CompTIA A+ Core 2 220-1202 (220-1202) — Questions 676750

750 questions total · 10pages · All types, answers revealed

Page 9

Page 10 of 10

676
MCQeasy

A technician needs to deploy a PowerShell script to 50 Windows 10 workstations that will install a security update silently. The script must run with administrative privileges. Which method should the technician use to ensure the script executes properly without user interaction?

A.Double-click the script file on each workstation
B.Run the script via 'powershell.exe -ExecutionPolicy Bypass -File script.ps1' from an elevated command prompt
C.Use the 'Start-Process' cmdlet without elevation
D.Copy the script to the Startup folder
AnswerB

This command bypasses the execution policy and runs the script silently with administrative rights.

Why this answer

Option B is correct because running 'powershell.exe -ExecutionPolicy Bypass -File script.ps1' from an elevated command prompt bypasses PowerShell's execution policy for that session and ensures the script runs with administrative privileges. This combination allows silent, unattended execution of the security update installation across multiple workstations without user interaction.

Exam trap

CompTIA often tests the misconception that double-clicking a .ps1 file executes it like a batch file, when in reality it opens in an editor, and that 'Start-Process' without elevation is sufficient for administrative tasks.

How to eliminate wrong answers

Option A is wrong because double-clicking a .ps1 file opens it in Notepad by default on Windows 10, not executing it; even if execution policy allowed it, it would require user interaction and does not guarantee elevation. Option C is wrong because 'Start-Process' without elevation (e.g., missing the '-Verb RunAs' parameter) runs the script with the current user's privileges, which may lack the administrative rights needed to install a security update. Option D is wrong because copying the script to the Startup folder runs it at user logon with the user's privileges (not elevated), and the execution policy may block it; it also requires user logon, not a silent deployment.

677
MCQeasy

A user reports that their Windows 10 PC is running slowly and they suspect a background process is consuming excessive memory. Which command-line tool should you use to identify the process by name and memory usage?

A.tasklist
B.ipconfig
C.chkdsk
D.sfc
AnswerA

Correct. tasklist lists all running processes with memory usage, allowing you to identify the culprit.

Why this answer

The tasklist command displays a list of running processes along with their PID, session name, and memory usage. This makes it the correct tool for identifying a memory-hungry process by name. Other options either do not show memory details or are used for different purposes like network configuration or disk management.

678
MCQhard

A technician is setting up a virtual machine for a software developer who needs to test an application on multiple operating systems. The host runs Windows 10 Pro with 32 GB of RAM and a quad-core CPU. The developer wants the VM to have direct access to a USB security dongle. Which configuration step is essential to meet this requirement?

A.Configure the VM to use dynamic memory.
B.Enable virtualization extensions (VT-x/AMD-V) in the host BIOS.
C.Install the guest additions or integration services in the VM.
D.Enable USB controller passthrough in the VM settings.
AnswerD

USB passthrough allows the VM to directly control the USB device, which is required for a security dongle.

Why this answer

USB passthrough allows the VM to access a physical USB device directly, bypassing the host OS. This is essential for security dongles that require low-level access. Enabling virtualization extensions in BIOS is important for performance but not for USB access.

Dynamic memory and a fixed-size VHD are unrelated to USB device connectivity.

679
MCQmedium

A company’s change management policy requires that all changes be categorized as standard, emergency, or normal. During a server migration, a technician discovers a critical security patch must be applied immediately to prevent a data breach. Which type of change should the technician request?

A.Standard change
B.Emergency change
C.Normal change
D.Service request
AnswerB

An emergency change is designed for situations that require immediate action to prevent major issues, like a security breach.

Why this answer

The scenario describes a critical security patch that must be applied immediately to prevent a data breach, which aligns with the definition of an emergency change. Emergency changes are pre-approved or fast-tracked to address urgent threats or service outages, bypassing the normal change advisory board (CAB) review process. This ensures the patch can be deployed without delay to mitigate the risk.

Exam trap

CompTIA often tests the distinction between 'emergency' and 'standard' changes by presenting a time-sensitive scenario where candidates mistakenly classify a critical patch as a standard change because it is a routine security update, ignoring the 'immediate' and 'critical' context.

How to eliminate wrong answers

Option A is wrong because a standard change is a low-risk, pre-approved change that follows a documented procedure (e.g., applying routine OS updates), not an urgent security patch requiring immediate action. Option C is wrong because a normal change requires full CAB review and scheduling, which would introduce unacceptable delay for a critical security vulnerability. Option D is wrong because a service request is a user-initiated request for information, access, or a standard service (e.g., password reset), not a change to the IT infrastructure like applying a security patch.

680
MCQeasy

During a security incident, a user's files have been renamed with a '.encrypted' extension, and a ransom note demands Bitcoin to restore them. The user has no backups. What is the most appropriate immediate action?

A.Pay the ransom to regain access quickly.
B.Disconnect the computer from the network immediately.
C.Run a full antivirus scan to remove the malware.
D.Restart the computer in Safe Mode and attempt file recovery.
AnswerB

Isolating the system stops the ransomware from encrypting network drives or spreading to other devices.

Why this answer

Ransomware encrypts files, and paying the ransom does not guarantee decryption. The correct first step is to isolate the infected system to prevent the malware from spreading to network shares or other devices.

681
MCQeasy

During a software deployment, you need to ensure that all users on a Windows 10 workstation have the company logo as their desktop background. Which Control Panel applet would you use to set a mandatory desktop background?

A.Ease of Access Center
B.Personalization
C.Display
D.Folder Options
AnswerB

Personalization includes options for desktop background, colors, lock screen, and themes.

Why this answer

The Personalization applet in Control Panel allows you to set a desktop background image. To enforce a mandatory background for all users, you would configure a Group Policy setting (via gpedit.msc) that references the Personalization category, specifically the 'Desktop Wallpaper' policy under User Configuration > Administrative Templates > Desktop > Desktop. This overrides individual user settings and locks the background.

Exam trap

CompTIA often tests the misconception that the Display applet controls desktop backgrounds because it deals with visual output, but Display strictly handles resolution and scaling, not wallpaper.

How to eliminate wrong answers

Option A is wrong because the Ease of Access Center is designed to configure accessibility features like Narrator, Magnifier, and high-contrast themes, not desktop wallpaper settings. Option C is wrong because the Display applet manages screen resolution, scaling, and multiple monitor configurations, not desktop background images. Option D is wrong because Folder Options controls file explorer behaviors such as view settings, search options, and file associations, not desktop personalization.

682
MCQmedium

During a network upgrade, a technician needs to run new Ethernet cables through a drop ceiling. The technician notices that some existing cables are resting on the ceiling tiles and are not secured. What safety concern should the technician address?

A.Leave the cables as they are and run the new cables alongside them.
B.Secure all cables to the ceiling grid using appropriate cable supports.
C.Use zip ties to attach the cables to the sprinkler pipes for stability.
D.Remove the existing cables and replace them with the new ones.
AnswerB

Proper cable management prevents tiles from being dislodged and ensures cables are not a fire or tripping hazard.

Why this answer

Unsecured cables on ceiling tiles can cause the tiles to fall, creating a head injury risk and damaging equipment. Cables should be secured to the building structure using J-hooks or cable trays. This also prevents tripping hazards and maintains fire code compliance.

683
MCQhard

A data center manager wants to implement a physical security control that can detect if a server chassis has been opened without authorization. Which control should they use?

A.Intrusion detection system (IDS) on the network
B.Chassis intrusion switch
C.Tamper-evident seals
D.Video surveillance
AnswerC

Tamper-evident seals are placed over chassis screws or seams; any attempt to open the case will break or distort the seal, providing clear evidence of tampering.

Why this answer

Tamper-evident seals show visible signs of removal or tampering, indicating unauthorized access to the server chassis. This is a passive but effective control for detecting physical breaches after they occur.

684
MCQmedium

A user reports that their iPad will not rotate the screen when they turn the device sideways. The rotation lock icon appears in the status bar. What is the most likely cause?

A.The accelerometer is faulty.
B.The app being used does not support rotation.
C.Rotation lock is enabled in Control Center or via the side switch.
D.The device needs a software update to fix a rotation bug.
AnswerC

The rotation lock icon confirms the feature is on; disabling it will restore rotation.

Why this answer

The rotation lock icon indicates the feature is enabled. On an iPad, this can be controlled via the Control Center or a physical switch on the side. The technician should disable rotation lock before any other troubleshooting.

685
MCQeasy

A user reports that a PowerShell script they wrote to rename multiple files in a folder works on their desktop but fails with a 'permission denied' error when run from a network folder. The user has full control of the network folder. What is the most likely cause?

A.The script uses a cmdlet that is not available on the network drive.
B.The execution policy is set to RemoteSigned, which blocks scripts from network locations.
C.The network folder has a space in its name.
D.The user is not running PowerShell as an administrator.
AnswerB

RemoteSigned requires scripts from the internet or network to be signed, causing the failure.

