CompTIA A+ Core 2 220-1202 (220-1202) — Questions 175

750 questions total · 10pages · All types, answers revealed

Page 1 of 10

Page 2
1
MCQeasy

A user reports that their Windows 10 PC is running slowly and they suspect a background process is consuming too much memory. You need to identify the process and its memory usage without installing any additional tools. Which command-line tool should you use?

A.ipconfig
B.tasklist
C.chkdsk
D.sfc /scannow
AnswerB

tasklist lists all running processes and their memory usage, making it the correct tool for this scenario.

Why this answer

The tasklist command displays a list of running processes along with memory usage (in kilobytes) directly from the command prompt. It is a built-in Windows tool, so no extra software is needed. Other options either do not show process details or require additional tools.

2
MCQeasy

A company's IT policy requires that all wireless traffic be encrypted using the strongest available protocol. A technician is configuring a new access point that supports WPA3-SAE, WPA2-PSK with AES, and WPA2-PSK with TKIP. Which configuration meets the policy?

A.WPA2-PSK with TKIP.
B.WPA2-PSK with AES.
C.WPA3-SAE.
D.A mixed mode of WPA2 and WPA3.
AnswerC

WPA3-SAE is the current strongest standard, offering improved security over WPA2.

Why this answer

WPA3-SAE is the strongest available wireless security protocol, providing forward secrecy and stronger authentication than WPA2. It is the correct choice for maximum security.

3
MCQeasy

A user calls the help desk saying that after upgrading to macOS Ventura, the 'Documents' folder in the sidebar keeps disappearing after every reboot. They need it to stay visible. Which macOS feature or tool should you use to fix this?

A.System Settings > Desktop & Dock
B.Finder > Preferences > Sidebar
C.Terminal command 'defaults write com.apple.finder ShowSidebar -bool true'
D.Spotlight Preferences
AnswerB

This is exactly where users enable or disable folder visibility in the Finder sidebar.

Why this answer

The correct answer is Finder Preferences because sidebar visibility of folders is controlled there, not in System Settings or via Spotlight. This question tests knowledge of basic macOS UI customization, a common support task.

4
MCQmedium

During a software deployment, a technician needs to ensure that a company-issued Android device automatically connects to the corporate Wi-Fi network and disables the camera for security. Which mobile OS tool should be used to enforce these policies?

A.Use the Android Debug Bridge (ADB) to manually set Wi-Fi and camera permissions
B.Configure the device's built-in Guest Mode
C.Deploy a Mobile Device Management (MDM) profile
D.Install a third-party camera-blocking app from the Play Store
AnswerC

MDM enables remote configuration of Wi-Fi, restrictions, and security policies, making it the correct tool for this task.

Why this answer

Mobile Device Management (MDM) solutions allow administrators to push configuration profiles and restrictions, such as Wi-Fi settings and camera disablement. This is the standard enterprise tool for managing multiple devices centrally.

5
MCQeasy

A customer reports that their laptop was stolen from their desk over the weekend. The laptop contained sensitive client data. Which physical security control should have been implemented to prevent this theft?

A.Biometric authentication
B.Cable lock
C.Full disk encryption
D.Smart card reader
AnswerB

A cable lock physically secures the laptop to a desk, making theft much more difficult and time-consuming.

Why this answer

Cable locks are a simple and effective physical security control to prevent laptop theft by securing the device to a desk or fixed object. This scenario tests the understanding of basic physical deterrents against opportunistic theft in an office environment.

6
MCQeasy

A user needs to install a legacy application that requires administrator privileges to run, but they do not have local admin rights. You want to configure the application to always run with the highest privileges available without prompting for credentials. Which tool in Control Panel would you use to set this compatibility option?

A.System
B.Programs and Features
C.User Accounts
D.Administrative Tools
AnswerB

From Programs and Features, you can right-click an installed program and select 'Change' to access compatibility settings, including 'Run this program as an administrator'.

Why this answer

The Programs and Features applet provides access to the 'Change' option for installed programs, which includes compatibility settings. The 'Run this program as an administrator' option is found in the Compatibility tab of the program's properties, accessible from Programs and Features or directly from the shortcut.

7
MCQmedium

A user reports that a VBScript logon script that maps network drives stopped working after a Windows update. The script uses the MapNetworkDrive method. Other scripts on the same computer work fine. What is the most likely cause?

A.The script file was deleted by Windows Defender.
B.The update changed the default script host to PowerShell.
C.The update disabled VBScript execution for security reasons.
D.The network share requires SMB 2.0, which is no longer supported.
AnswerC

Microsoft has been disabling VBScript by default in some updates to improve security.

Why this answer

Option C is correct because recent Windows updates have tightened security around legacy scripting hosts, including cscript.exe and wscript.exe. Specifically, Microsoft has introduced a default behavior that blocks VBScript execution via the Windows Script Host unless explicitly allowed by Group Policy or registry settings. Since the user reports that only the VBScript logon script fails while other scripts work, the most likely cause is that the update disabled VBScript execution, not that the script was deleted or that the script host was changed to PowerShell.

Exam trap

The trap here is that candidates may assume a network or SMB protocol issue (Option D) because the script maps network drives, but the question explicitly states other scripts work, pointing to a scripting engine change rather than a network problem.

How to eliminate wrong answers

Option A is wrong because Windows Defender does not delete legitimate logon scripts; it quarantines detected malware, and the user reports other scripts work fine, indicating no system-wide deletion. Option B is wrong because Windows updates do not change the default script host from VBScript to PowerShell; the default host for .vbs files remains wscript.exe unless explicitly reconfigured, and PowerShell scripts use a different file extension (.ps1). Option D is wrong because SMB 2.0 is still supported in modern Windows versions; the issue is specific to VBScript execution, not network protocol compatibility.

8
MCQhard

A technician is tasked with disposing of a server that contains multiple SAS hard drives. The company's data destruction policy mandates that drives must be rendered unreadable by any means. Which combination of methods ensures compliance?

A.Perform a full format on each drive.
B.Use a degausser on each drive and then shred them.
C.Overwrite each drive with zeros using a software tool.
D.Remove the drives and store them in a locked cabinet.
AnswerB

Degaussing erases magnetic media, and shredding physically destroys the drives, ensuring no data recovery is possible.

Why this answer

For maximum security, physical destruction (shredding) is the most reliable method. Degaussing works for HDDs but not SSDs. Combining shredding with degaussing is redundant but ensures compliance.

The correct answer involves physical destruction, as it renders the media completely unusable and data unrecoverable.

9
MCQhard

A technician needs to deploy a script to 100 Windows 10 computers that will change the local administrator password. The script must run with elevated privileges and not leave the password visible in the script file. Which approach is most secure?

A.Store the password in a plain text file and have the script read it.
B.Use Group Policy Preferences to set the local administrator password.
C.Embed the password in the script using a variable and run it from a hidden share.
D.Use a scheduled task that runs the script as SYSTEM.
AnswerB

Group Policy Preferences can set the password securely with encryption and no script exposure.

Why this answer

Group Policy Preferences (GPP) allows administrators to configure local account passwords securely by encrypting the password in the policy XML file using a 32-byte AES key (though this key is publicly documented, it still provides obfuscation). When deployed via Group Policy, the password is applied with SYSTEM privileges automatically, eliminating the need for a script with embedded credentials or a separate scheduled task. This approach meets the requirements of elevated execution and password non-visibility in a script file.

Exam trap

CompTIA often tests the misconception that embedding a password in a script variable or using SYSTEM-level execution is sufficient for security, when in fact the password remains visible in the script file itself, which is the core vulnerability being assessed.

How to eliminate wrong answers

Option A is wrong because storing the password in a plain text file and having the script read it leaves the password fully visible and accessible to anyone who can read the file, violating the requirement to not leave the password visible. Option C is wrong because embedding the password in a script variable, even if run from a hidden share, still exposes the password in plain text within the script file itself, which can be viewed by anyone with access to the share or the script. Option D is wrong because using a scheduled task running as SYSTEM does not address the password visibility issue—the script would still need to contain or reference the password in plain text, or rely on an insecure storage method.

10
MCQhard

A security incident occurred on a Windows 10 workstation where an attacker gained administrative access and created several hidden user accounts. You need to ensure no unauthorized accounts exist and that the built-in Administrator account is disabled. Which two tools can you use from the command line to list all user accounts and check the status of the Administrator account?

A.Use 'net user' to list accounts and 'net user Administrator | findstr /i active' to check status.
B.Use 'whoami' to list current user and 'net localgroup Administrators' to see group members.
C.Use 'dir C:\Users' to list user profile folders and 'net accounts' to see password policies.
D.Use 'gpresult /R' to list applied policies and 'net start' to see running services.
AnswerA

Net user displays all local user accounts, and piping to findstr can filter for the account's active status.

Why this answer

The 'net user' command lists all local user accounts on a Windows system, which is necessary to identify hidden or unauthorized accounts. Piping 'net user Administrator' through 'findstr /i active' filters the output to show whether the built-in Administrator account is enabled or disabled, as the status line contains 'Active' or 'Account active' depending on the locale. This combination directly fulfills the requirement to list all accounts and check the Administrator account's status from the command line.

