CCNA Scripting Basics Questions

30 questions · Scripting Basics · All types, answers revealed

1
MCQmedium

A user reports that a VBScript logon script that maps network drives stopped working after a Windows update. The script uses the MapNetworkDrive method. Other scripts on the same computer work fine. What is the most likely cause?

A.The script file was deleted by Windows Defender.
B.The update changed the default script host to PowerShell.
C.The update disabled VBScript execution for security reasons.
D.The network share requires SMB 2.0, which is no longer supported.
AnswerC

Microsoft has been disabling VBScript by default in some updates to improve security.

Why this answer

Option C is correct because recent Windows updates have tightened security around legacy scripting hosts, including cscript.exe and wscript.exe. Specifically, Microsoft has introduced a default behavior that blocks VBScript execution via the Windows Script Host unless explicitly allowed by Group Policy or registry settings. Since the user reports that only the VBScript logon script fails while other scripts work, the most likely cause is that the update disabled VBScript execution, not that the script was deleted or that the script host was changed to PowerShell.

Exam trap

The trap here is that candidates may assume a network or SMB protocol issue (Option D) because the script maps network drives, but the question explicitly states other scripts work, pointing to a scripting engine change rather than a network problem.

How to eliminate wrong answers

Option A is wrong because Windows Defender does not delete legitimate logon scripts; it quarantines detected malware, and the user reports other scripts work fine, indicating no system-wide deletion. Option B is wrong because Windows updates do not change the default script host from VBScript to PowerShell; the default host for .vbs files remains wscript.exe unless explicitly reconfigured, and PowerShell scripts use a different file extension (.ps1). Option D is wrong because SMB 2.0 is still supported in modern Windows versions; the issue is specific to VBScript execution, not network protocol compatibility.

2
MCQhard

A technician needs to deploy a script to 100 Windows 10 computers that will change the local administrator password. The script must run with elevated privileges and not leave the password visible in the script file. Which approach is most secure?

A.Store the password in a plain text file and have the script read it.
B.Use Group Policy Preferences to set the local administrator password.
C.Embed the password in the script using a variable and run it from a hidden share.
D.Use a scheduled task that runs the script as SYSTEM.
AnswerB

Group Policy Preferences can set the password securely with encryption and no script exposure.

Why this answer

Group Policy Preferences (GPP) allows administrators to configure local account passwords securely by encrypting the password in the policy XML file using a 32-byte AES key (though this key is publicly documented, it still provides obfuscation). When deployed via Group Policy, the password is applied with SYSTEM privileges automatically, eliminating the need for a script with embedded credentials or a separate scheduled task. This approach meets the requirements of elevated execution and password non-visibility in a script file.

Exam trap

CompTIA often tests the misconception that embedding a password in a script variable or using SYSTEM-level execution is sufficient for security, when in fact the password remains visible in the script file itself, which is the core vulnerability being assessed.

How to eliminate wrong answers

Option A is wrong because storing the password in a plain text file and having the script read it leaves the password fully visible and accessible to anyone who can read the file, violating the requirement to not leave the password visible. Option C is wrong because embedding the password in a script variable, even if run from a hidden share, still exposes the password in plain text within the script file itself, which can be viewed by anyone with access to the share or the script. Option D is wrong because using a scheduled task running as SYSTEM does not address the password visibility issue—the script would still need to contain or reference the password in plain text, or rely on an insecure storage method.

3
MCQhard

A technician is writing a Python script to automate the installation of software on multiple Windows machines. The script needs to check if the software is already installed by looking for a specific registry key. If the key exists, the script should skip the installation. Which Python library and method should the technician use to read the registry?

A.Use the 'os' module with 'os.regread'
B.Use the 'subprocess' module to run 'reg query'
C.Use the 'winreg' module with 'OpenKey' and 'QueryValueEx'
D.Use the 'sys' module to access registry via system calls
AnswerC

The winreg module is designed for registry access and provides the necessary functions.

Why this answer

The `winreg` module is the standard Python library for accessing the Windows registry. `OpenKey` opens a specified registry key, and `QueryValueEx` retrieves the value data and type for a given value name. This allows the script to check for the software's registry key and conditionally skip installation if it exists.

Exam trap

CompTIA often tests the distinction between general-purpose modules (`os`, `sys`, `subprocess`) and platform-specific modules (`winreg`), trapping candidates who assume a generic module can handle registry access or who overlook the native Python library for Windows registry operations.

How to eliminate wrong answers

Option A is wrong because the `os` module does not have an `os.regread` function; it provides operating system interfaces like file and process management, not registry access. Option B is wrong because while `subprocess` can run `reg query`, it is an indirect, slower, and less reliable method that requires parsing command output, whereas `winreg` provides direct, native registry access. Option D is wrong because the `sys` module provides system-specific parameters and functions (e.g., `sys.path`, `sys.argv`), not registry access; it cannot be used to read the registry via system calls.

4
MCQmedium

A user reports that a scheduled task runs a VBScript every morning, but the script fails with an 'ActiveX component can't create object' error. The script uses a COM object to interact with an application. What is the most likely cause of this error?