Why this answer

The PowerShell execution policy controls which scripts can run and from where. The RemoteSigned policy requires that scripts from the internet (including network shares) be digitally signed, and it treats network drives as an 'internet' zone. When the script is run from a network folder, the policy blocks execution unless the script is signed, resulting in a 'permission denied' error, even though the user has full NTFS permissions.

Exam trap

CompTIA often tests the misconception that 'permission denied' always relates to NTFS or share permissions, when in fact PowerShell's execution policy can block scripts from network locations even if the user has full control.

How to eliminate wrong answers

Option A is wrong because cmdlets are part of the PowerShell module and are available regardless of the drive location; a missing cmdlet would produce a 'command not found' error, not a 'permission denied' error. Option C is wrong because a space in the folder name would cause a syntax error or path resolution issue, not a 'permission denied' error, and PowerShell handles spaces correctly with quoting or escaping. Option D is wrong because running as administrator is not required for renaming files in a folder where the user already has full control; the 'permission denied' error here is due to the execution policy, not a lack of administrative rights.

686
MCQeasy

A customer reports that their Windows 10 laptop is displaying pop-up ads even when no browser is open. They suspect a malware infection. Which of the following should you do first to remediate this issue?

A.Run a full antivirus scan while the system is connected to the internet.
B.Disconnect the network cable, boot into Safe Mode, then run a full antivirus scan.
C.Perform a System Restore to a point before the pop-ups started.
D.Immediately reinstall Windows 10 to ensure complete removal.
AnswerB

This is the correct sequence: disconnecting the network stops remote communication, Safe Mode limits malware activity, and scanning identifies and removes the threat.

Why this answer

The first step in malware remediation is to disconnect from the network to prevent further communication with command-and-control servers. Then boot into Safe Mode to prevent malicious processes from loading, and run a full antivirus scan. This isolates the threat before attempting removal.

687
MCQmedium

A user reports that their laptop frequently disconnects from the office Wi-Fi and reconnects after a few seconds. The network uses WPA2-Enterprise with PEAP-MSCHAPv2. Other users do not experience this issue. What is the most likely cause?

A.The laptop's wireless driver is outdated.
B.The RADIUS server is rejecting the laptop's certificate intermittently.
C.The office Wi-Fi channel is congested.
D.The laptop's power saving mode is turning off the Wi-Fi adapter.
AnswerB

Correct. Intermittent certificate rejection during reauthentication causes the laptop to disconnect and then reconnect after a new authentication attempt.

Why this answer

PEAP-MSCHAPv2 is prone to authentication timeouts if the RADIUS server is slow or if the client's certificate validation fails. This can cause periodic disconnects. The issue is specific to the client's configuration or certificate trust.

688
MCQhard

A server administrator needs to grant a junior technician the ability to reset user passwords on a Windows Server 2019 domain controller, but without giving them full administrative rights. Which administrative tool should be used to delegate this specific permission?

A.Local Security Policy to assign the 'Reset passwords' user right.
B.Active Directory Users and Computers and use the Delegation of Control Wizard.
C.Group Policy Management Console to create a policy that allows password resets.
D.Computer Management to add the technician to the 'Account Operators' group.
AnswerB

Correct. ADUC's Delegation of Control Wizard allows granting specific permissions like password reset on selected OUs or users.

Why this answer

Active Directory Users and Computers (ADUC) allows delegating control, including password reset permissions, through the Delegation of Control Wizard. This is a standard method for granular permission assignment in Active Directory. The other tools do not offer this delegation capability.

689
MCQmedium

A user reports that their Windows 10 PC is infected with a virus that changes the desktop background to a ransom note. After removing the virus with antivirus software, the desktop background remains unchanged. What should you do to restore the original background?

A.Reinstall the graphics driver.
B.Run System File Checker (sfc /scannow).
C.Check Group Policy settings for desktop wallpaper enforcement and reset them.
D.Perform a system restore to a point before the infection.
AnswerC

Malware often sets a Group Policy to lock the wallpaper; resetting this policy allows the user to change it.

Why this answer

Option C is correct because the virus likely modified the Group Policy setting that enforces a specific desktop wallpaper. Even after the virus is removed, the Group Policy setting persists and overrides any user attempts to change the background. Resetting the Group Policy wallpaper enforcement restores the user's ability to change the background normally.

Exam trap

The trap here is that candidates assume a virus removal or system file repair will fix all remnants of the infection, but they overlook that malware can modify persistent system policies like Group Policy, which require explicit reversal.

How to eliminate wrong answers

Option A is wrong because the graphics driver is not involved in displaying a static desktop background; the issue is a policy enforcement, not a rendering or driver problem. Option B is wrong because System File Checker (sfc /scannow) repairs corrupted system files, but the wallpaper change is due to a Group Policy setting, not file corruption. Option D is wrong because a system restore might revert the Group Policy change, but it is not the most direct or efficient fix; the problem is specifically a persistent policy setting that can be reset without affecting other system changes.

690
MCQmedium

A user on Windows 11 is trying to install a new application, but receives the error 'Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.' The user is a local administrator. What is the most likely cause?

A.The file is corrupted and needs to be re-downloaded.
B.User Account Control (UAC) is blocking the installation.
C.The file has been blocked by Windows because it was downloaded from the internet.
D.The user does not have 'Read & Execute' permissions on the file.
AnswerC

Windows adds a security zone to downloaded files. Right-clicking the file, selecting Properties, and clicking 'Unblock' removes the restriction. This is a common cause of this error for admin users.

Why this answer

Even local administrators can be blocked from running executables that were downloaded from the internet because Windows marks them with a zone identifier. The 'Unblock' button in the file's Properties removes this mark, allowing the file to run. This is a common security feature in Windows to prevent accidental execution of potentially unsafe files.

691
MCQhard

A user's iOS device is running out of storage, and they want to offload unused apps without deleting documents and data. Which iOS feature should be recommended, and where is it configured?

A.Enable 'Optimize iPhone Storage' in Photos settings
B.Use 'Offload Unused Apps' in Settings > General > iPhone Storage
C.Manually delete apps from the Home Screen
D.Configure iCloud Storage to offload app data
AnswerB

This feature removes the app but retains its data, allowing easy reinstallation without data loss.

Why this answer

iOS's 'Offload Unused Apps' feature automatically removes app binaries but keeps documents and data. It is found in Settings > General > iPhone Storage. This is distinct from manual deletion or iCloud storage management.

692
MCQhard

A security incident occurs where an attacker used a PowerShell script to download and execute a payload from a remote server. The script was obfuscated and ran in memory without touching the disk. Which security control could have prevented this attack?

A.Setting the execution policy to Restricted.
B.Enabling PowerShell Constrained Language Mode.
C.Disabling PowerShell script block logging.
D.Using a signed script policy.
AnswerB

Constrained Language Mode blocks dangerous cmdlets and limits script functionality, preventing such attacks.

Why this answer

PowerShell Constrained Language Mode (CLM) restricts the language elements available to PowerShell, preventing the use of most .NET types, COM objects, and other advanced features that attackers rely on for in-memory payload execution. Since the attack used an obfuscated script that ran entirely in memory without touching disk, CLM would block the script's ability to invoke arbitrary .NET methods or Win32 API calls needed to download and execute the remote payload, stopping the attack before it could run.

Exam trap

The trap here is that candidates often assume execution policy (Option A) is a strong security control, but Cisco tests the fact that execution policy is a user preference, not a security boundary, and does not prevent in-memory or obfuscated script execution.

How to eliminate wrong answers

Option A is wrong because setting the execution policy to Restricted only prevents scripts from running from files, but it does not block scripts that are executed directly in memory (e.g., via Invoke-Expression or by passing a script block), so the in-memory attack would still succeed. Option C is wrong because disabling PowerShell script block logging would actually reduce visibility and make detection harder; it does not prevent the attack from occurring. Option D is wrong because using a signed script policy only enforces that scripts must be digitally signed to run, but the attacker's obfuscated script could be self-signed or run in memory bypassing signature checks, and signed script policies do not block in-memory execution.

693
MCQmedium

A technician is tasked with upgrading the operating system on ten identical workstations. The change advisory board has approved the upgrade. After completing the first workstation, the technician notices the new OS causes a critical line-of-business application to fail. What should the technician do next?

A.Continue upgrading the remaining workstations since the change was approved.
B.Restore the first workstation to the previous OS and complete the rest without changes.
C.Report the failure to the change advisory board and pause further upgrades.
D.Research a hotfix for the application and apply it to all workstations.
AnswerC

Reporting the issue allows the CAB to evaluate the risk, possibly modify the rollout plan, or find a workaround before proceeding.

Why this answer

This question tests the change management process when an approved change causes unexpected issues. The correct action is to stop the rollout and document the problem so the CAB can reassess the change.

694
MCQeasy

A technician writes a batch script to automate software installation across multiple workstations. The script needs to wait for the installer to finish before proceeding to the next line. Which command should be used?

A.PAUSE
B.TIMEOUT
C.START /WAIT
D.CALL
AnswerC

START /WAIT launches the installer and waits for it to exit before continuing.

