CompTIA · Free Practice Questions · Last reviewed May 2026
150real exam-style questions organised by domain, each with the correct answer highlighted and a plain-English explanation of why it's right — and why the others are wrong.
A user is unable to print to a network printer after a Windows update. Other users on the same network can print successfully. Which Windows tool should you use to view detailed error messages related to the print spooler service?
Device Manager
Services.msc
Event Viewer
Event Viewer records print spooler errors and warnings, making it the correct tool for troubleshooting the cause of the failure.
Performance Monitor
A user's Windows 10 PC is infected with ransomware that has encrypted their Documents folder. You need to restore the files from a previous version that was saved by File History. Where do you access the 'Previous Versions' feature to restore these files?
File Explorer > Properties > Previous Versions tab
This is the correct location to view and restore previous versions of files or folders saved by File History or shadow copies.
Control Panel > File History > Restore personal files
Settings > Update & Security > Backup
Computer Management > Storage > Disk Management
You are configuring a new Windows 10 workstation for a remote employee who will connect to the corporate VPN. The user should not be able to install software or change system settings. Which tool should you use to enforce these restrictions?
User Account Control (UAC) settings
Local Group Policy Editor
Local Group Policy Editor can enforce software installation restrictions and control panel access for specific users or groups.
Device Manager
Registry Editor
A technician needs to create a bootable USB drive that can run Windows PE to deploy a custom Windows 10 image to multiple laptops. Which Windows tool should they use to create this bootable media?
Windows Media Creation Tool
Windows System Image Manager (Windows SIM)
Windows ADK (Assessment and Deployment Kit)
The Windows ADK provides the tools to build a custom Windows PE image and create bootable USB drives for deployment.
Disk Management
You are troubleshooting a Windows 10 PC that fails to boot with the error 'Boot Configuration Data is missing.' Which built-in tool can you use from the Windows Recovery Environment to rebuild the BCD store?
System File Checker (sfc /scannow)
Diskpart
Bootrec.exe
Bootrec.exe with the /rebuildbcd switch scans for Windows installations and rebuilds the BCD store, fixing the missing BCD error.
CHKDSK
After installing a new application, a user reports that their default web browser keeps changing to a different one without their consent. Which Windows feature can you use to prevent applications from changing file associations and default programs?
Programs and Features
Default Programs (Control Panel)
Local Group Policy Editor
Group Policy can enforce 'Set a default associations configuration file' to lock file associations and prevent changes by users or apps.
Registry Editor
Want more Windows OS Features and Tools practice?
Practice this domainA security incident occurred where an unauthorized user accessed a workstation. You need to review the event logs to determine when the breach happened. Which Control Panel applet would you use to launch the Event Viewer?
System
Security and Maintenance
Administrative Tools
Administrative Tools includes Event Viewer, Performance Monitor, and other system tools.
Device Manager
A user calls the help desk because their Windows 10 PC is not showing any sound icon in the system tray, and audio is not working. You suspect the audio service is disabled. Which Control Panel applet would you use to check and restart the Windows Audio service?
Sound
Device Manager
Administrative Tools
Administrative Tools contains shortcuts to Services, Event Viewer, and other system management consoles.
System
A user wants to configure their Windows 10 PC to automatically install driver updates from Windows Update. Which Settings page would you use to change the driver update behavior?
Update & Security > Windows Update > Advanced options
Advanced options contains a toggle for 'Receive updates for other Microsoft products' which includes driver updates.
System > About
Devices > AutoPlay
Update & Security > Delivery Optimization
A user needs to connect to a work VPN but cannot find the VPN settings in the network tray. You need to guide them to the correct location to add a VPN connection. Where in Windows Settings would you direct them?
Network & Internet > Status
Network & Internet > Ethernet
Network & Internet > VPN
The VPN page allows adding and managing VPN connections.
Network & Internet > Proxy
A user reports that their Windows 10 PC displays a 'Low Disk Space' warning on the C: drive. You want to use a built-in tool to delete temporary files and empty the Recycle Bin. Which Settings page should you open?
System > Storage
The Storage page shows disk usage and offers options to run Storage Sense or manually delete temporary files.
System > About
Apps > Apps & features
Update & Security > Windows Update
A user reports that their Windows 10 laptop shows a 'Your license will expire soon' watermark on the desktop. They recently replaced the motherboard. Which Control Panel applet should you use to re-activate Windows?
Device Manager
System
The System applet displays Windows edition, activation status, and a link to change the product key or activate.
User Accounts
Network and Sharing Center
Want more Windows Settings and Control Panel practice?
Practice this domainA user reports that a specific application crashes immediately on launch. You want to verify the integrity of the application's core files without reinstalling. Which command-line tool can you use to scan and repair system files that the application depends on?
sfc /scannow
Correct. sfc scans and repairs corrupted system files that might cause application crashes.
chkdsk /f
tasklist
dism /online /cleanup-image /restorehealth
During a security incident, you need to identify which processes are listening on specific network ports on a Windows server. Which command-line tool should you use?
nslookup
tracert
netstat -an
Correct. netstat -an displays all active connections and listening ports with numerical addresses, helping identify suspicious services.
ipconfig /all
A security audit reveals that a Windows 10 workstation has an unauthorized local user account. You need to remove this account from the command line without using the GUI. Which command should you use?
net localgroup Administrators UnauthorizedUser /delete
net user UnauthorizedUser /delete
Correct. net user /delete removes the specified user account from the system.
wmic useraccount where name='UnauthorizedUser' delete
gpresult /r
A customer complains that their Windows 10 laptop frequently loses network connectivity. You suspect the IP address configuration is incorrect. Which command should you use to release the current IP address and request a new one from the DHCP server?
ping 8.8.8.8
ipconfig /release
Correct. ipconfig /release releases the current IP lease, and then ipconfig /renew obtains a new one from DHCP.
nslookup google.com
netstat -a
A user reports that their Windows 10 PC is infected with malware that prevents the Task Manager from opening. You need to terminate a suspicious process from the command line. Which command should you use to forcefully end a process by its name?
tasklist /v
taskkill /IM malware.exe /F
Correct. taskkill /IM terminates the process by image name, and /F forces it to stop.
shutdown /r /t 0
regedit /e backup.reg
After a failed Windows Update, a Windows 10 system repeatedly attempts to install the update and fails. You need to stop the Windows Update service and delete the temporary update files from the command line. Which two commands, in order, should you use? (Select the first command from the options.)
net stop wuauserv
Correct. net stop wuauserv stops the Windows Update service, allowing deletion of its temporary files.
sfc /scannow
dism /online /cleanup-image /restorehealth
taskkill /IM svchost.exe /F
Want more Windows Command-Line Tools practice?
Practice this domainA user reports that their Windows 10 PC is running slowly after they installed a new program. You need to identify which service or startup program is consuming the most CPU resources to troubleshoot the issue. Which administrative tool should you use?
Event Viewer
Task Manager
Task Manager's Processes tab shows CPU, memory, and disk usage for each running process, allowing you to pinpoint the culprit.
Services.msc
Performance Monitor
A security incident occurred where an unauthorized user gained access to a workstation. The security team needs to review detailed logs of all user logon attempts, including successful and failed logins, for the past 48 hours. Which administrative tool and specific log should you access to provide this information?
Event Viewer > Windows Logs > System
Event Viewer > Windows Logs > Security
The Security log contains audit events such as logon/logoff, account management, and policy changes.
Event Viewer > Applications and Services Logs > Microsoft > Windows > TerminalServices-LocalSessionManager
Computer Management > System Tools > Shared Folders > Sessions
During a software deployment, you need to configure a Windows 10 workstation to automatically start a legacy application every time a specific user logs on. Which tool should you use to add this startup entry for that user only?
Services.msc
Task Manager
Task Manager's Startup tab lists user startup items and allows you to enable or disable them easily.
Computer Management
Local Group Policy Editor
A customer reports that their Windows 11 PC is experiencing intermittent application crashes and you suspect file corruption. You need to run a system file check without using the full Windows interface. Which administrative tool can you launch from the Run dialog to open a command prompt with the necessary permissions?
Type 'cmd' in the Run dialog and press Enter
Type 'powershell' in the Run dialog and press Enter
Type 'cmd' in the Run dialog and press Ctrl+Shift+Enter
This launches an elevated command prompt with administrator privileges, required for SFC to repair system files.
Type 'msconfig' in the Run dialog and press Enter
After installing a new printer, a user reports that print jobs are stuck in the queue and cannot be deleted. You need to stop and restart the print spooler service to clear the queue. Which administrative tool allows you to manage this service?
