CompTIA A+ Core 2 220-1202 (220-1202) — Questions 226300

750 questions total · 10pages · All types, answers revealed

Page 3

Page 4 of 10

Page 5
226
MCQmedium

A technician is configuring a company-issued Android phone for a new employee. The employee will use the phone for both work (email, calendar) and personal activities. The company requires that work data be securely containerized and managed without affecting the employee's personal apps. Which Android feature should the technician enable?

A.Set up a separate User account for work.
B.Enable the Work Profile via the device's Settings under Accounts.
C.Use Screen Pinning to lock the device to the email app.
D.Install a third-party MDM agent only.
AnswerB

The Work Profile creates a secure, managed container for work apps and data, allowing IT to enforce policies without intruding on the personal side.

Why this answer

Android's Work Profile (part of Android Enterprise) creates a separate, managed profile on the device for work apps and data. This allows IT to enforce policies (like encryption and remote wipe) on the work profile without affecting the personal profile. Multi-User mode is for separate users, not a single user with two contexts, and Screen Pinning is for single-app lockdown.

227
MCQmedium

A technician is tasked with installing a new hard drive in a server rack. The rack is located in a cramped, dusty storage room with poor lighting. Which safety practice should the technician prioritize before beginning the installation?

A.Use a step stool to reach the server rack safely.
B.Wear a dust mask and use a flashlight to improve visibility.
C.Remove the server from the rack and place it on the floor for easier access.
D.Disconnect all power cables in the rack to eliminate electrical hazards.
AnswerB

A dust mask protects against respiratory irritation, and a flashlight ensures the technician can see clearly to avoid mistakes.

Why this answer

The correct answer is B because the scenario describes a cramped, dusty storage room with poor lighting, which creates two immediate hazards: inhalation of dust particles and reduced visibility. Wearing a dust mask protects the technician's respiratory system from airborne particulates, while using a flashlight ensures they can see clearly to avoid accidental contact with components or cables. These measures directly address the environmental risks before any work begins.

Exam trap

CompTIA often tests the candidate's ability to prioritize environmental and personal safety over convenience or overkill measures, and the trap here is that test-takers may choose Option D (disconnecting all power) thinking it is the safest approach, but it is excessive and not the most immediate priority given the specific conditions described.

How to eliminate wrong answers

Option A is wrong because using a step stool does not address the primary hazards of dust inhalation and poor visibility; it only helps with height, which is not the main concern in a cramped space. Option C is wrong because removing the server from the rack and placing it on the floor increases the risk of physical damage to the server and creates a tripping hazard, and it does not mitigate the dust or lighting issues. Option D is wrong because disconnecting all power cables in the rack is an extreme and unnecessary step that could disrupt other critical systems; the technician should only isolate the specific device they are working on, following proper lockout/tagout procedures.

228
MCQeasy

A technician is deploying 20 new laptops to a department. The manager asks the technician to install the software quickly, but the technician knows that a full deployment includes user training and data migration. Which action BEST demonstrates professional communication?

A.Agree to the manager's request and rush the installation to avoid conflict.
B.Explain the standard deployment process and offer a revised timeline that includes training.
C.Install the software and let the users figure out the rest on their own.
D.Tell the manager that training is not part of the technician's job.
AnswerB

This communicates the necessary steps and manages expectations professionally.

Why this answer

Option B is correct because it demonstrates professional communication by clearly explaining the standard deployment process—which includes user training and data migration—and offering a revised timeline. This aligns with the CompTIA A+ objective of managing expectations and ensuring a complete, effective rollout rather than a rushed, incomplete installation.

Exam trap

The trap here is that candidates may think agreeing to the manager's request (Option A) avoids conflict, but CompTIA often tests that professional communication requires setting realistic expectations and explaining the full scope of work, not just immediate compliance.

How to eliminate wrong answers

Option A is wrong because agreeing to rush the installation ignores the necessary steps of user training and data migration, leading to potential user confusion and data loss, which violates professional responsibility. Option C is wrong because installing software without training or support leaves users to figure out the system on their own, which is unprofessional and can cause productivity loss and security risks. Option D is wrong because telling the manager that training is not part of the technician's job dismisses a core component of a full deployment and fails to communicate the technician's role in ensuring successful adoption.

229
MCQeasy

A user complains that their Windows 11 laptop's battery drains quickly even when idle. They have checked the Task Manager and no unusual processes are running. Which built-in tool should you use to generate a detailed report of battery usage and health?

A.Resource Monitor
B.Performance Monitor
C.Powercfg /batteryreport
D.Windows Memory Diagnostic
AnswerC

This command creates a detailed battery report saved as an HTML file in the current directory. It shows battery design capacity, full charge capacity, and usage history, helping identify battery degradation or excessive drain.

Why this answer

Powercfg /batteryreport is the correct built-in tool because it generates a comprehensive HTML report detailing battery capacity history, usage patterns, and estimated life. This command analyzes the system's power efficiency and battery health, which directly addresses the user's complaint of rapid drain even when idle, without relying on running processes visible in Task Manager.

Exam trap

The trap here is that candidates often confuse Resource Monitor or Performance Monitor as tools for battery analysis, but neither provides the specific battery health and usage history that powercfg /batteryreport does.

How to eliminate wrong answers

Option A is wrong because Resource Monitor provides real-time monitoring of CPU, memory, disk, and network usage, but it does not generate a historical or health-focused battery report. Option B is wrong because Performance Monitor tracks system performance counters over time, but it lacks specific battery health and usage reporting capabilities. Option D is wrong because Windows Memory Diagnostic is designed to test RAM for errors, not to analyze battery performance or health.

230
MCQhard

During a forensic investigation, a technician needs to recover files that a user deleted from their Mac's internal SSD several days ago. The Trash has been emptied. Which macOS feature or tool should be attempted first to recover these files?

A.Use the Terminal command 'fs_usage' to locate the deleted files
B.Restore from a Time Machine backup
C.Run Disk Utility First Aid on the SSD
D.Use a third-party file recovery tool immediately
AnswerB

If Time Machine was enabled, you can browse backups and restore the deleted files from before they were deleted.

Why this answer

Time Machine backups are the primary method for recovering deleted files on macOS, assuming backups were configured. If no backup exists, file recovery from an SSD is extremely difficult due to TRIM, and third-party tools may not work. Terminal commands like 'fs_usage' are for monitoring, not recovery.

Disk Utility cannot recover deleted files.

231
MCQmedium

During a security incident investigation, you discover that an attacker gained physical access to a network closet by using a cloned RFID badge. Which control would have most effectively prevented this type of attack?

A.Install a CCTV camera in the closet
B.Use a biometric reader instead of RFID
C.Add a door sensor alarm
D.Require a second factor like a PIN
AnswerB

Biometrics cannot be cloned like an RFID badge, as they rely on unique physical characteristics.

Why this answer

Cloning an RFID badge exploits the lack of mutual authentication. Smart cards with cryptographic chips are much harder to clone because they require a private key stored on the card that cannot be easily extracted.

232
MCQhard

A technician is configuring a remote desktop solution for a user who needs to access a Linux server from a Windows 10 workstation. The technician wants to use a secure, encrypted connection. Which remote access technology should the technician configure on the Linux server?

A.RDP
B.VNC
C.SSH
D.Telnet
AnswerC

SSH provides encrypted command-line access and is the standard for secure remote administration of Linux servers.

Why this answer

SSH (Secure Shell) is the correct choice because it provides encrypted, authenticated remote shell access to Linux/Unix servers over an insecure network. It uses TCP port 22 and supports strong encryption algorithms (e.g., AES, ChaCha20) and public-key authentication, making it the standard secure remote access protocol for Linux systems.

Exam trap

The trap here is that candidates often confuse RDP (a Windows-centric GUI protocol) with SSH (a Linux-centric secure shell protocol), or mistakenly think VNC is inherently secure, when in fact SSH is the only option that provides built-in encryption and is the standard for secure Linux remote access.

How to eliminate wrong answers

Option A is wrong because RDP (Remote Desktop Protocol) is a proprietary Microsoft protocol primarily used for remote GUI access to Windows systems, not Linux servers, and while it can be encrypted, it is not the native secure remote access method for Linux. Option B is wrong because VNC (Virtual Network Computing) typically transmits data in cleartext by default and requires additional tunneling (e.g., over SSH) to be secure; it is not inherently encrypted and is not the standard secure remote access technology for Linux servers. Option D is wrong because Telnet transmits all data, including credentials, in plaintext over TCP port 23, providing no encryption or security, and is obsolete for secure remote administration.

233
MCQhard

A technician is tasked with removing malware from a Windows 10 computer that has a Trojan horse that downloaded additional payloads. The technician has already run a full antivirus scan and removed the Trojan, but the computer still exhibits suspicious network activity. What should the technician do next?

A.Reimage the computer immediately.
B.Run a second opinion malware scanner such as Malwarebytes.
C.Reset the web browser settings to default.
D.Disable all startup programs in Task Manager.
AnswerB

A second scanner can find residual malware or backdoors that the primary tool missed.

Why this answer

After removing the initial malware, additional payloads or backdoors may remain. Running a second opinion scanner like Malwarebytes can detect remnants that the primary antivirus missed. Reimaging is drastic if not yet necessary, and resetting the browser or disabling startup items may not address hidden threats.