Why this answer

The START /WAIT command launches a specified program or script and pauses execution of the batch file until that process terminates. This is exactly what is needed to ensure the installer completes before the next line runs, making it the correct choice for sequential automation.

Exam trap

CompTIA often tests the distinction between PAUSE (user input wait), TIMEOUT (fixed delay), and START /WAIT (process-aware wait), trapping candidates who confuse a simple delay with true process synchronization.

How to eliminate wrong answers

Option A (PAUSE) is wrong because it simply halts the script and displays 'Press any key to continue...', waiting for user input rather than for a specific process to finish. Option B (TIMEOUT) is wrong because it introduces a fixed delay (e.g., TIMEOUT /T 30) but does not monitor the installer process; the script will resume after the timeout regardless of whether the installer has completed. Option D (CALL) is wrong because it invokes another batch file or label within the same script context and returns control after that script finishes, but it does not inherently wait for a spawned process like an installer; it is designed for subroutine-like calls, not for launching external executables with a wait requirement.

695
MCQmedium

A user calls the help desk because they cannot access a shared folder on the network. The user's account is part of the 'Sales' group, which has 'Read' permission, but the user needs to modify files. What is the most efficient way to grant the required access?

A.Assign 'Full Control' to the user's account directly
B.Add the user to a group that has 'Modify' permission
C.Change the folder's sharing settings to 'Everyone' with 'Read/Write'
D.Remove the user from the Sales group and add them to a new group with 'Read' permission
AnswerB

Modify permission allows reading, writing, and deleting files, which meets the user's need without granting unnecessary rights.

Why this answer

Adding the user to a group with 'Modify' permissions is efficient because it avoids individual permission assignments and follows the principle of group-based access control. This ensures the user can edit files without overcomplicating permissions.

696
MCQmedium

A user reports that their external hard drive is no longer recognized by Windows. They suspect it might be infected with malware from a previous connection. You run a security scan and find no threats. What is the most likely cause of the drive not being recognized?

A.The drive is permanently damaged by malware.
B.The USB controller driver is corrupted or outdated.
C.The user needs to format the drive to remove malware.
D.Windows Firewall is blocking the external drive.
AnswerB

Corrupted drivers can prevent device recognition; reinstalling or updating the driver in Device Manager often fixes the problem.

Why this answer

When a drive is not recognized after a suspected malware incident, the issue is often driver-related or due to a corrupted file system, not necessarily malware. Reinstalling or updating the USB controller driver in Device Manager can resolve recognition issues. The correct answer is to check Device Manager for driver issues.

697
MCQhard

A technician discovers that a user has been sharing their login credentials with coworkers to allow them to access a shared drive. The company's security policy prohibits password sharing. What is the most effective way to prevent this behavior while still allowing necessary access?

A.Disable the user's account and create a generic shared account for the drive.
B.Implement a Group Policy that forces password changes every 30 days.
C.Configure the shared drive permissions using security groups and add the coworkers to the appropriate group.
D.Send a company-wide email reminding users not to share passwords.
AnswerC

This grants necessary access without sharing passwords, enforcing least privilege and accountability.

Why this answer

The root cause is that the shared drive access is tied to individual accounts, encouraging sharing. Implementing group-based permissions with proper access control lists (ACLs) allows the company to grant access to a group rather than an individual, eliminating the need to share passwords. Additionally, enforcing a policy of non-repudiation and using audit logs can deter sharing.

698
MCQmedium

A company uses a cloud-based file storage service. An employee reports that when they try to upload a large video file, the upload fails after several minutes of progress. The employee's internet connection is stable and other uploads of smaller files work fine. What is the most likely cause of this issue?

A.The employee's computer has insufficient RAM.
B.The cloud service's server is temporarily overloaded.
C.The file exceeds the maximum upload size allowed by the service.
D.The employee's account has been suspended.
AnswerC

Cloud storage services often impose file size limits, and exceeding that limit would cause the upload to fail, often after some progress.

Why this answer

This scenario tests troubleshooting cloud storage issues. The correct answer is C because many cloud services have file size limits, and a large video file may exceed that limit. The other options are less likely given that other uploads work and the connection is stable.

699
MCQhard

A technician is troubleshooting a network issue and needs to access the user's computer remotely. The user is in a different city and speaks with a heavy accent, making communication difficult. The technician has trouble understanding the user's description of the error. What is the best approach?

A.Ask the user to type the error message in a chat window to avoid miscommunication.
B.Speak slowly and loudly, repeating each question until the user understands.
C.Ask the user to transfer the call to a colleague who speaks English more clearly.
D.Proceed with remote access without further communication, assuming you can diagnose the issue visually.
AnswerA

This leverages written communication to bypass the accent barrier, showing resourcefulness and respect for the user.

Why this answer

This question tests adaptability and respectful communication when language barriers exist. The correct answer uses a collaborative, patient approach to ensure understanding without causing embarrassment.

700
MCQmedium

A technician is configuring a new server room and needs to ensure that only authorized personnel can physically access it. The company wants a solution that does not require replacement of keys or cards if one is lost. Which access control method best meets this requirement?

A.Use a combination lock
B.Implement a biometric fingerprint reader
C.Install a smart card system
D.Use a keypad with a PIN code
AnswerB

Biometrics are tied to the individual and cannot be lost, so no reissuance is needed if a card is lost.

Why this answer

Biometric systems use unique physical traits (fingerprint, retina) that cannot be lost or easily duplicated. This eliminates the need to reissue credentials if a card or key is lost, though biometrics have their own management challenges.

701
MCQmedium

A small office user reports that their Windows 10 PC randomly freezes for 10-15 seconds, especially when opening large files. Task Manager shows high disk usage (100%) but low CPU and memory usage. Which built-in Windows tool should be used to diagnose the disk performance issue?

A.Use Resource Monitor to analyze disk activity and queue length.
B.Run the Performance Monitor with a Data Collector Set for disk.
C.Check the Event Viewer for disk-related errors.
D.Defragment the hard drive using the Optimize Drives tool.
AnswerA

Resource Monitor shows real-time disk I/O per process, helping pinpoint which process is causing high disk usage.

Why this answer

Resource Monitor (resmon.exe) provides real-time metrics on disk activity, including disk queue length, average disk seconds per read/write, and per-process I/O. The user's symptom of 100% disk usage with low CPU/memory suggests a disk bottleneck; a consistently high queue length (above 2 per spindle) indicates the disk cannot keep up with I/O requests, which Resource Monitor can pinpoint directly.

Exam trap

CompTIA often tests the distinction between real-time diagnostic tools (Resource Monitor) and historical logging tools (Performance Monitor), leading candidates to choose Performance Monitor because it sounds more comprehensive, but it is not designed for live troubleshooting of an active bottleneck.

How to eliminate wrong answers

Option B is wrong because Performance Monitor with a Data Collector Set is a historical logging tool, not a real-time diagnostic tool for immediate analysis of current high disk usage. Option C is wrong because Event Viewer logs system errors and warnings, not granular per-process disk I/O metrics like queue length or latency. Option D is wrong because defragmentation (Optimize Drives) improves sequential read performance on HDDs but does not address the underlying cause of high disk queue length or random freezes, and is irrelevant for SSDs which do not benefit from defragmentation.

702
MCQmedium

A user reports that their Windows 10 PC is infected with a virus that keeps reappearing after removal. The technician boots into Safe Mode, runs a full antivirus scan, and removes the threat. However, after rebooting normally, the virus returns. What is the most likely reason?

A.The antivirus definitions are outdated.
B.The virus has a persistence mechanism, such as a scheduled task or registry run key.
C.The user is re-downloading the virus from the same source.
D.The virus is a polymorphic variant that changes its signature.
AnswerB

Persistence mechanisms allow malware to reinstall itself after removal. The technician must identify and delete these triggers in Task Scheduler, registry, or startup folders.

Why this answer

Option B is correct because the virus likely uses a persistence mechanism such as a scheduled task (via schtasks.exe) or a registry Run key (e.g., HKCU\Software\Microsoft\Windows\CurrentVersion\Run) to re-infect the system after boot. Safe Mode may bypass some of these mechanisms, but a normal boot re-triggers them, allowing the virus to reinstall itself even after the initial removal.

Exam trap

CompTIA often tests the distinction between detection failure (outdated definitions or polymorphism) and re-infection due to persistence mechanisms, so the trap here is assuming the antivirus failed to detect the virus rather than recognizing that the virus is being re-introduced after removal.

How to eliminate wrong answers

Option A is wrong because outdated antivirus definitions would prevent detection, not cause the virus to reappear after removal; the scan already removed the threat. Option C is wrong because the user re-downloading the virus would require active user action each time, but the problem states the virus 'keeps reappearing' automatically after reboot, indicating a persistence mechanism rather than repeated user downloads. Option D is wrong because a polymorphic virus changes its signature to evade detection, but the antivirus already detected and removed it; the issue is re-infection after reboot, not evasion of the scan.