A.The script is running with insufficient permissions to create files
B.The COM object's DLL is not registered or the application is not installed
C.The script contains a syntax error in the CreateObject line
D.The scheduled task is set to run when the user is not logged in
AnswerB

CreateObject requires the COM component to be registered; if missing, the error occurs.

Why this answer

The 'ActiveX component can't create object' error occurs when the VBScript's CreateObject call fails because the COM class it references is not available. This typically means the DLL that implements the COM object is not registered (e.g., via regsvr32) or the application that provides the object is not installed on the system. Without the registered COM component, the script cannot instantiate the object, leading to this specific runtime error.

Exam trap

CompTIA often tests the distinction between runtime COM registration errors and other script failures, so the trap here is that candidates mistakenly attribute the error to permissions or syntax when the root cause is a missing or unregistered COM component.

How to eliminate wrong answers

Option A is wrong because insufficient permissions to create files would produce a 'Permission denied' error, not an 'ActiveX component can't create object' error, which is specifically about COM instantiation failure. Option C is wrong because a syntax error in the CreateObject line would cause a compile-time error (e.g., 'Expected end of statement') before the script even attempts to create the object, not a runtime 'ActiveX component can't create object' error. Option D is wrong because the scheduled task running when the user is not logged in can cause issues with interactive desktop access or network drives, but it does not prevent COM object creation; the error is about the COM component itself being missing or unregistered, not about session context.

5
MCQhard

A technician is reviewing a PowerShell script that was used in a ransomware attack. The script contains a line that downloads and executes a payload from a remote server. The script uses a technique to bypass execution policy. Which scripting technique is most likely used to bypass the execution policy?

A.Using the 'Set-ExecutionPolicy' cmdlet to change the policy to Unrestricted
B.Using the '-ExecutionPolicy Bypass' parameter when launching PowerShell
C.Using the 'powershell.exe -Command' syntax with an encoded command
D.Signing the script with a self-signed certificate
AnswerB

Correct. This parameter overrides the execution policy for that session only, allowing the script to run without changing system settings. It is a common technique used by attackers.

Why this answer

The '-ExecutionPolicy Bypass' parameter when launching PowerShell tells the PowerShell engine to bypass the execution policy for that session only, allowing any script to run without restriction. This is a common technique used by attackers because it does not require administrative privileges or permanent policy changes, making it stealthy and effective for executing malicious payloads.

Exam trap

CompTIA often tests the distinction between permanently changing the execution policy (which requires admin rights and is detectable) versus using a session-level parameter to bypass it (which is stealthy and does not require admin rights), leading candidates to mistakenly choose the 'Set-ExecutionPolicy' option.

How to eliminate wrong answers

Option A is wrong because using the 'Set-ExecutionPolicy' cmdlet to change the policy to Unrestricted requires administrative privileges and leaves a persistent change that can be detected by security tools; it is not a stealthy bypass technique. Option C is wrong because using 'powershell.exe -Command' with an encoded command is a method to obfuscate the command or avoid character restrictions, but it does not bypass the execution policy—if the policy blocks script execution, the encoded command will still be blocked unless the policy is bypassed separately. Option D is wrong because signing the script with a self-signed certificate does not bypass execution policy; it only allows the script to run if the execution policy is set to AllSigned or RemoteSigned and the certificate is trusted, which is not a bypass technique and requires additional configuration.

6
MCQmedium

A security incident occurs where an unauthorized PowerShell script was executed on a server, exfiltrating data. The IT manager wants to prevent any unsigned PowerShell scripts from running on all domain computers. Which scripting security measure should be implemented?

A.Set the execution policy to Restricted
B.Set the execution policy to AllSigned
C.Set the execution policy to RemoteSigned
D.Disable PowerShell using Group Policy
AnswerB

Correct. AllSigned requires all scripts to be digitally signed by a trusted publisher. This blocks unsigned scripts while allowing signed, trusted scripts to run.

Why this answer

Option B is correct because setting the execution policy to AllSigned requires that all PowerShell scripts, including those written locally, be digitally signed by a trusted publisher before they can run. This directly addresses the requirement to prevent any unsigned PowerShell scripts from executing on domain computers, as it blocks both remote and local unsigned scripts.

Exam trap

The trap here is that candidates often confuse RemoteSigned with AllSigned, assuming that blocking internet-sourced scripts is sufficient, but they overlook that locally created unsigned scripts (e.g., written by an attacker after gaining access) remain a threat.

How to eliminate wrong answers

Option A is wrong because setting the execution policy to Restricted prevents all PowerShell scripts from running, which is overly restrictive and would block legitimate administrative scripts, not just unsigned ones. Option C is wrong because RemoteSigned only requires scripts downloaded from the internet to be signed; locally created scripts can run unsigned, leaving a gap for attackers to execute locally crafted malicious scripts. Option D is wrong because disabling PowerShell entirely via Group Policy is a heavy-handed approach that breaks legitimate administrative tasks and automation, whereas the requirement is specifically to control script execution, not remove the tool.

