CompTIA A+ Core 2 220-1202 (220-1202) — Questions 151225

750 questions total · 10pages · All types, answers revealed

Page 2

Page 3 of 10

Page 4
151
MCQeasy

During a printer toner replacement, a technician accidentally spills toner powder on the carpet. What is the correct procedure for cleaning up the spill?

A.Use a standard household vacuum cleaner to quickly remove the toner.
B.Wipe up the toner with a dry paper towel and dispose of it in the trash.
C.Use a toner-rated vacuum or a damp cloth to carefully collect the spill.
D.Pour water on the spill to dissolve the toner, then mop it up.
AnswerC

Toner-rated vacuums have HEPA filters to trap particles; a damp cloth prevents the powder from becoming airborne.

Why this answer

Option C is correct because toner powder is a fine, electrically charged plastic dust that can be hazardous if inhaled or if it melts into carpet fibers. Using a toner-rated vacuum with a HEPA filter safely captures the particles without dispersing them, or a damp cloth can be used to gently lift the toner without smearing it deeper into the carpet. This procedure follows manufacturer safety guidelines and prevents damage to standard vacuums, which can ignite or spread the toner.

Exam trap

CompTIA often tests the misconception that water can dissolve toner because it resembles ink, but toner is a dry plastic powder that requires specialized cleanup to avoid static ignition or permanent carpet damage.

How to eliminate wrong answers

Option A is wrong because standard household vacuum cleaners lack HEPA filtration and can cause the fine toner particles to be expelled into the air, creating an inhalation hazard; additionally, the static buildup inside the vacuum can ignite the toner dust. Option B is wrong because wiping toner with a dry paper towel will grind the particles into the carpet fibers, making removal more difficult and potentially damaging the carpet. Option D is wrong because toner is a plastic-based powder that does not dissolve in water; adding water will create a sticky, paste-like mess that is harder to clean and can stain the carpet permanently.

152
MCQmedium

A small business wants to ensure that all employees use strong passwords that include uppercase, lowercase, numbers, and special characters, and that passwords expire every 60 days. Which tool should be used to enforce these settings on a standalone Windows 10 workstation?

A.Local Users and Groups (lusrmgr.msc)
B.Local Security Policy (secpol.msc)
C.Windows Defender Firewall with Advanced Security
D.Device Manager
AnswerB

This tool provides access to Account Policies, including password complexity and expiration settings.

Why this answer

Local Group Policy Editor (gpedit.msc) allows configuration of password policies on standalone systems. Password must meet complexity requirements and maximum password age can be set to 60 days.

153
MCQmedium

A technician is investigating a security incident where a user's credentials were stolen. The user says they only logged into their email from a coffee shop Wi-Fi. The technician notices that the browser was not using HTTPS for the login page. What is the most likely attack method used?

A.Cross-site scripting (XSS) attack.
B.Man-in-the-middle attack.
C.DNS spoofing attack.
D.Brute force attack.
AnswerB

An attacker on the same network can intercept unencrypted HTTP traffic and capture login credentials.

Why this answer

On an open Wi-Fi network, an attacker can perform a man-in-the-middle attack to intercept unencrypted HTTP traffic. Without HTTPS, the login credentials are sent in plaintext and can be captured easily. This is a common risk on public Wi-Fi.

154
MCQhard

A company is experiencing a security incident where an attacker gained access to the internal network via a compromised VPN account. The technician must prevent future attacks. Which two-factor authentication method should the technician implement for VPN access?

A.Require a complex password with a minimum length of 20 characters
B.Implement a time-based one-time password (TOTP) via an authenticator app
C.Restrict VPN access to specific IP addresses
D.Enable single sign-on (SSO) with Active Directory
AnswerB

TOTP provides a second factor that changes every 30 seconds, making it much harder for an attacker to reuse stolen credentials.

Why this answer

Two-factor authentication (2FA) adds a second factor beyond the password, such as a one-time code from an authenticator app. This significantly reduces the risk of account compromise even if the password is stolen.

155
MCQmedium

During a security audit, you find that a user's workstation has a USB device that automatically logs in to a cloud storage account when inserted. What security best practice is being violated?

A.Password complexity requirements
B.Account lockout policies
C.Disabling auto-run
D.Enforcing screen locks
AnswerC

Disabling auto-run prevents devices from automatically executing code, which stops this type of automatic login.

Why this answer

USB auto-run devices can bypass authentication and pose a security risk. Disabling auto-run prevents unauthorized access and malware from executing automatically, which is a key security practice.

156
MCQhard

During a security audit, you need to identify all user accounts that have been created or modified in the last 24 hours on a Windows Server. Which command-line tool can parse security event logs to extract this information?

A.wevtutil qe Security /q:"*[System[TimeCreated[timediff(@SystemTime) <= 86400000]]]"
B.eventvwr
C.net user
D.diskpart
AnswerA

This command queries the Security log for events created in the last 24 hours (86400000 ms), enabling precise filtering for account changes.

Why this answer

The wevtutil command can query event logs using structured XML queries, allowing you to filter events by time and ID (e.g., 4720 for user creation). It is a powerful tool for log analysis. Other commands either display logs without filtering or manage disk partitions.

157
MCQeasy

A receptionist holds the door for a person carrying a large box, assuming they work in the building. Later, that person is seen plugging a USB drive into a workstation in the finance department. Which social engineering technique was most likely used to gain initial access?

A.Phishing
B.Pretexting
C.Tailgating
D.Baiting
AnswerC

Tailgating occurs when an unauthorized person follows an authorized person into a restricted area without proper authentication.

Why this answer

Tailgating (or piggybacking) exploits human politeness and the natural instinct to hold doors for others, allowing unauthorized physical access. This attack often precedes other malicious actions like planting malware via USB.

158
MCQmedium

A user complains that their computer is running slowly and they see a USB drive they don't recognize plugged into the front port. What is the first step a technician should take to address this potential security issue?

A.Run a full antivirus scan on the computer.
B.Check the USB drive's contents to see what it contains.
C.Ask the user to unplug the USB drive immediately.
D.Disable the USB ports in the BIOS.
AnswerC

Removing the device stops any ongoing malicious activity and is the first step in containment.

Why this answer

Immediately removing an unknown USB device is crucial to prevent potential malware infections or data theft. This scenario tests incident response procedures for physical media threats.

159
MCQmedium

A technician is troubleshooting a printer issue and finds a sticky note under the keyboard with the domain admin password written on it. The user says they kept it there 'for convenience.' Which social engineering attack does this practice most enable?

A.Phishing
B.Shoulder surfing
C.Tailgating
D.Baiting
AnswerB

Shoulder surfing involves visually obtaining information like passwords; a sticky note in plain view makes this trivial.

Why this answer

Writing down passwords in plain sight is a security risk that directly enables shoulder surfing or dumpster diving. An attacker who sees the note can easily gain unauthorized access.

160
MCQeasy

A technician is deploying a new virtual machine on a Type 1 hypervisor. The VM will run a Linux web server and needs to be isolated from the corporate network except for HTTPS traffic. Which networking configuration should the technician implement?

A.Bridge the VM directly to the physical network adapter
B.Use a virtual switch set to host-only mode and configure port forwarding for HTTPS
C.Attach the VM to a NAT network without any port forwarding
D.Assign the VM an IP from the corporate DHCP scope
AnswerB

Host-only mode isolates the VM from the physical network, and port forwarding allows only HTTPS traffic from the host to the VM, meeting the security requirement.

Why this answer

A virtual switch with a host-only or internal network isolates the VM from the corporate LAN, while port forwarding or a NAT rule allows specific inbound HTTPS traffic. This ensures the VM is not directly exposed to the broader network. The question tests understanding of virtual networking and security isolation.

161
MCQeasy

A technician receives a complaint from a user that their email account was used to send spam. The user insists they did not send the emails. What is the MOST appropriate first step in handling this security incident professionally?

A.Tell the user they must have clicked on a phishing link and it's their fault.
B.Immediately reset the user's password and check the email logs for unauthorized access.
C.Ignore the complaint because spam is common.
D.Ask the user to change their password and not worry about it.
AnswerB

This secures the account and gathers evidence, following security best practices.

Why this answer

Option B is correct because the immediate reset of the user's password stops further unauthorized use of the account, and checking email logs (e.g., SMTP logs, IMAP/POP3 access logs, or Exchange/Office 365 audit logs) allows the technician to identify the source of the spam, such as a compromised credential or a malicious forwarding rule. This follows the CompTIA A+ incident response procedure of containment first, then investigation, while maintaining professional communication with the user.

Exam trap

CompTIA often tests the candidate's ability to prioritize containment over investigation or blame; the trap here is that many candidates jump to blaming the user (Option A) or taking a passive approach (Option D), when the correct first step is to immediately secure the account by resetting the password.

How to eliminate wrong answers

Option A is wrong because blaming the user without evidence violates professional conduct and may overlook other causes like a compromised password or a malicious script on the client machine. Option C is wrong because ignoring a security incident, especially one involving unauthorized email use, violates security policy and could allow further damage or data breach. Option D is wrong because simply asking the user to change their password without verifying logs or resetting the account leaves the incident uncontained and fails to confirm whether the attacker still has access or has set up persistence mechanisms like forwarding rules.

