CompTIA A+ Core 2 220-1202 (220-1202) — Questions 601675

750 questions total · 10pages · All types, answers revealed

Page 8

Page 9 of 10

Page 10
601
MCQhard

A company deploys a custom app via MDM to Android devices. Users report that the app crashes immediately upon launch. The app works fine on the developer's test device. What is the most likely cause?

A.The MDM profile is corrupt and needs to be re-pushed.
B.The app requires a specific Android API level that is not present on the deployed devices.
C.The devices have insufficient storage space.
D.The app is not signed with the correct enterprise certificate.
AnswerB

If the app targets a higher API level than the device's OS, it will crash on launch due to missing system features.

Why this answer

App crashes on deployment often stem from missing dependencies or incompatible API levels. The most common cause is that the target devices are running an older Android version than the app's minimum SDK. The technician should check the app's manifest requirements against the device OS version.

602
MCQmedium

A user reports that their MacBook Pro running macOS Monterey frequently displays a message saying 'Your system has run out of application memory.' They have 16 GB of RAM and are only using Safari and Mail. Which macOS tool should you use to investigate the cause?

A.System Information
B.Terminal with 'vm_stat' command
C.Activity Monitor
D.Console
AnswerC

Activity Monitor's Memory tab displays memory pressure and per-process usage, allowing you to diagnose memory issues.

Why this answer

The 'application memory' message indicates that the system's memory pressure is high. Activity Monitor's Memory tab shows memory pressure graphically and lists memory usage by process. This is the correct tool to identify if a specific process is leaking memory or if there is a hardware issue.

System Information does not show live memory usage.

603
MCQhard

A technician is tasked with creating a PowerShell script that will parse a CSV file containing user information and create local user accounts on a Windows 10 machine. The CSV has columns: 'Username', 'FullName', 'Password'. The script must skip any row where the 'Username' is empty. Which control structure should the technician use to handle this requirement?

A.A 'for' loop with a counter to skip empty rows
B.A 'switch' statement to match usernames
C.An 'if' statement to test whether the Username property is not empty
D.A 'try/catch' block to handle errors when creating the account
AnswerC

An if statement can check the condition and skip processing if the username is empty.

Why this answer

Option C is correct because the requirement is to conditionally skip rows based on a property value. An 'if' statement in PowerShell allows you to test whether the 'Username' property is empty or null using a condition like `if ($_.Username -ne '')` and then skip the row with `continue` or simply not process it. This is the most direct and efficient control structure for a simple boolean check on each row.

Exam trap

CompTIA often tests the distinction between control structures used for conditional logic versus iteration or error handling, and the trap here is that candidates may overcomplicate the solution by choosing a loop or switch when a simple conditional check is the most appropriate and efficient choice.

How to eliminate wrong answers

Option A is wrong because a 'for' loop with a counter is unnecessary; it would require manual index tracking and does not inherently skip empty rows without an additional conditional check, making it less efficient and more error-prone than a direct property test. Option B is wrong because a 'switch' statement is designed to match a single value against multiple patterns, not to test whether a property is empty or not; it would be overcomplicated and not the idiomatic choice for a simple null/empty check. Option D is wrong because a 'try/catch' block is used for exception handling during runtime errors (e.g., account creation failure), not for skipping rows based on data validation before processing.

604
MCQeasy

A user reports that their Windows 10 PC is running slowly and they suspect too many programs start automatically. Which tool in the Settings app would you use to disable unnecessary startup programs?

A.System > About
B.Devices > Bluetooth & other devices
C.Update & Security > Troubleshoot
D.Apps > Startup
AnswerD

The Startup page lists all startup programs with toggles to enable or disable them.

Why this answer

Option D is correct because the Apps > Startup page in the Windows 10 Settings app provides a list of all startup programs with toggle switches to enable or disable them. This directly addresses the user's issue of too many programs launching automatically, which can slow down boot time and overall performance. The tool shows the impact of each startup item (e.g., 'High', 'Medium', 'Low') to help prioritize which to disable.

Exam trap

The trap here is that candidates often confuse the Apps > Startup page with the Task Manager's Startup tab (accessible via Ctrl+Shift+Esc), but the question specifically asks for a tool 'in the Settings app,' making Apps > Startup the correct choice.

How to eliminate wrong answers

Option A is wrong because System > About displays basic device specifications (e.g., processor, RAM, Windows edition) and does not manage startup programs. Option B is wrong because Devices > Bluetooth & other devices is used to pair and manage Bluetooth peripherals, not to control startup applications. Option C is wrong because Update & Security > Troubleshoot runs automated diagnostic tools for system issues like internet connectivity or audio, but it cannot disable startup programs.

605
MCQeasy

A technician is installing a new power supply in a desktop computer. After connecting all cables, the computer will not power on. What is the most likely safety-related oversight?

A.The power supply is not compatible with the motherboard.
B.The power cord is not securely plugged into the power supply.
C.The voltage selector switch on the power supply is set to the wrong voltage.
D.The power supply fan is blocked by debris.
AnswerC

This is correct. The voltage selector switch must match the outlet voltage. An incorrect setting can prevent power-up and damage the power supply.

Why this answer

The voltage selector switch on the power supply must match the local mains voltage (typically 115V in North America or 230V in Europe). If set to 230V while plugged into a 115V outlet, the power supply will receive insufficient voltage to start, causing the computer to appear completely dead. This is a common safety-related oversight because the switch is often overlooked during installation.

Exam trap

CompTIA often tests the voltage selector switch as a safety-related oversight because candidates mistakenly focus on physical connection issues (like a loose power cord) or component compatibility, overlooking the critical step of matching the power supply to the local mains voltage.

How to eliminate wrong answers

Option A is wrong because power supply compatibility with the motherboard is determined by the form factor (e.g., ATX) and connector types, not by the ability to power on; an incompatible power supply would still typically power on but might not fit or provide correct voltages. Option B is wrong because if the power cord were not securely plugged in, the computer would not power on, but this is a physical connection issue, not a safety-related oversight—the question specifically asks for a safety-related oversight. Option D is wrong because a blocked fan would cause overheating after the system is powered on, not prevent the computer from powering on entirely; the power supply would still start and spin the fan briefly before thermal protection might kick in.

606
MCQeasy

During a security audit, a technician discovers that a company's wireless network uses WEP encryption. The network has been in place for 10 years and still uses the original router. What is the most immediate security risk?

A.The router may not support modern encryption protocols.
B.WEP keys can be easily cracked using tools like Aircrack-ng.
C.The router's firmware is likely outdated and vulnerable to exploits.
D.WEP does not support WPA2-PSK, so clients must use a different protocol.
AnswerB

WEP's weak RC4 encryption allows attackers to capture packets and derive the key quickly.

Why this answer

WEP encryption is fundamentally flawed and can be cracked in minutes with readily available tools. This is the most pressing risk, as it allows attackers to decrypt traffic and potentially access the network.

607
MCQmedium

A user reports that their Windows 10 laptop is running very slowly after a recent software installation. You suspect a driver conflict. You need to boot the system with a minimal set of drivers and services to troubleshoot, but you must not use Safe Mode because the user needs network access for remote support. Which boot configuration should you set using the System Configuration tool?

A.Set the boot to 'Safe boot' with 'Network' selected under Boot options.
B.Under the General tab, select 'Diagnostic startup'.
C.Under the General tab, select 'Selective startup' and uncheck 'Load system services'.
D.Under the Boot tab, check 'No GUI boot' and set the timeout to 0.
AnswerB

Diagnostic startup loads only basic devices and services, and it does not disable networking entirely, allowing remote support.

Why this answer

The System Configuration (msconfig) tool allows you to enable 'Selective startup' and load only essential services and startup items, while still allowing network drivers to load. Safe Mode with Networking would also work but is not a msconfig setting; the question specifies using msconfig.

608
MCQmedium

A company's Android devices are failing to connect to the corporate email server after a security policy update. The devices show 'Authentication failed' for the email app. What is the most likely cause?

A.The devices need a factory reset to clear cached credentials.
B.The email app's server settings (IMAP/POP/SMTP) are no longer correct.
C.The SIM cards are deactivated.
D.The devices are infected with malware that blocks email.
AnswerB

Security policy updates often change server addresses or require SSL/TLS; incorrect settings cause authentication failure.

Why this answer

After a security policy update, authentication failures often stem from outdated or incorrect server settings. The most common change is an updated server address or port. The technician should verify the incoming/outgoing server settings in the email app.

609
MCQeasy

A user reports that after a recent Windows update, their laptop takes significantly longer to boot and they see a message about 'Preparing Automatic Repair' before the login screen appears. You need to access the advanced startup options to disable automatic restart on system failure. Which tool or feature should you use to boot into the Windows Recovery Environment (WinRE) from a running system?

A.Boot from a Windows installation USB and select 'Repair your computer'.
B.Press F8 repeatedly during boot to access advanced boot options.
C.Hold the Shift key while clicking Restart from the Start menu power options.
D.Open the System Configuration tool (msconfig) and set the boot to 'Safe Mode' under the Boot tab.
AnswerC

This is the standard built-in method to boot directly into WinRE without external media.

Why this answer

Option C is correct because holding the Shift key while clicking Restart forces the system to boot directly into the Windows Recovery Environment (WinRE) without needing installation media. This method leverages the built-in boot configuration data (BCD) to load the recovery tools, including the option to disable automatic restart on system failure under advanced startup settings.