7
MCQmedium

A technician is troubleshooting a batch script that is supposed to delete temporary files older than 30 days. The script runs without errors but does not delete any files. The technician suspects the script's logic is flawed. Which part of the script is most likely incorrect?

A.The script uses the 'del' command without a path
B.The script uses 'forfiles' with the wrong date syntax
C.The script runs as a standard user without admin rights
D.The script uses 'echo' instead of 'del'
AnswerB

Correct. Forfiles uses the '/d' parameter with a date string like '-30' for days. If the syntax is wrong (e.g., using '30' instead of '-30'), it will not match any files.

Why this answer

This tests understanding of file management commands and conditionals in batch scripting. The FORFILES command with date filtering is commonly used for this. If the script uses a simple 'del' without date checking, it will delete all files or none.

The issue is likely that the script does not properly compare file dates.

8
MCQmedium

A technician needs to write a batch script that will copy a configuration file from a network share to the local system32 directory only if the file on the share is newer than the local copy. Which command should the technician use to perform this conditional copy?

A.copy /y \\server\share\config.txt C:\Windows\System32\
B.xcopy \\server\share\config.txt C:\Windows\System32\ /d /y
C.robocopy \\server\share C:\Windows\System32 config.txt /mir
D.move /y \\server\share\config.txt C:\Windows\System32\
AnswerB

Xcopy with /d copies only if the source is newer, and /y suppresses prompts.

Why this answer

The 'xcopy' command with the /d switch copies files only if the source is newer than the destination. This is a common requirement for updating configuration files without overwriting newer local versions. The /y switch suppresses confirmation prompts.

9
MCQmedium

A company uses a login script that sets environment variables and maps drives based on the user's department. The script works for most users, but some report that the drive mappings are missing. The script is written in batch and uses 'if' statements to check department codes. What is the most likely cause of the intermittent failures?

A.The script runs too early before the network is fully initialized
B.The department codes in the script do not match the actual codes due to case sensitivity
C.The script is using 'setx' instead of 'set' for environment variables
D.The user accounts lack permission to run login scripts
AnswerB

Batch 'if' comparisons are case-sensitive by default, so 'Sales' and 'sales' would not match, causing the mapping to be skipped.

Why this answer

Batch file 'if' statements are case-sensitive by default when comparing strings. If the script checks for department codes like 'SALES' but the actual environment variable or user input contains 'sales' or 'Sales', the comparison fails and the drive mapping block is skipped. This explains why the issue is intermittent — it depends on how the department code is stored or passed.

Exam trap

CompTIA often tests the case sensitivity of batch file string comparisons, knowing that candidates assume string comparisons are case-insensitive by default, leading them to overlook this subtle but critical behavior.

How to eliminate wrong answers

Option A is wrong because network initialization issues would affect all users or cause complete failure, not just drive mappings for specific departments, and the script works for most users. Option C is wrong because 'setx' sets persistent environment variables, which would not cause intermittent drive mapping failures; the script uses 'set' for temporary variables, and the issue is with conditional logic, not variable persistence. Option D is wrong because if user accounts lacked permission to run login scripts, the script would fail entirely for those users, not just skip drive mappings intermittently.

10
MCQmedium

A user reports that a scheduled task running a VBScript fails every time the computer is rebooted. The script works when run manually. The technician checks the task properties and sees the task is set to run with the user's credentials. Which scripting-related issue is most likely causing the failure?

A.The script has a syntax error
B.The script uses absolute paths that change after reboot
C.The task is set to run only when the user is logged on
D.The script is blocked by antivirus software
AnswerC

Correct. If the task is set to run only when the user is logged on, it will fail after reboot if no user logs on interactively. Changing it to 'run whether user is logged on or not' with stored credentials fixes it.

Why this answer

This tests understanding of script execution context and permissions. When a script runs under a user account, it may not have the necessary permissions to access network resources or system files after reboot if the user isn't logged on. The 'run whether user is logged on or not' option requires the password to be stored, and if the password changes or is not provided, the task fails.

11
MCQeasy

A technician needs to deploy a configuration change to 50 Windows 10 computers using a script. The script must check if a specific registry key exists before modifying it. Which scripting construct should be used?

A.A for loop
B.A while loop
C.An if-else statement
D.A try-catch block
AnswerC

An if-else statement allows the script to test for the registry key's existence and then act accordingly.

Why this answer

The script needs to conditionally execute code based on whether a registry key exists. An if-else statement is the correct construct for this because it evaluates a condition (e.g., Test-Path 'HKLM:\Software\MyKey') and executes one block if true (modify the key) and another if false (skip or create). Loops are for repetition, not conditional branching, and try-catch handles runtime errors, not existence checks.

Exam trap

The trap here is that candidates confuse conditional logic (if-else) with error handling (try-catch), thinking that checking for existence requires exception handling, when in fact a simple conditional test is the correct and more efficient approach.

