CompTIA A+ Core 2 220-1202 (220-1202) — Questions 301375

750 questions total · 10pages · All types, answers revealed

Page 4

Page 5 of 10

Page 6
301
MCQmedium

A customer reports that their laptop frequently disconnects from the office Wi-Fi and reconnects after a few seconds. The network uses WPA2-PSK with AES encryption. The technician checks the router logs and sees repeated '4-way handshake timeout' errors. What is the most likely cause of this issue?

A.The laptop is using an outdated WEP encryption protocol.
B.The router's DHCP lease time is set too short.
C.The laptop is too far from the access point, causing intermittent signal loss.
D.The router is configured for WPA2-Enterprise instead of WPA2-PSK.
AnswerC

Weak signal can cause the 4-way handshake to time out, leading to disconnections.

Why this answer

The 4-way handshake timeout errors indicate that the laptop cannot complete the WPA2 authentication process, often due to signal interference or weak signal strength. While other options could cause connectivity issues, the specific handshake timeout points to a problem with the wireless signal or authentication process.

302
MCQmedium

A technician is setting up a guest Wi-Fi network in a coffee shop. The owner wants customers to be able to connect easily without entering a password, but still wants basic encryption to prevent eavesdropping. Which security configuration should the technician use?

A.Set up an open network with no encryption and a captive portal for terms of service.
B.Use WPA2-PSK with a simple password like 'coffee123'.
C.Enable WPA3-Enterprise with certificate-based authentication.
D.Use WEP with a shared key printed on a receipt.
AnswerA

An open network allows easy access without a password, and a captive portal can enforce acceptable use, but it does not encrypt traffic; this matches the owner's request for no password.

Why this answer

WPA3-Personal offers an 'Enhanced Open' mode (OWE) that provides encryption without a password, but WPA2-PSK with a simple password is more common. However, the scenario explicitly asks for 'no password' and 'basic encryption'. The correct answer is to use an open network with a captive portal, but that doesn't provide encryption.

The best compromise is to use WPA3-Enhanced Open (OWE) if supported, but since that may not be an option, the technician might use an open network with a captive portal. Among the options, the correct one is to use an open network with a captive portal for ease of access, but encryption is not provided. However, the question expects the technician to explain that an open network cannot provide encryption.

The correct answer is to use a captive portal on an open network, acknowledging the lack of encryption. This tests understanding of trade-offs between security and convenience.

303
MCQeasy

A junior admin needs to list all files in the current directory, including hidden files, with detailed information such as permissions, owner, and size. Which command should they use?

A.ls -l
B.ls -a
C.ls -la
D.ll
AnswerC

The combination -la lists all files in long format, fulfilling the requirement.

Why this answer

The ls command with the -la flags lists all files (including hidden ones starting with a dot) in long format, showing permissions, owner, group, size, and modification time.

304
MCQmedium

A technician is tasked with removing a persistent malware infection that survives reboots and re-infects the system even after a full antivirus scan in Safe Mode. The malware appears to hide in the Master Boot Record (MBR). Which removal method should the technician use?

A.Run a system file checker (sfc /scannow) from within Windows.
B.Use the Windows Recovery Environment to run bootrec /fixmbr.
C.Perform a clean installation of Windows without formatting the drive.
D.Disable System Restore and delete all restore points.
AnswerB

This command rewrites the MBR, removing the malware that resides there.

Why this answer

MBR malware infects the boot sector, loading before the operating system, which allows it to survive standard scans and Safe Mode. The most effective removal is to use the Windows Recovery Environment (WinRE) with bootrec /fixmbr and bootrec /fixboot commands. This overwrites the infected boot sector.

If that fails, a full reinstall may be necessary.

305
MCQmedium

A user reports that their Windows 10 PC is running slowly and the hard drive light is constantly active. You suspect the indexing service is consuming resources. Which Control Panel applet allows you to modify which folders are indexed, or to rebuild the index?

A.File Explorer Options
B.System > Advanced system settings > Performance
C.Indexing Options
D.Administrative Tools > Services
AnswerC

Indexing Options lets you add or remove indexed locations and rebuild the index to resolve performance issues.

Why this answer

The Indexing Options applet (C) is the correct Control Panel tool for managing the Windows Search index. It allows you to add or remove folders from the index and provides a button to rebuild the index, which can resolve performance issues caused by a corrupted or overly broad index. The constantly active hard drive light indicates the indexing service is actively processing files, and modifying or rebuilding the index directly addresses this resource consumption.

Exam trap

CompTIA often tests the distinction between managing a service's behavior (Indexing Options) versus managing the service's running state (Services.msc), leading candidates to choose Administrative Tools > Services when the question specifically asks about modifying indexed folders or rebuilding the index.

How to eliminate wrong answers

Option A is wrong because File Explorer Options (formerly Folder Options) controls file browsing settings like showing hidden files, folder views, and search behavior, but it does not manage the indexing service or allow you to modify indexed folders or rebuild the index. Option B is wrong because System > Advanced system settings > Performance opens the Performance Options dialog, which configures visual effects, processor scheduling, and virtual memory, not indexing settings. Option D is wrong because Administrative Tools > Services lets you start, stop, or disable the Windows Search service, but it does not provide a GUI to modify which folders are indexed or to trigger a rebuild; those actions require the Indexing Options applet.

306
MCQmedium

A company uses AppLocker to control which applications can run on Windows 10 workstations. A user needs to run a portable application from a USB drive for a presentation, but it is blocked by AppLocker. The user has local admin rights. What is the best way to allow this specific application while maintaining security?

A.Temporarily disable AppLocker service.
B.Add the user to the 'Power Users' group.
C.Create a new AppLocker path rule for the USB drive.
D.Run the application as Administrator.
AnswerC

This allows the specific app while keeping other restrictions in place.

Why this answer

AppLocker can be configured with rules based on file path, publisher, or hash. Creating a path rule for the USB drive or a hash rule for the specific executable allows the app while still blocking others. This is more secure than disabling AppLocker or giving the user permanent exceptions.

307
MCQeasy

A technician is configuring an Android phone for a user who frequently travels internationally. The user wants to ensure that data roaming is disabled to avoid high charges, but still wants to receive calls and texts while abroad. Which setting should the technician configure?

A.Enable Airplane Mode and turn on Wi-Fi.
B.Disable Mobile Data entirely.
C.Turn off Data Roaming in the mobile network settings.
D.Set the network mode to 2G only.
AnswerC

Data Roaming specifically controls cellular data while roaming; turning it off prevents data charges while voice and SMS still work.

Why this answer

This question tests Android connectivity settings. The correct answer is to disable 'Data Roaming' while keeping 'Roaming' enabled for voice and SMS. This allows calls and texts over partner networks without using mobile data, preventing unexpected charges.

308
MCQmedium

A technician is configuring a new firewall for a small office. They need to allow remote employees to securely access the internal network. Which technology should be enabled on the firewall?

A.Port forwarding
B.VPN passthrough
C.VPN server
D.DMZ
AnswerC

A VPN server on the firewall enables remote users to establish encrypted connections to the internal network.

Why this answer

A VPN creates an encrypted tunnel between a remote user and the internal network, ensuring secure access. This is the standard method for remote employees to connect safely.

309
MCQeasy

A customer complains that their iPhone's Wi-Fi keeps disconnecting and reconnecting. They have already rebooted the phone and the router. Which of the following is the MOST likely cause?

A.The phone's SIM card is faulty.
B.The Wi-Fi network password was changed recently.
C.The phone's Wi-Fi profile is corrupted.
D.The phone's operating system needs a full restore via iTunes.
AnswerC

A corrupted Wi-Fi profile can cause intermittent disconnects; forgetting the network and reconnecting often fixes this.

Why this answer

This scenario tests knowledge of common mobile Wi-Fi issues. After basic steps, forgetting and reconnecting to the network often resolves profile corruption or authentication problems.

310
MCQmedium

A technician is assigned to install new accounting software on a user's computer. The user is a senior manager who is very busy. The technician arrives and the manager says, 'Just make it work, I don't have time for questions.' Which action is MOST professional?

A.Proceed with the installation without asking any questions to respect their time.
B.Explain that you need just two quick questions to avoid problems later, and keep it brief.
C.Insist on a full meeting to discuss requirements.
D.Install the software and leave a note with questions for later.
AnswerB

This balances respect for their time with the need for accurate setup.

Why this answer

Option B is the most professional action because it balances respect for the manager's time with the need to gather critical information. Asking two quick, targeted questions—such as verifying the software version compatibility with the OS or confirming the required database connection string—can prevent installation failures or post-installation issues that would waste even more of the manager's time. This approach demonstrates proactive problem-solving and aligns with CompTIA's emphasis on effective communication and professionalism.

Exam trap

CompTIA often tests the misconception that respecting a user's time means avoiding all questions, when in fact asking a few targeted, efficient questions demonstrates professionalism and prevents larger issues.

How to eliminate wrong answers

Option A is wrong because proceeding without any questions risks installing incompatible software or misconfiguring settings, which could lead to system instability or data loss, ultimately wasting more of the manager's time. Option C is wrong because insisting on a full meeting is unnecessarily disruptive and fails to respect the manager's stated time constraints, creating a negative user experience. Option D is wrong because installing the software and leaving a note with questions for later may result in the manager ignoring the note, leading to unresolved issues that could require a second visit or cause operational delays.

311
MCQeasy

A user reports that they can no longer access their encrypted files after a recent password change. The files were encrypted using EFS on a Windows 10 Pro workstation. What is the most likely cause of this issue?