703
MCQhard

A technician is troubleshooting a wireless network where users report intermittent connectivity. The network uses WPA2-Enterprise with a RADIUS server. The technician notices that the RADIUS server logs show frequent authentication failures from one specific access point. What is the most likely cause?

A.The access point is using a different channel than the others.
B.The RADIUS server certificate has expired.
C.The access point's RADIUS shared secret is incorrect.
D.The clients are using WPA2-PSK instead of WPA2-Enterprise.
AnswerC

The shared secret is used for authentication between the AP and RADIUS server; a mismatch causes failures.

Why this answer

A mismatched pre-shared key or RADIUS secret between the access point and the RADIUS server will cause authentication failures. Other options like channel interference or encryption mismatch would not specifically show RADIUS authentication failures.

704
MCQeasy

A customer reports that their laptop battery is swelling and the case is cracking. They ask if it's safe to continue using it plugged in. What should the technician advise?

A.It's fine to keep using it plugged in as long as the battery is removed.
B.Continue using it but only on battery power to avoid overheating the charger.
C.Shut down the laptop immediately, disconnect the battery if safely possible, and replace the battery as soon as possible.
D.Place the laptop in a freezer to reduce swelling, then continue using it.
AnswerC

This follows proper safety protocols: stop using the device, isolate the battery, and replace it. A swollen battery must be treated as hazardous electronic waste.

Why this answer

A swelling lithium-ion battery indicates internal chemical breakdown and gas generation, which can lead to thermal runaway, fire, or explosion. The immediate risk is physical rupture of the battery casing and potential short-circuiting. The correct action is to shut down the laptop, disconnect the battery if it can be done safely without puncturing it, and replace it as soon as possible to eliminate the hazard.

Exam trap

CompTIA often tests the misconception that a swollen battery is safe to use if kept plugged in or if the battery is removed, when in fact any continued use or physical handling of a swollen battery poses immediate fire and chemical hazard risks.

How to eliminate wrong answers

Option A is wrong because removing a swollen battery from a laptop that is still plugged in does not eliminate the risk of short circuits or fire from the damaged battery, and the act of removal itself can be dangerous if the casing is already compromised. Option B is wrong because continuing to use the laptop on battery power will further discharge and stress the already unstable battery, increasing the likelihood of thermal runaway. Option D is wrong because placing a lithium-ion battery in a freezer can cause condensation, internal short circuits, and further chemical instability, and it does not reverse the swelling or make the battery safe.

705
MCQmedium

A user on Windows 11 reports that their computer frequently freezes for 5–10 seconds at a time, especially when opening multiple browser tabs. The system has 8 GB of RAM and a mechanical hard drive. Which performance monitor counter should you check first to confirm the likely bottleneck?

A.% Processor Time
B.Available Mbytes
C.Avg. Disk Queue Length
D.Pages/sec
AnswerC

A high average disk queue length indicates that the disk is overwhelmed with requests, which is a classic symptom of excessive paging on a system with insufficient RAM and a slow HDD. This is the best counter to confirm the bottleneck.

Why this answer

Frequent freezing when multitasking on a system with a mechanical hard drive and limited RAM often points to excessive disk usage due to paging. The 'Avg. Disk Queue Length' counter in Performance Monitor indicates how many requests are waiting for the disk; a sustained value over 2 suggests the disk is the bottleneck, likely from swapping memory to the page file.

706
MCQeasy

After deploying a new Windows 11 update, several users complain that they can no longer access shared folders on the network. You verify that network discovery and file sharing are enabled. Which Windows security setting should you check first to resolve this issue?

A.Check if the users are in the 'Remote Desktop Users' group.
B.Verify that the 'Password Protected Sharing' option is turned off.
C.Review Windows Defender Firewall rules for 'File and Printer Sharing.'
D.Run Windows Update to install additional patches.
AnswerC

The firewall controls network traffic; if the rule is blocked, file sharing will fail.

Why this answer

Windows Defender Firewall can block file and printer sharing even if sharing settings are enabled. The 'File and Printer Sharing' inbound rule must be allowed for the appropriate network profile (e.g., Private). This is a common issue after updates that reset firewall rules.

707
MCQeasy

A user calls the help desk claiming they received an urgent email from the CEO asking them to purchase gift cards for a client and reply with the codes. The user is suspicious because the email address looks slightly off. What type of social engineering attack is this?

A.Shoulder surfing
B.Phishing
C.Tailgating
D.Dumpster diving
AnswerB

Phishing uses fraudulent communications, often email, to trick recipients into revealing sensitive information or performing actions like purchasing gift cards.

Why this answer

This is a classic phishing attack, specifically a form of spear phishing or whaling, where the attacker impersonates a high-level executive to trick the victim into performing an action. The slight alteration in the email address is a common indicator of a spoofed sender.

708
MCQeasy

A user reports that their Windows 10 PC is running very slowly, and they suspect a background process is consuming too much memory. Which command-line tool would you use from an elevated command prompt to identify the process with the highest memory usage?

A.tasklist /FI "MEMUSAGE gt 100000"
B.ipconfig /all
C.chkdsk /f
D.sfc /scannow
AnswerA

This command filters the task list to show only processes using more than 100,000 KB of memory, directly identifying high-memory processes.

Why this answer

The correct answer is tasklist, which displays a list of running processes along with memory usage. You can sort the output by memory to quickly find the culprit. This is a fundamental command for identifying resource-hungry processes.

709
MCQmedium

A user calls the help desk because their computer is running slowly and they see a fake antivirus program warning that their system is infected. The user cannot close the warning window. Which type of malware is this, and what is the best removal approach?

A.Ransomware; pay the fee to remove the warning.
B.Spyware; run a full scan in normal mode.
C.Rogue antivirus; boot into Safe Mode with Networking and run Malwarebytes.
D.Adware; uninstall the program from Control Panel.
AnswerC

Safe Mode prevents the malware from loading, and a dedicated tool can remove it.

Why this answer

Rogue antivirus (scareware) displays fake warnings to trick users into paying for unnecessary software. The best approach is to boot into Safe Mode with Networking and run a legitimate malware removal tool, as the malware may block normal mode.

710
MCQmedium

During a network equipment upgrade, a technician finds several old switches with visibly leaking capacitors on the circuit boards. What is the correct procedure for handling these switches?

A.Power them on to see if they still function before disposal.
B.Wear nitrile gloves, place the switches in a sealed bag, and label for e-waste recycling.
C.Use compressed air to blow out the leaked substance and then recycle the switches.
D.Dispose of the switches in the regular office recycling bin.
AnswerB

This is correct because gloves protect the technician, sealing prevents leaks, and labeling ensures proper hazardous waste handling.

Why this answer

Leaking capacitors often contain hazardous materials such as electrolytes or polychlorinated biphenyls (PCBs), which require special handling to prevent environmental contamination and personal injury. The correct procedure is to wear nitrile gloves (to avoid skin contact with corrosive or toxic substances), place the switches in a sealed bag to contain any leaked material, and label them for e-waste recycling, ensuring compliance with environmental regulations like the WEEE Directive or RCRA.

Exam trap

CompTIA often tests the misconception that visibly damaged equipment can be safely tested or cleaned with common tools, when in fact hazardous material protocols require containment and professional e-waste disposal without powering on or disturbing the leak.

How to eliminate wrong answers

Option A is wrong because powering on switches with leaking capacitors can cause short circuits, electrical fires, or further release of hazardous fumes, and it does not address proper disposal procedures. Option C is wrong because using compressed air can aerosolize hazardous electrolyte particles, leading to inhalation risks or spreading contamination, and it does not constitute safe handling or recycling. Option D is wrong because regular office recycling bins are not designed for hazardous e-waste; disposing of leaking capacitors in general waste violates environmental laws and can harm sanitation workers and the environment.

711
MCQmedium

During a macOS deployment, you need to create a bootable USB installer for macOS Sonoma to upgrade multiple iMacs. You have the 'Install macOS Sonoma' app in the Applications folder. Which command-line tool should you use to create the installer?

A.diskutil
B.asr
C.createinstallmedia
D.hdiutil
AnswerC

This is the correct command, typically used as: sudo /Applications/Install\ macOS\ Sonoma.app/Contents/Resources/createinstallmedia --volume /Volumes/MyVolume

Why this answer

The 'createinstallmedia' utility is the built-in Apple tool for creating bootable macOS installers. It must be run from Terminal with the correct path to the installer app and the target volume.

712
MCQeasy

A technician is tasked with installing a security patch on 50 company laptops. The change management process requires a full system backup before any patch installation. During the backup of the first laptop, the backup fails due to insufficient disk space. What should the technician do?

A.Skip the backup for this laptop and proceed with the patch installation.
B.Free up disk space by deleting temporary files and retry the backup.
C.Install the patch anyway and create a manual restore point.
D.Report the failure to the change manager and request an exception.
AnswerB

This is a reasonable troubleshooting step to meet the backup requirement, and if successful, allows the technician to comply with policy.