Task Manager
Services.msc
Services.msc lists all services, including the Print Spooler, and allows you to stop, start, or restart them.
Device Manager
Event Viewer
A user reports that their Windows 10 PC is unable to connect to shared network folders on the office server. You need to verify that the necessary network discovery and file sharing services are running. Which administrative tool should you open to check the status of services like 'Function Discovery Resource Publication' and 'SSDP Discovery'?
Network and Sharing Center
Device Manager
Services.msc
Services.msc allows you to view and manage the status of all Windows services, including network discovery services.
Task Manager
Want more Windows Administrative Tools practice?
Practice this domainA security incident has occurred: a user's Mac running macOS Ventura was infected with malware that modified system files. The technician needs to boot the Mac into a mode that loads only essential Apple-signed kernel extensions and prevents third-party software from loading, in order to safely remove the malware. Which startup mode should they use?
Single-user mode (Command + S).
Verbose mode (Command + V).
Safe Mode (Shift key during startup).
Safe Mode disables all non-Apple kernel extensions, startup items, and login items, providing a clean environment to remove malware. It also checks the startup disk for errors.
Target Disk Mode (T key).
A user reports that their MacBook Pro running macOS Big Sur will not boot past the Apple logo. You suspect a corrupted system file. You need to boot into a special mode to run Disk Utility's First Aid on the startup volume. Which key combination should you hold during startup?
Hold the Option (⌥) key.
Hold Command (⌘) + R.
This boots into macOS Recovery, where Disk Utility is available. Running First Aid can repair disk errors that may be preventing the system from booting.
Hold the Shift key.
Hold Command (⌘) + Option (⌥) + P + R.
A user complains that their MacBook Air running macOS Monterey frequently runs out of memory and slows down when they have multiple browser tabs and apps open. They want to see which processes are consuming the most memory without installing third-party software. Which macOS tool should you instruct them to use?
Force Quit Applications window (Cmd+Option+Esc).
System Preferences > Memory.
Terminal with the 'top' command.
Activity Monitor from the Utilities folder.
Activity Monitor provides a graphical interface to view memory usage, CPU load, and other system metrics. It is the appropriate tool for this scenario.
A technician is troubleshooting a Mac that fails to connect to a Wi-Fi network. The network is visible, but entering the correct password results in an 'unable to join the network' error. The technician wants to delete the saved network configuration to start fresh. Which macOS tool or location should they use?
System Settings > Network > Wi-Fi > Details > Remove this network.
This is the correct graphical method to forget a Wi-Fi network. It removes the saved password and any custom network settings, allowing a fresh connection attempt.
Keychain Access and delete the Wi-Fi password entry.
Terminal with the 'networksetup -setairportnetwork' command.
System Information > Network > Wi-Fi.
A graphic designer needs to create a bootable macOS installer on an external SSD to deploy macOS Sonoma to multiple iMacs in the office. They have the 'Install macOS Sonoma.app' file. Which built-in macOS tool should they use to create the bootable drive?
Disk Utility to restore the .app file to the SSD.
System Information to verify the SSD is bootable.
Terminal with the 'createinstallmedia' command.
This is the correct built-in tool. The command syntax is 'sudo /Applications/Install macOS Sonoma.app/Contents/Resources/createinstallmedia --volume /Volumes/MyVolume'. It creates a bootable installer.
Migration Assistant to copy the app to the SSD.
A user has accidentally deleted several important files from their Documents folder on their Mac running macOS Ventura. They need to recover them immediately. Which built-in macOS tool should you guide them to use first?
Time Machine from the menu bar.
The Trash folder in the Dock.
When files are deleted normally, they are moved to the Trash. The user can open the Trash, select the files, and choose 'Put Back' to restore them to their original location.
Terminal with the 'cd' and 'ls' commands.
System Settings > General > Storage.
Want more macOS Features and Tools practice?
Practice this domainA malicious script is suspected to have changed permissions on critical system files. The administrator needs to restore the /etc/passwd file to its default permissions, which are 644. The file is currently 777. Which command will set the correct permissions?
chmod 644 /etc/passwd
This sets owner read/write, group read, others read, which is the correct default for /etc/passwd.
chmod 600 /etc/passwd
chmod 755 /etc/passwd
chmod 444 /etc/passwd
A system administrator needs to find all files in /var/log that have been modified in the last 24 hours to check for recent activity. Which command accomplishes this?
find /var/log -mtime -1
This correctly finds files modified within the last 24 hours using -mtime -1.
find /var/log -atime -1
find /var/log -ctime -1
find /var/log -mmin -1440
A helpdesk technician is assisting a user who is unable to find a file named 'notes.txt' they saved earlier. The user is in their home directory. Which command will search the entire filesystem for this file?
locate notes.txt
grep notes.txt /
find ~ -name notes.txt
find / -name notes.txt
This searches the entire filesystem from root, making it the correct command for a full system search.
A software deployment script fails because it cannot write to the /opt/app directory. The directory currently has permissions drwxr-xr-x and is owned by root. The script runs as a non-root user. Which command would allow the script to write files without compromising security more than necessary?
chmod o+w /opt/app
This adds write permission for others, allowing the non-root script to write while keeping group permissions unchanged.
chmod 777 /opt/app
chown user:user /opt/app
chmod g+w /opt/app
During a security audit, a Linux server is found to have a configuration file that is world-writable. The file /etc/app/config.cfg must only be readable and writable by the root user. Which command should the administrator run?
chmod 777 /etc/app/config.cfg
chmod 644 /etc/app/config.cfg
chmod 600 /etc/app/config.cfg
This grants read and write only to the owner (root), and no permissions to group or others, securing the file.
chmod 400 /etc/app/config.cfg
A user reports that a shared file on a Linux server is not accessible to their team. The file permissions are -rwxr----- and the user is a member of the group 'staff'. The file's group owner is 'admin'. Which command should the administrator run to allow the staff group to read the file?
chmod 755 file
chmod g+r file
chgrp staff file
This changes the group to 'staff', so the group read permission applies to the user's team, granting access.
chown user:staff file
Want more Linux Commands and File Permissions practice?
Practice this domainA user's iPhone is running iOS 15 and they are unable to install a new app from the App Store. The error message says 'Unable to Download App. This app requires iOS 16 or later.' However, the user's iPhone model supports iOS 16. Which built-in iOS feature should the technician use to resolve this?
Offload the app and reinstall it.
Clear the App Store cache by force-closing the app.
Perform a factory reset.
Update iOS via Settings > General > Software Update.
Updating to iOS 16 via Software Update meets the app's requirement, allowing the download to proceed.
During a security audit, a technician discovers that an employee's company-issued iPhone has been jailbroken. The employee claims they only did it to customize the home screen. Which security risk is most directly associated with a jailbroken device in a corporate environment?
The device cannot receive iOS updates.
It voids the warranty.
It bypasses app sandbox restrictions, potentially exposing corporate data.
Jailbreaking removes iOS security layers, including sandboxing, allowing malicious apps to access data from other apps, which is a severe data leakage risk.
The device will perform slower.
A user is setting up a new Android tablet for a child and wants to restrict access to adult content, limit app purchases, and set screen time limits. Which built-in Android feature should the technician configure?
Guest Mode
Google Family Link
Family Link is designed specifically for parental controls, offering content restrictions, purchase approvals, and usage limits.
Do Not Disturb
Developer Options
A technician is tasked with deploying 50 Android tablets for a field sales team. The tablets need to have a consistent set of apps, settings, and security policies. The technician wants to avoid manually configuring each device. Which Android feature should the technician use?
Samsung DeX
Google Backup
Android Enterprise (Zero-Touch Enrollment)
Android Enterprise allows IT to enroll devices automatically via QR code or NFC, apply policies, and install apps remotely through an MDM.
Developer Options > OEM Unlocking
A technician is configuring an Android phone for a user who frequently travels internationally. The user wants to ensure that data roaming is disabled to avoid high charges, but still wants to receive calls and texts while abroad. Which setting should the technician configure?
Enable Airplane Mode and turn on Wi-Fi.
Disable Mobile Data entirely.
Turn off Data Roaming in the mobile network settings.
Data Roaming specifically controls cellular data while roaming; turning it off prevents data charges while voice and SMS still work.
Set the network mode to 2G only.
A customer reports that their Android phone's screen is unresponsive to touch after a drop. They can still hear notifications and see the display. Which built-in tool should you use to test the touchscreen functionality without relying on third-party apps?