A.The user changed the password via Ctrl+Alt+Del, which invalidates the EFS certificate.
B.The user did not back up their EFS certificate before changing the password.
C.The user's account was removed from the local Administrators group during the password change.
D.The hard drive has a hardware failure that corrupted the encrypted files.
AnswerB

EFS uses a certificate tied to the user's password. Without a backup, changing the password can render the encryption key inaccessible, requiring a recovery agent or certificate import.

Why this answer

EFS (Encrypting File System) ties file encryption to the user's password. When the password is changed without the proper certificate backup, the encryption key may become inaccessible. This question tests the understanding that EFS keys are protected by the user's password and require a backup certificate or recovery agent to avoid data loss after password changes.

312
MCQmedium

A user has accidentally deleted several important files from their Documents folder on their Mac running macOS Ventura. They need to recover them immediately. Which built-in macOS tool should you guide them to use first?

A.Time Machine from the menu bar.
B.The Trash folder in the Dock.
C.Terminal with the 'cd' and 'ls' commands.
D.System Settings > General > Storage.
AnswerB

When files are deleted normally, they are moved to the Trash. The user can open the Trash, select the files, and choose 'Put Back' to restore them to their original location.

Why this answer

The Trash folder on macOS stores deleted files until it is emptied. If the user has not emptied the Trash, they can simply open the Trash icon in the Dock, locate the files, and drag them back to the Documents folder. Time Machine requires a backup to exist, and Terminal commands are unnecessary here.

313
MCQeasy

A customer complains that their Windows 11 desktop suddenly shows a blue screen with the error 'CRITICAL_PROCESS_DIED' every time they try to launch a specific video editing application. Other programs work fine. What is the most likely cause and the best first troubleshooting step?

A.Run a memory diagnostic to check for faulty RAM.
B.Update the graphics card driver.
C.Reinstall the video editing application.
D.Perform a system restore to a point before the issue started.
AnswerC

Reinstalling the application replaces corrupted files that are specific to that program, which is the most direct solution for an app-specific crash.

Why this answer

A 'CRITICAL_PROCESS_DIED' error that occurs only with one application suggests a problem with that application's files or its dependencies. The best first step is to reinstall the application, as this will replace any corrupted files that may be causing the crash.

314
MCQmedium

A technician is cleaning the inside of a desktop computer that has accumulated a large amount of dust. What is the safest method to remove the dust?

A.Use a standard household vacuum cleaner with a brush attachment.
B.Use compressed air to blow the dust out of the case.
C.Use a damp cloth to wipe down the components.
D.Use a soft brush to sweep the dust out.
AnswerB

Compressed air is the recommended method. It effectively removes dust without generating static or causing physical damage to components.

Why this answer

Compressed air is the safest method because it dislodges dust without physical contact, avoiding electrostatic discharge (ESD) or mechanical damage to sensitive components. Unlike other methods, it does not introduce moisture or static buildup, and it can reach tight spaces between heatsinks and circuit boards.

Exam trap

The trap here is that candidates assume a vacuum cleaner is safe because it 'sucks' dust away, but Cisco tests the understanding that vacuum cleaners generate dangerous static charges and lack the precision needed for delicate electronics.

How to eliminate wrong answers

Option A is wrong because household vacuum cleaners generate static electricity and can create ESD that damages sensitive electronics; they also lack sufficient filtration to prevent recirculation of fine dust. Option C is wrong because a damp cloth introduces moisture, which can cause short circuits, corrosion, or oxidation on exposed contacts and PCB traces. Option D is wrong because a soft brush can generate static charge through friction and may dislodge components or bend delicate pins if not used with extreme care.

315
MCQmedium

A user reports that their computer's hard drive is making clicking noises and they cannot access certain files. You want to check the disk for errors and attempt to repair any bad sectors. Which command should you run from an elevated command prompt?

A.chkdsk /f
B.chkdsk /r
C.sfc /scannow
D.diskpart
AnswerB

Scans for bad sectors and recovers readable data, appropriate for clicking drives.

Why this answer

The correct answer is `chkdsk /r`, which locates bad sectors and attempts to recover readable data. `/f` only fixes file system errors, while `/scan` and `/spotfix` are used in newer versions for online repair. The `/r` option implies `/f` and does a thorough check.

316
MCQmedium

A technician needs to create a bootable USB drive that can run Windows PE to deploy a custom Windows 10 image to multiple laptops. Which Windows tool should they use to create this bootable media?

A.Windows Media Creation Tool
B.Windows System Image Manager (Windows SIM)
C.Windows ADK (Assessment and Deployment Kit)
D.Disk Management
AnswerC

The Windows ADK provides the tools to build a custom Windows PE image and create bootable USB drives for deployment.

Why this answer

The Windows Assessment and Deployment Kit (Windows ADK) includes the Deployment Tools, which contain the necessary utilities (such as `copype.cmd` and `MakeWinPEMedia`) to create a bootable Windows PE USB drive. This is the correct tool for building custom WinPE media to deploy a Windows 10 image to multiple laptops, as it provides the full environment for customizing and generating the bootable image.

Exam trap

The trap here is that candidates often confuse the Windows Media Creation Tool (which creates standard Windows installation media) with the ADK's tools for creating custom WinPE bootable media, leading them to select option A.

How to eliminate wrong answers

Option A is wrong because the Windows Media Creation Tool is designed to download and create installation media for Windows 10 (e.g., for clean installs or upgrades), not to generate a custom Windows PE environment for imaging. Option B is wrong because Windows System Image Manager (Windows SIM) is used to create and manage unattended answer files (Unattend.xml) for automated installations, not to create bootable media. Option D is wrong because Disk Management is a utility for managing disk partitions and volumes (e.g., formatting, shrinking volumes), and it cannot create a bootable Windows PE USB drive.

317
MCQmedium

A technician is troubleshooting a Mac that fails to boot and displays a prohibitory symbol (a circle with a slash). The user had recently installed a new third-party SSD. What is the most likely cause?

A.The SSD is formatted as NTFS
B.The SSD is not properly connected or is incompatible with the Mac’s storage controller
C.The user’s home folder is corrupted
D.The Mac’s NVRAM needs resetting
AnswerB

Incompatible or improperly connected drives prevent macOS from loading, shown by the prohibitory symbol.

Why this answer

The prohibitory symbol means macOS is found but cannot load due to incompatibility or corruption. A third-party SSD without proper firmware or formatting is a common cause, especially on newer Macs with T2 or Apple Silicon.

318
MCQmedium

A technician is setting up a new workstation in a cubicle. The cubicle has multiple power strips daisy-chained together to provide enough outlets. What is the correct safety action the technician should take?

A.Continue using the daisy-chained setup since it is convenient and all strips are rated for 15 amps.
B.Remove the daisy chain and plug each device directly into a wall outlet using a single power strip with surge protection.
C.Replace all power strips with heavy-duty extension cords rated for the total load.
D.Install a UPS at the end of the daisy chain to regulate power.
AnswerB

This reduces the risk of overload and ensures each strip is properly protected by a circuit breaker.

Why this answer

Daisy-chaining power strips is a fire hazard because it can exceed the ampacity of the circuit, leading to overheating and potential electrical fires. The correct safety action is to remove the daisy chain and plug each device directly into a wall outlet, using a single power strip with surge protection to safely distribute power without overloading the circuit.

Exam trap

CompTIA often tests the misconception that using multiple high-rated power strips in series is safe as long as each strip's rating is not exceeded, ignoring the cumulative load on the upstream circuit and the fire risk from daisy-chaining.

How to eliminate wrong answers

Option A is wrong because daisy-chaining power strips, even if each is rated for 15 amps, can still overload the wall outlet circuit (typically 15 or 20 amps) and violates OSHA and NEC safety standards. Option C is wrong because heavy-duty extension cords are not designed for permanent use and can still cause voltage drop or overheating if the total load exceeds the cord's rating; they also lack surge protection. Option D is wrong because installing a UPS at the end of a daisy chain does not address the root hazard of overloading the circuit; it only adds battery backup and surge protection, but the daisy chain itself remains a fire risk.

319
MCQmedium

A technician is replacing a power supply in a desktop computer. After unplugging the unit, what additional step should be taken to ensure personal safety before touching internal components?

A.Wear an anti-static wrist strap.
B.Press and hold the power button for 10 seconds.
C.Remove the CMOS battery.
D.Unplug all peripheral cables.
AnswerB

This discharges residual power stored in the capacitors, making it safe to work inside the case.

Why this answer

After unplugging the power supply, pressing and holding the power button for 10 seconds discharges residual electrical charge stored in the system's capacitors (especially in the power supply and motherboard). This step, often called a 'parasitic drain,' ensures that no stored voltage remains that could cause an electric shock or damage components when touched. It is a standard safety practice before working inside a desktop computer.

Exam trap

CompTIA often tests the distinction between ESD protection (anti-static wrist strap) and electrical safety (discharging capacitors), causing candidates to mistakenly choose the wrist strap as the primary safety step after unplugging.

How to eliminate wrong answers

Option A is wrong because an anti-static wrist strap protects against electrostatic discharge (ESD) damage to components, not against electric shock from stored charge; it does not discharge the power supply's capacitors. Option C is wrong because removing the CMOS battery clears BIOS settings and may help drain some motherboard capacitors, but it does not discharge the main power supply capacitors, which hold the highest risk of shock. Option D is wrong because unplugging peripheral cables reduces cable clutter but does not discharge the internal capacitors that pose a shock hazard.

320
MCQhard

A technician is creating a PowerShell script that must be deployed via Group Policy to all workstations. The script should run in the user context and display a message if the user's password is about to expire within 7 days. The script must not show any PowerShell console window. Which scripting technique should be used?