234
MCQmedium

A user reports that a scheduled task running a VBScript fails every time the computer is rebooted. The script works when run manually. The technician checks the task properties and sees the task is set to run with the user's credentials. Which scripting-related issue is most likely causing the failure?

A.The script has a syntax error
B.The script uses absolute paths that change after reboot
C.The task is set to run only when the user is logged on
D.The script is blocked by antivirus software
AnswerC

Correct. If the task is set to run only when the user is logged on, it will fail after reboot if no user logs on interactively. Changing it to 'run whether user is logged on or not' with stored credentials fixes it.

Why this answer

This tests understanding of script execution context and permissions. When a script runs under a user account, it may not have the necessary permissions to access network resources or system files after reboot if the user isn't logged on. The 'run whether user is logged on or not' option requires the password to be stored, and if the password changes or is not provided, the task fails.

235
MCQhard

A technician is troubleshooting a Windows 11 system that intermittently loses network connectivity. They need to continuously monitor the connection to a remote server and log the results to a text file for analysis. Which command should they use?

A.ping -n 100 > log.txt
B.ping -t > log.txt
C.tracert -d > log.txt
D.pathping > log.txt
AnswerB

This sends continuous pings until manually stopped, with output redirected to a log file for analysis.

Why this answer

The ping -t command sends continuous ICMP echo requests until stopped, and appending > log.txt redirects output to a file. This allows for long-term monitoring of connectivity. Other commands either perform a single test or trace the route.

236
MCQmedium

During a software deployment, a technician must dispose of 50 unused software license CDs. The CDs are still sealed. What is the most environmentally friendly way to handle them?

A.Throw them in the general office trash bin.
B.Shred them and put the pieces in the recycling bin.
C.Donate them to a local school or non-profit that can use them.
D.Burn them in an incinerator to generate energy.
AnswerC

Donation extends the life of the media and reduces waste; it is the most environmentally friendly option.

Why this answer

Donating or recycling the CDs through a media recycling program is the best approach. CDs are made of polycarbonate and can be recycled, but they should not go into regular trash. This question tests knowledge of proper disposal of electronic media.

237
MCQhard

A company is migrating from Windows 10 to Windows 11 on 50 computers. After the upgrade, several users report that a critical line-of-business application no longer works. The application ran fine on Windows 10. You need to get it working without rolling back the entire OS. What is the most efficient solution?

A.Roll back all 50 computers to Windows 10 using the recovery partition.
B.Reinstall the application on each computer in Windows 10 compatibility mode.
C.Enable Hyper-V on each computer and run the application in a Windows 10 virtual machine.
D.Use the Windows 11 'Reset this PC' feature to reinstall Windows 11 and then reinstall the application.
AnswerB

Setting the application to run in Windows 10 compatibility mode often resolves compatibility issues without needing to revert the OS, making it the most efficient solution.

Why this answer

Windows 11 includes a Windows 10 compatibility mode that can be applied to individual applications. Using the Application Compatibility Toolkit (ACT) or the built-in compatibility troubleshooter to set the application to run in Windows 10 compatibility mode is the most efficient fix, as it does not require a full OS rollback.

238
MCQmedium

A security incident is suspected on a Windows 10 workstation. You need to list all active network connections and the associated processes to identify potential malicious activity. Which command provides this information?

A.netstat -a
B.netstat -b
C.tasklist /svc
D.ipconfig /displaydns
AnswerB

This shows active connections and the binary (process) that created them, directly linking network activity to processes.

Why this answer

The netstat -b command displays active connections along with the executable involved in creating each connection, making it ideal for identifying suspicious processes. Other options either show process information without network details or vice versa.

239
MCQmedium

A company policy requires that all web traffic be filtered to block known malicious sites. You need to implement this on the network without installing software on each client. What should you configure?

A.Enable Windows Defender Firewall on each workstation
B.Configure a DNS filtering service on the router or DNS server
C.Install a browser extension on all computers
D.Set the browser security level to high
AnswerB

DNS filtering resolves malicious domains to a block page, preventing access at the network level.

Why this answer

DNS filtering is a network-level solution that blocks access to malicious domains without client software. This tests knowledge of different security implementations. Other options are either client-side or not effective for blocking specific sites.

240
MCQmedium

A small business uses a shared iMac for customer check-ins. The manager wants to restrict which apps users can open and prevent changes to system settings without creating separate user accounts. Which macOS feature should you configure to meet this requirement?

A.Enable FileVault full-disk encryption
B.Configure Parental Controls (Screen Time) for the user account
C.Use the Guest User account
D.Apply a firmware password
AnswerB

Parental Controls (under Screen Time) allow you to limit app usage, block specific apps, and restrict system settings changes for a standard user.

Why this answer

Managed Apple IDs are for enterprise management but require an MDM. Parental Controls (now Screen Time) can limit app usage and settings changes for standard users. However, the most robust solution is using Configuration Profiles via an MDM, but the question asks for a built-in feature.

Guided Access is for iOS, not macOS. The correct answer is to use Parental Controls (Screen Time) to set app and settings restrictions for a standard user account.

241
MCQeasy

A user reports that their laser printer is producing faint, streaky prints and has a strong ozone smell. The printer has been in use for three years. What is the most important safety procedure to follow before attempting to service the printer?

A.Replace the toner cartridge immediately.
B.Unplug the printer and discharge the high-voltage power supply.
C.Clean the corona wire with isopropyl alcohol.
D.Reset the printer to factory defaults.
AnswerB

This is the correct safety procedure. Laser printers have capacitors that hold a charge; discharging them prevents electric shock.

Why this answer

The strong ozone smell indicates a high-voltage issue, likely with the corona wire or power supply. Before servicing, you must unplug the printer and discharge the high-voltage power supply to prevent electric shock, as laser printers store lethal voltages in capacitors even when powered off.

Exam trap

CompTIA often tests the distinction between troubleshooting steps and mandatory safety procedures, trapping candidates who confuse cleaning or replacing parts with the prerequisite of power isolation and discharge.

How to eliminate wrong answers

Option A is wrong because replacing the toner cartridge does not address the safety hazard of high-voltage discharge and is a troubleshooting step, not a safety procedure. Option C is wrong because cleaning the corona wire with isopropyl alcohol is a maintenance task that should only be performed after power is disconnected and high voltage is discharged; doing it first risks electric shock. Option D is wrong because resetting to factory defaults is a software configuration step that does not eliminate the risk of high-voltage shock and does not resolve the physical safety concern.

242
MCQeasy

During a security audit, a Linux server is found to have a configuration file that is world-writable. The file /etc/app/config.cfg must only be readable and writable by the root user. Which command should the administrator run?

A.chmod 777 /etc/app/config.cfg
B.chmod 644 /etc/app/config.cfg
C.chmod 600 /etc/app/config.cfg
D.chmod 400 /etc/app/config.cfg
AnswerC

This grants read and write only to the owner (root), and no permissions to group or others, securing the file.

Why this answer

The correct answer is C because chmod 600 sets owner read/write and removes all permissions for group and others. This matches the requirement that only root can read and write the file.

243
MCQeasy

A technician needs to deploy a configuration change to 50 Windows 10 computers using a script. The script must check if a specific registry key exists before modifying it. Which scripting construct should be used?

A.A for loop
B.A while loop
C.An if-else statement
D.A try-catch block
AnswerC

An if-else statement allows the script to test for the registry key's existence and then act accordingly.

Why this answer

The script needs to conditionally execute code based on whether a registry key exists. An if-else statement is the correct construct for this because it evaluates a condition (e.g., Test-Path 'HKLM:\Software\MyKey') and executes one block if true (modify the key) and another if false (skip or create). Loops are for repetition, not conditional branching, and try-catch handles runtime errors, not existence checks.

Exam trap

The trap here is that candidates confuse conditional logic (if-else) with error handling (try-catch), thinking that checking for existence requires exception handling, when in fact a simple conditional test is the correct and more efficient approach.

How to eliminate wrong answers

Option A is wrong because a for loop is designed for iterating over a sequence or a fixed number of times, not for making a single conditional decision about a registry key's existence. Option B is wrong because a while loop repeats a block of code as long as a condition is true, which is unnecessary for a one-time check and could cause an infinite loop if misused. Option D is wrong because a try-catch block is used to handle exceptions (runtime errors) such as access denied or missing paths, not to test for the existence of a registry key before modification.

244
MCQmedium

A technician is assisting a user who is visibly upset because their critical presentation file was deleted accidentally. The user is speaking loudly and interrupting. What is the best way to handle this situation professionally?

A.Politely ask the user to calm down and speak more quietly so you can understand the issue.
B.Interrupt the user to explain that files can often be recovered from the Recycle Bin or backup.
C.Listen without interrupting, then say, "I can see this is urgent. Let's check the Recycle Bin first, and if it's not there, we have backups."
D.Transfer the user to a supervisor because the user is being difficult.
AnswerC

This validates the user's emotions and provides a clear path forward, demonstrating professionalism and empathy.

Why this answer

Option C is correct because it demonstrates active listening and empathy while immediately addressing the technical issue. The technician first allows the user to vent without interruption, then acknowledges the urgency and proposes a clear, step-by-step recovery plan starting with the Recycle Bin (a common first-resort recovery method) and escalating to backups if needed. This approach de-escalates the emotional situation while efficiently moving toward a solution, which is key for professional customer service in IT support.