How to eliminate wrong answers

Option A is wrong because a for loop is designed for iterating over a sequence or a fixed number of times, not for making a single conditional decision about a registry key's existence. Option B is wrong because a while loop repeats a block of code as long as a condition is true, which is unnecessary for a one-time check and could cause an infinite loop if misused. Option D is wrong because a try-catch block is used to handle exceptions (runtime errors) such as access denied or missing paths, not to test for the existence of a registry key before modification.

12
MCQmedium

A technician is writing a PowerShell script to check the last boot time of a remote computer. The script uses Get-CimInstance Win32_OperatingSystem. The script works locally but fails with an access denied error when targeting a remote machine. Both computers are domain-joined and the technician has admin rights. What is the most likely issue?

A.The remote computer does not have PowerShell installed.
B.The remote computer has Windows Firewall blocking WMI traffic.
C.The script uses an incorrect namespace.
D.The technician is not a member of the Remote Management Users group.
AnswerB

WMI remote connections require specific firewall rules; if blocked, access is denied.

Why this answer

Get-CimInstance uses the WS-Management (WSMan) protocol, which relies on WinRM. By default, Windows Firewall blocks inbound WinRM traffic on port 5985 (HTTP) and 5986 (HTTPS). Even though the technician has admin rights and both machines are domain-joined, the remote firewall must allow WinRM traffic for the CIM session to succeed.

The local success is because no firewall traversal is needed.

Exam trap

CompTIA often tests the misconception that access denied errors are always due to permissions or group membership, when in fact network-level firewall blocking of WinRM/WMI traffic is a frequent real-world cause.

How to eliminate wrong answers

Option A is wrong because PowerShell is not required on the remote machine for Get-CimInstance; it uses WMI via WinRM, which only requires the WMI service to be running. Option C is wrong because the default namespace for Win32_OperatingSystem is root/cimv2, which is correct and not the cause of an access denied error. Option D is wrong because the Remote Management Users group is not required for WMI access; membership in the local Administrators group on the remote computer is sufficient for WMI queries.

13
MCQmedium

A technician is writing a PowerShell script to retrieve the IP configuration of all computers in a domain and output the results to a CSV file. The script must run on a management workstation and target remote machines. Which cmdlet should the technician use to execute commands on remote computers?

A.Invoke-Command
B.Enter-PSSession
C.Get-WmiObject
D.Out-File
AnswerA

Correct. Invoke-Command runs a script block on one or more remote computers and returns results, perfect for gathering data from many machines.

Why this answer

Invoke-Command is the correct cmdlet because it is designed to execute PowerShell commands or script blocks on one or more remote computers and return the results to the local session. This allows the technician to run the IP configuration retrieval script against all domain computers from the management workstation and then pipe the output to Export-Csv.

Exam trap

CompTIA often tests the distinction between interactive remote sessions (Enter-PSSession) and one-off command execution (Invoke-Command), leading candidates to choose Enter-PSSession when the requirement is to run a script against multiple computers and capture output.

How to eliminate wrong answers

Option B (Enter-PSSession) is wrong because it creates an interactive, persistent session with a single remote computer, which is not suitable for running a script against multiple remote machines and capturing output to a CSV file. Option C (Get-WmiObject) is wrong because while it can retrieve WMI data from remote computers using the -ComputerName parameter, it is not a cmdlet for executing arbitrary PowerShell commands or script blocks; it is a specific cmdlet for WMI queries. Option D (Out-File) is wrong because it is used to send output to a text file on the local machine, not to execute commands on remote computers.

14
MCQeasy

A user reports that their Windows 10 computer runs a script every time they log in that maps a network drive, but the drive mapping fails intermittently. The script uses the 'net use' command. Which scripting element should be added to handle the failure gracefully and retry the mapping?

A.A comment line explaining the net use syntax
B.A variable to store the drive letter
C.An exit code check and a loop to retry the mapping
D.A 'pause' command after the net use line
AnswerC

Checking the exit code allows the script to detect failure and a loop can retry the command until success or a maximum number of attempts.

Why this answer

This question tests basic error handling in scripting. Adding error-checking logic, such as checking the exit code of 'net use' and retrying if it fails, makes the script more robust. A simple 'if errorlevel' or 'if %errorlevel% neq 0' construct allows the script to retry the command instead of failing silently.

15
MCQhard

A technician is creating a PowerShell script that must be deployed via Group Policy to all workstations. The script should run in the user context and display a message if the user's password is about to expire within 7 days. The script must not show any PowerShell console window. Which scripting technique should be used?

A.Use the 'Write-Host' cmdlet to display the message
B.Use a VBScript with a pop-up message box
C.Use the '-NoProfile' parameter when starting PowerShell
D.Use a scheduled task with 'Run whether user is logged on or not'
AnswerB

Correct. A VBScript can create a pop-up message box using 'MsgBox' and can be run with 'WScript.Shell' in hidden mode, satisfying both the hidden window and user notification requirements.

Why this answer

Option B is correct because VBScript's `MsgBox` function creates a pop-up message box that runs in the user context without a console window, making it ideal for displaying password-expiry warnings via Group Policy. PowerShell scripts, even with `-WindowStyle Hidden`, briefly flash a console window unless compiled into an executable, which violates the requirement to show no console window. VBScript natively integrates with Windows Script Host (WSH) to produce a GUI pop-up without any console overhead.

