CompTIA A+ Core 2 220-1202 (220-1202) — Questions 76150

750 questions total · 10pages · All types, answers revealed

Page 1

Page 2 of 10

Page 3
76
MCQmedium

A technician is configuring a new workstation for an executive who requested specific software. The executive's assistant says the executive is very busy and wants the setup done quickly without any questions. What is the most professional response?

A.Proceed with the installation as requested to respect the executive's time.
B.Ask the assistant to confirm the exact software list and any version requirements before starting.
C.Install the software that is most commonly used by other executives.
D.Tell the assistant that you cannot proceed without talking to the executive directly.
AnswerB

This ensures accuracy and prevents rework, showing professionalism and attention to detail.

Why this answer

Option B is correct because it demonstrates professional due diligence: confirming the exact software list and version requirements prevents misconfigurations that could waste the executive's time later. A technician must verify requirements before installation to avoid compatibility issues or missing critical features, which is a core communication skill in the CompTIA A+ 220-1202 domain.

Exam trap

The trap here is that candidates may assume 'respecting time' means immediate action (Option A), but CompTIA tests that professionalism requires verification to prevent costly errors, not blind compliance.

How to eliminate wrong answers

Option A is wrong because proceeding without verification risks installing incorrect software versions or missing dependencies, leading to rework and wasted time. Option C is wrong because assuming 'most commonly used' software may not meet the executive's specific needs, causing functionality gaps and potential security issues. Option D is wrong because refusing to proceed without direct executive contact is overly rigid and unprofessional; the assistant is a valid point of contact for initial coordination.

77
MCQhard

A user reports that they can no longer access the internet after installing a new software application. The technician suspects the application modified system settings. Which security feature could have prevented this?

A.Windows Defender Firewall
B.User Account Control (UAC)
C.BitLocker Drive Encryption
D.Windows Defender Antivirus
AnswerB

UAC prompts for administrator approval before system changes, which could have blocked the application from modifying settings.

Why this answer

User Account Control (UAC) prompts for permission before allowing changes that affect system settings. If the user had denied the UAC prompt, the application would not have been able to modify network settings.

78
MCQhard

A security auditor discovers that a company's data destruction logs show only a quick format was performed on drives before disposal. The drives contained personally identifiable information (PII). What is the primary risk?

A.The drives may not boot properly after disposal.
B.The drives could be reused without any issues.
C.The PII data is still recoverable from the drives.
D.The drives will no longer hold a magnetic charge.
AnswerC

Quick formatting only removes the file system index; data remains on the drive and can be recovered with data recovery tools.

Why this answer

A quick format only clears the file table, leaving the actual data on the drive. This data can be recovered with simple software tools, exposing PII. Proper destruction (overwrite, degauss, or physical destruction) is required to prevent data recovery.

79
MCQmedium

A client wants to upgrade their entire office of 50 computers and asks for advice on environmentally friendly disposal of the old units. Which approach best aligns with environmental best practices?

A.Donate the computers to a local school without wiping data.
B.Sell the computers to a scrap metal dealer.
C.Contract a certified e-waste recycling company to handle the disposal.
D.Have employees take the computers home for personal use.
AnswerC

This is correct because certified recyclers follow regulations to safely dismantle and recycle components, minimizing pollution.

Why this answer

Option C is correct because certified e-waste recycling companies follow strict environmental regulations (e.g., the Basel Convention and local e-waste laws) to ensure hazardous materials like lead, mercury, and cadmium are safely extracted and disposed of, while also securely destroying data through methods such as degaussing or physical shredding. This approach minimizes environmental harm and aligns with the EPA's recommended practices for responsible electronics recycling.

Exam trap

CompTIA often tests the misconception that donation or reuse is always the greenest option, but the trap here is that environmental best practices require both secure data destruction and proper hazardous material handling, which only a certified e-waste recycler guarantees.

How to eliminate wrong answers

Option A is wrong because donating computers without wiping data violates data privacy best practices and could expose sensitive company information, even if the intent is reuse. Option B is wrong because selling computers to a scrap metal dealer typically bypasses proper hazardous material handling, leading to toxic components like CRT glass or lithium batteries ending up in landfills or being processed unsafely. Option D is wrong because allowing employees to take computers home for personal use does not guarantee environmentally sound disposal and often results in devices being discarded improperly later, without any certified recycling process.

80
MCQeasy

A user reports that their Windows 10 PC is running slowly after they installed a new program. You need to identify which service or startup program is consuming the most CPU resources to troubleshoot the issue. Which administrative tool should you use?

A.Event Viewer
B.Task Manager
C.Services.msc
D.Performance Monitor
AnswerB

Task Manager's Processes tab shows CPU, memory, and disk usage for each running process, allowing you to pinpoint the culprit.

Why this answer

Task Manager provides real-time performance monitoring, including CPU usage per process. This makes it the ideal tool for quickly identifying resource hogs. Other tools like Event Viewer or Services.msc are for different purposes.

81
MCQeasy

During a security audit, you find that a company's server room door is propped open with a trash can to allow airflow. What is the most immediate physical security risk in this scenario?

A.Increased dust entering the server room
B.Fire suppression system may not work
C.Unauthorized personnel can enter the server room
D.The door closer will wear out faster
AnswerC

An unsecured door allows anyone to walk in, defeating the purpose of access controls and posing a serious security threat.

Why this answer

Propping open a secured door completely bypasses the access control system, allowing unauthorized individuals to enter the server room undetected. This highlights the importance of maintaining door closure mechanisms to ensure physical security.

82
MCQhard

A company's security policy requires that all USB storage devices be blocked on company workstations to prevent data exfiltration. A manager needs to temporarily use a USB drive for a presentation. What is the best way to remediate this while maintaining security?

A.Disable the USB blocking Group Policy for the entire domain
B.Use a Group Policy to allow only the specific USB device by hardware ID, then remove the allowance after use
C.Give the manager a company-approved USB drive and tell them to use it only once
D.Create a local admin account on the manager's workstation and disable the USB block locally
AnswerB

This maintains security by only allowing a known device, and you can revert the policy afterward.

Why this answer

Group Policy can be used to block all USB storage by default, but you can create an exception by allowing specific devices via device ID or by using a more granular policy. The best approach is to temporarily grant access to the specific device, then reapply the block.

83
MCQeasy

A user reports that their Android phone will not connect to their corporate Wi-Fi network, but other devices connect fine. They have forgotten the network and re-entered the password, but it still fails. What should you check first?

A.Check if the router is using MAC address filtering.
B.Verify the Wi-Fi password is being entered correctly.
C.Reset the phone's network settings to default.
D.Update the phone's operating system to the latest version.
AnswerB

The most common issue is a typo or case error in the password, especially after forgetting and re-entering the network.

Why this answer

Option B is correct because the most common cause of a single device failing to connect after forgetting and re-entering the network is a typo or case-sensitive error in the Wi-Fi password. Since other devices connect fine, the issue is isolated to the phone, and verifying the password is the quickest, least intrusive step before escalating to more complex troubleshooting.

Exam trap

CompTIA often tests the candidate's ability to follow a logical troubleshooting methodology (OSI model layer by layer), and the trap here is that many candidates jump to advanced settings like MAC filtering or network resets instead of starting with the most basic, user-error-prone step of verifying the password.

How to eliminate wrong answers

Option A is wrong because MAC address filtering would affect all devices not on the allowlist, not just this one phone; since other devices connect fine, the router is not blocking this phone by MAC. Option C is wrong because resetting network settings is a drastic step that should only be taken after simpler checks like password verification, and it would erase saved Wi-Fi networks, Bluetooth pairings, and VPN configurations unnecessarily. Option D is wrong because an OS update is a time-consuming, system-level change that addresses bugs or security flaws, not a password entry issue; the phone's current OS version is unlikely to prevent connection if the password is correct.

84
MCQhard

A user's Windows 10 PC is experiencing random freezes and application crashes. You suspect a corrupted system file. You run sfc /scannow but it reports that it cannot repair some files. What is the next best step to repair the system files using a DISM command?

A.Run chkdsk /f
B.Run DISM /Online /Cleanup-Image /RestoreHealth
C.Run System Restore
D.Run Windows Update
AnswerB

DISM /RestoreHealth repairs the system image, enabling sfc to function correctly afterward.

Why this answer

DISM (Deployment Imaging Service and Management Tool) can repair the system image that sfc relies on. Running DISM /Online /Cleanup-Image /RestoreHealth fixes corruption in the component store, allowing sfc to then repair system files.

85
MCQhard

A user reports that their iPhone's flashlight is not working, and the camera app shows a black screen. Other apps function normally. The device is up-to-date and has been restarted. What is the most likely hardware-related issue?

A.The battery is failing and cannot provide enough power.
B.The camera app is corrupted; reinstall it.
C.The camera module or its flex cable is damaged.
D.The iOS has a bug that affects the camera and flashlight.
AnswerC

The LED flash is part of the camera module; damage to the module or its connection can disable both the camera and flashlight.

Why this answer

The simultaneous failure of the flashlight and camera strongly points to a shared hardware component failure. Both the camera module and the LED flash are typically integrated on the same flex cable assembly or share a common power management IC. Since other apps function normally and the device has been restarted, a hardware fault in the camera module or its flex cable is the most likely cause.