Safe Mode
Developer Options
Diagnostics Mode (e.g., *#0*#)
Many Android devices have a hidden diagnostics menu (e.g., *#0*#) that includes touchscreen, display, and sensor tests, ideal for verifying hardware issues.
Factory Reset
Want more Mobile OS Features and Tools practice?
Practice this domainA small business wants to migrate its on-premises file server to the cloud to reduce hardware maintenance costs. They need low-latency access for local employees and want to avoid egress fees for large data transfers. Which cloud deployment model best meets these requirements?
Public cloud
Private cloud
Hybrid cloud
Hybrid cloud allows the business to keep frequently accessed data on-premises (private) for low latency and use public cloud for backup and scalability, reducing egress fees.
Community cloud
A company uses a cloud-based SaaS application for customer relationship management (CRM). Several employees report that they cannot access the CRM this morning, but internet connectivity is working. The IT support team checks the cloud provider's status page and finds no reported outages. What should the technician check next?
Verify that the DNS server is resolving the CRM URL correctly.
Check if the users' accounts have expired or if passwords need to be reset.
Expired passwords or locked accounts are common reasons for individual access failures to SaaS applications.
Reboot the company's firewall to clear any temporary blocks.
Reinstall the CRM application on the affected workstations.
A technician is tasked with deploying a virtual machine for a new employee. The VM will run a Linux distribution and needs to be isolated from the corporate network but still have internet access for updates. Which network configuration should the technician choose for the VM?
Bridged networking
NAT (Network Address Translation)
NAT provides internet access through the host while keeping the VM isolated from the corporate network.
Host-only networking
Internal networking
A user reports that their virtual machine running on a Type 2 hypervisor is extremely slow, especially during disk operations. The host machine has 16 GB of RAM and an SSD, but the VM is configured with 2 GB of RAM and a 100 GB dynamically expanding virtual hard disk. What is the most likely cause of the performance issue?
The VM has insufficient RAM allocated.
The host is running out of physical memory.
The virtual hard disk type is dynamically expanding.
Dynamically expanding disks grow on demand, causing fragmentation and slower I/O compared to fixed-size disks.
The VM is using an older version of the virtualization software.
A technician is configuring a cloud-based backup solution for a company's critical data. The company wants to ensure that if the primary cloud provider experiences an outage, the data remains accessible from another provider. Which concept should the technician implement?
High availability
Cloud federation
Cloud federation enables interoperability between different cloud providers, allowing data to be replicated and accessed across them.
Load balancing
Disaster recovery plan
A technician needs to create a virtual machine that will host a legacy application requiring Windows XP. The host runs Windows 11. After creating the VM and installing Windows XP, the technician notices that the mouse cursor is lagging and the screen resolution is stuck at 800x600. What should the technician do to resolve this?
Increase the amount of RAM allocated to the VM.
Install the guest additions for the VM.
Guest additions install drivers that enable higher resolutions and smooth mouse integration.
Update the host operating system to the latest version.
Change the VM's network adapter from NAT to bridged.
Want more Virtualization and Cloud Technologies practice?
Practice this domainA customer reports that their laptop was stolen from their desk over the weekend. The laptop contained sensitive client data. Which physical security control should have been implemented to prevent this theft?
Biometric authentication
Cable lock
A cable lock physically secures the laptop to a desk, making theft much more difficult and time-consuming.
Full disk encryption
Smart card reader
During a security audit, you find that a company's server room door is propped open with a trash can to allow airflow. What is the most immediate physical security risk in this scenario?
Increased dust entering the server room
Fire suppression system may not work
Unauthorized personnel can enter the server room
An unsecured door allows anyone to walk in, defeating the purpose of access controls and posing a serious security threat.
The door closer will wear out faster
A company's server room has a door with a proximity card reader. Employees report that the door sometimes does not close fully, allowing it to be pushed open without a card. What is the best solution?
Replace the proximity card reader with a biometric reader
Install a door closer mechanism
A door closer automatically pulls the door shut and ensures it latches, preventing unauthorized entry through an unsecured door.
Add a security camera to monitor the door
Increase the frequency of badge audits
A company is designing a secure entry for a high-security lab. They need to ensure that only one person can enter at a time and that the person must be authenticated before the second door opens. Which physical security control should be used?
Turnstile with biometric reader
Security guard with logbook
Mantrap with smart card and biometric authentication
A mantrap uses two doors; the first door locks after entry, and the second door only unlocks after successful authentication, ensuring single-person access.
Cipher lock with door alarm
A technician is configuring a new server rack in a shared office space. Which physical security measure should be applied to prevent unauthorized physical access to the servers?
Install a door alarm on the office entrance
Use rack-mount locks on each server chassis
Rack-mount locks physically prevent the server from being slid out or tampered with, directly securing the hardware.
Enable BitLocker on all server drives
Configure a strong BIOS password
A technician is troubleshooting why a smart card reader at a secure entrance fails intermittently. Users can sometimes enter, but other times the reader does not respond. What should the technician check first?
Update the smart card reader firmware
Replace the smart cards for all users
Check the cabling and connections to the reader
Intermittent connectivity often points to loose or damaged cables; verifying physical connections is a quick and effective first step.
Reconfigure the access control software
Want more Physical Security Controls practice?
Practice this domainA technician is setting up a new wireless network for a small office. They want to ensure that only company-issued devices can connect, and that data transmitted over the air is encrypted. Which combination of settings should they use?
WPA2 with TKIP encryption and SSID broadcast disabled.
WPA3 with AES encryption and MAC address filtering.
WPA3 with AES provides strong encryption, and MAC filtering restricts access to approved devices.
WEP with 128-bit key and a strong password.
Open network with a captive portal requiring employee login.
A company's security policy mandates that all remote access connections must be authenticated using two different factors. A technician is configuring VPN access for teleworkers. Which combination meets this requirement?
Username and password only.
Smart card and PIN.
Smart card is something you have, PIN is something you know; two different factors.
Biometric fingerprint and a PIN.
Two different passwords.
A user calls the help desk saying they cannot access a shared folder on the network. They can access other shares on the same server. The technician verifies the user's account is active and the folder exists. What should the technician check next to resolve the access issue?
Check if the user's password has expired.
Verify the user has been added to the local Administrators group.
Review the NTFS permissions on the shared folder.
NTFS permissions can deny access to specific users even if share permissions allow it, explaining the isolated issue.
Reboot the file server to clear any cached permissions.
A technician is configuring a new employee's laptop and needs to ensure that only approved applications can run. The company wants to prevent users from installing unauthorized software. Which security control should be implemented?
Enable Windows Defender real-time protection.
Set the user account as a Standard User.
Configure an application whitelist using AppLocker.
AppLocker enforces a whitelist, allowing only specified applications to run, directly meeting the requirement.
Disable the Windows Store.
During a security audit, it is discovered that a former employee's user account is still active and has been used to log in remotely three times in the past month. Which logical security principle has been violated?
Separation of duties
Least privilege
The former employee no longer needs any access, so the account violates least privilege by still having permissions.
Defense in depth
Mandatory access control
An employee receives an email that appears to be from the CEO, asking them to urgently wire funds to a new vendor. The email address looks similar to the CEO's but has a slight typo. What type of social engineering attack is this?
Phishing
Whaling
Whaling is a targeted phishing attack against high-profile individuals like the CEO, often involving impersonation.
Spear phishing
Vishing
Want more Logical Security Concepts practice?
Practice this domainA company's IT policy requires that all wireless traffic be encrypted using the strongest available protocol. A technician is configuring a new access point that supports WPA3-SAE, WPA2-PSK with AES, and WPA2-PSK with TKIP. Which configuration meets the policy?
WPA2-PSK with TKIP.
WPA2-PSK with AES.
WPA3-SAE.
WPA3-SAE is the current strongest standard, offering improved security over WPA2.
A mixed mode of WPA2 and WPA3.
A technician is configuring a wireless network for a school that uses Chromebooks and iPads. The network must support fast roaming and prioritize security. The technician enables WPA2-Enterprise with 802.1X. What additional configuration is needed to ensure seamless roaming between access points?
Enable WPA3-SAE on all access points.
Configure all access points with the same SSID and passphrase.
Enable 802.11r (Fast Roaming) on the wireless controller.
802.11r reduces the time required for re-authentication during roaming.
Disable WPS on all access points.
A customer reports that their laptop frequently disconnects from the office Wi-Fi and reconnects after a few seconds. The network uses WPA2-PSK with AES encryption. The technician checks the router logs and sees repeated '4-way handshake timeout' errors. What is the most likely cause of this issue?