Exam trap

CompTIA often tests the candidate's ability to balance empathy with technical action; the trap here is that candidates may choose Option B (interrupting with a solution) because they focus solely on technical correctness, ignoring the professionalism and communication skills required to de-escalate an emotional user.

How to eliminate wrong answers

Option A is wrong because telling an upset user to 'calm down' can be perceived as dismissive and may escalate the situation; it does not address the technical problem. Option B is wrong because interrupting the user, even with a valid technical solution, can increase frustration and prevent the technician from gathering full details about the file deletion (e.g., whether it was permanently deleted or from a specific location). Option D is wrong because transferring a user solely for being upset avoids the technician's responsibility to handle emotional situations professionally and delays resolution; it should only be done if the issue is beyond the technician's scope or authority.

245
MCQhard

A user reports that their Windows 10 PC is unable to connect to network shares on a server, but internet access works fine. You suspect the 'Workstation' service is not running. Which administrative tool should you use to verify and start this service?

A.Task Manager > Startup tab to check if the service is enabled.
B.Network and Sharing Center to run the network troubleshooter.
C.Services console to locate the 'Workstation' service and start it.
D.Device Manager to reinstall the network adapter driver.
AnswerC

Correct. The Services console lists all services, including the Workstation service, and allows starting, stopping, or restarting them.

Why this answer

The Services console (services.msc) is the correct tool to view and manage the status of the Workstation service (LanmanWorkstation), which is required for SMB connections to network shares. The other tools are not designed for service management.

246
MCQhard

A company's security policy mandates that all remote access connections must be authenticated using two different factors. A technician is configuring VPN access for teleworkers. Which combination meets this requirement?

A.Username and password only.
B.Smart card and PIN.
C.Biometric fingerprint and a PIN.
D.Two different passwords.
AnswerB

Smart card is something you have, PIN is something you know; two different factors.

Why this answer

Multifactor authentication requires two or more factors from different categories: something you know (password), something you have (smart card, token), and something you are (biometric). A password plus a one-time code from a hardware token uses two distinct factors, satisfying the policy.

247
MCQmedium

During a routine security audit, a technician discovers that an unknown person has been using a badge to enter the building after hours. The badge belongs to a former employee who left the company six months ago. Which type of social engineering attack likely enabled this unauthorized access?

A.Phishing
B.Tailgating
C.Dumpster diving
D.Shoulder surfing
AnswerB

Tailgating is the correct term for unauthorized physical access by following someone in, possibly with a stolen badge.

Why this answer

This describes tailgating, where an attacker follows an authorized person into a secure area without proper credentials. The use of a former employee's badge suggests the attacker may have obtained it through theft or social engineering. Proper badge deactivation upon termination is a key countermeasure.

248
MCQmedium

An organization is moving to a cloud-based system and needs to dispose of several tape backup cartridges that contain years of financial data. The tapes are LTO-5 and are still readable. Which destruction method is most appropriate?

A.Overwrite the tapes with a bulk eraser or degausser.
B.Perform a quick format of the tapes using a tape drive.
C.Reuse the tapes for non-sensitive data after deleting the files.
D.Burn the tapes in an industrial incinerator.
AnswerA

A degausser designed for tape will destroy the magnetic data, making recovery impossible, and is a standard method for tape disposal.

Why this answer

The correct answer is to use a degausser rated for magnetic tape, which will erase the data by randomizing the magnetic particles. Physical destruction (shredding) is also effective but may be more costly. This question tests knowledge that tape media requires specialized degaussers.

249
MCQmedium

A helpdesk technician receives a call from an employee who says their smart card stopped working for building access. The employee is in a hurry and asks the technician to remotely disable the card and issue a temporary PIN for the day. What should the technician do first?

A.Disable the smart card and provide a temporary PIN as requested.
B.Ask the employee to visit the security office in person with a photo ID.
C.Reset the smart card remotely and test it with a badge reader.
D.Send a temporary PIN via email to the employee's company address.
AnswerB

In-person verification with a photo ID ensures the request is legitimate before making changes.

Why this answer

Verifying the caller's identity before making any access changes is a critical security practice to prevent social engineering attacks. This scenario tests the balance between customer service and security protocol.

250
MCQmedium

A user receives an email with a link that appears to be from their bank, asking them to verify their account. The link leads to a page that looks exactly like the bank's login page. What type of attack is this?

A.A man-in-the-middle attack.
B.A phishing attack.
C.A ransomware attack.
D.A cross-site scripting (XSS) attack.
AnswerB

Phishing uses social engineering to trick users into revealing sensitive information on fraudulent sites.

Why this answer

This is a phishing attack, where the attacker creates a fake login page to steal credentials. Users should be trained to verify URLs and never enter credentials from email links.

251
MCQmedium

A technician is configuring a wireless network for a school that uses Chromebooks and iPads. The network must support fast roaming and prioritize security. The technician enables WPA2-Enterprise with 802.1X. What additional configuration is needed to ensure seamless roaming between access points?

A.Enable WPA3-SAE on all access points.
B.Configure all access points with the same SSID and passphrase.
C.Enable 802.11r (Fast Roaming) on the wireless controller.
D.Disable WPS on all access points.
AnswerC

802.11r reduces the time required for re-authentication during roaming.

Why this answer

Fast roaming (802.11r) allows clients to quickly re-authenticate when moving between access points, reducing latency. WPA2-Enterprise alone does not provide fast roaming; 802.11r must be enabled on the controller and access points.

252
MCQeasy

A technician is installing a new power supply in a desktop computer. After unplugging the system, what should the technician do before touching any internal components?

A.Wear a grounding strap and immediately open the case.
B.Press and hold the power button for 10 seconds to drain residual charge, then wear an ESD strap.
C.Spray the interior with compressed air to remove dust before touching anything.
D.Remove the CMOS battery first to ensure no power remains.
AnswerB

This discharges the capacitors and reduces shock risk; the ESD strap then prevents static damage.

Why this answer

Option B is correct because pressing and holding the power button for 10 seconds after unplugging the system discharges the remaining charge in the power supply capacitors and other components, reducing the risk of electric shock or damage. Wearing an ESD strap then provides a path to ground for static electricity, protecting sensitive internal components from electrostatic discharge.

Exam trap

CompTIA often tests the misconception that simply unplugging the system makes it safe to work inside, or that removing the CMOS battery is the correct way to eliminate all power, when in fact the primary danger is the residual charge in the power supply capacitors.

How to eliminate wrong answers

Option A is wrong because immediately opening the case and wearing a grounding strap without first draining residual charge from capacitors can expose the technician to a shock hazard; the power supply can hold a dangerous charge for minutes after being unplugged. Option C is wrong because spraying compressed air into the interior before discharging residual power can blow dust into sensitive areas and does not address the immediate safety step of draining stored energy. Option D is wrong because removing the CMOS battery does not discharge the main power supply capacitors; the CMOS battery only powers the real-time clock and BIOS settings, and its removal does not eliminate the high-voltage charge in the PSU.

253
MCQmedium

A company is relocating and needs to dispose of 50 old desktop computers with HDDs that contain sensitive client data. The policy requires data destruction to be verifiable and the drives to be physically destroyed. Which method meets these requirements?

A.Use a degausser and then donate the drives to a school.
B.Overwrite each drive with three passes of random data.
C.Send the drives to a certified e-waste recycler for shredding.
D.Reformat each drive and install a fresh OS for reuse.
AnswerC

Shredding physically destroys the drives and a certified recycler can provide a certificate of destruction, satisfying the policy.

Why this answer

Physical destruction methods like shredding or crushing provide verifiable destruction (e.g., through a certificate of destruction) and ensure the drives cannot be reused, meeting strict security policies. Degaussing also destroys data but may not physically destroy the drive.

254
MCQhard

A company's security policy requires that all workstations use a host-based firewall to block incoming connections except for specific allowed applications. A technician needs to configure this on a Windows 10 PC. Which tool should they use?

A.Windows Defender Antivirus settings
B.Windows Defender Firewall with Advanced Security
C.Group Policy Editor
D.Network and Sharing Center
AnswerB

This MMC snap-in allows creating inbound and outbound rules to block or allow traffic based on application, port, or IP address, meeting the policy requirement.

Why this answer

The Windows Defender Firewall with Advanced Security (wf.msc) is the correct tool because it provides granular control over inbound rules, allowing the technician to block all incoming connections by default and then create explicit allow rules for specific applications. This meets the security policy requirement for a host-based firewall that blocks incoming traffic except for permitted applications.

Exam trap

CompTIA often tests the distinction between basic firewall settings (accessible via Control Panel) and the Advanced Security console, where candidates mistakenly choose the simpler interface or confuse firewall management with antivirus or group policy tools.

How to eliminate wrong answers

Option A is wrong because Windows Defender Antivirus settings manage malware protection, not firewall rules; it cannot create or modify inbound connection rules. Option C is wrong because Group Policy Editor (gpedit.msc) is used to configure system-wide policies across a domain, not for per-workstation firewall rule management on a standalone Windows 10 PC. Option D is wrong because Network and Sharing Center is a network status and troubleshooting interface; it does not provide the advanced inbound rule configuration needed to block all incoming connections except specific applications.