Exam trap

The trap here is that candidates may confuse the deprecated F8 method (Option B) with the modern Shift+Restart method, or assume that msconfig (Option D) can directly launch WinRE, when in fact it only configures Safe Mode boot options.

How to eliminate wrong answers

Option A is wrong because booting from a Windows installation USB and selecting 'Repair your computer' is a valid way to access WinRE, but it requires external media and is not the most direct method from a running system; the question specifies 'from a running system,' making this an unnecessary extra step. Option B is wrong because pressing F8 during boot to access advanced boot options was deprecated in Windows 8 and later; modern Windows systems use a fast startup process that makes F8 unreliable, and it does not reliably lead to WinRE. Option D is wrong because opening the System Configuration tool (msconfig) and setting the boot to 'Safe Mode' under the Boot tab only configures the system to boot into Safe Mode on the next restart, not into WinRE, and it does not provide access to the advanced startup options needed to disable automatic restart on system failure.

610
MCQhard

A server administrator notices that an unauthorized user has been accessing sensitive data by exploiting a vulnerability in a web application. The application was recently updated. What is the most likely cause of this security incident?

A.Weak password policy
B.Zero-day vulnerability
C.Misconfigured firewall
D.Social engineering attack
AnswerB

A zero-day vulnerability is an unpatched flaw that attackers can exploit, which fits the scenario of a recent update not addressing it.

Why this answer

A zero-day vulnerability is a previously unknown flaw that attackers exploit before a patch is available. Even with recent updates, such vulnerabilities can exist, leading to unauthorized access.

611
MCQmedium

A user calls the help desk because they received a pop-up on their screen claiming their computer is infected with a virus and to call a toll-free number for immediate support. The user did not call the number. What should the technician advise the user to do?

A.Call the number to see if it's legitimate.
B.Ignore the pop-up and continue working.
C.Close the pop-up and run a full antivirus scan.
D.Reboot the computer immediately.
AnswerC

The safest action is to close the pop-up (using Task Manager if necessary) and run a security scan to check for any malware that may have been downloaded.

Why this answer

This is a tech support scam, a form of social engineering that uses scare tactics (fake virus warnings) to trick users into calling a fake support line. The user should close the pop-up and run a security scan to ensure no malware was installed.

612
MCQmedium

After installing a new application, a user reports that their default web browser keeps changing to a different one without their consent. Which Windows feature can you use to prevent applications from changing file associations and default programs?

A.Programs and Features
B.Default Programs (Control Panel)
C.Local Group Policy Editor
D.Registry Editor
AnswerC

Group Policy can enforce 'Set a default associations configuration file' to lock file associations and prevent changes by users or apps.

Why this answer

The Local Group Policy Editor (gpedit.msc) allows administrators to configure the 'Set a default associations configuration file' policy under Computer Configuration > Administrative Templates > Windows Components > File Explorer. When enabled, this policy prevents applications from changing file associations and default programs by locking the association file, overriding any user or application changes. This is the correct tool for enforcing system-wide control over default programs in Windows 10/11 Pro, Enterprise, or Education editions.

Exam trap

CompTIA often tests the misconception that Default Programs in Control Panel can lock associations, but it only provides a manual interface for setting them without any enforcement mechanism against application changes.

How to eliminate wrong answers

Option A is wrong because Programs and Features is used to uninstall, change, or repair installed programs, not to prevent applications from changing file associations or default programs. Option B is wrong because Default Programs in Control Panel allows users to manually set file associations and default programs, but it does not prevent other applications from changing them afterward. Option D is wrong because Registry Editor (regedit) can be used to manually modify association keys (e.g., HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations), but it does not provide a built-in mechanism to lock or prevent changes by other applications.

613
MCQmedium

A user reports that they clicked a link in a text message that appeared to be from their bank, warning of suspicious activity. The link led to a realistic-looking login page, but the user realized it was fake after entering their credentials. What type of social engineering attack is this?

A.Vishing
B.Smishing
C.Pharming
D.Pretexting
AnswerB

Smishing is the correct term for SMS-based phishing attacks.

Why this answer

This is smishing, which is phishing conducted via SMS text messages. The attacker uses urgency and a fake login page to steal credentials. Smishing is increasingly common due to the high trust users place in text messages.

614
MCQhard

A company's security policy mandates that all wireless traffic must be encrypted using a protocol that is resistant to KRACK attacks. The current network uses WPA2-PSK with AES. Which of the following upgrades should be implemented to meet this requirement?

A.Change the encryption from AES to TKIP.
B.Enable WPA2-Enterprise with 802.1X.
C.Upgrade to WPA3-Personal.
D.Implement MAC address filtering.
AnswerC

WPA3 uses SAE, which is resistant to KRACK attacks because it uses a different handshake process that prevents key reinstallation.

Why this answer

KRACK attacks exploit vulnerabilities in the WPA2 protocol's four-way handshake. WPA3 is designed to mitigate these attacks through the use of SAE (Simultaneous Authentication of Equals) and 256-bit encryption. This question tests knowledge of specific vulnerabilities and the corresponding protocol improvements.

615
MCQmedium

A user reports that their Windows 11 laptop can see the office Wi-Fi network but fails to connect, displaying 'Can't connect to this network'. Other users with the same laptop model connect without issues. The network uses WPA2-PSK with AES. What should you check first?

A.Update the wireless adapter driver.
B.Change the router's security protocol to WPA3.
C.Forget the network on the laptop and reconnect by entering the passphrase again.
D.Disable the firewall on the laptop.
AnswerC

This clears any incorrect saved credentials and allows the user to enter the correct passphrase, resolving authentication mismatches.

Why this answer

A mismatch in the saved passphrase is a common cause of connection failures when the network is visible. The correct answer is to forget the network and re-enter the correct passphrase. This tests troubleshooting skills for wireless authentication issues.

616
MCQhard

A user's browser is infected with a malicious extension that steals credentials. The extension was installed via a drive-by download from a compromised website. After removing the extension, what additional step should you take to ensure the credentials are not compromised?

A.Clear the browser cache and cookies
B.Run a full antivirus scan
C.Reset the browser settings to default
D.Change all passwords that were entered while the extension was active
AnswerD

Since credentials may have been captured, changing passwords is essential to prevent unauthorized access.

Why this answer

If a credential-stealing extension was active, passwords may have been captured. The correct step is to force password changes for all accounts used in that browser. This tests understanding of post-infection remediation and the scope of data theft.

617
Multi-Selecthard

A security incident occurred when an employee disposed of a hard drive by throwing it in the trash. The hard drive contained unencrypted customer data. Which two practices should have been followed to prevent this environmental and security breach? (Choose two.)

Select 2 answers
A.Degauss the hard drive before disposal.
B.Place the hard drive in a secure shredding bin for e-waste.
C.Perform a quick format of the drive before disposal.
D.Delete the files and empty the Recycle Bin.
AnswersA, B

Degaussing destroys the magnetic data, making it unrecoverable, and is a proper sanitization method.

Why this answer

Option A is correct because degaussing a hard drive uses a strong magnetic field to disrupt the magnetic domains on the platters, rendering the data permanently unrecoverable. This is a NIST SP 800-88 approved method for sanitizing magnetic media and ensures that unencrypted customer data cannot be retrieved after disposal.

Exam trap

CompTIA often tests the misconception that a quick format or file deletion is sufficient for data sanitization, when in reality these actions only remove logical pointers and leave the underlying data fully recoverable.

618
MCQmedium

A small business owner wants to ensure that all company laptops are protected in case of theft. They need a solution that encrypts the entire hard drive and requires a pre-boot PIN. Which security feature should you implement?

A.Enable EFS (Encrypting File System) on the Documents folder.
B.Set a BIOS password.
C.Enable BitLocker with a TPM + startup PIN.
D.Install a third-party antivirus with encryption.
AnswerC

BitLocker with TPM + PIN provides full disk encryption and requires a PIN before Windows loads, meeting the requirement.

Why this answer

BitLocker with a TPM + startup PIN provides full-disk encryption and requires a pre-boot authentication PIN, meeting the requirement to protect the entire hard drive in case of theft. The TPM validates system integrity, and the PIN must be entered before the OS loads, preventing unauthorized access even if the drive is removed.

Exam trap

The trap here is that candidates often confuse EFS with full-disk encryption or assume a BIOS password alone secures data, but only BitLocker with TPM + startup PIN provides the required pre-boot authentication and full-drive encryption.

How to eliminate wrong answers

Option A is wrong because EFS encrypts individual files or folders, not the entire hard drive, and does not require a pre-boot PIN; it operates at the file system level after the OS loads. Option B is wrong because a BIOS password only prevents unauthorized users from changing BIOS settings or booting the system, but it does not encrypt the hard drive, leaving data accessible if the drive is removed. Option D is wrong because third-party antivirus with encryption typically offers file-level or folder-level encryption, not full-disk encryption with pre-boot authentication, and antivirus software focuses on malware detection, not drive encryption.

619
MCQeasy

A customer reports that their office printer is emitting a strong, acrid smell and producing distorted prints. The printer uses a fuser unit that has been in service for five years. What should you recommend as the most environmentally responsible action?