Why this answer

Option B is correct because the change management process explicitly requires a full system backup before patch installation. Deleting temporary files is a standard, low-risk method to free disk space and retry the backup, ensuring compliance without violating policy. This approach maintains data integrity and follows the established procedure.

Exam trap

CompTIA often tests the candidate's understanding that change management policies are mandatory and must be followed, not circumvented, and that troubleshooting steps should be taken before escalating to management.

How to eliminate wrong answers

Option A is wrong because skipping the backup violates the mandatory change management requirement, risking data loss if the patch causes issues. Option C is wrong because installing the patch without a full backup and relying on a manual restore point does not satisfy the policy for a complete system backup, and a restore point may not capture all system state. Option D is wrong because reporting the failure and requesting an exception is premature; the technician should first attempt to resolve the disk space issue, as the process expects troubleshooting before escalation.

713
MCQmedium

A school district is deploying laptops to students and wants to deter theft while keeping devices usable. Which physical security control should they implement on the laptops?

A.Install a cable lock on each laptop
B.Use a laptop safe
C.Apply asset tracking tags
D.Enable a BIOS password
AnswerC

Asset tags (e.g., RFID or barcode) help track and recover stolen laptops without hindering normal use.

Why this answer

Asset tracking tags allow the school to identify and recover stolen devices, acting as a deterrent and aiding in recovery. This balances security with usability, as the laptops remain fully functional for students.

714
MCQhard

A technician is decommissioning a server that uses a hardware RAID controller. The company policy requires that all data be destroyed, but the drives must be returned to the leasing company. Which method ensures data is unrecoverable while preserving the drives?

A.Remove the drives and use a degausser on each one.
B.Perform a secure erase using a bootable utility like DBAN.
C.Use the RAID controller's built-in 'secure erase' or 'low-level format' command.
D.Physically drill through the drive enclosures.
AnswerC

The controller's utility can access all sectors, ensuring complete data removal while keeping drives functional for return.

Why this answer

Hardware RAID controllers often use non-standard sector layouts, making software-based wiping unreliable. The best approach is to use the RAID controller's own low-level format or secure erase utility, which understands the controller's geometry.

715
MCQmedium

A technician is troubleshooting a Windows 10 PC that shows a black screen with a movable mouse cursor after boot. The user can press Ctrl+Alt+Del and launch Task Manager. Which Control Panel or Settings tool should be used to repair the system files that may be corrupted?

A.System Properties > System Protection
B.Device Manager
C.Administrative Tools > Computer Management
D.Settings > Update & Security > Troubleshoot
AnswerA

System Protection allows you to perform a System Restore or configure restore points, which can fix corruption caused by recent changes.

Why this answer

The correct approach is to use System Protection (System Restore) or the System File Checker (SFC) via Command Prompt. Since the user can access Task Manager, they can run 'sfc /scannow' from a command prompt. The System Protection tab in System Properties allows restoring to a previous state if available.

716
MCQhard

A company is migrating from Windows 7 to Windows 10 and needs to automate the installation of 200 workstations with identical software and settings. They have a reference computer already configured. Which Windows tool should they use to capture and deploy a custom system image?

A.Windows System Image Manager (Windows SIM)
B.System Preparation Tool (Sysprep)
C.Windows Recovery Environment (WinRE)
D.Windows Backup and Restore
AnswerB

Sysprep prepares the reference installation for imaging by generalizing it, which is the first step in creating a deployable image.

Why this answer

Sysprep is the correct tool because it generalizes a Windows installation by removing unique system identifiers (such as the computer SID, computer name, and driver caches) so that the reference computer’s image can be safely captured and deployed to multiple workstations. After Sysprep runs with the /generalize option, the image is captured using a tool like DISM or ImageX, then deployed to 200 identical workstations, ensuring each machine generates its own unique SID and settings on first boot.

Exam trap

The trap here is that candidates confuse Sysprep with Windows SIM, thinking that creating an answer file is the same as capturing an image, but Sysprep is the prerequisite generalization step that makes the image safe for cloning, while Windows SIM only creates automation scripts.

How to eliminate wrong answers

Option A is wrong because Windows System Image Manager (Windows SIM) is used to create unattended answer files (Unattend.xml) that automate installation settings, not to capture or deploy a system image. Option C is wrong because Windows Recovery Environment (WinRE) is a diagnostic and recovery platform for repairing a broken OS, not a tool for capturing or deploying a custom image. Option D is wrong because Windows Backup and Restore creates file-level or system-state backups, not a hardware-independent, deployable system image suitable for cloning to multiple workstations.

717
MCQmedium

A technician is troubleshooting a Windows 10 workstation that displays a fake security alert claiming the system is infected and prompting the user to call a toll-free number. The user cannot close the alert window or open Task Manager. Which type of malware is causing this behavior, and what is the best removal approach?

A.It is a rootkit; use a rootkit removal tool from within Windows.
B.It is ransomware; pay the fee to remove the alert.
C.It is a tech support scam; boot into Safe Mode with Networking and run an anti-malware scan.
D.It is a worm; disconnect the network and reinstall the operating system.
AnswerC

Safe Mode prevents the scam from running, and an anti-malware scan can remove the associated files and registry entries.

Why this answer

This is a classic tech support scam, a form of scareware that locks the browser or desktop to trick users into calling a fake support number. The best removal approach is to boot into Safe Mode with Networking, then run a malware removal tool like Malwarebytes. This bypasses the malware's ability to block Task Manager and allows the technician to clean the system.

718
MCQeasy

A user reports that their workstation is running slowly and they see frequent pop-up ads even when no browser is open. They also notice a new toolbar in their system tray that they did not install. What is the most likely security issue?

A.A rootkit has hidden itself in the kernel.
B.The system has adware installed.
C.A ransomware encryption process has started.
D.The user's account has been phished and credentials stolen.
AnswerB

Adware commonly causes pop-up ads, slow performance, and unwanted toolbars, matching the symptoms exactly.

Why this answer

This scenario describes classic symptoms of adware or potentially unwanted program (PUP) infection. Adware displays unsolicited advertisements and often installs toolbars; it degrades performance and can be a vector for more serious malware. The correct answer identifies the issue as adware.

719
MCQhard

A technician is deploying a new point-of-sale system in a busy retail store. The store manager insists on a specific configuration that the technician knows will cause data security vulnerabilities. Which of the following is the BEST course of action?

A.Implement the configuration as requested to keep the manager happy.
B.Refuse to do the work and walk away.
C.Explain the security risks in non-technical terms and propose a secure alternative that meets their needs.
D.Secretly implement a secure configuration and tell the manager it's what they asked for.
AnswerC

This demonstrates professionalism by educating the client and offering a solution.

Why this answer

Option C is correct because it aligns with the CompTIA A+ objective of balancing security with business needs. The technician must communicate the security risks of the manager's requested configuration (e.g., using default credentials or disabling encryption on the POS system) in non-technical terms, then propose a secure alternative that still meets the operational requirements, such as using WPA3 with a strong passphrase instead of an open Wi-Fi network. This approach maintains professionalism, avoids data breaches, and preserves the working relationship.

Exam trap

CompTIA often tests the trap that candidates choose Option A (compliance with authority) or Option B (rigid refusal) instead of the balanced, professional approach of explaining risks and proposing alternatives, which is the core of CompTIA's 'Communication and Professionalism' domain.

How to eliminate wrong answers

Option A is wrong because implementing an insecure configuration knowingly violates the technician's ethical and professional responsibility to protect sensitive payment card data, potentially leading to PCI DSS non-compliance and data breaches. Option B is wrong because walking away without attempting to educate the manager or offer a secure alternative is unprofessional and fails to resolve the issue, leaving the store vulnerable. Option D is wrong because secretly implementing a different configuration undermines trust and could cause operational issues if the manager discovers the change, and it does not address the root cause of the manager's misunderstanding.

720
MCQmedium

During a security audit, you find that a configuration file /etc/app/config.cfg has permissions -rwxrwxrwx. What command should you run to restrict it so only the owner can read and write, and the group can read, while others have no access?

A.chmod 640 /etc/app/config.cfg
B.chmod 750 /etc/app/config.cfg
C.chmod 644 /etc/app/config.cfg
D.chmod 600 /etc/app/config.cfg
AnswerA

640 gives owner read/write, group read, and others no access, matching the requirement.

Why this answer

The desired permissions are rw-r----- which is numeric 640. The chmod command with 640 sets owner read/write, group read, and no permissions for others.

721
MCQmedium

A user reports that their browser displays a warning saying 'Your connection is not private' when visiting a frequently used banking site. After checking, you see the certificate error is for a different domain. What is the most likely cause?

A.The user's system date and time are incorrect
B.The website's SSL certificate has expired
C.A malicious proxy or DNS hijacking is redirecting traffic to a fake site
D.The browser needs to be updated to the latest version
AnswerC

A man-in-the-middle attack can present a certificate for a different domain, indicating redirection to a fraudulent site.

Why this answer

A certificate error for a different domain indicates a possible man-in-the-middle attack or DNS hijacking. The correct action is to investigate the network and not proceed to the site. This tests understanding of SSL/TLS certificate warnings and their security implications.

