CompTIA A+ Core 2 220-1202 (220-1202) — Questions 376450

750 questions total · 10pages · All types, answers revealed

Page 5

Page 6 of 10

Page 7
376
MCQeasy

A customer reports that their Android phone's screen is unresponsive to touch after a drop. They can still hear notifications and see the display. Which built-in tool should you use to test the touchscreen functionality without relying on third-party apps?

A.Safe Mode
B.Developer Options
C.Diagnostics Mode (e.g., *#0*#)
D.Factory Reset
AnswerC

Many Android devices have a hidden diagnostics menu (e.g., *#0*#) that includes touchscreen, display, and sensor tests, ideal for verifying hardware issues.

Why this answer

This question tests knowledge of Android's built-in diagnostic tools. The correct answer is the 'Diagnostics' or 'Test' mode, often accessed via the dialer code or settings, which allows hardware testing without third-party apps. This is a standard feature for verifying touchscreen integrity after physical damage.

377
MCQmedium

A technician is configuring a new Windows 10 kiosk computer that will run a single application for public use. They need to prevent users from accessing the desktop, taskbar, or other system functions. Which Windows security feature should be used?

A.User Account Control (UAC) set to highest level
B.Local Group Policy – Software Restriction Policies
C.Windows Defender Application Guard
D.Assigned Access (Kiosk Mode)
AnswerD

Assigned Access restricts the user to a single app and hides system interfaces.

Why this answer

Assigned Access (Kiosk Mode) locks down the device to run only one app and restricts access to other system features. It is designed for public or kiosk scenarios.

378
MCQmedium

A customer calls the help desk complaining that their printer no longer works after a technician installed a security update on their computer. The technician checks the documentation and finds no record of the update being installed. What is the most likely cause of the missing documentation?

A.The security update was applied automatically by Windows Update.
B.The printer driver was corrupted by a virus.
C.The technician forgot to save the change log before leaving for the day.
D.The customer accidentally deleted the update history.
AnswerA

Automatic updates often bypass change management documentation unless specifically configured to be logged, which is a common oversight.

Why this answer

The most likely cause is that the security update was applied automatically by Windows Update. In many corporate environments, Windows Update is configured to install critical patches automatically without requiring manual intervention or logging in the technician's change documentation. This explains why the technician found no record of the update, even though it was installed and caused the printer driver to stop functioning.

Exam trap

The trap here is that candidates may focus on the printer driver corruption (Option B) as the direct cause of the printer failure, rather than recognizing that the missing documentation points to an automated update process as the root cause of the undocumented change.

How to eliminate wrong answers

Option B is wrong because a virus corrupting the printer driver would not explain the missing documentation; it would instead cause a different set of symptoms, such as unusual system behavior or security alerts, and the technician would likely find evidence of malware rather than a missing change log. Option C is wrong because the technician forgetting to save the change log is a procedural error, but the question states the technician checked the documentation and found no record of the update being installed—this implies the update was never documented, not that it was documented and then lost. Option D is wrong because the customer accidentally deleting the update history would affect the Windows Update history log, not the technician's change management documentation, which is maintained separately by the IT team.

379
MCQmedium

A technician is updating the documentation for a network printer that was moved to a different floor. The technician updates the asset tag in the inventory system. Which additional documentation should the technician also update to ensure accurate records?

A.The user manual for the printer
B.The network diagram showing device locations and connections
C.The company’s acceptable use policy
D.The printer’s warranty information
AnswerB

The network diagram must reflect the new location and any changes to network ports or cabling.

Why this answer

When a network printer is moved to a different floor, its physical location and network connectivity change. The network diagram is the authoritative document that records device locations, switch ports, IP addresses, and cabling paths. Updating it ensures that troubleshooting, asset tracking, and future moves remain accurate, directly supporting change management and documentation best practices.

Exam trap

CompTIA often tests the distinction between operational documentation (network diagrams, rack layouts, IP address management) and administrative or policy documents (user manuals, warranties, acceptable use policies) to see if candidates understand which records are directly impacted by a physical move.

How to eliminate wrong answers

Option A is wrong because the user manual is a generic reference document that does not change when a device is relocated; it contains operational instructions, not location or connectivity records. Option C is wrong because the acceptable use policy governs how employees may use company resources, not the physical or logical placement of hardware. Option D is wrong because warranty information is tied to the device's serial number and purchase date, not its physical location; moving the printer does not affect warranty terms.

380
MCQmedium

During a security audit, an administrator discovers that several employees have written their domain passwords on sticky notes attached to their monitors. The company policy requires strong passwords and prohibits sharing credentials. Which security principle is being violated?

A.Principle of least privilege
B.Account lockout policy
C.Password confidentiality
D.Multi-factor authentication
AnswerC

Password confidentiality requires that passwords be known only to the authorized user. Writing them on sticky notes compromises this by making them visible to others.

Why this answer

Password confidentiality is a core security principle; passwords must be kept secret and not be easily observable. Writing passwords on sticky notes directly violates this by making them visible to anyone nearby. This question tests the understanding of password security best practices and the concept of confidentiality.

381
MCQmedium

A user wants to share a folder on their Windows 11 PC so that other users on the local network can access files without a password. They have already enabled network discovery and file sharing. Which additional setting must they configure in the Advanced Sharing settings to allow password-less access?

A.Turn on Public folder sharing
B.Turn off password protected sharing
C.Enable 128-bit encryption
D.Set up a homegroup
AnswerB

Disabling password protected sharing allows network users to access shared folders without authentication, meeting the user's requirement.

Why this answer

The correct setting is to turn off 'Password protected sharing' in the Advanced sharing settings. This allows anyone on the network to access shared folders without entering a username and password, which is necessary for the scenario described.

382
MCQmedium

A customer complains that their computer emits a strong chemical smell and is unusually hot. After inspection, you find the power supply is failing and leaking a brown, oily substance. How should you handle the power supply disposal?

A.Place the power supply in a standard trash bag and throw it in the dumpster.
B.Put the power supply in an anti-static bag, seal it, and label it as hazardous e-waste.
C.Clean the power supply with isopropyl alcohol and then recycle it normally.
D.Disassemble the power supply to remove the leaking capacitor and then dispose of the rest.
AnswerB

This is correct because the anti-static bag prevents further leakage, and labeling ensures it is handled appropriately by recycling facilities.

Why this answer

Option B is correct because a failing power supply leaking a brown, oily substance (typically from swollen or ruptured capacitors) is classified as hazardous e-waste due to toxic materials like lead, cadmium, and electrolyte fluids. Placing it in an anti-static bag prevents short circuits during transport, and labeling it as hazardous ensures proper disposal per environmental regulations such as the Resource Conservation and Recovery Act (RCRA) or local e-waste directives.

Exam trap

CompTIA often tests the misconception that cleaning or disassembling e-waste makes it safe for normal disposal, when in fact any leaking or damaged power supply must be treated as hazardous e-waste and never opened by a technician.

How to eliminate wrong answers

Option A is wrong because throwing the power supply in a standard trash bag and dumpster violates environmental regulations; the leaking chemicals can contaminate soil and groundwater, and the power supply contains heavy metals that require special handling. Option C is wrong because cleaning with isopropyl alcohol does not neutralize the toxic electrolyte or render the unit safe for normal recycling; the power supply still contains hazardous components that must be processed through certified e-waste facilities. Option D is wrong because disassembling a leaking, potentially charged power supply poses a high risk of electric shock, chemical exposure, and further leakage; technicians should never open a failing PSU—disposal must be handled as a sealed unit.