A.Replace the entire printer with a new Energy Star model.
B.Replace only the fuser unit and recycle the old one through a certified e-waste recycler.
C.Continue using the printer until it fails completely.
D.Disassemble the printer and dispose of all parts in the general trash.
AnswerB

The fuser is a replaceable consumable; recycling it properly reduces waste and is environmentally responsible.

Why this answer

Option B is correct because the fuser unit is a consumable component that degrades over time, and replacing only the faulty fuser while recycling the old one through a certified e-waste recycler minimizes electronic waste. This approach addresses the root cause (a worn-out fuser) without discarding the entire printer, which would generate unnecessary e-waste and violate environmental best practices.

Exam trap

CompTIA often tests the misconception that a failing component always requires full device replacement, but the trap here is that candidates overlook the environmental impact of e-waste and fail to recognize that consumable parts like fusers are designed to be replaced individually.

How to eliminate wrong answers

Option A is wrong because replacing the entire printer with a new Energy Star model is unnecessarily wasteful; the printer itself is likely still functional, and only the fuser unit needs replacement. Option C is wrong because continuing to use the printer until it fails completely poses a fire hazard from the overheating fuser and may cause further damage to other components, increasing waste and repair costs. Option D is wrong because disposing of all parts in general trash violates e-waste regulations and environmental guidelines, as printer components contain hazardous materials like lead and mercury that require proper recycling.

620
MCQeasy

A user reports that their Windows 10 PC is running slowly and they see many background processes in Task Manager. You need to identify which processes are consuming the most CPU and memory resources without installing any additional software. Which built-in Windows tool should you use?

A.Performance Monitor
B.Resource Monitor
C.Task Manager
D.System Configuration (msconfig)
AnswerC

Task Manager lists all running processes and their CPU/memory usage, allowing you to sort and identify high-consumption processes.

Why this answer

Task Manager provides real-time monitoring of CPU, memory, disk, and network usage by process. It is the default tool for quickly identifying resource hogs on a Windows system.

621
MCQhard

A technician is tasked with disposing of a failed SSD that contains encrypted financial records. The SSD is non-functional and cannot be powered on. Which method should the technician use to ensure data is destroyed?

A.Use a degausser on the SSD.
B.Perform a secure erase command via SATA interface.
C.Physically shred the SSD using an industrial shredder.
D.Overwrite the SSD with a data wiping tool on another computer.
AnswerC

Physical destruction ensures the NAND chips are broken into small pieces, making data recovery impossible.

Why this answer

The correct answer is physical destruction, such as shredding or crushing the SSD. Because the SSD is non-functional, software-based wiping or degaussing (which is ineffective on SSDs) cannot be used. This tests knowledge that SSDs require different destruction methods than HDDs.

622
MCQeasy

During a software deployment, you need to ensure that a legacy application always runs with administrative privileges, even for standard users. How can you configure this using Windows built-in tools?

A.Set the application's shortcut to 'Run as administrator' in the Compatibility tab
B.Disable User Account Control (UAC) in the Control Panel
C.Add the user to the local Administrators group
D.Use the 'Run as different user' option from the Shift+right-click menu
AnswerA

This setting forces the application to request elevation every time it runs, which works if the user has the necessary credentials.

Why this answer

Option A is correct because the Compatibility tab in a shortcut's properties allows you to set the 'Run as administrator' flag, which embeds a compatibility manifest that prompts for elevation via UAC when the application is launched. This ensures the legacy application always runs with administrative privileges, even for standard users, by triggering a credential prompt for an administrator account.

Exam trap

CompTIA often tests the misconception that disabling UAC or adding users to the Administrators group is the correct way to grant admin rights to a single application, when the targeted 'Run as administrator' shortcut setting is the proper built-in method.

How to eliminate wrong answers

Option B is wrong because disabling UAC globally would remove the elevation prompt, but the application would still run with the user's limited privileges, not administrative rights, and it weakens system security. Option C is wrong because adding a standard user to the local Administrators group grants permanent administrative rights to the entire user account, which is excessive and violates the principle of least privilege; it is not a targeted solution for a single application. Option D is wrong because 'Run as different user' allows running an application under a different user account, but it does not automatically grant administrative privileges; the specified user must already have the necessary rights, and it requires manual intervention each time.

623
MCQmedium

A user calls the help desk complaining that they cannot change their Windows 10 password even though they know the current password. The user is a member of the 'Users' group on a domain-joined computer. What is the most likely cause?

A.The user does not have 'Change Password' permission on their own account.
B.The 'User must change password at next logon' flag is set.
C.The 'Password must meet complexity requirements' policy is preventing the new password from being accepted.
D.The local Security Accounts Manager (SAM) database is corrupted.
AnswerC

If the new password does not meet complexity requirements (e.g., length, character types), the system will reject the change even if the user knows the current password.

Why this answer

This question tests knowledge of password policies and user permissions. In a domain environment, password policies are typically enforced by the domain controller, not the local machine. The 'Password must meet complexity requirements' policy may be enabled, and the user's new password might not meet those requirements, even though they know the current password.

624
MCQmedium

A company is migrating from Workgroup to Domain. After joining a Windows 10 computer to the domain, users report that they can no longer log on using their local user accounts. What setting in Local Security Policy is most likely causing this behavior?

A.The 'Network access: Do not allow anonymous enumeration of SAM accounts' policy
B.The 'Deny log on locally' user rights assignment includes the 'Guests' group
C.The 'Deny log on locally' user rights assignment includes the 'Users' group
D.The 'Interactive logon: Do not display last user name' policy is enabled
AnswerC

If the domain policy adds the 'Users' group to this setting, it will block all local user accounts (which are members of the local Users group) from logging on interactively.

Why this answer

This question tests understanding of the 'Deny log on locally' user rights assignment. When a computer joins a domain, domain policies may override local settings, and the 'Deny log on locally' policy can be configured to block local accounts. This is a common security measure to enforce domain-only authentication.

625
MCQhard

A technician is called to a user's desk for a 'printer issue.' Upon arrival, the user is on a phone call and waves dismissively at the technician. The technician waits for two minutes, but the user continues their call. What should the technician do?

A.Stand silently until the user finishes the call, even if it takes a long time.
B.Leave a note on the desk saying you were there and will return later, then check back in 15 minutes.
C.Interrupt the call to say you'll come back later.
D.Close the ticket as 'user not available' and move on to the next task.
AnswerB

This respects the user's current activity, documents the visit, and offers a clear follow-up, demonstrating professionalism.

Why this answer

Option B is correct because it demonstrates professional respect for the user's current activity while ensuring the issue is addressed. Leaving a note and returning in 15 minutes maintains a service-level commitment without disrupting the user's call, aligning with CompTIA's best practices for customer communication and time management in a support scenario.

Exam trap

The trap here is that candidates may choose Option D (close the ticket) thinking it is efficient, but CompTIA emphasizes that closing a ticket without user consent or follow-up is unprofessional and violates the core principle of customer service.

How to eliminate wrong answers

Option A is wrong because standing silently for an indefinite period wastes technician time and does not proactively manage the support queue; it fails to balance efficiency with customer service. Option C is wrong because interrupting the user's call is unprofessional and could escalate frustration, violating the principle of respecting the user's current engagement. Option D is wrong because closing the ticket as 'user not available' without attempting to reschedule abandons the support request prematurely, which is poor practice and could lead to unresolved issues and negative user experience.

626
MCQeasy

A customer reports that their Windows 10 laptop is running slowly and they suspect a program is using too much memory. They ask you to check the system's resource usage. Which built-in Windows tool would you use to view real-time memory, CPU, and disk usage?

A.Resource Monitor
B.Task Manager
C.Performance Monitor
D.System Configuration (msconfig)
AnswerB

Task Manager shows real-time CPU, memory, disk, and network usage in the Performance tab, making it the quickest tool for this scenario.

Why this answer

Task Manager provides a real-time overview of system performance, including memory, CPU, and disk usage, making it the ideal tool for diagnosing resource bottlenecks. The Resource Monitor offers more detailed data but is accessed from Task Manager, not directly. Performance Monitor and System Configuration are for advanced logging and startup management, respectively.

627
MCQmedium

A technician is configuring a new employee's workstation. The employee mentions that a 'friendly IT guy' from the help desk called earlier and asked for their username and temporary password to 'pre-setup the account'. The employee provided the information. What should the technician do first?

A.Proceed with the setup as planned, since the employee already provided the info.
B.Reset the employee's password and report the incident to the security team.
C.Call the help desk to verify if they made the call.
D.Tell the employee it was likely a test and to ignore it.
AnswerB

The correct response is to immediately reset the compromised password and report the social engineering attempt to the security team so they can investigate and prevent further attacks.

Why this answer

This is a social engineering attack where the attacker posed as IT support. The technician should immediately report the incident to the security team and flag the account as compromised, as the credentials are now in the hands of an attacker.

628
MCQeasy

A user calls the help desk frustrated because their laptop will not connect to the company Wi-Fi. They say they have tried restarting the laptop but it still does not work. The technician suspects the wireless adapter driver may be corrupt. What is the best first step for the technician to take?

A.Remotely reinstall the wireless adapter driver.
B.Ask the user if they see any error messages or if other devices connect to the Wi-Fi.
C.Tell the user to bring the laptop to the IT office for a physical inspection.
D.Escalate the ticket to the network team immediately.
AnswerB

This gathers critical information to narrow down the problem, showing professionalism and effective troubleshooting.