The laptop is using an outdated WEP encryption protocol.
The router's DHCP lease time is set too short.
The laptop is too far from the access point, causing intermittent signal loss.
Weak signal can cause the 4-way handshake to time out, leading to disconnections.
The router is configured for WPA2-Enterprise instead of WPA2-PSK.
A user reports that their smartphone cannot connect to the office Wi-Fi, but other devices can. The network uses WPA2-Enterprise with PEAP-MSCHAPv2. The technician checks the phone's settings and sees that it is configured for WPA2-PSK. What is the most likely reason for the connection failure?
The phone's Wi-Fi antenna is damaged.
The phone is using the wrong security protocol.
WPA2-PSK uses a shared key, while WPA2-Enterprise uses 802.1X authentication.
The router's SSID is hidden.
The phone's MAC address is filtered.
A security incident occurs where an attacker captures the 4-way handshake of a WPA2-PSK network and successfully cracks the passphrase offline. The technician is tasked with preventing this type of attack in the future. Which protocol should the technician implement?
WPA2-PSK with a longer passphrase.
WPA3-SAE.
WPA3-SAE uses SAE, which is resistant to offline dictionary attacks, even if the handshake is captured.
WPA2-Enterprise with PEAP-MSCHAPv2.
WPA2-PSK with TKIP.
A technician is setting up a wireless network for a home office. The client is concerned about neighbors accessing their internet. The technician enables WPA2-PSK with a strong passphrase. Which additional step should the technician take to ensure the network is as secure as possible?
Enable WPS for easy device pairing.
Disable SSID broadcast.
Disable WPS on the router.
WPS is a common attack vector; disabling it forces attackers to crack the passphrase directly.
Enable MAC address filtering.
Want more Wireless Security Protocols practice?
Practice this domainDuring a routine security audit, a technician discovers that a user's workstation has a program that records keystrokes and periodically sends the data to an external server. The user denies installing any software recently. Which type of malware is this?
Trojan horse
Worm
Keylogger
A keylogger specifically records keystrokes and sends them to an attacker, exactly as described.
Ransomware
A technician is investigating a security incident where multiple workstations on the same network are showing signs of infection: slow performance, unusual network traffic, and the presence of a file named 'svch0st.exe' in the Startup folder. The technician suspects a worm that spreads through network shares. What is the most effective containment strategy?
Run a full antivirus scan on all workstations simultaneously.
Disable network shares and isolate infected workstations from the network.
This stops the worm from spreading via file shares and prevents further infection.
Update the antivirus definitions on one workstation and scan it.
Reboot all workstations into Safe Mode with Networking.
A technician is tasked with removing a persistent malware infection that survives reboots and re-infects the system even after a full antivirus scan in Safe Mode. The malware appears to hide in the Master Boot Record (MBR). Which removal method should the technician use?
Run a system file checker (sfc /scannow) from within Windows.
Use the Windows Recovery Environment to run bootrec /fixmbr.
This command rewrites the MBR, removing the malware that resides there.
Perform a clean installation of Windows without formatting the drive.
Disable System Restore and delete all restore points.
A small business owner calls for support because all of their files on the server have been renamed with a .encrypted extension, and a text file named 'README_TO_DECRYPT.txt' appears on the desktop demanding a Bitcoin payment. What is the first step the technician should take?
Pay the ransom to get the decryption key immediately.
Disconnect the server from the network.
Disconnecting the server stops the ransomware from encrypting additional files and spreading to other systems.
Run a full antivirus scan on the server.
Restore files from a recent backup immediately.
A technician is dealing with a zero-day malware infection that has evaded all signature-based antivirus scans. The malware is polymorphic, changing its code each time it infects a new system. Which approach is most likely to detect and remove this type of malware?
Update the antivirus to the latest signature definitions and run a full scan.
Use a bootable antivirus rescue disk to scan the system before the OS loads.
Employ a heuristic-based or behavior-based malware removal tool.
Heuristic tools analyze behavior and code patterns, allowing them to detect polymorphic malware that changes its signature.
Reinstall the operating system from a known-good backup.
A user reports that their computer is infected with a virus and they have been trying to remove it using a free online scanner, but the problem persists. The technician suspects the malware may have disabled the antivirus software. Which safe mode should the technician use to run a full system scan?
Safe Mode
Safe Mode with Command Prompt
Safe Mode with Networking
This mode provides network access, allowing the technician to download updated tools while keeping malware disabled.
Last Known Good Configuration
Want more Malware Types and Removal practice?
Practice this domainAn employee finds a USB drive labeled 'Employee Salary Info Q4' in the parking lot. Out of curiosity, they plug it into their work computer to see the contents. What type of social engineering attack is this an example of?
Phishing
Tailgating
Baiting
Baiting exploits human curiosity or greed by offering something desirable. The USB drive with a tempting label is a classic baiting technique.
Pretexting
A new employee receives an email that appears to be from the company's HR department, asking them to click a link to verify their direct deposit information for payroll. The email contains the company logo and looks professional. What is the most likely social engineering attack?
Whaling
Phishing
Phishing is a broad category of attacks that use deceptive emails to trick recipients into revealing sensitive information or clicking malicious links. This scenario is a classic phishing attempt.
Vishing
Shoulder surfing
A user calls the help desk, frantic because their banking app shows an unauthorized transfer of $500. They say they received a call earlier from 'bank security' asking them to install a remote access tool to 'verify their account'. What type of social engineering attack did the user fall victim to?
Phishing
Vishing
Vishing (voice phishing) uses phone calls to impersonate legitimate organizations and trick victims into revealing sensitive information or installing malware. This scenario perfectly matches that description.
Smishing
Shoulder surfing
A technician is troubleshooting a user's slow computer. The user mentions they received a call from 'Windows Support' saying their computer had a virus. The user gave the caller remote access to 'fix' it. Now, the computer is running slower and has strange pop-ups. What is the most likely consequence of this social engineering attack?
The computer is now part of a botnet used for DDoS attacks.
The attacker installed a keylogger to steal credentials and sensitive data.
A keylogger is a common payload in tech support scams. The attacker can capture passwords, banking info, and other sensitive data, leading to identity theft or financial loss.
The computer's BIOS has been corrupted.
The hard drive has been physically damaged.
A user reports receiving an email that appears to be from their CEO, urgently requesting that they purchase $500 in gift cards and reply with the codes. The email address looks slightly off (e.g., ceo@cornpany.com instead of ceo@company.com). What type of social engineering attack is this?
Spear phishing
Vishing
Whaling
Whaling is a phishing attack that targets senior executives (or impersonates them) to steal sensitive data or money. The email impersonating the CEO is a textbook example.
Tailgating
A technician receives an email from what appears to be the company's CEO, asking for a list of all employee passwords for a 'security audit'. The email address is correct, but the tone and request are unusual. The technician suspects a social engineering attack. What is the best course of action?
Reply to the email asking for more details to confirm the request.
Forward the email to the security team and do not respond.
The correct action is to report the suspicious email to the security team for investigation and not engage with the potential attacker. This follows proper incident response protocols.
Provide the list as requested, since the CEO has authority.
Call the CEO immediately to verify the request.
Want more Social Engineering Attacks practice?
Practice this domainAfter a security incident, a forensic analyst needs to review the event logs on a Windows 10 system to determine when a specific user account was created. The logs are intact. Which Windows security setting must be enabled to ensure that account creation events are recorded?
Enable 'Audit Logon Events' in Local Security Policy.
Enable 'Audit Account Management' in Advanced Audit Policy.
This setting specifically logs account creation, modification, and deletion events.
Turn on 'File and Printer Sharing' in Network and Sharing Center.
Configure Windows Defender to scan for new accounts.
A technician is configuring a Windows 10 kiosk machine that will run a single web application in full-screen mode. The machine must not allow users to access the desktop, taskbar, or other apps. Which Windows security feature should be used to accomplish this?
Local Group Policy to hide the taskbar.
User Account Control set to 'Always notify.'
Windows Defender Application Guard
Assigned Access (Kiosk Mode)
This feature locks the device to a single app, providing the required security and restriction.
During a security audit, you discover that a Windows 10 workstation has a weak local administrator password. The company policy requires all local admin passwords to be at least 12 characters with complexity. Which tool can enforce this policy for all future password changes on that workstation?
Local Users and Groups (lusrmgr.msc)
Local Security Policy (secpol.msc)
This tool provides granular control over security policies, including password requirements.