Exam trap

CompTIA often tests the concept of shared hardware dependencies, where candidates mistakenly attribute a dual-component failure to a software bug or battery issue instead of recognizing the common physical connection.

How to eliminate wrong answers

Option A is wrong because a failing battery would cause system-wide power issues, not isolate the camera and flashlight; the device would likely show a low-battery warning or shut down under load. Option B is wrong because the camera app is a system app that cannot be reinstalled by the user, and a corrupted app would not affect the flashlight, which is controlled by a separate daemon. Option D is wrong because a software bug affecting both camera and flashlight would typically be patched in an up-to-date iOS version, and a restart would not resolve a persistent hardware fault.

86
MCQmedium

A technician is troubleshooting a Windows 10 computer where the user cannot install a legitimate browser extension because the browser displays a warning that extensions from this source are not allowed. What setting is likely blocking the installation?

A.The browser is in private browsing mode.
B.The computer is running Windows 10 in S mode.
C.The user account does not have administrator privileges.
D.The browser's security level is set to high.
AnswerB

S mode only allows apps from the Microsoft Store, which can prevent installation of extensions from outside the store.

Why this answer

Windows 10's S mode restricts app installations to the Microsoft Store, which also affects browser extensions. Disabling S mode or using a different browser that supports the extension is the solution.

87
MCQmedium

A user calls the help desk saying that every time they click a link in an email, their browser opens a page that says 'Your computer is infected! Call this number.' They are unable to close the page normally. What type of attack is this, and what is the first step you should take?

A.Phishing attack; immediately change the user's email password
B.Browser hijacker; run a full antivirus scan immediately
C.Tech support scam; force close the browser using Task Manager, then run a security scan
D.Drive-by download; disconnect the computer from the network
AnswerC

This matches the scenario: a fake alert designed to trick the user into calling a scam number. Force closing stops the attack.

Why this answer

This is a tech support scam using a social engineering tactic to frighten the user. The correct first step is to close the browser forcefully using Task Manager, then run a security scan. This tests the ability to distinguish between different attack types and appropriate response procedures.

88
MCQhard

During a routine security scan, a technician finds that a user's workstation has an open port 3389 that is accessible from the internet. The user denies enabling Remote Desktop. What is the most likely security implication and immediate action?

A.The port is likely used by a legitimate application; no action is needed.
B.Disable the Remote Desktop service and block port 3389 at the firewall immediately.
C.Change the RDP listening port to a non-standard port to hide it.
D.Enable Network Level Authentication (NLA) on the workstation.
AnswerB

Disabling the service and blocking the port at the firewall are the correct immediate steps to eliminate the exposure, followed by an investigation into how it was enabled.

Why this answer

Port 3389 is used by Remote Desktop Protocol (RDP). An open RDP port exposed to the internet is a major security risk, often exploited by attackers for brute-force attacks or ransomware deployment. The immediate action should be to block the port at the firewall and investigate how it was opened.

This question tests the ability to identify high-risk exposure and prioritize remediation.

89
MCQhard

A technician is troubleshooting a server that repeatedly trips the circuit breaker in the data center. The server is plugged into a power strip that is also serving two other high-power devices. What is the most appropriate safety and troubleshooting step?

A.Replace the power strip with a higher-rated one and reset the breaker.
B.Move one of the other high-power devices to a different circuit and plug the server directly into a wall outlet on its own circuit.
C.Reset the breaker and use a UPS with a higher wattage rating.
D.Install a larger circuit breaker in the panel to handle the load.
AnswerB

This reduces the load on the original circuit and ensures the server has dedicated power, preventing overload.

Why this answer

The repeated tripping indicates the circuit is overloaded. The safest and most effective step is to redistribute the load by moving one high-power device to a different circuit and plugging the server directly into a dedicated wall outlet. This isolates the server's power draw and prevents overloading the shared circuit, addressing the root cause without bypassing safety limits.

Exam trap

CompTIA often tests the misconception that upgrading the power strip or breaker is a valid fix, when in fact the correct approach is to redistribute the load to separate circuits to stay within safe electrical limits.

How to eliminate wrong answers

Option A is wrong because replacing the power strip with a higher-rated one does not change the circuit's maximum current capacity (typically 15A or 20A in a data center); the breaker will still trip if the total load exceeds that limit. Option C is wrong because resetting the breaker and using a higher-wattage UPS does not solve the overload; the UPS itself draws power from the same circuit and could still cause tripping if the total load exceeds the breaker rating. Option D is wrong because installing a larger circuit breaker without verifying the wiring gauge and outlet ratings is a fire hazard; the wiring may not be rated for higher current, violating electrical code and safety standards.

90
MCQhard

A user is unable to change their desktop background because the option is grayed out. You suspect a Group Policy setting is enforcing a specific wallpaper. Which Control Panel tool would you use to check if a Group Policy is applied, and what is the specific path to verify this setting?

A.System > Advanced system settings > Performance
B.Personalization > Background
C.Administrative Tools > Local Security Policy
D.Ease of Access Center > Make the computer easier to see
AnswerC

Local Security Policy (secpol.msc) can show applied security policies, including those that restrict desktop settings, though Group Policy Editor is more comprehensive.

Why this answer

The Administrative Tools in Control Panel provides access to 'Local Security Policy' or 'Group Policy Management' for advanced users. However, the quickest way to check applied policies is to run 'rsop.msc' from the Run dialog, which is not in Control Panel. The correct answer tests knowledge that Administrative Tools contains shortcuts to policy editors, but the specific tool is not directly in Control Panel.

The best choice is Administrative Tools > Local Security Policy or Group Policy Editor, depending on Windows edition.

91
MCQmedium

A technician is troubleshooting a Windows 10 computer that exhibits strange behavior: system files are missing, and the computer fails to boot normally. A boot-time virus scan detects a virus that infected the Master Boot Record (MBR). Which tool should the technician use to repair the MBR?

A.System Restore
B.Bootrec.exe /FixMbr
C.SFC /Scannow
D.CHKDSK /F
AnswerB

This command rewrites the MBR, fixing boot issues caused by MBR viruses.

Why this answer

The Bootrec.exe tool with the /FixMbr switch is used to repair the Master Boot Record in Windows. System Restore, SFC, and CHKDSK do not specifically repair the MBR.

92
MCQhard

A user reports that their Windows 10 PC suddenly shows a 'Your IT administrator has limited access' message when trying to change the desktop background. The user has local administrator rights. Which Group Policy or registry setting is most likely misconfigured?

A.The 'Prevent changing desktop background' policy is enabled in Local Group Policy.
B.The user's account is not part of the Administrators group.
C.The desktop background file is corrupted.
D.The Windows license has expired.
AnswerA

This policy under User Configuration > Administrative Templates > Control Panel > Personalization restricts background changes, overriding admin rights.

Why this answer

The 'Prevent changing desktop background' policy, when enabled in Local Group Policy Editor (gpedit.msc) under User Configuration > Administrative Templates > Control Panel > Personalization, explicitly blocks background changes regardless of local administrator rights. Since the user has local admin rights but still sees the restriction, this policy is the most likely cause, as it overrides user permissions.

Exam trap

CompTIA often tests the misconception that local administrator rights bypass all Group Policy restrictions, but in reality, many administrative templates apply to all users, including administrators, unless specifically configured otherwise.

How to eliminate wrong answers

Option B is wrong because the user already has local administrator rights, so not being part of the Administrators group is contradictory to the scenario. Option C is wrong because a corrupted background file would cause a display issue (e.g., black screen or error), not a specific 'IT administrator has limited access' message. Option D is wrong because an expired Windows license triggers activation warnings (e.g., 'Windows is not activated') and may disable personalization features, but it does not produce the exact 'Your IT administrator has limited access' message, which is specific to Group Policy restrictions.

93
MCQmedium

A graphic designer reports that their MacBook Pro running macOS Monterey suddenly shows a gray screen with a folder icon containing a question mark at startup. They have important client files on the internal SSD. What is the most likely cause of this issue?

A.The user’s Time Machine backup has failed
B.The firmware password is enabled
C.macOS cannot locate a valid boot volume or system folder
D.The user’s login keychain is corrupted
AnswerC

This is the classic symptom of a missing or corrupted boot volume, often fixable via Recovery Mode or Disk Utility.

Why this answer

The folder with a question mark indicates the system cannot find a valid boot volume. This is often due to a corrupted boot loader or disconnected internal drive, not a failed backup or simple login issue.

94
MCQeasy

An employee finds a USB drive labeled 'Employee Salary Info Q4' in the parking lot. Out of curiosity, they plug it into their work computer to see the contents. What type of social engineering attack is this an example of?

A.Phishing
B.Tailgating
C.Baiting
D.Pretexting
AnswerC

Baiting exploits human curiosity or greed by offering something desirable. The USB drive with a tempting label is a classic baiting technique.

Why this answer

This is baiting, where an attacker leaves a physical item (like a USB drive) in a location where it is likely to be found and used. The enticing label is the 'bait' that exploits human curiosity.

95
MCQhard

A technician is reviewing a PowerShell script that was used in a ransomware attack. The script contains a line that downloads and executes a payload from a remote server. The script uses a technique to bypass execution policy. Which scripting technique is most likely used to bypass the execution policy?