Why this answer

This question tests the concept of active listening and gathering information before jumping to solutions. The correct answer is to ask clarifying questions to understand the issue fully, which ensures the technician does not waste time on incorrect assumptions.

629
MCQeasy

A technician is disposing of a stack of CDs and DVDs that contain backup data from a medical office. The media are labeled with patient information. Which method should the technician use to destroy the data?

A.Use a degausser on each disc.
B.Scratch the surface of each disc with a key.
C.Use a cross-cut shredder that accepts optical discs.
D.Place the discs in a microwave for 10 seconds.
AnswerC

Cross-cut shredding reduces discs to small pieces, ensuring data is physically destroyed and unrecoverable.

Why this answer

The correct answer is to use a cross-cut shredder designed for optical media. Shredding physically destroys the discs, making data unrecoverable. Degaussing does not work on optical media, and formatting or deleting files is not possible on read-only discs.

630
MCQhard

An IT manager wants to implement a data destruction policy that meets the U.S. Department of Defense (DoD) 5220.22-M standard for top-secret data. The drives are HDDs and will be reused within the organization. Which method is required?

A.Perform a single overwrite with zeros.
B.Use a degausser and then reformat the drive.
C.Run a three-pass overwrite (zeros, ones, random).
D.Physically destroy the drive with a hammer.
AnswerC

The DoD 5220.22-M standard for top-secret data specifies a three-pass overwrite to ensure data is unrecoverable.

Why this answer

The DoD 5220.22-M standard for top-secret data requires a three-pass overwrite (pass 1: zeros, pass 2: ones, pass 3: random) to ensure data is unrecoverable. A single overwrite may not meet this standard. Degaussing and physical destruction are also acceptable but prevent reuse.

631
MCQmedium

A technician is writing a PowerShell script to check the status of a Windows service on multiple remote computers. The script must output the service name and status for each computer where the service is running. Which cmdlet combination should the technician use to achieve this?

A.Get-Service -ComputerName $computers | Where-Object {$_.Status -eq 'Running'}
B.Invoke-Command -ComputerName $computers -ScriptBlock {Get-Service} | Select-Object Status
C.Get-WmiObject Win32_Service -ComputerName $computers | Where-Object {$_.State -eq 'Running'}
D.Get-Service -Name * -ComputerName $computers | Format-Table -AutoSize
AnswerA

This correctly retrieves services from remote computers and filters for running services.

Why this answer

Option A is correct because Get-Service with the -ComputerName parameter can query multiple remote computers directly, and piping its output to Where-Object with the condition {$_.Status -eq 'Running'} filters only services whose Status property equals 'Running'. This meets the requirement to output the service name and status for each computer where the service is running, as Get-Service returns objects containing both Name and Status properties by default.

Exam trap

CompTIA often tests the distinction between Get-Service and Get-WmiObject Win32_Service, where candidates confuse the property names 'Status' vs 'State' and the correct filtering syntax, leading them to choose option C despite its deprecated status and incorrect property reference.

How to eliminate wrong answers

Option B is wrong because Invoke-Command -ScriptBlock {Get-Service} returns service objects from remote computers, but Select-Object Status only outputs the Status property, omitting the service name required by the task. Option C is wrong because Get-WmiObject Win32_Service uses the State property (not Status) to check if a service is running, and the condition {$_.State -eq 'Running'} is incorrect; the correct property value is 'Running' but the property name is 'State', not 'Status', and the cmdlet is deprecated in favor of Get-CimInstance. Option D is wrong because Format-Table -AutoSize only formats the output for display but does not filter for running services; it would output all services regardless of their status, failing to meet the requirement to check only where the service is running.

632
MCQeasy

A user reports that their Windows 10 laptop shows a 'Your license will expire soon' watermark on the desktop, even though they purchased a retail license key. You need to resolve the activation issue. Which Control Panel applet should you use first?

A.Device Manager
B.System
C.Programs and Features
D.User Accounts
AnswerB

The System applet displays Windows edition, activation status, and allows you to change the product key or activate Windows.

Why this answer

The System applet (Control Panel > System) provides direct access to the Windows activation status and the 'Change product key' option. Since the user already has a retail license key, the first troubleshooting step is to verify the current activation state and re-enter the key via this applet, which triggers a re-activation with Microsoft's licensing servers.

Exam trap

The trap here is that candidates may confuse activation issues with driver or user account problems, leading them to Device Manager or User Accounts, when the correct first step is always to check the System applet for activation status and key entry.

How to eliminate wrong answers

Option A is wrong because Device Manager is used to manage hardware drivers and devices, not software licensing or activation. Option C is wrong because Programs and Features is for uninstalling or modifying installed applications, not for managing Windows activation or product keys. Option D is wrong because User Accounts handles user profile settings, passwords, and credentials, but does not provide any interface for Windows license activation or product key entry.

633
MCQhard

A user's iPhone is experiencing random restarts and app crashes after installing a new configuration profile for email. The technician needs to remove the profile but cannot find it in Settings. What should the technician check?

A.Check Settings > General > VPN & Device Management
B.Reset the iPhone's network settings
C.Use iTunes to restore the iPhone from a backup
D.Disable iCloud Keychain
AnswerA

This is the correct location to view and remove configuration profiles on iOS.

Why this answer

Configuration profiles are managed under Settings > General > VPN & Device Management. If the profile is not there, it may be installed via MDM or be a supervised profile. The technician should verify MDM enrollment.

634
MCQmedium

A technician is configuring a wireless network for a new office. The network must support legacy devices that only support WPA-TKIP, but the technician also wants to maximize security for modern devices. Which configuration should the technician use?

A.Enable WPA3-SAE for all devices.
B.Use WPA2-PSK with TKIP encryption.
C.Configure the router for WPA2-PSK with AES and enable WPA-TKIP as a fallback.
D.Set up a separate SSID with WPA-TKIP for legacy devices and another SSID with WPA2-AES for modern devices.
AnswerD

This isolates legacy devices on a less secure network while allowing modern devices to use the stronger encryption.

Why this answer

WPA2-PSK with AES is the most secure option, but it is not backward compatible with WPA-TKIP devices. The technician must choose between compatibility and security; the best practice is to upgrade legacy devices or use a separate network for them.

635
MCQeasy

During a routine security audit, you discover that several user accounts on a Windows 10 workstation have local administrator privileges when they should only be standard users. You need to quickly review and modify user account types from the command line. Which built-in tool should you use?

A.lusrmgr.msc (Local Users and Groups MMC)
B.net user
C.net localgroup
D.diskpart
AnswerC

Net localgroup allows you to add or remove users from local groups like Administrators from the command line.

Why this answer

The 'net localgroup' command allows you to view and modify local group memberships, such as adding or removing users from the Administrators group. The other options are either for different purposes (like disk management) or require a GUI.

636
MCQmedium

A technician is tasked with securely connecting a remote office to the main office over the internet. The remote office has 10 users who need access to the same resources as local users. Which of the following remote access methods provides the most secure and scalable solution?

A.Configure port forwarding on the main office router for each required service
B.Set up a site-to-site VPN between the two offices
C.Use Remote Desktop for each user to connect to a workstation at the main office
D.Implement a client-to-site VPN for each user
AnswerB

A site-to-site VPN provides a secure, encrypted connection between entire networks, allowing seamless access for all users.

Why this answer

A site-to-site VPN (often using IPsec or a secure tunnel protocol) creates an encrypted, always-on connection between the two office routers, allowing all 10 users transparent access to the main office resources as if they were on the same LAN. This method is both secure (encrypting all traffic) and scalable (handling multiple users without per-client configuration), making it the best fit for connecting entire networks over the internet.

Exam trap

CompTIA often tests the distinction between site-to-site and client-to-site VPNs, where candidates mistakenly choose client-to-site VPN (Option D) thinking it is more secure per-user, but the question emphasizes 'scalable' and 'connecting a remote office'—a site-to-site VPN is the correct enterprise solution for network-to-network connectivity.

How to eliminate wrong answers

Option A is wrong because port forwarding exposes specific services directly to the internet, creating a large attack surface and requiring manual configuration for each service, which is neither secure nor scalable for multiple users. Option C is wrong because Remote Desktop Protocol (RDP) provides only per-user, per-session access to individual workstations, which is not designed for network-level resource sharing and introduces significant management overhead for 10 users. Option D is wrong because client-to-site VPN requires each user to install and maintain a VPN client, which adds administrative burden and is less scalable than a site-to-site VPN that centralizes the connection at the network edge.

637
MCQmedium

A technician is tasked with setting up power management on 50 company workstations to reduce energy consumption. Users must be able to save work before the computer sleeps. Which power setting should be configured?

A.Set the computer to hibernate after 15 minutes of inactivity.
B.Set the computer to sleep after 30 minutes of inactivity.
C.Disable all power-saving features to ensure maximum performance.
D.Set the monitor to turn off after 5 minutes but keep the computer on.
AnswerB

Sleep uses less power than full operation and wakes quickly, allowing users to save work before the timer expires.

Why this answer

Option B is correct because setting the computer to sleep after 30 minutes of inactivity allows users to save their work before the system enters a low-power state. Sleep keeps the system state in RAM, enabling a quick resume, while still reducing energy consumption. This balances power savings with user control, as the user can manually trigger sleep after saving work.

Exam trap

The trap here is that candidates confuse hibernate with sleep, thinking hibernate is better for power savings, but they overlook the requirement that users must be able to save work before the computer sleeps—hibernate does not provide a user-friendly save prompt and takes longer to resume, making sleep the correct choice for this scenario.