722
MCQmedium

A company is moving to a new office and wants to secure its server room against both unauthorized entry and environmental hazards. Which combination of physical controls should be implemented?

A.A key lock and a fire extinguisher
B.An electronic badge reader and a temperature sensor
C.A biometric scanner and a security camera
D.A combination lock and a humidity monitor
AnswerB

The badge reader controls and logs access; the temperature sensor monitors environmental conditions to prevent overheating.

Why this answer

Physical security for server rooms should include access control (e.g., electronic lock) and environmental monitoring (e.g., temperature/humidity sensors) to protect equipment. This addresses both security and operational continuity.

723
MCQmedium

A small business owner wants to replace their old wireless router because guests have been using the network to access inappropriate content. The owner wants to isolate guest traffic from the main business network and enforce content filtering. Which combination of wireless security and features should the technician recommend?

A.WPA3-Personal with MAC address filtering.
B.WPA2-PSK with a guest network enabled and content filtering via OpenDNS.
C.WPA2-Enterprise with a RADIUS server and no guest network.
D.WEP encryption with a hidden SSID.
AnswerB

A guest network isolates traffic, and DNS-based content filtering blocks inappropriate sites.

Why this answer

WPA2-PSK with a separate guest network and content filtering DNS provides both security and isolation. WPA3 is not yet widely supported on all devices, and MAC filtering is not effective for guest isolation.

724
MCQhard

A technician is installing a new UPS (Uninterruptible Power Supply) in a server rack. The UPS is heavy and must be mounted securely. What is the most important safety consideration during installation?

A.Ensure the UPS is connected to a grounded outlet before mounting.
B.Use a lifting team or mechanical lift to position the UPS.
C.Verify that the UPS batteries are charged before installation.
D.Install the UPS at the top of the rack for better airflow.
AnswerB

This is correct. UPS units are heavy and require proper lifting equipment or multiple people to avoid back injury or dropping the unit.

Why this answer

The UPS is a heavy piece of equipment, and improper lifting can cause serious injury or damage. Using a lifting team or mechanical lift ensures safe handling and prevents back strain, crush injuries, or dropping the unit, which is the primary safety concern during physical installation.

Exam trap

The trap here is that candidates focus on electrical safety (grounding) or operational readiness (battery charge) instead of recognizing that the immediate physical hazard of moving a heavy object is the most critical safety consideration during installation.

How to eliminate wrong answers

Option A is wrong because grounding is an electrical safety step, but it is not the most important consideration during the physical mounting of a heavy UPS; the immediate risk of injury from lifting outweighs electrical concerns at this stage. Option C is wrong because verifying battery charge is a functional check, not a safety consideration during installation; batteries can be charged after the unit is securely mounted. Option D is wrong because installing the UPS at the top of the rack creates a top-heavy stability hazard and makes lifting more dangerous; heavy components should be mounted low in the rack for stability.

725
MCQmedium

A technician needs to deploy a custom script to 50 Windows 10 workstations during an automated software installation. The script must run with administrative privileges. Which command-line tool should be used to execute the script with elevated rights from a batch file?

A.msiexec /i package.msi
B.wmic os get name
C.runas /user:Administrator script.bat
D.schtasks /create
AnswerC

Correct. runas executes the script under the Administrator account, ensuring necessary permissions.

Why this answer

The runas command allows executing a program with different credentials, typically an administrator account. In deployment scripts, runas /user:Administrator ensures the script runs with elevated privileges. Other options like msiexec install MSI packages, wmic queries WMI, and schtasks schedules tasks.

726
MCQmedium

A technician is removing malware from a Windows 10 PC and wants to ensure that no remnants remain in the registry or startup folders. After running an antivirus scan and deleting infected files, which additional step should the technician perform?

A.Run the Windows Memory Diagnostic tool.
B.Check and clean startup entries using MSConfig or Autoruns.
C.Disable System Restore to free up disk space.
D.Update all device drivers to the latest versions.
AnswerB

Startup entries are a common persistence mechanism; cleaning them ensures the malware does not restart with the system.

Why this answer

After removing malware, it is critical to check and clean startup entries using tools like MSConfig or Autoruns to prevent the malware from reloading on reboot. Malware often adds entries to the registry Run keys or the Startup folder to persist. Simply deleting files may leave these entries intact, allowing the malware to reinstall itself.

727
MCQeasy

A user reports that after a recent Windows update, the 'Local Users and Groups' snap-in is missing from the Computer Management console. The user needs to add a new local user account. Which administrative tool should be used to complete this task?

A.Run lusrmgr.msc from the Run dialog.
B.Open the Services console (services.msc) and restart the 'User Manager' service.
C.Use the Disk Management tool to create a new user volume.
D.Open the Registry Editor and modify the SAM registry hive.
AnswerA

Correct. lusrmgr.msc launches the Local Users and Groups snap-in directly, allowing user account creation.

Why this answer

The 'Local Users and Groups' snap-in (lusrmgr.msc) is the correct tool for managing local user accounts and groups. Even if it's missing from Computer Management, it can be run directly or added via the MMC. The other options are not designed for user account management.

728
MCQhard

A company is migrating to a new cloud-based system and needs to dispose of old tape backup cartridges that contain years of financial data. The tapes are magnetic media. Which disposal method is most appropriate for this media type?

A.Overwrite the tapes with a bulk eraser.
B.Reformat the tapes using a tape drive.
C.Incinerate the tapes in a certified facility.
D.Delete the files from the tape catalog.
AnswerA

A bulk eraser (degausser) is designed for magnetic tape and will completely erase the data. This is the standard method for tape disposal.

Why this answer

Magnetic tape is best destroyed by degaussing, which disrupts the magnetic domains, or by physical shredding. Degaussing is fast and effective for tape, but it renders the tape unusable. Shredding is also acceptable.

729
MCQhard

A technician is troubleshooting an Android phone that cannot connect to Wi-Fi networks, even though other devices connect fine. The technician notices that the phone's MAC address is displayed as '02:00:00:00:00:00' in the Wi-Fi settings. Which feature is likely causing this, and how should it be resolved?

A.The phone is using a static IP configuration; change it to DHCP.
B.The Wi-Fi hardware is faulty; the phone needs repair.
C.The phone has a randomized MAC address enabled; disable it for the network.
D.The phone is in Airplane Mode; turn it off.
AnswerC

Android 10+ uses randomized MACs by default to enhance privacy; the address shown is a randomized one, and disabling it for that network can fix connection issues.

Why this answer

This question tests knowledge of Android's privacy features. The correct answer is 'Randomized MAC Address', a security feature that spoofs the MAC address per network. The displayed address suggests the randomization is active, and disabling it for the specific network or turning off 'Use randomized MAC' can resolve connectivity issues.

730
MCQeasy

A user calls the help desk complaining that their browser homepage keeps changing to a site they did not set, and they cannot change it back. You remotely check and find no malware. What is the most likely cause?

A.The user's browser profile is corrupted.
B.A recently installed program modified the browser settings during installation.
C.The user's DNS settings are being hijacked by the ISP.
D.The browser's shortcut target is pointing to a different URL.
AnswerB

Many free applications bundle browser modifications; if the user did not uncheck those options, the homepage changes.

Why this answer

Some legitimate software installers include options to change browser settings, and users may inadvertently agree. This is a common cause of homepage changes that are not malware-related.

731
MCQeasy

A customer calls the help desk saying their remote desktop session to the office workstation keeps disconnecting after a few minutes. They are using a standard RDP client over the internet. What should the technician check first?

A.Verify that the user's local antivirus is not blocking RDP traffic.
B.Check the remote workstation's power settings to ensure it is not going to sleep.
C.Review the Remote Desktop Session Host configuration for idle session time limits.
D.Reinstall the RDP client on the user's home computer.
AnswerC

Idle time limits disconnect sessions after a period of inactivity. This matches the symptom of disconnecting after a few minutes.

Why this answer

The user's RDP session disconnects after a few minutes, which is a classic symptom of an idle session timeout enforced by the Remote Desktop Session Host (RD Session Host) or Group Policy. By default, Windows Server RDS roles have an idle session limit (often 15 minutes) that disconnects inactive sessions to free resources. Checking this configuration directly addresses the symptom, whereas other options target less likely causes for a consistent, time-based disconnect.

Exam trap

The trap here is that candidates often blame the client or local network (options A or D) for a disconnect, but Cisco tests your understanding that server-side session timeout policies are the most common cause of periodic, predictable RDP disconnections over the internet.

How to eliminate wrong answers

Option A is wrong because local antivirus typically blocks RDP at connection time (e.g., port 3389) with a persistent failure, not a delayed disconnect after minutes of use. Option B is wrong because the remote workstation's power settings would cause the entire machine to sleep, dropping all network connectivity instantly, not just the RDP session after a few minutes of activity. Option D is wrong because reinstalling the RDP client would not resolve a server-side timeout policy; the client software is not the cause of a consistent, timed disconnect.