A.Use the 'Write-Host' cmdlet to display the message
B.Use a VBScript with a pop-up message box
C.Use the '-NoProfile' parameter when starting PowerShell
D.Use a scheduled task with 'Run whether user is logged on or not'
AnswerB

Correct. A VBScript can create a pop-up message box using 'MsgBox' and can be run with 'WScript.Shell' in hidden mode, satisfying both the hidden window and user notification requirements.

Why this answer

Option B is correct because VBScript's `MsgBox` function creates a pop-up message box that runs in the user context without a console window, making it ideal for displaying password-expiry warnings via Group Policy. PowerShell scripts, even with `-WindowStyle Hidden`, briefly flash a console window unless compiled into an executable, which violates the requirement to show no console window. VBScript natively integrates with Windows Script Host (WSH) to produce a GUI pop-up without any console overhead.

Exam trap

The trap here is that candidates assume PowerShell's `-WindowStyle Hidden` or `-NoProfile` eliminates the console window entirely, but they overlook that PowerShell.exe is inherently a console application and will still flash a window, whereas VBScript's `wscript.exe` host runs without any console.

How to eliminate wrong answers

Option A is wrong because `Write-Host` outputs text to the PowerShell console, which would display a console window, contradicting the requirement to show no console. Option C is wrong because `-NoProfile` only prevents loading PowerShell profiles, but does not suppress the console window itself; the script would still launch a visible PowerShell window. Option D is wrong because a scheduled task with 'Run whether user is logged on or not' runs in the system context, not the user context, and would not display a message to the logged-on user.

321
MCQmedium

A user reports that they received a voicemail from the company's HR director asking them to call back a number to verify their account details for payroll. The user is suspicious because the HR director is on vacation. What type of social engineering attack is this?

A.Smishing
B.Vishing
C.Pretexting
D.Pharming
AnswerB

Vishing is the correct term for voice-based phishing attacks via phone calls or voicemail.

Why this answer

This is vishing (voice phishing), where attackers use phone calls or voicemails to trick victims into revealing sensitive information. The impersonation of a known authority figure and the request for account details are classic signs. Vishing often leverages caller ID spoofing to appear legitimate.

322
MCQmedium

A user cannot run a command because they get 'permission denied' even though they are in the sudoers file. The command is located in /opt/custom/bin. Which command will show the current permissions and ownership of the file?

A.stat /opt/custom/bin/command
B.ls -l /opt/custom/bin/command
C.file /opt/custom/bin/command
D.chmod /opt/custom/bin/command
AnswerB

This is the standard command to view permissions, owner, and group in a concise format.

Why this answer

This tests the ls command with the -l option to display detailed file permissions and ownership. ls -l /opt/custom/bin/command shows the permission string and owner/group.

323
MCQeasy

A help desk technician receives a complaint that a shared file in /opt/app/data cannot be read by any user except root. The file permissions are -rw-------. Which command will allow the group 'developers' to read the file?

A.chmod o+r /opt/app/data
B.chmod 644 /opt/app/data
C.chmod g+r /opt/app/data
D.chown :developers /opt/app/data
AnswerC

This adds read permission specifically for the group, which is the minimal required change.

Why this answer

This tests the use of chmod with group permissions. The file currently only allows owner (root) access; chmod g+r adds read permission for the group.

324
MCQeasy

A small business owner wants to ensure that employees cannot install unauthorized browser extensions on company-managed Windows 10 computers. Which method should you use to enforce this restriction?

A.Enable private browsing mode in each browser
B.Configure Group Policy to block extension installation
C.Set the browser homepage to a company-approved site
D.Install an ad-blocker extension
AnswerB

Group Policy allows administrators to enforce browser settings across all domain-joined computers.

Why this answer

Group Policy is the correct tool for centrally managing browser settings and restricting extension installations in a Windows domain environment. This question tests knowledge of enterprise-level browser security controls. The other options are either user-level or not effective for enforcement.

325
MCQhard

A technician is decommissioning a server room and finds several old cathode ray tube (CRT) monitors that still work. The company wants to dispose of them responsibly. What should the technician do?

A.Sell the monitors to a local thrift store for reuse.
B.Break the glass tubes to reduce volume and then place them in a dumpster.
C.Contact a certified CRT recycler for pickup and recycling.
D.Donate the monitors to a school art department for projects.
AnswerC

This is correct because certified recyclers have the equipment to safely extract lead and other materials, complying with environmental laws.

Why this answer

CRT monitors contain leaded glass and other hazardous materials (e.g., phosphors, barium) that are classified as universal waste under the Resource Conservation and Recovery Act (RCRA). Disposing of them in a dumpster or donating them for non-certified reuse can violate environmental regulations. A certified CRT recycler ensures the monitors are dismantled safely, with leaded glass separated and recycled in compliance with EPA guidelines.

Exam trap

The trap here is that candidates assume 'reuse' or 'donation' is always environmentally friendly, but Cisco tests that CRTs are hazardous e-waste requiring certified recycling, not just any second-hand use.

How to eliminate wrong answers

Option A is wrong because thrift stores typically lack the certification to handle hazardous e-waste; selling CRTs for reuse may still lead to improper disposal later and does not guarantee responsible end-of-life management. Option B is wrong because breaking the glass tubes releases toxic lead dust and phosphor powder, creating an immediate health hazard and violating RCRA rules against land disposal of hazardous waste. Option D is wrong because school art departments are not equipped to safely handle or dispose of leaded glass; using CRTs for art projects still results in eventual improper disposal and potential environmental contamination.

326
MCQeasy

During a security incident, a technician needs to verify whether a specific application was granted camera and microphone permissions on a macOS computer. Which macOS tool should they use to check these privacy settings?

A.Keychain Access
B.System Settings > Privacy & Security
C.Console
D.Terminal with 'tccutil' command
AnswerB

This is the correct location to view and manage app permissions for camera, microphone, and other privacy-sensitive features.

Why this answer

The Security & Privacy pane in System Settings (or System Preferences in older macOS) contains the Privacy tab where app permissions for camera, microphone, location, and more are listed. This is the standard location for auditing privacy permissions on macOS.

327
MCQhard

A user reports that their cloud-based virtual desktop (VDI) is disconnecting frequently. The user's internet connection is stable, and other cloud services work fine. The technician checks the VDI's resource usage and finds that the virtual machine's RAM is consistently at 95% usage. What should the technician do to resolve the disconnections?

A.Reduce the amount of RAM allocated to the VDI.
B.Increase the amount of RAM allocated to the VDI.
C.Reinstall the VDI client software on the user's device.
D.Enable GPU acceleration for the VDI.
AnswerB

Increasing RAM gives the VM more memory to work with, reducing the likelihood of unresponsiveness and disconnections.

Why this answer

This scenario tests advanced troubleshooting of VDI performance. High memory usage can cause the VM to become unresponsive, leading to disconnections. Increasing the VM's RAM allocation directly addresses the resource bottleneck.

Reducing RAM would worsen the problem, and network or GPU issues are not indicated.

328
MCQmedium

A technician is troubleshooting a user's inability to access a specific website. The user can access other websites without issue. The technician wants to check the route packets take to the problematic server and identify where the connection fails. Which command should be used?

A.ping -t example.com
B.tracert example.com
C.nslookup example.com
D.netstat -an
AnswerB

Traces the route and displays each hop, ideal for identifying where connectivity fails.

Why this answer

The correct answer is `tracert`, which traces the route to a destination and shows each hop. This helps pinpoint where packets are being dropped. `ping` only tests reachability, `nslookup` resolves names, and `netstat` shows connections.

329
MCQhard

During a security audit, you find that a server room door has a standard key lock, but the key is kept in an unlocked drawer nearby. Which physical security principle is being violated?

A.Least privilege
B.Defense in depth
C.Separation of duties
D.Change management
AnswerB

Defense in depth means using multiple layers of security; storing the key insecurely removes the protection of the lock.

Why this answer

The principle of defense in depth requires multiple layers of security. Storing the key in an unlocked drawer negates the door lock, creating a single point of failure. Proper key management is essential.

330
MCQmedium

A technician receives an angry email from a user claiming that the technician's previous fix made their computer worse. The technician knows the fix was correct. Which response is MOST professional?

A.Reply with a detailed technical explanation proving the fix was right.
B.Ignore the email to avoid an argument.
C.Apologize for the inconvenience and schedule a time to revisit the issue.
D.Forward the email to the user's manager to complain about the user's tone.
AnswerC

This de-escalates the situation and shows willingness to help, even if the original fix was correct.

Why this answer

Option C is correct because the most professional response in this scenario is to de-escalate the situation by acknowledging the user's frustration and offering to re-engage on the issue. Even if the technician's fix was technically correct, the user's perception of a problem is a valid concern that must be addressed to maintain trust and service quality. Scheduling a follow-up allows the technician to re-evaluate the system, verify that no other changes have affected the computer, and provide reassurance, which aligns with ITIL best practices for incident management and customer service.

Exam trap

CompTIA often tests the candidate's ability to prioritize emotional intelligence and de-escalation over technical accuracy, trapping those who think proving the fix was right (Option A) is the most professional response, when in fact it ignores the user's perspective and can damage the customer relationship.

How to eliminate wrong answers

Option A is wrong because replying with a detailed technical explanation, while factually accurate, is likely to be perceived as defensive and condescending, escalating the conflict rather than resolving the user's emotional concern; professionalism requires empathy over technical correctness. Option B is wrong because ignoring the email is a form of avoidance that neglects the user's complaint, potentially damaging the technician's reputation and the IT department's credibility, and it fails to address any underlying issue that may have arisen from the fix or subsequent changes. Option D is wrong because forwarding the email to the user's manager to complain about the user's tone is unprofessional, violates confidentiality, and shifts blame instead of focusing on problem resolution; it undermines the technician's role as a service provider and could create unnecessary workplace conflict.