How to eliminate wrong answers

Option A is wrong because hibernate saves the system state to disk and powers off the computer, which takes longer to resume and may cause users to lose unsaved work if they are not prompted to save before the transition. Option C is wrong because disabling all power-saving features would increase energy consumption, directly contradicting the goal of reducing energy usage. Option D is wrong because turning off the monitor alone does not reduce the computer's power draw significantly; the computer remains fully active, wasting energy and not addressing the requirement to save work before sleep.

638
MCQmedium

An iOS user is concerned about a lost iPhone and wants to ensure that if the device is erased, it cannot be reactivated without their Apple ID and password. Which iOS security feature provides this protection?

A.Find My iPhone location tracking.
B.Activation Lock, enabled by Find My iPhone.
C.iCloud Keychain with two-factor authentication.
D.Lost Mode in the Find My app.
AnswerB

Activation Lock is automatically enabled when Find My iPhone is active, and it requires the owner's Apple ID to erase and reactivate the device, deterring theft.

Why this answer

Activation Lock is an iOS security feature that is automatically enabled when Find My iPhone is turned on. It ties the device to the owner's Apple ID, preventing anyone from reactivating the device after it is erased or restored without entering the correct Apple ID and password. Find My iPhone locates the device, but Activation Lock provides the anti-theft protection. iCloud Keychain is for passwords, and Lost Mode locks the device but does not prevent reactivation after a wipe.

639
MCQeasy

A user reports that their MacBook Pro running macOS Ventura suddenly lost all desktop icons and the menu bar is missing. They can still move the cursor and click on open applications. Which macOS feature or tool should you use to restore the desktop and menu bar?

A.Restart the MacBook by holding the power button.
B.Open Activity Monitor and force quit the WindowServer process.
C.Use Force Quit (Cmd+Option+Esc) and select Finder, then click Relaunch.
D.Run the command 'sudo killall Dock' in Terminal.
AnswerC

This is the correct method to restart the Finder process, which controls the desktop, menu bar, and file system display. It is a standard macOS troubleshooting step.

Why this answer

The scenario describes a Finder crash, which often causes the desktop, menu bar, and icons to disappear. Relaunching Finder via the Force Quit Applications window restores these elements without rebooting the entire system. This is a common troubleshooting step for macOS GUI issues.

640
MCQhard

A security incident has occurred: an employee's workstation was used to access unauthorized websites. The manager wants to review recent web browsing history and application usage. Which administrative tool can provide a comprehensive timeline of user activity on the Windows 10 system?

A.Performance Monitor to create a trace of user actions.
B.Task Scheduler to view past task executions.
C.Event Viewer to examine Security and Application logs for user activity.
D.Local Users and Groups to check user group memberships.
AnswerC

Correct. Event Viewer logs security events (logons) and application events, which can help reconstruct user activity.

Why this answer

Event Viewer, specifically the Windows logs (Application, Security, System), can track user logons, application starts, and other events. However, for detailed browsing history, third-party tools or browser history are needed. Among the given options, Event Viewer is the most appropriate for system-level activity.

The other tools do not track user activity in this way.

641
MCQeasy

A customer needs to transfer their user profile, documents, and application settings from an old Windows 7 PC to a new Windows 10 PC. Which Windows tool is specifically designed for this purpose?

A.Windows Easy Transfer
B.File History
C.User State Migration Tool (USMT)
D.Windows Backup and Restore
AnswerC

USMT is the correct tool for migrating user profiles, files, and settings between Windows installations in a domain environment.

Why this answer

The User State Migration Tool (USMT) is a command-line tool designed for large-scale migrations of user profiles and settings. It is included in the Windows Assessment and Deployment Kit (ADK). For simpler transfers, Windows Easy Transfer was used in older versions, but USMT is the enterprise-grade solution.

642
MCQhard

A technician is configuring a hybrid cloud environment where an on-premises application needs to securely access a database hosted in a public cloud. The company requires that all traffic between the two environments be encrypted and not traverse the public internet. Which of the following should the technician implement?

A.Configure a site-to-site VPN over the internet
B.Use a dedicated private connection such as AWS Direct Connect
C.Set up a remote desktop gateway
D.Deploy a cloud-based load balancer
AnswerB

A dedicated private connection provides a direct, private link between on-premises and the cloud, bypassing the public internet and ensuring encryption.

Why this answer

A VPN tunnel creates an encrypted connection over the internet, but to avoid the public internet entirely, a dedicated private connection like AWS Direct Connect or Azure ExpressRoute is needed. However, the question specifies 'not traverse the public internet', so a VPN over the internet would not qualify. The correct answer is a dedicated private connection, which is a service offered by cloud providers.

This tests knowledge of hybrid cloud connectivity options.

643
MCQmedium

An employee's company-issued Android phone is suddenly displaying pop-up ads even when no browser is open. The employee claims they only downloaded apps from the official Google Play Store. Which of the following is the MOST likely cause?

A.The phone's firmware is outdated.
B.A recently installed app has been granted 'Draw over other apps' permission.
C.The phone's Wi-Fi network is infected with malware.
D.The phone's screen has a hardware defect causing ghost touches.
AnswerB

This permission allows apps to display content on top of other apps, which is a common vector for adware.

Why this answer

The 'Draw over other apps' permission allows an app to display content on top of other applications, including the home screen and lock screen. This is a common technique used by adware and malicious apps to serve persistent pop-up ads even when no browser is open, as the app can draw its own window outside of the normal app lifecycle. Since the employee only downloaded from Google Play, this permission abuse is the most likely cause, as even Play Store apps can be granted this permission by the user during installation or runtime.

Exam trap

CompTIA often tests the distinction between network-level threats (like DNS hijacking) and client-side permission abuse, so the trap here is that candidates may assume pop-up ads always come from browser-based malware or network injection, rather than recognizing the 'Draw over other apps' permission as the specific Android mechanism for persistent on-screen overlays.

How to eliminate wrong answers

Option A is wrong because an outdated firmware (system software) typically causes security vulnerabilities or performance issues, but it does not directly cause pop-up ads to appear; adware behavior is tied to app-level permissions, not firmware version. Option C is wrong because a Wi-Fi network infected with malware would typically intercept or redirect web traffic, not inject pop-up ads into the Android UI layer; pop-ups that appear without a browser open are a client-side overlay issue, not a network-level attack. Option D is wrong because ghost touches from a hardware defect would cause random taps and interactions, not the display of structured pop-up ads with specific content; ghost touches cannot generate ad windows with text and images.

644
MCQhard

A technician needs to configure a Windows 10 kiosk machine that runs a single full-screen application for public use. They want to prevent users from accessing the desktop, taskbar, or any other system functions. Which Settings page should they use to set up this restricted user experience?

A.Settings > Personalization > Start
B.Control Panel > User Accounts > Manage User Accounts
C.Settings > Accounts > Other users > Set up a kiosk
D.Local Group Policy Editor > Computer Configuration > Windows Settings > Security Settings
AnswerC

This is the dedicated kiosk setup that uses Assigned Access to run a single app in full-screen mode with no access to other system features.

Why this answer

The correct tool is 'Set up a kiosk' under Accounts > Other users in Windows Settings. This uses Assigned Access to lock the device to a single app and prevents users from leaving that app without an administrator password.

645
MCQhard

A user reports that a script they run daily now fails with 'Text file busy' error. The script is located on an NFS mount. Which command will show if the script is currently being used by another process?

A.fuser /path/to/script
B.ps aux | grep script
C.lsof /path/to/script
D.strace -p $(pgrep script)
AnswerC

lsof lists all open files and the associated processes; it will show if the script is in use.

Why this answer

This tests the lsof command, which lists open files and the processes using them. lsof /path/to/script shows which process has the file open, causing the 'Text file busy' error.

646
MCQhard

A technician is responding to a security incident where an employee's credentials were used to access a server without authorization. The employee claims they did not perform the action. Which of the following should the technician do first to remediate the compromised account?

A.Reset the account password and enable MFA.
B.Disable the account to prevent further access.
C.Review the server logs to determine the extent of the breach.
D.Notify the employee's manager and HR department.
AnswerB

Disabling the account is the first containment step; it stops the attacker from using the credentials while the investigation and remediation proceed.

Why this answer

The immediate step is to disable the compromised account to prevent further unauthorized access. Then the technician should force a password reset and enable multi-factor authentication (MFA) to secure the account. Logging and investigation follow containment.

647
MCQhard

A security analyst notices that an attacker has been sending emails that appear to come from the company's internal email system, asking employees to click a link to update their shared drive password. The link leads to a fake login page. The attacker is using a spoofed internal domain. What specific type of phishing is this?

A.Whaling
B.Spear phishing
C.Vishing
D.Pharming
AnswerB

Spear phishing is the correct term for targeted phishing attacks against specific people or groups.

Why this answer

Spear phishing is a targeted phishing attack aimed at specific individuals or groups within an organization. The use of a spoofed internal domain makes it more convincing. This contrasts with regular phishing, which is broader and less personalized.

648
MCQmedium

During a software deployment, a user reports that a stranger in a delivery uniform asked to use their computer to 'check a shipment status' and then quickly left. Later, the user notices unusual network activity. What should the technician investigate first?