162
MCQeasy

During a security audit, it is discovered that an old server's hard drives were simply deleted and the server was sold to a recycler. The recycler later reported finding readable files on the drives. Which data disposal standard was violated?

A.NIST SP 800-88
B.PCI DSS
C.HIPAA
D.ISO 27001
AnswerA

NIST SP 800-88 provides guidelines for media sanitization, requiring overwriting or destruction. Deleting files does not meet these standards.

Why this answer

Simply deleting files or formatting does not meet data destruction standards. Proper methods like overwriting, degaussing, or physical destruction are required to ensure data is unrecoverable.

163
MCQmedium

A company's server room has a door with a proximity card reader. Employees report that the door sometimes does not close fully, allowing it to be pushed open without a card. What is the best solution?

A.Replace the proximity card reader with a biometric reader
B.Install a door closer mechanism
C.Add a security camera to monitor the door
D.Increase the frequency of badge audits
AnswerB

A door closer automatically pulls the door shut and ensures it latches, preventing unauthorized entry through an unsecured door.

Why this answer

A door closer ensures the door automatically shuts and latches after each use, preventing it from being left ajar. This addresses the root cause of the security gap by maintaining the integrity of the access control system.

164
MCQeasy

A customer reports that their old laptop, which they sold online, still contains personal files that the new owner accessed. The customer had only performed a 'Reset this PC' with the 'Remove everything' option. What should the technician recommend to prevent this in the future?

A.Perform a factory reset from the recovery partition.
B.Use a third-party data wiping tool that overwrites the drive multiple times.
C.Remove the hard drive and physically destroy it.
D.Change the user password before selling.
AnswerB

A wiping tool overwrites all sectors with patterns multiple times, making data recovery infeasible.

Why this answer

The correct answer is to use a drive wiping tool that overwrites all data multiple times. The 'Reset this PC' with 'Remove everything' does not securely erase data; it only resets the OS. This scenario highlights the difference between a simple reset and proper data sanitization.

165
MCQeasy

A user complains that their MacBook Air running macOS Monterey frequently runs out of memory and slows down when they have multiple browser tabs and apps open. They want to see which processes are consuming the most memory without installing third-party software. Which macOS tool should you instruct them to use?

A.Force Quit Applications window (Cmd+Option+Esc).
B.System Preferences > Memory.
C.Terminal with the 'top' command.
D.Activity Monitor from the Utilities folder.
AnswerD

Activity Monitor provides a graphical interface to view memory usage, CPU load, and other system metrics. It is the appropriate tool for this scenario.

Why this answer

Activity Monitor is the built-in macOS utility that displays real-time system resource usage, including memory, CPU, energy, disk, and network. The Memory tab shows memory pressure and per-process memory consumption, helping identify memory hogs. Force Quit is only for terminating applications, not for monitoring.

166
MCQhard

A technician is performing a routine software update on a finance department server. The change management documentation specifies that the update must be applied during a maintenance window from 2:00 AM to 4:00 AM. At 3:30 AM, the update fails with an error. The technician has no rollback plan documented. What should the technician do?

A.Attempt to roll back the update using the server’s built-in recovery options.
B.Leave the server in its current state and escalate the issue to the change manager.
C.Continue troubleshooting until the maintenance window ends, then document the failure.
D.Reboot the server to clear the error and retry the update.
AnswerB

Escalating ensures that the change manager can coordinate a proper response, possibly involving the CAB, and document the failure for future improvements.

Why this answer

Option B is correct because the technician has no documented rollback plan, and the change management process requires that any deviation from the approved plan—such as a failed update—must be escalated to the change manager for a decision. Attempting an undocumented rollback or continuing to troubleshoot without authorization risks data corruption, service disruption, or violating compliance policies. The technician’s primary duty is to preserve the server’s current state and follow the escalation path defined in the change management policy.

Exam trap

The trap here is that candidates assume built-in recovery options (Option A) are always safe to use, but the exam tests that without a documented rollback plan, any recovery attempt is an unauthorized change that violates change management procedures.

How to eliminate wrong answers

Option A is wrong because using the server’s built-in recovery options without a documented rollback plan is an unauthorized deviation from the change management process; it could cause irreversible data loss or configuration corruption, and the technician has no approved procedure to validate the recovery steps. Option C is wrong because continuing to troubleshoot past the maintenance window without authorization violates the change window constraints and could extend the outage beyond the approved downtime, increasing risk to the finance department’s operations. Option D is wrong because rebooting the server to clear the error and retrying the update is an unapproved action that may mask the root cause, potentially leading to a partial or inconsistent update state, and it ignores the requirement to escalate when the documented plan fails.

167
MCQhard

A user's Windows 11 PC displays a 'Critical Process Died' blue screen error after a recent Windows Update. The system boots into a recovery loop. Which advanced startup option should be used to remove the problematic update?

A.Boot into Safe Mode from the recovery environment and uninstall the latest update.
B.Use System Restore to revert to a point before the update.
C.Run the Windows Memory Diagnostic tool to check for RAM issues.
D.Perform a clean installation of Windows 11 using the recovery USB.
AnswerA

Safe Mode loads minimal drivers, allowing the technician to uninstall the update without the crash occurring.

Why this answer

Option A is correct because booting into Safe Mode from the Windows Recovery Environment (WinRE) allows you to access the desktop with minimal drivers and services, then use Settings > Windows Update > Update History > Uninstall updates to remove the problematic cumulative update. This directly addresses the 'Critical Process Died' bugcheck (0x000000EF), which often results from a corrupted system file or driver conflict introduced by a recent update, and Safe Mode bypasses the crash loop to enable the uninstall.

Exam trap

The trap here is that candidates often choose System Restore (Option B) because it sounds like a general 'undo' tool, but they fail to recognize that uninstalling the specific update is faster, more targeted, and does not require a pre-existing restore point, which may not exist after a forced update.

How to eliminate wrong answers

Option B is wrong because System Restore reverts the entire system state (registry, system files, installed applications) to a previous restore point, which is a broader and slower operation than simply uninstalling the specific update; it may also fail if no restore point exists or if the update itself corrupted the restore point data. Option C is wrong because the Windows Memory Diagnostic tool tests for physical RAM defects (e.g., bad memory cells, timing errors) and is irrelevant to a software-caused stop code like 'Critical Process Died' that stems from a Windows Update. Option D is wrong because performing a clean installation of Windows 11 using a recovery USB is a destructive, last-resort process that wipes all data and applications, whereas the problem can be solved non-destructively by simply removing the offending update.

168
MCQmedium

Your company is deploying a new application that requires .NET Framework 3.5 on multiple Windows 10 workstations. You need to enable this feature on a single test machine first. Which tool should you use?

A.Programs and Features
B.Windows Features
C.Device Manager
D.Services
AnswerB

Windows Features lets you add or remove Windows components like .NET Framework 3.5 directly from the operating system.

Why this answer

Windows Features (optionalfeatures.exe) allows you to turn on or off Windows components, including .NET Framework 3.5. This is the standard method for enabling such features without downloading full installers.

169
MCQhard

During a routine security walkthrough, you notice that an employee has propped open a secured door to the server room with a doorstop to allow easy access for a cleaning crew. What is the most immediate action you should take?

A.Remove the doorstop and close the door.
B.Document the incident and report it to the security manager.
C.Reprimand the employee who propped the door.
D.Install a door alarm that sounds if the door is open too long.
AnswerA

This immediately restores the physical security of the server room.

Why this answer

Propping open a secured door bypasses all physical access controls, creating an immediate security risk. The first step is to close the door to restore security, then address the policy violation.

170
MCQmedium

After installing a new printer, a user reports that print jobs are stuck in the queue and cannot be deleted. You need to stop and restart the print spooler service to clear the queue. Which administrative tool allows you to manage this service?

A.Task Manager
B.Services.msc
C.Device Manager
D.Event Viewer
AnswerB

Services.msc lists all services, including the Print Spooler, and allows you to stop, start, or restart them.

Why this answer

Services.msc (the Services console) is the tool for starting, stopping, and managing Windows services like the Print Spooler. It provides a graphical interface to control service status and startup type. Other tools like Task Manager or Event Viewer do not offer direct service management.

171
MCQeasy

During a routine security audit, a technician discovers that a user's workstation has a program that records keystrokes and periodically sends the data to an external server. The user denies installing any software recently. Which type of malware is this?

A.Trojan horse
B.Worm
C.Keylogger
D.Ransomware
AnswerC

A keylogger specifically records keystrokes and sends them to an attacker, exactly as described.

Why this answer

A keylogger is a type of spyware that records keystrokes to capture sensitive information like passwords. It often operates stealthily without the user's knowledge, matching the scenario where the user did not install anything. Spyware is the broader category, but keylogger is the specific variant described.

172
MCQmedium

A technician is troubleshooting a PC that repeatedly shuts down. The user mentions the computer is plugged into a power strip that also has a space heater and a laser printer. What is the most likely cause of the shutdowns?