A.Using the 'Set-ExecutionPolicy' cmdlet to change the policy to Unrestricted
B.Using the '-ExecutionPolicy Bypass' parameter when launching PowerShell
C.Using the 'powershell.exe -Command' syntax with an encoded command
D.Signing the script with a self-signed certificate
AnswerB

Correct. This parameter overrides the execution policy for that session only, allowing the script to run without changing system settings. It is a common technique used by attackers.

Why this answer

The '-ExecutionPolicy Bypass' parameter when launching PowerShell tells the PowerShell engine to bypass the execution policy for that session only, allowing any script to run without restriction. This is a common technique used by attackers because it does not require administrative privileges or permanent policy changes, making it stealthy and effective for executing malicious payloads.

Exam trap

CompTIA often tests the distinction between permanently changing the execution policy (which requires admin rights and is detectable) versus using a session-level parameter to bypass it (which is stealthy and does not require admin rights), leading candidates to mistakenly choose the 'Set-ExecutionPolicy' option.

How to eliminate wrong answers

Option A is wrong because using the 'Set-ExecutionPolicy' cmdlet to change the policy to Unrestricted requires administrative privileges and leaves a persistent change that can be detected by security tools; it is not a stealthy bypass technique. Option C is wrong because using 'powershell.exe -Command' with an encoded command is a method to obfuscate the command or avoid character restrictions, but it does not bypass the execution policy—if the policy blocks script execution, the encoded command will still be blocked unless the policy is bypassed separately. Option D is wrong because signing the script with a self-signed certificate does not bypass execution policy; it only allows the script to run if the execution policy is set to AllSigned or RemoteSigned and the certificate is trusted, which is not a bypass technique and requires additional configuration.

96
MCQhard

A technician is troubleshooting a wireless network where users report intermittent connectivity and slow speeds. The network uses WPA2-Enterprise with EAP-TLS and certificate-based authentication. The technician notices that the RADIUS server logs show frequent certificate validation failures. What is the most likely root cause?

A.The access point's firmware is outdated, causing packet loss.
B.The RADIUS server's certificate has expired.
C.Client devices have expired or untrusted certificates.
D.The wireless channel is overlapping with neighboring networks.
AnswerC

Correct. Expired client certificates cause intermittent authentication failures, leading to disconnects and reconnects.

Why this answer

EAP-TLS requires both the server and client to present valid certificates. If the client certificates are expired or not trusted by the RADIUS server, authentication will fail. This causes intermittent disconnects as clients attempt to reauthenticate.

97
MCQhard

A security incident occurred where an unauthorized user gained access to a workstation. The security team needs to review detailed logs of all user logon attempts, including successful and failed logins, for the past 48 hours. Which administrative tool and specific log should you access to provide this information?

A.Event Viewer > Windows Logs > System
B.Event Viewer > Windows Logs > Security
C.Event Viewer > Applications and Services Logs > Microsoft > Windows > TerminalServices-LocalSessionManager
D.Computer Management > System Tools > Shared Folders > Sessions
AnswerB

The Security log contains audit events such as logon/logoff, account management, and policy changes.

Why this answer

Event Viewer's Windows Logs > Security log records all security-related events, including logon attempts (success and failure). This is the standard location for auditing user activity. Other logs like System or Application do not focus on authentication events.

98
MCQeasy

A customer complains that their iOS device's screen orientation is stuck in portrait mode and will not rotate to landscape when they turn the phone sideways. What is the most likely cause and solution?

A.Enable Display Zoom in Settings
B.Toggle the Rotation Lock in Control Center
C.Restart the device
D.Adjust the text size in Accessibility
AnswerB

Rotation Lock is a common iOS feature that prevents the screen from rotating; disabling it resolves the issue.

Why this answer

iOS has a Portrait Orientation Lock in Control Center that prevents screen rotation. Toggling this off restores auto-rotation. Other settings like Display Zoom or Accessibility options do not lock orientation in this manner.

99
MCQeasy

During a software deployment, you need to configure a Windows 10 workstation to automatically start a legacy application every time a specific user logs on. Which tool should you use to add this startup entry for that user only?

A.Services.msc
B.Task Manager
C.Computer Management
D.Local Group Policy Editor
AnswerB

Task Manager's Startup tab lists user startup items and allows you to enable or disable them easily.

Why this answer

Task Manager's Startup tab allows you to manage per-user startup programs from a simple interface. For more control, you can also use the Startup folder or Registry, but Task Manager is the standard administrative tool for this task. Other tools like Services.msc or Group Policy are for system-wide or advanced configurations.

100
MCQmedium

A customer reports that their Windows 10 desktop shows a black screen with a movable cursor after logging in. They can press Ctrl+Alt+Del and open Task Manager. Which process should be restarted from Task Manager to restore the desktop and taskbar?

A.Restart the 'Windows Explorer' process in Task Manager.
B.End the 'svchost.exe' process group.
C.Start the 'winlogon.exe' process.
D.Run 'msconfig' from the Run dialog to enable normal startup.
AnswerA

Windows Explorer (explorer.exe) manages the desktop and taskbar; restarting it resolves the black screen issue.

Why this answer

The black screen with a movable cursor after login, combined with the ability to open Task Manager via Ctrl+Alt+Del, indicates that the Windows shell (explorer.exe) has crashed or is not running. Restarting the 'Windows Explorer' process from Task Manager (File > Run new task > 'explorer.exe') reloads the desktop, taskbar, and File Explorer, restoring the graphical user interface. This is the standard recovery step for a missing shell in Windows 10.

Exam trap

The trap here is that candidates confuse the 'Windows Explorer' process with Internet Explorer or assume that 'svchost.exe' is the correct service host to restart, when in fact the shell process (explorer.exe) is the specific component responsible for the desktop and taskbar.

How to eliminate wrong answers

Option B is wrong because ending the 'svchost.exe' process group would terminate critical Windows services (e.g., RPC, DHCP, DNS), potentially causing system instability or a blue screen, not restoring the desktop. Option C is wrong because 'winlogon.exe' is a system process that handles interactive logon and cannot be started manually from Task Manager; it is already running if the user can log in, and restarting it would force a logoff. Option D is wrong because 'msconfig' is a system configuration utility used to change boot options or startup mode, not a tool to restart a crashed shell process; running it from the Run dialog would not fix the immediate black screen issue.

101
MCQmedium

A technician receives a ticket from a user who says their email is not working. The technician remotely connects and sees that the user's Outlook profile is corrupt. The user is in the middle of an important project. What is the best way to communicate the necessary steps?

A.Explain that the Outlook profile is corrupt and needs to be rebuilt, which may cause a brief interruption.
B.Tell the user that you will fix it and they should not worry about the details.
C.Use technical terms like 'PST file corruption' and 'registry repair' to sound knowledgeable.
D.Rebuild the profile without informing the user to avoid worrying them.
AnswerA

This is honest, clear, and sets proper expectations without using jargon that might confuse the user.

Why this answer

Option A is correct because it balances transparency with professionalism: the technician clearly explains the issue (corrupt Outlook profile) and the necessary action (rebuild), while proactively managing expectations about a brief interruption. This approach respects the user's need to stay informed during an important project, aligning with ITIL best practices for incident management and user communication.

Exam trap

CompTIA often tests the distinction between technical accuracy and professional communication, trapping candidates who think using technical jargon or acting without consent demonstrates expertise, when in fact the exam emphasizes clear, respectful, and transparent user interaction.

How to eliminate wrong answers

Option B is wrong because it dismisses the user's need for situational awareness; withholding details can erode trust and leave the user unprepared for the interruption. Option C is wrong because using jargon like 'PST file corruption' and 'registry repair' without explanation confuses the user and violates the principle of communicating at the user's technical level. Option D is wrong because rebuilding the profile without informing the user is unethical and unprofessional; it denies the user the opportunity to save work or prepare for downtime, potentially causing data loss or workflow disruption.

102
MCQmedium

A new employee receives an email that appears to be from the company's HR department, asking them to click a link to verify their direct deposit information for payroll. The email contains the company logo and looks professional. What is the most likely social engineering attack?

A.Whaling
B.Phishing
C.Vishing
D.Shoulder surfing
AnswerB

Phishing is a broad category of attacks that use deceptive emails to trick recipients into revealing sensitive information or clicking malicious links. This scenario is a classic phishing attempt.

Why this answer

This is a phishing attack, specifically a form of spear phishing targeting a new employee. The email uses social engineering tactics (urgency, authority) to trick the recipient into clicking a malicious link that could steal credentials or install malware.

103
MCQeasy

A small business is retiring 20 old desktop PCs that contain sensitive customer data. The IT manager wants to ensure the data is unrecoverable before donating the computers to a local school. Which method should be used?

A.Perform a standard format of each hard drive.
B.Use a degausser on each hard drive.
C.Delete all files and empty the Recycle Bin.
D.Run a quick disk cleanup utility.
AnswerB

Degaussing uses a powerful magnetic field to scramble the magnetic domains on the platters, rendering data permanently unrecoverable.

Why this answer

The correct answer is degaussing, which uses a strong magnetic field to destroy the magnetic media on a hard drive, making data recovery impossible. Physical destruction (shredding) is also effective but not listed. Data wiping or formatting leaves data recoverable with forensic tools.

This question tests knowledge of data destruction methods for secure disposal.

104
MCQmedium

A customer reports that their Windows 11 PC is experiencing intermittent application crashes and you suspect file corruption. You need to run a system file check without using the full Windows interface. Which administrative tool can you launch from the Run dialog to open a command prompt with the necessary permissions?