Exam trap

CompTIA often tests the distinction between listing all accounts versus showing only the current user or group membership, leading candidates to confuse 'whoami' or 'net localgroup' with account enumeration commands.

How to eliminate wrong answers

Option B is wrong because 'whoami' only displays the currently logged-in user, not a list of all accounts, and 'net localgroup Administrators' shows group membership, not the status of the Administrator account itself. Option C is wrong because 'dir C:\Users' lists user profile folders, which may not exist for hidden accounts or system accounts, and 'net accounts' displays password and lockout policies, not account status. Option D is wrong because 'gpresult /R' shows applied Group Policy settings, not user accounts, and 'net start' lists running services, which is irrelevant to account enumeration or status checking.

11
MCQhard

A security incident occurred where an employee's workstation was infected with ransomware. The IT manager wants to ensure that all future workstations have Controlled Folder Access enabled to protect critical data from unauthorized changes. Which Windows Security applet should be used to configure this?

A.Windows Security > Firewall & network protection
B.Windows Security > App & browser control
C.Windows Security > Device security
D.Windows Security > Virus & threat protection > Manage ransomware protection
AnswerD

This is the exact path to enable Controlled Folder Access and manage protected folders and allowed apps.

Why this answer

Controlled Folder Access is a feature of Windows Defender Exploit Guard, found in the Windows Security app under Virus & threat protection > Manage ransomware protection. It must be enabled and configured with protected folders and allowed apps.

12
MCQmedium

A user reports that their corporate laptop can connect to the guest Wi-Fi network but not to the internal corporate network. Both networks use WPA2-Enterprise with 802.1X. The laptop works fine on other corporate networks. What is the most likely issue?

A.The laptop's wireless card is faulty.
B.The corporate network's RADIUS certificate has expired or is untrusted.
C.The corporate network is using a different SSID than expected.
D.The laptop's Wi-Fi profile is configured for WPA2-Personal instead of Enterprise.
AnswerB

Correct. Expired or untrusted certificates cause 802.1X authentication to fail, while the guest network (likely PSK) works fine.

Why this answer

WPA2-Enterprise uses RADIUS for authentication. A common issue is that the laptop's certificate for the corporate network has expired or is not trusted by the specific RADIUS server. Guest networks often use simpler authentication like PSK, which bypasses certificate requirements.

13
MCQmedium

A user reports that their Windows 10 PC is running slowly and they suspect too many programs are starting automatically. They want to disable a few startup items without uninstalling them. Which tool should you use to manage these startup programs?

A.Services.msc
B.Task Manager > Startup tab
C.Control Panel > Programs and Features
D.Settings > Apps > Startup
AnswerB

Task Manager's Startup tab lists all startup programs and their impact, allowing you to disable them easily.

Why this answer

The Task Manager's Startup tab is the correct modern tool to enable or disable startup programs. It shows the impact of each program and allows changes that take effect after a reboot, without needing to uninstall anything.

14
MCQhard

A technician is investigating a security incident where a user's corporate email account was accessed from an unknown device. The user's iPhone shows no suspicious apps, and the password was recently changed. Which of the following is the MOST likely cause?

A.The user's iCloud account was compromised, and the email is synced via Exchange.
B.An OAuth token or app-specific password was stolen and used to access the account.
C.The user's iPhone has a jailbreak that hides malicious apps.
D.The corporate email server has a backdoor account.
AnswerB

OAuth tokens or app-specific passwords can grant persistent access to email without needing the main password, making them a common vector for continued access.

Why this answer

Option B is correct because OAuth tokens or app-specific passwords bypass the need for the primary password, allowing persistent access even after a password change. Since the user's iPhone shows no suspicious apps and the password was recently changed, a stolen token is the most plausible vector for unauthorized email access via Exchange ActiveSync or modern authentication.

Exam trap

CompTIA often tests the distinction between password-based attacks and token-based persistence, where candidates mistakenly assume that changing the password immediately revokes all access, ignoring OAuth tokens or app-specific passwords that remain valid.

How to eliminate wrong answers

Option A is wrong because iCloud compromise alone does not directly grant access to a corporate Exchange email account unless the email is configured via iCloud Mail or the iCloud Keychain stores the Exchange credentials; the scenario specifies the email is synced via Exchange, not iCloud. Option C is wrong because a jailbreak that hides malicious apps is unlikely to be the cause given the user's iPhone shows no suspicious apps, and jailbreak detection would typically flag such behavior; moreover, hidden apps would still leave traces in system logs or profiles. Option D is wrong because a backdoor account on the corporate email server would be a server-side vulnerability, not a client-side issue, and the question focuses on the user's device and account access; such a backdoor would not be tied to the user's specific password change.

15
MCQhard

A technician is troubleshooting a computer that has been infected with ransomware. The ransomware encrypted files and left a note demanding payment. After removing the malware, what is the most important step to prevent future infections?

A.Reinstall the operating system
B.Update all software to the latest versions
C.Implement a strict backup policy and educate users on phishing
D.Disable all browser plugins
AnswerC

Backups mitigate data loss, and user education reduces the likelihood of future infections.

Why this answer

Ransomware often enters via email attachments or malicious downloads. User education on safe browsing and email practices is critical to prevention. This tests understanding of the human factor in security and the limitations of technical controls alone.

16
MCQhard

A technician is writing a Python script to automate the installation of software on multiple Windows machines. The script needs to check if the software is already installed by looking for a specific registry key. If the key exists, the script should skip the installation. Which Python library and method should the technician use to read the registry?

A.Use the 'os' module with 'os.regread'
B.Use the 'subprocess' module to run 'reg query'
C.Use the 'winreg' module with 'OpenKey' and 'QueryValueEx'
D.Use the 'sys' module to access registry via system calls
AnswerC

The winreg module is designed for registry access and provides the necessary functions.

Why this answer

The `winreg` module is the standard Python library for accessing the Windows registry. `OpenKey` opens a specified registry key, and `QueryValueEx` retrieves the value data and type for a given value name. This allows the script to check for the software's registry key and conditionally skip installation if it exists.

Exam trap

CompTIA often tests the distinction between general-purpose modules (`os`, `sys`, `subprocess`) and platform-specific modules (`winreg`), trapping candidates who assume a generic module can handle registry access or who overlook the native Python library for Windows registry operations.

How to eliminate wrong answers

Option A is wrong because the `os` module does not have an `os.regread` function; it provides operating system interfaces like file and process management, not registry access. Option B is wrong because while `subprocess` can run `reg query`, it is an indirect, slower, and less reliable method that requires parsing command output, whereas `winreg` provides direct, native registry access. Option D is wrong because the `sys` module provides system-specific parameters and functions (e.g., `sys.path`, `sys.argv`), not registry access; it cannot be used to read the registry via system calls.

17
MCQhard

An employee finds a USB drive labeled 'Employee Bonuses Q4' in the parking lot and plugs it into their work computer to see the contents. The computer immediately begins exhibiting erratic behavior. Which social engineering attack was executed?

A.Phishing
B.Pretexting
C.Baiting
D.Tailgating
AnswerC

Baiting uses an enticing item (like a labeled USB drive) to trick a victim into introducing malware into a system.

Why this answer

This is a classic baiting attack using physical media. The attacker left a USB drive with an enticing label (bait) in a location where an employee would find it, hoping they would plug it in and execute malware.

18
MCQmedium

A small business wants to migrate its on-premises file server to the cloud to reduce hardware maintenance costs. They need low-latency access for local employees and want to avoid egress fees for large data transfers. Which cloud deployment model best meets these requirements?

A.Public cloud
B.Private cloud
C.Hybrid cloud
D.Community cloud
AnswerC

Hybrid cloud allows the business to keep frequently accessed data on-premises (private) for low latency and use public cloud for backup and scalability, reducing egress fees.

Why this answer

A hybrid cloud combines private and public cloud resources, allowing sensitive or frequently accessed data to remain on-premises (private cloud) while using public cloud for scalability and backup. This reduces latency for local users and minimizes egress fees for large data transfers. Public cloud alone would introduce latency and egress costs; community cloud is for shared organizations; private cloud alone doesn't leverage cloud scalability.

19
MCQeasy

A user is unable to print to a network printer after a Windows update. Other users on the same network can print successfully. Which Windows tool should you use to view detailed error messages related to the print spooler service?

A.Device Manager
B.Services.msc
C.Event Viewer
D.Performance Monitor
AnswerC

Event Viewer records print spooler errors and warnings, making it the correct tool for troubleshooting the cause of the failure.

Why this answer

Event Viewer (C) is the correct tool because it logs detailed error messages from the print spooler service (spoolsv.exe) under 'Windows Logs > System' or 'Applications and Services Logs > Microsoft > Windows > PrintService'. When a Windows update breaks printing for a single user, Event Viewer captures spooler errors such as access denied, driver conflicts, or RPC failures that are not shown in other tools.