Registry Editor (regedit)
Windows Defender Firewall with Advanced Security
A small business owner wants to prevent employees from changing system time, installing printers, and modifying power settings on their Windows 10 workstations. They do not want to remove local admin rights entirely. Which Windows security tool should be used to apply these restrictions?
Windows Defender Security Center
Local Users and Groups (lusrmgr.msc)
Local Group Policy Editor (gpedit.msc)
Group Policy can enforce specific restrictions on user actions without removing admin rights.
Registry Editor (regedit)
A company uses AppLocker to control which applications can run on Windows 10 workstations. A user needs to run a portable application from a USB drive for a presentation, but it is blocked by AppLocker. The user has local admin rights. What is the best way to allow this specific application while maintaining security?
Temporarily disable AppLocker service.
Add the user to the 'Power Users' group.
Create a new AppLocker path rule for the USB drive.
This allows the specific app while keeping other restrictions in place.
Run the application as Administrator.
A user reports that their Windows 10 laptop shows a blue screen with an error message about 'Driver IRQL not less or equal' after connecting a new external hard drive. They need to use the drive for work. Which security setting should you check to ensure driver installation is not blocked?
Check if Secure Boot is enabled in UEFI.
Verify that User Account Control is set to 'Notify me only when apps try to make changes.'
Disable Driver Signature Enforcement temporarily.
This allows unsigned drivers to load, which can resolve the blue screen if the driver is the cause.
Run Windows Update to find a signed driver.
Want more Windows Security Settings practice?
Practice this domainA technician is troubleshooting a Windows 10 computer where the user cannot install a legitimate browser extension because the browser displays a warning that extensions from this source are not allowed. What setting is likely blocking the installation?
The browser is in private browsing mode.
The computer is running Windows 10 in S mode.
S mode only allows apps from the Microsoft Store, which can prevent installation of extensions from outside the store.
The user account does not have administrator privileges.
The browser's security level is set to high.
A company policy requires that all web traffic from employee computers be filtered to block known malicious sites. You need to implement this without installing client software on each machine. Which approach should you use?
Configure each browser's proxy settings to use a filtering proxy server.
Enable Windows Defender SmartScreen on each computer via Group Policy.
Implement a DNS-based content filtering service on the network's DNS server.
DNS filtering blocks requests to malicious domains at the network level, affecting all devices without client software.
Install a third-party browser extension on all browsers to block malicious sites.
A user receives an email with a link that appears to be from their bank, asking them to verify their account. The link leads to a page that looks exactly like the bank's login page. What type of attack is this?
A man-in-the-middle attack.
A phishing attack.
Phishing uses social engineering to trick users into revealing sensitive information on fraudulent sites.
A ransomware attack.
A cross-site scripting (XSS) attack.
During a security incident response, you discover that a user's browser has a rogue extension that exfiltrates data to a remote server. The extension was installed after the user clicked a fake update prompt on a website. What vulnerability was exploited?
A zero-day vulnerability in the browser.
An insecure direct object reference (IDOR) vulnerability.
Social engineering.
The user was manipulated into installing the extension by a deceptive prompt, which is a classic social engineering technique.
A cross-site request forgery (CSRF) attack.
A user reports that their web browser frequently redirects to an unfamiliar search engine and displays pop-up ads even when no tabs are open. What is the most likely cause of this behavior?
The browser needs to be updated to the latest version.
The user has accidentally enabled a malicious browser extension.
A malicious extension can hijack browser settings, redirect searches, and inject ads. This is a common vector for browser hijackers.
The internet connection is unstable and causing DNS errors.
The browser cache is full and needs to be cleared.
During a security audit, you find that a user's browser has an outdated version of Adobe Flash Player installed. What is the primary security risk associated with this finding?
The browser will run slower and may crash frequently.
The user will be unable to view some web content.
Attackers can exploit known vulnerabilities in the plugin to install malware.
Outdated plugins have unpatched security holes that attackers frequently target to compromise systems.
The browser will automatically disable the plugin.
Want more Browser and Application Security practice?
Practice this domainA small business is retiring 20 old desktop PCs that contain sensitive customer data. The IT manager wants to ensure the data is unrecoverable before donating the computers to a local school. Which method should be used?
Perform a standard format of each hard drive.
Use a degausser on each hard drive.
Degaussing uses a powerful magnetic field to scramble the magnetic domains on the platters, rendering data permanently unrecoverable.
Delete all files and empty the Recycle Bin.
Run a quick disk cleanup utility.
A technician is decommissioning a server that contained encrypted patient health records. The organization's policy requires data to be destroyed beyond recovery, but the server must be returned to the leasing company. Which method should the technician use?
Perform a full format of all drives.
Use a degausser on the entire server chassis.
Remove the hard drives and physically shred them, then return the server without drives.
Physical destruction of the drives ensures data is unrecoverable, and returning the server without drives complies with the leasing agreement.
Run a disk cleanup and delete all files.
A customer reports that their old laptop, which they sold online, still contains personal files that the new owner accessed. The customer had only performed a 'Reset this PC' with the 'Remove everything' option. What should the technician recommend to prevent this in the future?
Perform a factory reset from the recovery partition.
Use a third-party data wiping tool that overwrites the drive multiple times.
A wiping tool overwrites all sectors with patterns multiple times, making data recovery infeasible.
Remove the hard drive and physically destroy it.
Change the user password before selling.
An organization is moving to a cloud-based system and needs to dispose of several tape backup cartridges that contain years of financial data. The tapes are LTO-5 and are still readable. Which destruction method is most appropriate?
Overwrite the tapes with a bulk eraser or degausser.
A degausser designed for tape will destroy the magnetic data, making recovery impossible, and is a standard method for tape disposal.
Perform a quick format of the tapes using a tape drive.
Reuse the tapes for non-sensitive data after deleting the files.
Burn the tapes in an industrial incinerator.
A customer brings in a laptop that they want to recycle, but they are concerned about personal data. The laptop has a 256GB SSD and the customer wants to keep the laptop functional for resale. Which method should the technician recommend?
Remove the SSD and physically destroy it, then sell the laptop without a drive.
Use a degausser on the SSD.
Perform a standard format and reinstall Windows.
Use the 'Reset this PC' option with the 'Remove everything and clean the drive' setting.
This option performs a secure erase that overwrites all sectors, making data recovery difficult while keeping the laptop functional.
A company is migrating to new laptops and needs to dispose of 50 old hard drives securely. The drives contain proprietary software and client data. The IT manager wants a method that is both environmentally friendly and compliant with data protection laws. Which disposal method should be chosen?
Donate the drives to a local charity after wiping them with a free tool.
Use a certified e-waste recycler that offers secure destruction and recycling.
Certified recyclers follow standards for data destruction (e.g., shredding) and recycle materials, meeting both security and environmental goals.
Physically break the drives with a drill and dispose of them in the regular trash.
Perform a quick format and sell the drives online.
Want more Data Destruction and Disposal practice?
Practice this domainA user is trying to install a legacy application on Windows 10, but the installer fails with a message about 'incompatible version'. The application is known to work on Windows 7. Which compatibility settings should you try first to allow the installation to proceed?
Set the installer to run as an administrator.
Enable the 'Reduced color mode' compatibility setting.
Right-click the installer, go to Properties > Compatibility, and check 'Run this program in compatibility mode for: Windows 7'.
This setting makes Windows 10 report itself as Windows 7 to the application, which is the most direct fix for a version incompatibility error during installation.
Use the Program Compatibility Troubleshooter from the Control Panel.
A user in the accounting department cannot print to a network printer that other users can access. They are running Windows 10. When they try to print, they get a message: 'Windows cannot connect to the printer. Access is denied.' What is the most likely cause of this issue?
The printer driver is corrupt on the user's computer.
The network cable is unplugged from the user's computer.
The user does not have permission to use the printer.
The 'access denied' error directly points to a permissions issue; the print server or printer security settings need to be checked and the user granted access.
The printer is out of paper or toner.
A user's Windows 10 laptop is experiencing random restarts, especially under heavy load like gaming or video rendering. The Event Viewer shows multiple 'Kernel-Power 41' critical errors. The CPU temperature is normal, and the power supply is functioning. Which component is most likely causing the issue?
The RAM is faulty.
The graphics card is overheating.
The motherboard is failing.
A failing motherboard can cause unstable power delivery to components, leading to random restarts under load, which matches the Kernel-Power 41 errors and the symptom pattern.
The Windows installation is corrupt.