A.The computer's power supply is failing.
B.The power strip is overloaded and cannot supply stable voltage.
C.The space heater is emitting electrical interference.
D.The laser printer needs a toner replacement.
AnswerB

Excessive load on the power strip causes voltage sag or trips the breaker, leading to shutdowns.

Why this answer

The most likely cause is that the power strip is overloaded because it is simultaneously supplying power to a space heater (a high-wattage resistive load), a laser printer (which draws significant current during fuser warm-up), and the PC. This overload causes the power strip's circuit breaker to trip or the voltage to sag below the PC's power supply tolerance, resulting in repeated shutdowns. Option B is correct because the combined current draw exceeds the power strip's rated capacity, leading to unstable voltage delivery.

Exam trap

CompTIA often tests the concept that high-wattage peripherals sharing a power strip can cause voltage sags or breaker trips, leading candidates to incorrectly blame the PC's power supply (Option A) or assume electrical interference (Option C) rather than recognizing the simple overload condition.

How to eliminate wrong answers

Option A is wrong because a failing power supply typically causes random shutdowns or failure to power on, but the user's description of a shared power strip with high-draw devices points to an external power issue, not an internal component failure. Option C is wrong because electrical interference from a space heater would cause data corruption or erratic behavior, not systematic shutdowns; space heaters are resistive loads that do not generate significant EMI that would trip a PC's overcurrent protection. Option D is wrong because a laser printer needing a toner replacement would produce faded prints or a 'toner low' warning, but it has no effect on the PC's power stability or shutdown behavior.

173
MCQeasy

A small business owner wants to prevent employees from changing system time, installing printers, and modifying power settings on their Windows 10 workstations. They do not want to remove local admin rights entirely. Which Windows security tool should be used to apply these restrictions?

A.Windows Defender Security Center
B.Local Users and Groups (lusrmgr.msc)
C.Local Group Policy Editor (gpedit.msc)
D.Registry Editor (regedit)
AnswerC

Group Policy can enforce specific restrictions on user actions without removing admin rights.

Why this answer

Local Group Policy Editor (gpedit.msc) allows granular control over user permissions and system settings without removing admin rights. It can restrict specific actions like changing time or installing printers via Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment.

174
MCQmedium

A small office has several old CRT monitors that need to be replaced. The office manager asks the technician to simply place them in the dumpster. What should the technician do?

A.Comply with the manager's request to avoid conflict.
B.Break the monitors down to salvage the copper, then discard the glass.
C.Contact a licensed e-waste recycler to pick up the monitors for proper disposal.
D.Donate the monitors to a local school.
AnswerC

This is the correct procedure. Licensed recyclers handle hazardous materials safely and ensure compliance with environmental laws.

Why this answer

CRT monitors contain leaded glass and other hazardous materials, making them regulated e-waste. The technician must follow local hazardous waste disposal laws and arrange for proper recycling or disposal through a certified e-waste facility.

175
MCQeasy

During a software installation, a technician receives a pop-up warning that the application requires administrator privileges. The user is logged in with a standard account. What is the most appropriate action for the technician to take?

A.Ask the user to log in with an administrator account and install the software.
B.Right-click the installer and select 'Run as administrator', then enter admin credentials.
C.Temporarily add the user to the Administrators group, install, then remove them.
D.Cancel the installation and escalate to a senior technician.
AnswerB

This allows the installation to proceed with elevated privileges without changing the user's account, maintaining security.

Why this answer

Option B is correct because the technician can use the 'Run as administrator' feature to supply administrative credentials for a one-time elevated installation without changing the user's account type. This adheres to the principle of least privilege, maintaining security by not permanently elevating the standard user's rights.

Exam trap

CompTIA often tests the misconception that temporarily adding a user to the Administrators group is acceptable, when in fact the 'Run as administrator' feature is the proper, secure method for one-time elevation without altering account permissions.

How to eliminate wrong answers

Option A is wrong because asking the user to log in with an administrator account violates security best practices by exposing administrative credentials to a standard user and potentially leaving the system in an elevated state. Option C is wrong because temporarily adding the user to the Administrators group introduces unnecessary risk of privilege escalation and may leave residual group membership changes if not properly reverted. Option D is wrong because escalating to a senior technician is an overreaction for a routine task that the technician can resolve directly using 'Run as administrator'.

176
MCQmedium

A technician is setting up a new wireless network for a small office. They want to ensure that only company-issued devices can connect, and that data transmitted over the air is encrypted. Which combination of settings should they use?

A.WPA2 with TKIP encryption and SSID broadcast disabled.
B.WPA3 with AES encryption and MAC address filtering.
C.WEP with 128-bit key and a strong password.
D.Open network with a captive portal requiring employee login.
AnswerB

WPA3 with AES provides strong encryption, and MAC filtering restricts access to approved devices.

Why this answer

WPA2 or WPA3 with AES encryption provides strong wireless security. MAC address filtering can be added as an extra layer to restrict which devices can associate. This combination meets both requirements of encryption and device restriction.

177
MCQhard

A company is moving to a new office and needs to dispose of 200 fluorescent light tubes from the old ceiling fixtures. What is the legally required and environmentally responsible disposal method?

A.Break them into small pieces and place them in a sealed bag in the trash.
B.Contact a certified universal waste recycler to pick them up.
C.Place them in the regular recycling bin for glass.
D.Burn them in an industrial incinerator.
AnswerB

Universal waste recyclers are licensed to handle mercury-containing lamps and ensure safe recycling.

Why this answer

Fluorescent light tubes contain mercury, a hazardous substance, so they are classified as universal waste under the Resource Conservation and Recovery Act (RCRA). Option B is correct because certified universal waste recyclers are legally authorized to handle, transport, and recycle mercury-containing lamps, ensuring environmental compliance and safety.

Exam trap

The trap here is that candidates may assume 'recycling' means placing items in a standard bin, but Cisco tests the specific legal classification of fluorescent lamps as universal waste requiring a certified handler.

How to eliminate wrong answers

Option A is wrong because breaking fluorescent tubes releases toxic mercury vapor and creates hazardous dust, which is illegal under EPA universal waste rules and poses serious health risks. Option C is wrong because regular glass recycling bins cannot process mercury-containing lamps; the mercury would contaminate the recycling stream and violate hazardous waste disposal regulations. Option D is wrong because industrial incinerators are not designed for universal waste lamps; burning them releases mercury into the atmosphere, which is prohibited by the Clean Air Act and RCRA.

178
MCQeasy

A customer calls saying that after installing a new application, their Windows 11 desktop icons are scattered and the taskbar keeps disappearing. They need a quick way to restore the default desktop layout and taskbar behavior without affecting personal files. Which built-in tool should you guide them to use?

A.Reset this PC with the 'Keep my files' option.
B.System Restore from the System Protection tab.
C.Refresh the desktop by right-clicking and selecting 'Refresh'.
D.Use the Deployment Imaging Service and Management Tool (DISM) to repair the system image.
AnswerB

System Restore reverts system files and registry to a prior state, which can fix application-induced problems without affecting personal data.

Why this answer

The System Restore tool rolls back system files and registry settings to a previous restore point, which can undo changes made by the problematic application. It does not affect personal files. The other options either don't target system changes or are too drastic.

179
MCQmedium

A technician is troubleshooting a Mac that fails to connect to a Wi-Fi network. The network is visible, but entering the correct password results in an 'unable to join the network' error. The technician wants to delete the saved network configuration to start fresh. Which macOS tool or location should they use?

A.System Settings > Network > Wi-Fi > Details > Remove this network.
B.Keychain Access and delete the Wi-Fi password entry.
C.Terminal with the 'networksetup -setairportnetwork' command.
D.System Information > Network > Wi-Fi.
AnswerA

This is the correct graphical method to forget a Wi-Fi network. It removes the saved password and any custom network settings, allowing a fresh connection attempt.

Why this answer

The Network pane in System Settings allows you to manage network interfaces, including Wi-Fi. By selecting the Wi-Fi interface and clicking 'Advanced' or 'Details', you can see a list of preferred networks and remove the problematic one. This clears the saved password and settings.

Keychain Access stores passwords but not network configurations, and Terminal is not the standard method.

180
MCQmedium

After a power outage, a Windows 10 computer boots to a black screen with the message 'Bootmgr is missing'. The technician has a Windows installation USB. Which repair command should be used to rebuild the Boot Configuration Data (BCD)?

A.From the recovery command prompt, run 'bootrec /fixmbr'.
B.Run 'bootrec /fixboot'.
C.Run 'bootrec /rebuildbcd'.
D.Run 'sfc /scannow /offbootdir=C:\ /offwindir=C:\Windows'.
AnswerC

This command scans for Windows installations and rebuilds the BCD, directly addressing the missing Bootmgr error.

Why this answer

The 'Bootmgr is missing' error indicates that the Boot Configuration Data (BCD) store is corrupted or missing. The 'bootrec /rebuildbcd' command scans all disks for Windows installations and prompts you to add them to a new BCD store, directly rebuilding the BCD. This is the correct repair for a missing or corrupt BCD, which is the specific cause of this error.