Exam trap

The trap here is that candidates confuse Services.msc (which only manages service state) with Event Viewer (which provides the actual error logs), leading them to pick B when they need to view detailed error messages.

How to eliminate wrong answers

Option A is wrong because Device Manager is used to view and manage hardware devices and drivers, but it does not show runtime error logs or service-specific messages from the print spooler. Option B is wrong because Services.msc allows you to start, stop, or restart the print spooler service and view its status, but it does not display detailed error messages or event logs. Option D is wrong because Performance Monitor tracks system performance counters (e.g., CPU, memory, print queue length) over time, but it does not log or display error messages from the print spooler service.

20
MCQeasy

A user calls the help desk saying they cannot log into their Windows 10 workstation because a message claims their files are encrypted and they must pay a ransom. What is the most effective remediation approach?

A.Pay the ransom to get the decryption key
B.Reboot into Safe Mode and run a malware scan
C.Disconnect from the network and restore files from a verified backup
D.Run System Restore to a point before the attack
AnswerC

This isolates the infection and recovers the data without paying, following best practices for ransomware remediation.

Why this answer

Option C is correct because ransomware encrypts files with a key known only to the attacker, making decryption without the key impossible. Disconnecting from the network prevents the ransomware from spreading to other systems, and restoring from a verified backup is the only reliable way to recover the original files without paying the ransom.

Exam trap

CompTIA often tests the misconception that removing the malware (via Safe Mode or System Restore) will undo the encryption, when in fact encryption is a cryptographic operation that persists after the malware is gone.

How to eliminate wrong answers

Option A is wrong because paying the ransom does not guarantee the attacker will provide a working decryption key, and it encourages further criminal activity. Option B is wrong because rebooting into Safe Mode and running a malware scan can remove the ransomware executable but cannot decrypt files that are already encrypted; the encryption persists. Option D is wrong because System Restore does not affect user files; it only restores system files and registry settings, leaving the encrypted files unchanged.

21
MCQhard

A technician is decommissioning a server that contains a lithium-ion battery backup module. The battery is not swollen but is several years old. What is the proper disposal procedure?

A.Remove the battery and place it in the regular trash since it is not swollen.
B.Short the terminals to fully discharge the battery before disposal.
C.Discharge the battery using a proper load, then recycle it through a certified lithium battery recycler.
D.Store the battery in a metal container and return it to the manufacturer for disposal.
AnswerC

Safe discharge followed by certified recycling ensures environmental compliance and safety. This is the industry best practice.

Why this answer

Option C is correct because lithium-ion batteries, even if not visibly swollen, degrade over time and can still pose a fire or chemical hazard if improperly disposed. The proper procedure is to safely discharge the battery using a certified load to remove residual energy, then recycle it through a certified lithium battery recycler to comply with environmental regulations and safety standards.

Exam trap

CompTIA often tests the misconception that a battery that is not swollen is safe for regular disposal, when in fact all lithium-ion batteries require special handling due to residual energy and chemical hazards.

How to eliminate wrong answers

Option A is wrong because placing a lithium-ion battery in regular trash violates environmental regulations (e.g., RCRA in the US) and creates fire and toxic waste hazards, regardless of whether it appears swollen. Option B is wrong because shorting the terminals of a lithium-ion battery can cause a short circuit, leading to rapid discharge, overheating, fire, or explosion; safe discharge requires a controlled load. Option D is wrong because storing a lithium-ion battery in a metal container without prior discharge or proper packaging can create a short-circuit risk and is not a standard disposal procedure; returning to the manufacturer is acceptable only if they provide a specific take-back program, but the question asks for the proper disposal procedure, which emphasizes safe discharge and certified recycling.

22
MCQhard

A user reports that their Windows 10 computer is displaying a 'Your IT department has limited access to some features of this app' message when trying to run a legacy application. The application worked before the latest Windows update. Which security feature is most likely causing this issue?

A.Windows Defender Firewall with Advanced Security
B.Windows Defender Application Guard
C.User Account Control (UAC)
D.BitLocker Drive Encryption
AnswerB

Application Guard uses container technology to isolate untrusted apps, and the message is typical when an app tries to access resources outside the container.

Why this answer

This question tests knowledge of Windows Defender Application Guard and Windows Sandbox features. The message indicates that Application Guard is blocking the app from accessing certain resources. Application Guard uses hardware isolation to run untrusted applications in a container, and updates may change its default behavior or policies.

23
MCQhard

A technician is troubleshooting a recurring network outage that occurs every Tuesday at 3 PM. After reviewing the change log, the technician finds that a scheduled backup job runs at that time. What is the best course of action?

A.Disable the backup job immediately to restore network stability.
B.Document the correlation and propose a change to the backup schedule.
C.Increase the network bandwidth to accommodate the backup traffic.
D.Ignore the issue since the backup is a critical process.
AnswerB

Proper documentation of the issue allows the CAB to evaluate and approve a schedule change, balancing network performance and backup needs.

Why this answer

This question tests the ability to correlate documented changes with incidents. The best action is to update the documentation to reflect the impact and then work with the change advisory board to reschedule the backup or mitigate the outage.

24
MCQeasy

A customer complains that their new smartphone connects to their home Wi-Fi but has no internet access. The router is configured with WPA2-PSK and a 64-character pre-shared key. Other devices work fine. What is the most likely cause?

A.The smartphone's Wi-Fi antenna is faulty.
B.The smartphone is using a wrong or mistyped Wi-Fi password.
C.The router's DHCP server has run out of IP addresses.
D.The smartphone's DNS settings are misconfigured.
AnswerB

Correct. A mistyped 64-character password would cause authentication failure, preventing internet access even though the device appears connected.

Why this answer

WPA2-PSK with a 64-character key is extremely long and easy to mistype. The smartphone likely has an incorrect password stored, so it authenticates to the router but fails to get an IP address because the router rejects the mismatched key during the 4-way handshake.

25
MCQhard

A security administrator needs to prevent users from running unauthorized software on Windows 10 Enterprise workstations. They want to allow only applications that are signed by approved publishers. Which Windows security feature should be configured?

A.Windows Defender Firewall with Advanced Security
B.BitLocker Drive Encryption
C.Windows Defender Application Control (WDAC)
D.User Account Control (UAC)
AnswerC

WDAC uses code integrity policies to allow only approved, signed applications to run, meeting the requirement exactly.

Why this answer

This question tests knowledge of Windows Defender Application Control (WDAC) and AppLocker. WDAC is a more modern and secure solution that can enforce code integrity policies based on publisher signatures, while AppLocker is a legacy feature. WDAC can be configured to allow only signed apps from trusted publishers, providing strong application control.

26
MCQhard

After a security incident, a forensic analyst needs to review the event logs on a Windows 10 system to determine when a specific user account was created. The logs are intact. Which Windows security setting must be enabled to ensure that account creation events are recorded?

A.Enable 'Audit Logon Events' in Local Security Policy.
B.Enable 'Audit Account Management' in Advanced Audit Policy.
C.Turn on 'File and Printer Sharing' in Network and Sharing Center.
D.Configure Windows Defender to scan for new accounts.
AnswerB

This setting specifically logs account creation, modification, and deletion events.

Why this answer

Audit Account Management policy must be enabled to log events like user account creation. This is configured in Local Security Policy or Group Policy under Advanced Audit Policy Configuration. Without this audit setting, account creation events are not recorded in the Security log.

27
MCQeasy

A technician needs to dispose of several old CRT monitors from an office. What is the proper disposal method according to environmental safety regulations?

A.Place them in the regular dumpster for bulk trash pickup.
B.Take them to a certified e-waste recycling center.
C.Smash the glass and separate the components for metal recycling.
D.Donate them to a local school for reuse.
AnswerB

Certified recyclers safely handle hazardous components and ensure compliance with environmental regulations.

Why this answer

CRT monitors contain hazardous materials such as lead, phosphor, and other heavy metals that are harmful to the environment if disposed of in landfills. Certified e-waste recycling centers follow strict environmental regulations to safely dismantle and recycle these components, preventing toxic substances from contaminating soil and groundwater.

Exam trap

CompTIA often tests the misconception that donating or reusing old equipment is always the best environmental practice, but the trap here is that the question specifically asks about proper disposal according to environmental safety regulations, which mandates certified recycling for hazardous e-waste like CRTs.

How to eliminate wrong answers

Option A is wrong because placing CRT monitors in a regular dumpster violates environmental regulations due to the hazardous materials (lead, cadmium) they contain, which can leach into landfills. Option C is wrong because smashing the glass releases toxic phosphor dust and lead into the air and environment, posing health risks and violating safety protocols. Option D is wrong while donating for reuse may seem environmentally friendly, it does not address the eventual disposal of the monitors when they fail; proper disposal still requires certified recycling to handle the hazardous components at end-of-life.

28
MCQhard

A company is decommissioning a data center and must destroy 1000 HDDs and 200 SSDs. The policy mandates that all data be destroyed on-site and that the drives be rendered physically unusable. Which combination of methods is most efficient?