383
MCQmedium

A user calls the help desk saying they cannot access a shared folder on the network. They can access other shares on the same server. The technician verifies the user's account is active and the folder exists. What should the technician check next to resolve the access issue?

A.Check if the user's password has expired.
B.Verify the user has been added to the local Administrators group.
C.Review the NTFS permissions on the shared folder.
D.Reboot the file server to clear any cached permissions.
AnswerC

NTFS permissions can deny access to specific users even if share permissions allow it, explaining the isolated issue.

Why this answer

NTFS permissions control access at the folder level on the server. Even if share permissions allow access, restrictive NTFS permissions can block a specific user. The technician should check the effective permissions on that folder for the user.

384
MCQmedium

After a recent Windows update, a user's printer stopped working. You suspect the update changed the default print spooler service startup type. Which Control Panel tool should you use to verify and correct the service startup type?

A.Device Manager
B.Printers & scanners
C.Administrative Tools > Services
D.System > Advanced system settings
AnswerC

The Services snap-in lists all Windows services, including the Print Spooler, and allows you to change its startup type to Automatic.

Why this answer

The Print Spooler service is a Windows service that manages print jobs sent to the printer. Its startup type (e.g., Automatic, Manual, Disabled) is configured in the Services console, which is accessed via Administrative Tools > Services. Device Manager and Printers & scanners do not provide service startup type settings, and System > Advanced system settings deals with performance and user profiles, not services.

Exam trap

The trap here is that candidates often confuse Device Manager (for driver issues) with the Services console, not realizing that the startup type of a service is managed exclusively through the Services snap-in, not through hardware or printer-specific settings.

How to eliminate wrong answers

Option A is wrong because Device Manager is used to manage hardware drivers and device properties, not Windows service startup types. Option B is wrong because Printers & scanners is for adding, removing, and configuring printer devices, not for changing the spooler service startup type. Option D is wrong because System > Advanced system settings provides access to performance options, user profiles, and startup and recovery settings, not service management.

385
MCQeasy

During a routine security audit, you find that an employee has taped their door lock open to avoid using their badge every time they leave for a break. What is the most immediate security concern with this practice?

A.The employee might lose their badge
B.It violates company badge policy
C.Unauthorized persons can enter without credentials
D.The door lock may break from being forced open
AnswerC

Propping a door open eliminates the need for authentication, creating a direct security breach.

Why this answer

Propping a door open bypasses access control systems, allowing unauthorized individuals to enter without credentials. This is a common physical security violation that undermines the entire access control mechanism.

386
MCQhard

A company laptop was stolen, and the IT department needs to ensure that the data on the device cannot be accessed. The laptop had BitLocker enabled, but the drive was unlocked when stolen. What additional security measure could have prevented data access in this scenario?

A.Enable Windows Defender Firewall
B.Configure BitLocker with a startup PIN
C.Use a strong user password
D.Enable System Restore
AnswerB

A startup PIN requires authentication before the OS loads, protecting data even if the device is powered on.

Why this answer

BitLocker protects data when the system is off. If the laptop was unlocked, data is accessible. A pre-boot authentication PIN or password ensures that even if the device is powered on, the drive remains locked until the PIN is entered.

387
MCQeasy

A user reports receiving an email that appears to be from their CEO, urgently requesting that they purchase $500 in gift cards and reply with the codes. The email address looks slightly off (e.g., ceo@cornpany.com instead of ceo@company.com). What type of social engineering attack is this?

A.Spear phishing
B.Vishing
C.Whaling
D.Tailgating
AnswerC

Whaling is a phishing attack that targets senior executives (or impersonates them) to steal sensitive data or money. The email impersonating the CEO is a textbook example.

Why this answer

This is a whaling attack, a type of phishing that targets high-profile individuals or impersonates them to trick lower-level employees. The attacker used a spoofed email address to impersonate the CEO and create a sense of urgency.

388
MCQeasy

A user reports that their Windows 10 desktop is running very slowly, especially when opening multiple applications. They have 8 GB of RAM and a traditional hard drive. Task Manager shows that memory usage is consistently at 90% or higher. Which component is most likely the bottleneck and what is the best upgrade?

A.The CPU is the bottleneck; upgrade to a faster processor.
B.The hard drive is the bottleneck; upgrade to an SSD.
C.The RAM is the bottleneck; add more RAM.
D.The graphics card is the bottleneck; upgrade to a dedicated GPU.
AnswerC

High memory usage indicates the system needs more RAM; adding more will allow more applications to run without using slow virtual memory.

Why this answer

High memory usage (90%+) with 8 GB of RAM indicates that the system is running out of physical memory, causing it to use the hard drive as virtual memory, which is very slow. The best upgrade is to add more RAM to reduce reliance on the slow hard drive paging.

389
MCQmedium

A small business is deploying Windows 11 to 20 new workstations. During the setup, you need to ensure that each computer receives a unique computer name and joins the domain automatically. Which Windows deployment tool should you use to automate this process?

A.Windows System Image Manager (Windows SIM)
B.Windows Deployment Services (WDS)
C.Microsoft Deployment Toolkit (MDT)
D.Sysprep
AnswerB

WDS allows for network-based deployment of Windows images and can automate computer naming and domain join via answer files, making it the correct choice.

Why this answer

Windows Deployment Services (WDS) is designed for network-based deployment of Windows images to multiple computers. It can be configured with answer files to automate computer naming and domain joining, making it the ideal tool for this scenario.

390
MCQmedium

During a Windows 10 deployment, you need to ensure that a specific Group Policy setting is applied to a computer before any user logs on. Which policy processing mode should you configure?

A.Loopback processing mode
B.Computer Configuration
C.User Configuration
D.Administrative Templates
AnswerB

Policies under Computer Configuration are applied during system startup, before any user logs in. This ensures the setting is in effect for all users and at the login screen.

Why this answer

Computer Configuration policies in Group Policy apply to the computer itself and take effect at boot, before user logon. User Configuration policies apply only after a user logs on. To ensure a setting is applied before any user logs on, it must be placed under Computer Configuration.

391
MCQmedium

A technician needs to write a script that runs a specific command only if a Windows service is running. If the service is stopped, the script should start it first. Which scripting method is most appropriate?

A.Use a for loop to iterate over all services.
B.Use an if-else statement to check the service status.
C.Use a switch statement with multiple conditions.
D.Use a try-catch block to handle errors if the command fails.
AnswerB

An if-else statement can evaluate the service state and execute different commands accordingly.

Why this answer

The correct answer is B because an if-else statement is the most appropriate scripting method to check the status of a specific Windows service and conditionally execute a command or start the service. In PowerShell, you can use `Get-Service` to retrieve the service status and then an if-else block to evaluate whether the `Status` property equals 'Running'. This provides clear, linear logic that directly matches the requirement without unnecessary complexity.

Exam trap

CompTIA often tests the distinction between conditional logic (if-else) and error handling (try-catch), leading candidates to mistakenly choose try-catch because they think it can 'handle' a stopped service, but it cannot evaluate the service state before the command runs.

How to eliminate wrong answers

Option A is wrong because a for loop that iterates over all services is inefficient and unnecessary; the requirement is to check only one specific service, not all services. Option C is wrong because a switch statement is designed for multiple discrete value matches, not for a simple binary check of a service status (running vs. stopped), and it would overcomplicate the logic. Option D is wrong because a try-catch block handles runtime errors (e.g., service not found or access denied) but does not provide conditional logic to check the service status before deciding whether to start it.

