220-1202 · topic practice

Security practice questions

Practise CompTIA A+ Core 2 220-1202 Security practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Security

What the exam tests

What to know about Security

Security questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Security exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Security questions

20 questions · select your answer, then reveal the explanation

Question 1hardmultiple choice
Read the full Security explanation →

A company's security policy requires that all USB storage devices be blocked on company workstations to prevent data exfiltration. A manager needs to temporarily use a USB drive for a presentation. What is the best way to remediate this while maintaining security?

Question 2easymultiple choice
Read the full Security explanation →

A user calls the help desk because their workstation is running very slowly and they notice unusual network activity. You suspect ransomware. What should you do first to contain the threat?

Question 3hardmultiple choice
Read the full Security explanation →

A technician is responding to a security incident where an employee's credentials were used to access a server without authorization. The employee claims they did not perform the action. Which of the following should the technician do first to remediate the compromised account?

Question 4mediummultiple choice
Read the full Security explanation →

A user reports that their external hard drive is no longer recognized by Windows. They suspect it might be infected with malware from a previous connection. You run a security scan and find no threats. What is the most likely cause of the drive not being recognized?

Question 5mediummultiple choice
Read the full Security explanation →

A company's Android devices are failing to connect to the corporate email server after a security policy update. The devices show 'Authentication failed' for the email app. What is the most likely cause?

Question 6hardmultiple choice
Read the full NAT/PAT explanation →

A technician is tasked with disposing of a server that contains multiple SAS hard drives. The company's data destruction policy mandates that drives must be rendered unreadable by any means. Which combination of methods ensures compliance?

Question 7mediummultiple choice
Read the full NAT/PAT explanation →

A company’s change management policy requires all changes to be approved by the Change Advisory Board (CAB) before implementation. A technician applies an emergency security patch to a critical server without CAB approval because the vulnerability is being actively exploited. What should the technician do after applying the patch?

Question 8easymultiple choice
Review the full routing breakdown →

A small business owner wants to allow a remote employee to access their office desktop from home, but is concerned about security. They currently have a standard router with a public IP. Which of the following is the most secure method to enable this access?

Question 9mediummultiple choice
Read the full VPN explanation →

A technician is setting up remote access for a salesperson who frequently works from coffee shops. The company uses a VPN with two-factor authentication (2FA). The salesperson reports that after entering their username and password, they receive a prompt for a code but do not have their token. What should the technician do to resolve this?

Question 10hardmultiple choice
Read the full VPN explanation →

A company is experiencing a security incident where an attacker gained access to the internal network via a compromised VPN account. The technician must prevent future attacks. Which two-factor authentication method should the technician implement for VPN access?

Question 11hardmultiple choice
Read the full VPN explanation →

A security analyst discovers that an attacker has been using a compromised VPN account to access the corporate network. The account belongs to a former employee who was terminated two weeks ago. Which of the following should the analyst do immediately to prevent further unauthorized access?

Question 12mediummultiple choice
Read the full VPN explanation →

You are configuring a new Windows 10 workstation for a remote employee who will connect to the corporate VPN. The user should not be able to install software or change system settings. Which tool should you use to enforce these restrictions?

Question 13easymultiple choice
Read the full Security explanation →

During a routine security audit, you discover that several user accounts on a Windows 10 workstation have local administrator privileges when they should only be standard users. You need to quickly review and modify user account types from the command line. Which built-in tool should you use?

Question 14hardmultiple choice
Read the full NAT/PAT explanation →

A user is unable to change their desktop background because the option is grayed out. You suspect a Group Policy setting is enforcing a specific wallpaper. Which Control Panel tool would you use to check if a Group Policy is applied, and what is the specific path to verify this setting?

Question 15hardmultiple choice
Read the full Security explanation →

A security incident occurred where an employee's workstation was infected with ransomware. The IT manager wants to ensure that all future workstations have Controlled Folder Access enabled to protect critical data from unauthorized changes. Which Windows Security applet should be used to configure this?

Question 16mediummultiple choice
Read the full Security explanation →

During a security incident, you need to identify which processes are listening on specific network ports on a Windows server. Which command-line tool should you use?

Question 17hardmultiple choice
Read the full Security explanation →

A security audit reveals that a Windows 10 workstation has an unauthorized local user account. You need to remove this account from the command line without using the GUI. Which command should you use?

Question 18mediummultiple choice
Read the full NAT/PAT explanation →

During a security audit, you discover that a user's workstation has an unauthorized application running. You need to terminate the process immediately from the command line. The process name is 'malware.exe'. Which command should you use?

Question 19mediummultiple choice
Read the full Security explanation →

A security incident is suspected on a Windows 10 workstation. You need to list all active network connections and the associated processes to identify potential malicious activity. Which command provides this information?

Question 20hardmultiple choice
Read the full Security explanation →

During a security audit, you need to identify all user accounts that have been created or modified in the last 24 hours on a Windows Server. Which command-line tool can parse security event logs to extract this information?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Security sessions

Start a Security only practice session

Every question in these sessions is drawn from the Security domain — nothing else.

Related practice questions

Related 220-1202 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the 220-1202 exam test about Security?
Security questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Security questions in a focused session?
Yes — the session launcher on this page draws every question from the Security domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other 220-1202 topics?
Use the topic links above to move to related areas, or go back to the 220-1202 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the 220-1202 exam covers. They are not copied from any real exam or dump site.