much as possible.
Identify who is responsible for each device.

Have a printed hard copy kept in a secure location. - ANS Have a printed hard copy kept in a
secure location.



1 Copyright ©BRIGHSTARS ALL RIGHTS RESERVED 2025

,You assign access permissions so that users can only access the resources required to
accomplish their specific work tasks. Which security principle are you complying with?
Cross-training
Job rotation
Need to know

Principle of least privilege - ANS Principle of least privilege


A recreation of historical events is made possible through which of the following?
Incident reports
Audits
Audit trails

Penetration testing - ANS Audit trails


An attacker uses an exploit to push a modified hosts file to client systems. This hosts file
redirects traffic from legitimate tax preparation sites to malicious sites to gather personal and
financial information.
Which kind of exploit has been used in this scenario?
Man-in-the-middle
Reconnaissance
DNS poisoning

Domain name kiting - ANS DNS poisoning


When you inform an employee that he or she is being terminated, which of the following is the
most important activity?
Disable his or her network access
Allow him or her to collect their personal items
Allow him or her to complete their current work projects

Give him or her two weeks' notice - ANS Disable his or her network access


Which protocol does HTTPS use to offer greater security in web transactions?

2 Copyright ©BRIGHSTARS ALL RIGHTS RESERVED 2025

, Kerberos
IPsec
SSL

Telnet - ANS SSL


How often should change-control management be implemented?
Any time a production system is altered.
At regular intervals throughout the year.
Only when changes are made that affect senior management.

Only when a production system is altered greatly. - ANS Any time a production system is
altered.


A user copies files from her desktop computer to a USB flash device and puts the device into
her pocket. Which of the following security risks is most pressing?
Non-repudiation
Confidentiality
Availability

Integrity - ANS Confidentiality


Which ISO publication lays out guidelines for selecting and implementing security controls?
31000
27002
27701

27001 - ANS 27002


You are cleaning your desk at work. You toss several stacks of paper in the trash, including a
sticky note with your password written on it. Which of the following types of non-technical
password attacks have you enabled?
Social engineering
Dumpster diving

3 Copyright ©BRIGHSTARS ALL RIGHTS RESERVED 2025