392
MCQmedium

A technician is configuring a new Windows 10 workstation for a user who is visually impaired. The user needs the screen magnifier to start automatically when they log in, and they want high-contrast themes. Which Control Panel tool should the technician use to enable these accessibility features?

A.System > Advanced system settings
B.Ease of Access Center
C.Personalization
D.Display
AnswerB

The Ease of Access Center includes options for Magnifier, Narrator, on-screen keyboard, and high-contrast settings.

Why this answer

The Ease of Access Center in Windows 10 is the dedicated Control Panel tool for configuring accessibility features, including Magnifier and high-contrast themes. It provides settings to enable Magnifier to start automatically at login and to apply high-contrast themes system-wide, directly addressing the user's needs.

Exam trap

CompTIA often tests the distinction between the Ease of Access Center and the Personalization or Display settings, trapping candidates who assume high-contrast themes are only in Personalization or that Magnifier auto-start is a Display setting.

How to eliminate wrong answers

Option A is wrong because System > Advanced system settings is used for performance options, user profiles, and startup and recovery settings, not for accessibility features like Magnifier or high-contrast themes. Option C is wrong because Personalization allows changing themes and colors, but it does not provide the option to set Magnifier to start automatically at login; high-contrast themes can be applied there, but the automatic startup of Magnifier is exclusive to the Ease of Access Center. Option D is wrong because Display settings manage screen resolution, orientation, and multiple displays, but do not include accessibility features such as Magnifier auto-start or high-contrast theme configuration.

393
MCQeasy

A small business wants to reduce its environmental footprint by properly managing old computer equipment. They ask which components must be handled separately due to hazardous materials. What should you identify?

A.LCD monitors
B.CRT monitors
C.Keyboard and mouse
D.Ethernet cables
AnswerB

This is correct because CRT monitors contain leaded glass and other hazardous materials that require special handling to prevent environmental contamination.

Why this answer

CRT monitors contain leaded glass in the cathode ray tube and significant amounts of lead in the solder and phosphor coating, making them hazardous electronic waste that must be handled separately under regulations like the EPA's RCRA and the EU's WEEE Directive. Unlike LCDs, which may contain mercury in backlights but are often managed differently, CRTs require specialized recycling to prevent lead leaching into groundwater.

Exam trap

CompTIA often tests the distinction between CRT and LCD monitors, trapping candidates who assume all monitors are equally hazardous, when in fact CRTs are uniquely regulated due to lead content while LCDs are generally treated as standard e-waste unless mercury backlights are present.

How to eliminate wrong answers

Option A is wrong because LCD monitors may contain small amounts of mercury in cold-cathode fluorescent lamp (CCFL) backlights, but they are not universally classified as requiring separate hazardous handling in the same way as CRTs; many jurisdictions allow them in general e-waste streams if mercury is removed. Option C is wrong because keyboards and mice are typically non-hazardous electronic waste composed of plastic and low-voltage circuitry, with no regulated hazardous materials like lead, mercury, or cadmium. Option D is wrong because Ethernet cables are copper or fiber optic cabling with no hazardous materials; they are recyclable as standard e-waste or scrap metal.

394
MCQmedium

A technician is troubleshooting a web server that is not serving pages from /var/www/html. The directory permissions are drwxr-x--- and the web server runs as user 'www-data'. The directory is owned by root:www-data. Which command will allow the web server to read the directory and its contents?

A.chmod g+rx /var/www/html
B.chmod o+rx /var/www/html
C.chown www-data:www-data /var/www/html
D.usermod -aG www-data www-data
AnswerD

This adds the user www-data to the group www-data, ensuring the group permissions apply, which is the correct approach.

Why this answer

The correct answer is A because chmod g+rx /var/www/html adds read and execute for the group (www-data), which matches the web server user. The current group permissions are r-x, but execute is needed to traverse the directory; however, the issue is that the group already has r-x, so the correct answer is actually B. Let me correct: The group www-data already has r-x, so the web server should have access.

The problem may be that the user www-data is not in the group? No, the directory is owned by root:www-data, so group permissions apply. Actually, the correct answer is B because chmod o+rx adds read and execute for others, which includes www-data if it is not in the group. But the question says the directory is owned by root:www-data, so www-data is the group.

Therefore, the group already has r-x, so the web server should have access. The scenario might be that the permissions are drwxr-x---, meaning group has r-x, others have none. If www-data is in the group, it works.

If not, it fails. The technician should ensure www-data is in the group. The best command is chmod g+rx, but it's already there.

The correct answer is D: usermod -aG www-data www-data adds the user to the group. This is the most appropriate fix. I'll adjust the options accordingly.

395
MCQeasy

A user reports that their virtual desktop in a VDI environment is extremely slow during peak hours. The technician checks the host server and sees that memory utilization is at 95% and CPU is at 80%. Which of the following is the most likely cause of the performance issue?

A.The virtual switch is misconfigured
B.The host has insufficient memory for the number of VMs
C.The guest OS needs a driver update
D.The virtual hard disks are not thin-provisioned
AnswerB

With memory at 95%, the host is overcommitted, forcing the hypervisor to use disk swap, which drastically reduces performance. This is the most direct cause.

Why this answer

In a VDI environment, over-provisioning resources like memory leads to resource contention and poor performance. The high memory utilization indicates the host does not have enough physical memory to support all running virtual desktops, causing swapping and slowdowns. This scenario tests understanding of resource allocation in virtualized environments.

396
MCQmedium

A user reports that after a recent Windows update, they can no longer install a legacy application that requires write access to the Program Files folder. The user is a local administrator. What Windows security setting is most likely blocking the installation?

A.BitLocker Drive Encryption
B.User Account Control (UAC)
C.Windows Defender Firewall
D.Group Policy Software Restrictions
AnswerB

UAC protects system integrity by prompting for elevated permissions, even for administrators, when changes affect protected areas like Program Files.

Why this answer

User Account Control (UAC) prompts for consent or credentials even for administrators when changes require elevated permissions, such as writing to protected folders like Program Files. Disabling UAC or running the installer as administrator can resolve this.

397
MCQeasy

A user on iOS 17 complains that their iPhone's battery drains quickly and the phone gets warm during normal use. They have not installed any new apps recently. Which built-in tool should you use first to identify the cause?

A.Settings > General > iPhone Storage
B.Settings > Battery > Battery Health
C.Settings > Privacy > Analytics & Improvements
D.Settings > Display & Brightness
AnswerB

Battery Health provides information on maximum capacity and whether the battery is degraded, which directly addresses the user's symptoms.

Why this answer

This question covers iOS battery management tools. The correct answer is the Battery Health feature, which shows maximum capacity and peak performance capability, and can indicate if the battery needs service. Checking this first helps rule out hardware degradation before troubleshooting software.

398
MCQhard

A technician is dealing with a zero-day malware infection that has evaded all signature-based antivirus scans. The malware is polymorphic, changing its code each time it infects a new system. Which approach is most likely to detect and remove this type of malware?

A.Update the antivirus to the latest signature definitions and run a full scan.
B.Use a bootable antivirus rescue disk to scan the system before the OS loads.
C.Employ a heuristic-based or behavior-based malware removal tool.
D.Reinstall the operating system from a known-good backup.
AnswerC

Heuristic tools analyze behavior and code patterns, allowing them to detect polymorphic malware that changes its signature.

