.png){kind=logo}
Comptia Security + SY0-601 Exam (2026/2027 Update) Questions and Verified Answers| 100% Correct| Grade A| Latest
Comptia Security + SY0-601 Exam (2026/
2026 Update) Questions and Verified
Answers| 100% Correct| Grade A| Latest
Q: A researcher has been analyzing large data sets for the last ten months. The researcher works
with colleagues from other institutions and typically connects via SSH to retrieve additional data.
Historically, this setup hash worked without issue, but the researcher recently started getting the
following message:
Which of the following network attacks is the researcher MOST likely experiencing?
A. MAC cloning
B. Evil twin
C. Man-in-the-middle
D. ARP poisoning
Answer:
C
Q: An organization is developing an authentication service for use at the entry and exit ports of
country borders. The service will use data feeds obtained from passport systems, passenger
manifests, and high definition video feeds from CCTV systems that are located at the ports. The
service will incorporate machine-learning techniques to eliminate biometric enrollment processes
while still allowing authorities to identify passengers with increasing accuracy over time. The
more frequently passengers travel, the more accurately the service will identify them. Which of
the following biometrics will MOST likely be used, without the need for enrollment? (Choose
two.)
A. Voice
B. Gait
C. Vein
D. Facial
E. Retina
F. Fingerprint
Answer:
BD
Q: An organization needs to implement more stringent controls over administrator/root
credentials and
service accounts. Requirements for the project include:
• Check-in/checkout of credentials
• The ability to use but not know the password
• Automated password changes
• Logging of access to credentials
Which of the following solutions would meet the requirements?
A. OAuth 2.0
B. Secure Enclave
C. A privileged access management system
D. An OpenlD Connect authentication system
Answer:
D
Q: Several employees return to work the day after attending an industry trade show. That same
day, the security manager notices several malware alerts coming from each of the employee's
workstations. The security manager investigates but finds no signs of an attack on the perimeter
firewall or the NIDS. Which of the following is MOST likely causing the malware alerts?
A. A worm that has propagated itself across the intranet, which was initiated by presentation
media
B. A fileless virus that is contained on a vCard that is attempting to execute an attack
C. A Trojan that has passed through and executed malicious code on the hosts
D. A USB flash drive that is trying to run malicious code but is being blocked by the host
firewall
Answer:
A
Q: After reading a security bulletin, a network security manager is concerned that a malicious
actor may have breached the network using the same software flaw. The exploit code is publicly
available and has been reported as being used against other industries in the same vertical. Which
of the following should the network security manager consult FIRST to determine a priority list
for forensic review?
A. The vulnerability scan output
B. The IDS logs
C. The full packet capture data
D. The SIEM alerts
Answer:
A
Q: A financial organization has adopted a new secure, encrypted document-sharing application
to help with its customer loan process. Some important PII needs to be shared across this new
platform, but it is getting blocked by the DLP systems. Which of the following actions will
BEST allow the PII to be shared with the secure application without compromising the
organization's security posture?
A. Configure the DLP policies to allow all PII
B. Configure the firewall to allow all ports that are used by this application
C. Configure the antivirus software to allow the application
D. Configure the DLP policies to whitelist this application with the specific PII
E. Configure the application to encrypt the PII
Answer:
D
Q: An auditor is performing an assessment of a security appliance with an embedded OS that
was vulnerable during the last two assessments. Which of the following BEST explains the
appliance's vulnerable state?
A. The system was configured with weak default security settings.
B. The device uses weak encryption ciphers.
C. The vendor has not supplied a patch for the appliance.
D. The appliance requires administrative credentials for the assessment.
Answer:
C
Q: A company's bank has reported that multiple corporate credit cards have been stolen over
the past several weeks. The bank has provided the names of the affected cardholders to the
company's forensics team to assist in the cyber-incident investigation.
An incident responder learns the following information:
• The timeline of stolen card numbers corresponds closely with affected users making
Internet-based purchases from diverse websites via enterprise desktop PCs.
• All purchase connections were encrypted, and the company uses an SSL inspection proxy for
the
inspection of encrypted traffic of the hardwired network.
• Purchases made with corporate cards over the corporate guest WiFi network, where no SSL
inspection occurs, were unaffected.
Which of the following is the MOST likely root cause?
A. HTTPS sessions are being downgraded to insecure cipher suites
B. The SSL inspection proxy is feeding even
Answer:
C
Q: A pharmaceutical sales representative logs on to a laptop and connects to the public WiFi to
check emails and update reports. Which of the following would be BEST to prevent other
devices on the network from directly accessing the laptop? (Choose two.)
A. Trusted Platform Module
B. A host-based firewall
C. A DLP solution
D. Full disk encryption
E. A VPN
F. Antivirus software
Answer:
AB
Q: A company is implementing MFA for all applications that store sensitive data. The IT
manager wants MFA to be non-disruptive and user friendly. Which of the following technologies
should the IT manager use when implementing MFA?
A. One-time passwords
B. Email tokens
C. Push notifications
D. Hardware authentication
Answer:
C
.png)