732
MCQeasy

A user reports that they cannot execute a custom shell script they placed in their home directory, even though they can read and write to it. The script has permissions -rw-r--r--. Which command should you use to resolve this issue?

A.chmod 644 script.sh
B.chmod 755 script.sh
C.chmod 777 script.sh
D.chmod u+x script.sh
AnswerB

755 gives the owner read, write, and execute, and group/others read and execute, which allows the user to execute the script.

Why this answer

The script has no execute permission for any user. Using chmod with the numeric value 755 sets read, write, and execute for the owner, and read and execute for group and others, allowing the user to run the script.

733
MCQhard

A technician is decommissioning a RAID array of 10 hard drives that contained sensitive HR data. The company policy requires that data be destroyed without removing individual drives from the array. Which method is most appropriate?

A.Remove each drive and use a hammer to break the platters.
B.Use a degausser that can accommodate the entire array chassis.
C.Perform a secure erase on each drive via the RAID controller.
D.Reformat the array and reuse it for non-sensitive data.
AnswerB

A degausser can destroy data on all magnetic drives simultaneously without removal, though it may damage the controller—acceptable for decommissioning.

Why this answer

The correct answer is to use a degausser designed for large media, which can destroy data on all drives simultaneously without disassembly. However, this may damage the RAID controller. Alternatively, a bulk eraser could be used.

This question tests understanding of bulk destruction methods for RAID arrays.

734
MCQmedium

A company policy requires that all workstations must have Windows Firewall enabled. You check a user's PC and find the firewall is off. Which Control Panel applet would you use to turn it back on?

A.Security and Maintenance
B.Windows Defender Firewall
C.Network and Sharing Center
D.System
AnswerB

This applet provides full control over firewall settings, including turning it on or off for domain, private, and public networks.

Why this answer

The Windows Defender Firewall applet (Option B) is the dedicated Control Panel interface for managing Windows Firewall settings, including turning the firewall on or off. Since the question specifically asks which applet to use to enable the firewall, this is the correct tool. Other applets may display firewall status but do not provide the direct toggle to enable or disable the firewall.

Exam trap

The trap here is that candidates often confuse Security and Maintenance (which shows a warning about the firewall being off) with the actual tool needed to fix the issue, leading them to select Option A instead of the correct Windows Defender Firewall applet.

How to eliminate wrong answers

Option A (Security and Maintenance) is wrong because it only reports the firewall status and provides a link to the Windows Defender Firewall applet, but does not contain the actual toggle to turn the firewall on or off. Option C (Network and Sharing Center) is wrong because it is used for managing network connections, adapters, and sharing settings, not for enabling or disabling the Windows Firewall. Option D (System) is wrong because it displays basic system information, hardware specs, and allows management of system properties like remote settings and device names, with no firewall controls.

735
MCQeasy

A user's computer is infected with adware that changes the browser homepage and displays constant pop-ups. After removing the adware with an antivirus, the homepage remains changed. What additional remediation step should you take?

A.Reinstall the operating system
B.Reset the browser settings to default
C.Run a disk cleanup utility
D.Update the antivirus definitions and scan again
AnswerB

Resetting the browser clears all adware-induced changes, restoring the homepage and removing unwanted extensions.

Why this answer

After adware removal, the browser's homepage and settings are often stored in the browser's configuration files or registry keys that the antivirus does not reset. Resetting the browser settings to default restores the homepage, search engine, and new tab page to their original state, clearing any persistent malicious configurations left behind by the adware.

Exam trap

CompTIA often tests the misconception that a full OS reinstall is required for any persistent malware symptom, but the trap here is that the issue is a configuration change, not an active infection, so a targeted browser reset is sufficient.

How to eliminate wrong answers

Option A is wrong because reinstalling the operating system is an extreme measure that is unnecessary when the issue is isolated to the browser's settings; it would also delete user data and applications. Option C is wrong because a disk cleanup utility only removes temporary files and frees up disk space, it does not modify browser configuration settings or registry entries that control the homepage. Option D is wrong because updating antivirus definitions and scanning again would only detect and remove remaining malware files, but the adware has already been removed; the persistent homepage change is a configuration artifact, not an active infection.

736
MCQmedium

During a security audit, you discover that a user’s Windows 10 device has allowed multiple failed login attempts without locking the account. Which policy should you adjust to enforce account lockout after 5 failed attempts?

A.Password Policy – Minimum password length
B.Account Lockout Policy – Account lockout threshold
C.User Rights Assignment – Deny log on locally
D.Security Options – Interactive logon: Message text for users attempting to log on
AnswerB

This setting defines the number of failed logins allowed before the account is locked.

Why this answer

Account lockout policies are configured in the Local Security Policy under Account Policies. Setting 'Account lockout threshold' to 5 will lock the account after that many failed attempts, preventing brute-force attacks.

737
MCQmedium

You are configuring a new Windows 10 computer for a user who frequently downloads files from the internet. To reduce the risk of malware, you want to block the execution of downloaded files from the internet until they are scanned by antivirus. Which Windows feature should you enable?

A.Windows Defender Firewall
B.Windows Defender Application Guard
C.BitLocker Drive Encryption
D.User Account Control (UAC)
AnswerB

Application Guard uses hardware isolation to run untrusted files in a sandbox, preventing harm to the system.

Why this answer

Windows Defender Application Guard is designed to isolate untrusted downloads and prevent execution until scanned. This tests knowledge of Windows security features for browser and file safety. The other options are either not relevant or less effective.

738
MCQhard

A technician is working in a server room and notices a small fire starting in a power strip. What type of fire extinguisher should be used?

A.Class A fire extinguisher (water).
B.Class B fire extinguisher (CO2).
C.Class C fire extinguisher (dry chemical).
D.Class D fire extinguisher (metal).
AnswerC

Class C extinguishers are designed for electrical fires. They use non-conductive agents to safely extinguish the fire without risk of shock.

Why this answer

A small fire in a power strip involves energized electrical equipment. Class C fire extinguishers (dry chemical) are specifically designed for electrical fires because the dry chemical agent is non-conductive, preventing the risk of electric shock. Using a water-based extinguisher (Class A) or CO2 (Class B) on live electrical equipment can cause electrocution or damage, while Class D is for combustible metals.

Exam trap

CompTIA often tests the distinction between Class B and Class C extinguishers, trapping candidates who mistakenly think CO2 (Class B) is safe for electrical fires because it is non-conductive, but CO2 is not rated for electrical fires and can cause cold shock to components.

How to eliminate wrong answers

Option A is wrong because Class A water extinguishers conduct electricity, posing a severe electrocution hazard on live electrical equipment. Option B is wrong because Class B CO2 extinguishers are primarily for flammable liquids and gases, not for electrical fires; CO2 can also cause thermal shock to sensitive electronics. Option D is wrong because Class D extinguishers are specifically for combustible metal fires (e.g., magnesium, sodium) and are not applicable to electrical fires involving a power strip.

739
MCQeasy

A user calls the help desk, frustrated that their laptop 'keeps freezing' during video conferences. They admit they have 15 browser tabs open, are running a resource-heavy design app, and have not restarted the laptop in three weeks. The technician needs to recommend a solution while maintaining professionalism. What should the technician say first?

A."You need to close some tabs and restart your laptop immediately."
B."I understand that's frustrating. Let's look at what might be causing this. Have you noticed it happens when certain programs are open?"
C."That's because you never restart your computer. You should do that weekly."
D."Let me transfer you to our advanced support team for this issue."
AnswerB

This shows empathy and invites collaboration, aligning with best practices for professional communication.

Why this answer

Option B is correct because it first validates the user's frustration (professionalism) and then uses a probing question to gather diagnostic data about the specific conditions causing the freezing. This aligns with the CompTIA A+ troubleshooting methodology (identify the problem) and maintains rapport, which is critical for customer satisfaction. The technician avoids premature blame or dismissal, instead focusing on correlating the symptom (freezing) with resource contention from the browser tabs and design app.

Exam trap

CompTIA often tests the candidate's ability to prioritize professional communication over technical action; the trap here is that many candidates jump to a technical fix (Option A or C) instead of first acknowledging the user's issue and gathering information, which is the correct first step in the troubleshooting process.

How to eliminate wrong answers

Option A is wrong because it issues a direct command without acknowledging the user's frustration or gathering additional context, which violates professional communication standards and may escalate the user's frustration. Option C is wrong because it blames the user for not restarting, which is unprofessional and dismissive; it also assumes the root cause without verifying whether the freezing is due to memory leaks, driver issues, or thermal throttling. Option D is wrong because it escalates prematurely without attempting basic triage; the issue is likely within the technician's scope (resource management and reboot), and transferring without effort wastes time and frustrates the user further.

740
MCQeasy

A user reports that after a Windows update, their default browser keeps resetting to Microsoft Edge every time they restart the computer. They need to keep Google Chrome as the default. Which Control Panel or Settings applet should you use to permanently change this setting?