A.Type 'cmd' in the Run dialog and press Enter
B.Type 'powershell' in the Run dialog and press Enter
C.Type 'cmd' in the Run dialog and press Ctrl+Shift+Enter
D.Type 'msconfig' in the Run dialog and press Enter
AnswerC

This launches an elevated command prompt with administrator privileges, required for SFC to repair system files.

Why this answer

Running 'cmd' from the Run dialog opens a standard command prompt, but to run SFC with full access, you need to run it as Administrator. The correct approach is to type 'cmd' in the Run box and press Ctrl+Shift+Enter to launch as administrator, or use the Start menu. The question tests knowledge of how to access elevated command prompt.

Other options like PowerShell or MSConfig are not the direct tool for this task.

105
MCQmedium

A customer calls saying that after installing a new printer, their Windows 10 computer now takes much longer to shut down. They have uninstalled the printer software, but the slow shutdown persists. Which tool should you use to identify the cause of the shutdown delay?

A.Task Manager
B.Performance Monitor
C.Event Viewer
D.Disk Cleanup
AnswerC

Event Viewer records system, application, and security logs. During a slow shutdown, the System log often contains warnings or errors from services or drivers that are delaying the process, allowing you to identify the culprit.

Why this answer

Slow shutdowns are often caused by services or drivers that fail to terminate properly. The Event Viewer logs system events, including errors and warnings during shutdown, which can pinpoint the offending component. This is more effective than generic performance monitoring or disk cleanup for this specific issue.

106
MCQeasy

A client brings in a laptop that was used by an employee who left the company. The manager wants to ensure all data is unrecoverable before recycling the laptop. The laptop has a traditional HDD. Which method should be used?

A.Perform a quick format of the drive.
B.Use a degausser to demagnetize the drive.
C.Run a full overwrite using disk-wiping software.
D.Physically shred the drive with a hard drive shredder.
AnswerC

A full overwrite with zeros or random data ensures data is unrecoverable while allowing the drive to be reused.

Why this answer

For traditional HDDs, a full overwrite with zeros or random data (often called wiping) renders the data unrecoverable without special equipment. Degaussing destroys the magnetic field but also renders the drive unusable; physical destruction is extreme; reformatting leaves recoverable data.

107
MCQhard

A small business wants to secure its network switch located in a shared office area. The switch has no built-in lock. Which combination of physical controls provides the best protection against unauthorized tampering?

A.Place the switch in a lockable cabinet and enable MAC address filtering.
B.Use a cable lock to secure the switch to the desk.
C.Install a privacy filter on the switch's LED display.
D.Apply tamper-evident tape over the switch's vents.
AnswerA

The cabinet prevents physical access, and MAC filtering restricts which devices can connect logically.

Why this answer

A lockable cabinet prevents physical access to the switch, and port security prevents unauthorized devices from connecting to the network. This question tests layered physical and logical security for network infrastructure.

108
MCQeasy

A small business is deploying a new time-tracking application to five workstations. The technician needs to ensure the installation is standardized and repeatable. Which documentation should the technician create before starting the deployment?

A.A list of user passwords for the application.
B.A detailed network topology diagram.
C.A step-by-step installation guide with screenshots.
D.A copy of the software license agreement.
AnswerC

A step-by-step guide ensures each workstation is configured identically and serves as a reference for future deployments.

Why this answer

This question focuses on the importance of creating a deployment plan or runbook before performing installations. Standardized documentation ensures consistency and reduces errors across multiple machines.

109
MCQmedium

A technician is helping a remote user configure a VPN connection. The user is not very technical and is getting frustrated. The technician uses jargon like 'authentication protocol' and 'tunnel endpoint'. Which of the following is the BEST way to improve communication?

A.Continue using technical terms to educate the user.
B.Ask the user to share their screen so the technician can do it remotely.
C.Use simple analogies like 'a secure tunnel for your data' and guide them step by step.
D.Send the user a written guide and end the call.
AnswerC

This makes the concept accessible and reduces frustration.

Why this answer

Option C is correct because it replaces confusing jargon with a simple analogy ('secure tunnel') and provides step-by-step guidance, which directly addresses the user's frustration and lack of technical knowledge. This approach aligns with the CompTIA A+ objective of adapting communication style to the audience, ensuring the user understands the VPN concept without needing to know terms like 'authentication protocol' or 'tunnel endpoint'.

Exam trap

CompTIA often tests the trap that candidates think educating the user with technical terms (Option A) is helpful, but the correct approach is to simplify language and use analogies to match the user's skill level, as per CompTIA's emphasis on customer service and effective communication.

How to eliminate wrong answers

Option A is wrong because continuing to use technical terms like 'authentication protocol' and 'tunnel endpoint' will likely increase the user's frustration and confusion, as they are not technical and need simplified explanations, not education on jargon. Option B is wrong because asking the user to share their screen assumes they can navigate the sharing process, which may be as confusing as the VPN setup itself; it also shifts the burden to the user without improving their understanding. Option D is wrong because sending a written guide and ending the call abandons the user, leaving them to struggle alone with technical documentation, which contradicts the goal of providing effective remote support.

110
MCQmedium

A security incident occurs where an unauthorized PowerShell script was executed on a server, exfiltrating data. The IT manager wants to prevent any unsigned PowerShell scripts from running on all domain computers. Which scripting security measure should be implemented?

A.Set the execution policy to Restricted
B.Set the execution policy to AllSigned
C.Set the execution policy to RemoteSigned
D.Disable PowerShell using Group Policy
AnswerB

Correct. AllSigned requires all scripts to be digitally signed by a trusted publisher. This blocks unsigned scripts while allowing signed, trusted scripts to run.

Why this answer

Option B is correct because setting the execution policy to AllSigned requires that all PowerShell scripts, including those written locally, be digitally signed by a trusted publisher before they can run. This directly addresses the requirement to prevent any unsigned PowerShell scripts from executing on domain computers, as it blocks both remote and local unsigned scripts.

Exam trap

The trap here is that candidates often confuse RemoteSigned with AllSigned, assuming that blocking internet-sourced scripts is sufficient, but they overlook that locally created unsigned scripts (e.g., written by an attacker after gaining access) remain a threat.

How to eliminate wrong answers

Option A is wrong because setting the execution policy to Restricted prevents all PowerShell scripts from running, which is overly restrictive and would block legitimate administrative scripts, not just unsigned ones. Option C is wrong because RemoteSigned only requires scripts downloaded from the internet to be signed; locally created scripts can run unsigned, leaving a gap for attackers to execute locally crafted malicious scripts. Option D is wrong because disabling PowerShell entirely via Group Policy is a heavy-handed approach that breaks legitimate administrative tasks and automation, whereas the requirement is specifically to control script execution, not remove the tool.

111
MCQmedium

A user's Windows 10 PC is infected with ransomware that has encrypted their Documents folder. You need to restore the files from a previous version that was saved by File History. Where do you access the 'Previous Versions' feature to restore these files?

A.File Explorer > Properties > Previous Versions tab
B.Control Panel > File History > Restore personal files
C.Settings > Update & Security > Backup
D.Computer Management > Storage > Disk Management
AnswerA

This is the correct location to view and restore previous versions of files or folders saved by File History or shadow copies.

Why this answer

The 'Previous Versions' tab is accessible via File Explorer by right-clicking a file or folder, selecting Properties, and then clicking the Previous Versions tab. This tab lists shadow copies or File History backups of the selected item, allowing you to restore an earlier version. In this scenario, since File History was enabled, the previous versions of the Documents folder will appear here for restoration.

Exam trap

The trap here is that candidates confuse the File History restore interface (accessed via Control Panel) with the 'Previous Versions' tab in File Explorer, but the question explicitly asks for the location of the 'Previous Versions' feature, which is found in the file or folder's Properties dialog.

How to eliminate wrong answers

Option B is wrong because Control Panel > File History > Restore personal files opens the File History restore interface, which is used to browse and restore files from File History backups, but it does not directly access the 'Previous Versions' tab; the question specifically asks where to access the 'Previous Versions' feature, not the File History restore wizard. Option C is wrong because Settings > Update & Security > Backup is the modern UI for configuring backup settings, including File History, but it does not provide a direct 'Previous Versions' tab for restoring individual files; it only offers options to add a drive or more options. Option D is wrong because Computer Management > Storage > Disk Management is used for managing disk partitions, volumes, and drives, and has no relation to file versioning or restoration from File History.

112
MCQmedium

A technician is decommissioning a server that contained encrypted patient health records. The organization's policy requires data to be destroyed beyond recovery, but the server must be returned to the leasing company. Which method should the technician use?

A.Perform a full format of all drives.
B.Use a degausser on the entire server chassis.
C.Remove the hard drives and physically shred them, then return the server without drives.
D.Run a disk cleanup and delete all files.
AnswerC

Physical destruction of the drives ensures data is unrecoverable, and returning the server without drives complies with the leasing agreement.

Why this answer

The correct answer is to remove and physically destroy the hard drives, then return the server without them. Degaussing would also destroy data but may damage the server's electronics. Data wiping is not allowed per policy, and formatting is insecure.

This tests understanding of disposal methods when hardware must be returned.

113
MCQmedium

After deploying a new Windows 11 workstation, a user complains that their screens turn off after 3 minutes of inactivity, even though they are reading documents. They want the display to stay on for at least 15 minutes. Which Settings page should you navigate to in order to change this power setting?

