Courseiva
220-1102
Full test
Question 754 of 1,000
hardmultiple choiceObjective-mapped

220-1102 Practice Question: A remote user's Windows 10 laptop is encrypted…

This 220-1102 practice question tests your understanding of a remote user's windows 10 laptop is encrypted…. The scenario asks you to isolate a root cause — eliminate options that address a different problem before choosing. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

A remote user's Windows 10 laptop is encrypted with BitLocker and joined to Azure Active Directory (Azure AD). The laptop fails to boot and displays the BitLocker recovery screen, asking for the recovery key. The user does not have the recovery key and is not available to check email. The technician has access to the Azure AD portal with Global Administrator privileges. Which of the following is the MOST appropriate method to retrieve the BitLocker recovery key?

Question 1hardmultiple choice
Full question →

A remote user's Windows 10 laptop is encrypted with BitLocker and joined to Azure Active Directory (Azure AD). The laptop fails to boot and displays the BitLocker recovery screen, asking for the recovery key. The user does not have the recovery key and is not available to check email. The technician has access to the Azure AD portal with Global Administrator privileges. Which of the following is the MOST appropriate method to retrieve the BitLocker recovery key?

Full question →

Answer choices

Why each option matters

Good practice is not just finding the correct option. The wrong answers often show the exact trap the exam wants you to fall into.

A

Best answer

Sign in to the Azure AD portal, locate the device, and retrieve the recovery key from the device details.

Azure AD stores BitLocker recovery keys for joined devices. Global Administrators can access these keys through the portal, making this the correct method.

B

Distractor review

Use a bootable USB to reset the TPM, then boot the laptop normally.

Resetting the TPM will invalidate the current BitLocker keys, potentially causing permanent data loss or requiring a full reinstall. This should only be done as a last resort.

C

Distractor review

Sign in to a local administrator account on the laptop and turn off BitLocker.

The laptop is at the BitLocker recovery screen, so you cannot sign in locally without the recovery key. A local account cannot bypass the recovery prompt.

D

Distractor review

Check the user's email account for the initial BitLocker recovery key email.

While some organizations email recovery keys, this is not a reliable or secure method. The key may not have been emailed, and the user is unavailable. The proper repository is Azure AD.

Answer analysis

Why the other options are wrong

Understanding why incorrect options are tempting is as important as knowing the correct answer.

  • Use a bootable USB to reset the TPM, then boot the laptop normally.

    Resetting the TPM will invalidate the current BitLocker keys, potentially causing permanent data loss or requiring a full reinstall. This should only be done as a last resort.

  • Sign in to a local administrator account on the laptop and turn off BitLocker.

    The laptop is at the BitLocker recovery screen, so you cannot sign in locally without the recovery key. A local account cannot bypass the recovery prompt.

  • Check the user's email account for the initial BitLocker recovery key email.

    While some organizations email recovery keys, this is not a reliable or secure method. The key may not have been emailed, and the user is unavailable. The proper repository is Azure AD.

Common exam trap

Common exam trap: authentication is not authorization

Logging in proves the user can authenticate. It does not automatically mean the user is allowed to enter privileged or configuration mode. Watch for AAA authorization, privilege level and command authorization details.

Technical deep dive

How to think about this question

This kind of question is testing the difference between identity and permission. A user may successfully log in to a router because authentication is working, but still fail to enter configuration mode because authorization is missing, misconfigured or mapped to a lower privilege level.

KKey Concepts to Remember

  • Authentication checks who the user is.
  • Authorization controls what the user is allowed to do after login.
  • Privilege levels affect access to EXEC and configuration commands.
  • AAA, TACACS+ and RADIUS can separate login success from command access.

TExam Day Tips

  • Do not assume successful login means full administrative access.
  • Look for words such as cannot enter configuration mode, privilege level, authorization or command access.
  • Separate login problems from permission problems before choosing the answer.

Key takeaway

Authentication proves identity; authorization controls what that identity can do after login. Both must work for full privileged access.

Related practice questions

Related 220-1102 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

CompTIA A+ hardware practice questions

Practise 220-1102 questions linked to CompTIA A+ hardware.

CompTIA A+ mobile devices practice questions

Practise 220-1102 questions linked to CompTIA A+ mobile devices.

CompTIA A+ networking practice questions

Practise 220-1102 questions linked to CompTIA A+ networking.

CompTIA A+ operating systems practice questions

Practise 220-1102 questions linked to CompTIA A+ operating systems.

CompTIA A+ security practice questions

Practise 220-1102 questions linked to CompTIA A+ security.

CompTIA A+ software troubleshooting questions

Practise 220-1102 questions linked to CompTIA A+ software troubleshooting questions.

CompTIA A+ operational procedures questions

Practise 220-1102 questions linked to CompTIA A+ operational procedures questions.

More questions from this exam

Keep practising from the same exam bank, or move into a focused topic page if this question exposed a weak area.

Question 1

A change advisory board (CAB) approved a standard change to update antivirus definitions on all servers. The technician completes the update on a file server and verifies the server is functioning normally. According to change management best practices, what documentation should the technician complete?

Question 2

A company's change management policy requires all server changes to be approved by the Change Advisory Board (CAB). A technician discovers that a critical database server's operating system needs a security patch to comply with a new regulatory requirement that takes effect in one week. The patch has a known risk of causing service downtime. The next scheduled CAB meeting is in two weeks. What should the technician do FIRST?

Question 3

A company is implementing a bring-your-own-device (BYOD) policy and needs to ensure that corporate data on employee mobile devices is protected. Which of the following is the MOST important technical control to implement?

Question 4

A company requires employees to present both a smart card and a PIN to log into their workstations. Which authentication principle is being implemented?

Question 5

A company requires all Windows 10 workstations to be able to join an Active Directory domain. Which edition of Windows 10 must be installed on these workstations?

Question 6

A company wants to allow employees to securely access internal resources from home via the internet. Which method provides the highest level of security for remote desktop connections?

Practice this exam

Start a free 220-1102 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

10 questions20 questions30 questions50 questionsTimed 30
220-1102 practice-test guide →Study guide →Browse all practice tests

FAQ

Questions learners often ask

What does this 220-1102 question test?

Authentication checks who the user is.

What is the correct answer to this question?

The correct answer is: Sign in to the Azure AD portal, locate the device, and retrieve the recovery key from the device details. — For devices joined to Azure AD, BitLocker recovery keys are automatically backed up to the Azure AD tenant. A Global Administrator can sign in to the Azure AD portal, navigate to the device object, and view the recovery key. This is the supported method. Checking the user's email is not reliable and may not have the key stored. Booting from a recovery USB and resetting the TPM would erase the key and require reinstallation. A local administrator account cannot unlock a BitLocker-protected drive without the key.

What should I do if I get this 220-1102 question wrong?

Review Cisco AAA concepts — authentication, authorization, and accounting. Study privilege levels (0–15), command authorization under TACACS+, and how RADIUS differs. Then practise related 220-1102 questions on access control and AAA configuration.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Keep practising

More 220-1102 practice questions

Browse all 220-1102 questions →

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This 220-1102 practice question is part of Courseiva's free CompTIA certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the 220-1102 exam.