Exam trap

The trap here is that candidates confuse the purpose of 'bootrec /fixmbr' and 'bootrec /fixboot' (which repair the boot sector and MBR) with rebuilding the BCD store, leading them to choose a wrong option when the specific error is about a missing or corrupt BCD.

How to eliminate wrong answers

Option A is wrong because 'bootrec /fixmbr' repairs the Master Boot Record (MBR) on the system partition, which handles the initial boot process but does not rebuild the BCD store. Option B is wrong because 'bootrec /fixboot' writes a new boot sector to the system partition, which is used for loading the boot manager but does not address a missing or corrupt BCD. Option D is wrong because 'sfc /scannow /offbootdir=C:\ /offwindir=C:\Windows' checks and repairs system file integrity, not the BCD store, and is used for corrupted Windows system files, not boot configuration data.

181
MCQmedium

A technician needs to migrate a physical server running a legacy application to a virtual machine on a Type 2 hypervisor for testing. The application requires direct access to a PCIe USB controller card. Which of the following is the best approach to ensure the application continues to function?

A.Use a virtual USB controller and map it to the host's USB port
B.Install the application directly on the host and share the USB device via network
C.Enable PCI passthrough for the USB controller card to the VM
D.Convert the physical server to a VM using P2V and rely on emulated USB
AnswerC

PCI passthrough grants the VM exclusive access to the physical USB controller, meeting the application's requirement for direct hardware control.

Why this answer

PCI passthrough allows a VM to directly access a physical PCIe device, providing the low-level access required by the legacy application. Type 2 hypervisors often support this for compatible hardware. This tests knowledge of hardware pass-through in virtualization.

182
MCQmedium

A technician is tasked with deploying a virtual machine for a new employee. The VM will run a Linux distribution and needs to be isolated from the corporate network but still have internet access for updates. Which network configuration should the technician choose for the VM?

A.Bridged networking
B.NAT (Network Address Translation)
C.Host-only networking
D.Internal networking
AnswerB

NAT provides internet access through the host while keeping the VM isolated from the corporate network.

Why this answer

NAT (Network Address Translation) allows the VM to access the internet using the host's IP address while keeping it separate from the host's local network. Bridged mode would give the VM its own IP on the corporate network, violating isolation. Host-only mode blocks internet access.

Internal network would also block internet access.

183
MCQmedium

A small business owner reports that all their Microsoft Office documents are now encrypted with a '.crypt' extension and a ransom note demands payment in cryptocurrency. They have a backup from last week stored on an external drive that was disconnected after the backup. What is the best recovery strategy?

A.Pay the ransom to obtain the decryption key.
B.Restore the files from the disconnected external backup after removing the malware.
C.Run a decryptor tool downloaded from a random website.
D.Use System Restore to revert the system to a previous state.
AnswerB

An offline backup is immune to ransomware encryption; restoring it after cleaning the system recovers data safely.

Why this answer

Since the backup is offline and not encrypted, restoring from it is the safest and most reliable recovery method. Paying the ransom is discouraged as it funds criminals and may not work. The system should be cleaned of malware before restoration.

184
MCQmedium

A user reports that their virtual machine running on a Type 2 hypervisor is extremely slow, especially during disk operations. The host machine has 16 GB of RAM and an SSD, but the VM is configured with 2 GB of RAM and a 100 GB dynamically expanding virtual hard disk. What is the most likely cause of the performance issue?

A.The VM has insufficient RAM allocated.
B.The host is running out of physical memory.
C.The virtual hard disk type is dynamically expanding.
D.The VM is using an older version of the virtualization software.
AnswerC

Dynamically expanding disks grow on demand, causing fragmentation and slower I/O compared to fixed-size disks.

Why this answer

Dynamically expanding virtual hard disks can cause performance degradation because they grow as data is written, leading to fragmentation and increased I/O overhead. Fixed-size virtual hard disks pre-allocate space, reducing fragmentation and improving disk performance. The RAM and CPU configuration are not directly related to the disk slowness described.

185
MCQeasy

A small office is decommissioning several SSDs from old laptops. The technician needs to ensure data is destroyed securely and the drives can be resold. Which method is most appropriate?

A.Run a multi-pass overwrite with random data.
B.Use the ATA Secure Erase command.
C.Degauss the SSDs to remove magnetic data.
D.Perform a standard delete and empty the recycle bin.
AnswerB

ATA Secure Erase clears all flash cells to an unprogrammed state, ensuring data is gone and the SSD is reusable.

Why this answer

SSDs require a secure erase command (ATA Secure Erase) to reset all cells to an empty state, making data unrecoverable and the drive reusable. Overwriting SSDs is less effective due to wear leveling, and degaussing can damage the controller.

186
MCQmedium

A user reports that their Windows 11 laptop suddenly shows a blue screen with an error message every time they try to boot. You need to access advanced troubleshooting options to repair the system. Which key should you press during startup to access the Windows Recovery Environment (WinRE)?

A.F8
B.F11
C.F2
D.F12
AnswerB

F11 is the common key to access the Windows Recovery Environment on many modern systems, providing repair options.

Why this answer

Option B is correct because pressing F11 during the Windows 11 boot process is the standard key to access the Windows Recovery Environment (WinRE) on most modern systems. WinRE provides advanced troubleshooting tools such as System Restore, Startup Repair, Command Prompt, and Safe Mode, which are essential for repairing a system that fails to boot due to a blue screen error.

Exam trap

The trap here is that candidates often confuse the F8 key (used in legacy Windows) with the modern F11 key for WinRE, or they mistakenly think F2 or F12 are used for recovery instead of firmware or boot menu access.

How to eliminate wrong answers

Option A is wrong because F8 was used in older Windows versions (e.g., Windows 7) to access the Advanced Boot Options menu, but in Windows 11, the F8 key is disabled by default for faster boot times and is not the standard key to access WinRE. Option C is wrong because F2 typically enters the system BIOS or UEFI firmware settings, not the Windows Recovery Environment. Option D is wrong because F12 usually opens the one-time boot menu for selecting a boot device (e.g., USB or DVD), not WinRE.

187
MCQhard

A company requires that all remote access sessions be recorded for compliance purposes. The current VPN solution does not support session recording. Which of the following additional technologies can be integrated to capture and store remote desktop sessions?

A.Implement a Remote Desktop Gateway with session recording software
B.Use SSH tunneling for all remote access
C.Configure the VPN to use PPTP instead of L2TP
D.Deploy a VNC server on each remote workstation
AnswerA

RD Gateway can be used to securely publish RDP applications and desktops, and third-party software can record all sessions for compliance.

Why this answer

A Remote Desktop Gateway (RD Gateway) can be configured to broker and log RDP sessions, and when combined with a session recording solution, it can capture all activity. VPN alone does not provide session recording, and other methods like VNC or SSH typically lack built-in recording features.

188
MCQeasy

A user is setting up a new Android tablet for a child and wants to restrict access to adult content, limit app purchases, and set screen time limits. Which built-in Android feature should the technician configure?

A.Guest Mode
B.Google Family Link
C.Do Not Disturb
D.Developer Options
AnswerB

Family Link is designed specifically for parental controls, offering content restrictions, purchase approvals, and usage limits.

Why this answer

This question covers Android parental controls. The correct answer is 'Google Family Link', a dedicated app and service that allows parents to manage app permissions, content filters, and screen time across Android devices. It is the standard tool for child safety on Android.

189
MCQeasy

A graphic designer needs to create a bootable macOS installer on an external SSD to deploy macOS Sonoma to multiple iMacs in the office. They have the 'Install macOS Sonoma.app' file. Which built-in macOS tool should they use to create the bootable drive?

A.Disk Utility to restore the .app file to the SSD.
B.System Information to verify the SSD is bootable.
C.Terminal with the 'createinstallmedia' command.
D.Migration Assistant to copy the app to the SSD.
AnswerC

This is the correct built-in tool. The command syntax is 'sudo /Applications/Install macOS Sonoma.app/Contents/Resources/createinstallmedia --volume /Volumes/MyVolume'. It creates a bootable installer.

Why this answer

The 'createinstallmedia' command in Terminal is the official Apple tool for creating a bootable macOS installer from an application bundle. It writes the installer to the target volume and makes it bootable. Disk Utility can erase the drive but cannot create the installer media, and System Information does not have this capability.

190
MCQmedium

A technician is configuring a new server and follows a documented standard operating procedure (SOP). After completion, the technician realizes the SOP is outdated and omits a critical security setting. What should the technician do?

A.Apply the missing setting and update the SOP to include it.
B.Ignore the missing setting since the SOP was followed.
C.Submit a change request to update the SOP without applying the setting.
D.Revert the server configuration and wait for an updated SOP.
AnswerA

Applying the missing setting corrects the security issue, and updating the SOP ensures the documentation is accurate for future use.

Why this answer

Option A is correct because the technician discovered a security gap in the SOP that could leave the server vulnerable. The proper action is to immediately apply the missing critical security setting to protect the server, then update the SOP to reflect the correct procedure. This aligns with change management best practices where security findings take precedence over outdated documentation, and the SOP must be corrected to prevent future misconfigurations.