A.Settings > Personalization > Lock screen
B.Control Panel > Power Options > Edit Plan Settings
C.Settings > System > Power & battery > Screen and sleep
D.Settings > Accessibility > Display
AnswerC

This is the exact location in Windows 11 Settings to adjust the 'Screen and sleep' timeouts for both plugged in and on battery.

Why this answer

The correct path is Settings > System > Power & battery > Screen and sleep. This is the modern location in Windows 11 for adjusting display and sleep timeouts, replacing the older Power Options in Control Panel.

114
MCQhard

A technician is helping a user who accidentally installed a potentially unwanted program (PUP) that changed their browser homepage and search engine. The user is embarrassed and asks the technician not to tell their manager. What is the most ethical response?

A.Agree not to tell the manager and remove the PUP quietly.
B.Explain that you will remove the PUP but must document the incident per company policy, though you will not share unnecessary details.
C.Tell the user that this is a serious security breach and you have to report it immediately.
D.Ignore the request and report the user to HR for violating IT policy.
AnswerB

This balances empathy with professional responsibility; documentation is often required for security incidents.

Why this answer

Option B is correct because it balances the user's privacy concern with the technician's professional obligation to follow company policy. Documenting the incident (e.g., in a help desk ticket) is standard procedure for tracking PUP infections, which may indicate broader security issues like drive-by downloads or social engineering. The technician can remove the PUP using tools like Malwarebytes or AdwCleaner while omitting the user's name from unnecessary reports, preserving trust without violating policy.

Exam trap

CompTIA often tests the distinction between a 'security incident' (e.g., malware with C2 traffic) and a 'policy violation' (e.g., PUP installation), tempting candidates to overreact with option C or underreact with option A.

How to eliminate wrong answers

Option A is wrong because agreeing to hide the incident violates most corporate IT security policies, which require documentation of any unauthorized software changes to maintain an audit trail and prevent future breaches. Option C is wrong because a PUP changing browser settings is not a 'serious security breach' (e.g., no data exfiltration or privilege escalation); over-reporting it could cause unnecessary panic and damage the user-manager relationship. Option D is wrong because ignoring the user's request and immediately reporting to HR bypasses the proper escalation path (IT should handle the technical fix and documentation first) and is disproportionate for a non-malicious PUP installation.

115
MCQmedium

A user complains that their Mac running macOS Big Sur suddenly shows a message 'Your system has run out of application memory' and applications crash frequently. Activity Monitor shows high memory pressure. What is the most effective built-in tool to diagnose the cause?

A.Console
B.Disk Utility
C.Activity Monitor
D.System Information
AnswerC

Activity Monitor's Memory tab shows memory pressure, usage per app, and can help identify the culprit.

Why this answer

Activity Monitor is the primary tool for viewing memory usage, identifying memory-hungry processes, and checking memory pressure. It helps pinpoint which app is leaking or consuming excessive RAM.

116
MCQeasy

A user reports that their browser frequently redirects to a different search engine, and a new toolbar has appeared. After checking the browser settings, you find the homepage has been changed and there are unknown extensions enabled. What is the most likely cause of this issue?

A.A corrupted browser cache
B.A browser hijacker installed via a malicious extension
C.An outdated browser version
D.A misconfigured proxy server
AnswerB

Browser hijackers often install as extensions and modify settings like homepage and search engine.

Why this answer

This scenario describes classic symptoms of a browser hijacker, a type of malware that modifies browser settings without user consent. The correct answer is to remove the malicious extensions and reset the browser settings. This reinforces the importance of managing browser extensions and understanding common malware behaviors.

117
MCQmedium

A company is implementing a remote access solution for employees using personal smartphones. They need to ensure that corporate email and documents are accessible but that no corporate data remains on the device if it is lost or wiped. Which technology should they use?

A.Virtual Private Network (VPN) with split tunneling.
B.Remote Desktop Protocol (RDP) to a virtual desktop.
C.Mobile Device Management (MDM) with a containerized work profile.
D.Third-party remote access software like LogMeIn.
AnswerC

MDM enables IT to manage corporate data separately, enforce policies, and perform selective wipes, ensuring no corporate data remains on a lost device.

Why this answer

Mobile Device Management (MDM) with a containerized work profile creates a separate, encrypted sandbox on the smartphone that stores corporate email and documents. This container can be remotely wiped by the administrator without affecting the user's personal data, ensuring no corporate data remains on a lost or wiped device.

Exam trap

CompTIA often tests the distinction between remote access technologies that only provide connectivity (VPN, RDP) versus those that enforce data separation and selective wipe (MDM containerization), leading candidates to mistakenly choose VPN or RDP for data protection requirements.

How to eliminate wrong answers

Option A is wrong because a VPN with split tunneling only encrypts traffic to the corporate network but does not prevent corporate data from being stored locally on the device; it offers no containerization or selective wipe capability. Option B is wrong because RDP to a virtual desktop streams the desktop interface but still allows data to be downloaded or copied to the local device unless strict clipboard and drive redirection policies are enforced, and it does not inherently provide a containerized work profile for mobile devices. Option D is wrong because third-party remote access software like LogMeIn provides remote control of a PC but does not isolate corporate data in a sandbox on the smartphone; data can be transferred to the device and remains there after the session ends.

118
MCQhard

A security incident occurred where an unauthorized user accessed a workstation. You need to review the event logs to determine when the breach happened. Which Control Panel applet would you use to launch the Event Viewer?

A.System
B.Security and Maintenance
C.Administrative Tools
D.Device Manager
AnswerC

Administrative Tools includes Event Viewer, Performance Monitor, and other system tools.

Why this answer

Administrative Tools is the Control Panel applet that provides access to advanced system tools, including Event Viewer. To investigate a security breach, you would open Administrative Tools and then launch Event Viewer to review security logs for unauthorized access events. This is the correct path because Event Viewer is not directly listed in the main Control Panel categories; it is nested within Administrative Tools.

Exam trap

CompTIA often tests the distinction between the Security and Maintenance applet (which shows security status but not logs) and Administrative Tools (which contains Event Viewer), leading candidates to mistakenly choose Security and Maintenance because of the word 'Security' in the name.

How to eliminate wrong answers

Option A is wrong because System applet displays basic system information, hardware properties, and performance settings, but does not include a direct link to Event Viewer. Option B is wrong because Security and Maintenance provides system health reports and security status summaries, but it does not host Event Viewer; it may link to troubleshooting tools but not the event log viewer itself. Option D is wrong because Device Manager is used to manage hardware devices and drivers, not to review system or security event logs.

119
MCQmedium

A customer calls the help desk stating that their computer displays 'Bootmgr is missing' and will not start Windows. You suspect the Boot Configuration Data (BCD) is corrupted. Which command-line tool should you use from the Windows Recovery Environment to repair the BCD?

A.chkdsk /r
B.bootrec /rebuildbcd
C.sfc /scannow
D.diskpart
AnswerB

Rebuilds the BCD store, fixing the 'Bootmgr is missing' error.

Why this answer

The correct answer is `bootrec /rebuildbcd`, which scans for Windows installations and rebuilds the BCD store. This is a standard repair for boot manager issues. Other commands are for disk checking, system file repair, or partition management.

120
MCQeasy

A user reports that their workstation is running slowly and they see a pop-up claiming their files are encrypted and a ransom must be paid. They cannot open any documents. What type of malware is most likely responsible?

A.Spyware
B.Ransomware
C.Trojan horse
D.Rootkit
AnswerB

Ransomware encrypts files and displays a ransom demand, which perfectly matches the symptoms described.

Why this answer

Ransomware encrypts files and demands payment for decryption. This scenario describes classic ransomware behavior, where the user is locked out of their data and a ransom note is displayed.

121
MCQmedium

A company is deploying new laptops to remote workers. They need to ensure that if a laptop is stolen, the data on it cannot be accessed. Which two physical security controls should be configured before shipment?

A.Cable lock and privacy filter.
B.Full-disk encryption and a BIOS/UEFI password.
C.Smart card reader and biometric scanner.
D.Asset tracking tag and a Kensington lock slot.
AnswerB

Encryption secures data, and a BIOS password prevents booting from unauthorized media or changing settings.

Why this answer

Full-disk encryption protects data at rest, and a BIOS/UEFI password prevents unauthorized booting or tampering with boot settings. This question tests the combination of controls needed for remote device security.

122
MCQhard

A technician is troubleshooting an Android device that has a corporate email account configured. The user can send emails but cannot receive any. The email server uses IMAP. The technician has verified the username and password are correct. What should the technician check next?

A.Check if the device's date and time are correct.
B.Check the incoming mail server settings (IMAP).
C.Check if the email account has exceeded its storage quota.
D.Check if the device is in power-saving mode.
AnswerB

Since sending works (SMTP), the issue is likely with the incoming server settings, such as a wrong hostname or port.

Why this answer

Since the user can send emails but not receive them, the issue is isolated to the incoming mail path. IMAP uses port 143 (or 993 for SSL/TLS) to retrieve messages, and the incoming server settings (server address, port, security type) must match the corporate email configuration. Incorrect IMAP settings would prevent the device from connecting to the server to download new emails, while SMTP (outgoing) settings remain unaffected, explaining the send-only symptom.