A.Degauss all drives and then recycle them.
B.Use a hard drive shredder to shred all drives.
C.Overwrite all drives with a three-pass wipe.
D.Use a degausser for HDDs and a secure erase for SSDs.
AnswerB

A shredder physically destroys both HDDs and SSDs, meeting the requirement for on-site physical destruction efficiently.

Why this answer

For large-scale on-site destruction, a hard drive shredder can physically destroy both HDDs and SSDs quickly and efficiently. Degaussing works for HDDs but not SSDs, and it does not physically destroy the drives. Overwriting is too time-consuming for 1200 drives.

29
MCQmedium

A technician is configuring a Windows 10 kiosk machine that will run a single web application in full-screen mode. The machine must not allow users to access the desktop, taskbar, or other apps. Which Windows security feature should be used to accomplish this?

A.Local Group Policy to hide the taskbar.
B.User Account Control set to 'Always notify.'
C.Windows Defender Application Guard
D.Assigned Access (Kiosk Mode)
AnswerD

This feature locks the device to a single app, providing the required security and restriction.

Why this answer

Assigned Access (formerly Kiosk Mode) in Windows 10/11 allows a device to run a single app in full-screen, locking down the system. It can be configured via Settings > Accounts > Other users > Set up a kiosk. This ensures users cannot exit the app or access other parts of the OS.

30
MCQmedium

A user is trying to install a legacy application on Windows 10, but the installer fails with a message about 'incompatible version'. The application is known to work on Windows 7. Which compatibility settings should you try first to allow the installation to proceed?

A.Set the installer to run as an administrator.
B.Enable the 'Reduced color mode' compatibility setting.
C.Right-click the installer, go to Properties > Compatibility, and check 'Run this program in compatibility mode for: Windows 7'.
D.Use the Program Compatibility Troubleshooter from the Control Panel.
AnswerC

This setting makes Windows 10 report itself as Windows 7 to the application, which is the most direct fix for a version incompatibility error during installation.

Why this answer

Windows 10 includes compatibility modes that emulate older versions of Windows. Running the installer in compatibility mode for Windows 7 can often resolve version-check errors, as it tricks the application into thinking it is running on a compatible OS.

31
MCQhard

An organization experiences a data breach when an attacker physically removes hard drives from a decommissioned server that was placed in a storage area without being properly sanitized. What physical security control should have been implemented?

A.Install a surveillance camera in the storage area.
B.Require a smart card to access the storage area.
C.Use a degausser to erase the hard drives before disposal.
D.Apply tamper-evident seals to the server chassis.
AnswerC

Degaussing renders the data unrecoverable, eliminating the risk even if drives are stolen.

Why this answer

Proper disposal procedures, such as degaussing or physical destruction, ensure that data on decommissioned drives cannot be recovered. This scenario tests understanding of the full lifecycle of physical media security.

32
MCQmedium

A technician is deploying a new application to 20 sales laptops. The change management plan requires a pilot test on 2 laptops before full deployment. After testing, the technician finds the application works but conflicts with the VPN client. What should the technician do?

A.Deploy the application to all laptops and disable the VPN client on each.
B.Document the conflict and submit a revised change request with a resolution plan.
C.Continue with the deployment and note the conflict in the change log.
D.Uninstall the VPN client from all laptops and reinstall after the deployment.
AnswerB

Proper change management requires documenting the issue and seeking approval for a revised plan before proceeding.

Why this answer

Option B is correct because the change management process requires that any issues discovered during pilot testing be formally documented and addressed before full deployment. Since the application conflicts with the VPN client, the technician must submit a revised change request that includes a resolution plan (e.g., updating the application, modifying VPN configuration, or scheduling a coordinated deployment). This ensures compliance with organizational change control policies and minimizes risk to production systems.

Exam trap

CompTIA often tests the misconception that a discovered conflict can be ignored or worked around without formal change management approval, tempting candidates to choose options that prioritize speed over process compliance.

How to eliminate wrong answers

Option A is wrong because deploying the application to all laptops and disabling the VPN client on each bypasses the change management process and could disrupt remote access for sales staff, violating security and operational requirements. Option C is wrong because continuing with deployment while merely noting the conflict in the change log fails to resolve the known issue, which could lead to widespread VPN failures and non-compliance with the pilot test requirement. Option D is wrong because uninstalling the VPN client from all laptops before deployment is a disruptive workaround that ignores the root cause and may violate security policies; the conflict should be resolved through proper change management, not by removing critical software.

33
MCQmedium

A user installs a new application and immediately receives a 'The application was unable to start correctly (0xc000007b)' error. The application worked on another computer with the same Windows version. Which component is most likely causing this error?

A.The application requires a newer version of DirectX.
B.The Visual C++ Redistributable package is missing or corrupted.
C.The user does not have administrative privileges.
D.The hard drive has bad sectors affecting the application files.
AnswerB

This error often occurs when a 64-bit application tries to load a 32-bit DLL or vice versa; reinstalling the correct Visual C++ Redistributable resolves it.

Why this answer

Error code 0xc000007b is a STATUS_INVALID_IMAGE_FORMAT error, typically indicating a mismatch between 32-bit and 64-bit binaries. The most common cause is a missing or corrupted Visual C++ Redistributable package, which provides essential runtime libraries (e.g., MSVCR120.dll) that the application depends on. Without these libraries, the application cannot load correctly, even if the Windows version matches.

Exam trap

CompTIA often tests the 0xc000007b error by pairing it with a plausible but incorrect option like DirectX, exploiting the fact that many candidates associate all 'missing DLL' errors with DirectX or graphics issues.

How to eliminate wrong answers

Option A is wrong because DirectX errors usually produce different error codes (e.g., 0xc000007b is not a DirectX-specific error) and DirectX is primarily for graphics APIs, not general application startup. Option C is wrong because insufficient administrative privileges typically trigger 'Access Denied' or UAC prompts, not error 0xc000007b. Option D is wrong because bad sectors on the hard drive would cause file read errors or data corruption, not a specific STATUS_INVALID_IMAGE_FORMAT error; the error occurs before the application files are fully read.

34
MCQmedium

A technician needs to deploy a virtual machine for a client who requires a specific operating system that is not supported by the hypervisor's default settings. The technician has the ISO file for the OS. What should the technician do to install the OS on the VM?

A.Copy the ISO file directly to the virtual hard disk.
B.Mount the ISO file as a virtual CD/DVD drive and boot from it.
C.Use a USB flash drive with the ISO and plug it into the host.
D.Change the hypervisor's default settings to support the OS.
AnswerB

Mounting the ISO as a virtual optical drive allows the VM to boot from it and begin the OS installation process.

Why this answer

This question tests the process of installing an OS on a VM. The correct method is to mount the ISO file as a virtual optical drive and boot from it. Copying the ISO to the virtual disk or using a USB drive would not work directly, and the hypervisor's default settings are not relevant to OS compatibility.

35
MCQmedium

A user reports that a scheduled task runs a VBScript every morning, but the script fails with an 'ActiveX component can't create object' error. The script uses a COM object to interact with an application. What is the most likely cause of this error?

A.The script is running with insufficient permissions to create files
B.The COM object's DLL is not registered or the application is not installed
C.The script contains a syntax error in the CreateObject line
D.The scheduled task is set to run when the user is not logged in
AnswerB

CreateObject requires the COM component to be registered; if missing, the error occurs.

Why this answer

The 'ActiveX component can't create object' error occurs when the VBScript's CreateObject call fails because the COM class it references is not available. This typically means the DLL that implements the COM object is not registered (e.g., via regsvr32) or the application that provides the object is not installed on the system. Without the registered COM component, the script cannot instantiate the object, leading to this specific runtime error.

Exam trap

CompTIA often tests the distinction between runtime COM registration errors and other script failures, so the trap here is that candidates mistakenly attribute the error to permissions or syntax when the root cause is a missing or unregistered COM component.

How to eliminate wrong answers

Option A is wrong because insufficient permissions to create files would produce a 'Permission denied' error, not an 'ActiveX component can't create object' error, which is specifically about COM instantiation failure. Option C is wrong because a syntax error in the CreateObject line would cause a compile-time error (e.g., 'Expected end of statement') before the script even attempts to create the object, not a runtime 'ActiveX component can't create object' error. Option D is wrong because the scheduled task running when the user is not logged in can cause issues with interactive desktop access or network drives, but it does not prevent COM object creation; the error is about the COM component itself being missing or unregistered, not about session context.

36
MCQhard

A technician is called to a server room where a UPS battery is emitting a strong sulfur smell and the casing feels warm. What immediate action should the technician take?

A.Open the UPS to ventilate the battery compartment.
B.Continue monitoring the UPS until it shuts down automatically.
C.Disconnect the UPS from the mains and move it outside to a safe area.
D.Spray the UPS with a fire extinguisher as a precaution.
AnswerC

Removing the UPS from the building and isolating it from power reduces the risk of fire. This should be done with proper PPE and caution.

Why this answer

A strong sulfur smell and warm casing from a UPS battery indicate thermal runaway, a condition where internal chemical reactions generate excessive heat, potentially leading to fire or explosion. The immediate priority is to disconnect the UPS from mains power to stop charging and remove it to a safe, well-ventilated outdoor area to mitigate the risk of toxic gas release or catastrophic failure.