331
MCQhard

A company deploys a fleet of Android tablets that need to be configured so that only pre-approved apps can be installed, and the Google Play Store must be hidden from users. The tablets are not enrolled in an MDM. Which Android feature can be used to achieve this without third-party software?

A.Enable Guest Mode and restrict app installation via parental controls.
B.Use a free kiosk app that utilizes Android's Lock Task Mode to pin approved apps and hide the launcher.
C.Boot the device into Safe Mode and disable the Play Store from there.
D.Remove the Google account from the device and disable the Play Store via Settings > Apps.
AnswerB

Lock Task Mode (also called Kiosk Mode) allows a device to be locked to a set of pre-approved apps, hiding the system UI and preventing installation of new apps without a password.

Why this answer

Android's 'Kiosk Mode' or 'Lock Task Mode' (via a Device Policy Controller app) can restrict the device to a set of approved apps and hide the launcher. However, without an MDM, the technician must manually set up a managed configuration using Android's built-in 'Set up a Kiosk' feature (available in some Android versions) or use a free app like 'Kiosk Browser Lockdown'. Guest Mode does not restrict app installation, and Safe Mode is for troubleshooting.

The correct answer here is using a dedicated kiosk app that leverages Android's 'Lock Task Mode' API.

332
MCQmedium

A technician is setting up a wireless network for a small office that handles sensitive client data. The office has a mix of modern laptops and a few legacy printers that only support WEP. What should the technician do to maintain security while keeping the printers functional?

A.Enable WEP on the main router and set a complex 128-bit key.
B.Replace the printers with modern ones that support WPA2.
C.Create a separate VLAN for the printers using WEP and a strong passphrase, and keep the main network on WPA2.
D.Set the router to mixed mode (WEP + WPA2) and use a single SSID.
AnswerC

Correct. This isolates the insecure WEP traffic to the printer VLAN, protecting the main network and sensitive data.

Why this answer

WEP is deprecated due to severe vulnerabilities. The best practice is to isolate legacy devices on a separate VLAN with WEP and use a strong passphrase, while the main network uses WPA2 or WPA3. This limits exposure of sensitive data.

333
MCQeasy

A technician is configuring a company-issued iPhone for a new employee. After setting up the email account, the employee says they cannot receive emails, but they can send them. Which setting should the technician check first?

A.The outgoing mail server (SMTP) settings.
B.The incoming mail server (IMAP/POP3) settings.
C.The device's date and time settings.
D.The phone's VPN configuration.
AnswerB

Incorrect incoming server settings prevent the phone from retrieving emails, which matches the symptom.

Why this answer

The symptom—able to send but not receive emails—indicates a problem with the incoming mail server configuration. Sending uses SMTP (outgoing), while receiving uses IMAP or POP3 (incoming). The technician should first verify the incoming mail server settings (server hostname, port, SSL/TLS, and authentication) because a misconfiguration there would prevent the device from downloading new messages.

Exam trap

CompTIA often tests the distinction between incoming and outgoing mail protocols, and the trap here is that candidates mistakenly focus on SMTP (outgoing) because they think 'send' and 'receive' are handled by the same server, when in fact they use separate protocols and settings.

How to eliminate wrong answers

Option A is wrong because the outgoing mail server (SMTP) settings are responsible for sending emails, which the employee can already do successfully, so checking SMTP would not resolve the receive issue. Option C is wrong because incorrect date and time settings can cause SSL/TLS certificate validation failures for both sending and receiving, but the employee can send emails, indicating that the device's time is likely correct or at least not the primary cause of the receive-only failure. Option D is wrong because a VPN configuration issue would typically affect all network traffic or specific app connectivity, not selectively block incoming email while allowing outgoing email; email protocols operate independently of VPN unless the VPN is misconfigured to block specific ports.

334
MCQhard

You are troubleshooting a Windows 10 PC that fails to boot with the error 'Boot Configuration Data is missing.' Which built-in tool can you use from the Windows Recovery Environment to rebuild the BCD store?

A.System File Checker (sfc /scannow)
B.Diskpart
C.Bootrec.exe
D.CHKDSK
AnswerC

Bootrec.exe with the /rebuildbcd switch scans for Windows installations and rebuilds the BCD store, fixing the missing BCD error.

Why this answer

Bootrec.exe is the correct built-in tool for rebuilding the Boot Configuration Data (BCD) store from the Windows Recovery Environment (WinRE). The specific command 'bootrec /rebuildbcd' scans all disks for Windows installations and allows you to rebuild the BCD store, directly addressing the 'Boot Configuration Data is missing' error. Other tools like SFC, Diskpart, and CHKDSK do not have the capability to reconstruct the BCD store.

Exam trap

The trap here is that candidates often confuse System File Checker (SFC) as a universal repair tool, but it cannot fix boot configuration issues because the BCD store is not a system file protected by Windows File Protection.

How to eliminate wrong answers

Option A is wrong because System File Checker (sfc /scannow) scans and repairs protected system files, but it does not interact with or rebuild the BCD store, which is a separate boot configuration database. Option B is wrong because Diskpart is a disk partitioning tool used to manage volumes and partitions, not to repair boot configuration data; it cannot rebuild the BCD store. Option D is wrong because CHKDSK checks the file system for integrity and fixes logical disk errors, but it has no mechanism to rebuild or repair the BCD store, which is stored in a hidden system partition.

335
MCQeasy

A customer's iPhone is experiencing frequent app crashes and the device feels warm to the touch. They have not installed any new apps recently. What is the most likely cause?

A.The device has a virus or malware.
B.The battery is failing and needs replacement.
C.The operating system needs to be updated.
D.Too many apps are running in the background.
AnswerC

Outdated iOS versions often contain bugs that cause apps to crash and the device to overheat; updating can resolve these issues.

Why this answer

Overheating in mobile devices often leads to performance throttling and app instability. This scenario suggests a resource-intensive background process or a failing battery, but the most common cause of overheating and crashes without new apps is an outdated OS with known bugs. Keeping iOS updated resolves many stability issues.

336
MCQmedium

During a security audit, a technician discovers that an employee has been using a third-party remote desktop tool without IT approval. The employee claims it was necessary to access a legacy application. Which security risk is most directly associated with unauthorized remote access tools?

A.Increased bandwidth usage
B.Man-in-the-middle attacks
C.Compatibility issues with the operating system
D.Increased licensing costs
AnswerB

Unauthorized tools may not use strong encryption, exposing sessions to interception and manipulation.

Why this answer

Unauthorized remote desktop tools often lack the encryption and authentication controls found in approved solutions like SSH or RDP with Network Level Authentication. This exposes the connection to man-in-the-middle attacks, where an attacker can intercept, decrypt, or modify the traffic between the employee's workstation and the legacy application server, potentially capturing credentials or sensitive data.

Exam trap

CompTIA often tests the distinction between operational issues (bandwidth, compatibility, cost) and actual security threats, so candidates mistakenly choose a non-security answer like increased bandwidth usage because it sounds like a plausible downside of remote access tools.

How to eliminate wrong answers

Option A is wrong because increased bandwidth usage is a performance concern, not a direct security risk, and unauthorized remote tools may actually use less bandwidth than approved ones. Option C is wrong because compatibility issues with the operating system are a functional problem, not a security risk, and the employee's claim of needing access to a legacy application suggests compatibility was achieved, not a risk. Option D is wrong because increased licensing costs are a financial or compliance issue, not a security risk, and unauthorized tools typically avoid licensing fees altogether.

337
MCQhard

A technician is updating the documentation for a server that had its RAID controller replaced. The technician must ensure that future technicians can quickly identify the new hardware configuration. Which type of documentation should be updated?

A.The network topology diagram.
B.The change management log.
C.The server's asset inventory record.
D.The knowledge base article for RAID troubleshooting.
AnswerC

The asset inventory or CMDB stores hardware specifications, making it easy for future technicians to identify the RAID controller.

Why this answer

The server's asset inventory record (Option C) is the correct documentation to update because it contains the detailed hardware configuration of the server, including the RAID controller model, firmware version, and disk layout. Future technicians rely on this record to quickly identify the exact hardware components without having to physically inspect the server or dig through logs. Updating the asset inventory ensures that the documented configuration matches the actual hardware, which is critical for troubleshooting, warranty claims, and future upgrades.

Exam trap

CompTIA often tests the distinction between operational documentation (like asset inventory) and process documentation (like change logs or knowledge bases), and the trap here is that candidates confuse the change management log (which tracks the change event) with the hardware configuration record (which documents the resulting state).

How to eliminate wrong answers

Option A is wrong because a network topology diagram shows how devices are connected on the network (e.g., switches, routers, IP subnets), not the internal hardware components of a server like a RAID controller. Option B is wrong because the change management log records the approval and timeline of changes (e.g., who authorized the replacement, when it occurred), but it does not serve as a quick-reference for the new hardware configuration. Option D is wrong because a knowledge base article for RAID troubleshooting provides generic guidance on resolving RAID issues, not the specific hardware details of this particular server's RAID controller.

338
MCQhard

A technician is troubleshooting a network issue for a remote employee. The employee's internet connection is unstable, and the technician suspects the home router. The employee is not technical and becomes defensive when the technician asks about their router setup. Which approach is MOST effective?

A.Tell the employee that their router is probably cheap and needs replacement.
B.Say, 'Let's work together to check a few things on your router to improve your connection.'
C.Ask the employee to run a command prompt command without explanation.
D.Escalate the issue to a senior technician without further attempts.
AnswerB

This collaborative language reduces blame and invites cooperation.

Why this answer

Option B is correct because it uses a collaborative, non-confrontational approach that respects the employee's lack of technical knowledge and defuses defensiveness. By saying 'Let's work together,' the technician invites the employee to participate without blame, making it easier to guide them through checking the router's configuration (e.g., verifying Wi-Fi channel congestion, checking for firmware updates, or reviewing DHCP lease times) without requiring the employee to understand technical details. This aligns with CompTIA's emphasis on professionalism and effective communication in remote troubleshooting.