Exam trap

CompTIA often tests the distinction between incoming and outgoing mail protocols (IMAP vs. SMTP) to see if candidates understand that a send-only failure points to the incoming server settings, not authentication or device-level issues.

How to eliminate wrong answers

Option A is wrong because incorrect date and time typically cause SSL/TLS certificate validation failures, which would affect both sending and receiving if the device cannot establish a secure connection; it would not selectively block only incoming mail. Option C is wrong because exceeding the storage quota would prevent the server from accepting new incoming messages, but the client would still be able to connect and see the mailbox (possibly with an error), and the user would also likely be unable to send if the quota is full on the server side. Option D is wrong because power-saving mode may delay background sync or reduce network activity, but it would not permanently prevent receiving emails; the user could still manually refresh or receive emails when the device exits power-saving mode, and sending would also be affected if network access is restricted.

123
MCQmedium

A technician is troubleshooting a batch script that is supposed to delete temporary files older than 30 days. The script runs without errors but does not delete any files. The technician suspects the script's logic is flawed. Which part of the script is most likely incorrect?

A.The script uses the 'del' command without a path
B.The script uses 'forfiles' with the wrong date syntax
C.The script runs as a standard user without admin rights
D.The script uses 'echo' instead of 'del'
AnswerB

Correct. Forfiles uses the '/d' parameter with a date string like '-30' for days. If the syntax is wrong (e.g., using '30' instead of '-30'), it will not match any files.

Why this answer

This tests understanding of file management commands and conditionals in batch scripting. The FORFILES command with date filtering is commonly used for this. If the script uses a simple 'del' without date checking, it will delete all files or none.

The issue is likely that the script does not properly compare file dates.

124
MCQeasy

A small business wants to ensure that only authorized personnel can access the server room. The budget is limited, and they need a simple, cost-effective solution. Which logical security control should they implement first?

A.Install a biometric fingerprint scanner on the door.
B.Require a smart card or key fob to unlock the door.
C.Implement a strong password policy for all user accounts.
D.Hire a security guard to check IDs at the entrance.
AnswerB

Smart cards or key fobs are relatively inexpensive, easy to manage, and provide a logical access control mechanism that can be quickly revoked if lost.

Why this answer

Logical security controls restrict access to digital resources. For physical access to a server room, a smart card or key fob system provides a good balance of cost and security by requiring something the user possesses. This question tests the understanding of logical versus physical controls and the principle of least cost for basic access control.

125
MCQmedium

You are configuring a new Windows 10 workstation for a remote employee who will connect to the corporate VPN. The user should not be able to install software or change system settings. Which tool should you use to enforce these restrictions?

A.User Account Control (UAC) settings
B.Local Group Policy Editor
C.Device Manager
D.Registry Editor
AnswerB

Local Group Policy Editor can enforce software installation restrictions and control panel access for specific users or groups.

Why this answer

Local Group Policy Editor (gpedit.msc) allows you to configure security and restriction policies on a standalone computer. You can disable the ability to install software by setting the 'Disable Windows Installer' policy and restrict access to Control Panel settings. This is the appropriate tool for a non-domain joined machine.

126
MCQhard

A technician is configuring a kiosk mode on a company-owned Android tablet for customer use. After enabling the dedicated device management app, the tablet still allows users to exit the kiosk app by pressing the home button. Which setting did the technician MOST likely overlook?

A.The tablet's screen timeout setting.
B.The 'Lock task mode' or 'Pin app' feature.
C.The tablet's Wi-Fi configuration.
D.The device's date and time settings.
AnswerB

Lock task mode (or app pinning) prevents users from leaving the designated app, which is essential for kiosk mode.

Why this answer

The technician enabled the dedicated device management app but did not activate Android's 'Lock task mode' (or 'Pin app' feature). This mode is required to pin the kiosk app to the foreground and block system navigation keys (Home, Recent Apps), preventing users from exiting the app. Without it, the Home button remains functional, allowing escape from the kiosk environment.

Exam trap

CompTIA often tests the distinction between enabling a dedicated device management app and actually locking the device into kiosk mode, leading candidates to overlook the mandatory 'Lock task mode' or 'Pin app' configuration step.

How to eliminate wrong answers

Option A is wrong because screen timeout settings control display sleep duration, not the ability to exit a kiosk app via the Home button. Option C is wrong because Wi-Fi configuration affects network connectivity, not the enforcement of app pinning or navigation blocking. Option D is wrong because date and time settings are unrelated to kiosk mode behavior; they do not prevent the Home button from exiting the app.

127
MCQhard

A company policy requires that all web traffic from employee computers be filtered to block known malicious sites. You need to implement this without installing client software on each machine. Which approach should you use?

A.Configure each browser's proxy settings to use a filtering proxy server.
B.Enable Windows Defender SmartScreen on each computer via Group Policy.
C.Implement a DNS-based content filtering service on the network's DNS server.
D.Install a third-party browser extension on all browsers to block malicious sites.
AnswerC

DNS filtering blocks requests to malicious domains at the network level, affecting all devices without client software.

Why this answer

A DNS-based content filter (like OpenDNS or a corporate DNS server) can block malicious domains without requiring client software. This is a scalable solution for network-wide filtering.

128
MCQmedium

A technician is configuring a VPN for a remote user. The user's home router uses NAT, and the technician wants to ensure the VPN traffic is encapsulated and encrypted. Which VPN protocol should the technician choose for the best balance of security and compatibility?

A.PPTP
B.L2TP/IPsec
C.OpenVPN
D.SSTP
AnswerC

OpenVPN is highly configurable, works through NAT, and offers strong encryption, making it a reliable choice.

Why this answer

OpenVPN is the correct choice because it provides a robust balance of security and compatibility, especially for remote users behind NAT. It uses SSL/TLS for encryption and can operate over a single UDP or TCP port (typically 1194), which easily traverses NAT without requiring additional configuration. Unlike L2TP/IPsec, OpenVPN does not rely on IPsec's NAT-sensitive protocols like ESP, making it more reliable across home routers.

Exam trap

CompTIA often tests the misconception that L2TP/IPsec is always the best for security and compatibility, but the trap here is that IPsec's ESP protocol can fail with NAT unless NAT-T is enabled, making OpenVPN a more practical choice for remote users behind home routers.

How to eliminate wrong answers

Option A is wrong because PPTP uses outdated MPPE encryption (RC4) and has known vulnerabilities, making it insecure for modern use. Option B is wrong because L2TP/IPsec can have issues with NAT traversal due to IPsec's ESP protocol, often requiring NAT-T or additional router configuration, which reduces compatibility with home routers. Option D is wrong because SSTP is primarily designed for Windows environments and uses TCP port 443, which can be blocked or throttled by some firewalls, and it lacks the cross-platform compatibility of OpenVPN.

129
MCQhard

A company uses a private cloud for its internal applications. The IT team wants to ensure that if one physical host fails, the virtual machines running on it can be automatically restarted on another host with minimal downtime. Which feature should they implement?

A.Fault tolerance
B.High availability
C.Live migration
D.Snapshots
AnswerB

High availability monitors hosts and automatically restarts VMs on another host if a failure occurs, meeting the requirement of minimal downtime.

Why this answer

This question tests knowledge of high availability in virtualization. Fault tolerance keeps a VM running with zero downtime but requires more resources. Live migration moves VMs manually, and snapshots are for backup.

High availability automatically restarts VMs on another host after a failure, providing a balance of cost and uptime.

130
MCQmedium

A user reports that their web browser's homepage has changed to an unfamiliar search engine, and new toolbars have appeared without their consent. They have not installed any new software recently. Which type of malware is most likely responsible?

A.Trojan horse
B.Worm
C.Browser hijacker
D.Ransomware
AnswerC

Browser hijackers specifically alter browser settings like homepage and add toolbars without user consent.

Why this answer

A browser hijacker modifies browser settings like the homepage and adds unwanted toolbars. It often installs silently through drive-by downloads or bundled with other software. Removal requires resetting the browser and scanning with anti-malware tools.

131
MCQeasy

A small business uses a cloud-based accounting application. Several employees report that they can no longer access the application, and they receive a message stating that the service is temporarily unavailable. The business's internet connection is working, and other cloud services are accessible. What is the most likely cause of this issue?

A.The user's browser cache is corrupted.
B.The cloud service provider is experiencing an outage.
C.The business's firewall is blocking the accounting application.
D.The employees' user accounts have been disabled.
AnswerB

A provider-side outage would affect all users of that specific service, matching the symptoms of multiple employees unable to access only that application.

Why this answer

This scenario tests the understanding of cloud service models and common issues. The correct answer is B because the problem is isolated to a single cloud service, indicating a service outage on the provider's end, not a local network or client issue. The other options are less likely as the internet is working and other services are accessible.

132
MCQhard

A technician is investigating a data breach and discovers that an attacker obtained sensitive files by searching through the company's recycling bins. The bins contained printed reports with customer names and account numbers. What social engineering attack was used?

A.Tailgating
B.Shoulder surfing
C.Dumpster diving
D.Phishing
AnswerC

Dumpster diving is the correct term for retrieving information from discarded materials.

Why this answer

Dumpster diving is the physical act of searching through trash to find sensitive information. This attack relies on the failure to properly dispose of documents. Shredding or secure disposal policies are essential countermeasures.

133
MCQhard

A company experiences a data breach after an attacker physically removes a hard drive from an unsecured workstation. The workstation was in a public area. Which combination of physical and logical controls would have best prevented this?