Exam trap

The trap here is that candidates may think following the SOP exactly is always correct, but Cisco tests the principle that security and risk mitigation override strict adherence to outdated documentation when a known vulnerability is identified.

How to eliminate wrong answers

Option B is wrong because ignoring a known security omission violates the principle of due diligence and could expose the server to exploitation; following an outdated SOP does not excuse the technician from applying necessary security controls. Option C is wrong because submitting a change request to update the SOP without applying the setting leaves the server in an insecure state during the approval process, which is unacceptable for critical security configurations. Option D is wrong because reverting the server and waiting for an updated SOP introduces unnecessary downtime and delays, while the technician already knows the correct setting and can apply it immediately to secure the server.

191
MCQeasy

A user is traveling and needs to access a file on their office computer. They have a dynamic IP address at the hotel. Which remote access technology should the technician recommend for a secure connection?

A.Configure a direct RDP connection using the user's home IP address.
B.Set up a Virtual Private Network (VPN) client on the user's laptop to connect to the office network.
C.Use a remote desktop gateway that requires a static IP on the user's end.
D.Email the file to the user as an attachment.
AnswerB

A VPN client works with any internet connection, regardless of IP address, and provides encrypted access to the office network.

Why this answer

Option B is correct because a VPN client creates an encrypted tunnel between the user's laptop and the office network, allowing secure access to files regardless of the user's dynamic IP address. VPNs authenticate the user and encrypt all traffic, protecting data over untrusted networks like hotel Wi-Fi.

Exam trap

CompTIA often tests the misconception that remote access requires a static IP or that direct RDP is acceptable, but the key is that a VPN handles dynamic IPs and provides encryption, which is essential for secure remote access over public networks.

How to eliminate wrong answers

Option A is wrong because a direct RDP connection using the user's home IP address is irrelevant—the user is at a hotel with a dynamic IP, not at home, and RDP directly exposed to the internet is insecure and not recommended. Option C is wrong because a remote desktop gateway does not require a static IP on the user's end; it typically uses a gateway server that accepts connections from any IP, but the statement incorrectly implies a static IP is mandatory. Option D is wrong because emailing the file as an attachment is not a remote access technology and poses security risks (e.g., interception, lack of encryption in transit) and does not provide ongoing access to the office computer.

192
MCQeasy

A user reports that their Windows 10 computer is displaying a message that 'Windows Defender Antivirus is turned off' even though they have not disabled it. They have also noticed that they cannot open the Windows Security app. What is the most likely cause?

A.Windows Defender is disabled via Group Policy
B.The computer is infected with malware
C.Windows needs a critical update
D.User Account Control is blocking the app
AnswerB

Malware often disables security software and blocks access to security tools to prevent removal.

Why this answer

Malware often disables antivirus software and blocks access to security tools to avoid detection. This is a common sign of infection, and a boot-time scan or offline scan should be performed.

193
MCQeasy

A user working from home reports that they can no longer connect to the company's internal file server using Remote Desktop. They confirm their internet connection is working. Which remote access technology should the technician verify is still active on the user's VPN client?

A.SSH tunnel
B.Remote Desktop Gateway
C.VPN connection
D.VNC server
AnswerC

A VPN connection provides encrypted access to the corporate network, which is necessary before RDP can reach internal resources.

Why this answer

The user's internet connection is working, but they cannot reach the internal file server via Remote Desktop. This indicates the VPN tunnel, which provides encrypted access to the internal network, has likely dropped or is misconfigured. Without an active VPN connection, the user's client cannot route traffic to the private IP range of the file server, even though general internet access is available.

Exam trap

CompTIA often tests the misconception that Remote Desktop Gateway (RD Gateway) is a VPN client technology, when in fact it is a separate role that proxies RDP connections over HTTPS and does not provide full network-layer access like a VPN tunnel does.

How to eliminate wrong answers

Option A is wrong because an SSH tunnel is a port-forwarding mechanism typically used for secure shell access or specific TCP port forwarding, not for establishing a full network-layer connection to an internal corporate network; it would not be the primary technology verified on a VPN client. Option B is wrong because Remote Desktop Gateway (RD Gateway) is a role service that allows RDP connections over HTTPS from the internet, but it is not a VPN client technology; the question specifically asks about verifying a technology on the user's VPN client. Option D is wrong because a VNC server is a remote desktop sharing protocol that operates over a direct network connection or VPN, but it is not a VPN client technology itself; verifying a VNC server would not restore network-layer access to the internal file server.

194
MCQhard

A Windows 10 workstation is experiencing random blue screen errors with the stop code 'IRQL_NOT_LESS_OR_EQUAL'. You suspect a faulty driver. You need to analyze the memory dump files to identify the offending driver. Which built-in tool should you use to view the dump file?

A.Event Viewer (eventvwr.msc) – filter by System logs with level 'Error'.
B.Performance Monitor (perfmon.msc) – add a Data Collector Set for crash dumps.
C.Windows Memory Diagnostic (mdsched.exe) – run a memory test.
D.Windows Debugging Tools (WinDbg) – open the .dmp file.
AnswerD

WinDbg is designed to debug crash dumps and can identify the driver causing the stop error.

Why this answer

WinDbg (Windows Debugging Tools) is the correct built-in tool for analyzing memory dump (.dmp) files. It can parse crash dump data and identify the specific driver or module that caused the IRQL_NOT_LESS_OR_EQUAL stop code by examining the stack trace and loaded module list. This is the standard approach for post-mortem debugging of blue screen errors.

Exam trap

CompTIA often tests the distinction between tools that record crash events (Event Viewer) versus tools that analyze the actual dump data (WinDbg), leading candidates to mistakenly choose Event Viewer because they see 'Error' logs related to the crash.

How to eliminate wrong answers

Option A is wrong because Event Viewer logs system events and errors but does not parse or display the contents of memory dump files; it only records that a crash occurred. Option B is wrong because Performance Monitor tracks real-time performance counters and historical data via Data Collector Sets, but it cannot open or analyze .dmp crash dump files. Option C is wrong because Windows Memory Diagnostic (mdsched.exe) tests physical RAM for hardware faults and does not analyze existing dump files; it is used to rule out memory issues, not to identify a faulty driver from a crash dump.

195
MCQmedium

During a security incident, you need to identify which processes are listening on specific network ports on a Windows server. Which command-line tool should you use?

A.nslookup
B.tracert
C.netstat -an
D.ipconfig /all
AnswerC

Correct. netstat -an displays all active connections and listening ports with numerical addresses, helping identify suspicious services.

Why this answer

The netstat command with the -a (all connections) and -n (numerical addresses) options shows all listening ports and their associated processes. This is essential for security analysis. Other tools like nslookup resolve DNS, tracert trace routes, and ipconfig show IP configuration.

196
MCQhard

A technician is troubleshooting a network switch that has stopped working. Upon arrival, the technician notices a strong smell of burnt plastic and sees that the power cable is melted near the connector. What is the most appropriate safety action?

A.Unplug the power cable from the switch.
B.Turn off the circuit breaker supplying the outlet.
C.Replace the power cable with a new one.
D.Spray the cable with a Class C fire extinguisher.
AnswerB

This safely disconnects power without the technician touching the damaged cable.

Why this answer

The strong smell of burnt plastic and melted power cable indicate an electrical fault that could cause a fire or electric shock. Turning off the circuit breaker (Option B) is the most appropriate safety action because it disconnects power at the source, eliminating the risk of arcing or electrocution before any physical contact is made with the damaged equipment.

Exam trap

CompTIA often tests the misconception that unplugging the cable (Option A) is the fastest safe action, but the trap is that touching a melted or damaged connector while the circuit is live can cause electrocution or arc flash, making breaker isolation the correct first step.

How to eliminate wrong answers

Option A is wrong because unplugging the cable from the switch could expose the technician to arcing, electric shock, or burns if the connector is already damaged or shorted. Option C is wrong because replacing the cable without first de-energizing the circuit could cause a short circuit or fire if the outlet or switch power supply is still live. Option D is wrong because a Class C fire extinguisher is designed for electrical fires, but spraying a melted cable that is still energized may not address the underlying electrical hazard and could delay proper de-energization.

197
MCQmedium

A technician is troubleshooting an Android tablet that cannot connect to a corporate Wi-Fi network. Other devices connect fine. The tablet shows 'Saved, secured' but no IP address. What is the most likely cause?

A.The Wi-Fi adapter is faulty.
B.The tablet has a static IP address configured that conflicts with the network.
C.The corporate network requires a VPN profile that is missing.
D.The tablet's MAC address is blocked by the router.
AnswerB

A static IP set incorrectly can prevent DHCP from assigning an address, leading to no IP and connection failure.

Why this answer

The tablet shows 'Saved, secured' but has no IP address, indicating it successfully associated and authenticated with the Wi-Fi network but failed to obtain an IP address via DHCP. A static IP configuration that conflicts with the network's DHCP scope or subnet prevents the device from receiving a valid lease, causing the IP assignment failure while other devices using DHCP connect normally.