Why this answer

Polymorphic malware changes its signature, making signature-based detection ineffective. Heuristic analysis and behavior-based detection tools, such as those used by advanced endpoint detection and response (EDR) solutions, can identify malware based on suspicious actions rather than static signatures. Running a tool that uses heuristic scanning can detect the malware's behavior, such as file encryption or unauthorized registry changes.

399
MCQeasy

A user reports that their corporate email app on an Android device is not syncing. They can browse the internet and use other apps normally. The account was working yesterday. What should you check first?

A.Perform a factory reset of the device.
B.Verify the account username and password in the email app.
C.Replace the device's SIM card.
D.Reinstall the operating system.
AnswerB

Incorrect credentials or a recent password change can prevent syncing; verifying them is the quickest and most common fix.

Why this answer

Option B is correct because the most common cause of a previously working email account suddenly failing to sync is an authentication issue, such as a changed password or expired credentials. Since other internet services work, the network connectivity is fine, so the problem is isolated to the email app's authentication. Verifying the username and password in the app's account settings is the quickest, least disruptive first step before escalating to more drastic measures.

Exam trap

The trap here is that candidates may assume a network or hardware issue (SIM card) because the email 'isn't syncing,' but the question explicitly states other apps work, isolating the problem to the email app's configuration or authentication.

How to eliminate wrong answers

Option A is wrong because performing a factory reset is a destructive, last-resort step that would erase all user data and settings, and it is not justified when the issue is isolated to a single app and the device otherwise functions normally. Option C is wrong because replacing the SIM card would only affect cellular network authentication and provisioning, not the email app's credentials or connectivity over Wi-Fi or mobile data; since other apps work, the SIM is not the cause. Option D is wrong because reinstalling the operating system is an extreme measure that would wipe the entire device and is completely unnecessary for a single app's sync failure that likely stems from a simple credential mismatch.

400
MCQmedium

A user's iPad will not rotate the screen when turned sideways, even though the rotation lock is off in the Control Center. The screen remains in portrait mode. What should you check next?

A.Check if the app has its own orientation lock setting.
B.Check the physical mute/orientation lock switch on the side of the iPad.
C.Perform a hard reset of the iPad.
D.Update the iPadOS to the latest version.
AnswerB

On some iPad models, the side switch can be set to lock rotation; if it's engaged, it overrides the Control Center setting.

Why this answer

The correct answer is B because many iPad models (particularly older ones like iPad 2 through iPad 4, and some iPad mini models) include a physical switch on the side edge that can be configured to act as a mute/orientation lock toggle. Even if the software rotation lock in Control Center is off, this hardware switch can independently lock the screen orientation, overriding the software setting. Checking this physical switch is the logical next step before attempting more invasive troubleshooting.

Exam trap

CompTIA often tests the distinction between software-based and hardware-based controls, and the trap here is that candidates assume the Control Center rotation lock is the only mechanism for locking orientation, overlooking the independent physical switch that can override it.

How to eliminate wrong answers

Option A is wrong because while some apps (e.g., video players) have their own orientation lock settings, the question states the screen remains in portrait mode system-wide, not just within a single app, so an app-specific lock would not affect the entire iPad interface. Option C is wrong because performing a hard reset (force restart) is a generic troubleshooting step that would not resolve a hardware switch being engaged; it would only temporarily clear memory and restart processes, not change the physical switch state. Option D is wrong because updating iPadOS addresses software bugs and compatibility issues, but a physical orientation lock switch is a hardware-level control that operates independently of the OS version; an update would not disengage a physical switch.

401
MCQmedium

A user receives an email that appears to be from their bank, asking them to click a link and verify their account information due to 'suspicious activity.' The email address looks legitimate, but the link points to a different domain. What type of attack is this?

A.Spear phishing
B.Phishing
C.Whaling
D.Vishing
AnswerB

Phishing is a broad term for fraudulent emails attempting to obtain sensitive data by posing as a legitimate entity, matching the scenario exactly.

Why this answer

Phishing is a social engineering attack where attackers impersonate a trusted entity to trick victims into revealing sensitive information. The suspicious link is a key indicator. This question tests the ability to recognize phishing attempts based on common characteristics like urgent language and deceptive links.

402
MCQmedium

A user reports that their Windows 10 PC fails to boot and displays a 'Boot Configuration Data is missing' error. You need to repair the boot configuration using the Windows Recovery Environment. Which administrative tool should you run from the command prompt in the recovery environment?

A.sfc /scannow
B.bootrec /rebuildbcd
C.DISM /Online /Cleanup-Image /RestoreHealth
D.chkdsk /f
AnswerB

Bootrec with the /rebuildbcd switch scans for Windows installations and rebuilds the BCD store, fixing boot errors.

Why this answer

Bootrec.exe is the command-line tool specifically designed to repair the Boot Configuration Data (BCD) and Master Boot Record (MBR). It is used from the Windows Recovery Environment command prompt. Other tools like SFC or DISM target system files or image health, not boot configuration.

403
MCQhard

After resolving a user's issue, the user says, "Thank you, you're a lifesaver!" and offers the technician a $50 gift card as a token of appreciation. Company policy strictly prohibits accepting gifts over $20. How should the technician respond?

A."I appreciate that, but our policy doesn't allow me to accept gifts over $20. Thank you for the thought, though."
B."Thank you! That's very kind. I'll accept it, but please don't tell anyone."
C."I can't accept this. Please don't offer gifts to IT staff."
D."You can give it to my manager if you want, but I can't take it directly."
AnswerA

This politely declines while explaining the policy, showing integrity and respect for company rules.

Why this answer

Option A is correct because it politely declines the gift while citing the specific company policy limit of $20, which aligns with professional conduct and ethical guidelines. This response maintains trust and integrity without offending the user, as required by the CompTIA A+ 220-1202 exam objectives on professionalism and communication.

Exam trap

CompTIA often tests the candidate's ability to balance professionalism with customer appreciation, trapping those who choose a response that either violates policy (B, D) or damages the relationship (C) instead of a polite, policy-compliant refusal (A).

How to eliminate wrong answers

Option B is wrong because accepting the gift and asking the user to keep it secret violates company policy and ethical standards, potentially leading to disciplinary action or loss of trust. Option C is wrong because it is overly abrupt and dismissive, failing to acknowledge the user's gratitude and potentially damaging the customer relationship; a polite refusal is more appropriate. Option D is wrong because redirecting the gift to a manager still involves accepting a prohibited item indirectly, which does not comply with the policy and could be seen as an attempt to circumvent the rules.

404
MCQmedium

A security incident occurred where an attacker modified a PowerShell script on a file server to include malicious commands. The script is executed daily by a scheduled task. Which scripting security best practice could have prevented this attack?

A.Store the script in a hidden folder
B.Set the script file to read-only
C.Use a digital signature to sign the script and enforce execution policy
D.Compile the script into an executable
AnswerC

Signing ensures integrity; if the script is modified, the signature becomes invalid and execution is blocked.

Why this answer

Option C is correct because enforcing an execution policy that requires scripts to be digitally signed ensures that only scripts signed by a trusted publisher can run. If the attacker modified the script, the digital signature would become invalid, and the execution policy would block the script from running, preventing the malicious commands from executing.

Exam trap

The trap here is that candidates often choose 'Set the script file to read-only' because they think file permissions alone are sufficient, but Cisco tests that integrity verification (via digital signatures) is the only way to detect unauthorized modifications in a script that is executed automatically.