A.Cable lock and BIOS password
B.Cable lock and full-disk encryption
C.Security camera and Windows password
D.Proximity card reader and screen lock
AnswerB

The cable lock deters theft; full-disk encryption ensures data is unreadable if the drive is stolen.

Why this answer

Preventing physical theft requires both a physical lock (cable lock) to secure the device and full-disk encryption (like BitLocker) to protect data if the drive is removed. This is a layered approach.

134
MCQmedium

A system administrator needs to find all files in /var/log that have been modified in the last 24 hours to check for recent activity. Which command accomplishes this?

A.find /var/log -mtime -1
B.find /var/log -atime -1
C.find /var/log -ctime -1
D.find /var/log -mmin -1440
AnswerA

This correctly finds files modified within the last 24 hours using -mtime -1.

Why this answer

The correct answer is A because find /var/log -mtime -1 finds files modified less than 1 day ago. The -mtime flag with a negative number means modified within the last n days.

135
MCQeasy

A user in the accounting department cannot print to a network printer that other users can access. They are running Windows 10. When they try to print, they get a message: 'Windows cannot connect to the printer. Access is denied.' What is the most likely cause of this issue?

A.The printer driver is corrupt on the user's computer.
B.The network cable is unplugged from the user's computer.
C.The user does not have permission to use the printer.
D.The printer is out of paper or toner.
AnswerC

The 'access denied' error directly points to a permissions issue; the print server or printer security settings need to be checked and the user granted access.

Why this answer

An 'Access is denied' error when other users can print indicates that the user's permissions are the problem, not the printer or driver. This usually means the user account does not have the necessary permissions on the print server or the printer itself.

136
MCQhard

A user's Windows 10 laptop fails to boot and shows 'INACCESSIBLE_BOOT_DEVICE' blue screen error. The technician suspects a recent driver update for the storage controller. Which recovery environment command can be used to disable the problematic driver from loading?

A.Run 'bcdedit /set {default} safeboot minimal' from the recovery command prompt.
B.Run 'diskpart' and then 'clean' to wipe the disk.
C.Run 'chkdsk /f' to fix file system errors.
D.Run 'bootrec /fixboot' to repair the boot sector.
AnswerA

This command forces the system to boot into Safe Mode, bypassing the problematic driver and allowing repair.

Why this answer

The 'INACCESSIBLE_BOOT_DEVICE' error often occurs after a faulty storage controller driver update. Booting into Safe Mode with minimal drivers can bypass the problematic driver. The command 'bcdedit /set {default} safeboot minimal' configures the boot loader to start Windows in Safe Mode on the next restart, loading only essential drivers and services, which allows the technician to roll back or uninstall the offending driver.

Exam trap

The trap here is that candidates often confuse 'bcdedit' with 'bootrec' commands, assuming 'bootrec /fixboot' or 'chkdsk' can resolve driver-related boot failures, when in fact only Safe Mode or driver rollback via the recovery environment addresses the root cause.

How to eliminate wrong answers

Option B is wrong because 'diskpart clean' wipes the entire disk partition table, destroying all data and making the system unbootable — it does not disable a driver. Option C is wrong because 'chkdsk /f' repairs file system corruption, not driver-related boot failures; it cannot disable a storage controller driver. Option D is wrong because 'bootrec /fixboot' rewrites the boot sector code, which addresses bootloader corruption but does not prevent a specific driver from loading.

137
MCQmedium

A system administrator configures a new VPN server for remote employees. The requirement is that all traffic from the remote user's device must be routed through the corporate network to enforce security policies. Which VPN protocol setting should the administrator enable?

A.Enable split tunneling
B.Disable split tunneling
C.Use PPTP instead of L2TP
D.Increase the MTU size
AnswerB

Disabling split tunneling forces all traffic through the VPN tunnel, ensuring all traffic is subject to corporate security controls.

Why this answer

Disabling split tunneling ensures that all traffic from the remote user's device is routed through the corporate VPN tunnel, enforcing security policies such as content filtering and intrusion detection. When split tunneling is enabled, only traffic destined for the corporate network goes through the VPN, while internet-bound traffic bypasses it, violating the requirement. This setting is typically configured in the VPN client or server profile (e.g., using the 'DisableSplitTunneling' registry key on Windows or the 'tunnel-all' directive in OpenVPN).

Exam trap

CompTIA often tests the misconception that the choice of VPN protocol (PPTP vs. L2TP) determines traffic routing behavior, when in fact split tunneling is a separate policy setting that must be explicitly enabled or disabled.

How to eliminate wrong answers

Option A is wrong because enabling split tunneling would allow remote users to access the internet directly without traversing the corporate network, which directly contradicts the requirement to route all traffic through the corporate network. Option C is wrong because using PPTP instead of L2TP does not affect traffic routing behavior; PPTP and L2TP are tunneling protocols that encapsulate data, but split tunneling is a separate routing policy that must be configured regardless of the protocol chosen. Option D is wrong because increasing the MTU size addresses packet fragmentation issues, not traffic routing; it can improve performance but does not enforce that all traffic is sent through the VPN tunnel.

138
MCQeasy

A small business wants to prevent unauthorized individuals from following employees through a secure entrance after badge access is granted. Which physical security control is specifically designed to address this threat?

A.Install a biometric fingerprint scanner
B.Use a proximity card reader
C.Deploy a mantrap
D.Add a security guard
AnswerC

A mantrap physically isolates each person, ensuring only one authenticated individual passes through at a time.

Why this answer

Tailgating occurs when someone slips in behind an authorized user. A mantrap is a small room with two interlocking doors that only allows one person to pass at a time, effectively preventing tailgating.

139
MCQmedium

A user reports that their Android phone's Bluetooth keeps disconnecting from their car's hands-free system. The technician has already cleared the Bluetooth cache and re-paired the devices. What should the technician do NEXT?

A.Perform a factory reset on the phone.
B.Update the car's infotainment system firmware.
C.Replace the phone's Bluetooth antenna.
D.Disable Bluetooth power saving mode on the phone.
AnswerB

Many car manufacturers release firmware updates to fix Bluetooth compatibility issues, making this a targeted solution.

Why this answer

Option B is correct because after basic troubleshooting (cache clear and re-pair) fails, the next logical step is to check for firmware updates on the car's infotainment system. Bluetooth connectivity issues between a phone and a car are often caused by incompatibilities or bugs in the car's Bluetooth stack, which can be resolved by updating the car's firmware. The technician should prioritize updating the car's system before considering hardware replacement or more drastic phone resets.

Exam trap

The trap here is that candidates may assume the phone is always at fault and jump to a factory reset (Option A) or hardware replacement (Option C), when in reality the car's infotainment firmware is a frequent source of Bluetooth instability that should be addressed first.

How to eliminate wrong answers

Option A is wrong because a factory reset on the phone is a drastic step that should only be taken after exhausting all other software-based troubleshooting; it would delete all user data and is unlikely to fix a Bluetooth issue that persists after cache clearing and re-pairing, especially if the problem is on the car side. Option C is wrong because replacing the phone's Bluetooth antenna is a hardware repair that is premature at this stage; Bluetooth disconnections are rarely caused by a faulty antenna, and the technician has not yet ruled out software or firmware issues on either device. Option D is wrong because disabling Bluetooth power saving mode on the phone is a valid step but should have been considered earlier in the troubleshooting process (e.g., before or alongside cache clearing); it is not the next best step after cache clearing and re-pairing, and the question implies those steps have already been done without success.

140
MCQeasy

A help desk technician receives a complaint that a shared network printer is no longer accessible after a scheduled firmware update was applied to the print server last night. The change was documented but no rollback plan was included. What should the technician do first?

A.Reboot the print server to clear any temporary errors.
B.Restore the print server to its previous firmware version.
C.Submit a new change request to update the firmware again.
D.Disable the printer in Active Directory and re-add it.
AnswerB

Restoring the previous firmware is the most direct way to reverse the change, even though the rollback plan was missing; it should be done following proper change control.

Why this answer

Option B is correct because the scheduled firmware update directly caused the printer to become inaccessible, and without a documented rollback plan, reverting to the previous firmware version is the safest and most immediate way to restore service. This aligns with change management best practices, which prioritize backing out a failed change before troubleshooting further, as the root cause is clearly the firmware update.

Exam trap

The trap here is that candidates often choose to reboot the server (Option A) as a generic troubleshooting step, but the question specifies the change was a firmware update, so the only effective first action is to revert that specific change.

How to eliminate wrong answers

Option A is wrong because rebooting the print server may clear temporary errors but will not revert the firmware version, so if the new firmware is incompatible or buggy, the issue will persist after the reboot. Option C is wrong because submitting a new change request to update the firmware again would repeat the same action that caused the outage, which is illogical and violates change management principles. Option D is wrong because disabling and re-adding the printer in Active Directory addresses only the printer object and driver mapping, not the underlying firmware incompatibility on the print server.

141
MCQhard

A user reports that their browser crashes every time they visit a particular website. Other websites work fine. The technician tries the same website on another computer and it works normally. What is the most likely cause on the user's computer?

A.The website has been blacklisted by the company's firewall.
B.A browser extension is incompatible with that website.
C.The user's network adapter driver is outdated.
D.The website is using a newer version of TLS that the browser doesn't support.
AnswerB

Extensions can cause conflicts with specific site code, leading to crashes. Testing with extensions disabled can confirm this.