Exam trap

CompTIA often tests the distinction between Layer 2 (association/authentication) and Layer 3 (IP assignment) failures, and the trap here is that candidates assume 'Saved, secured' means full connectivity, overlooking that a static IP can cause a Layer 3 issue without any Layer 2 errors.

How to eliminate wrong answers

Option A is wrong because a faulty Wi-Fi adapter would typically prevent association or show 'Saved, secured' at all, and the tablet would likely not see the network or would fail during authentication. Option C is wrong because a missing VPN profile would not prevent IP address assignment; VPNs operate at a higher layer after a network connection is established, and the tablet would still get an IP address from DHCP. Option D is wrong because a MAC address block by the router would prevent association or authentication, resulting in a 'Saved' or 'Authentication error' status, not 'Saved, secured' with no IP address.

198
MCQhard

A user's Windows 10 laptop is experiencing random restarts, especially under heavy load like gaming or video rendering. The Event Viewer shows multiple 'Kernel-Power 41' critical errors. The CPU temperature is normal, and the power supply is functioning. Which component is most likely causing the issue?

A.The RAM is faulty.
B.The graphics card is overheating.
C.The motherboard is failing.
D.The Windows installation is corrupt.
AnswerC

A failing motherboard can cause unstable power delivery to components, leading to random restarts under load, which matches the Kernel-Power 41 errors and the symptom pattern.

Why this answer

Kernel-Power 41 errors indicate unexpected shutdowns or restarts. Under heavy load, a failing power supply (even if it appears to function) can cause voltage drops that trigger restarts. However, if the PSU is ruled out, the most likely culprit is the motherboard, as it regulates power delivery to components and can cause instability under load.

199
MCQmedium

A technician is helping a customer configure a new laptop. The customer mentions they received a pop-up on their old computer warning of a virus and a phone number to call for support. The customer called the number and gave remote access to a 'technician' who then installed several programs. What social engineering attack occurred?

A.Shoulder surfing
B.Phishing
C.Tech support scam
D.Dumpster diving
AnswerC

Tech support scams specifically use fake alerts and phone calls to trick users into granting remote access.

Why this answer

This is a classic tech support scam, a form of social engineering where attackers use fake virus warnings to gain remote access. The pop-up is designed to scare the user into calling a fraudulent support number. Once access is granted, the attacker can install malware or steal data.

200
MCQmedium

A customer complains that their Windows 11 laptop cannot connect to the internet, but other devices on the same network work fine. You suspect the IP configuration is incorrect. Which command will release and renew the IP address from the DHCP server?

A.ipconfig /flushdns
B.ipconfig /release then ipconfig /renew
C.ipconfig /all
D.ping 127.0.0.1
AnswerB

This sequence releases the current IP and obtains a new one from DHCP, directly addressing the connectivity issue.

Why this answer

The ipconfig /release command releases the current DHCP lease, and ipconfig /renew requests a new IP address from the DHCP server. This is the standard troubleshooting sequence for IP configuration issues. Other commands either display information or flush DNS, which does not address the IP lease issue.

201
MCQmedium

A company requires that all sensitive data be encrypted when stored on laptops. Which technology should be implemented to ensure data is protected even if a laptop is stolen?

A.File-level encryption using EFS
B.BitLocker Drive Encryption
C.TPM chip only
D.Secure Boot
AnswerB

BitLocker provides full disk encryption, protecting all data on the drive, which is ideal for stolen laptops.

Why this answer

Full disk encryption (FDE) encrypts the entire drive, making data unreadable without the decryption key. This protects data in case of theft, as the drive cannot be accessed without proper authentication.

202
MCQmedium

A technician is decommissioning a server that contained highly sensitive financial data. The server has multiple HDDs in a RAID array. The company policy requires data destruction to be certified. Which approach is most efficient and secure?

A.Perform a single overwrite on the RAID logical volume.
B.Remove each drive and wipe them individually using a secure erase tool.
C.Degauss the entire server chassis.
D.Reformat the RAID array and reinstall the OS.
AnswerB

Wiping each drive individually ensures all physical sectors are overwritten, regardless of RAID configuration.

Why this answer

For RAID arrays, wiping each individual drive separately ensures that all data is destroyed, as RAID striping distributes data across drives. A single wipe of the logical volume may not cover all physical sectors. Certified destruction often involves physical shredding or secure wiping with verification.

203
MCQeasy

A user reports that after a recent Windows update, their standard user account can no longer install certain applications that previously installed without issue. The update changed the default User Account Control (UAC) behavior. Which UAC setting would most likely restore the previous behavior while still prompting for consent?

A.Always notify me (dim my desktop)
B.Notify me only when apps try to make changes to my computer (do not dim my desktop)
C.Notify me only when apps try to make changes to my computer (dim my desktop)
D.Never notify me
AnswerB

This is the default setting for standard users and allows prompts without the secure desktop, which matches the described previous behavior.

Why this answer

This question tests knowledge of User Account Control (UAC) levels and their impact on standard users. The 'Notify me only when apps try to make changes to my computer (do not dim my desktop)' setting allows standard users to be prompted for credentials without the secure desktop, which is the default behavior that was likely changed. Understanding the four UAC notification levels is essential for troubleshooting permission-related issues after updates.

204
MCQhard

During a security audit, a technician discovers that a company Android device has an app that can read SMS messages and access contacts without the user's knowledge. The app was sideloaded. What built-in Android security feature could have prevented this?

A.Samsung Knox
B.Google Play Protect
C.Android Device Manager
D.Verified Boot
AnswerB

Play Protect continuously scans apps, including sideloaded ones, and can alert users to suspicious permission requests.

Why this answer

Google Play Protect scans apps for harmful behavior, even sideloaded ones, and can block or warn about dangerous permissions. However, it is not foolproof. The technician should also check 'Install unknown apps' permissions.

205
MCQmedium

A user calls the help desk because their Windows 10 PC is not showing any sound icon in the system tray, and audio is not working. You suspect the audio service is disabled. Which Control Panel applet would you use to check and restart the Windows Audio service?

A.Sound
B.Device Manager
C.Administrative Tools
D.System
AnswerC

Administrative Tools contains shortcuts to Services, Event Viewer, and other system management consoles.

Why this answer

The Windows Audio service is a background service that must be running for audio to function. The Administrative Tools applet provides access to the Services console (services.msc), where you can check the status of the Windows Audio service and restart it if it is disabled or stopped. This is the correct tool because the Sound applet only configures playback devices and volume, not service states.

Exam trap

CompTIA often tests the misconception that the Sound applet or Device Manager can manage services, but only Administrative Tools (or directly running services.msc) allows you to check and restart the Windows Audio service.

How to eliminate wrong answers

Option A is wrong because the Sound applet is used to manage playback devices, recording devices, and system sounds, but it does not provide any interface to view or control Windows services. Option B is wrong because Device Manager is used to manage hardware drivers and devices, not to start or stop system services like Windows Audio. Option D is wrong because the System applet displays basic system information, such as OS version and hardware specs, and does not include service management capabilities.

206
MCQeasy

A software deployment script fails because it cannot write to the /opt/app directory. The directory currently has permissions drwxr-xr-x and is owned by root. The script runs as a non-root user. Which command would allow the script to write files without compromising security more than necessary?

A.chmod o+w /opt/app
B.chmod 777 /opt/app
C.chown user:user /opt/app
D.chmod g+w /opt/app
AnswerA

This adds write permission for others, allowing the non-root script to write while keeping group permissions unchanged.

Why this answer

The correct answer is A because chmod o+w /opt/app adds write permission for 'others' (the non-root user), which is the minimal change needed. The script runs as a non-root user, so this grants write access without affecting group permissions.

207
MCQmedium

A technician is configuring a new workstation for a user who is blind and uses a screen reader. The user requests that all software be installed with accessibility features enabled. During the setup, the technician encounters an error that requires a command-line fix. What is the most professional approach?

A.Perform the command-line fix silently and inform the user later that everything is working.
B.Explain that a command-line step is needed, ask if they are comfortable with that, and offer to complete it while describing the process.
C.Ask the user to watch the screen and guide you through the command-line steps.
D.Skip the accessibility features to avoid the error, since the screen reader works anyway.
AnswerB

This shows respect by informing the user and offering assistance, aligning with professional and inclusive communication practices.

Why this answer

Option B is correct because it respects the user's disability by seeking their consent and providing an accessible description of the command-line process, aligning with both professional communication and the requirement to maintain accessibility. The technician demonstrates empathy and collaboration, ensuring the user remains informed and in control of their workstation setup.

Exam trap

The trap here is that candidates may assume technical proficiency overrides user consent, or they may fail to adapt communication methods for users with disabilities, leading them to choose option A or C instead of the collaborative approach in B.

How to eliminate wrong answers

Option A is wrong because performing the fix silently violates professional ethics by withholding information from the user, especially one who relies on assistive technology and may need to understand the change for future troubleshooting. Option C is wrong because asking a blind user to watch the screen is insensitive and impractical, as screen readers provide auditory output, not visual guidance; this option shows a lack of understanding of accessibility needs. Option D is wrong because skipping accessibility features to avoid an error undermines the user's explicit request and could leave the system non-compliant with accessibility standards, potentially causing issues with the screen reader's functionality.