Exam trap

CompTIA often tests the misconception that opening the UPS or using a fire extinguisher is a safe first response, when in fact the correct action is to isolate and remove the hazard to prevent escalation of thermal runaway.

How to eliminate wrong answers

Option A is wrong because opening the UPS battery compartment exposes the technician to toxic hydrogen sulfide gas and risks electrical shock or short circuits from exposed terminals, worsening the hazard. Option B is wrong because continuing to monitor the UPS while it is in thermal runaway allows the condition to escalate, increasing the likelihood of fire, explosion, or release of corrosive electrolyte. Option D is wrong because spraying a UPS with a fire extinguisher is premature and ineffective—thermal runaway is an internal chemical process, not an open flame, and extinguisher discharge can cause electrical shorts or damage equipment without addressing the root cause.

37
MCQmedium

A technician is tasked with decommissioning a RAID array of SSDs that stored proprietary source code. The company policy requires that the drives be reused in another department. Which method ensures data is securely removed while preserving the SSDs?

A.Run a full format on each SSD.
B.Use the drive manufacturer's secure erase utility.
C.Degauss the SSDs.
D.Overwrite the drives with zeros three times.
AnswerB

Manufacturer secure erase sends a command that resets all NAND cells, making data unrecoverable while allowing the SSD to be reused.

Why this answer

SSDs require special handling because their wear-leveling and TRIM features can make traditional overwriting unreliable. A secure erase command (ATA Secure Erase) is designed for SSDs to reset all cells to an unallocated state.

38
MCQhard

A user's iPhone is running iOS 15 and they are unable to install a new app from the App Store. The error message says 'Unable to Download App. This app requires iOS 16 or later.' However, the user's iPhone model supports iOS 16. Which built-in iOS feature should the technician use to resolve this?

A.Offload the app and reinstall it.
B.Clear the App Store cache by force-closing the app.
C.Perform a factory reset.
D.Update iOS via Settings > General > Software Update.
AnswerD

Updating to iOS 16 via Software Update meets the app's requirement, allowing the download to proceed.

Why this answer

This question tests iOS update management. The correct answer is 'Software Update' in Settings > General, which allows the user to upgrade to iOS 16. The error indicates the app requires a newer OS version, and updating the OS is the standard solution.

39
MCQmedium

A user reports that an application fails to start because a configuration file is owned by root with permissions 644, but the application runs as user 'appuser'. Which command will allow 'appuser' to edit the file without changing ownership?

A.chmod 666 config.cfg
B.chown appuser config.cfg
C.chgrp appgroup config.cfg && chmod g+w config.cfg
D.setfacl -m u:appuser:rw config.cfg
AnswerC

This changes the group to one that includes appuser and adds group write permission, allowing editing without changing the owner.

Why this answer

This tests understanding of file permissions and groups. By adding 'appuser' to the file's group and granting group write permission, the user can edit without being owner.

40
MCQmedium

During a security audit, you discover that a Windows 10 workstation has a weak local administrator password. The company policy requires all local admin passwords to be at least 12 characters with complexity. Which tool can enforce this policy for all future password changes on that workstation?

A.Local Users and Groups (lusrmgr.msc)
B.Local Security Policy (secpol.msc)
C.Registry Editor (regedit)
D.Windows Defender Firewall with Advanced Security
AnswerB

This tool provides granular control over security policies, including password requirements.

Why this answer

Local Security Policy (secpol.msc) allows configuring password policies like minimum length and complexity for local accounts. This is applied via Account Policies > Password Policy. It ensures that any new password meets the requirements.

41
MCQmedium

A graphic designer is running out of storage space on their MacBook Air. They have a large collection of old design files that they rarely access but want to keep available on demand without manual intervention. Which macOS feature should you enable to automatically free up space?

A.Enable Time Machine to an external drive
B.Turn on iCloud Drive and select 'Optimize Mac Storage'
C.Use Disk Utility to erase and repartition the drive
D.Configure a local Time Machine snapshot schedule
AnswerB

This setting automatically stores older files in iCloud and keeps space-optimized versions locally, freeing up disk space.

Why this answer

iCloud Drive with 'Optimize Mac Storage' automatically moves rarely used files to iCloud and keeps recent files locally. This is the correct feature for automatic space management. Manual archiving or external drives require user action, and Time Machine is for backups only.

42
MCQmedium

A technician is helping a user who is upset because their important presentation file was accidentally deleted. The user is very emotional and raising their voice. What is the best way for the technician to handle this situation?

A.Tell the user to calm down and that losing data is not a big deal.
B.Raise your voice to match the user's tone to show you are taking it seriously.
C.Listen calmly, apologize for the inconvenience, and explain steps to recover the file from the recycle bin or backup.
D.Transfer the call to a manager immediately.
AnswerC

This shows empathy and provides a solution-oriented approach, which is key to professional communication.

Why this answer

Option C is correct because it demonstrates the professional communication and empathy required in a support role. The technician remains calm, acknowledges the user's frustration, and immediately provides a technical solution—recovering the file from the Recycle Bin or a backup. This aligns with CompTIA's emphasis on active listening, de-escalation, and problem-solving without dismissing the user's concerns.

Exam trap

The trap here is that candidates may think escalating to a manager (Option D) is the safest choice, but CompTIA expects the technician to first apply technical troubleshooting and de-escalation techniques before transferring the call.

How to eliminate wrong answers

Option A is wrong because telling a user to 'calm down' and minimizing the loss of data dismisses their emotional state and violates professional conduct; it can escalate the situation and damage trust. Option B is wrong because matching the user's raised tone is confrontational and unprofessional; it does not de-escalate the situation and can lead to a hostile interaction. Option D is wrong because transferring the call to a manager immediately is premature; the technician should first attempt to resolve the issue using standard recovery methods (e.g., Recycle Bin, backup) before escalating.

43
MCQmedium

A user reports receiving a phone call from someone claiming to be from 'Microsoft Support' saying their computer has a virus and asking for remote access to fix it. The user did not grant access. What type of attack was attempted?

A.Phishing
B.Vishing
C.Smishing
D.Pretexting
AnswerB

Vishing is voice phishing, using phone calls to deceive victims into granting remote access or revealing information.

Why this answer

This is a vishing (voice phishing) attack, a social engineering technique where the attacker uses phone calls to trick victims into providing sensitive information or remote access. Legitimate companies like Microsoft do not make unsolicited support calls.

44
MCQmedium

A user reports that their computer is running slowly after they installed a 'free system cleaner' from a pop-up ad. The technician suspects malware. What is the most appropriate first step in handling this situation professionally?

A.Immediately run a full antivirus scan and quarantine any threats found.
B.Ask the user to describe exactly what they installed and from where, without sounding accusatory.
C.Tell the user that installing software from pop-ups is dangerous and they should know better.
D.Remotely uninstall the program without informing the user.
AnswerB

This gathers necessary information while maintaining a non-judgmental tone, which encourages the user to cooperate.

Why this answer

Option B is correct because the first step in handling a potential malware infection professionally is to gather information from the user without judgment. Asking the user to describe what they installed and from where helps the technician understand the attack vector (e.g., a fake pop-up ad), which is critical for selecting the appropriate remediation steps and for any future security awareness training. This approach maintains trust and encourages the user to report issues promptly, which is essential for effective incident response.

Exam trap

CompTIA often tests the distinction between technical urgency and professional communication, where candidates mistakenly choose a technically correct action (like running a scan) over the professionally required first step of gathering information without blame.

How to eliminate wrong answers

Option A is wrong because immediately running a full antivirus scan without first gathering information from the user can disrupt their workflow, may miss root cause analysis (e.g., the specific file or URL involved), and does not address the professional need to understand the user's actions for future prevention. Option C is wrong because telling the user they should know better is accusatory and unprofessional; it damages the technician-user relationship and discourages the user from reporting future security incidents, which is a core violation of professional communication standards. Option D is wrong because remotely uninstalling the program without informing the user violates user consent and transparency, and it may remove evidence needed for deeper forensic analysis or for identifying additional malware components.

45
MCQmedium

A company is implementing a new policy that requires users to authenticate using both a password and a one-time code sent to their mobile phone. What type of authentication factor is the one-time code?

A.Something you are
B.Something you know
C.Something you have
D.Somewhere you are
AnswerC

The one-time code is delivered to a device (the phone) that the user possesses, making it a 'something you have' factor.

Why this answer

Authentication factors are categorized as something you know (password), something you have (token or phone), and something you are (biometrics). A one-time code sent to a mobile phone is considered 'something you have' because access to the phone is required. This question tests the classification of multi-factor authentication components.

46
MCQhard

A user reports that their Mac running macOS Ventura frequently asks for the admin password when trying to change network settings, even though they are the only user. They want this to stop. What is the most secure way to address this?

