SY0-601 CompTIA Security+ Exam 2023 Free Practice Exam Questions (2025 Updated)

A company prevented direct access from the database administrators' workstations to the network segment that contains database servers. Which of the following should a database administrator use to access the database servers?

A security analyst at an organization observed several user logins from outside the organization's network The analyst determined that these logins were not performed by individuals within the organization Which of the following recommendations would reduce the likelihood of future attacks? (Select two).

A small business uses kiosks on the sales floor to display product information for customers. A security team discovers the kiosks use end- of-life operating systems. Which of the following is the security team most likely to document as a security implication of the current architecture?

After a security awareness training session, a user called the IT help desk and reported a suspicious call. The suspicious caller stated that the Chief Financial Officer wanted credit card information in order to close an invoice. Which of the following topics did the user recognize from the training?

After a web server was migrated to a cloud environment, user access to that server was Wocked Ever though an on-premises firewall configuration has been modified to reflect the cloud infrastructure, users are still experiencing access issues. Which of the following most likely needs to be configured?

Which of the following describes an executive team that is meeting in a board room and testing the company's incident response plan?

When a newly developed application was tested a specific internal resource was unable to be accessed Which of the following should be done to ensure the application works correctly?

A security administrator is configuring fileshares. The administrator removed the default permissions and added permissions for only users who will need to access the fileshares as part of their job duties. Which of the following best describes why the administrator performed these actions?

The CIRT is reviewing an incident that involved a human resources recruiter exfiltrating sensitive company data. The CIRT found that the recruiter was able to use HTTP over port 53 to upload documents to a web server. Which of the following security infrastructure devices could have identified and blocked this activity?

An enterprise has been experiencing attacks focused on exploiting vulnerabilities in older browser versions with well-known exploits. Which of the following security solutions should be configured to best provide the ability to monitor and block these known signature-based attacks?

Which of the following describes a security alerting and monitoring tool that collects system, application, and network logs from multiple sources in a centralized system?

Which of the following technologies can better utilize compute and memory resources for on-premises application workloads?

The Chief Information Security Officer (CISO) at a large company would like to gain an understanding of how the company’s security policies compare to the requirements imposed by external regulators. Which of the following should the CISO use?

A third-party vendor is moving a particular application to the end-of-life stage at the end of the current year. Which of the following is the most critical risk if the company chooses to continue running the application?

Which of the following is used to describe discrete characteristics of a potential weakness that results in a seventy number?

An organization is outlining data stewardship roles and responsibilities. Which of the following employee roles would determine the purpose of data and how to process it?

A security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours. Which of the following is most likely occurring?

A user's login credentials were recently compromised During the investigation, the security analyst determined the user input credentials into a pop-up window when prompted to confirm the username and password However the trusted website does not use a pop-up for entering user colonials Which of the following attacks occurred?

Which of the following is an administrative control that would be most effective to reduce the occurrence of malware execution?

Which of the following security controls is used to isolate a section of the network and its externally available resources from the internal corporate network in order to reduce the number of possible attacks?

During an incident, an EDR system detects an increase in the number of encrypted outbound connections from multiple hosts. A firewall is also reporting an increase in outbound connections that use random high ports. An

analyst plans to review the correlated logs to find the source of the incident. Which of the following tools will best assist the analyst?

A hosting provider needs to prove that its security controls have been in place over the last six months and have sufficiently protected customer data. Which of the following would provide the best proof that the hosting provider has met the requirements?

Which of the following scenarios best describes a risk reduction technique?

Which of the following is an algorithm performed to verify that data has not been modified?

A company is looking to move completely to a remote work environment. The Chief Information Security Officer is concerned about the improper use of company-owned devices when employees are working from home. Which of the following could be implemented to ensure that devices are on the company-owned network?

A Chief Information Security Officer has defined resiliency requirements for a new data center architecture. The requirements are as follows:

• Critical fileshares will remain accessible during and after a natural disaster.

• Five percent of hard disks can fail at any given time without impacting the data.

• Systems will be forced to shut down gracefully when battery levels are below 20%.

Which of the following are required to BEST meet these objectives? (Select THREE).

A malicious actor compromised an entire cluster by exploiting a zero-day vulnerability in a unique container. The malicious actor then engaged in a lateral movement and compromised other containers and the host system. Which of the following container security practices has the GREATEST chance of preventing this attack from reoccurring?

An organization is concerned that its hosted web servers are not running the most updated version of the software. Which of the following would work BEST to help identify potential vulnerabilities?

A security analyst is reviewing logs on a server and observes the following output:

01/01/2020 03:33:23 admin attempted login with password sneak

01/01/2020 03:33:32 admin attempted login with password sneaked

01/01/2020 03:33:41 admin attempted login with password sneaker

01/01/2020 03:33:50 admin attempted login with password sneer

01/01/2020 03:33:59 admin attempted login with password sneeze

01/01/2020 03:34:08 admin attempted login with password sneezy

Which of the following is the security analyst observing?

A routine audit of medical billing claims revealed that several claims were submitted without the subscriber's knowledge A review of the audit logs for the medical billing company's system indicated a company employee downloaded customer records and adjusted the direct deposit information to a personal bank account Which of the following does this action describe?

An organization is concerned about intellectual property theft by employees who leave the organization Which of the following should the organization most likely implement?

A dynamic application vulnerability scan identified that code injection could be performed using a web form. Which of the following will be the best remediation to prevent this vulnerability?

A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?

A company's marketing department collects, modifies, and stores sensitive customer data. The infrastructure team is responsible for Securing the data while in transit and at rest. Which of the following data roles describes the customer?

A company is planning a disaster recovery site and needs to ensure that a single natural disaster would not result in the complete loss of regulated backup data. Which of the following should the company consider?

An analyst is concerned about data leaks and wants to restrict access to internet services to authorized users only. The analyst also wants to control the actions each user can perform on each service. Which of the following would be the best technology for the analyst to consider implementing?

The local administrator account for a company's VPN appliance was unexpectedly used to log in to the remote management interface. Which of the following would have prevented this from happening?

Which of the following practices would be best to prevent an insider from introducing malicious code into a company’s development process?

A company decided to reduce the cost of its annual cyber insurance policy by removing the coverage for ransomware attacks. Which of the following analysis elements did the company most likely use in making this decision?

A company decided to reduce the cost of its annual cyber insurance policy by removing the coverage for ransomware attacks. Which of the following analysis elements did the company most likely use in making this decision?