220-1202 · topic practice

Browser and Application Security practice questions

Practise CompTIA A+ Core 2 220-1202 Browser and Application Security practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Browser and Application Security

What the exam tests

What to know about Browser and Application Security

Browser and Application Security questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Browser and Application Security exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Browser and Application Security questions

20 questions · select your answer, then reveal the explanation

A technician is troubleshooting a Windows 10 computer where the user cannot install a legitimate browser extension because the browser displays a warning that extensions from this source are not allowed. What setting is likely blocking the installation?

A company policy requires that all web traffic from employee computers be filtered to block known malicious sites. You need to implement this without installing client software on each machine. Which approach should you use?

A user receives an email with a link that appears to be from their bank, asking them to verify their account. The link leads to a page that looks exactly like the bank's login page. What type of attack is this?

During a security incident response, you discover that a user's browser has a rogue extension that exfiltrates data to a remote server. The extension was installed after the user clicked a fake update prompt on a website. What vulnerability was exploited?

A user reports that their web browser frequently redirects to an unfamiliar search engine and displays pop-up ads even when no tabs are open. What is the most likely cause of this behavior?

During a security audit, you find that a user's browser has an outdated version of Adobe Flash Player installed. What is the primary security risk associated with this finding?

A technician is configuring a shared kiosk computer in a library. The requirement is that users must not be able to download files or install software. Which browser security setting should be configured?

A small business owner asks you to configure their office computers so that employees cannot install unauthorized browser extensions. Which policy setting should you implement?

A customer reports that their browser shows a 'Your connection is not private' warning when visiting their online banking site, but other websites work fine. What is the most likely cause?

A user calls the help desk complaining that their browser homepage keeps changing to a site they did not set, and they cannot change it back. You remotely check and find no malware. What is the most likely cause?

A user reports that their browser crashes every time they visit a particular website. Other websites work fine. The technician tries the same website on another computer and it works normally. What is the most likely cause on the user's computer?

A user reports that after installing a free PDF converter from an advertisement, their browser homepage changed and they see constant pop-ups for antivirus software. A malware scan found PUPs (Potentially Unwanted Programs). What is the best next step to fully remove the unwanted software and restore browser settings?

Question 13mediummultiple choice
Read the full wireless explanation →

A technician is investigating a security incident where a user's credentials were stolen. The user says they only logged into their email from a coffee shop Wi-Fi. The technician notices that the browser was not using HTTPS for the login page. What is the most likely attack method used?

A user's browser is displaying a warning that the website's certificate is not trusted, even though the URL is correct. The technician checks the date and time on the computer and finds it is set to 2019. What is the most likely cause of the certificate warning?

A customer says that when they click a link in an email, it opens a website that looks exactly like their bank's login page, but the URL starts with 'http://' instead of 'https://'. What is the most likely security concern?

A technician is configuring a kiosk computer that will be used by the public to access a specific website. The technician wants to prevent users from navigating to other sites or changing browser settings. Which browser feature should be enabled?

A technician is tasked with securing a legacy web application that only supports HTTP, not HTTPS. The application is critical for internal operations but must be accessible remotely. What is the best way to secure the traffic without modifying the application?

During a software deployment, a technician needs to ensure that a new web application can run in a sandboxed environment to prevent it from accessing other system resources. Which browser feature should be configured?

A user reports that their browser frequently redirects to a search page they never set, and they see unfamiliar toolbars. After running a malware scan that found nothing, what should the technician do next to resolve the issue?

A small business owner wants to ensure that employees cannot install browser extensions or add-ons without administrator approval. Which method should the technician use to enforce this restriction across all company computers?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Browser and Application Security sessions

Start a Browser and Application Security only practice session

Every question in these sessions is drawn from the Browser and Application Security domain — nothing else.

Related practice questions

Related 220-1202 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the 220-1202 exam test about Browser and Application Security?
Browser and Application Security questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Browser and Application Security questions in a focused session?
Yes — the session launcher on this page draws every question from the Browser and Application Security domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other 220-1202 topics?
Use the topic links above to move to related areas, or go back to the 220-1202 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the 220-1202 exam covers. They are not copied from any real exam or dump site.