Exam trap

CompTIA often tests the candidate's ability to choose the most professional and effective communication strategy in a stressful or non-technical user scenario, where the trap is that candidates may select a technically correct but socially inappropriate option (like A or C) because they focus on the technical fix rather than the human interaction required to achieve it.

How to eliminate wrong answers

Option A is wrong because telling the employee their router is 'probably cheap and needs replacement' is dismissive, insulting, and fails to diagnose the actual issue; it assumes hardware fault without evidence and can damage trust, making the employee less cooperative. Option C is wrong because asking a non-technical employee to run a command prompt command without explanation (e.g., 'ipconfig /flushdns' or 'ping 8.8.8.8') creates confusion and anxiety, and the employee may misinterpret or incorrectly execute the command, leading to wasted time or further issues. Option D is wrong because escalating to a senior technician without attempting any troubleshooting abdicates the technician's responsibility and fails to leverage the opportunity to resolve the issue with basic communication and guidance, which is inefficient and unprofessional.

339
MCQmedium

A technician is troubleshooting an Android device that cannot receive SMS messages, though data and calls work fine. The user recently installed a messaging app from an unknown source. Which mobile OS feature should be checked first?

A.Verify that the device is not in Airplane Mode
B.Check the 'Default SMS app' setting in Apps & Notifications
C.Clear the cache of the Phone app
D.Disable Google Play Protect
AnswerB

If the default SMS app is misconfigured or incompatible, SMS delivery fails; resetting to the native app often resolves this.

Why this answer

Android's default SMS app setting determines which app handles SMS. If a third-party app is set as default but malfunctioning, messages may not be received. Checking this setting is the first logical step.

340
MCQeasy

A small business owner calls for support because all of their files on the server have been renamed with a .encrypted extension, and a text file named 'README_TO_DECRYPT.txt' appears on the desktop demanding a Bitcoin payment. What is the first step the technician should take?

A.Pay the ransom to get the decryption key immediately.
B.Disconnect the server from the network.
C.Run a full antivirus scan on the server.
D.Restore files from a recent backup immediately.
AnswerB

Disconnecting the server stops the ransomware from encrypting additional files and spreading to other systems.

Why this answer

The first step in a ransomware incident is to isolate the infected system from the network to prevent the malware from spreading to other devices. Paying the ransom is discouraged as it does not guarantee data recovery and funds criminal activity. After isolation, the technician can assess the damage and attempt recovery from backups.

341
MCQmedium

Your company's security policy requires that all workstations have the latest Windows security updates installed. You need to verify the update history on a user's Windows 10 PC to ensure no critical updates are missing. Which tool should you use?

A.Windows Update
B.Event Viewer
C.System Information
D.Reliability Monitor
AnswerA

Windows Update provides a history of installed updates and allows you to check for missing updates.

Why this answer

Windows Update settings (in Settings app or old Control Panel) shows update history, including installed updates and their dates. This is the standard way to check which updates have been applied.

342
MCQmedium

A user's iPhone 13 suddenly shows a black screen with a spinning gear icon after an iOS update. The device does not respond to touch or button presses. What is the most likely cause and the correct first step?

A.The battery is dead; connect to a charger and wait.
B.Force restart the iPhone by pressing and releasing Volume Up, then Volume Down, then holding the Side button until the Apple logo appears.
C.Place the device in DFU mode and restore via Finder.
D.The screen is damaged; replace the display assembly.
AnswerB

This force restart sequence is the correct procedure for iPhone 8 and later models to exit a frozen update state.

Why this answer

The black screen with a spinning gear icon after an iOS update indicates the device is stuck in a boot loop or update process, not a hardware failure. A force restart (Volume Up, Volume Down, hold Side button) is the correct first step because it forces the iPhone to reboot without erasing data, often resolving temporary software hangs. This sequence is specific to iPhone 7 and later models, including the iPhone 13, and bypasses unresponsive touch or button inputs.

Exam trap

CompTIA often tests the distinction between a force restart and DFU mode, where candidates mistakenly jump to DFU restore (Option C) as the first step, not realizing that a force restart is a non-destructive recovery method that resolves most post-update boot loops.

How to eliminate wrong answers

Option A is wrong because a dead battery would show a black screen without the spinning gear icon, and the device would respond to a charger by displaying a low-battery indicator; the gear icon indicates the OS is partially active. Option C is wrong because DFU mode and restore via Finder is a more drastic step that erases all data and should only be attempted after simpler recovery methods like force restart fail; it is not the first step. Option D is wrong because a damaged display would typically show physical cracks, discoloration, or no image at all, not a spinning gear icon, and the device would still respond to button presses or sounds.

343
MCQhard

A security audit reveals that a Windows 10 workstation has an unauthorized local user account. You need to remove this account from the command line without using the GUI. Which command should you use?

A.net localgroup Administrators UnauthorizedUser /delete
B.net user UnauthorizedUser /delete
C.wmic useraccount where name='UnauthorizedUser' delete
D.gpresult /r
AnswerB

Correct. net user /delete removes the specified user account from the system.

Why this answer

The net user command with the /delete switch removes a local user account. For example, 'net user UnauthorizedUser /delete' deletes the account. Other commands like net localgroup manage groups, wmic useraccount can also delete but net user is the standard CLI tool. gpresult shows group policy results.

344
MCQeasy

A company wants to allow external contractors to access a specific internal web application without installing any client software. Which remote access technology best meets this requirement?

A.VPN with a client
B.Remote Desktop Protocol
C.Reverse proxy
D.SSH
AnswerC

A reverse proxy allows access to web applications through a standard browser without additional software.

Why this answer

A reverse proxy is the correct choice because it allows external contractors to access a specific internal web application through a public-facing proxy server without requiring any client software installation. The reverse proxy terminates the external connection and forwards requests to the internal web server, handling authentication and encryption at the proxy layer, which meets the requirement of zero client-side setup.

Exam trap

The trap here is that candidates often confuse 'remote access' with VPN or RDP, assuming any secure remote connection requires a client, but the question specifically tests the understanding that a reverse proxy provides application-layer access without client software, unlike VPN or RDP which require dedicated clients.

How to eliminate wrong answers

Option A is wrong because a VPN with a client requires installing and configuring VPN client software on the contractor's device, which violates the 'without installing any client software' requirement. Option B is wrong because Remote Desktop Protocol (RDP) requires a client application (such as Microsoft Remote Desktop Client) to be installed on the accessing device, and it provides full desktop access rather than access to a specific web application. Option D is wrong because SSH is a protocol for secure command-line access to remote systems, typically requiring an SSH client (like PuTTY or OpenSSH) to be installed, and it does not natively provide web application access without additional tunneling or port forwarding.

345
MCQmedium

A user's browser is displaying a warning that the website's certificate is not trusted, even though the URL is correct. The technician checks the date and time on the computer and finds it is set to 2019. What is the most likely cause of the certificate warning?

A.The website's SSL certificate has been revoked.
B.The browser's certificate store is corrupted.
C.The system date is incorrect, causing certificate validation to fail.
D.The user is connected to a malicious proxy.
AnswerC

SSL certificates rely on accurate date/time; a mismatch causes the browser to reject the certificate as invalid.

Why this answer

SSL certificates are time-sensitive; if the system date is far in the past or future, the browser cannot verify the certificate's validity. Synchronizing the system clock with a time server resolves this issue without needing to install a new certificate.

346
MCQeasy

A user on an Android tablet reports that the Google Play Store is not downloading any apps, showing an error message about insufficient storage. The device's storage settings show 2GB free. What should you do first?

A.Factory reset the tablet.
B.Clear the cache and data of the Google Play Store app.
C.Uninstall large apps to free up more storage.
D.Check for a system update.
AnswerB

This clears corrupted temporary files that may be causing the error, and is a safe first step.

Why this answer

Clearing the cache and data of the Google Play Store app is the correct first step because the error message about insufficient storage, despite 2GB free, often indicates a corrupted cache or data within the Play Store itself. This corruption can cause the Play Store to misreport storage availability or fail to initialize downloads. Clearing these app-specific files forces the Play Store to rebuild its state, resolving the false positive without affecting user data or requiring additional free space.

Exam trap

CompTIA often tests the misconception that 'insufficient storage' errors always require freeing up physical space, when in reality the error can stem from a corrupted app cache that misreports storage, making clearing the cache the correct first step rather than deleting apps.

How to eliminate wrong answers

Option A is wrong because a factory reset is a drastic, last-resort measure that wipes all user data and settings; it is not appropriate for a software-level issue like a corrupted Play Store cache, which can be resolved with a targeted app data clear. Option C is wrong because uninstalling large apps to free up more storage addresses a genuine lack of space, but the device already shows 2GB free, which should be sufficient for most app downloads; the problem is a false storage detection, not actual insufficient capacity. Option D is wrong because checking for a system update is a general maintenance step that does not directly fix a corrupted Play Store cache or data; while updates can resolve bugs, the immediate symptom of a false storage error is best addressed by clearing the app's local data first.

347
MCQhard

A company's network was breached, and forensic analysis reveals that an attacker used a pass-the-hash attack to move laterally. Which security measure would most effectively prevent this type of attack in the future?

A.Require all users to change passwords every 30 days.
B.Implement network segmentation and firewall rules.
C.Enable Windows Defender Credential Guard.
D.Disable NTLM authentication entirely.
AnswerC

Credential Guard protects credential hashes by storing them in a virtualized container, preventing pass-the-hash attacks.