Exam trap

The trap here is that candidates assume PowerShell's `-WindowStyle Hidden` or `-NoProfile` eliminates the console window entirely, but they overlook that PowerShell.exe is inherently a console application and will still flash a window, whereas VBScript's `wscript.exe` host runs without any console.

How to eliminate wrong answers

Option A is wrong because `Write-Host` outputs text to the PowerShell console, which would display a console window, contradicting the requirement to show no console. Option C is wrong because `-NoProfile` only prevents loading PowerShell profiles, but does not suppress the console window itself; the script would still launch a visible PowerShell window. Option D is wrong because a scheduled task with 'Run whether user is logged on or not' runs in the system context, not the user context, and would not display a message to the logged-on user.

16
MCQmedium

A technician needs to write a script that runs a specific command only if a Windows service is running. If the service is stopped, the script should start it first. Which scripting method is most appropriate?

A.Use a for loop to iterate over all services.
B.Use an if-else statement to check the service status.
C.Use a switch statement with multiple conditions.
D.Use a try-catch block to handle errors if the command fails.
AnswerB

An if-else statement can evaluate the service state and execute different commands accordingly.

Why this answer

The correct answer is B because an if-else statement is the most appropriate scripting method to check the status of a specific Windows service and conditionally execute a command or start the service. In PowerShell, you can use `Get-Service` to retrieve the service status and then an if-else block to evaluate whether the `Status` property equals 'Running'. This provides clear, linear logic that directly matches the requirement without unnecessary complexity.

Exam trap

CompTIA often tests the distinction between conditional logic (if-else) and error handling (try-catch), leading candidates to mistakenly choose try-catch because they think it can 'handle' a stopped service, but it cannot evaluate the service state before the command runs.

How to eliminate wrong answers

Option A is wrong because a for loop that iterates over all services is inefficient and unnecessary; the requirement is to check only one specific service, not all services. Option C is wrong because a switch statement is designed for multiple discrete value matches, not for a simple binary check of a service status (running vs. stopped), and it would overcomplicate the logic. Option D is wrong because a try-catch block handles runtime errors (e.g., service not found or access denied) but does not provide conditional logic to check the service status before deciding whether to start it.

17
MCQmedium

A security incident occurred where an attacker modified a PowerShell script on a file server to include malicious commands. The script is executed daily by a scheduled task. Which scripting security best practice could have prevented this attack?

A.Store the script in a hidden folder
B.Set the script file to read-only
C.Use a digital signature to sign the script and enforce execution policy
D.Compile the script into an executable
AnswerC

Signing ensures integrity; if the script is modified, the signature becomes invalid and execution is blocked.

Why this answer

Option C is correct because enforcing an execution policy that requires scripts to be digitally signed ensures that only scripts signed by a trusted publisher can run. If the attacker modified the script, the digital signature would become invalid, and the execution policy would block the script from running, preventing the malicious commands from executing.

Exam trap

The trap here is that candidates often choose 'Set the script file to read-only' because they think file permissions alone are sufficient, but Cisco tests that integrity verification (via digital signatures) is the only way to detect unauthorized modifications in a script that is executed automatically.

How to eliminate wrong answers

Option A is wrong because storing the script in a hidden folder does not prevent modification; hidden folders are easily revealed via File Explorer settings or command-line tools like `dir /a`. Option B is wrong because setting the script file to read-only can be bypassed by an attacker with sufficient privileges (e.g., taking ownership or modifying permissions), and it does not verify the script's integrity. Option D is wrong because compiling a PowerShell script into an executable does not prevent modification; the executable can still be decompiled or replaced, and it does not enforce integrity checks like a digital signature.

18
MCQeasy

A help desk agent receives a call from a user who receives a 'file not found' error when running a PowerShell script that was working yesterday. The user says they didn't change anything. The script is stored on a network share. Which scripting concept is most likely causing the issue?

A.Execution policy
B.File permissions
C.Script syntax error
D.Network connectivity
AnswerA

Correct. Execution policy settings can block scripts from running, and a change in policy would cause a 'file not found' error if the script is not digitally signed or the policy was set to Restricted.

Why this answer

The most likely cause is the PowerShell execution policy, which controls whether scripts can run on a system. Even though the script worked yesterday, a Group Policy update, a system reboot, or a security change could have reset or tightened the execution policy to 'Restricted' or 'AllSigned' without the user's knowledge. Since the script is on a network share, the execution policy may also block scripts from remote locations (e.g., 'RemoteSigned' requires a trusted publisher for downloaded scripts), causing the 'file not found' error when PowerShell cannot execute the script due to policy restrictions.

Exam trap

CompTIA often tests the misconception that a 'file not found' error always means the file is missing or permissions are wrong, but in PowerShell, the execution policy can cause this error when the script exists but is blocked from running, especially from a network share.