A.Check the user's email for phishing messages.
B.Verify the delivery person's identity with the shipping company.
C.Scan the workstation for malware and review recent system changes.
D.Disable the user's network access permanently.
AnswerC

Given physical access, the attacker may have installed malware or created backdoors; scanning and auditing changes is the correct first step.

Why this answer

This scenario describes a pretexting attack where the attacker used a false identity (delivery person) to gain physical access to a computer. The technician should immediately check for unauthorized software or connections that may have been installed.

649
MCQmedium

A user reports that their Windows 10 computer is infected with a virus that keeps reinstalling itself after removal. What should you do to remediate this persistent infection?

A.Run a system restore to a previous restore point
B.Boot from a rescue disc or USB and run an antivirus scan
C.Disable System Restore and then run an antivirus scan in normal mode
D.Reinstall Windows from the recovery partition
AnswerB

Booting from trusted media bypasses the infected OS, enabling thorough removal without the virus interfering.

Why this answer

A virus that reinstalls itself likely has a rootkit or persistent mechanism. Booting from trusted media and scanning the offline system ensures the malware cannot run, allowing complete removal.

650
MCQmedium

During a routine hardware refresh, a technician finds a box of old USB flash drives that were used to store temporary project files. The drives are to be given to employees for personal use. What is the most practical way to ensure no project data remains?

A.Delete all files and empty the Recycle Bin.
B.Use a diskpart clean all command to overwrite every sector.
C.Microwave the flash drives to destroy the chips.
D.Reformat the drives with a quick format.
AnswerB

The 'clean all' command writes zeros to every sector, making data unrecoverable while preserving the drive's functionality.

Why this answer

USB flash drives use NAND flash memory, similar to SSDs. A full overwrite with zeros is effective for most flash drives, as it writes to all accessible blocks. However, some drives may have hidden areas, so a secure erase tool is recommended.

651
MCQmedium

A technician is configuring a new Windows 10 workstation for a user who handles sensitive financial data. The company policy mandates that the screen lock after 5 minutes of inactivity and require a password on wake. Which settings should the technician configure?

A.Set the power plan to turn off the display after 5 minutes.
B.Configure the screen saver to start after 5 minutes and check 'On resume, display logon screen.'
C.Enable the 'Require password on wakeup' setting in the power plan only.
D.Set the computer to sleep after 5 minutes and require a password on wake.
AnswerB

This combination locks the workstation after 5 minutes of inactivity and requires the user to log in again, meeting the policy.

Why this answer

The screen saver settings in Windows include an option to 'On resume, display logon screen,' which locks the workstation after the screen saver activates. Setting the screen saver timeout to 5 minutes and enabling the logon screen requirement meets the policy.

652
MCQmedium

A technician is on a support call with a user who has a strong accent and is speaking quickly. The technician is having difficulty understanding the issue. What is the most professional way to handle this?

A.Pretend to understand and hope the issue becomes clear during troubleshooting.
B.Ask the user to speak more slowly and repeat the problem, apologizing for the difficulty.
C.Transfer the call to a different technician who might understand the accent better.
D.Tell the user that their accent is hard to understand and ask them to email the problem instead.
AnswerB

This shows respect and a willingness to understand, which is key to effective communication.

Why this answer

Option B is correct because it demonstrates active listening and professional courtesy by politely asking the user to slow down and repeat the issue. This approach maintains rapport, ensures accurate information gathering, and avoids misdiagnosis that could lead to wasted time or incorrect troubleshooting steps. In a support context, clear communication is essential for identifying the root cause and applying the correct fix.

Exam trap

CompTIA often tests the candidate's ability to prioritize professional communication over technical shortcuts, and the trap here is that candidates may choose Option C (transfer the call) thinking it is efficient, but it actually violates the principle of taking ownership of the customer's issue.

How to eliminate wrong answers

Option A is wrong because pretending to understand risks missing critical details about the problem, leading to ineffective or even harmful troubleshooting steps that could escalate the issue or violate service-level agreements. Option C is wrong because transferring the call without first attempting to clarify the issue is unprofessional and may not resolve the communication barrier; it also wastes time and shifts responsibility unnecessarily. Option D is wrong because telling the user their accent is hard to understand is disrespectful and unprofessional, and asking them to email the problem bypasses real-time interaction, potentially delaying resolution and frustrating the user.

653
MCQmedium

A company is decommissioning a server that contained encrypted customer financial data. The IT manager wants to ensure the data is destroyed without damaging the hard drives, as they will be reused in test environments. Which method should be used?

A.Physically shred the drives.
B.Perform a standard format and reinstall the OS.
C.Issue a cryptographic erase command to the drive's self-encrypting feature.
D.Use a degausser on the drives.
AnswerC

Crypto erase changes the encryption key, rendering all data unreadable. The drive remains usable for testing.

Why this answer

For encrypted drives, a cryptographic erase (crypto erase) is the most efficient method. It destroys the encryption key, making the data inaccessible even if the encrypted data remains on the drive. This preserves the drive for reuse.

654
MCQeasy

A user reports that their browser frequently redirects to a search page they never set, and they see unfamiliar toolbars. After running a malware scan that found nothing, what should the technician do next to resolve the issue?

A.Replace the network cable.
B.Reset the browser settings to default.
C.Update the network adapter driver.
D.Reinstall the operating system.
AnswerB

Resetting the browser removes all add-ons, toolbars, and restores default homepage and search settings, which effectively eliminates browser hijackers.

Why this answer

This scenario describes a browser hijacker, which is often not detected by standard antivirus scans. Resetting the browser removes unwanted extensions, toolbars, and reverts the homepage and search engine settings, solving the problem without reinstalling the OS or replacing hardware.

655
MCQhard

A user's MacBook Air running macOS Ventura is experiencing intermittent kernel panics. The crashes seem to occur when the laptop is connected to a specific USB-C hub. Which macOS tool should you use to analyze the crash logs and identify the faulty driver?

A.System Information
B.Console
C.Activity Monitor
D.Terminal with 'sudo dmesg' command
AnswerB

Console allows you to view kernel panic logs and filter them by date and process to identify the problematic driver.

Why this answer

Console is the macOS tool for viewing system logs, including kernel panic logs. These logs contain stack traces that can point to a specific kernel extension (kext) or driver. System Information shows hardware but not crash details.

Terminal with 'log show' can also retrieve logs, but Console provides a graphical interface for filtering and analysis.

656
MCQeasy

A system administrator is deploying a PowerShell script to 100 computers to change the local administrator password. The script must run once per computer and then exit. Which scripting technique ensures the script runs exactly once on each machine?

A.Use a for loop to run the script 100 times
B.Write a registry key after successful execution
C.Use a parameter to pass the computer name
D.Schedule the script to run daily
AnswerB

Correct. The script can check for a registry key at startup; if it exists, the script exits. This ensures it runs only once per machine.

Why this answer

This question covers idempotency and run-once mechanisms. Using a registry key or a marker file to record that the script has executed prevents it from running again on reboot or reapplication. Loops and parameters don't enforce a single execution.

657
MCQmedium

A small business owner wants to ensure that all company laptops have their hard drives encrypted in case of theft. The laptops run Windows 10 Pro. Which technology should the technician enable to meet this requirement?

A.EFS (Encrypting File System)
B.Windows Defender Antivirus
C.BitLocker Drive Encryption
D.TPM (Trusted Platform Module)
AnswerC

BitLocker provides full-disk encryption for Windows 10 Pro and Enterprise, meeting the requirement for data protection on lost or stolen laptops.

Why this answer

BitLocker Drive Encryption (option C) is the correct technology because it provides full-disk encryption for Windows 10 Pro, ensuring that all data on the laptop's hard drive is encrypted at rest. This protects against data exposure if the device is stolen, as the drive cannot be accessed without the decryption key (e.g., a PIN, USB key, or TPM-based authentication). BitLocker is built into Windows 10 Pro and is specifically designed for whole-drive encryption, meeting the requirement for all company laptops.

Exam trap

The trap here is that candidates often confuse EFS (file-level encryption) with full-disk encryption, or they mistakenly think TPM alone provides encryption, when in fact TPM is merely a key storage and attestation component that requires BitLocker to enable drive encryption.

How to eliminate wrong answers

Option A is wrong because EFS (Encrypting File System) encrypts individual files or folders at the file system level, not the entire hard drive, and it does not protect system files or the operating system from offline access after theft. Option B is wrong because Windows Defender Antivirus is a malware protection tool that detects and removes malicious software; it does not provide any encryption or data protection for the hard drive. Option D is wrong because TPM (Trusted Platform Module) is a hardware security chip that can store encryption keys and support BitLocker, but it is not an encryption technology itself—it must be combined with BitLocker to achieve full-disk encryption.

658
MCQeasy

A small business is deploying a new accounting application across five workstations. The IT lead creates a detailed change request that includes the purpose, scope, risk assessment, and rollback plan. Which document should the IT lead update immediately after the deployment is successfully completed?

A.The firewall configuration log
B.The change request form
C.The employee handbook
D.The backup verification checklist
AnswerB

The change request form is the primary document that tracks the lifecycle of a change, including its completion status.

Why this answer

The change request form is the central document that tracks the entire lifecycle of a change, including planning, approval, implementation, and post-implementation review. Once the deployment is successfully completed, the IT lead must update the change request form to mark it as 'Closed' or 'Completed,' documenting the actual outcome, any deviations, and the final status. This ensures an accurate audit trail for compliance and future troubleshooting, as required by ITIL-based change management processes.