How to eliminate wrong answers

Option A is wrong because storing the script in a hidden folder does not prevent modification; hidden folders are easily revealed via File Explorer settings or command-line tools like `dir /a`. Option B is wrong because setting the script file to read-only can be bypassed by an attacker with sufficient privileges (e.g., taking ownership or modifying permissions), and it does not verify the script's integrity. Option D is wrong because compiling a PowerShell script into an executable does not prevent modification; the executable can still be decompiled or replaced, and it does not enforce integrity checks like a digital signature.

405
MCQhard

A technician receives an email from what appears to be the company's CEO, asking for a list of all employee passwords for a 'security audit'. The email address is correct, but the tone and request are unusual. The technician suspects a social engineering attack. What is the best course of action?

A.Reply to the email asking for more details to confirm the request.
B.Forward the email to the security team and do not respond.
C.Provide the list as requested, since the CEO has authority.
D.Call the CEO immediately to verify the request.
AnswerB

The correct action is to report the suspicious email to the security team for investigation and not engage with the potential attacker. This follows proper incident response protocols.

Why this answer

This is likely a whaling or spear phishing attack impersonating the CEO. The technician should never share passwords and should verify the request through a separate communication channel (e.g., phone call or in-person) before taking any action. Reporting to the security team is also critical.

406
MCQhard

A network administrator is investigating a security incident where an attacker captured the 4-way handshake of a WPA2-PSK network and successfully cracked the passphrase. Which protocol change would most effectively prevent this type of attack in the future?

A.Switch to WPA2-Enterprise with 802.1X and a RADIUS server.
B.Increase the WPA2-PSK passphrase length to 63 characters.
C.Upgrade to WPA3-SAE.
D.Enable MAC address filtering on the access point.
AnswerC

Correct. WPA3-SAE uses SAE, which eliminates the possibility of offline dictionary attacks by design, making handshake capture useless.

Why this answer

WPA3-SAE uses Simultaneous Authentication of Equals (SAE), which provides forward secrecy. This means that even if an attacker captures the handshake, they cannot crack the passphrase offline because the handshake does not contain enough information to derive the key.

407
MCQmedium

A technician is configuring a new Windows 10 workstation for a user who requires access to files stored on an encrypted USB drive. The drive uses BitLocker To Go. What must the technician do to ensure the user can access the drive on this computer?

A.Enable BitLocker on the workstation's internal drive
B.Provide the user with the drive's password or recovery key
C.Format the USB drive to NTFS
D.Install the BitLocker Drive Encryption feature from Control Panel
AnswerB

The user must enter the password or recovery key to unlock the drive; this is the standard method for BitLocker To Go access.

Why this answer

BitLocker To Go encrypts removable drives with a password or recovery key. To access the drive on a new Windows 10 workstation, the technician must provide the user with the drive's password or recovery key, as the drive is already encrypted and requires authentication at mount time. No additional configuration is needed on the workstation beyond entering the correct credentials.

Exam trap

The trap here is that candidates may think additional software or feature installation is required, but BitLocker To Go is a built-in capability of Windows 10 Pro/Enterprise that only needs the correct authentication credential to unlock the drive.

How to eliminate wrong answers

Option A is wrong because enabling BitLocker on the workstation's internal drive is unrelated to accessing an already-encrypted BitLocker To Go USB drive; the internal drive encryption does not affect removable drive access. Option C is wrong because formatting the USB drive to NTFS would erase all data and remove the existing BitLocker encryption, which is counterproductive since the user needs to access existing encrypted files. Option D is wrong because the BitLocker Drive Encryption feature is already included in Windows 10 Pro and Enterprise editions; it does not need to be installed separately, and the technician only needs to provide the password or recovery key.

408
MCQhard

A system administrator needs to change the group ownership of a directory /srv/data and all its contents to 'datagroup'. Which command will accomplish this recursively?

A.chgrp -R datagroup /srv/data
B.chown datagroup: /srv/data
C.chmod -R g+rw /srv/data
D.groupmod -R datagroup /srv/data
AnswerA

chgrp with -R recursively changes the group ownership of the directory and all its contents.

Why this answer

This tests the chown command with the -R option for recursive changes. chown -R :datagroup /srv/data changes the group for the directory and all files/subdirectories.

409
MCQmedium

A technician is tasked with securing a shared office printer that stores sensitive documents on its hard drive. The printer is in an open area. Which physical security measure should be prioritized to protect the data on the printer?

A.Enable secure print release with a PIN
B.Encrypt the printer's hard drive
C.Place the printer in a locked room
D.Use a cable lock on the printer
AnswerC

Physical access control prevents unauthorized individuals from tampering with or stealing the printer's hard drive.

Why this answer

Printers with hard drives can retain copies of printed documents. Physically securing the printer in a locked room or cabinet prevents unauthorized persons from removing the drive or accessing the device directly.

410
MCQmedium

A user calls the help desk because their MacBook Pro running macOS Sonoma suddenly shows a folder with a flashing question mark when booting. They were not performing any system updates. Which macOS tool or feature should you use to attempt to repair the startup volume?

A.Boot to Recovery mode and run Disk Utility First Aid
B.Use the Terminal command 'sudo fsck -fy' at boot
C.Reinstall macOS from Internet Recovery
D.Enable Target Disk Mode on the Mac
AnswerA

This is the standard method to check and repair the startup disk's file system structure, which can resolve the missing boot volume issue.

Why this answer

The flashing question mark indicates the system cannot find a valid startup volume. Booting to macOS Recovery and using Disk Utility's First Aid is the correct procedure to repair disk errors. Reinstalling macOS is a later step if repair fails.

Target Disk Mode is for transferring files between Macs, not for repairing.

411
MCQmedium

A security incident response team needs to identify all files on a system that have the SUID bit set, as these may pose a security risk. Which command should they use?

A.find / -type f -perm 0777
B.find / -type f -perm 4000
C.find / -type f -perm -4000
D.find / -type f -perm /4000
AnswerC

This finds any file with the SUID bit set, regardless of other permission bits, which is the correct approach.

Why this answer

The correct answer is C because find / -perm -4000 searches for files with the SUID bit set (octal 4000). The -4000 notation matches any file that has the SUID bit, regardless of other permissions.

412
MCQhard

A user complains that their Windows 10 computer is running slowly and they see frequent pop-ups from an unknown program. After running a full antivirus scan, nothing is detected. Which Windows security feature should you use to investigate and remove potentially unwanted software?

A.Windows Defender Firewall
B.Windows Defender Offline Scan
C.System Restore
D.User Account Control (UAC)
AnswerB

This runs outside of Windows to catch deeply hidden malware that standard scans cannot detect.

Why this answer

Windows Defender Offline Scan boots from a trusted environment to detect and remove persistent malware that standard scans miss. It is ideal for rootkits or stubborn infections that hide from a live OS.

413
MCQmedium

A security incident is reported where a user accidentally deleted a critical script in /usr/local/bin. The script was owned by root and had permissions 755. Which command will restore the script from a backup located in /backup?

A.mv /backup/script.sh /usr/local/bin/
B.cp /backup/script.sh /usr/local/bin/
C.cp -p /backup/script.sh /usr/local/bin/
D.rsync -a /backup/script.sh /usr/local/bin/
AnswerC

The -p flag preserves the original file's permissions, timestamps, and ownership if run as root.

Why this answer

This tests the cp command with preservation of permissions and ownership. cp -p preserves the original file's attributes, which is important for a system script.