How to eliminate wrong answers

Option B (File permissions) is wrong because a permissions issue would typically produce an 'access denied' error, not a 'file not found' error, and the user states the script was working yesterday without changes. Option C (Script syntax error) is wrong because a syntax error would generate a specific parsing or runtime error message, not a 'file not found' error, and the script was working previously. Option D (Network connectivity) is wrong because a connectivity issue would result in a 'network path not found' or 'drive not available' error, not a 'file not found' error, and the user can likely still access the share (the file exists but PowerShell refuses to run it).

19
MCQeasy

A user reports that a scheduled backup script on their Windows 10 workstation runs every day but fails to complete. The script uses PowerShell to copy files to a network share. When the user runs the script manually from an elevated PowerShell prompt, it works. What is the most likely cause of the failure?

A.The script file extension is .ps1 instead of .bat.
B.The scheduled task is not set to run with highest privileges.
C.The network share is mapped as a drive letter, which is not available during system startup.
D.PowerShell execution policy is set to Restricted for the SYSTEM account.
AnswerB

If the script needs admin rights, the task must be configured to run with highest privileges; otherwise it fails.

Why this answer

Scheduled tasks often run with limited permissions, so if the script requires administrative rights, it will fail when triggered automatically. The correct answer highlights the need to configure the task to run with highest privileges.

20
MCQhard

A technician is writing a Python script to automate the cleanup of user profiles on a Windows server. The script must iterate through all user profile folders in 'C:\Users', check the last modified date, and delete profiles older than 90 days. Which scripting concept is essential for this task?

A.Error handling with try-except
B.A for loop to iterate over folders
C.A while loop with a counter
D.A function to calculate date difference
AnswerB

Correct. A for loop allows the script to process each folder in the directory one by one, which is fundamental to this task.

Why this answer

This question tests understanding of loops, conditionals, and file system operations in a scripting language. A 'for' loop is needed to iterate through each folder, combined with an 'if' statement to check the date condition. Without a loop, the script would only process one folder.

Error handling is important but not the core concept for iteration.

21
MCQeasy

A technician is writing a batch script to automate the installation of a software package on multiple Windows workstations. The script needs to check if the software is already installed before attempting installation. Which scripting construct should the technician use?

A.A for loop
B.An if statement
C.A variable
D.A while loop
AnswerB

Correct. An if statement evaluates a condition (e.g., 'if exist C:\Program Files\Software\app.exe') and conditionally runs the installation command.

Why this answer

This tests knowledge of conditional logic in scripting. An 'if' statement allows the script to check a condition (e.g., existence of a registry key or file) and execute code only if the condition is true or false. Loops are for repetition, and variables store data, not control flow.

22
MCQmedium

A technician is troubleshooting a PowerShell script that collects system information and writes it to a log file. The script runs without errors but the log file is empty. The script uses Out-File to write data. What is the most likely issue?

A.The script is not running with administrative privileges.
B.The Out-File cmdlet is misspelled.
C.The command before Out-File does not produce any output.
D.The log file path contains a forward slash instead of a backslash.
AnswerC

If the command returns nothing, Out-File writes an empty file.

Why this answer

If a PowerShell command does not produce output, piping it to Out-File will result in an empty file. The issue is that the command used does not generate any output.

23
MCQhard

A company's login script uses a batch file that calls multiple other scripts. Recently, the script stopped working after a Windows update. The technician discovers that the script uses 'call' to run sub-scripts, but one of the sub-scripts contains an 'exit' command that terminates the entire batch process. How should the technician modify the sub-script to prevent this?

A.Replace 'exit' with 'goto :eof'
B.Change 'exit' to 'exit /b'
C.Remove the 'exit' command entirely
D.Use 'endlocal' before 'exit'
AnswerB

'exit /b' exits the current batch script and returns to the caller, preserving the call chain.

Why this answer

The 'exit' command without parameters terminates the entire command interpreter (cmd.exe), which kills the parent batch file as well. Using 'exit /b' instead exits only the current batch script or subroutine, returning control to the calling script. This preserves the intended flow when sub-scripts are invoked via 'call'.

Exam trap

CompTIA often tests the difference between 'exit' (terminates the entire command shell) and 'exit /b' (exits only the current batch script), leading candidates to mistakenly think 'exit' is always safe in sub-scripts.

How to eliminate wrong answers

Option A is wrong because 'goto :eof' is used to jump to the end of the current batch file, but it does not exit a subroutine that was called; it simply transfers control, which may not stop execution of the sub-script if there are more commands after the label. Option C is wrong because removing the 'exit' command entirely would leave the sub-script to continue executing any subsequent commands, potentially causing unintended behavior or an infinite loop. Option D is wrong because 'endlocal' only ends local variable scope set by 'setlocal'; it does not affect the termination behavior of the 'exit' command and does not prevent the parent batch from being terminated.

24
MCQhard

A technician is tasked with creating a PowerShell script that will parse a CSV file containing user information and create local user accounts on a Windows 10 machine. The CSV has columns: 'Username', 'FullName', 'Password'. The script must skip any row where the 'Username' is empty. Which control structure should the technician use to handle this requirement?