255
MCQhard

During a security audit, a technician finds that a user's workstation was infected with malware after the user inserted a USB drive found in the parking lot. The drive was labeled 'Employee Salary Info Q4'. What social engineering principle did the attacker exploit?

A.Scarcity
B.Baiting
C.Pretexting
D.Tailgating
AnswerB

Baiting is the correct term, as the attacker left a malicious device (the bait) to exploit the user's curiosity.

Why this answer

This attack exploits curiosity and the baiting principle, where an attacker leaves a malicious device in a place where it will be found. The enticing label increases the likelihood of someone picking it up. This is a form of social engineering that relies on human psychology rather than technical vulnerabilities.

256
MCQeasy

After deploying a new application to 50 workstations, several users report that the application crashes on launch. You need to quickly check if the application's core DLL files are present and correctly registered on a remote computer. Which command should you use?

A.regsvr32 /s C:\App\core.dll
B.ipconfig /flushdns
C.chkdsk C:
D.tasklist /S remotePC
AnswerA

Registers the specified DLL silently, and if successful, confirms the DLL is present and registered.

Why this answer

The correct answer is `regsvr32` which is used to register or unregister DLL files. This command verifies that the necessary DLLs are properly registered, which is essential for application functionality. Incorrect answers involve network configuration, file system repair, or process listing.

257
MCQeasy

A user calls the help desk, frantic because their banking app shows an unauthorized transfer of $500. They say they received a call earlier from 'bank security' asking them to install a remote access tool to 'verify their account'. What type of social engineering attack did the user fall victim to?

A.Phishing
B.Vishing
C.Smishing
D.Shoulder surfing
AnswerB

Vishing (voice phishing) uses phone calls to impersonate legitimate organizations and trick victims into revealing sensitive information or installing malware. This scenario perfectly matches that description.

Why this answer

This is a classic vishing (voice phishing) attack combined with a tech support scam. The attacker used a phone call to impersonate a trusted entity and tricked the user into installing remote access software, giving the attacker control over the device to perform fraudulent transactions.

258
MCQhard

A technician needs to deploy a custom configuration profile to 20 Mac computers in a small office without using a third-party MDM. The profile must enforce Wi-Fi settings and disable iCloud. Which macOS tool can create and sign this configuration profile?

A.Apple Configurator
B.System Settings > Profiles
C.Terminal with 'profiles' command
D.Profile Manager in macOS Server
AnswerA

Apple Configurator allows you to create, edit, and sign configuration profiles for macOS and iOS, suitable for small deployments without MDM.

Why this answer

Apple Configurator is a free tool from the Mac App Store that can create, sign, and export configuration profiles (.mobileconfig files). These profiles can then be distributed manually or via email. System Preferences cannot create profiles, and Profile Manager is part of macOS Server, which is deprecated.

Terminal cannot natively create signed profiles without additional tools.

259
MCQmedium

A user reports that their Windows 10 PC is unable to connect to shared network folders on the office server. You need to verify that the necessary network discovery and file sharing services are running. Which administrative tool should you open to check the status of services like 'Function Discovery Resource Publication' and 'SSDP Discovery'?

A.Network and Sharing Center
B.Device Manager
C.Services.msc
D.Task Manager
AnswerC

Services.msc allows you to view and manage the status of all Windows services, including network discovery services.

Why this answer

Services.msc provides a complete list of all Windows services, including those related to network discovery and sharing. You can check their status and start them if they are stopped. Other tools like Network and Sharing Center or Device Manager do not offer direct service management.

260
MCQmedium

A technician is configuring a Windows 10 kiosk system that will run a single application in a public library. The kiosk must automatically log on and start the app without any user interaction. Which security setting combination is required?

A.Enable 'Sticky Keys' and configure the 'Ease of Access' settings
B.Configure 'Automatic logon' in the registry and enable 'Assigned Access' for the kiosk account
C.Set the 'Shutdown: Allow system to be shut down without having to log on' policy
D.Enable 'User Account Control: Run all administrators in Admin Approval Mode'
AnswerB

Automatic logon allows the system to boot directly to the desktop, and Assigned Access restricts the user to a single app, creating a proper kiosk environment.

Why this answer

This question tests knowledge of kiosk mode configuration. Windows 10 supports 'Assigned Access' which can be configured to automatically log on a specified user account and launch a single app. This requires enabling the 'Automatic logon' setting in the registry or via the 'netplwiz' tool, and then configuring Assigned Access for that account.

261
MCQmedium

A technician is writing a PowerShell script to check the last boot time of a remote computer. The script uses Get-CimInstance Win32_OperatingSystem. The script works locally but fails with an access denied error when targeting a remote machine. Both computers are domain-joined and the technician has admin rights. What is the most likely issue?

A.The remote computer does not have PowerShell installed.
B.The remote computer has Windows Firewall blocking WMI traffic.
C.The script uses an incorrect namespace.
D.The technician is not a member of the Remote Management Users group.
AnswerB

WMI remote connections require specific firewall rules; if blocked, access is denied.

Why this answer

Get-CimInstance uses the WS-Management (WSMan) protocol, which relies on WinRM. By default, Windows Firewall blocks inbound WinRM traffic on port 5985 (HTTP) and 5986 (HTTPS). Even though the technician has admin rights and both machines are domain-joined, the remote firewall must allow WinRM traffic for the CIM session to succeed.

The local success is because no firewall traversal is needed.

Exam trap

CompTIA often tests the misconception that access denied errors are always due to permissions or group membership, when in fact network-level firewall blocking of WinRM/WMI traffic is a frequent real-world cause.

How to eliminate wrong answers

Option A is wrong because PowerShell is not required on the remote machine for Get-CimInstance; it uses WMI via WinRM, which only requires the WMI service to be running. Option C is wrong because the default namespace for Win32_OperatingSystem is root/cimv2, which is correct and not the cause of an access denied error. Option D is wrong because the Remote Management Users group is not required for WMI access; membership in the local Administrators group on the remote computer is sufficient for WMI queries.

262
MCQmedium

A technician is troubleshooting a remote user's inability to connect to the corporate network via VPN. The user can ping the VPN server's public IP address. Which step should the technician take next to isolate the issue?

A.Reboot the user's modem
B.Check the VPN client logs for errors
C.Disable the user's firewall
D.Reinstall the VPN client software
AnswerB

Logs often contain specific error codes (e.g., authentication failure, certificate issues) that guide further troubleshooting.

Why this answer

Since the user can reach the VPN server, the issue is likely at the authentication or configuration layer. Checking the VPN client logs provides detailed error messages that can pinpoint the problem.

263
MCQhard

A security incident occurred on a Windows 10 workstation, and you need to review detailed logs of user logon attempts, including successful and failed logins, to identify unauthorized access. Which tool should you use to view these security logs?

A.Reliability Monitor
B.Performance Monitor
C.Event Viewer
D.Group Policy Editor
AnswerC

Event Viewer's Security log records all logon events, providing the necessary audit trail.

Why this answer

Event Viewer contains Security logs that record logon events (success and failure) with timestamps and user account details. This is the primary tool for auditing user logon activity on Windows.

264
MCQmedium

A technician is writing a PowerShell script to retrieve the IP configuration of all computers in a domain and output the results to a CSV file. The script must run on a management workstation and target remote machines. Which cmdlet should the technician use to execute commands on remote computers?

A.Invoke-Command
B.Enter-PSSession
C.Get-WmiObject
D.Out-File
AnswerA

Correct. Invoke-Command runs a script block on one or more remote computers and returns results, perfect for gathering data from many machines.

Why this answer

Invoke-Command is the correct cmdlet because it is designed to execute PowerShell commands or script blocks on one or more remote computers and return the results to the local session. This allows the technician to run the IP configuration retrieval script against all domain computers from the management workstation and then pipe the output to Export-Csv.

Exam trap

CompTIA often tests the distinction between interactive remote sessions (Enter-PSSession) and one-off command execution (Invoke-Command), leading candidates to choose Enter-PSSession when the requirement is to run a script against multiple computers and capture output.

How to eliminate wrong answers

Option B (Enter-PSSession) is wrong because it creates an interactive, persistent session with a single remote computer, which is not suitable for running a script against multiple remote machines and capturing output to a CSV file. Option C (Get-WmiObject) is wrong because while it can retrieve WMI data from remote computers using the -ComputerName parameter, it is not a cmdlet for executing arbitrary PowerShell commands or script blocks; it is a specific cmdlet for WMI queries. Option D (Out-File) is wrong because it is used to send output to a text file on the local machine, not to execute commands on remote computers.

265
MCQmedium

A customer brings in a laptop that they want to recycle, but they are concerned about personal data. The laptop has a 256GB SSD and the customer wants to keep the laptop functional for resale. Which method should the technician recommend?

A.Remove the SSD and physically destroy it, then sell the laptop without a drive.
B.Use a degausser on the SSD.
C.Perform a standard format and reinstall Windows.
D.Use the 'Reset this PC' option with the 'Remove everything and clean the drive' setting.
AnswerD

This option performs a secure erase that overwrites all sectors, making data recovery difficult while keeping the laptop functional.

Why this answer

The correct answer is to use the built-in 'Reset this PC' with the 'Remove everything and clean the drive' option, which performs a secure wipe on SSDs. This ensures data is overwritten while keeping the laptop usable. Simple deletion or formatting is insufficient, and physical destruction would make the laptop unusable.