A company is migrating from Windows 10 to Windows 11 on 50 computers. After the upgrade, several users report that a critical line-of-business application no longer works. The application ran fine on Windows 10. You need to get it working without rolling back the entire OS. What is the most efficient solution?
Roll back all 50 computers to Windows 10 using the recovery partition.
Reinstall the application on each computer in Windows 10 compatibility mode.
Setting the application to run in Windows 10 compatibility mode often resolves compatibility issues without needing to revert the OS, making it the most efficient solution.
Enable Hyper-V on each computer and run the application in a Windows 10 virtual machine.
Use the Windows 11 'Reset this PC' feature to reinstall Windows 11 and then reinstall the application.
A customer complains that their Windows 11 desktop suddenly shows a blue screen with the error 'CRITICAL_PROCESS_DIED' every time they try to launch a specific video editing application. Other programs work fine. What is the most likely cause and the best first troubleshooting step?
Run a memory diagnostic to check for faulty RAM.
Update the graphics card driver.
Reinstall the video editing application.
Reinstalling the application replaces corrupted files that are specific to that program, which is the most direct solution for an app-specific crash.
Perform a system restore to a point before the issue started.
A user reports that their Windows 10 desktop is running very slowly, especially when opening multiple applications. They have 8 GB of RAM and a traditional hard drive. Task Manager shows that memory usage is consistently at 90% or higher. Which component is most likely the bottleneck and what is the best upgrade?
The CPU is the bottleneck; upgrade to a faster processor.
The hard drive is the bottleneck; upgrade to an SSD.
The RAM is the bottleneck; add more RAM.
High memory usage indicates the system needs more RAM; adding more will allow more applications to run without using slow virtual memory.
The graphics card is the bottleneck; upgrade to a dedicated GPU.
Want more Windows OS Troubleshooting practice?
Practice this domainA user calls the help desk saying they cannot log into their Windows 10 workstation because a message claims their files are encrypted and they must pay a ransom. What is the most effective remediation approach?
Pay the ransom to get the decryption key
Reboot into Safe Mode and run a malware scan
Disconnect from the network and restore files from a verified backup
This isolates the infection and recovers the data without paying, following best practices for ransomware remediation.
Run System Restore to a point before the attack
A company's security policy requires that all USB storage devices be blocked on company workstations to prevent data exfiltration. A manager needs to temporarily use a USB drive for a presentation. What is the best way to remediate this while maintaining security?
Disable the USB blocking Group Policy for the entire domain
Use a Group Policy to allow only the specific USB device by hardware ID, then remove the allowance after use
This maintains security by only allowing a known device, and you can revert the policy afterward.
Give the manager a company-approved USB drive and tell them to use it only once
Create a local admin account on the manager's workstation and disable the USB block locally
A small business owner wants to ensure that if a laptop is stolen, the data on the drive cannot be read. The laptop runs Windows 11 Pro. What is the most appropriate remediation?
Set a strong BIOS password
Enable BitLocker on the system drive
BitLocker encrypts the entire drive, rendering data inaccessible without the key, even if the drive is removed.
Install an antivirus with anti-theft features
Use a cloud backup service
A company has a policy that all workstations must automatically lock after 10 minutes of inactivity. A user complains that their computer does not lock automatically. Which setting should you check and remediate?
Check the power plan settings for sleep timeout
Verify that the screen saver is enabled and set to 'On resume, display logon screen' with a 10-minute wait
This setting locks the workstation after the specified inactivity period, meeting the policy.
Ensure Windows Update is fully installed
Disable the Fast Startup feature
During a security audit, you find that several employees have been using the same weak password for their domain accounts. Which remediation should you implement first?
Disable the user accounts and require a manager to re-enable them
Configure a password policy in Group Policy requiring complexity and minimum length
A Group Policy password policy enforces strong passwords domain-wide, preventing future weak passwords.
Send a company-wide email reminding users to choose strong passwords
Install a third-party password manager for all employees
A technician is configuring a new Windows 10 workstation for a remote employee who will handle sensitive customer data. Which security feature should be enabled to ensure that if the laptop is lost, the data remains protected?
Windows Defender Firewall
User Account Control (UAC)
BitLocker Drive Encryption
BitLocker encrypts the drive, making data unreadable without the key, ideal for lost or stolen devices.
Windows Hello for Business
Want more PC Security Issue Remediation practice?
Practice this domainA technician is investigating a security incident where a user's corporate email account was accessed from an unknown device. The user's iPhone shows no suspicious apps, and the password was recently changed. Which of the following is the MOST likely cause?
The user's iCloud account was compromised, and the email is synced via Exchange.
An OAuth token or app-specific password was stolen and used to access the account.
OAuth tokens or app-specific passwords can grant persistent access to email without needing the main password, making them a common vector for continued access.
The user's iPhone has a jailbreak that hides malicious apps.
The corporate email server has a backdoor account.
A user reports that their Android phone's battery drains rapidly after a recent app update. They have already tried restarting the device. Which of the following should a technician recommend FIRST to diagnose the issue?
Perform a factory reset.
Check battery usage in Settings to identify the app consuming the most power.
Battery usage statistics show which app or service is draining the battery, making this the logical first step in troubleshooting.
Replace the battery immediately.
Disable all background data.
A technician is configuring a kiosk mode on a company-owned Android tablet for customer use. After enabling the dedicated device management app, the tablet still allows users to exit the kiosk app by pressing the home button. Which setting did the technician MOST likely overlook?
The tablet's screen timeout setting.
The 'Lock task mode' or 'Pin app' feature.
Lock task mode (or app pinning) prevents users from leaving the designated app, which is essential for kiosk mode.
The tablet's Wi-Fi configuration.
The device's date and time settings.
A user reports that their Android phone's Bluetooth keeps disconnecting from their car's hands-free system. The technician has already cleared the Bluetooth cache and re-paired the devices. What should the technician do NEXT?
Perform a factory reset on the phone.
Update the car's infotainment system firmware.
Many car manufacturers release firmware updates to fix Bluetooth compatibility issues, making this a targeted solution.
Replace the phone's Bluetooth antenna.
Disable Bluetooth power saving mode on the phone.
A customer complains that their iPhone's Wi-Fi keeps disconnecting and reconnecting. They have already rebooted the phone and the router. Which of the following is the MOST likely cause?
The phone's SIM card is faulty.
The Wi-Fi network password was changed recently.
The phone's Wi-Fi profile is corrupted.
A corrupted Wi-Fi profile can cause intermittent disconnects; forgetting the network and reconnecting often fixes this.
The phone's operating system needs a full restore via iTunes.
A technician is configuring a company-issued iPhone for a new employee. After setting up the email account, the employee says they cannot receive emails, but they can send them. Which setting should the technician check first?
The outgoing mail server (SMTP) settings.
The incoming mail server (IMAP/POP3) settings.
Incorrect incoming server settings prevent the phone from retrieving emails, which matches the symptom.
The device's date and time settings.
The phone's VPN configuration.
Want more Mobile OS and App Troubleshooting practice?
Practice this domainA technician needs to dispose of several old CRT monitors from an office. What is the proper disposal method according to environmental safety regulations?
Place them in the regular dumpster for bulk trash pickup.
Take them to a certified e-waste recycling center.
Certified recyclers safely handle hazardous components and ensure compliance with environmental regulations.
Smash the glass and separate the components for metal recycling.
Donate them to a local school for reuse.
A technician is troubleshooting a server that repeatedly trips the circuit breaker in the data center. The server is plugged into a power strip that is also serving two other high-power devices. What is the most appropriate safety and troubleshooting step?
Replace the power strip with a higher-rated one and reset the breaker.
Move one of the other high-power devices to a different circuit and plug the server directly into a wall outlet on its own circuit.
This reduces the load on the original circuit and ensures the server has dedicated power, preventing overload.
Reset the breaker and use a UPS with a higher wattage rating.
Install a larger circuit breaker in the panel to handle the load.
During a printer toner replacement, a technician accidentally spills toner powder on the carpet. What is the correct procedure for cleaning up the spill?
Use a standard household vacuum cleaner to quickly remove the toner.
Wipe up the toner with a dry paper towel and dispose of it in the trash.
Use a toner-rated vacuum or a damp cloth to carefully collect the spill.
Toner-rated vacuums have HEPA filters to trap particles; a damp cloth prevents the powder from becoming airborne.
Pour water on the spill to dissolve the toner, then mop it up.
A technician is tasked with installing a new hard drive in a server rack. The rack is located in a cramped, dusty storage room with poor lighting. Which safety practice should the technician prioritize before beginning the installation?