414
MCQhard

A Windows 11 workstation is infected with ransomware that encrypted user files. The IT security team wants to prevent future infections by restricting which processes can modify files in user profile folders. Which Windows security feature can enforce such restrictions without third-party software?

A.NTFS permissions set to 'Read-only' for all users.
B.AppLocker with a deny rule for unknown executables.
C.Controlled Folder Access
D.BitLocker with TPM protection
AnswerC

This feature specifically protects folders from unauthorized apps, including ransomware.

Why this answer

Controlled Folder Access (part of Windows Defender Exploit Guard) allows only trusted apps to access protected folders like Documents, Pictures, etc. It can be configured via Windows Security > Virus & threat protection > Ransomware protection. This effectively blocks ransomware from encrypting files.

415
MCQmedium

A security incident occurs when an unauthorized user gains access to a server because a technician left a default password unchanged after a system rebuild. The rebuild was documented, but the password change was not. What documentation failure does this highlight?

A.The change log did not include a rollback plan.
B.The change log did not list the specific configuration changes made.
C.The change request was not approved by the change advisory board.
D.The technician did not perform a post-implementation review.
AnswerB

The rebuild documentation should have included all configuration changes, such as password updates, to ensure security and accountability.

Why this answer

Option B is correct because the documentation failure is that the change log did not list the specific configuration changes made. In this scenario, the system rebuild was documented, but the critical detail of changing the default password was omitted. Proper change management requires that every configuration change, including password updates, be explicitly recorded in the change log to ensure accountability and traceability.

Without this record, the security incident occurred due to an undocumented deviation from security best practices.

Exam trap

CompTIA often tests the distinction between a change log's requirement to list specific changes versus broader change management processes like approval or review, leading candidates to confuse a documentation failure with a procedural one.

How to eliminate wrong answers

Option A is wrong because a rollback plan is not the primary issue here; the failure is the omission of the password change from the documentation, not the absence of a procedure to revert changes. Option C is wrong because the question does not indicate that the change request lacked approval from the change advisory board (CAB); the issue is the incomplete documentation of the change itself. Option D is wrong because a post-implementation review (PIR) would occur after the change is completed, but the core failure is that the password change was never recorded in the change log, which is a documentation failure that precedes any review.

416
MCQhard

A user reports that their Windows 10 PC is infected with malware that keeps reinstalling after removal. You need to boot into a minimal environment to run antivirus scans without malware interference. Which advanced startup option should you use?

A.Enable Boot Logging
B.Safe Mode
C.Last Known Good Configuration
D.Debugging Mode
AnswerB

Safe Mode loads only minimal drivers and services, preventing malware from starting, making it ideal for scanning.

Why this answer

Safe Mode loads only essential drivers and services, preventing most malware from running. This allows antivirus tools to clean infections more effectively. It is accessed via advanced startup options.

417
MCQhard

A company’s change management policy states that all changes must be reviewed by the CAB. An urgent security vulnerability is discovered that requires an immediate patch to a critical database server. The CAB is not available for 24 hours. What is the best course of action?

A.Wait for the CAB to meet and approve the change
B.Apply the patch immediately and document it as an emergency change
C.Apply the patch but do not document it to avoid policy violation
D.Disconnect the server from the network until the CAB meets
AnswerB

Emergency changes allow for immediate action with retrospective approval, balancing security and process.

Why this answer

Option B is correct because the change management policy includes an emergency change process for urgent security vulnerabilities. Applying the patch immediately and documenting it as an emergency change aligns with ITIL best practices and the company's policy, ensuring the vulnerability is mitigated without delay while maintaining compliance through post-implementation review.

Exam trap

CompTIA often tests the misconception that all changes must wait for CAB approval, ignoring the emergency change process explicitly defined in ITIL and many corporate policies.

How to eliminate wrong answers

Option A is wrong because waiting 24 hours for the CAB leaves the critical database server exposed to the security vulnerability, which could lead to data breach or system compromise. Option C is wrong because applying the patch without documentation violates the change management policy and creates an audit trail gap, potentially leading to compliance issues and inability to track changes. Option D is wrong because disconnecting the server from the network disrupts business operations and does not resolve the vulnerability; the patch must still be applied, and the server remains vulnerable when reconnected.

418
MCQhard

A security audit reveals that a user's Windows 10 workstation has remote desktop enabled, which violates company policy. You need to disable Remote Desktop and ensure it cannot be easily re-enabled by the user. Which Control Panel tool should you use?

A.System > Remote Desktop
B.Windows Defender Firewall
C.User Accounts > Manage another account
D.Administrative Tools > Services
AnswerA

The System applet includes a Remote Desktop tab where you can disable remote connections.

Why this answer

The correct answer is A because the Remote Desktop setting is managed through System Properties > Remote tab, which can be accessed via Control Panel > System > Remote Desktop. Disabling it here prevents the user from easily re-enabling it through the Settings app, as the Control Panel path requires administrative privileges to modify, whereas the Settings app may allow a standard user to toggle it. This directly addresses the audit finding by enforcing the policy at the system level.

Exam trap

The trap here is that candidates often choose Windows Defender Firewall, thinking blocking port 3389 is sufficient, but the exam tests the distinction between disabling the service versus blocking the network traffic, where the former is the proper policy enforcement method.

How to eliminate wrong answers

Option B is wrong because Windows Defender Firewall controls inbound/outbound network traffic rules, not the Remote Desktop service itself; disabling it would block RDP traffic but leave the service enabled, allowing a user to re-enable it via other methods. Option C is wrong because User Accounts > Manage another account is used to change account types, passwords, or parental controls, and has no direct setting to disable Remote Desktop. Option D is wrong because Administrative Tools > Services allows stopping or disabling the Remote Desktop Services (TermService) service, but a user with standard privileges can restart it or change its startup type, making it an ineffective long-term solution without additional Group Policy restrictions.

419
MCQhard

During a remote troubleshooting session, a technician uses a tool that allows them to view the user's screen and control the mouse and keyboard. The user reports that the session is extremely laggy, with noticeable delay between the technician's actions and the screen update. Which of the following is the most likely cause of this lag?

A.The remote desktop software is using an outdated encryption protocol.
B.The user's computer has insufficient RAM to handle remote desktop sessions.
C.The network connection between the technician and the user has high latency or low bandwidth.
D.The technician's computer is running a different operating system than the user's.
AnswerC

Remote desktop traffic is sensitive to latency. High latency causes noticeable delay between input and screen updates, while low bandwidth causes choppy video.

Why this answer

The lag described is a classic symptom of network latency or insufficient bandwidth, which directly impacts the responsiveness of remote desktop protocols like RDP or VNC. These protocols transmit screen updates and input events in real time; high latency delays the round-trip of packets, while low bandwidth can cause frame drops or compression artifacts, resulting in the noticeable delay between the technician's actions and the screen update.

Exam trap

CompTIA often tests the concept that remote desktop lag is primarily a network issue (latency/bandwidth), not a hardware or OS compatibility problem, and the trap here is that candidates may incorrectly attribute the lag to the user's local hardware (RAM) or encryption overhead instead of recognizing the network as the most likely culprit.

How to eliminate wrong answers

Option A is wrong because outdated encryption protocols (e.g., SSL 3.0 vs. TLS 1.2) affect security, not responsiveness; they may add negligible overhead but are not the primary cause of severe lag. Option B is wrong because insufficient RAM on the user's computer would typically cause local application crashes, swapping, or slow local performance, not a specific delay between remote input and screen updates; remote desktop protocols are more sensitive to CPU and network than to RAM.