266
MCQeasy

A junior admin needs to list all files in /var/log that were modified in the last 24 hours. Which command accomplishes this?

A.ls -la /var/log | grep '24 hours'
B.find /var/log -mtime 0
C.find /var/log -atime 0
D.locate /var/log | sort -m
AnswerB

This correctly finds files modified within the last 24 hours (0 means less than 1 day ago).

Why this answer

This tests the find command with the -mtime option, which filters files by modification time. find /var/log -mtime 0 finds files modified within the last 24 hours.

267
MCQhard

An organization wants to ensure that even if a laptop is stolen, the data on the hard drive cannot be read. The laptop runs Windows 10 Pro and is used by employees who travel frequently. Which security feature should be enabled?

A.Enable BitLocker Drive Encryption on the system drive.
B.Set a strong BIOS/UEFI password.
C.Configure a screensaver password with a short timeout.
D.Use EFS to encrypt individual files and folders.
AnswerA

BitLocker encrypts the entire drive, ensuring that if the laptop is stolen, the data cannot be accessed without the recovery key or TPM authentication.

Why this answer

Full disk encryption (FDE) protects all data on the drive by encrypting it, making it unreadable without the decryption key. BitLocker is the native FDE solution in Windows 10 Pro. This question tests the understanding that FDE is the appropriate countermeasure for data theft from stolen devices, as opposed to file-level encryption or access controls.

268
MCQmedium

A company is migrating to new laptops and needs to dispose of 50 old hard drives securely. The drives contain proprietary software and client data. The IT manager wants a method that is both environmentally friendly and compliant with data protection laws. Which disposal method should be chosen?

A.Donate the drives to a local charity after wiping them with a free tool.
B.Use a certified e-waste recycler that offers secure destruction and recycling.
C.Physically break the drives with a drill and dispose of them in the regular trash.
D.Perform a quick format and sell the drives online.
AnswerB

Certified recyclers follow standards for data destruction (e.g., shredding) and recycle materials, meeting both security and environmental goals.

Why this answer

The correct answer is to use a certified e-waste recycler that performs secure data destruction. This ensures data is destroyed (often via shredding or degaussing) and the materials are recycled responsibly. Simple wiping may not be sufficient for all drives, and donating without destruction risks data exposure.

269
MCQmedium

A small business owner wants to ensure that if a laptop is stolen, the data on the drive cannot be read. The laptop runs Windows 11 Pro. What is the most appropriate remediation?

A.Set a strong BIOS password
B.Enable BitLocker on the system drive
C.Install an antivirus with anti-theft features
D.Use a cloud backup service
AnswerB

BitLocker encrypts the entire drive, rendering data inaccessible without the key, even if the drive is removed.

Why this answer

BitLocker is the native full-disk encryption feature in Windows 11 Pro that encrypts the entire system drive, including the operating system, applications, and all user data. If the laptop is stolen, the data on the drive remains unreadable without the recovery key or TPM authentication, even if the drive is removed and attached to another computer. This directly addresses the requirement to prevent data access after theft.

Exam trap

The trap here is that candidates often confuse a BIOS password with drive encryption, thinking it secures the data, but BIOS passwords only control boot access and do not protect against physical drive removal and forensic analysis.

How to eliminate wrong answers

Option A is wrong because a BIOS password only prevents unauthorized booting or BIOS changes but does not encrypt the drive; the data can still be read by removing the drive and connecting it to another system. Option C is wrong because antivirus with anti-theft features typically provides location tracking, remote lock, or wipe capabilities, but it does not encrypt the drive at rest, so data remains accessible if the drive is removed. Option D is wrong because a cloud backup service protects against data loss but does not prevent an attacker from reading data already stored on the laptop's drive.

270
MCQmedium

A technician is tasked with deploying 50 Android tablets for a field sales team. The tablets need to have a consistent set of apps, settings, and security policies. The technician wants to avoid manually configuring each device. Which Android feature should the technician use?

A.Samsung DeX
B.Google Backup
C.Android Enterprise (Zero-Touch Enrollment)
D.Developer Options > OEM Unlocking
AnswerC

Android Enterprise allows IT to enroll devices automatically via QR code or NFC, apply policies, and install apps remotely through an MDM.

Why this answer

This question tests enterprise deployment tools. The correct answer is 'Android Enterprise' (formerly Android for Work), which supports zero-touch enrollment and managed configurations via a Mobile Device Management (MDM) system. This enables bulk provisioning without manual setup.

271
MCQeasy

A user reports that their Windows 10 computer runs a script every time they log in that maps a network drive, but the drive mapping fails intermittently. The script uses the 'net use' command. Which scripting element should be added to handle the failure gracefully and retry the mapping?

A.A comment line explaining the net use syntax
B.A variable to store the drive letter
C.An exit code check and a loop to retry the mapping
D.A 'pause' command after the net use line
AnswerC

Checking the exit code allows the script to detect failure and a loop can retry the command until success or a maximum number of attempts.

Why this answer

This question tests basic error handling in scripting. Adding error-checking logic, such as checking the exit code of 'net use' and retrying if it fails, makes the script more robust. A simple 'if errorlevel' or 'if %errorlevel% neq 0' construct allows the script to retry the command instead of failing silently.

272
MCQmedium

A user reports that their virtual machine running on a Type 2 hypervisor is extremely slow. The host machine has 16 GB of RAM, and the VM is configured with 8 GB. The host's task manager shows 90% memory usage. What should the technician do to improve the VM's performance?

A.Increase the number of virtual CPUs assigned to the VM.
B.Reduce the amount of RAM allocated to the VM to 4 GB.
C.Change the virtual disk from thin to thick provisioning.
D.Enable hyper-threading on the host CPU.
AnswerB

Reducing the VM's RAM frees up memory for the host, alleviating the memory pressure and improving overall performance.

Why this answer

This scenario tests resource allocation in virtualization. The host is running low on memory, causing the VM to be slow. Reducing the VM's RAM allocation will free up memory for the host and improve overall performance.

Increasing vCPUs or changing disk type won't address the memory bottleneck, and enabling hyper-threading is not a direct solution.

273
MCQeasy

A technician needs to map a network drive to a shared folder on a file server for a user who frequently works remotely. The share path is \\Server\Data. Which command would you use to persistently map this drive as drive letter Z:?

A.net user Z: \\Server\Data /add
B.net use Z: \\Server\Data /persistent:yes
C.chkdsk Z: /f
D.ipconfig /renew
AnswerB

Correctly maps the drive persistently.

Why this answer

The correct answer is `net use Z: \\Server\Data /persistent:yes`. This command maps the network drive and makes it persistent so it reconnects at logon. Other commands deal with user accounts, disk repair, or network configuration.

274
MCQmedium

A customer calls to report that their laptop won't turn on. The technician suspects a dead battery. Which of the following responses demonstrates proper troubleshooting and professionalism?

A.Tell the customer to buy a new battery immediately.
B.Ask the customer to plug in the charger and see if any lights appear.
C.Say that the motherboard is likely dead and needs replacement.
D.Tell the customer to bring the laptop to the shop without further questions.
AnswerB

This is a logical first step to determine if the battery or power adapter is the issue.

Why this answer

A systematic approach to troubleshooting shows competence. Starting with simple checks and explaining each step keeps the customer informed and involved.

275
MCQhard

A technician is troubleshooting a slow Remote Desktop connection for a user working from home. The user's internet speed test shows 50 Mbps download and 10 Mbps upload. The office network has a 100 Mbps symmetrical connection. Which of the following is the most likely cause of the slowness?

A.The office network is oversubscribed
B.The user's internet connection has high latency
C.The user's upload speed is insufficient for RDP
D.The VPN is using an outdated encryption protocol
AnswerC

RDP sends screen updates from the host to the client, so the host's upload speed (user's upload) is critical. 10 Mbps may be too low for a good experience.

Why this answer

Remote Desktop Protocol (RDP) is highly sensitive to upload bandwidth because it transmits screen updates, keyboard/mouse input, and clipboard data from the client to the server. With only 10 Mbps upload at the user's home, the bottleneck is the user's upstream capacity, which is insufficient to handle the continuous screen refresh and input data required for a smooth RDP session, especially if the remote desktop is graphics-intensive or has high resolution.

Exam trap

CompTIA often tests the misconception that download speed is the primary factor for RDP performance, when in reality the user's upload speed is the bottleneck because RDP sends client input and screen updates upstream.

How to eliminate wrong answers

Option A is wrong because the office network has a 100 Mbps symmetrical connection, and oversubscription would cause slowness for all users, not just this remote user; the question states only this user is experiencing slowness. Option B is wrong because high latency would cause lag or delay, not necessarily slowness in throughput; the user's speed test shows adequate download/upload speeds, and latency is not measured in Mbps. Option D is wrong because outdated encryption protocols (e.g., PPTP) can cause security vulnerabilities but do not inherently cause slowness; modern VPNs with AES encryption have negligible performance impact compared to bandwidth limitations.

276
MCQeasy

During a software deployment, a technician must explain to a non-technical manager why a critical security update requires an immediate reboot of all workstations, even though it interrupts work. The manager is concerned about productivity loss. How should the technician communicate this?