A.Disable System Integrity Protection (SIP)
B.Change the user account type from Standard to Administrator in Users & Groups
C.Use the 'security authorizationdb' command to remove the requirement
D.Turn off FileVault
AnswerB

Admin accounts can change network settings without re-entering credentials. This is the standard fix, though it broadens privileges.

Why this answer

Changing network settings requires admin privileges by default for security. The correct approach is to grant the user admin rights, which eliminates the prompt but also gives full system access. Other options either don't work or compromise security.

47
MCQeasy

A user needs to access a shared folder on a Windows 10 workstation from their Windows 11 laptop. Both devices are on the same local network. Which Windows feature must be enabled on the workstation to allow file sharing?

A.Network Discovery
B.File and Printer Sharing
C.HomeGroup
D.Windows Firewall
AnswerB

Enabling File and Printer Sharing allows the workstation to share folders and printers with other network devices.

Why this answer

File and Printer Sharing (option B) is the correct feature because it enables the Server Message Block (SMB) protocol on the workstation, which is the underlying protocol Windows uses for shared folder access. Without this service running and allowed through the firewall, other devices cannot connect to the workstation's shared resources, regardless of network discovery or firewall settings.

Exam trap

CompTIA often tests the distinction between Network Discovery (which only controls visibility) and File and Printer Sharing (which actually enables resource access), leading candidates to mistakenly select Network Discovery when the question asks about enabling file sharing.

How to eliminate wrong answers

Option A is wrong because Network Discovery only allows the workstation to see other devices on the network and be seen by them; it does not enable the actual sharing of folders or files. Option C is wrong because HomeGroup was removed from Windows 10 (version 1803 and later) and Windows 11; it is a deprecated feature and not required for standard SMB-based file sharing. Option D is wrong because Windows Firewall is a security component that can block or allow traffic, but it is not the feature that enables file sharing; in fact, File and Printer Sharing must be allowed as an exception within the firewall for sharing to work.

48
MCQmedium

During a software installation, a technician receives an error that the system does not meet the minimum requirements. The technician decides to override the check by modifying the registry. What safety procedure should be followed before making registry changes?

A.Disable User Account Control (UAC).
B.Create a system restore point.
C.Run the installation as an administrator.
D.Close all other running applications.
AnswerB

A restore point allows the system to be reverted to a previous state if registry edits cause problems.

Why this answer

Creating a system restore point before modifying the registry is the correct safety procedure because it captures the current system state, including registry keys, drivers, and system files. If the registry edit causes instability or boot failure, the restore point allows the technician to revert the system to its previous working configuration without data loss. This is a standard best practice for any registry modification, as even minor errors can render the system unbootable.

Exam trap

CompTIA often tests the distinction between permission elevation (running as admin) and system protection (restore point), leading candidates to mistakenly choose 'Run as administrator' because they think it bypasses the error, when in fact the question explicitly asks for the safety procedure before making registry changes.

How to eliminate wrong answers

Option A is wrong because disabling User Account Control (UAC) reduces system security by allowing all processes to run with elevated privileges without prompting, but it does not provide a rollback mechanism for registry changes; it only removes the elevation prompt, not the risk of corruption. Option C is wrong because running the installation as an administrator only ensures the installer has sufficient permissions to write to protected areas like the registry, but it does not create a backup or restore point; if the registry edit fails, there is no way to undo it. Option D is wrong because closing other applications reduces resource conflicts and potential interference during installation, but it does not safeguard against registry corruption; it is a general best practice for stability, not a safety procedure for registry modifications.

49
MCQeasy

A new employee is setting up their workstation and receives a phone call from someone claiming to be from the IT department. The caller says there is a critical security update and needs the employee's login credentials to install it remotely. What social engineering principle is the attacker primarily exploiting?

A.Urgency
B.Scarcity
C.Authority
D.Social proof
AnswerC

Authority is the correct answer, as the attacker uses the perceived power of IT to gain compliance.

Why this answer

This scenario exploits the principle of authority, as the attacker impersonates a trusted IT department figure. Social engineers often use authority to bypass security protocols by making victims feel compelled to comply. The correct response is to never share credentials, regardless of who asks.

50
MCQmedium

A technician is configuring a small office network and wants to ensure that guest users can access the internet but cannot connect to internal company resources like file servers or printers. Which logical security method should be implemented?

A.Enable MAC address filtering on the wireless access point.
B.Implement a guest VLAN that is isolated from the internal network.
C.Require a complex password for the guest Wi-Fi network.
D.Disable the SSID broadcast for the guest network.
AnswerB

A guest VLAN creates a separate logical network segment, allowing internet access while blocking access to internal resources via routing rules.

Why this answer

Network segmentation, often achieved through VLANs, separates network traffic into distinct broadcast domains. A guest VLAN can be configured with access only to the internet, while internal resources remain on a separate VLAN with restricted access. This question tests the understanding of network segmentation as a logical security control.

51
MCQeasy

A technician is tasked with deploying a new virtual machine for a client who needs to run a legacy application that requires a specific configuration. The client wants the VM to be isolated from the host operating system but still needs to access physical USB devices connected to the host. Which type of virtualization technology should the technician use?

A.Type 1 hypervisor
B.Type 2 hypervisor
C.Container-based virtualization
D.Desktop virtualization (VDI)
AnswerB

Type 2 hypervisors run on a host OS and natively support USB passthrough, allowing the VM to access physical USB devices while maintaining isolation from the host.

Why this answer

This question tests knowledge of virtualization types and their capabilities. Type 1 hypervisors run directly on hardware and provide strong isolation, but they lack direct USB passthrough in many configurations. Type 2 hypervisors, like VMware Workstation or VirtualBox, run on top of an OS and commonly support USB passthrough, making them suitable for this scenario.

52
MCQeasy

A user reports that a specific application crashes immediately on launch. You want to verify the integrity of the application's core files without reinstalling. Which command-line tool can you use to scan and repair system files that the application depends on?

A.sfc /scannow
B.chkdsk /f
C.tasklist
D.dism /online /cleanup-image /restorehealth
AnswerA

Correct. sfc scans and repairs corrupted system files that might cause application crashes.

Why this answer

The System File Checker (sfc /scannow) scans protected system files and replaces corrupted ones with cached copies. If the application relies on system files, sfc can fix the issue. DISM repairs the system image itself, chkdsk checks disk errors, and tasklist lists processes.

53
MCQhard

A technician is troubleshooting a printer that is not printing. The user insists that the printer was working yesterday and nothing has changed. The technician finds that the printer's IP address has changed due to a DHCP lease renewal. What is the best way to explain this to the user?

A.Explain that the printer's IP address changed because of DHCP, and that you will assign a static IP to prevent future issues.
B.Tell the user that the network changed the printer's address and it is not your fault.
C.Use technical jargon like 'DHCP lease expiration' and 'subnet mask misconfiguration' to sound authoritative.
D.Say that the printer is faulty and needs to be replaced.
AnswerA

This provides a clear, non-technical explanation and a solution, which is professional and reassuring.

Why this answer

Option A is correct because it directly addresses the root cause (DHCP lease renewal changing the printer's IP) and provides a clear, non-technical explanation to the user while outlining the solution (assigning a static IP). This demonstrates effective communication and professionalism by taking ownership of the issue and preventing recurrence, aligning with CompTIA's troubleshooting methodology.

Exam trap

The trap here is that candidates may choose Option C, thinking technical jargon demonstrates expertise, but CompTIA emphasizes explaining issues in user-friendly terms to maintain professionalism and trust.

How to eliminate wrong answers

Option B is wrong because it shifts blame to the network without offering a solution, which is unprofessional and fails to resolve the user's concern. Option C is wrong because using technical jargon like 'DHCP lease expiration' and 'subnet mask misconfiguration' without explanation confuses the user and violates the principle of clear communication. Option D is wrong because it incorrectly attributes the issue to a faulty printer, ignoring the actual DHCP-related IP change and leading to unnecessary replacement costs.

54
MCQeasy

A user reports that their Android phone's battery drains rapidly after a recent app update. They have already tried restarting the device. Which of the following should a technician recommend FIRST to diagnose the issue?

A.Perform a factory reset.
B.Check battery usage in Settings to identify the app consuming the most power.
C.Replace the battery immediately.
D.Disable all background data.
AnswerB

Battery usage statistics show which app or service is draining the battery, making this the logical first step in troubleshooting.

Why this answer

Option B is correct because the first step in diagnosing rapid battery drain after an app update is to use the built-in battery usage tool in Android Settings. This tool provides a per-app breakdown of power consumption, allowing the technician to identify which specific app is consuming excessive energy without making invasive changes. Restarting the device already failed to resolve the issue, so checking battery stats is the logical next step before any destructive or restrictive actions.

Exam trap

CompTIA often tests the principle of 'least invasive first' in troubleshooting, and the trap here is that candidates may jump to a factory reset (Option A) as a quick fix, overlooking the simple diagnostic step of checking battery usage statistics that directly pinpoints the problematic app.