Why this answer

A corrupted browser extension or add-on can cause crashes on specific sites. Since the site works on another computer, the issue is local. Disabling extensions one by one can isolate the problem.

Other causes like malware or outdated drivers are less specific to a single site.

142
MCQeasy

A helpdesk technician is assisting a user who is unable to find a file named 'notes.txt' they saved earlier. The user is in their home directory. Which command will search the entire filesystem for this file?

A.locate notes.txt
B.grep notes.txt /
C.find ~ -name notes.txt
D.find / -name notes.txt
AnswerD

This searches the entire filesystem from root, making it the correct command for a full system search.

Why this answer

The correct answer is D because find / -name notes.txt searches the entire filesystem starting from root (/) for a file with that exact name. The -name flag is case-sensitive, which is appropriate here.

143
MCQeasy

A small office wants to dispose of 20 old CRT monitors. The local landfill does not accept e-waste. Which disposal method is both legal and environmentally responsible?

A.Place them in the dumpster behind the office after hours.
B.Contact a certified e-waste recycling company to pick them up.
C.Break them down and put the plastic and metal in separate recycling bins.
D.Sell them to a scrap metal dealer.
AnswerB

Certified recyclers handle hazardous materials safely and ensure components are reclaimed or disposed of properly.

Why this answer

CRT monitors contain hazardous materials like lead and phosphor, making them e-waste that cannot be disposed of in regular trash. Certified e-waste recycling companies follow environmental regulations to safely dismantle and recycle these components, ensuring legal compliance and responsible handling.

Exam trap

CompTIA often tests the misconception that recycling bins or scrap dealers are acceptable for e-waste, when in fact only certified e-waste recyclers can legally and safely handle hazardous materials like those in CRTs.

How to eliminate wrong answers

Option A is wrong because placing e-waste in a dumpster is illegal in most jurisdictions and environmentally irresponsible due to toxic materials like lead leaching into landfills. Option C is wrong because breaking down CRTs without proper equipment releases hazardous dust and requires specialized handling; general recycling bins do not accept e-waste components. Option D is wrong because scrap metal dealers typically lack certification for handling hazardous e-waste, and selling CRTs for scrap may violate environmental laws if the materials are not processed safely.

144
MCQmedium

A technician needs to write a batch script that will copy a configuration file from a network share to the local system32 directory only if the file on the share is newer than the local copy. Which command should the technician use to perform this conditional copy?

A.copy /y \\server\share\config.txt C:\Windows\System32\
B.xcopy \\server\share\config.txt C:\Windows\System32\ /d /y
C.robocopy \\server\share C:\Windows\System32 config.txt /mir
D.move /y \\server\share\config.txt C:\Windows\System32\
AnswerB

Xcopy with /d copies only if the source is newer, and /y suppresses prompts.

Why this answer

The 'xcopy' command with the /d switch copies files only if the source is newer than the destination. This is a common requirement for updating configuration files without overwriting newer local versions. The /y switch suppresses confirmation prompts.

145
MCQmedium

A company's security policy requires all wireless traffic to be encrypted with AES. A technician is configuring a new access point and sees the following options: WPA2-PSK (TKIP), WPA2-PSK (AES), WPA3-SAE, and WEP. Which option should the technician select?

A.WPA2-PSK (TKIP)
B.WPA2-PSK (AES)
C.WPA3-SAE
D.WEP
AnswerC

Correct. WPA3-SAE uses AES encryption and provides stronger security than WPA2, making it the best choice.

Why this answer

WPA3-SAE uses AES encryption by default and is the most secure option. It also provides forward secrecy and protection against offline dictionary attacks. The policy requires AES, and WPA3 meets that while being the latest standard.

146
MCQmedium

A user reports that after installing a free PDF converter from an advertisement, their browser homepage changed and they see constant pop-ups for antivirus software. A malware scan found PUPs (Potentially Unwanted Programs). What is the best next step to fully remove the unwanted software and restore browser settings?

A.Run System Restore to a point before installation.
B.Use a dedicated adware removal tool and then reset the browser.
C.Manually delete the program from Program Files.
D.Disable the browser's JavaScript and ActiveX.
AnswerB

Adware removal tools are designed to find and remove PUPs that standard antivirus may miss, and resetting the browser cleans up leftover settings.

Why this answer

PUPs like browser hijackers often come bundled with free software. Using a dedicated PUP removal tool or adware cleaner is more effective than a standard antivirus scan. After removal, resetting the browser ensures all changes are reverted.

147
MCQeasy

A customer reports that their desktop computer is running extremely slowly, and they see frequent pop-up advertisements even when no browser is open. Task Manager shows a process named 'svch0st.exe' consuming 95% CPU. Which type of malware is most likely causing these symptoms?

A.Ransomware
B.Adware
C.Rootkit
D.Spyware
AnswerB

Adware displays unwanted ads and often runs processes that impersonate legitimate ones, matching the symptoms described.

Why this answer

Adware displays unwanted advertisements and often masquerades as legitimate processes. The misspelled 'svch0st.exe' mimics a Windows system process, a common adware tactic. This malware type is best removed using a dedicated anti-malware tool.

148
MCQmedium

A user reports that after a technician recycled an old computer by simply deleting the user profile, the next user found personal documents in the 'Recycle Bin'. Which step was missed in the data disposal process?

A.The technician should have performed a quick format.
B.The technician should have used a data wiping tool that overwrites the free space.
C.The technician should have removed the hard drive and stored it.
D.The technician should have disabled the Recycle Bin.
AnswerB

A wiping tool overwrites the sectors where deleted files reside, making them unrecoverable. This step was missed.

Why this answer

Deleting files and emptying the Recycle Bin does not actually remove data from the drive; it only marks the space as available. Proper sanitization requires overwriting or physical destruction to prevent recovery.

149
MCQhard

A company's IT policy requires that all disposed hard drives be physically destroyed to prevent data breaches. Which method has the least environmental impact while ensuring data destruction?

A.Use a degausser to erase the drive and then recycle it.
B.Drill holes through the platters and then dispose of the drive in e-waste.
C.Shred the hard drive using an industrial shredder and then recycle the metal fragments.
D.Overwrite the drive with zeros multiple times and then donate it.
AnswerC

This is correct because shredding ensures complete data destruction and the metal can be recycled, minimizing environmental impact.

Why this answer

Option C is correct because industrial shredding physically destroys the platters into small fragments, making data recovery impossible, and the resulting metal fragments can be recycled, minimizing environmental impact. Unlike degaussing or drilling, shredding ensures complete destruction without leaving large e-waste components, and the recycling of ferrous and non-ferrous metals reduces raw material extraction.

Exam trap

CompTIA often tests the misconception that degaussing or overwriting is sufficient for physical destruction policies, but the key distinction is that physical destruction requires the drive to be rendered physically unusable and unrecoverable, not just magnetically or logically erased.

How to eliminate wrong answers

Option A is wrong because degaussing destroys the magnetic domains on the platters, making the drive unusable, but the drive itself remains a bulky e-waste item that must be disposed of; recycling a degaussed drive still requires energy and processing, and degaussing does not physically destroy the drive, so it may not meet a policy requiring physical destruction. Option B is wrong because drilling holes through the platters leaves large portions of the platters intact, and data may still be recoverable from undamaged areas using specialized forensic tools; additionally, disposing of the drive in e-waste without recycling the metal components has a higher environmental impact than shredding and recycling. Option D is wrong because overwriting with zeros multiple times does not physically destroy the drive, and donating it violates the policy requiring physical destruction; even with multiple overwrites, advanced recovery techniques (e.g., magnetic force microscopy) might recover residual data, and the drive is not disposed of as required.

150
MCQeasy

During a printer toner replacement, a technician accidentally spills toner powder on the carpet. What is the proper cleanup procedure?

A.Use a vacuum cleaner with a standard bag to suck up the toner.
B.Wipe the toner with a damp cloth using hot water.
C.Blot the toner with a cold, damp cloth and then use a HEPA-filter vacuum.
D.Sweep the toner into a dustpan and dispose of it in the trash.
AnswerC

This is correct because cold water prevents melting, and a HEPA vacuum traps fine particles, ensuring safe and effective cleanup.

Why this answer

Option C is correct because toner powder is extremely fine and can become airborne if mishandled. Blotting with a cold, damp cloth prevents the toner from spreading, and using a HEPA-filter vacuum ensures that microscopic toner particles are trapped without being exhausted back into the environment. Standard vacuum cleaners lack HEPA filtration and can release toner dust into the air, causing respiratory hazards.

Exam trap

CompTIA often tests the misconception that any vacuum or damp cloth is acceptable for toner cleanup, but the trap is that only a HEPA-filter vacuum combined with cold water blotting prevents particle dispersion and permanent staining.

How to eliminate wrong answers

Option A is wrong because using a vacuum cleaner with a standard bag does not trap ultrafine toner particles; the vacuum's exhaust can blow toner dust into the air, creating a health risk and further contamination. Option B is wrong because wiping toner with a damp cloth using hot water can cause the toner to melt or fuse into the carpet fibers, making permanent stains and releasing fumes. Option D is wrong because sweeping toner with a dustpan generates airborne dust, and disposing of it in regular trash is unsafe as toner is a fine particulate that can become airborne in landfills.

Page 1

Page 2 of 10

Page 3

All pages