Exam trap

CompTIA often tests the misconception that a technical log or checklist (like a backup verification checklist) is the immediate post-deployment update, but the correct answer is always the formal change management document that captures the entire change lifecycle.

How to eliminate wrong answers

Option A is wrong because the firewall configuration log is a security-specific record that would only be updated if firewall rules were modified as part of the deployment; the question describes a standard application installation with no mention of firewall changes. Option C is wrong because the employee handbook is a general HR policy document that outlines company rules and procedures, not a technical record for tracking IT changes or deployments. Option D is wrong because the backup verification checklist is used to confirm that backups were successfully created before or after a change, but it is not the primary document for recording the completion and outcome of a change request.

659
MCQeasy

A user wants to encrypt a USB flash drive so that if it is lost, the data cannot be read on another computer. The USB drive will be used on both Windows 10 and Windows 11 devices. Which Windows feature should be used?

A.EFS (Encrypting File System)
B.BitLocker To Go
C.Windows Defender Encryption
D.Secure Boot
AnswerB

BitLocker To Go is designed for encrypting removable drives and works across Windows 10/11.

Why this answer

BitLocker To Go allows encryption of removable drives like USB flash drives. It is available in Pro and Enterprise editions of Windows and provides strong protection. The encrypted drive can be accessed on other Windows systems with the password or recovery key.

660
MCQeasy

A customer is frustrated because every time they plug in a USB flash drive, Windows automatically opens the folder and plays any media files. They want to stop this behavior but still want the drive to be recognized. Which Control Panel item should you use?

A.File Explorer Options
B.AutoPlay
C.Device Manager
D.Sound
AnswerB

AutoPlay in Control Panel allows you to choose what happens when you connect devices like USB drives, such as 'Open folder to view files' or 'Take no action'.

Why this answer

The AutoPlay settings in Control Panel let you configure default actions for different media types. Disabling or setting 'Take no action' for removable drives stops automatic folder opening and media playback without affecting drive recognition.

661
MCQeasy

A customer reports that their printer is not working after a recent Windows update. The technician suspects a driver issue. Which of the following is the BEST way to handle this situation while maintaining customer satisfaction?

A.Tell the customer that Windows updates often break things and they should avoid updates.
B.Ask the customer to try unplugging the printer and plugging it back in.
C.Say you will research the issue and call them back within an hour with steps.
D.Immediately remote into their computer and start checking settings without explaining.
AnswerC

This shows responsibility and sets a clear expectation, building trust.

Why this answer

Option C is correct because it demonstrates professional communication and sets realistic expectations. The technician acknowledges the issue, commits to researching the specific driver compatibility problem caused by the Windows update, and promises a follow-up within a defined timeframe. This approach maintains customer trust and avoids making promises or taking actions without a clear plan.

Exam trap

The trap here is that candidates may choose Option B (unplug/replug) because it is a common troubleshooting step, but the question specifically tests communication and professionalism, not basic hardware troubleshooting, so the best answer is the one that manages the customer's expectations and demonstrates a planned, researched response.

How to eliminate wrong answers

Option A is wrong because telling the customer to avoid Windows updates is unprofessional, dismissive, and fails to address the actual driver issue; updates are necessary for security and stability. Option B is wrong because asking the customer to unplug and replug the printer is a generic hardware reset step that does not resolve a driver conflict caused by a Windows update; it wastes the customer's time and shows a lack of diagnostic effort. Option D is wrong because immediately remote into the computer without explaining the action violates customer consent and transparency; it can cause confusion or alarm and does not build trust.

662
MCQmedium

A user is unable to install a new printer on their Windows 10 workstation because the 'Print Spooler' service is not running. You need to start the service and ensure it starts automatically on boot. Which tool should you use?

A.Device Manager
B.Services
C.Task Scheduler
D.System Configuration
AnswerB

Services provides the interface to manage all Windows services, including starting and setting startup types.

Why this answer

The Services console (services.msc) allows you to view, start, stop, and configure the startup type of Windows services. To fix the Print Spooler, you would open Services, find the Print Spooler service, start it, and set its startup type to Automatic.

663
MCQmedium

A technician needs to install a new hard drive in a computer that is under a strict security policy requiring all drives to be sanitized before disposal. The old drive will be replaced. What is the most secure method to ensure data cannot be recovered from the old drive?

A.Perform a quick format of the drive.
B.Use a degausser to erase the magnetic fields.
C.Run the Windows Disk Cleanup tool.
D.Delete all partitions using Disk Management.
AnswerB

Degaussing destroys the magnetic structure of the platters, making data unrecoverable. This meets strict security requirements.

Why this answer

A degausser generates a powerful magnetic field that physically randomizes the magnetic domains on the platters, effectively destroying all stored data and rendering the drive unusable. This is the only method listed that meets the strict security policy requirement for sanitization, as it prevents any possible data recovery even with advanced forensic tools.

Exam trap

CompTIA often tests the misconception that a quick format or partition deletion is sufficient for data sanitization, when in reality these methods only remove pointers to the data, leaving the raw data recoverable with simple tools.

How to eliminate wrong answers

Option A is wrong because a quick format only rewrites the file system metadata (e.g., the MFT or FAT) and does not erase the actual data on the disk; data remains recoverable with tools like TestDisk or PhotoRec. Option C is wrong because the Windows Disk Cleanup tool only removes temporary files and empties the Recycle Bin; it does not touch user data or system files on the drive. Option D is wrong because deleting partitions using Disk Management only removes the partition table entries, leaving the underlying data intact and fully recoverable until overwritten.

664
MCQmedium

A technician is deploying a new accounting software package across the company. The finance manager requests that the software be installed on their personal laptop, which is not company-managed. Company policy prohibits installing unapproved software on personal devices. How should the technician respond?

A."I'm sorry, but company policy doesn't allow installing this software on personal devices. However, I can help you set up remote access to a company workstation that has it."
B."I can install it, but you'll have to sign a waiver accepting all risks."
C."That's against policy. Please use a company laptop."
D."I'll need to get approval from IT management first. Can you email the request?"
AnswerA

This upholds policy while providing a practical alternative, demonstrating problem-solving and professionalism.

Why this answer

Option A is correct because it upholds the company's security policy by refusing to install unapproved software on a non-managed device, while still providing a practical solution: setting up remote access (e.g., via VPN and Remote Desktop Protocol) to a company workstation that already has the accounting software. This approach ensures compliance with policy and maintains data security by keeping the software within the managed environment.

Exam trap

CompTIA often tests the candidate's ability to balance policy enforcement with customer service, and the trap here is that candidates may choose a technically correct but unhelpful response (like C or D) instead of the one that both follows policy and provides a workable solution.

How to eliminate wrong answers

Option B is wrong because having the user sign a waiver does not negate the company policy; it still results in installing unapproved software on a personal device, which exposes the company to security risks such as data leakage or malware infection, and violates compliance requirements. Option C is wrong because while it correctly states the policy, it simply tells the user to use a company laptop without offering any immediate solution or guidance, which is unhelpful and fails to address the finance manager's need for access. Option D is wrong because it unnecessarily escalates the request to IT management for approval when the policy is already clear—this wastes time and does not resolve the user's need; the technician should know the policy and provide a compliant alternative directly.

665
MCQmedium

A user reports that their iPhone's camera app crashes immediately after opening, but other camera-related apps (like Instagram) work fine. They have already restarted the phone. Which iOS feature should you use to restore camera functionality without losing personal data?

A.Reset All Settings
B.Offload App
C.Erase All Content and Settings
D.Update iOS
AnswerB

Offload App deletes the app but preserves its data, so reinstalling from the App Store restores functionality without losing photos or settings.

Why this answer

This question tests iOS app-specific troubleshooting. The correct answer is 'Offload App', which removes the app but keeps its documents and data, allowing a fresh reinstall without data loss. This is ideal for fixing a corrupted app without a full restore.

666
MCQmedium

A small business owner wants to ensure that employees cannot install browser extensions or add-ons without administrator approval. Which method should the technician use to enforce this restriction across all company computers?

A.Configure each browser's settings manually on every computer.
B.Use Group Policy to disable extension installation.
C.Install a third-party firewall to block extension downloads.
D.Set the browser to private browsing mode.
AnswerB

Group Policy provides centralized control to block extension installations across all domain-joined computers.

Why this answer

Group Policy in Windows allows administrators to centrally manage browser settings, including preventing extension installations. This is the standard enterprise approach for enforcing security policies across multiple computers.

667
MCQmedium

A user complains that their laptop battery drains quickly and the device gets very hot. The battery is a lithium-ion type and is three years old. What is the most environmentally responsible recommendation?

A.Replace the entire laptop with a new Energy Star model.
B.Remove the battery and run the laptop only on AC power.
C.Replace the battery with a compatible model and recycle the old battery at a certified e-waste facility.
D.Continue using the laptop until the battery fails completely.
AnswerC

This prolongs the laptop's life and ensures the old battery is disposed of safely.

Why this answer

Option C is correct because it directly addresses the user's complaint (battery degradation causing heat and poor runtime) while ensuring responsible disposal of the hazardous lithium-ion battery. Recycling at a certified e-waste facility prevents toxic materials from entering landfills and allows recovery of valuable metals, aligning with environmental best practices.