A.A 'for' loop with a counter to skip empty rows
B.A 'switch' statement to match usernames
C.An 'if' statement to test whether the Username property is not empty
D.A 'try/catch' block to handle errors when creating the account
AnswerC

An if statement can check the condition and skip processing if the username is empty.

Why this answer

Option C is correct because the requirement is to conditionally skip rows based on a property value. An 'if' statement in PowerShell allows you to test whether the 'Username' property is empty or null using a condition like `if ($_.Username -ne '')` and then skip the row with `continue` or simply not process it. This is the most direct and efficient control structure for a simple boolean check on each row.

Exam trap

CompTIA often tests the distinction between control structures used for conditional logic versus iteration or error handling, and the trap here is that candidates may overcomplicate the solution by choosing a loop or switch when a simple conditional check is the most appropriate and efficient choice.

How to eliminate wrong answers

Option A is wrong because a 'for' loop with a counter is unnecessary; it would require manual index tracking and does not inherently skip empty rows without an additional conditional check, making it less efficient and more error-prone than a direct property test. Option B is wrong because a 'switch' statement is designed to match a single value against multiple patterns, not to test whether a property is empty or not; it would be overcomplicated and not the idiomatic choice for a simple null/empty check. Option D is wrong because a 'try/catch' block is used for exception handling during runtime errors (e.g., account creation failure), not for skipping rows based on data validation before processing.

25
MCQmedium

A technician is writing a PowerShell script to check the status of a Windows service on multiple remote computers. The script must output the service name and status for each computer where the service is running. Which cmdlet combination should the technician use to achieve this?

A.Get-Service -ComputerName $computers | Where-Object {$_.Status -eq 'Running'}
B.Invoke-Command -ComputerName $computers -ScriptBlock {Get-Service} | Select-Object Status
C.Get-WmiObject Win32_Service -ComputerName $computers | Where-Object {$_.State -eq 'Running'}
D.Get-Service -Name * -ComputerName $computers | Format-Table -AutoSize
AnswerA

This correctly retrieves services from remote computers and filters for running services.

Why this answer

Option A is correct because Get-Service with the -ComputerName parameter can query multiple remote computers directly, and piping its output to Where-Object with the condition {$_.Status -eq 'Running'} filters only services whose Status property equals 'Running'. This meets the requirement to output the service name and status for each computer where the service is running, as Get-Service returns objects containing both Name and Status properties by default.

Exam trap

CompTIA often tests the distinction between Get-Service and Get-WmiObject Win32_Service, where candidates confuse the property names 'Status' vs 'State' and the correct filtering syntax, leading them to choose option C despite its deprecated status and incorrect property reference.

How to eliminate wrong answers

Option B is wrong because Invoke-Command -ScriptBlock {Get-Service} returns service objects from remote computers, but Select-Object Status only outputs the Status property, omitting the service name required by the task. Option C is wrong because Get-WmiObject Win32_Service uses the State property (not Status) to check if a service is running, and the condition {$_.State -eq 'Running'} is incorrect; the correct property value is 'Running' but the property name is 'State', not 'Status', and the cmdlet is deprecated in favor of Get-CimInstance. Option D is wrong because Format-Table -AutoSize only formats the output for display but does not filter for running services; it would output all services regardless of their status, failing to meet the requirement to check only where the service is running.

26
MCQeasy

A system administrator is deploying a PowerShell script to 100 computers to change the local administrator password. The script must run once per computer and then exit. Which scripting technique ensures the script runs exactly once on each machine?

A.Use a for loop to run the script 100 times
B.Write a registry key after successful execution
C.Use a parameter to pass the computer name
D.Schedule the script to run daily
AnswerB

Correct. The script can check for a registry key at startup; if it exists, the script exits. This ensures it runs only once per machine.

Why this answer

This question covers idempotency and run-once mechanisms. Using a registry key or a marker file to record that the script has executed prevents it from running again on reboot or reapplication. Loops and parameters don't enforce a single execution.

27
MCQeasy

A technician needs to deploy a PowerShell script to 50 Windows 10 workstations that will install a security update silently. The script must run with administrative privileges. Which method should the technician use to ensure the script executes properly without user interaction?

A.Double-click the script file on each workstation
B.Run the script via 'powershell.exe -ExecutionPolicy Bypass -File script.ps1' from an elevated command prompt
C.Use the 'Start-Process' cmdlet without elevation
D.Copy the script to the Startup folder
AnswerB

This command bypasses the execution policy and runs the script silently with administrative rights.

Why this answer

Option B is correct because running 'powershell.exe -ExecutionPolicy Bypass -File script.ps1' from an elevated command prompt bypasses PowerShell's execution policy for that session and ensures the script runs with administrative privileges. This combination allows silent, unattended execution of the security update installation across multiple workstations without user interaction.

Exam trap

CompTIA often tests the misconception that double-clicking a .ps1 file executes it like a batch file, when in reality it opens in an editor, and that 'Start-Process' without elevation is sufficient for administrative tasks.