Use a step stool to reach the server rack safely.
Wear a dust mask and use a flashlight to improve visibility.
A dust mask protects against respiratory irritation, and a flashlight ensures the technician can see clearly to avoid mistakes.
Remove the server from the rack and place it on the floor for easier access.
Disconnect all power cables in the rack to eliminate electrical hazards.
A technician is installing a new power supply in a desktop computer. After unplugging the system, what should the technician do before touching any internal components?
Wear a grounding strap and immediately open the case.
Press and hold the power button for 10 seconds to drain residual charge, then wear an ESD strap.
This discharges the capacitors and reduces shock risk; the ESD strap then prevents static damage.
Spray the interior with compressed air to remove dust before touching anything.
Remove the CMOS battery first to ensure no power remains.
A technician is replacing a damaged power supply in a desktop PC. After removing the old unit, the technician notices a large capacitor on the motherboard is bulging. What should the technician do to safely handle this situation?
Proceed with installing the new power supply and ignore the bulging capacitor.
Use a screwdriver to short the capacitor leads to discharge it.
Wear insulated gloves and carefully remove the motherboard for replacement.
Insulated gloves protect against shock, and replacing the motherboard removes the hazard entirely, which is the safest approach.
Apply electrical tape over the bulging capacitor to contain it.
Want more Safety Procedures and Compliance practice?
Practice this domainA client wants to upgrade their entire office of 50 computers and asks for advice on environmentally friendly disposal of the old units. Which approach best aligns with environmental best practices?
Donate the computers to a local school without wiping data.
Sell the computers to a scrap metal dealer.
Contract a certified e-waste recycling company to handle the disposal.
This is correct because certified recyclers follow regulations to safely dismantle and recycle components, minimizing pollution.
Have employees take the computers home for personal use.
A company's IT policy requires that all disposed hard drives be physically destroyed to prevent data breaches. Which method has the least environmental impact while ensuring data destruction?
Use a degausser to erase the drive and then recycle it.
Drill holes through the platters and then dispose of the drive in e-waste.
Shred the hard drive using an industrial shredder and then recycle the metal fragments.
This is correct because shredding ensures complete data destruction and the metal can be recycled, minimizing environmental impact.
Overwrite the drive with zeros multiple times and then donate it.
During a printer toner replacement, a technician accidentally spills toner powder on the carpet. What is the proper cleanup procedure?
Use a vacuum cleaner with a standard bag to suck up the toner.
Wipe the toner with a damp cloth using hot water.
Blot the toner with a cold, damp cloth and then use a HEPA-filter vacuum.
This is correct because cold water prevents melting, and a HEPA vacuum traps fine particles, ensuring safe and effective cleanup.
Sweep the toner into a dustpan and dispose of it in the trash.
A technician is decommissioning a server room and finds several old cathode ray tube (CRT) monitors that still work. The company wants to dispose of them responsibly. What should the technician do?
Sell the monitors to a local thrift store for reuse.
Break the glass tubes to reduce volume and then place them in a dumpster.
Contact a certified CRT recycler for pickup and recycling.
This is correct because certified recyclers have the equipment to safely extract lead and other materials, complying with environmental laws.
Donate the monitors to a school art department for projects.
A customer reports that their laptop battery drains quickly and the device gets very hot. They want to know the safest way to dispose of the old battery after replacement. What should you advise?
Throw the battery in the regular trash bin.
Take the battery to a certified e-waste recycling center.
This is correct because certified recyclers properly handle hazardous materials, reducing environmental impact and complying with regulations.
Burn the battery in an open area to neutralize it.
Store the battery in a metal container until it stops holding a charge.
A customer complains that their computer emits a strong chemical smell and is unusually hot. After inspection, you find the power supply is failing and leaking a brown, oily substance. How should you handle the power supply disposal?
Place the power supply in a standard trash bag and throw it in the dumpster.
Put the power supply in an anti-static bag, seal it, and label it as hazardous e-waste.
This is correct because the anti-static bag prevents further leakage, and labeling ensures it is handled appropriately by recycling facilities.
Clean the power supply with isopropyl alcohol and then recycle it normally.
Disassemble the power supply to remove the leaking capacitor and then dispose of the rest.
Want more Environmental Awareness and Impact practice?
Practice this domainA technician is deploying a new application to 20 sales laptops. The change management plan requires a pilot test on 2 laptops before full deployment. After testing, the technician finds the application works but conflicts with the VPN client. What should the technician do?
Deploy the application to all laptops and disable the VPN client on each.
Document the conflict and submit a revised change request with a resolution plan.
Proper change management requires documenting the issue and seeking approval for a revised plan before proceeding.
Continue with the deployment and note the conflict in the change log.
Uninstall the VPN client from all laptops and reinstall after the deployment.
A help desk technician receives a complaint that a shared network printer is no longer accessible after a scheduled firmware update was applied to the print server last night. The change was documented but no rollback plan was included. What should the technician do first?
Reboot the print server to clear any temporary errors.
Restore the print server to its previous firmware version.
Restoring the previous firmware is the most direct way to reverse the change, even though the rollback plan was missing; it should be done following proper change control.
Submit a new change request to update the firmware again.
Disable the printer in Active Directory and re-add it.
A technician is performing a routine software update on a finance department server. The change management documentation specifies that the update must be applied during a maintenance window from 2:00 AM to 4:00 AM. At 3:30 AM, the update fails with an error. The technician has no rollback plan documented. What should the technician do?
Attempt to roll back the update using the server’s built-in recovery options.
Leave the server in its current state and escalate the issue to the change manager.
Escalating ensures that the change manager can coordinate a proper response, possibly involving the CAB, and document the failure for future improvements.
Continue troubleshooting until the maintenance window ends, then document the failure.
Reboot the server to clear the error and retry the update.
A technician is configuring a new server and follows a documented standard operating procedure (SOP). After completion, the technician realizes the SOP is outdated and omits a critical security setting. What should the technician do?
Apply the missing setting and update the SOP to include it.
Applying the missing setting corrects the security issue, and updating the SOP ensures the documentation is accurate for future use.
Ignore the missing setting since the SOP was followed.
Submit a change request to update the SOP without applying the setting.
Revert the server configuration and wait for an updated SOP.
A change advisory board (CAB) approves a network switch replacement, but the technician discovers during implementation that the new switch requires a different firmware version than documented. The change plan does not include a rollback for this scenario. What is the best course of action?
Proceed with the firmware update and document the change afterward.
Stop the implementation and contact the CAB for a revised change plan.
Halting and consulting the CAB ensures the change is properly authorized and the plan is updated to include the firmware change and rollback.
Use the old switch firmware on the new switch to match the documentation.
Implement the switch and create a separate change request for the firmware.
A security incident occurs when an unauthorized user gains access to a server because a technician left a default password unchanged after a system rebuild. The rebuild was documented, but the password change was not. What documentation failure does this highlight?
The change log did not include a rollback plan.
The change log did not list the specific configuration changes made.
The rebuild documentation should have included all configuration changes, such as password updates, to ensure security and accountability.
The change request was not approved by the change advisory board.
The technician did not perform a post-implementation review.
Want more Documentation and Change Management practice?
Practice this domainA small business owner wants to allow a remote employee to access their office desktop from home, but is concerned about security. They currently have a standard router with a public IP. Which of the following is the most secure method to enable this access?
Enable port forwarding on the router for TCP 3389 to the desktop's IP address.
Configure a VPN server on the office network and have the employee connect via VPN before using RDP.
A VPN encrypts all traffic and requires authentication, adding a layer of security before RDP access is permitted.
Use a third-party remote desktop service like TeamViewer without additional configuration.
Change the RDP port to a non-standard port number and enable port forwarding.
A technician is setting up remote access for a salesperson who frequently works from coffee shops. The company uses a VPN with two-factor authentication (2FA). The salesperson reports that after entering their username and password, they receive a prompt for a code but do not have their token. What should the technician do to resolve this?
Disable two-factor authentication for the user's account temporarily.
Provide the user with a one-time bypass code from the administrator console.
Most 2FA systems allow administrators to generate temporary codes for users who have lost their token, maintaining security while granting access.
Instruct the user to reset their password and try again.
Ask the user to connect from a different network location.
A company is implementing a remote access solution for employees using personal smartphones. They need to ensure that corporate email and documents are accessible but that no corporate data remains on the device if it is lost or wiped. Which technology should they use?
Virtual Private Network (VPN) with split tunneling.
Remote Desktop Protocol (RDP) to a virtual desktop.