How to eliminate wrong answers

Option A is wrong because performing a factory reset is a drastic, data-destructive step that should only be considered after all non-destructive diagnostics have failed; it does not help identify the root cause and may unnecessarily erase user data. Option C is wrong because replacing the battery immediately assumes the hardware is faulty, but the problem started after a software update, making a software-related cause far more likely; battery replacement is premature without first verifying app-level power usage. Option D is wrong because disabling all background data is an overly broad and restrictive measure that can break legitimate app functionality; it should only be applied to the specific misbehaving app after identification, not as a blanket solution.

55
MCQeasy

A small business deploys 20 Android tablets for inventory management. The tablets must remain in a single app (the inventory app) and prevent users from accessing settings or other apps. Which Android feature should you enable to lock the devices into this single-app mode?

A.Enable Guest Mode from the user switcher.
B.Use the Screen Pinning feature in Security settings.
C.Set up a separate user account with restricted profile.
D.Activate Factory Reset Protection (FRP).
AnswerB

Screen Pinning locks the device to a single app, and to unpin the user must enter a PIN or password, preventing unauthorized access to other apps or settings.

Why this answer

Android's Screen Pinning feature allows you to lock the device to a single app, requiring a PIN or password to exit. This is ideal for kiosk-style deployments. Guest Mode and Multi-User Mode do not restrict app access, and Factory Reset Protection is a security feature for lost devices.

56
MCQmedium

A user reports that their Windows 10 laptop suddenly shows a black screen with a movable mouse cursor after logging in. They can press Ctrl+Alt+Del to open the security screen. Which troubleshooting step should you perform first to restore the desktop?

A.Boot into Safe Mode and run System File Checker (sfc /scannow).
B.Press Ctrl+Alt+Del, open Task Manager, then run a new task and type 'explorer.exe'.
C.Perform a system restore to a point before the issue started.
D.Check the display driver by pressing Windows+P and switching display modes.
AnswerB

This restarts the Windows shell, which is the most common fix for a black screen with a cursor. It is quick, safe, and often restores the desktop immediately.

Why this answer

A black screen with a cursor after login often indicates that the Windows Explorer shell (explorer.exe) has crashed or is not starting properly. Using Task Manager to manually restart the explorer.exe process is a quick and non-destructive first step that often resolves the issue without rebooting.

57
MCQeasy

A user calls the help desk saying their PC suddenly displays a ransom note demanding payment in Bitcoin to unlock their files. They cannot open any documents or images. What is the first action you should take?

A.Pay the ransom to get the decryption key.
B.Run a full antivirus scan immediately.
C.Disconnect the PC from the network.
D.Restore files from a recent backup without disconnecting.
AnswerC

Disconnecting stops the ransomware from encrypting network drives and contacting its command server, limiting damage.

Why this answer

The correct first action is to disconnect the PC from the network (Option C). This immediately isolates the infected system, preventing the ransomware from communicating with its command-and-control (C2) server to exfiltrate data or encrypt additional network shares. It also stops the ransomware from spreading laterally to other devices on the same LAN, which is critical for containment before any remediation steps are taken.

Exam trap

CompTIA often tests the principle of 'containment before eradication' — the trap here is that candidates may jump to scanning (Option B) or backup restoration (Option D) without first isolating the system, which would allow the ransomware to continue spreading or re-encrypting files during those actions.

How to eliminate wrong answers

Option A is wrong because paying the ransom does not guarantee you will receive a working decryption key, and it encourages further criminal activity; law enforcement and security best practices strongly advise against paying. Option B is wrong because running a full antivirus scan while the PC is still connected to the network allows the ransomware to continue communicating with its C2 server and potentially encrypt more files or spread to other systems; containment must come first. Option D is wrong because restoring files from a backup without first disconnecting the network risks re-infection if the backup media is still accessible over the network or if the ransomware is still active and can immediately re-encrypt the restored files.

58
MCQhard

A technician is investigating a computer that has been sending spam emails from the user's account without their knowledge. The user has not installed any new software recently. The technician finds a process running that matches a known botnet client. Which two steps should the technician take first to mitigate the threat?

A.Disconnect the computer from the network and terminate the malicious process.
B.Run a full antivirus scan and then update the firewall rules.
C.Change the user's email password and run a malware scan.
D.Reboot the computer into Safe Mode and then run a scan.
AnswerA

Disconnecting stops the botnet's command-and-control communication, and terminating the process halts the spam.

Why this answer

The immediate priority is to disconnect the computer from the network to stop the botnet communication and prevent further spam. Then, the technician should identify and terminate the malicious process. Scanning without disconnecting may allow continued data exfiltration.

59
MCQmedium

A technician is configuring a shared Android tablet for a retail kiosk. The tablet should only run a single point-of-sale app and prevent users from accessing settings or other apps. Which Android feature should be used?

A.Enable Guest Mode
B.Use Screen Pinning from the Overview (Recent Apps) menu
C.Boot the device into Safe Mode
D.Install a launcher replacement app
AnswerB

Screen Pinning locks the device to one app, and exiting requires a PIN, making it suitable for kiosk use.

Why this answer

Android's Screen Pinning allows locking the device to a single app, requiring a PIN to exit. This is ideal for kiosk scenarios. Other options like Guest Mode or Safe Mode do not provide the same level of restriction.

60
MCQhard

A malicious script is suspected to have changed permissions on critical system files. The administrator needs to restore the /etc/passwd file to its default permissions, which are 644. The file is currently 777. Which command will set the correct permissions?

A.chmod 644 /etc/passwd
B.chmod 600 /etc/passwd
C.chmod 755 /etc/passwd
D.chmod 444 /etc/passwd
AnswerA

This sets owner read/write, group read, others read, which is the correct default for /etc/passwd.

Why this answer

The correct answer is A because chmod 644 /etc/passwd sets the permissions to rw-r--r--, which is the standard for /etc/passwd. This removes the world-writable and executable bits.

61
MCQmedium

A small business user needs to set up a VPN connection on their Windows 11 laptop to access company resources. They ask you which tool to use. Which administrative tool should you instruct them to open?

A.Device Manager to install a virtual network adapter.
B.Windows Settings > Network & internet > VPN.
C.Services console to enable the 'Remote Access Connection Manager' service.
D.Task Scheduler to create a task that launches the VPN client.
AnswerB

Correct. The VPN section in Windows Settings allows adding and configuring VPN connections.

Why this answer

The Settings app (or Control Panel > Network and Sharing Center) is the correct place to configure VPN connections in Windows 11. The other tools are not used for VPN setup.

62
MCQeasy

A company policy requires that all USB flash drives be automatically scanned for malware when inserted. Which Windows security setting should be configured to enforce this?

A.Enable Windows Defender Real-time Protection
B.Configure BitLocker To Go
C.Enable Windows Firewall
D.Set User Account Control to Always Notify
AnswerA

Real-time protection monitors file activity, including when a USB drive is inserted, and automatically scans for malware.

Why this answer

Windows Defender Antivirus can be configured to scan removable drives upon insertion via Group Policy or the Windows Security app. This ensures automatic malware scanning without user intervention.

63
MCQmedium

A user on a Windows 10 computer is unable to install a new application because they receive an error that 'Windows cannot verify the publisher of this driver software.' The application is from a trusted vendor. Which tool should you use to temporarily disable driver signature enforcement to complete the installation?

A.Device Manager
B.System Configuration (msconfig)
C.Advanced Startup Options (Disable driver signature enforcement)
D.Command Prompt with bcdedit /set testsigning on
AnswerC

This option in the Recovery Environment allows the system to boot with driver signature enforcement disabled, enabling installation of the driver.

Why this answer

Option C is correct because the error 'Windows cannot verify the publisher of this driver software' indicates that the driver lacks a valid digital signature, which is required by default on 64-bit Windows 10. The Advanced Startup Options menu provides a direct way to boot with 'Disable driver signature enforcement' temporarily, allowing the unsigned driver to load for the current session without permanently altering the system's security policy.

Exam trap

The trap here is that candidates often confuse 'bcdedit /set testsigning on' (which permanently enables test-signed drivers) with the temporary disable option in Advanced Startup Options, or they mistakenly think Device Manager or msconfig can override driver signature enforcement at the boot level.

How to eliminate wrong answers

Option A is wrong because Device Manager is used to manage hardware devices and update drivers, but it cannot bypass driver signature enforcement; it will still block installation of an unsigned driver. Option B is wrong because System Configuration (msconfig) is used to configure boot options like safe mode or startup services, but it does not have a built-in setting to disable driver signature enforcement; you would need to use Advanced Startup Options or a command-line tool. Option D is wrong because 'bcdedit /set testsigning on' enables Test Signing mode, which permanently allows unsigned drivers to load, but this is a persistent change that weakens security and is not intended for a one-time installation; it also requires a reboot and leaves the system in a less secure state.

64
MCQeasy

A small business owner wants to allow a remote employee to access their office desktop from home, but is concerned about security. They currently have a standard router with a public IP. Which of the following is the most secure method to enable this access?