How to eliminate wrong answers

Option A is wrong because double-clicking a .ps1 file opens it in Notepad by default on Windows 10, not executing it; even if execution policy allowed it, it would require user interaction and does not guarantee elevation. Option C is wrong because 'Start-Process' without elevation (e.g., missing the '-Verb RunAs' parameter) runs the script with the current user's privileges, which may lack the administrative rights needed to install a security update. Option D is wrong because copying the script to the Startup folder runs it at user logon with the user's privileges (not elevated), and the execution policy may block it; it also requires user logon, not a silent deployment.

28
MCQeasy

A user reports that a PowerShell script they wrote to rename multiple files in a folder works on their desktop but fails with a 'permission denied' error when run from a network folder. The user has full control of the network folder. What is the most likely cause?

A.The script uses a cmdlet that is not available on the network drive.
B.The execution policy is set to RemoteSigned, which blocks scripts from network locations.
C.The network folder has a space in its name.
D.The user is not running PowerShell as an administrator.
AnswerB

RemoteSigned requires scripts from the internet or network to be signed, causing the failure.

Why this answer

The PowerShell execution policy controls which scripts can run and from where. The RemoteSigned policy requires that scripts from the internet (including network shares) be digitally signed, and it treats network drives as an 'internet' zone. When the script is run from a network folder, the policy blocks execution unless the script is signed, resulting in a 'permission denied' error, even though the user has full NTFS permissions.

Exam trap

CompTIA often tests the misconception that 'permission denied' always relates to NTFS or share permissions, when in fact PowerShell's execution policy can block scripts from network locations even if the user has full control.

How to eliminate wrong answers

Option A is wrong because cmdlets are part of the PowerShell module and are available regardless of the drive location; a missing cmdlet would produce a 'command not found' error, not a 'permission denied' error. Option C is wrong because a space in the folder name would cause a syntax error or path resolution issue, not a 'permission denied' error, and PowerShell handles spaces correctly with quoting or escaping. Option D is wrong because running as administrator is not required for renaming files in a folder where the user already has full control; the 'permission denied' error here is due to the execution policy, not a lack of administrative rights.

29
MCQhard

A security incident occurs where an attacker used a PowerShell script to download and execute a payload from a remote server. The script was obfuscated and ran in memory without touching the disk. Which security control could have prevented this attack?

A.Setting the execution policy to Restricted.
B.Enabling PowerShell Constrained Language Mode.
C.Disabling PowerShell script block logging.
D.Using a signed script policy.
AnswerB

Constrained Language Mode blocks dangerous cmdlets and limits script functionality, preventing such attacks.

Why this answer

PowerShell Constrained Language Mode (CLM) restricts the language elements available to PowerShell, preventing the use of most .NET types, COM objects, and other advanced features that attackers rely on for in-memory payload execution. Since the attack used an obfuscated script that ran entirely in memory without touching disk, CLM would block the script's ability to invoke arbitrary .NET methods or Win32 API calls needed to download and execute the remote payload, stopping the attack before it could run.

Exam trap

The trap here is that candidates often assume execution policy (Option A) is a strong security control, but Cisco tests the fact that execution policy is a user preference, not a security boundary, and does not prevent in-memory or obfuscated script execution.

How to eliminate wrong answers

Option A is wrong because setting the execution policy to Restricted only prevents scripts from running from files, but it does not block scripts that are executed directly in memory (e.g., via Invoke-Expression or by passing a script block), so the in-memory attack would still succeed. Option C is wrong because disabling PowerShell script block logging would actually reduce visibility and make detection harder; it does not prevent the attack from occurring. Option D is wrong because using a signed script policy only enforces that scripts must be digitally signed to run, but the attacker's obfuscated script could be self-signed or run in memory bypassing signature checks, and signed script policies do not block in-memory execution.

30
MCQeasy

A technician writes a batch script to automate software installation across multiple workstations. The script needs to wait for the installer to finish before proceeding to the next line. Which command should be used?

A.PAUSE
B.TIMEOUT
C.START /WAIT
D.CALL
AnswerC

START /WAIT launches the installer and waits for it to exit before continuing.

Why this answer

The START /WAIT command launches a specified program or script and pauses execution of the batch file until that process terminates. This is exactly what is needed to ensure the installer completes before the next line runs, making it the correct choice for sequential automation.

Exam trap

CompTIA often tests the distinction between PAUSE (user input wait), TIMEOUT (fixed delay), and START /WAIT (process-aware wait), trapping candidates who confuse a simple delay with true process synchronization.

How to eliminate wrong answers

Option A (PAUSE) is wrong because it simply halts the script and displays 'Press any key to continue...', waiting for user input rather than for a specific process to finish. Option B (TIMEOUT) is wrong because it introduces a fixed delay (e.g., TIMEOUT /T 30) but does not monitor the installer process; the script will resume after the timeout regardless of whether the installer has completed. Option D (CALL) is wrong because it invokes another batch file or label within the same script context and returns control after that script finishes, but it does not inherently wait for a spawned process like an installer; it is designed for subroutine-like calls, not for launching external executables with a wait requirement.

Ready to test yourself?

Try a timed practice session using only Scripting Basics questions.