Why this answer

Windows Defender Credential Guard uses virtualization-based security (VBS) to isolate and protect NTLM password hashes and Kerberos tickets in a secure container, preventing attackers from extracting them from LSASS memory even if they have administrative access. This directly stops pass-the-hash attacks because the hashes are never accessible to the operating system or tools like Mimikatz.

Exam trap

CompTIA often tests the misconception that network segmentation or disabling NTLM alone stops pass-the-hash, but the core issue is protecting the hash in memory, which only Credential Guard (or equivalent) addresses.

How to eliminate wrong answers

Option A is wrong because frequent password changes do not prevent pass-the-hash attacks; the attacker uses the hash of the current password, and changing passwords every 30 days does not protect the hash stored in memory during an active session. Option B is wrong because network segmentation and firewall rules can limit lateral movement but do not prevent the extraction or reuse of password hashes from a compromised host; the attacker can still move within the allowed segment. Option D is wrong because disabling NTLM authentication entirely is often impractical due to legacy application dependencies, and pass-the-hash attacks can also target Kerberos tickets (pass-the-ticket), so this measure is not comprehensive and may break critical services.

348
MCQmedium

A small office has a UPS that emits a loud beeping sound and a burning smell. The technician suspects the battery is overheating. What is the correct immediate action?

A.Replace the battery while the UPS is still plugged in.
B.Unplug the UPS and move it to an open, well-ventilated area.
C.Reset the UPS by pressing the power button.
D.Spray the UPS with a fire extinguisher.
AnswerB

This removes the power source and reduces the risk of fire or fume inhalation.

Why this answer

The correct immediate action is to unplug the UPS and move it to an open, well-ventilated area. A burning smell combined with loud beeping indicates a critical thermal runaway condition in the battery, which can lead to fire or explosion. Disconnecting the UPS from mains power stops the charging current that is likely exacerbating the overheating, and moving it to a ventilated area reduces the risk of toxic gas accumulation and fire spread.

Exam trap

CompTIA often tests the misconception that resetting the UPS or replacing the battery while powered on is a safe troubleshooting step, when in fact the immediate priority is to isolate the hazard by disconnecting power and ventilating the area.

How to eliminate wrong answers

Option A is wrong because replacing a battery while the UPS is still plugged in exposes the technician to high DC voltage (typically 12V–48V) and the risk of short circuits or electric shock, and the continued charging current could accelerate thermal runaway. Option C is wrong because resetting the UPS by pressing the power button does not address the underlying overheating battery; it may briefly silence the alarm but will not stop the chemical reaction causing the burning smell, and could even restart charging. Option D is wrong because spraying a UPS with a fire extinguisher, especially a CO2 or dry chemical type, can damage sensitive electronics, create a conductive residue, and is not the correct first response; the priority is to disconnect power and ventilate, not to apply an extinguisher to a device that is not yet on fire.

349
MCQhard

During a network upgrade, a technician finds a box of old NICs, cables, and small electronic components that are no longer needed. The company has no formal e-waste policy. What should the technician do?

A.Throw the items in the dumpster since they are small and the company has no policy.
B.Store the items indefinitely in a closet until a policy is created.
C.Research local e-waste recycling facilities and present a disposal plan to the manager for approval.
D.Sell the items online as a lot to a recycler.
AnswerC

This demonstrates environmental responsibility and helps the company establish a proper e-waste process. It is the correct professional approach.

Why this answer

Option C is correct because, in the absence of a formal e-waste policy, the technician must act responsibly by researching local e-waste recycling facilities and presenting a disposal plan to the manager for approval. This aligns with environmental best practices and regulatory compliance, as improper disposal of electronic components can violate local laws and harm the environment. The technician should not unilaterally dispose of or sell the items without management authorization.

Exam trap

CompTIA often tests the trap that 'no policy means no rules,' leading candidates to choose Option A or B, but the correct approach is to proactively research and propose a compliant disposal plan rather than ignoring the issue or taking unilateral action.

How to eliminate wrong answers

Option A is wrong because throwing e-waste in a dumpster is illegal in many jurisdictions due to hazardous materials like lead, mercury, and cadmium found in NICs and electronic components; it also violates environmental responsibility even without a formal policy. Option B is wrong because storing items indefinitely in a closet is not a sustainable solution and can lead to safety hazards, space issues, and potential regulatory non-compliance if the items contain hazardous materials. Option D is wrong because selling e-waste online to a recycler without management approval and without vetting the recycler's compliance with environmental regulations could expose the company to liability and data security risks, as NICs may retain network configuration data.

350
MCQmedium

A user reports that their cloud-synced files are not appearing on their laptop after a recent OS reinstall. The technician verifies that the cloud storage account is active and the internet connection works. Which of the following is the most likely reason for the missing files?

A.The cloud storage provider has deleted the files due to inactivity
B.The user's account is not licensed for the cloud service
C.The local sync client is configured for selective sync and not downloading all folders
D.The laptop's hard drive is full
AnswerC

After a reinstall, the sync client defaults to selective sync settings, which may exclude some folders from downloading to the laptop.

Why this answer

Cloud storage clients use a local cache to sync files. After an OS reinstall, the client must re-download files from the cloud, but if selective sync is enabled, only certain folders are synced. The user may need to adjust sync settings to restore all files.

This tests understanding of cloud storage synchronization behavior.

351
MCQmedium

A company's IT policy requires that all wireless connections use certificate-based authentication to prevent unauthorized access. The network is currently using WPA2-PSK. Which configuration change is necessary to meet this policy?

A.Enable MAC address filtering on the access point.
B.Upgrade to WPA3-Personal.
C.Switch to WPA2-Enterprise and configure a RADIUS server.
D.Change the encryption from AES to TKIP.
AnswerC

WPA2-Enterprise supports 802.1X authentication, which can use certificates issued by a RADIUS server, meeting the policy requirement.

Why this answer

Certificate-based authentication is a feature of WPA2-Enterprise (802.1X), not WPA2-Personal. This requires a RADIUS server and PKI infrastructure. The question tests the understanding of the difference between Personal and Enterprise modes.

352
MCQmedium

A retail store wants to protect its point-of-sale (POS) terminals from unauthorized physical access during off-hours. The terminals are in an open area with no lockable cabinets. Which control should be prioritized?

A.Install a privacy screen on each POS terminal.
B.Use tamper-evident seals on the terminal casings.
C.Require a smart card to power on the terminal.
D.Enable a screensaver with a password.
AnswerB

Seals show if the terminal has been opened, alerting staff to potential tampering.

Why this answer

Tamper-evident seals provide a visible indicator if a device has been opened, deterring unauthorized physical access to internal components. This question tests understanding of physical security for unattended devices.

353
MCQmedium

During a security audit, you discover that a user's browser has multiple pop-up windows appearing, even when no websites are open. The user denies installing any software. Which tool should you use to identify and remove the underlying cause?

A.Reset the browser settings to default
B.Run a full scan with Windows Defender or another anti-malware tool
C.Disable JavaScript in the browser
D.Clear the browser cache and cookies
AnswerB

Anti-malware tools can detect and remove adware and PUPs that cause pop-ups.

Why this answer

Pop-ups appearing without a browser suggest adware or a potentially unwanted program (PUP) running as a background process. Using Windows Defender or an anti-malware scanner is the correct approach. This tests understanding of adware behavior and removal tools.

354
MCQmedium

A technician is tasked with replacing a failed power supply in a desktop computer. The old power supply is labeled with a RoHS compliance mark. How should the technician handle the old unit?

A.Place it in the regular trash because RoHS means it's non-hazardous.
B.Return it to the manufacturer for recycling or dispose of it through a certified e-waste recycler.
C.Sell it as scrap metal.
D.Store it indefinitely in case it is needed later.
AnswerB

Many manufacturers offer take-back programs. If not, using a certified e-waste recycler ensures compliance with environmental regulations.

Why this answer

The RoHS (Restriction of Hazardous Substances) compliance mark indicates the power supply was manufactured without certain hazardous materials, but it does not make the unit non-hazardous for disposal. Electronic waste (e-waste) like power supplies still contains materials such as lead solder, capacitors, and other components that require proper handling. The correct procedure is to return it to the manufacturer for recycling or dispose of it through a certified e-waste recycler to comply with environmental regulations and avoid legal penalties.

Exam trap

The trap here is that candidates mistakenly believe RoHS compliance means the device is completely non-hazardous and can be thrown in regular trash, ignoring that e-waste disposal laws apply regardless of RoHS status.

How to eliminate wrong answers

Option A is wrong because RoHS compliance only restricts the use of specific hazardous substances in manufacturing; it does not render the unit non-hazardous for disposal, and placing it in regular trash violates e-waste regulations. Option C is wrong because selling a failed power supply as scrap metal is not a standard disposal method and may expose the technician to liability if the unit contains hazardous components that are not properly handled. Option D is wrong because storing a failed power supply indefinitely is impractical, takes up space, and does not comply with environmental policies that require proper recycling or disposal of e-waste.

355
MCQhard

A company's security policy requires that all Windows 10 workstations automatically lock the screen after 5 minutes of inactivity. However, users in the sales department often leave their desks for extended periods. A technician configures the 'Interactive logon: Machine inactivity limit' policy to 300 seconds. Despite this, the screensaver does not activate. What is the most likely reason?

A.The 'Screen saver timeout' policy is set to a longer duration
B.The 'Password protect the screensaver' setting is disabled
C.The screensaver is not enabled or configured on the workstations
D.The 'Turn off the display' power setting is set to 'Never'
AnswerC

The 'Machine inactivity limit' policy locks the workstation but does not automatically start a screensaver; the screensaver must be enabled separately via Group Policy or local settings.