208
MCQmedium

During a security audit, a technician discovers that a small office's wireless router is still using WPA-TKIP. The office has 20 devices, including some older smartphones that cannot support WPA2. What should the technician recommend to improve security without replacing all devices?

A.Keep WPA-TKIP but enable MAC address filtering to block unauthorized devices.
B.Upgrade the router to support WPA2 and configure it to use WPA2-PSK with AES encryption.
C.Change the SSID to something non-descript and disable SSID broadcast.
D.Switch to WPA3 and set up a separate guest network for older devices.
AnswerB

Correct. WPA2 with AES is secure and supported by almost all devices made after 2006, including most older smartphones.

Why this answer

WPA-TKIP is vulnerable and should be replaced. The best approach is to upgrade the router to support WPA2 and use WPA2-PSK with AES, which is backward-compatible with most devices. If some devices truly cannot support WPA2, they should be replaced or isolated.

209
MCQmedium

During a security incident, a technician discovers that a user's computer has a program that hides its processes from Task Manager and allows an attacker to remotely control the system. The technician suspects a rootkit. Which removal method is most effective for a rootkit?

A.Run a system restore to a point before the infection.
B.Use an antivirus boot disk to scan and remove the rootkit.
C.Reinstall the operating system from a trusted source.
D.Delete the rootkit's files manually in Safe Mode.
AnswerC

A clean installation ensures all traces of the rootkit are removed.

Why this answer

Rootkits are deeply embedded and often cannot be removed by standard tools. The most reliable removal method is to wipe the drive and reinstall the operating system from a trusted source.

210
MCQmedium

A company is upgrading its fleet of laptops and needs to securely erase data from the old hard drives before disposal. The drives are magnetic (HDDs). Which method is both environmentally sound and ensures data destruction?

A.Perform a quick format and then donate the drives.
B.Use a degausser to demagnetize the drives, then recycle them as e-waste.
C.Overwrite the drives with zeros once and then throw them in the trash.
D.Drill holes through the platters and then place them in the regular recycling bin.
AnswerB

Degaussing renders the data unrecoverable and the drives become scrap metal/plastic that can be recycled. This is a secure and environmentally responsible method.

Why this answer

For magnetic HDDs, degaussing destroys data by disrupting the magnetic field, but it makes the drive unusable. Physical destruction (shredding) is also effective. Both methods produce scrap that can be recycled as e-waste.

211
MCQmedium

A user calls the help desk because their Windows 10 laptop will not connect to any Wi-Fi network. The Wi-Fi adapter is enabled in Device Manager and shows no errors, but the network list is empty. Other devices connect fine. Which command should be run first to reset the network stack?

A.Run 'ipconfig /release' followed by 'ipconfig /renew'.
B.Run 'netsh winsock reset' from an elevated Command Prompt.
C.Run 'sfc /scannow' to check system files.
D.Run 'net start wlansvc' to start the WLAN AutoConfig service.
AnswerB

Winsock reset restores the network stack to default, fixing issues where no networks are visible.

Why this answer

The 'netsh winsock reset' command is the correct first step because it resets the Winsock catalog, which manages network I/O and API calls. When the Wi-Fi adapter shows no errors but the network list is empty, the issue is often a corrupted Winsock configuration rather than a driver or service failure. This command restores the Winsock stack to a clean state without requiring a reboot, making it the most direct fix for this specific symptom.

Exam trap

CompTIA often tests the distinction between resetting the network stack (Winsock) versus restarting a service or refreshing an IP lease, and the trap here is that candidates mistakenly choose 'ipconfig /renew' because they think the issue is DHCP-related, when the empty network list indicates a lower-level Winsock corruption.

How to eliminate wrong answers

Option A is wrong because 'ipconfig /release' and 'ipconfig /renew' only refresh DHCP leases and IP addresses; they do not reset the network stack or fix a corrupted Winsock catalog, and they require an active connection to a network, which the user lacks. Option C is wrong because 'sfc /scannow' checks and repairs system file integrity, not the network stack; while a corrupted system file could theoretically cause network issues, it is not the first-line diagnostic for an empty Wi-Fi list with a functional adapter. Option D is wrong because 'net start wlansvc' starts the WLAN AutoConfig service, but the scenario states the adapter is enabled and shows no errors, implying the service is already running; forcing a start would either fail or be redundant, and it does not address Winsock corruption.

212
MCQhard

A system administrator needs to add a new user 'jdoe' to the system and ensure that their home directory is created with restrictive permissions so that no other users can access it. Which command sequence achieves this?

A.useradd -m jdoe && chmod 700 /home/jdoe
B.useradd jdoe && chmod 755 /home/jdoe
C.adduser jdoe --private
D.useradd -m -g jdoe jdoe
AnswerA

This creates the user with a home directory and then sets the directory permissions to 700 (owner only), preventing others from accessing it.

Why this answer

The useradd command with -m creates the home directory, and the default permissions are usually 755. To make it private, you need to change the permissions to 700 after creation, or use the -K UMASK=0077 option to set the umask during creation. The correct answer uses useradd with -m and then chmod 700.

213
MCQhard

A technician is troubleshooting an Android device that is unable to connect to a corporate Wi-Fi network using WPA2-Enterprise with a username and password. The device connects successfully to other open Wi-Fi networks. Which Android setting should the technician check first to resolve the authentication failure?

A.Verify that the device's IP address is set to DHCP.
B.Check if a CA certificate is installed and selected in the Wi-Fi network's advanced settings.
C.Disable the proxy settings for that Wi-Fi network.
D.Configure a static MAC address on the device.
AnswerB

WPA2-Enterprise often requires a CA certificate to validate the server; if it is missing or not selected, the authentication will fail.

Why this answer

For WPA2-Enterprise networks, Android often requires the user to install and trust a CA certificate for server validation. If the certificate is missing or untrusted, the connection will fail. The technician should check the Wi-Fi advanced settings for the network and ensure that the correct CA certificate is selected, or that the option to not validate the server certificate is enabled (though less secure).

IP settings and proxy configurations are unrelated to authentication, and MAC filtering is a network-side issue.

214
MCQmedium

During a routine security audit, you find that several workstations have the same local administrator password. The company policy requires unique passwords for each machine. Which tool or method should you use to enforce unique local administrator passwords across the domain?

A.Use Group Policy to set a standard local admin password.
B.Enable BitLocker on each workstation.
C.Deploy Microsoft LAPS (Local Administrator Password Solution).
D.Disable the local administrator account on all workstations.
AnswerC

LAPS automatically manages unique local admin passwords and stores them securely in AD, meeting the policy requirement.

Why this answer

Microsoft LAPS (Local Administrator Password Solution) is the correct tool because it automatically manages local administrator passwords on domain-joined computers, storing them in Active Directory and rotating them to unique values per machine. This directly enforces the policy of unique local admin passwords without manual intervention, using the `AdmPwd` extension and Group Policy to configure password complexity and rotation intervals.

Exam trap

CompTIA often tests the misconception that Group Policy can enforce unique passwords, but candidates must remember that Group Policy applies the same setting to all objects in its scope, making it unsuitable for uniqueness; LAPS is the specific Microsoft solution designed for this exact requirement.

How to eliminate wrong answers

Option A is wrong because using Group Policy to set a standard local admin password would enforce the same password on all workstations, directly violating the requirement for unique passwords per machine. Option B is wrong because BitLocker is a full-disk encryption technology that protects data at rest, not a mechanism for managing or rotating local administrator passwords. Option D is wrong because disabling the local administrator account is a security hardening measure but does not address the requirement for unique passwords; it avoids the password uniqueness issue rather than solving it, and some applications or scenarios may require the local admin account to remain enabled.

215
MCQeasy

A user reports that their Android phone is running slowly and the battery drains quickly. They have many apps installed. Which built-in Android feature should you use to identify and stop a misbehaving app that is consuming excessive CPU and battery resources?

A.Use a third-party Task Killer app to automatically close background processes.
B.Check the Battery Usage menu in Settings to see which app is using the most power.
C.Perform a factory reset from the Recovery Mode menu.
D.Enable Developer Options and increase the background process limit.
AnswerB

The Battery Usage menu provides a detailed breakdown of power consumption by app and system services, enabling targeted troubleshooting.

Why this answer

The correct answer is the Battery Usage tool, which is a standard Android feature that breaks down power consumption by app and system services. This allows a technician to pinpoint which app is causing excessive drain and then force stop or uninstall it. Task Killers are not recommended, and a factory reset is too drastic for this issue.

216
MCQeasy

After installing a new printer driver, a user's Windows 11 computer crashes with a blue screen error every time they try to print. The computer works fine otherwise. Which boot option should be used to restore functionality without affecting user data?

A.Boot into Safe Mode and uninstall the printer driver.
B.Use Last Known Good Configuration to revert driver changes.
C.Run System Restore from the recovery environment.
D.Perform a clean installation of Windows 11.
AnswerA

Safe Mode loads minimal drivers, allowing the technician to remove the faulty driver without the crash occurring.