A."The update fixes a vulnerability that could let attackers steal company data. A reboot is required to apply it. The risk of a breach outweighs the short downtime."
B."Just schedule the reboot for after hours and it won't affect productivity."
C."It's IT policy. We have to do this. Please inform your team."
D."The update is mandatory, but you can delay it for a week if needed."
AnswerA

This explains the security risk in business terms and justifies the reboot, demonstrating effective communication with non-technical stakeholders.

Why this answer

Option A is correct because it directly addresses the manager's concern about productivity loss by clearly explaining the security risk (data theft via an unpatched vulnerability) and why the reboot is necessary to apply the update. This approach uses risk-benefit language that a non-technical manager can understand, aligning with the CompTIA A+ objective of communicating technical requirements to stakeholders in business terms.

Exam trap

CompTIA often tests the candidate's ability to prioritize security over convenience and to communicate technical risks in business terms, so the trap here is choosing a technically correct but poorly communicated answer (like B or C) that fails to address the manager's legitimate productivity concerns.

How to eliminate wrong answers

Option B is wrong because it suggests scheduling the reboot for after hours, which may not be feasible if the security update requires an immediate reboot to close a critical vulnerability that is actively being exploited; delaying the reboot even a few hours could expose the network to attack. Option C is wrong because citing 'IT policy' without explaining the technical reason fails to build trust or address the manager's productivity concern, and it does not provide the necessary context for why the reboot cannot be deferred. Option D is wrong because allowing a one-week delay for a critical security update is irresponsible; the vulnerability could be exploited in the wild within hours, and delaying the patch violates security best practices and potentially compliance requirements.

277
MCQhard

A technician is investigating a security incident where multiple workstations on the same network are showing signs of infection: slow performance, unusual network traffic, and the presence of a file named 'svch0st.exe' in the Startup folder. The technician suspects a worm that spreads through network shares. What is the most effective containment strategy?

A.Run a full antivirus scan on all workstations simultaneously.
B.Disable network shares and isolate infected workstations from the network.
C.Update the antivirus definitions on one workstation and scan it.
D.Reboot all workstations into Safe Mode with Networking.
AnswerB

This stops the worm from spreading via file shares and prevents further infection.

Why this answer

A worm that spreads via network shares requires immediate network segmentation to stop propagation. Disabling the network shares on all workstations and isolating infected systems from the network prevents the worm from reaching other devices. Patching the vulnerability used for spread (e.g., SMB) is also critical, but containment is the priority.

278
MCQhard

A technician is investigating a security breach where sensitive customer data was exfiltrated. The only malware found is a hidden driver that intercepts keystrokes and sends them to a remote server. Which malware type is responsible, and what is the best removal strategy?

A.Spyware; remove by running a standard antivirus scan.
B.Keylogger; use a rescue disk to boot and run an anti-rootkit scanner.
C.Ransomware; restore from backup.
D.Adware; uninstall suspicious programs from Control Panel.
AnswerB

A keylogger that operates as a rootkit needs a boot-time scan to bypass its stealth mechanisms.

Why this answer

A keylogger records keystrokes to steal credentials and sensitive data. As a kernel-level rootkit, it hides from standard scans. Booting from a rescue disk and using a specialized anti-rootkit tool is necessary to remove it without reinstalling the OS.

279
MCQeasy

A customer reports that their laptop was stolen from a locked office over the weekend. The office door uses a standard key lock, and the laptop was not physically secured. Which physical security control would have most likely prevented this theft?

A.Use a smart card reader on the door
B.Install a security camera in the hallway
C.Attach a cable lock to the laptop
D.Enable BitLocker on the laptop
AnswerC

A cable lock anchors the laptop to a fixed object, making theft much harder and time-consuming.

Why this answer

This question tests knowledge of physical security controls that deter theft. A cable lock physically attaches the laptop to a desk, making it difficult to remove quickly. Key locks on doors alone are insufficient if someone gains access; cable locks provide a secondary layer of defense.

280
MCQeasy

A user reports that they can no longer connect to the company network from home using VPN. They confirm their internet connection is working and that they can browse websites. Which of the following should a technician check first to resolve the VPN connectivity issue?

A.Check if the VPN client software is up to date
B.Verify the user's VPN username and password
C.Restart the VPN server at the data center
D.Reinstall the network adapter drivers
AnswerB

Incorrect or expired credentials are a frequent cause of VPN connection failures, and verifying them is a logical first troubleshooting step.

Why this answer

The user's internet connection is working (they can browse websites), which rules out general network connectivity issues. The most common cause of VPN authentication failure is incorrect or expired credentials, so verifying the username and password is the quickest and most logical first step before escalating to more complex troubleshooting.

Exam trap

CompTIA often tests the principle of 'start with the simplest and most likely cause'—the trap here is that candidates jump to advanced fixes like updating software or restarting servers, overlooking the basic credential check that resolves the majority of single-user VPN failures.

How to eliminate wrong answers

Option A is wrong because checking if the VPN client software is up to date is a secondary step; outdated client software typically causes compatibility or feature issues, not authentication failures, and the user's ability to browse indicates the client is at least launching. Option C is wrong because restarting the VPN server at the data center is a drastic, disruptive action that should only be taken after ruling out client-side and authentication issues; it is not a first-line troubleshooting step for a single user. Option D is wrong because reinstalling network adapter drivers addresses hardware or driver-level connectivity problems, but the user's internet is working, so the network adapter is functioning correctly.

281
MCQmedium

A user complains that their Android phone's battery drains extremely fast after a recent OS update. They have already tried restarting the device. What is the most likely cause and solution?

A.The update installed a malware app; perform a factory reset.
B.The update reset battery optimization settings; re-enable them.
C.The device is performing background indexing; wait a day or two.
D.The battery is failing due to the update; replace the battery.
AnswerC

Post-update background tasks often cause temporary drain; patience is the recommended first step.

Why this answer

After a major OS update, Android devices often perform background indexing of files, media, and app data to optimize search and performance. This process is CPU- and I/O-intensive, causing increased battery drain for 24–48 hours. The correct solution is to wait a day or two for indexing to complete, as restarting alone does not stop this background task.

Exam trap

CompTIA often tests the misconception that any post-update battery drain is due to malware or a failing battery, when in fact background system processes like indexing are the most common cause.

How to eliminate wrong answers

Option A is wrong because malware is not a typical consequence of an official OS update from the device manufacturer or carrier; a factory reset is an extreme and unnecessary step for temporary post-update battery drain. Option B is wrong because OS updates do not reset battery optimization settings; they may change default app permissions or background restrictions, but the core optimization settings remain intact. Option D is wrong because a battery does not suddenly fail due to a software update; battery degradation is gradual and unrelated to OS version changes.

282
MCQhard

A technician is troubleshooting a user's slow computer. The user mentions they received a call from 'Windows Support' saying their computer had a virus. The user gave the caller remote access to 'fix' it. Now, the computer is running slower and has strange pop-ups. What is the most likely consequence of this social engineering attack?

A.The computer is now part of a botnet used for DDoS attacks.
B.The attacker installed a keylogger to steal credentials and sensitive data.
C.The computer's BIOS has been corrupted.
D.The hard drive has been physically damaged.
AnswerB

A keylogger is a common payload in tech support scams. The attacker can capture passwords, banking info, and other sensitive data, leading to identity theft or financial loss.

Why this answer

By giving remote access, the user likely allowed the attacker to install malware, such as ransomware, spyware, or a backdoor. The slow performance and pop-ups are symptoms of malware infection. The technician should immediately disconnect the computer from the network and perform a full security scan.

283
MCQmedium

A technician is configuring a new virtual machine for a developer. The developer needs to run multiple isolated environments for testing, but the host machine has limited storage space. Which type of virtual disk configuration should the technician use to minimize storage usage while still allowing the VM to grow as needed?

A.Thick provisioning
B.Thin provisioning
C.Fixed-size disk
D.Dynamic disk
AnswerB

Thin provisioning allocates storage as needed, allowing the VM to grow while using only the space actually required, minimizing storage usage.

Why this answer

This question tests knowledge of virtual disk types. Thin provisioning allocates storage on demand, using only the space actually used by the VM, which is ideal for saving storage. Thick provisioning pre-allocates the full disk size, wasting space.

Dynamic disks are a Windows concept, not a VM disk type.

284
MCQmedium

A user complains that their Remote Desktop session to a Windows 10 Pro workstation frequently disconnects after a few minutes of inactivity. The workstation is on a local network. Which setting should the technician modify on the host computer to prevent this?

A.Disable the screensaver
B.Increase the idle session limit in Remote Desktop settings
C.Change the power plan to High Performance
D.Enable Network Level Authentication
AnswerB

This setting controls how long a session remains active when idle; increasing it will prevent early disconnection.

Why this answer

The Remote Desktop Session Host (RDSH) has a configurable idle session limit that disconnects sessions after a period of inactivity. By default, Windows 10 Pro may enforce a short idle timeout (often 1-5 minutes) to conserve resources. Increasing this limit in the Remote Desktop Session Host settings (under Local Group Policy or the Remote Desktop Services configuration) prevents the automatic disconnection the user is experiencing.

Exam trap

The trap here is that candidates confuse the idle session timeout with power management or screensaver settings, assuming that preventing the screen from turning off will keep the RDP session alive, when in fact the disconnect is controlled by a dedicated Remote Desktop timeout policy.