Mobile Device Management (MDM) with a containerized work profile.
MDM enables IT to manage corporate data separately, enforce policies, and perform selective wipes, ensuring no corporate data remains on a lost device.
Third-party remote access software like LogMeIn.
A user is traveling and needs to access a file on their office computer. They have a dynamic IP address at the hotel. Which remote access technology should the technician recommend for a secure connection?
Configure a direct RDP connection using the user's home IP address.
Set up a Virtual Private Network (VPN) client on the user's laptop to connect to the office network.
A VPN client works with any internet connection, regardless of IP address, and provides encrypted access to the office network.
Use a remote desktop gateway that requires a static IP on the user's end.
Email the file to the user as an attachment.
During a remote troubleshooting session, a technician uses a tool that allows them to view the user's screen and control the mouse and keyboard. The user reports that the session is extremely laggy, with noticeable delay between the technician's actions and the screen update. Which of the following is the most likely cause of this lag?
The remote desktop software is using an outdated encryption protocol.
The user's computer has insufficient RAM to handle remote desktop sessions.
The network connection between the technician and the user has high latency or low bandwidth.
Remote desktop traffic is sensitive to latency. High latency causes noticeable delay between input and screen updates, while low bandwidth causes choppy video.
The technician's computer is running a different operating system than the user's.
A security audit reveals that a company's remote access solution uses a VPN with pre-shared keys (PSK) for authentication. The auditor recommends upgrading to certificate-based authentication. Which of the following is the primary security advantage of certificate-based authentication over PSK?
Certificates are easier to configure and manage than PSK.
Certificates provide mutual authentication and are unique per device, reducing the risk of a single compromised key affecting all users.
Each certificate is unique and can be revoked individually. If a device is lost, only that certificate needs to be revoked, unlike PSK where the shared key must be changed for everyone.
Certificates eliminate the need for a VPN server.
Certificates are faster than PSK for establishing VPN connections.
Want more Remote Access Technologies practice?
Practice this domainA user reports that a VBScript logon script that maps network drives stopped working after a Windows update. The script uses the MapNetworkDrive method. Other scripts on the same computer work fine. What is the most likely cause?
The script file was deleted by Windows Defender.
The update changed the default script host to PowerShell.
The update disabled VBScript execution for security reasons.
Microsoft has been disabling VBScript by default in some updates to improve security.
The network share requires SMB 2.0, which is no longer supported.
A technician needs to deploy a script to 100 Windows 10 computers that will change the local administrator password. The script must run with elevated privileges and not leave the password visible in the script file. Which approach is most secure?
Store the password in a plain text file and have the script read it.
Use Group Policy Preferences to set the local administrator password.
Group Policy Preferences can set the password securely with encryption and no script exposure.
Embed the password in the script using a variable and run it from a hidden share.
Use a scheduled task that runs the script as SYSTEM.
A technician needs to deploy a configuration change to 50 Windows 10 computers using a script. The script must check if a specific registry key exists before modifying it. Which scripting construct should be used?
A for loop
A while loop
An if-else statement
An if-else statement allows the script to test for the registry key's existence and then act accordingly.
A try-catch block
A technician is writing a PowerShell script to check the last boot time of a remote computer. The script uses Get-CimInstance Win32_OperatingSystem. The script works locally but fails with an access denied error when targeting a remote machine. Both computers are domain-joined and the technician has admin rights. What is the most likely issue?
The remote computer does not have PowerShell installed.
The remote computer has Windows Firewall blocking WMI traffic.
WMI remote connections require specific firewall rules; if blocked, access is denied.
The script uses an incorrect namespace.
The technician is not a member of the Remote Management Users group.
A technician needs to write a script that runs a specific command only if a Windows service is running. If the service is stopped, the script should start it first. Which scripting method is most appropriate?
Use a for loop to iterate over all services.
Use an if-else statement to check the service status.
An if-else statement can evaluate the service state and execute different commands accordingly.
Use a switch statement with multiple conditions.
Use a try-catch block to handle errors if the command fails.
A user reports that a scheduled backup script on their Windows 10 workstation runs every day but fails to complete. The script uses PowerShell to copy files to a network share. When the user runs the script manually from an elevated PowerShell prompt, it works. What is the most likely cause of the failure?
The script file extension is .ps1 instead of .bat.
The scheduled task is not set to run with highest privileges.
If the script needs admin rights, the task must be configured to run with highest privileges; otherwise it fails.
The network share is mapped as a drive letter, which is not available during system startup.
PowerShell execution policy is set to Restricted for the SYSTEM account.
Want more Scripting Basics practice?
Practice this domainA technician is helping a remote user configure a VPN connection. The user is not very technical and is getting frustrated. The technician uses jargon like 'authentication protocol' and 'tunnel endpoint'. Which of the following is the BEST way to improve communication?
Continue using technical terms to educate the user.
Ask the user to share their screen so the technician can do it remotely.
Use simple analogies like 'a secure tunnel for your data' and guide them step by step.
This makes the concept accessible and reduces frustration.
Send the user a written guide and end the call.
A technician receives a complaint from a user that their email account was used to send spam. The user insists they did not send the emails. What is the MOST appropriate first step in handling this security incident professionally?
Tell the user they must have clicked on a phishing link and it's their fault.
Immediately reset the user's password and check the email logs for unauthorized access.
This secures the account and gathers evidence, following security best practices.
Ignore the complaint because spam is common.
Ask the user to change their password and not worry about it.
A technician is deploying 20 new laptops to a department. The manager asks the technician to install the software quickly, but the technician knows that a full deployment includes user training and data migration. Which action BEST demonstrates professional communication?
Agree to the manager's request and rush the installation to avoid conflict.
Explain the standard deployment process and offer a revised timeline that includes training.
This communicates the necessary steps and manages expectations professionally.
Install the software and let the users figure out the rest on their own.
Tell the manager that training is not part of the technician's job.
A customer calls to report that their laptop won't turn on. The technician suspects a dead battery. Which of the following responses demonstrates proper troubleshooting and professionalism?
Tell the customer to buy a new battery immediately.
Ask the customer to plug in the charger and see if any lights appear.
This is a logical first step to determine if the battery or power adapter is the issue.
Say that the motherboard is likely dead and needs replacement.
Tell the customer to bring the laptop to the shop without further questions.
A technician is assigned to install new accounting software on a user's computer. The user is a senior manager who is very busy. The technician arrives and the manager says, 'Just make it work, I don't have time for questions.' Which action is MOST professional?
Proceed with the installation without asking any questions to respect their time.
Explain that you need just two quick questions to avoid problems later, and keep it brief.
This balances respect for their time with the need for accurate setup.
Insist on a full meeting to discuss requirements.
Install the software and leave a note with questions for later.
A technician receives an angry email from a user claiming that the technician's previous fix made their computer worse. The technician knows the fix was correct. Which response is MOST professional?
Reply with a detailed technical explanation proving the fix was right.
Ignore the email to avoid an argument.
Apologize for the inconvenience and schedule a time to revisit the issue.
This de-escalates the situation and shows willingness to help, even if the original fix was correct.
Forward the email to the user's manager to complain about the user's tone.
Want more Communication and Professionalism practice?
Practice this domainThe 220-1202 exam has 90 questions and must be completed in 90 minutes. The passing score is 700/1000.
Multiple-choice and performance-based questions covering IT security, networking, and operations. Some questions are performance-based (PBQs), asking you to complete tasks in a simulated environment.
The exam covers 25 domains: Windows OS Features and Tools, Windows Settings and Control Panel, Windows Command-Line Tools, Windows Administrative Tools, macOS Features and Tools, Linux Commands and File Permissions, Mobile OS Features and Tools, Virtualization and Cloud Technologies, Physical Security Controls, Logical Security Concepts, Wireless Security Protocols, Malware Types and Removal, Social Engineering Attacks, Windows Security Settings, Browser and Application Security, Data Destruction and Disposal, Windows OS Troubleshooting, PC Security Issue Remediation, Mobile OS and App Troubleshooting, Safety Procedures and Compliance, Environmental Awareness and Impact, Documentation and Change Management, Remote Access Technologies, Scripting Basics, Communication and Professionalism. Questions are weighted by domain — higher-weight domains appear more on your actual exam.
No. These are original exam-style practice questions written against the official CompTIA 220-1202 exam objectives. They are not copied from the real exam. Courseiva focuses on genuine understanding, not memorisation of braindumps.
Courseiva tracks your accuracy per domain and routes you toward weak areas automatically. Free, no account required.