Why this answer

The problem is caused by a faulty driver, and the safest way to recover is to boot into Safe Mode, which loads only essential drivers. From Safe Mode, the technician can uninstall the problematic printer driver. This tests understanding of Safe Mode as a troubleshooting environment for driver conflicts.

217
MCQmedium

A technician is troubleshooting an Android phone that cannot send or receive SMS messages, but can make and receive calls and use mobile data. The phone is on a corporate plan with a new SIM card. What is the most likely cause?

A.The phone's IMEI is blacklisted.
B.The SMS message center number is incorrect or missing.
C.The mobile data APN settings are incorrect.
D.The phone is in airplane mode.
AnswerB

The SMSC is required for SMS routing; if it's wrong, SMS will fail while other services work.

Why this answer

The SMS message center number (SMSC) is a required parameter stored on the SIM card or phone that tells the device where to route outgoing SMS messages for delivery. If this number is incorrect or missing, the phone cannot send or receive SMS, but voice calls and mobile data remain unaffected because they use separate signaling paths (CSFB for calls and packet-switched data for mobile data). A new SIM card may have a misconfigured or missing SMSC, which is the most likely cause given the symptom pattern.

Exam trap

CompTIA often tests the distinction between services that use the control plane (SMS, voice) versus the data plane (mobile data), leading candidates to incorrectly blame APN settings (Option C) when the issue is actually a missing SMSC number.

How to eliminate wrong answers

Option A is wrong because an IMEI blacklist blocks all cellular services (calls, SMS, data) on the network, not just SMS, and the phone can still make calls and use data. Option C is wrong because incorrect APN settings affect mobile data connectivity, not SMS; SMS uses the control channel (SS7 or SIP) and does not rely on APN configuration. Option D is wrong because airplane mode disables all radios, preventing calls, data, and SMS, which contradicts the symptom that calls and data work.

218
MCQhard

A security incident response team needs to find all files in /var/www that have the SUID bit set, which may indicate a privilege escalation risk. Which command should they use?

A.find /var/www -type f -perm 4000
B.find /var/www -type f -perm /4000
C.ls -la /var/www | grep '^...s'
D.chmod -R u+s /var/www
AnswerB

The /4000 syntax finds any file where the SUID bit is set, regardless of other permission bits.

Why this answer

The find command with the -perm /4000 option searches for files with the SUID bit set (the setuid permission). This is a standard security audit technique.

219
MCQmedium

A user on a corporate iOS device complains that they cannot install a required business app from the App Store because the device is 'supervised' and shows a message that installation is blocked. What is the most likely reason and solution?

A.The user needs to sign out of iCloud and sign back in
B.The device has a configuration profile that disables App Store installs; update the MDM policy
C.Perform a factory reset to remove supervision
D.Enable 'Allow Untrusted Shortcuts' in Settings
AnswerB

Supervised devices often have restrictions set by MDM; adjusting the policy to allow installs or adding the app to a whitelist resolves the issue.

Why this answer

Supervised iOS devices can have restrictions enforced via MDM, including blocking app installations. The technician must check the MDM policy to allow app installs or whitelist the specific app.

220
MCQhard

A user reports that their MacBook Air running macOS Monterey will not connect to a Wi-Fi network that other devices can connect to. The Wi-Fi menu shows the network but clicking it does nothing. Which macOS tool should you use to reset the Wi-Fi configuration?

A.Network Utility
B.Wireless Diagnostics
C.System Information > Wi-Fi
D.Terminal command 'sudo ifconfig en0 down'
AnswerB

Wireless Diagnostics, when launched with Option-click on the Wi-Fi icon, offers a 'Monitor' and 'Log' but also a 'Wi-Fi Reset' option that clears saved networks and preferences.

Why this answer

The 'Wireless Diagnostics' tool includes a 'Monitor' mode and a 'Log' feature, but more importantly, it provides a 'Scan' and 'Info' view. However, to reset Wi-Fi configuration, you often need to remove plist files or use the 'Assist me' option in Network settings. The correct answer is Wireless Diagnostics because it offers a 'Wi-Fi Reset' option under the Window menu.

221
MCQmedium

A company uses a login script that sets environment variables and maps drives based on the user's department. The script works for most users, but some report that the drive mappings are missing. The script is written in batch and uses 'if' statements to check department codes. What is the most likely cause of the intermittent failures?

A.The script runs too early before the network is fully initialized
B.The department codes in the script do not match the actual codes due to case sensitivity
C.The script is using 'setx' instead of 'set' for environment variables
D.The user accounts lack permission to run login scripts
AnswerB

Batch 'if' comparisons are case-sensitive by default, so 'Sales' and 'sales' would not match, causing the mapping to be skipped.

Why this answer

Batch file 'if' statements are case-sensitive by default when comparing strings. If the script checks for department codes like 'SALES' but the actual environment variable or user input contains 'sales' or 'Sales', the comparison fails and the drive mapping block is skipped. This explains why the issue is intermittent — it depends on how the department code is stored or passed.

Exam trap

CompTIA often tests the case sensitivity of batch file string comparisons, knowing that candidates assume string comparisons are case-insensitive by default, leading them to overlook this subtle but critical behavior.

How to eliminate wrong answers

Option A is wrong because network initialization issues would affect all users or cause complete failure, not just drive mappings for specific departments, and the script works for most users. Option C is wrong because 'setx' sets persistent environment variables, which would not cause intermittent drive mapping failures; the script uses 'set' for temporary variables, and the issue is with conditional logic, not variable persistence. Option D is wrong because if user accounts lacked permission to run login scripts, the script would fail entirely for those users, not just skip drive mappings intermittently.

222
MCQhard

A technician is troubleshooting a Windows 10 computer that randomly restarts without any error message. The system does not create a minidump file. Which advanced startup option should be disabled in the System Properties to help capture the error for analysis?

A.Fast Startup
B.Automatic restart
C.Write an event to the system log
D.Small memory dump (256 KB)
AnswerB

Disabling 'Automatic restart' under Startup and Recovery in System Properties will stop the system from rebooting on a system failure, allowing the error to be seen and dump files to be written.

Why this answer

When 'Automatic restart' is enabled, the system restarts immediately after a critical error (BSOD) without displaying the error screen or creating a dump file. Disabling this option allows the system to halt on the blue screen, showing the error code and enabling dump file generation for troubleshooting.

223
MCQhard

During a security audit, a technician discovers that an unauthorized person accessed a restricted server room by pretending to be a fire inspector. The person had a fake ID and clipboard. Which social engineering technique was used, and what is the best mitigation?

A.Tailgating; install mantraps at entrances.
B.Phishing; implement email filtering.
C.Pretexting; enforce visitor check-in and verification procedures.
D.Baiting; disable USB ports on workstations.
AnswerC

Pretexting uses a fabricated identity; verifying visitors against official records and requiring escorts prevents this.

Why this answer

This is pretexting, where the attacker created a false identity (fire inspector) to gain trust and access. The best mitigation is implementing strict verification procedures for all visitors, including calling the agency they claim to represent.

224
MCQmedium

A small business owner wants to allow their remote employees to securely access a specific internal application without giving them full network access. Which remote access technology should the technician recommend?

A.Site-to-site VPN
B.Remote Desktop Services
C.Application gateway
D.SSH tunneling
AnswerC

An application gateway (like a reverse proxy) allows secure access to specific applications without granting full network access.

Why this answer

An application gateway (reverse proxy) is the correct choice because it provides granular, application-layer access control, allowing remote employees to reach a specific internal application without granting them full network-level access. Unlike VPNs that create a tunnel to the entire network, an application gateway authenticates and proxies only the designated application traffic, often using protocols like HTTPS and enforcing policies at Layer 7.

Exam trap

The trap here is that candidates often confuse 'remote access' with 'full network connectivity' and choose a VPN (site-to-site or client-based) because they think encryption alone solves the access control problem, overlooking the need for application-specific, least-privilege access.

How to eliminate wrong answers

Option A is wrong because a site-to-site VPN connects entire networks (e.g., branch office to headquarters), giving remote employees full network access, not just to a single application. Option B is wrong because Remote Desktop Services provides a full desktop session or individual applications via RDP, but it exposes the entire desktop environment or multiple apps, not a single internal application with granular access control. Option D is wrong because SSH tunneling creates an encrypted tunnel for specific TCP ports, but it requires manual configuration, exposes the underlying network if misconfigured, and does not provide application-layer filtering or authentication for a single web application.

225
MCQmedium

A user reports that their Windows 10 PC frequently crashes with a blue screen error. You want to analyze the memory dump files to identify the faulty driver. Which tool should you use to view and analyze these dump files?

A.Event Viewer
B.Windows Memory Diagnostic
C.Performance Monitor
D.Task Manager
AnswerA

Event Viewer logs system errors, including blue screen events, and provides details about the crash, including the dump file path.

Why this answer

Windows Memory Diagnostic (mdsched.exe) tests RAM for errors, but to analyze crash dump files, you use tools like WinDbg or the built-in Reliability Monitor. However, the question asks for a built-in tool to view dump files; the correct answer is Event Viewer, which logs crash events and can point to the dump file location.

Page 2

Page 3 of 10

Page 4

All pages