How to eliminate wrong answers

Option A is wrong because disabling the screensaver prevents the screen from locking or turning off, but it does not affect the Remote Desktop idle session timeout, which is controlled by RDSH policies, not display settings. Option C is wrong because changing the power plan to High Performance prevents the computer from sleeping or reducing power, but the idle disconnect is a session-level timeout set in Remote Desktop services, not a power management feature. Option D is wrong because Network Level Authentication (NLA) is a security feature that requires pre-authentication before a full RDP connection is established; it does not control session disconnection due to inactivity.

285
MCQmedium

A company is moving its on-premises email server to a cloud-based service. The IT manager is concerned about data security and wants to ensure that the email data is encrypted both at rest and in transit. Which cloud service model is the company most likely using?

A.Infrastructure as a Service (IaaS)
B.Platform as a Service (PaaS)
C.Software as a Service (SaaS)
D.Desktop as a Service (DaaS)
AnswerC

SaaS provides a fully managed application, such as cloud-based email, where the provider handles security, including encryption at rest and in transit.

Why this answer

This question tests understanding of cloud service models. Email as a service is a common SaaS offering, where the provider manages the infrastructure, platform, and software. PaaS and IaaS would require the company to manage the email application itself, which is less likely for a simple migration.

286
MCQmedium

During a wireless site survey, a technician discovers that an employee has set up a personal wireless router in their cubicle, connected to the corporate network. This rogue access point is broadcasting an open SSID. Which security risk is most immediately concerning?

A.The rogue AP may cause radio frequency interference with the corporate WLAN.
B.The rogue AP provides an unencrypted entry point for attackers to access the corporate network.
C.The rogue AP will consume additional power from the corporate UPS.
D.The rogue AP's DHCP server may conflict with the corporate DHCP server.
AnswerB

An open SSID means no encryption or authentication, allowing anyone to connect and potentially launch attacks or access sensitive data.

Why this answer

An open rogue access point allows anyone within range to connect to the corporate network without authentication, bypassing all security controls. This is a severe security incident. The question tests knowledge of rogue AP risks and the importance of wireless security policies.

287
MCQeasy

A user reports that their workstation cannot connect to the company file server after a scheduled network maintenance window last night. The technician checks the change management records and finds no mention of any changes to the file server. What is the most likely cause of the issue?

A.The file server requires a firmware update
B.The maintenance window affected a network switch that the file server relies on
C.The user’s account password has expired
D.The file server’s hard drive has failed
AnswerB

Undocumented changes to network infrastructure, like a switch, can disrupt connectivity even if the server itself was not changed.

Why this answer

The scheduled network maintenance window is the key clue: it likely involved changes to network infrastructure such as switches, routers, or VLAN configurations. If a network switch that the file server depends on was modified or rebooted during maintenance, the workstation would lose connectivity even though the file server itself was untouched. Change management records only track changes to the file server, not to network devices, so the absence of file server changes does not rule out a network-level cause.

Exam trap

CompTIA often tests the concept that change management records only reflect changes to the specific device in question, not to the broader network infrastructure, leading candidates to overlook network-level causes like a switch misconfiguration during maintenance.

How to eliminate wrong answers

Option A is wrong because a firmware update is a planned change that would be documented in change management; it is not a typical outcome of a maintenance window and would not suddenly cause a connectivity issue without prior notice. Option C is wrong because an expired password would prevent authentication but not block network connectivity to the file server; the user would still be able to ping or reach the server at the transport layer. Option D is wrong because a hard drive failure would cause the file server to become unresponsive or fail to boot, but the user would likely see a 'server not found' error rather than a simple connectivity loss, and such a failure is unrelated to the scheduled maintenance window.

288
MCQmedium

A technician is replacing a damaged power supply in a desktop PC. After removing the old unit, the technician notices a large capacitor on the motherboard is bulging. What should the technician do to safely handle this situation?

A.Proceed with installing the new power supply and ignore the bulging capacitor.
B.Use a screwdriver to short the capacitor leads to discharge it.
C.Wear insulated gloves and carefully remove the motherboard for replacement.
D.Apply electrical tape over the bulging capacitor to contain it.
AnswerC

Insulated gloves protect against shock, and replacing the motherboard removes the hazard entirely, which is the safest approach.

Why this answer

A bulging capacitor indicates a failed or failing component that can leak electrolyte, cause further damage, or even burst. The safest course is to wear insulated gloves to avoid electric shock or chemical exposure and replace the entire motherboard, as the capacitor cannot be safely repaired in the field. Ignoring it or attempting makeshift fixes risks short circuits, fire, or injury.

Exam trap

The trap here is that candidates may think a bulging capacitor is harmless or can be safely discharged with a screwdriver, but the exam tests the correct safety protocol of replacing the damaged component with proper personal protective equipment.

How to eliminate wrong answers

Option A is wrong because ignoring a bulging capacitor can lead to electrolyte leakage, short circuits, or catastrophic failure that may damage the new power supply or other components. Option B is wrong because shorting capacitor leads with a screwdriver can cause a dangerous spark, electric shock, or damage to the motherboard traces; capacitors should be discharged through a proper resistor or allowed to self-discharge. Option D is wrong because applying electrical tape does not address the internal failure, and the capacitor may still leak, burst, or cause a short circuit under load.

289
MCQmedium

A user reports that a shared file on a Linux server is not accessible to their team. The file permissions are -rwxr----- and the user is a member of the group 'staff'. The file's group owner is 'admin'. Which command should the administrator run to allow the staff group to read the file?

A.chmod 755 file
B.chmod g+r file
C.chgrp staff file
D.chown user:staff file
AnswerC

This changes the group to 'staff', so the group read permission applies to the user's team, granting access.

Why this answer

The correct answer is C because chgrp staff file changes the group ownership to 'staff', making the group permissions apply to the user's team. The current group is 'admin', so the staff group has no access.

290
MCQhard

During a major software rollout, a technician discovers that the deployment script modifies a registry key that is also used by a legacy application. The change was not included in the original change request. What should the technician do?

A.Proceed with the deployment since the registry change is necessary for the new software.
B.Modify the script to skip the registry change and continue.
C.Stop the deployment and submit a new change request for the registry modification.
D.Document the registry change after the deployment is complete.
AnswerC

Stopping and submitting a new request ensures the change is properly reviewed and documented, preventing unintended consequences.

Why this answer

Option C is correct because any unapproved change to a system, even if necessary, must follow the change management process. The technician discovered that the deployment script modifies a registry key shared with a legacy application, which was not included in the original change request. Stopping the deployment and submitting a new change request ensures proper review, risk assessment, and approval before altering a shared resource that could impact the legacy application.

Exam trap

The trap here is that candidates may think a necessary change can be made immediately without approval, confusing 'necessary' with 'authorized,' but CompTIA emphasizes that all changes must follow the change management process regardless of urgency.

How to eliminate wrong answers

Option A is wrong because proceeding without approval violates change management policy and could cause unexpected failures in the legacy application due to the unplanned registry modification. Option B is wrong because skipping the registry change may break the new software deployment, as the script likely depends on that key for functionality, and modifying the script without authorization is also a change management violation. Option D is wrong because documenting the change after deployment bypasses the required pre-approval process and does not mitigate the risk of impacting the legacy application during the rollout.

291
MCQeasy

A customer complains that their Windows 10 PC is running very slowly after a recent software installation. You suspect a new background service is consuming excessive CPU. Which built-in administrative tool should you use to identify the offending service?

A.Device Manager to check for driver issues.
B.Services console (services.msc) to locate and stop the problematic service.
C.Event Viewer to review system logs.
D.Performance Monitor to create a data collector set.
AnswerB

Correct. The Services console provides a comprehensive list of services and their status, allowing you to stop or disable the offending service.

Why this answer

The Services console (services.msc) allows you to view and manage all Windows services, including stopping, starting, and disabling them. Task Manager shows running processes but provides less detail for service management. The other tools are not designed for service control.

292
MCQhard

During a routine security audit, a technician discovers that a user's computer has a program that opens a backdoor on port 4444 and allows remote control. The program was installed alongside a free PDF converter the user downloaded last week. Which malware type is this, and what is the most effective removal method?

A.Worm; use a network-based firewall to block port 4444.
B.Trojan horse; boot into Safe Mode and run a full anti-malware scan.
C.Ransomware; pay the ransom to regain control.
D.Rootkit; perform a clean installation of Windows.
AnswerB

The program is a Trojan that came bundled with freeware; Safe Mode scanning can remove it.

Why this answer

A Trojan horse disguises as legitimate software (the PDF converter) but contains malicious code. This Trojan opens a backdoor (a RAT). Removal requires disconnecting from the network, booting into Safe Mode, and using an updated anti-malware scanner to eliminate the Trojan and its persistence mechanisms.

293
MCQmedium

A company has a policy that all workstations must automatically lock after 10 minutes of inactivity. A user complains that their computer does not lock automatically. Which setting should you check and remediate?

A.Check the power plan settings for sleep timeout
B.Verify that the screen saver is enabled and set to 'On resume, display logon screen' with a 10-minute wait
C.Ensure Windows Update is fully installed
D.Disable the Fast Startup feature
AnswerB

This setting locks the workstation after the specified inactivity period, meeting the policy.

Why this answer

Option B is correct because the automatic lock behavior in Windows is controlled by the screen saver settings. When 'On resume, display logon screen' is enabled with a 10-minute wait, the screen saver triggers after inactivity and locks the workstation by requiring authentication upon resume. This is the standard mechanism for enforcing a lock timeout, not the power plan sleep timeout.