A.Enable port forwarding on the router for TCP 3389 to the desktop's IP address.
B.Configure a VPN server on the office network and have the employee connect via VPN before using RDP.
C.Use a third-party remote desktop service like TeamViewer without additional configuration.
D.Change the RDP port to a non-standard port number and enable port forwarding.
AnswerB

A VPN encrypts all traffic and requires authentication, adding a layer of security before RDP access is permitted.

Why this answer

Exposing RDP directly to the internet is risky due to brute-force attacks. A VPN creates an encrypted tunnel, authenticating the user before allowing access to the internal network, making it far more secure. This is the recommended best practice.

65
MCQeasy

A company uses a cloud-based SaaS application for customer relationship management (CRM). Several employees report that they cannot access the CRM this morning, but internet connectivity is working. The IT support team checks the cloud provider's status page and finds no reported outages. What should the technician check next?

A.Verify that the DNS server is resolving the CRM URL correctly.
B.Check if the users' accounts have expired or if passwords need to be reset.
C.Reboot the company's firewall to clear any temporary blocks.
D.Reinstall the CRM application on the affected workstations.
AnswerB

Expired passwords or locked accounts are common reasons for individual access failures to SaaS applications.

Why this answer

When a cloud service is accessible to some but not others, the issue is often local authentication or configuration. Expired credentials or browser cache problems are common causes. The cloud provider's status page shows no outage, so the issue is likely client-side.

DNS and firewall settings would affect all users if misconfigured.

66
MCQhard

A security incident has occurred: a user's Mac running macOS Ventura was infected with malware that modified system files. The technician needs to boot the Mac into a mode that loads only essential Apple-signed kernel extensions and prevents third-party software from loading, in order to safely remove the malware. Which startup mode should they use?

A.Single-user mode (Command + S).
B.Verbose mode (Command + V).
C.Safe Mode (Shift key during startup).
D.Target Disk Mode (T key).
AnswerC

Safe Mode disables all non-Apple kernel extensions, startup items, and login items, providing a clean environment to remove malware. It also checks the startup disk for errors.

Why this answer

Safe Mode (holding Shift during startup) loads only essential kernel extensions and disables all third-party startup items and login items. It also performs a directory check of the startup volume. This environment is ideal for troubleshooting and removing malware without interference.

Single-user mode (Command+S) boots to a command-line interface but is deprecated on Apple Silicon Macs and does not inherently prevent malware from loading.

67
MCQmedium

A user reports that their Android phone's screen is flickering and the touch response is erratic after they dropped it. They have already tried a reboot. Which built-in diagnostic tool should you use to test the touchscreen and display functionality without any third-party apps?

A.Boot the device into Safe Mode to see if the issue persists.
B.Open the phone dialer and enter the hardware test code (e.g., *#0*#).
C.Enable 'Show taps' in Developer Options.
D.Perform a factory reset from Recovery Mode.
AnswerB

Many Android manufacturers include a built-in hardware diagnostic menu accessible via secret codes, allowing you to test the touchscreen, display, and other components.

Why this answer

Android includes a hidden 'Diagnostics' or 'Hardware Test' mode (often accessed via a code like *#0*# on Samsung devices) that allows you to test individual hardware components including the touchscreen, display colors, and sensors. The Developer Options 'Show taps' only visualizes touches but does not run a systematic test. Safe Mode only disables third-party apps, and a factory reset is too drastic.

68
MCQmedium

A technician is setting up remote access for a salesperson who frequently works from coffee shops. The company uses a VPN with two-factor authentication (2FA). The salesperson reports that after entering their username and password, they receive a prompt for a code but do not have their token. What should the technician do to resolve this?

A.Disable two-factor authentication for the user's account temporarily.
B.Provide the user with a one-time bypass code from the administrator console.
C.Instruct the user to reset their password and try again.
D.Ask the user to connect from a different network location.
AnswerB

Most 2FA systems allow administrators to generate temporary codes for users who have lost their token, maintaining security while granting access.

Why this answer

This scenario tests knowledge of 2FA troubleshooting. The user has a token but does not have it available. The correct action is to provide a temporary bypass code, which is a standard feature of 2FA systems for such situations.

Disabling 2FA would weaken security, and other options are not appropriate.

69
MCQmedium

After a malware infection, a user's Windows 10 PC has several suspicious scheduled tasks that run at startup. Which administrative tool should you use to review and disable these tasks?

A.Services console to stop the 'Task Scheduler' service.
B.Task Scheduler to examine the task library and disable suspicious entries.
C.Resource Monitor to see which tasks are currently running.
D.Windows Firewall with Advanced Security to block the tasks' network access.
AnswerB

Correct. Task Scheduler provides a full list of scheduled tasks, including those created by malware, and allows disabling or deleting them.

Why this answer

Task Scheduler (taskschd.msc) is the tool for viewing, creating, and disabling scheduled tasks. Malware often uses scheduled tasks for persistence. The other tools do not manage scheduled tasks.

70
MCQmedium

During a security audit, a technician discovers that an employee's company-issued iPhone has been jailbroken. The employee claims they only did it to customize the home screen. Which security risk is most directly associated with a jailbroken device in a corporate environment?

A.The device cannot receive iOS updates.
B.It voids the warranty.
C.It bypasses app sandbox restrictions, potentially exposing corporate data.
D.The device will perform slower.
AnswerC

Jailbreaking removes iOS security layers, including sandboxing, allowing malicious apps to access data from other apps, which is a severe data leakage risk.

Why this answer

This question tests understanding of jailbreaking risks. The correct answer is that jailbreaking removes sandbox restrictions, allowing apps to access data from other apps, which can lead to data leakage. This is a primary concern for corporate devices handling sensitive information.

71
MCQmedium

A user reports that their MacBook Pro running macOS Big Sur will not boot past the Apple logo. You suspect a corrupted system file. You need to boot into a special mode to run Disk Utility's First Aid on the startup volume. Which key combination should you hold during startup?

A.Hold the Option (⌥) key.
B.Hold Command (⌘) + R.
C.Hold the Shift key.
D.Hold Command (⌘) + Option (⌥) + P + R.
AnswerB

This boots into macOS Recovery, where Disk Utility is available. Running First Aid can repair disk errors that may be preventing the system from booting.

Why this answer

Holding Command (⌘) and R during startup boots the Mac into macOS Recovery, which provides access to Disk Utility, Terminal, and the ability to reinstall macOS. From there, you can run First Aid on the startup disk. Option (⌥) boots into Startup Manager, and Shift boots into Safe Mode.

72
MCQmedium

A user reports that their computer is displaying a message claiming their files are encrypted and they must pay 0.5 Bitcoin to a specific address to regain access. The user cannot open any documents or photos. What is the first step the technician should take to respond to this incident?

A.Pay the ransom to recover the files immediately.
B.Disconnect the computer from the network.
C.Run a full antivirus scan to remove the malware.
D.Reboot the computer into Safe Mode.
AnswerB

Isolating the system prevents the ransomware from spreading to other networked devices.

Why this answer

The first step in a ransomware incident is to isolate the infected system from the network to prevent the malware from spreading to other devices. Attempting to decrypt without tools or paying the ransom are not recommended initial actions.

73
MCQmedium

A non-profit organization is upgrading its computers and wants to donate the old ones to a local school. The HDDs contain donor information that must be kept confidential. The organization wants the drives to be reusable. Which method should be used?

A.Use a degausser to erase the drives.
B.Physically drill holes through the drive platters.
C.Perform a full overwrite with zeros using disk-wiping software.
D.Delete all files and empty the recycle bin.
AnswerC

A full overwrite ensures data is unrecoverable while keeping the drive fully functional for the school.

Why this answer

A full overwrite using disk-wiping software destroys data while leaving the drive functional for reuse. Degaussing destroys data but renders the drive unusable. Physical destruction also prevents reuse.

74
MCQhard

A company uses a web application for internal communication. A security audit reveals that the application is vulnerable to cross-site scripting (XSS). Which browser security feature can help mitigate the risk for users while the application is being patched?

A.Enable pop-up blocker
B.Configure the browser to use a proxy server
C.Implement Content Security Policy (CSP) headers on the web server
D.Disable JavaScript in the browser
AnswerC

CSP allows the server to specify which scripts are allowed, preventing execution of injected scripts.

Why this answer

Content Security Policy (CSP) is a browser security mechanism that can block malicious scripts, reducing XSS impact. This tests advanced knowledge of browser security features. Other options are either unrelated or less effective against XSS.

75
MCQhard

A technician receives an email that appears to be from the company's HR department asking them to click a link to update their direct deposit information. The email contains several grammatical errors and the sender's domain is 'company-hr.com' instead of the official 'company.com'. What is the most effective way to confirm this is a phishing attempt?

A.Reply to the email asking for verification.
B.Click the link to see if it looks legitimate.
C.Forward the email to the company's security team for analysis.
D.Call the phone number listed in the email signature.
AnswerC

Forwarding to the security team allows experts to analyze headers, links, and other indicators to confirm phishing.

Why this answer

The most reliable method is to verify the email's authenticity by checking the full email header and sender domain. Hovering over the link to see the actual URL can also reveal a phishing site, but checking the header confirms the source.

Page 1 of 10

Page 2

All pages