Courseiva
220-1102
Full test
Question 118 of 1,000
mediummultiple choiceObjective-mapped

220-1102 Practice Question: A technician finds a USB flash drive in the…

This 220-1102 practice question tests your understanding of a technician finds a usb flash drive in the…. Read the scenario carefully and evaluate each option against the stated constraints before committing to an answer. A key principle to apply: baiting uses physical media (e.g., USB drives) as the attack vector.. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

A technician finds a USB flash drive in the company parking lot with a label reading '2025 Bonus Information'. The technician plugs the drive into a workstation to view the contents. Immediately, the workstation begins to behave erratically, and security software alerts to a malware infection. Which type of social engineering attack does this describe?

Question 1mediummultiple choice
Full question →

A technician finds a USB flash drive in the company parking lot with a label reading '2025 Bonus Information'. The technician plugs the drive into a workstation to view the contents. Immediately, the workstation begins to behave erratically, and security software alerts to a malware infection. Which type of social engineering attack does this describe?

Full question →

Answer choices

Why each option matters

Good practice is not just finding the correct option. The wrong answers often show the exact trap the exam wants you to fall into.

A

Best answer

Baiting

Baiting exploits human curiosity or greed by offering something enticing; here the drive is left as bait.

B

Distractor review

Tailgating

Tailgating involves unauthorized entry by following an authorized person; not related to devices.

C

Distractor review

Phishing

Phishing is typically an electronic message (email, text) designed to trick the recipient.

D

Distractor review

Pretexting

Pretexting involves creating a fabricated scenario to obtain information; but the attack here is based on a physical object, not a scenario.

Answer analysis

Why the other options are wrong

Understanding why incorrect options are tempting is as important as knowing the correct answer.

  • Tailgating

    Tailgating involves unauthorized entry by following an authorized person; not related to devices.

  • Phishing

    Phishing is typically an electronic message (email, text) designed to trick the recipient.

  • Pretexting

    Pretexting involves creating a fabricated scenario to obtain information; but the attack here is based on a physical object, not a scenario.

Common exam trap

Common exam trap: answer the scenario, not the keyword

Candidates might confuse baiting with pretexting if they overemphasize the 'story' of the label, but pretexting requires a more interactive, fabricated scenario.

Technical deep dive

How to think about this question

Baiting is a social engineering attack that leverages human curiosity, greed, or a desire for convenience to trick victims into performing an action that compromises security. In this scenario, the USB flash drive labeled '2025 Bonus Information' acts as the 'bait.' The attacker intentionally leaves the device in a public or semi-public area, such as a parking lot, knowing that someone will likely pick it up and, driven by curiosity or the perceived value of the information, plug it into a computer. Once the device is connected, it can automatically execute malicious code, install malware, or create a backdoor, as described by the workstation behaving erratically and security alerts. This method bypasses traditional network security measures by introducing the threat directly via a physical vector. The critical distinction here is the physical delivery mechanism and the appeal to curiosity or potential reward. Unlike phishing, which relies on electronic communication, baiting uses a physical object. It also differs from pretexting, which involves an elaborate fabricated story to manipulate the victim into divulging information or performing an action, but typically doesn't involve a physical, malware-laden object as the primary attack vector. Tailgating, on the other hand, is purely about unauthorized physical access to a secure area and has no direct relation to digital devices or malware infection in this context. The 'bonus information' label is specifically designed to make the drive irresistible, exploiting the technician's natural inclination to investigate something that promises personal gain, thereby making baiting the precise description of this attack.

KKey Concepts to Remember

  • Baiting uses physical media (e.g., USB drives) as the attack vector.
  • It exploits human curiosity, greed, or desire for convenience.
  • Attackers leave 'bait' in public or semi-public locations.
  • The bait often has an enticing label to encourage interaction.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

Baiting uses physical media (e.g., USB drives) as the attack vector.

Related practice questions

Related 220-1102 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

CompTIA A+ hardware practice questions

Practise 220-1102 questions linked to CompTIA A+ hardware.

CompTIA A+ mobile devices practice questions

Practise 220-1102 questions linked to CompTIA A+ mobile devices.

CompTIA A+ networking practice questions

Practise 220-1102 questions linked to CompTIA A+ networking.

CompTIA A+ operating systems practice questions

Practise 220-1102 questions linked to CompTIA A+ operating systems.

CompTIA A+ security practice questions

Practise 220-1102 questions linked to CompTIA A+ security.

CompTIA A+ software troubleshooting questions

Practise 220-1102 questions linked to CompTIA A+ software troubleshooting questions.

CompTIA A+ operational procedures questions

Practise 220-1102 questions linked to CompTIA A+ operational procedures questions.

More questions from this exam

Keep practising from the same exam bank, or move into a focused topic page if this question exposed a weak area.

Question 1

A change advisory board (CAB) approved a standard change to update antivirus definitions on all servers. The technician completes the update on a file server and verifies the server is functioning normally. According to change management best practices, what documentation should the technician complete?

Question 2

A company's change management policy requires all server changes to be approved by the Change Advisory Board (CAB). A technician discovers that a critical database server's operating system needs a security patch to comply with a new regulatory requirement that takes effect in one week. The patch has a known risk of causing service downtime. The next scheduled CAB meeting is in two weeks. What should the technician do FIRST?

Question 3

A company is implementing a bring-your-own-device (BYOD) policy and needs to ensure that corporate data on employee mobile devices is protected. Which of the following is the MOST important technical control to implement?

Question 4

A company requires employees to present both a smart card and a PIN to log into their workstations. Which authentication principle is being implemented?

Question 5

A company requires all Windows 10 workstations to be able to join an Active Directory domain. Which edition of Windows 10 must be installed on these workstations?

Question 6

A company wants to allow employees to securely access internal resources from home via the internet. Which method provides the highest level of security for remote desktop connections?

Practice this exam

Start a free 220-1102 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

10 questions20 questions30 questions50 questionsTimed 30
220-1102 practice-test guide →Study guide →Browse all practice tests

FAQ

Questions learners often ask

What does this 220-1102 question test?

Baiting uses physical media (e.g., USB drives) as the attack vector.

What is the correct answer to this question?

The correct answer is: Baiting — This is an example of baiting, where an attacker leaves a physical device (like a USB drive) in a location where it will be found by a curious victim, hoping they will insert it and execute malicious software. Tailgating involves following someone through a secure door, phishing is electronic, and pretexting involves fabricated scenarios.

What should I do if I get this 220-1102 question wrong?

Review baiting uses physical media (e.g., USB drives) as the attack vector., then practise related 220-1102 questions on the same topic to reinforce the concept.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Keep practising

More 220-1102 practice questions

Browse all 220-1102 questions →

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This 220-1102 practice question is part of Courseiva's free CompTIA certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the 220-1102 exam.