Exam trap

The trap here is that candidates may choose Option B (remove battery and run on AC) thinking it solves the heat issue, but they overlook that the old battery still needs proper disposal and that the laptop's heat could stem from other factors like dust or failing thermal paste.

How to eliminate wrong answers

Option A is wrong because replacing the entire laptop when only the battery is faulty is wasteful and unnecessarily increases e-waste, even if the new model is Energy Star rated. Option B is wrong because removing the battery and running solely on AC power does not solve the heat issue (the laptop may still throttle or run hot due to other components) and leaves the old battery unaddressed, which could still pose a fire risk if stored improperly. Option D is wrong because continuing to use a degraded lithium-ion battery risks thermal runaway, swelling, or leakage, and delays responsible recycling, which is environmentally harmful.

668
MCQhard

A technician is investigating a security incident where a user's virtual machine was compromised. The technician suspects that the VM was infected with malware that spread from the host. Which virtualization security best practice would have prevented this?

A.Enable snapshots for all VMs.
B.Use a Type 2 hypervisor for better isolation.
C.Keep the hypervisor and host OS updated with security patches.
D.Assign more virtual CPUs to the VM.
AnswerC

Regular updates patch vulnerabilities that could be exploited for VM escape, preventing malware from spreading between host and VM.

Why this answer

This question tests understanding of VM isolation and security. VM escape attacks allow malware to break out of a VM and infect the host. Using a Type 1 hypervisor reduces the attack surface, but the best prevention is to ensure proper isolation and keep the hypervisor updated.

However, the question implies the infection spread from host to VM, which is the opposite; the correct answer focuses on preventing cross-VM infection. The most direct prevention is to use separate virtual switches and network segmentation, which is not listed. Among the options, keeping the hypervisor updated is the best general practice to prevent VM escape vulnerabilities.

669
MCQeasy

During a security audit, you discover that a Windows 10 workstation has the 'Store passwords and credentials using reversible encryption' policy enabled. What is the primary security risk associated with this setting?

A.It increases the time required to log on to the system.
B.It allows users to bypass the password complexity requirement.
C.It stores passwords in a format that can be easily decrypted, making them vulnerable if the database is compromised.
D.It prevents the use of biometric authentication methods.
AnswerC

This is the core risk: reversible encryption allows passwords to be recovered as plaintext, which is a major security vulnerability.

Why this answer

This question tests understanding of password storage policies. Reversible encryption means passwords are stored in a format that can be decrypted back to plaintext, which is a significant security risk if an attacker gains access to the SAM database. This setting should only be enabled when required by specific applications, such as those using CHAP authentication.

670
MCQhard

A company is migrating from Windows 10 to Windows 11 on several workstations. You need to verify that each computer meets the minimum hardware requirements, including TPM 2.0 and Secure Boot capability, before deploying the upgrade. Which built-in tool should you run on each machine to generate a compatibility report?

A.System Information (msinfo32.exe) and manually check the System Summary for TPM and Secure Boot status.
B.Windows 11 PC Health Check app (downloaded from Microsoft).
C.Deployment Imaging and Servicing Management (DISM) with the /Get-CurrentEdition option.
D.System Restore (rstrui.exe) to revert to a previous state if the upgrade fails.
AnswerB

This tool is specifically designed to check Windows 11 compatibility and provides a clear pass/fail report.

Why this answer

The Windows 11 PC Health Check app is the official Microsoft tool designed specifically to verify compatibility with Windows 11, including TPM 2.0 and Secure Boot capability. It generates a detailed compatibility report, making it the correct built-in tool for this pre-upgrade validation task.

Exam trap

The trap here is that candidates may confuse the PC Health Check app with the older Windows 10 Upgrade Assistant or rely on manual checks via msinfo32, but the exam specifically tests knowledge of the dedicated compatibility tool introduced for Windows 11.

How to eliminate wrong answers

Option A is wrong because manually checking System Information (msinfo32.exe) for TPM and Secure Boot status is inefficient and does not generate a compatibility report; it only displays raw hardware data without assessing Windows 11 requirements. Option C is wrong because DISM with /Get-CurrentEdition is used to display the current edition of Windows (e.g., Pro, Enterprise) and is unrelated to hardware compatibility checks. Option D is wrong because System Restore (rstrui.exe) is a recovery tool for reverting system changes, not a compatibility assessment tool.

671
MCQeasy

A user reports that their Windows 10 laptop takes a very long time to boot and shows a 'Preparing Automatic Repair' message before eventually loading the desktop. They mention this started after a power outage. Which Windows tool should you use first to diagnose and attempt to fix the boot issue?

A.System Restore
B.Startup Repair
C.Reset this PC
D.System File Checker (sfc /scannow)
AnswerB

Startup Repair is designed to diagnose and fix boot problems like corrupted BCD or missing system files, making it the correct first step.

Why this answer

The 'Preparing Automatic Repair' loop often indicates a corrupted boot configuration or system file. Using the Startup Repair tool from the Windows Recovery Environment (WinRE) is the first recommended step, as it can automatically fix many common boot problems without needing to reinstall the OS.

672
MCQeasy

A user reports that their Windows 10 laptop is running slowly and frequently shows a 'Low Memory' warning. They have 8 GB of RAM and are not running any unusual applications. Which built-in Windows tool should you use to determine if a specific process is leaking memory?

A.Performance Monitor
B.Task Manager
C.Event Viewer
D.System Configuration (msconfig)
AnswerB

Task Manager's Processes tab shows current memory usage for each process, making it ideal for spotting a memory leak.

Why this answer

Task Manager (Option B) is the correct tool because it provides a real-time view of per-process memory usage, including the 'Memory (Active Private Working Set)' column, which can identify a process that is consuming an abnormally increasing amount of RAM over time—indicative of a memory leak. Unlike other tools, Task Manager allows you to quickly sort processes by memory usage and observe growth without needing to configure counters or parse logs.

Exam trap

CompTIA often tests the misconception that Performance Monitor is the only tool for memory leak diagnosis, but Task Manager is the correct first-line tool for quickly identifying a leaking process in a user-reported scenario.

How to eliminate wrong answers

Option A is wrong because Performance Monitor requires you to manually add specific counters (e.g., Process\Private Bytes) and set up data collector sets to track memory usage over time, which is more complex and not the quickest built-in tool for identifying a leaking process on a user's laptop. Option C is wrong because Event Viewer logs system, security, and application events, but it does not display real-time per-process memory consumption or memory leak patterns; it would only show low memory warnings after the fact, not the specific process causing the leak. Option D is wrong because System Configuration (msconfig) is used to manage boot options, startup programs, and services, not to monitor or diagnose active memory usage or leaks.

673
MCQhard

A technician needs to deploy a custom security policy to all Windows 10 workstations in a small office. The policy must restrict access to the Control Panel and prevent users from changing system settings. Which administrative tool should be used to create and apply this policy locally on each machine?

A.Local Security Policy (secpol.msc)
B.User Accounts (netplwiz)
C.Local Group Policy Editor (gpedit.msc)
D.System Configuration (msconfig)
AnswerC

Local Group Policy Editor provides Administrative Templates that include settings to hide or restrict access to Control Panel and system settings.

Why this answer

The Local Group Policy Editor (gpedit.msc) allows administrators to configure detailed security and restriction policies for users and computers. It is available on Windows Pro/Enterprise editions and is the correct tool for applying such restrictions locally. Other tools like Local Security Policy or User Accounts have limited scope.

674
MCQeasy

A company wants to secure its server room door so that only authorized personnel can enter. They need a system that can be quickly revoked if an employee leaves and that logs entry attempts. Which physical security control best meets these requirements?

A.A combination lock with a shared code.
B.A biometric fingerprint scanner.
C.An electronic key card system.
D.A physical key and lock system.
AnswerC

Key cards can be individually deactivated and generate logs of each entry attempt.

Why this answer

Electronic key card systems provide both access control and audit trails, making them ideal for environments where access needs to be centrally managed and logged. This question tests the ability to match a security requirement to the appropriate control.

675
MCQhard

A security incident occurred on a Windows 10 workstation where an unauthorized user gained access. The technician needs to review detailed security events, such as logon attempts and file access, to determine the scope of the breach. Which tool should the technician use to examine these logs?

A.Event Viewer
B.Resource Monitor
C.Performance Monitor
D.Local Security Policy
AnswerA

Event Viewer's Windows Logs > Security section contains detailed records of security-related events, such as logon successes and failures.

Why this answer

Event Viewer is the correct tool because it provides a centralized, detailed log of security-related events, including logon attempts (Event ID 4624 for successful logons, 4625 for failed logons) and file access audits (Event ID 4663). These logs are essential for forensic analysis to determine the scope of a breach on a Windows 10 workstation.

Exam trap

CompTIA often tests the distinction between tools that configure security settings (Local Security Policy) versus tools that review logged events (Event Viewer), leading candidates to confuse policy configuration with log review.

How to eliminate wrong answers

Option B (Resource Monitor) is wrong because it focuses on real-time performance data such as CPU, memory, disk, and network usage, not historical security event logs. Option C (Performance Monitor) is wrong because it tracks system performance counters and creates data collector sets for performance analysis, not security event auditing. Option D (Local Security Policy) is wrong because it is used to configure security settings like password policies and audit policies, not to review existing event logs.

Page 8

Page 9 of 10

Page 10

All pages