Question 1mediummultiple choice
Full question →Question 700 of 1,000
mediummultiple choiceObjective-mapped
220-1102 Practice Question: A technician discovers that a junior colleague…
This 220-1102 practice question tests your understanding of a technician discovers that a junior colleague…. The scenario asks you to isolate a root cause — eliminate options that address a different problem before choosing. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.
A technician discovers that a junior colleague has been using a domain administrator account to perform routine user tasks such as resetting passwords and installing software. Which security principle is being violated?
Answer choices
Why each option matters
Good practice is not just finding the correct option. The wrong answers often show the exact trap the exam wants you to fall into.
A
Distractor review
Separation of duties
Separation of duties divides critical tasks among multiple people to avoid conflicts of interest; this scenario is about using excessive privileges.
B
Distractor review
Role-based access control
RBAC is a method for assigning permissions, but the violation is using a privileged account for non-privileged tasks, not the assignment method.
C
Best answer
Privileged account management
Privileged accounts should be used only for administrative tasks that require elevation. Using them for routine tasks violates the principle of least privilege.
D
Distractor review
Audit logging
Audit logging is a security control to record events, not a principle that prevents the misuse of privileges.
Answer analysis
Why the other options are wrong
Understanding why incorrect options are tempting is as important as knowing the correct answer.
- ✗
Separation of duties
Separation of duties divides critical tasks among multiple people to avoid conflicts of interest; this scenario is about using excessive privileges.
- ✗
Role-based access control
RBAC is a method for assigning permissions, but the violation is using a privileged account for non-privileged tasks, not the assignment method.
- ✗
Audit logging
Audit logging is a security control to record events, not a principle that prevents the misuse of privileges.
Common exam trap
Common exam trap: authentication is not authorization
Logging in proves the user can authenticate. It does not automatically mean the user is allowed to enter privileged or configuration mode. Watch for AAA authorization, privilege level and command authorization details.
Technical deep dive
How to think about this question
This kind of question is testing the difference between identity and permission. A user may successfully log in to a router because authentication is working, but still fail to enter configuration mode because authorization is missing, misconfigured or mapped to a lower privilege level.
KKey Concepts to Remember
- Authentication checks who the user is.
- Authorization controls what the user is allowed to do after login.
- Privilege levels affect access to EXEC and configuration commands.
- AAA, TACACS+ and RADIUS can separate login success from command access.
TExam Day Tips
- Do not assume successful login means full administrative access.
- Look for words such as cannot enter configuration mode, privilege level, authorization or command access.
- Separate login problems from permission problems before choosing the answer.
Key takeaway
Authentication proves identity; authorization controls what that identity can do after login. Both must work for full privileged access.
Related practice questions
Related 220-1102 practice-question pages
Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.
CompTIA A+ hardware practice questions
Practise 220-1102 questions linked to CompTIA A+ hardware.
CompTIA A+ mobile devices practice questions
Practise 220-1102 questions linked to CompTIA A+ mobile devices.
CompTIA A+ networking practice questions
Practise 220-1102 questions linked to CompTIA A+ networking.
CompTIA A+ operating systems practice questions
Practise 220-1102 questions linked to CompTIA A+ operating systems.
CompTIA A+ security practice questions
Practise 220-1102 questions linked to CompTIA A+ security.
CompTIA A+ software troubleshooting questions
Practise 220-1102 questions linked to CompTIA A+ software troubleshooting questions.
CompTIA A+ operational procedures questions
Practise 220-1102 questions linked to CompTIA A+ operational procedures questions.
More questions from this exam
Keep practising from the same exam bank, or move into a focused topic page if this question exposed a weak area.
Question 1
A change advisory board (CAB) approved a standard change to update antivirus definitions on all servers. The technician completes the update on a file server and verifies the server is functioning normally. According to change management best practices, what documentation should the technician complete?
Question 2
A company's change management policy requires all server changes to be approved by the Change Advisory Board (CAB). A technician discovers that a critical database server's operating system needs a security patch to comply with a new regulatory requirement that takes effect in one week. The patch has a known risk of causing service downtime. The next scheduled CAB meeting is in two weeks. What should the technician do FIRST?
Question 3
A company is implementing a bring-your-own-device (BYOD) policy and needs to ensure that corporate data on employee mobile devices is protected. Which of the following is the MOST important technical control to implement?
Question 4
A company requires employees to present both a smart card and a PIN to log into their workstations. Which authentication principle is being implemented?
Question 5
A company requires all Windows 10 workstations to be able to join an Active Directory domain. Which edition of Windows 10 must be installed on these workstations?
Question 6
A company wants to allow employees to securely access internal resources from home via the internet. Which method provides the highest level of security for remote desktop connections?
Practice this exam
Start a free 220-1102 practice session
Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.
FAQ
Questions learners often ask
What does this 220-1102 question test?
Authentication checks who the user is.
What is the correct answer to this question?
The correct answer is: Privileged account management — The principle of least privilege dictates that users should have only the minimum permissions necessary to perform their duties. Using a domain administrator account for routine tasks violates privileged account management practices. It increases the risk of accidental or malicious misuse of elevated privileges. Separation of duties involves dividing responsibilities to prevent fraud. Role-based access control (RBAC) assigns permissions based on roles, but the core issue here is using an overly privileged account. Audit logging is a detective control, not a principle.
What should I do if I get this 220-1102 question wrong?
Review Cisco AAA concepts — authentication, authorization, and accounting. Study privilege levels (0–15), command authorization under TACACS+, and how RADIUS differs. Then practise related 220-1102 questions on access control and AAA configuration.
About these practice questions
Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →
Keep practising
More 220-1102 practice questions
- A change advisory board (CAB) approved a standard change to update antivirus definitions on all servers. The technician…
- A company's change management policy requires all server changes to be approved by the Change Advisory Board (CAB). A te…
- A company is implementing a bring-your-own-device (BYOD) policy and needs to ensure that corporate data on employee mobi…
- A company requires employees to present both a smart card and a PIN to log into their workstations. Which authentication…
- A company requires all Windows 10 workstations to be able to join an Active Directory domain. Which edition of Windows 1…
- A company wants to allow employees to securely access internal resources from home via the internet. Which method provid…
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Loading comments…
Sign in to join the discussion.
This 220-1102 practice question is part of Courseiva's free CompTIA certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the 220-1102 exam.