Exam trap

CompTIA often tests the distinction between sleep/screen saver/lock settings, and the trap here is that candidates confuse the power plan sleep timeout with the screen saver lock timeout, assuming sleep automatically locks the workstation.

How to eliminate wrong answers

Option A is wrong because the power plan sleep timeout controls when the system enters a low-power sleep state, not the lock screen; a computer can be idle and unlocked without sleeping. Option C is wrong because Windows Update installation status does not affect the screen saver or lock timeout behavior; missing updates would not prevent automatic locking. Option D is wrong because Fast Startup is a boot optimization feature that affects shutdown and startup, not idle-time locking; disabling it has no impact on the lock timeout.

294
MCQeasy

A user reports that their MacBook Pro running macOS Ventura is unable to open any applications after a recent system update. They see a spinning beach ball when clicking app icons. Which macOS tool should you use first to diagnose and resolve this issue?

A.Terminal
B.Activity Monitor
C.Disk Utility
D.System Information
AnswerB

Activity Monitor shows real-time system resource usage, allowing you to identify processes consuming excessive CPU or memory, which is the correct first step.

Why this answer

Activity Monitor is the primary macOS tool for viewing CPU, memory, energy, disk, and network usage. In this scenario, it can help identify a runaway process or memory pressure causing the system to hang. Force quitting unresponsive apps is a secondary step, but Activity Monitor first provides the diagnostic data needed.

295
MCQmedium

A technician is preparing to replace a failed hard drive in a server that hosts a critical database. The change requires a planned downtime of two hours. Which documentation must the technician review before proceeding?

A.The server's warranty information.
B.The approved change request and the backout plan.
C.The network topology diagram.
D.The employee handbook.
AnswerB

Reviewing the change request confirms authorization, and the backout plan provides steps to restore service if the replacement fails.

Why this answer

Option B is correct because before performing any hardware replacement that requires planned downtime, the technician must review the approved change request to confirm the change has been authorized and to understand the scope, risk, and implementation steps. The backout plan is equally critical as it provides the documented steps to revert the server to its previous state if the replacement fails, ensuring database integrity and minimizing extended downtime. This aligns with ITIL change management best practices and CompTIA A+ 220-1202 objectives for documentation review during hardware maintenance.

Exam trap

The trap here is that candidates confuse operational documentation (like network diagrams or warranty info) with the change management artifacts (change request and backout plan) that are mandatory before any planned downtime, leading them to choose a plausible but incorrect option.

How to eliminate wrong answers

Option A is wrong because warranty information is irrelevant to the immediate task of replacing a failed hard drive; it would be consulted after the fact for potential RMA, not before the procedure. Option C is wrong because a network topology diagram shows how devices are connected but does not contain the authorization, risk assessment, or rollback steps needed for a planned hardware change. Option D is wrong because the employee handbook covers company policies and conduct, not the technical change management documentation required for server maintenance.

296
MCQmedium

A user reports that their computer is running slowly and they suspect a virus. After scanning, the technician finds malware that has encrypted several files. The technician decides to wipe the drive and reinstall the OS. What should be done to ensure the malware is completely removed before data destruction?

A.Run a quick format and then reinstall the OS.
B.Use a secure erase utility that overwrites the entire drive including the boot sector.
C.Delete the encrypted files and run a registry cleaner.
D.Use System Restore to revert to a previous state.
AnswerB

Secure erase overwrites all areas, including the boot sector, eliminating persistent malware.

Why this answer

Some malware can persist in the boot sector or firmware. A full wipe of the entire drive (including the boot sector) using a secure erase or low-level format ensures no malware remnants remain. A simple format may leave boot-sector malware intact.

297
MCQeasy

During a network upgrade, a technician needs to dispose of several old CRT monitors. Which disposal method complies with environmental regulations?

A.Place them in the regular dumpster for pickup.
B.Sell them to a scrap metal dealer.
C.Take them to an e-waste recycling center.
D.Remove the glass and dispose of the plastic casing separately.
AnswerC

E-waste recycling centers are equipped to safely handle and recycle hazardous components in CRTs.

Why this answer

CRT monitors contain hazardous materials like lead, phosphorus, and other heavy metals that require specialized handling. Taking them to an e-waste recycling center ensures compliance with environmental regulations such as the Resource Conservation and Recovery Act (RCRA) and local e-waste laws, as these facilities are equipped to safely dismantle and recycle the toxic components.

Exam trap

CompTIA often tests the misconception that 'recycling' or 'selling to scrap' is always acceptable, but the trap here is that only certified e-waste recycling centers are legally authorized to handle CRT monitors due to their hazardous material content, while scrap dealers and general recycling are not compliant.

How to eliminate wrong answers

Option A is wrong because placing CRT monitors in a regular dumpster violates environmental regulations due to the leaded glass and other hazardous substances, which can leach into landfills and contaminate soil and groundwater. Option B is wrong because selling CRT monitors to a scrap metal dealer is not compliant unless the dealer is a certified e-waste recycler; general scrap dealers often lack the permits and processes to handle the toxic components safely, and the monitors may contain non-metallic hazardous materials. Option D is wrong because removing the glass and disposing of the plastic casing separately does not address the hazardous nature of the leaded glass, which still requires proper e-waste recycling; moreover, this practice is typically illegal without proper certification and equipment to prevent environmental release.

298
MCQmedium

A small business has no formal change management process. A technician installs a new antivirus program on a server, which later conflicts with the existing backup software, causing backups to fail. Which principle of change management was most clearly violated?

A.The change was not tested in a staging environment
B.The change was not approved by the change advisory board
C.The change was not documented or communicated to stakeholders
D.The technician did not create a rollback plan
AnswerC

Without documentation, there is no record of what changed, making troubleshooting difficult and violating the core principle of change management.

Why this answer

The scenario describes a small business with no formal change management process. The core failure is that the technician installed new antivirus software without documenting the change or communicating it to stakeholders (such as the backup administrator or other IT staff). If the change had been documented and communicated, the potential conflict with the existing backup software could have been identified and avoided.

This directly violates the principle that all changes must be documented and communicated to relevant parties, even in the absence of a formal CAB or staging environment.

Exam trap

CompTIA often tests the distinction between formal processes (like CAB approval or staging environments) and the fundamental principle of communication and documentation, leading candidates to overthink and select a more 'technical' or 'formal' answer when the scenario clearly lacks any formal structure.

How to eliminate wrong answers

Option A is wrong because while testing in a staging environment is a best practice, the question explicitly states there is 'no formal change management process,' and the primary violation is the lack of communication and documentation, not the absence of a staging environment. Option B is wrong because a Change Advisory Board (CAB) is a formal governance body typically used in larger organizations; a small business without a formal process would not have a CAB, so failing to get CAB approval is not the most clearly violated principle. Option D is wrong because although a rollback plan is important, the technician could have avoided the conflict entirely by simply communicating the change to stakeholders; the lack of a rollback plan is a secondary issue, not the core violation of change management principles.

299
MCQmedium

A company's security policy requires that all Windows 10 workstations automatically install critical updates as soon as they are released. However, users must not be forced to restart during work hours. Which Windows Update setting should you configure to meet these requirements?

A.Defer feature updates
B.Set Active Hours to cover the workday
C.Set the connection as metered
D.Configure Windows Update to 'Notify to schedule restart'
AnswerB

Active Hours prevent automatic restarts during specified times, while updates can still install automatically outside those hours.

Why this answer

Configuring Active Hours in Windows Update allows you to specify the time range during which the system should not automatically restart after installing updates. By setting Active Hours to cover the entire workday, critical updates can be downloaded and installed automatically, but the required restart is deferred until outside those hours, meeting both the security policy and the user experience requirement.

Exam trap

CompTIA often tests the distinction between controlling update installation versus controlling restart behavior; the trap here is that candidates may confuse 'deferring updates' with 'scheduling restarts,' or think that marking a connection as metered is a valid way to manage restart timing, when it actually blocks all automatic updates.

How to eliminate wrong answers

Option A is wrong because 'Defer feature updates' delays the installation of non-security feature updates, not critical security updates, and does not control restart timing. Option C is wrong because setting the connection as metered prevents all automatic downloads of updates, including critical ones, which violates the policy requiring automatic installation. Option D is wrong because 'Notify to schedule restart' only alerts the user to schedule a restart but does not enforce automatic installation of critical updates; it relies on user action, which may delay installation and violate the policy.

300
MCQeasy

A technician is configuring a cloud-based backup solution for a company's critical data. The company wants to ensure that if the primary cloud provider experiences an outage, the data remains accessible from another provider. Which concept should the technician implement?

A.High availability
B.Cloud federation
C.Load balancing
D.Disaster recovery plan
AnswerB

Cloud federation enables interoperability between different cloud providers, allowing data to be replicated and accessed across them.

Why this answer

Cloud federation allows different cloud providers to share resources and data, enabling failover and redundancy. This ensures data accessibility even if one provider goes down. High availability is a general concept, not specific to multi-provider redundancy.

Load balancing distributes traffic but does not guarantee data access during a provider outage. Disaster recovery is a broader plan, but federation is the specific technology for inter-provider failover.

Page 3

Page 4 of 10

Page 5

All pages