A.Programs and Features
B.Default Apps
C.Internet Options
D.Device Manager
AnswerB

Default Apps in Settings allows you to set default programs for web browsing, email, and other activities, and these settings are preserved after updates.

Why this answer

The correct tool is 'Default Apps' in Windows Settings, where you can set per-application defaults. This ensures the change persists across restarts, unlike simply choosing 'Always use this app' from a file dialog which may not override system policies.

741
MCQmedium

You are deploying a new application to multiple Windows 10 workstations using a script. The application requires administrator privileges, and you need to run the command with elevated rights from within the script. Which command should precede your installation command?

A.runas /user:Administrator
B.net user
C.cd
D.whoami
AnswerA

This command runs the subsequent program with administrator privileges, as required for the installation.

Why this answer

The runas command allows you to run a program with different credentials, such as an administrator account, from the command line. It is the standard way to elevate privileges in a script. Other commands either manage user accounts or change directories.

742
MCQeasy

A customer complains that their Windows 10 PC fails to boot and displays a 'Bootmgr is missing' error. You suspect the Boot Configuration Data (BCD) is corrupted. Which tool should you use to repair the BCD from the Windows Recovery Environment?

A.chkdsk /f
B.sfc /scannow
C.bootrec /rebuildbcd
D.diskpart
AnswerC

bootrec /rebuildbcd scans all disks for Windows installations and adds them to the BCD store, fixing corruption.

Why this answer

The bootrec tool is specifically designed to repair BCD and boot sector issues. Running bootrec /rebuildbcd scans for Windows installations and rebuilds the BCD store.

743
MCQhard

While configuring a new Windows 11 workstation, you need to ensure that a legacy application can always run with administrative privileges without prompting the user. The user is a standard user. What is the best way to accomplish this?

A.Set the application's compatibility mode to 'Run this program as an administrator' and grant the user full control over the program's folder.
B.Create a scheduled task that runs with the highest privileges and launches the application at user logon.
C.Disable User Account Control (UAC) via the Control Panel.
D.Add the user to the local Administrators group.
AnswerB

A scheduled task can be configured to run with stored administrator credentials and launch the application without any UAC prompt. This is the supported method for standard users to run legacy apps that require elevation.

Why this answer

Forcing a legacy app to run as administrator without UAC prompts for a standard user requires creating a scheduled task that runs with elevated privileges. The task can be set to run at user logon or on demand, and the application is launched by the task with the stored admin credentials. This bypasses UAC while maintaining security for the standard user account.

744
MCQeasy

A user calls the help desk, frantic because they received an email from what appears to be the CEO asking them to urgently purchase $500 in gift cards for a client and reply with the codes. The email address looks slightly off, and the signature is missing the usual legal disclaimer. What type of social engineering attack is this most likely an example of?

A.Shoulder surfing
B.Phishing
C.Tailgating
D.Pretexting
AnswerB

Phishing is the correct term for fraudulent emails designed to trick recipients into taking harmful actions, such as buying gift cards.

Why this answer

This scenario describes a phishing attack, specifically a variant called whaling or CEO fraud, where the attacker impersonates a high-level executive. Phishing is the use of deceptive emails to trick users into revealing sensitive information or performing actions. The slightly off email address and missing disclaimer are classic indicators of a phishing attempt.

745
MCQeasy

A user reports that after a recent Windows update, they can no longer install software on their company-issued laptop. When they try to run an installer, they get a message: 'Your system administrator has blocked this program.' The user has local administrator rights on the laptop. Which Windows security setting is most likely causing this issue?

A.Windows Defender Firewall is blocking the installer.
B.User Account Control (UAC) is set to 'Always notify.'
C.BitLocker Drive Encryption is preventing write access.
D.The user's account is not part of the local Administrators group.
AnswerB

UAC with 'Always notify' prompts for consent for any installation, even for local admins, and can block if not approved.

Why this answer

Windows User Account Control (UAC) can be configured to prompt for consent or credentials when software installation is attempted, even for local admins. If UAC is set to 'Always notify,' it will block installations that don't receive explicit approval. The 'blocked by administrator' message often points to UAC or AppLocker, but with local admin rights, UAC is the primary control.

746
MCQmedium

A small business owner reports that all their employees are receiving emails from each other containing a link that, when clicked, downloads a file that installs a program that spreads to other contacts. The emails appear to come from known senders. What type of malware is this?

A.Virus
B.Worm
C.Trojan horse
D.Rootkit
AnswerB

A worm spreads independently, often by sending copies of itself through email or network connections.

Why this answer

A worm self-replicates and spreads automatically, often via email or network shares, without needing to attach to a host file. This behavior distinguishes it from a virus, Trojan, or rootkit.

747
MCQhard

A technician is setting up remote access for a user who will be traveling internationally. The user needs to access files on a Windows server using RDP. Which additional security measure should the technician implement to protect the RDP session?

A.Enable Network Level Authentication (NLA) on the server
B.Use a VPN to encrypt all traffic before initiating RDP
C.Change the RDP port to a non-standard number
D.Disable clipboard redirection in the RDP session
AnswerB

A VPN creates an encrypted tunnel, securing the entire RDP session from interception.

Why this answer

B is correct because RDP traffic is encrypted but not authenticated at the transport layer, making it vulnerable to man-in-the-middle attacks, especially over untrusted international networks. A VPN (e.g., IPsec or OpenVPN) provides an additional layer of encryption and authentication for the entire session before RDP traffic is sent, ensuring confidentiality and integrity even if the RDP protocol itself is compromised.

Exam trap

CompTIA often tests the misconception that RDP's built-in encryption is sufficient for all scenarios, leading candidates to overlook the need for a VPN when the connection traverses untrusted networks, especially in international travel contexts.

How to eliminate wrong answers

Option A is wrong because Network Level Authentication (NLA) requires the user to authenticate before a full RDP session is established, which protects against some attacks but does not encrypt the traffic; it is a pre-session authentication mechanism, not a transport-layer security measure. Option C is wrong because changing the RDP port from the default 3389 to a non-standard number is a form of security through obscurity that does not provide actual encryption or authentication; it only reduces automated scans but does not protect the session from targeted attacks. Option D is wrong because disabling clipboard redirection prevents data transfer via the clipboard but does not encrypt or secure the RDP session itself; it is a data-leakage prevention measure, not a security measure for the session's confidentiality.

748
MCQmedium

A user reports that their Android phone's screen is unresponsive to touch, but the buttons and notification LED still work. They have already performed a forced restart. What should the technician do NEXT?

A.Replace the screen assembly.
B.Boot the phone into Safe Mode to check if the issue persists.
C.Perform a factory reset from the recovery menu.
D.Update the phone's firmware using a computer.
AnswerB

Safe Mode disables third-party apps; if the touch works there, a recently installed app is likely the culprit.

Why this answer

This scenario tests troubleshooting touchscreen issues. Since a forced restart didn't help, booting into Safe Mode can determine if a third-party app is causing the problem.

749
MCQeasy

A user reports that after a recent software update, their inventory management application crashes on launch. The change log shows the update was applied last night by a junior technician. What is the first step the technician should take according to change management best practices?

A.Restore the user’s system from a backup taken before the update.
B.Check the change log for the update details and rollback procedure.
C.Uninstall the update immediately to restore functionality.
D.Escalate the issue to the IT manager for a decision.
AnswerB

The change log should contain the change details, approval, and rollback plan, making it the correct first step to assess the situation.

Why this answer

Option B is correct because change management best practices require that before any action is taken, the technician should first consult the change log to understand what was changed and identify the documented rollback procedure. This ensures a controlled, reversible approach rather than risking data loss or further instability by acting without full knowledge of the update's scope.

Exam trap

CompTIA often tests the misconception that immediate restoration or uninstallation is the fastest fix, but the trap here is that candidates overlook the critical first step of consulting the change log to understand the update's scope and the documented rollback procedure before taking any action.

How to eliminate wrong answers

Option A is wrong because immediately restoring from backup is a reactive step that should only be taken after reviewing the change log and rollback plan; it may also be unnecessary if a simpler rollback exists. Option C is wrong because uninstalling the update without first checking the change log could leave the system in an inconsistent state or miss dependencies that require a specific rollback order. Option D is wrong because escalating to the IT manager bypasses the technician's responsibility to first gather information from the change log, which is a standard first step in incident response per change management frameworks.

750
MCQhard

A company's security policy requires that all laptops have a TPM chip enabled and be configured to require a PIN at startup before the operating system loads. Which security feature is being configured?

A.Secure Boot
B.BitLocker with TPM and PIN protector
C.Windows Defender System Guard
D.Group Policy password complexity enforcement
AnswerB

BitLocker can use a TPM plus a PIN for pre-boot authentication, requiring both hardware validation and user input to unlock the drive.

Why this answer

BitLocker with a PIN enhances pre-boot authentication by requiring both a TPM (for integrity verification) and a user-entered PIN before the OS loads. This prevents unauthorized access even if the TPM is present. This question tests the understanding of BitLocker's pre-boot authentication options and the role of the TPM.

Page 9

Page 10 of 10

All pages