Why this answer

This question tests understanding of the relationship between the 'Interactive logon: Machine inactivity limit' policy and screensaver settings. The policy locks the workstation after the specified idle time, but it does not automatically enable the screensaver. The screensaver must be separately configured and enabled, or the lock screen will appear without a screensaver.

356
MCQmedium

During a hardware upgrade, a technician spills a small amount of liquid from a leaking CMOS battery on the workbench. What is the first step the technician should take?

A.Wipe it up with a paper towel and continue working.
B.Ignore it and let it evaporate.
C.Use a neutralizing agent or absorbent material recommended for alkaline spills, and dispose of the waste as hazardous.
D.Pour water on the spill to dilute it.
AnswerC

Proper spill response involves neutralizing or absorbing the spill and disposing of the waste according to hazardous material guidelines. This protects the technician and the environment.

Why this answer

A CMOS battery contains alkaline chemicals that can damage equipment and harm skin or eyes. The correct first step is to use a neutralizing agent or absorbent material specifically designed for alkaline spills, then dispose of the waste as hazardous material, following proper environmental safety protocols. This prevents chemical burns, equipment damage, and environmental contamination.

Exam trap

CompTIA often tests the misconception that any liquid spill can be simply wiped up or ignored, but the trap here is that CMOS battery leaks are chemically hazardous and require specific neutralization and hazardous waste disposal procedures, not generic cleanup.

How to eliminate wrong answers

Option A is wrong because wiping alkaline liquid with a paper towel can spread the corrosive material, increase skin contact risk, and does not neutralize the chemical hazard. Option B is wrong because allowing the liquid to evaporate leaves corrosive residue that can damage surfaces and release harmful fumes, and it ignores the immediate safety risk. Option D is wrong because pouring water on an alkaline spill can cause a exothermic reaction, splashing, and spread the corrosive liquid, making the hazard worse.

357
MCQhard

A technician discovers that a Windows 10 workstation has been infected with a fileless malware that resides in memory. Traditional antivirus scans have not detected it. Which approach should the technician use to remove this type of malware?

A.Run a full antivirus scan in normal mode.
B.Use the Windows Malicious Software Removal Tool (MSRT) in Safe Mode.
C.Boot from a rescue disk and perform an offline scan.
D.Restore the system from a backup taken before the infection.
AnswerC

Booting from a rescue disk (e.g., Windows Defender Offline) runs the scan outside the infected Windows environment, allowing detection of fileless malware that resides only in memory or registry.

Why this answer

Fileless malware resides entirely in memory (RAM) and does not write persistent files to disk, so traditional antivirus scans that rely on file signatures cannot detect it. Booting from a rescue disk (e.g., a bootable USB or CD with an offline scanner) loads a clean operating system that bypasses the infected Windows environment, allowing the scanner to inspect memory and terminate the malware without the malware being able to hide or protect itself. This offline approach ensures the malware's process cannot interfere with the scan, making it the correct remediation method.

Exam trap

The trap here is that candidates often assume Safe Mode or a signature-based removal tool like MSRT can handle all malware types, but fileless malware specifically evades these by not writing to disk and by running within trusted system processes.

How to eliminate wrong answers

Option A is wrong because running a full antivirus scan in normal mode still operates within the compromised Windows environment, where the fileless malware can actively hide its processes or memory artifacts from the scanner. Option B is wrong because the Windows Malicious Software Removal Tool (MSRT) is a signature-based tool that targets persistent malware on disk, not memory-resident fileless threats, and Safe Mode does not prevent the malware from running if it loads via a legitimate service or driver. Option D is wrong because restoring from a backup taken before the infection would remove the malware only if the backup predates the infection, but this approach is reactive and may not be feasible if no clean backup exists; it also does not address the immediate need to remove the active memory-resident malware without data loss.

358
MCQeasy

A customer reports that their computer shuts down unexpectedly after a few minutes of use. The system feels hot to the touch, and the fan is running loudly. What is the most appropriate first step for a technician to take to ensure safety while diagnosing the issue?

A.Immediately open the case and touch the CPU heatsink to check temperature.
B.Unplug the computer, let it cool for 30 minutes, then inspect for dust or fan failure.
C.Spray compressed air into the vents while the system is running to clear dust.
D.Replace the power supply unit immediately to fix the overheating.
AnswerB

Unplugging ensures no power is supplied, and letting it cool prevents burns; inspection can then be done safely.

Why this answer

This question tests knowledge of electrical safety and proper handling of overheated equipment. The correct answer is to unplug the computer to prevent electrical shock or fire, then allow it to cool before inspecting internal components. Attempting to open a hot system or ignoring the heat can lead to injury or further damage.

359
MCQmedium

A customer complains that their computer is running slowly and they keep seeing pop-ups offering free antivirus software. They admit they clicked 'OK' on one pop-up. Which type of social engineering attack has likely occurred?

A.Phishing
B.Baiting
C.Pretexting
D.Shoulder surfing
AnswerB

Baiting uses an enticing offer (free antivirus) to trick the user into executing malware, often via pop-ups or physical media.

Why this answer

This is a classic baiting attack where the attacker lures the victim with a free offer (antivirus) that actually installs malware. The pop-ups are a common delivery method for scareware or fake antivirus programs.

360
MCQhard

During a security incident response, you discover that a user's browser has a rogue extension that exfiltrates data to a remote server. The extension was installed after the user clicked a fake update prompt on a website. What vulnerability was exploited?

A.A zero-day vulnerability in the browser.
B.An insecure direct object reference (IDOR) vulnerability.
C.Social engineering.
D.A cross-site request forgery (CSRF) attack.
AnswerC

The user was manipulated into installing the extension by a deceptive prompt, which is a classic social engineering technique.

Why this answer

This is a social engineering attack where the user was tricked into installing malicious software. No technical vulnerability was exploited; the user's trust was manipulated.

361
MCQhard

A technician is configuring power settings for a server room that houses critical equipment. The UPS battery backup needs to be tested monthly. What is the most environmentally sound way to conduct the test?

A.Unplug the server from the UPS to simulate a power failure.
B.Use the UPS management software to run a self-test that checks battery health without full discharge.
C.Disconnect the UPS from mains power and let the battery drain completely.
D.Replace the UPS battery every month to avoid testing.
AnswerB

A software self-test is efficient, uses minimal power, and verifies battery condition without full discharge.

Why this answer

Option B is correct because using UPS management software to run a self-test checks battery health without a full discharge, which conserves battery cycle life and avoids unnecessary waste. This method typically performs a brief impedance or load test that verifies the battery's ability to hold a charge without stressing it, aligning with environmental best practices by reducing battery replacement frequency and energy consumption.

Exam trap

CompTIA often tests the misconception that a full discharge is the only way to verify battery health, but the environmentally sound approach is to use a software-based self-test that avoids unnecessary battery wear and waste.

How to eliminate wrong answers

Option A is wrong because unplugging the server from the UPS simulates a power failure but does not test the battery's ability to provide backup power; it only tests the UPS's transfer to battery mode, which can cause unnecessary wear on the battery and risk data loss if the server shuts down improperly. Option C is wrong because disconnecting the UPS from mains power and letting the battery drain completely subjects the battery to a deep discharge cycle, which significantly reduces its lifespan and is not environmentally sound due to increased waste and energy loss. Option D is wrong because replacing the UPS battery every month is wasteful, costly, and environmentally harmful, as batteries contain hazardous materials and should only be replaced when their capacity degrades below acceptable thresholds.

362
MCQhard

A technician is called to a warehouse where a forklift accidentally struck a rack containing several desktop PCs. The rack is leaning, and one PC has fallen and is sparking. What is the technician's first priority for safety?

A.Quickly unplug the sparking PC to prevent a fire.
B.Evacuate the area and report the incident to the safety officer or call 911.
C.Use a fire extinguisher on the sparking PC to prevent ignition.
D.Stabilize the rack with a nearby pallet to prevent further collapse.
AnswerB

Safety of personnel is paramount; the technician should not enter a hazardous zone. Professional responders will secure the area.

Why this answer

The immediate priority when a PC is sparking and a rack is unstable is life safety. Evacuating the area and reporting the incident (to a safety officer or by calling 911) ensures no one is exposed to potential electrical fire, arc flash, or structural collapse. Attempting to unplug or extinguish the sparking PC while the rack is leaning could result in electrocution, burns, or being struck by falling equipment.

Exam trap

CompTIA often tests the principle that life safety (evacuation and reporting) always takes precedence over equipment preservation or firefighting, tempting candidates to choose a hands-on action like unplugging or extinguishing the sparking PC.

How to eliminate wrong answers

Option A is wrong because attempting to unplug a sparking PC while the rack is unstable puts the technician at risk of electric shock or arc flash, and the spark may indicate a live short that could ignite flammable materials. Option C is wrong because using a fire extinguisher on a sparking PC before evacuating and assessing the situation wastes critical time and may not address the underlying electrical hazard; the spark could be from a capacitor or power supply that could reignite. Option D is wrong because stabilizing the rack with a pallet is a secondary action that should only be performed after the area is safe and the immediate electrical hazard is controlled; it does not address the sparking PC or the risk of fire.

363
MCQmedium

A user reports that their Windows 10 laptop shows a blue screen with an error message about 'Driver IRQL not less or equal' after connecting a new external hard drive. They need to use the drive for work. Which security setting should you check to ensure driver installation is not blocked?

A.Check if Secure Boot is enabled in UEFI.
B.Verify that User Account Control is set to 'Notify me only when apps try to make changes.'
C.Disable Driver Signature Enforcement temporarily.
D.Run Windows Update to find a signed driver.
AnswerC

This allows unsigned drivers to load, which can resolve the blue screen if the driver is the cause.