Option D is wrong because different operating systems between technician and user are handled transparently by cross-platform remote desktop tools (e.g., RDP client on Windows connecting to Linux via xrdp); the OS mismatch does not inherently introduce lag.

420
MCQmedium

A user reports that their iPhone's battery drains quickly and the phone feels warm. After checking, you find that several apps are using Location Services in the background. What is the most efficient way to manage this without disabling location for all apps?

A.Turn off Location Services entirely in Privacy settings
B.Set each app's location permission to 'While Using the App'
C.Enable Low Power Mode
D.Reset all settings on the iPhone
AnswerB

This prevents apps from accessing location in the background, reducing battery drain while preserving front-end use.

Why this answer

iOS allows per-app location permissions, including setting to 'While Using the App' to prevent background usage. This reduces battery drain while maintaining functionality. Disabling all location services or resetting settings is too drastic.

421
MCQmedium

A technician needs to create a virtual machine that will host a legacy application requiring Windows XP. The host runs Windows 11. After creating the VM and installing Windows XP, the technician notices that the mouse cursor is lagging and the screen resolution is stuck at 800x600. What should the technician do to resolve this?

A.Increase the amount of RAM allocated to the VM.
B.Install the guest additions for the VM.
C.Update the host operating system to the latest version.
D.Change the VM's network adapter from NAT to bridged.
AnswerB

Guest additions install drivers that enable higher resolutions and smooth mouse integration.

Why this answer

Guest additions (or integration services) contain optimized drivers for the virtual hardware, including mouse and display drivers. Without them, the VM uses basic VGA drivers, limiting resolution and causing input lag. Updating the host OS or increasing RAM won't fix driver issues.

Changing the network adapter type is unrelated to display and input problems.

422
MCQeasy

A customer says that when they click a link in an email, it opens a website that looks exactly like their bank's login page, but the URL starts with 'http://' instead of 'https://'. What is the most likely security concern?

A.The website is using an expired SSL certificate.
B.The user's browser is infected with adware.
C.The email contains a phishing link.
D.The user's DNS server has been compromised.
AnswerC

The combination of a lookalike page and HTTP instead of HTTPS is classic phishing, designed to steal login credentials.

Why this answer

The absence of HTTPS and the lookalike page strongly indicate a phishing attempt. Phishing sites often mimic legitimate sites to steal credentials, and the lack of encryption is a red flag. Users should never enter credentials on non-HTTPS pages, especially from email links.

423
MCQhard

An organization uses Windows 10 and wants to prevent users from installing unauthorized software. They have configured Software Restriction Policies via Group Policy. However, a user bypassed the policy by renaming the executable. What additional measure should be taken to enforce the restriction?

A.Enable Windows Defender Real-time Protection
B.Use AppLocker with publisher rules
C.Set User Account Control to Always Notify
D.Enable BitLocker
AnswerB

AppLocker publisher rules validate software by digital signature, making renaming ineffective.

Why this answer

Software Restriction Policies can be bypassed by renaming executables. Using AppLocker with publisher rules (based on digital signatures) prevents this because it identifies software by its certificate, not file name.

424
MCQeasy

A small business owner wants to ensure that only authorized USB storage devices can be used on company laptops running Windows 10 Pro. They have a list of approved device hardware IDs. Which security policy should be configured to enforce this restriction?

A.Enable the 'Removable Storage Access' policy under Windows Components
B.Configure the 'Devices: Restrict CD-ROM access to locally logged-on user only' policy
C.Set the 'Deny all devices' policy under Device Installation Restrictions
D.Configure the 'Allow installation of devices that match any of these device IDs' policy under Device Installation Restrictions
AnswerD

This policy allows specifying approved hardware IDs, effectively blocking all other USB storage devices while permitting the authorized ones.

Why this answer

This question covers device installation restrictions via Group Policy or Local Security Policy. The 'Allow installation of devices that match any of these device IDs' policy can be configured with a list of approved hardware IDs, blocking all others. This is a common method for controlling USB device usage in enterprise environments.

425
MCQeasy

A small business owner wants to ensure that only authorized users can access their iMac. They need to set up separate accounts for three employees, each with a username and password, and restrict one employee from installing software. Which macOS feature should they use to create and manage these user accounts?

A.System Settings > Users & Groups.
B.Terminal with the 'dscl' command.
C.System Information > Software > Installations.
D.Keychain Access to create user passwords.
AnswerA

This is the correct graphical interface for managing user accounts. From here, you can create new users, set passwords, and change account types to restrict privileges.

Why this answer

System Settings (formerly System Preferences) contains the Users & Groups pane, which is the central location for creating, deleting, and managing user accounts on macOS. It allows setting account types (Administrator, Standard, Managed with Parental Controls) to control permissions and software installation. Terminal commands exist but are not the recommended primary tool for this task.

426
MCQeasy

A customer complains that their Windows 10 laptop frequently loses network connectivity. You suspect the IP address configuration is incorrect. Which command should you use to release the current IP address and request a new one from the DHCP server?

A.ping 8.8.8.8
B.ipconfig /release
C.nslookup google.com
D.netstat -a
AnswerB

Correct. ipconfig /release releases the current IP lease, and then ipconfig /renew obtains a new one from DHCP.

Why this answer

The ipconfig /release command releases the current DHCP lease, and ipconfig /renew requests a new IP address from the DHCP server. This is the standard method to refresh IP configuration. Other commands like ping test connectivity, nslookup queries DNS, and netstat shows network connections.

427
MCQmedium

A technician is configuring a new employee's laptop and needs to ensure that only approved applications can run. The company wants to prevent users from installing unauthorized software. Which security control should be implemented?

A.Enable Windows Defender real-time protection.
B.Set the user account as a Standard User.
C.Configure an application whitelist using AppLocker.
D.Disable the Windows Store.
AnswerC

AppLocker enforces a whitelist, allowing only specified applications to run, directly meeting the requirement.

Why this answer

Application whitelisting allows only pre-approved programs to execute, blocking all others by default. This is the most effective way to prevent unauthorized software installation. Software Restriction Policies or AppLocker in Windows can enforce this.

428
MCQhard

A technician is asked to install a new accounting application on a user's computer. The user mentions that a coworker told them the software is known to cause conflicts with antivirus programs. What should the technician do?

A.Ignore the user's comment because it is hearsay and proceed with the installation.
B.Research the software's compatibility with the antivirus and test in a sandbox if possible.
C.Disable the antivirus temporarily and install the software.
D.Tell the user that the coworker is mistaken and install the software anyway.
AnswerB

This shows thoroughness and professionalism by validating the concern before proceeding.

Why this answer

Option B is correct because the technician must validate the user's concern through proper research rather than dismissing it. Checking the software's documented compatibility with the specific antivirus program and testing in an isolated sandbox environment prevents potential system instability or security bypasses without risking the production system.

Exam trap

CompTIA often tests the candidate's ability to balance user input with professional verification, trapping those who either dismiss user concerns outright or take risky shortcuts like disabling security software.

How to eliminate wrong answers

Option A is wrong because ignoring the user's comment violates professional due diligence; hearsay can still indicate a real compatibility issue that could cause application crashes or antivirus false positives. Option C is wrong because disabling antivirus temporarily exposes the system to malware during installation and does not resolve the underlying conflict; the software might still malfunction or trigger alerts when antivirus is re-enabled. Option D is wrong because dismissing the coworker's claim without evidence is unprofessional and could lead to a failed installation or system compromise if the conflict is real.