Why this answer

Driver Signature Enforcement ensures that only drivers with a valid digital signature can be installed. If a driver is unsigned or has an invalid signature, Windows may block it, causing errors. This setting is part of Windows security and can be temporarily disabled for troubleshooting.

364
MCQmedium

A technician is troubleshooting a Windows 10 PC that was infected with a rootkit. After booting from a rescue disk and running a scan, the rootkit is removed, but the system is still unstable. What should the technician do next to ensure the system is fully remediated?

A.Reinstall the operating system from scratch.
B.Run the System File Checker (SFC) tool to repair corrupted files.
C.Disable System Restore and delete all restore points.
D.Perform a disk cleanup to remove temporary files.
AnswerB

SFC scans and repairs protected system files that may have been damaged by the rootkit, addressing the instability without a full reinstall.

Why this answer

After removing a rootkit, the system may have corrupted system files that cause instability. Running the System File Checker (SFC) tool with the 'sfc /scannow' command scans protected system files and replaces corrupted versions with cached copies from the Windows side-by-side store, directly addressing file integrity issues left by the rootkit.

Exam trap

The trap here is that candidates may choose to reinstall the OS (Option A) because they assume any rootkit infection requires a full wipe, but the question specifies the rootkit is already removed and the remaining issue is instability from file corruption, making SFC the targeted remediation step.

How to eliminate wrong answers

Option A is wrong because reinstalling the OS from scratch is an overly drastic step that is unnecessary when the rootkit has already been removed and the issue is limited to file corruption; it would also waste time and user data. Option C is wrong because disabling System Restore and deleting restore points removes potentially useful recovery snapshots but does not repair the corrupted system files causing instability. Option D is wrong because disk cleanup only removes temporary files and frees disk space, which has no effect on corrupted system files or system stability.

365
MCQmedium

A technician is troubleshooting a Windows 10 PC that fails to boot with a 'Bootmgr is missing' error. They need to repair the boot configuration. Which administrative tool should be used from the Windows Recovery Environment (WinRE)?

A.System Restore to revert to a previous restore point.
B.Command Prompt to run bootrec /rebuildbcd.
C.Device Manager to update the disk driver.
D.Local Security Policy to adjust boot options.
AnswerB

Correct. The bootrec command can rebuild the Boot Configuration Data (BCD) and fix the missing bootmgr error.

Why this answer

The Command Prompt in WinRE allows running bootrec.exe and bcdedit.exe to repair the boot configuration. System Restore and Startup Repair are also in WinRE but do not directly rebuild the BCD. The other options are not available in WinRE.

366
MCQeasy

A user reports that their web browser frequently redirects to an unfamiliar search engine and displays pop-up ads even when no tabs are open. What is the most likely cause of this behavior?

A.The browser needs to be updated to the latest version.
B.The user has accidentally enabled a malicious browser extension.
C.The internet connection is unstable and causing DNS errors.
D.The browser cache is full and needs to be cleared.
AnswerB

A malicious extension can hijack browser settings, redirect searches, and inject ads. This is a common vector for browser hijackers.

Why this answer

This scenario describes classic symptoms of a browser hijacker, a type of malware that modifies browser settings without permission. The correct action is to scan and remove the malicious software using an anti-malware tool, as simply resetting settings or clearing caches may not remove the underlying infection.

367
MCQhard

A change advisory board (CAB) approves a network switch replacement, but the technician discovers during implementation that the new switch requires a different firmware version than documented. The change plan does not include a rollback for this scenario. What is the best course of action?

A.Proceed with the firmware update and document the change afterward.
B.Stop the implementation and contact the CAB for a revised change plan.
C.Use the old switch firmware on the new switch to match the documentation.
D.Implement the switch and create a separate change request for the firmware.
AnswerB

Halting and consulting the CAB ensures the change is properly authorized and the plan is updated to include the firmware change and rollback.

Why this answer

When an undocumented deviation occurs during a change, the technician should halt the implementation and contact the CAB for guidance. Proceeding without approval risks network instability, and the CAB can provide a revised plan or approve the firmware change.

368
MCQeasy

During a security audit, you find that a user's browser has an outdated version of Adobe Flash Player installed. What is the primary security risk associated with this finding?

A.The browser will run slower and may crash frequently.
B.The user will be unable to view some web content.
C.Attackers can exploit known vulnerabilities in the plugin to install malware.
D.The browser will automatically disable the plugin.
AnswerC

Outdated plugins have unpatched security holes that attackers frequently target to compromise systems.

Why this answer

Outdated plugins like Flash Player are common attack vectors because they contain known vulnerabilities that malware can exploit. Keeping software updated is a fundamental browser security practice.

369
MCQhard

A technician needs to deploy a custom configuration profile to 50 macOS devices in a lab. The profile must restrict access to System Settings and disable iCloud. Which tool is most appropriate for this task?

A.Terminal with 'profiles' command
B.Apple Configurator
C.System Preferences > Profiles
D.Remote Desktop
AnswerB

Apple Configurator allows creating and exporting configuration profiles (.mobileconfig) for macOS and iOS devices.

Why this answer

Apple Configurator is designed for creating and deploying configuration profiles to iOS and macOS devices. For large-scale deployments, MDM is preferred, but Configurator is the direct tool for profile creation and local deployment.

370
MCQeasy

A customer reports that their laptop battery drains quickly and the device gets very hot. They want to know the safest way to dispose of the old battery after replacement. What should you advise?

A.Throw the battery in the regular trash bin.
B.Take the battery to a certified e-waste recycling center.
C.Burn the battery in an open area to neutralize it.
D.Store the battery in a metal container until it stops holding a charge.
AnswerB

This is correct because certified recyclers properly handle hazardous materials, reducing environmental impact and complying with regulations.

Why this answer

Option B is correct because lithium-ion and lithium-polymer batteries contain hazardous materials that can leak and cause environmental damage if disposed of improperly. Certified e-waste recycling centers have the specialized equipment and processes to safely extract and recycle these materials, preventing toxic exposure and complying with environmental regulations like the Resource Conservation and Recovery Act (RCRA).

Exam trap

CompTIA often tests the misconception that storing a battery in a metal container or waiting until it fully discharges makes it safe for regular disposal, but the chemical hazard remains regardless of charge state.

How to eliminate wrong answers

Option A is wrong because throwing the battery in regular trash violates hazardous waste disposal laws and can lead to fires in landfills or recycling facilities due to lithium's reactivity with moisture and other materials. Option C is wrong because burning a lithium-ion battery can cause a violent thermal runaway reaction, releasing toxic fumes and potentially causing an explosion. Option D is wrong because storing a battery in a metal container does not neutralize the chemical hazard; it only contains the risk temporarily, and the battery remains dangerous until properly recycled.

371
MCQeasy

A technician is configuring a new Windows 11 workstation for a user who frequently downloads free software. To reduce the risk of malware infections from bundled applications, which security setting should be enabled?

A.Enable Windows Defender Application Guard.
B.Set User Account Control to always notify.
C.Turn on Windows Firewall with advanced logging.
D.Enable BitLocker drive encryption.
AnswerB

UAC prompts before any software installation, allowing the user to reject unwanted bundled programs.

Why this answer

Windows Defender Application Guard and controlled folder access are useful, but the most direct protection against unwanted bundled software is User Account Control (UAC). UAC prompts for permission before installing software, giving the user a chance to decline bundled items.

372
MCQeasy

A customer reports that their computer is running very slowly after they installed a new screensaver. The technician suspects the screensaver may be consuming excessive resources. Which of the following is the most professional way to address this?

A.Tell the customer that the screensaver is likely the problem and they should uninstall it.
B.Explain that you will check the system resources to identify the cause of the slowness.
C.Blame the screensaver and suggest the customer stop using decorative software.
D.Ignore the screensaver and run a full virus scan.
AnswerB

This shows a collaborative approach and uses professional language to set expectations.

Why this answer

This question emphasizes respectful communication and avoiding blame. The correct answer focuses on investigating the issue without accusing the user.

373
MCQmedium

A technician needs to search for any file in /etc that contains the string 'Password' (case-insensitive). Which command should be used?

A.grep -r 'Password' /etc
B.grep -ri 'Password' /etc
C.find /etc -name '*Password*'
D.locate Password | grep /etc
AnswerB

The -r flag enables recursive search, and -i makes it case-insensitive, matching all variations.

Why this answer

This tests the grep command with recursive and case-insensitive options. grep -ri 'Password' /etc will search all files recursively in /etc, ignoring case.

374
MCQhard

A user reports that their Windows 10 computer is infected with ransomware that has encrypted their files. The technician boots into the Windows Recovery Environment and wants to restore the system to a previous restore point. Which command should be used?

A.rstrui.exe
B.vssadmin list shadows
C.wbadmin start recovery
D.bootrec /fixboot
AnswerA

Launches the System Restore utility, allowing restoration to a previous point.

Why this answer

The correct answer is `rstrui.exe`, which launches the System Restore wizard. This can revert system files and settings to a previous state. `vssadmin` manages shadow copies but does not directly restore, `wbadmin` is for backup and restore, and `bootrec` repairs boot issues.

375
MCQhard

A company is designing a secure entry for a high-security lab. They need to ensure that only one person can enter at a time and that the person must be authenticated before the second door opens. Which physical security control should be used?

A.Turnstile with biometric reader
B.Security guard with logbook
C.Mantrap with smart card and biometric authentication
D.Cipher lock with door alarm
AnswerC

A mantrap uses two doors; the first door locks after entry, and the second door only unlocks after successful authentication, ensuring single-person access.

Why this answer

A mantrap with two interlocking doors and authentication requirements ensures one-person-at-a-time entry, preventing tailgating and piggybacking. This is the gold standard for high-security areas requiring strict access control.

Page 4

Page 5 of 10

Page 6

All pages