429
MCQeasy

A user reports that their smartphone cannot connect to the office Wi-Fi, but other devices can. The network uses WPA2-Enterprise with PEAP-MSCHAPv2. The technician checks the phone's settings and sees that it is configured for WPA2-PSK. What is the most likely reason for the connection failure?

A.The phone's Wi-Fi antenna is damaged.
B.The phone is using the wrong security protocol.
C.The router's SSID is hidden.
D.The phone's MAC address is filtered.
AnswerB

WPA2-PSK uses a shared key, while WPA2-Enterprise uses 802.1X authentication.

Why this answer

WPA2-Enterprise requires a username and password or certificate for authentication, not a pre-shared key. The phone's WPA2-PSK setting is incompatible with the network's authentication method.

430
MCQmedium

During a security audit, you discover that a user's workstation has an unauthorized application running. You need to terminate the process immediately from the command line. The process name is 'malware.exe'. Which command should you use?

A.tasklist /FI "IMAGENAME eq malware.exe"
B.taskkill /IM malware.exe /F
C.net stop malware
D.shutdown /r /t 0
AnswerB

Forcefully terminates the specified process.

Why this answer

The correct answer is `taskkill /IM malware.exe /F`. This forcefully terminates the process by image name. `tasklist` only lists processes, `net stop` stops services (not processes), and `shutdown` restarts the computer.

431
MCQeasy

A user reports that after a recent Windows update, their computer now boots to a blue screen with the error 'INACCESSIBLE_BOOT_DEVICE'. They need to get back to work quickly. Which Windows recovery tool should you use first to attempt a repair?

A.System Restore
B.Reset this PC
C.Startup Repair
D.Command Prompt (chkdsk /f)
AnswerC

Startup Repair is designed to fix boot problems like missing or corrupted system files, driver issues, and disk errors. It is the correct first-line tool for this scenario.

Why this answer

The 'INACCESSIBLE_BOOT_DEVICE' error often indicates a driver or disk configuration issue caused by an update. The Startup Repair tool in the Windows Recovery Environment (WinRE) can automatically diagnose and fix common boot problems like this. It is the safest and fastest initial step before trying more invasive methods.

432
MCQeasy

A small business owner wants to ensure that only authorized users can log into their Windows 10 workstations. They need a tool to create and manage user accounts and set password policies. Which administrative tool should you use?

A.Computer Management
B.Local Users and Groups
C.Group Policy Editor
D.Task Scheduler
AnswerB

Local Users and Groups directly allows you to create and manage user accounts and set password policies on a local machine.

Why this answer

Local Users and Groups (lusrmgr.msc) is the snap-in for managing user accounts, groups, and local security policies on a standalone Windows system. It allows creating, modifying, and deleting users and setting password requirements.

433
MCQmedium

A technician is configuring a shared kiosk computer in a library. The requirement is that users must not be able to download files or install software. Which browser security setting should be configured?

A.Disable JavaScript in the browser.
B.Enable the browser's private browsing mode.
C.Set the browser to block all downloads and prompt for a save location.
D.Clear the browser cache and cookies daily.
AnswerC

Blocking downloads prevents users from saving files, which is essential for a kiosk environment.

Why this answer

Configuring the browser to prompt for download location and then blocking downloads via Group Policy or registry is effective. The simplest approach is to disable downloads entirely in the browser settings or use a kiosk mode that restricts functionality.

434
MCQmedium

A user reports that their application crashes with an 'Access Denied' error when trying to write to a specific folder. You have verified the user has Full Control NTFS permissions. Which administrative tool should you use to check for any file encryption or compression that might be blocking the write?

A.Computer Management > Shared Folders to view open files.
B.Local Security Policy to check user rights assignments.
C.File Explorer > right-click folder > Properties > Advanced to view encryption and compression attributes.
D.Registry Editor to modify the folder's security descriptor.
AnswerC

Correct. The Advanced Attributes dialog shows whether the folder is encrypted or compressed, which can cause access issues.

Why this answer

The advanced security settings in the folder's Properties dialog (accessible from File Explorer) allow you to check encryption (EFS) and compression attributes. These attributes can override NTFS permissions. The other tools do not provide this information.

435
MCQhard

A user wants to configure their Windows 10 PC to automatically install driver updates from Windows Update. Which Settings page would you use to change the driver update behavior?

A.Update & Security > Windows Update > Advanced options
B.System > About
C.Devices > AutoPlay
D.Update & Security > Delivery Optimization
AnswerA

Advanced options contains a toggle for 'Receive updates for other Microsoft products' which includes driver updates.

Why this answer

Option A is correct because the setting to control how Windows 10 handles driver updates from Windows Update is located under Update & Security > Windows Update > Advanced options. Here, you can toggle the 'Update drivers automatically' option, which determines whether Windows Update will automatically download and install driver updates for your hardware.

Exam trap

The trap here is that candidates confuse the 'Delivery Optimization' page (which controls update distribution) with the actual driver update toggle, or mistakenly think driver settings are under 'Devices' or 'System' because those pages deal with hardware information.

How to eliminate wrong answers

Option B is wrong because System > About displays basic device specifications (e.g., processor, RAM, device name) and does not contain any settings for driver update behavior. Option C is wrong because Devices > AutoPlay configures default actions for media (e.g., USB drives, CDs) and has no relation to Windows Update or driver installation policies. Option D is wrong because Update & Security > Delivery Optimization manages peer-to-peer update sharing and bandwidth settings for Windows Update downloads, not the behavior of driver update installation.

436
MCQeasy

A customer is frustrated because every time they plug in a USB flash drive, Windows automatically opens the folder and plays any media files. They want to stop this behavior. Which Control Panel tool should you use to change the default action?

A.File Explorer Options
B.AutoPlay
C.Device Manager
D.Default Programs
AnswerB

AutoPlay settings let you configure what happens when you connect devices like USB drives, including disabling automatic playback.

Why this answer

AutoPlay is the Windows Control Panel tool specifically designed to manage the default behavior when removable media like USB flash drives are connected. By configuring AutoPlay, you can set the system to 'Take no action' instead of automatically opening the folder and playing media files. This directly addresses the customer's frustration by stopping the automatic playback and folder opening.

Exam trap

CompTIA often tests the distinction between AutoPlay (which controls automatic actions upon device insertion) and Default Programs (which controls file type associations), leading candidates to mistakenly choose Default Programs because they confuse 'default action for a device' with 'default program for a file extension'.

How to eliminate wrong answers

Option A is wrong because File Explorer Options (formerly Folder Options) manages folder views, search settings, and file associations for browsing, not the automatic actions triggered by connecting removable media. Option C is wrong because Device Manager is used to manage hardware drivers, update firmware, and troubleshoot device conflicts, not to configure software-level default actions for media insertion. Option D is wrong because Default Programs sets which application opens a specific file type (e.g., .mp3 with VLC), but it does not control the system's automatic response when a device is plugged in, which is the role of AutoPlay.

437
MCQeasy

A customer reports that their workstation is running slowly after a recent group policy update. The change log indicates the update added new security settings. What is the most appropriate documentation step for the technician to take after resolving the issue?

A.Note the resolution in the change log and close the ticket.
B.Delete the change log entry to avoid confusion.
C.Send an email to the user explaining the fix.
D.Create a new change request to revert the group policy.
AnswerA

Updating the change log with the resolution is a key part of documentation, ensuring the change history is complete.

Why this answer

Option A is correct because, after resolving the issue, the technician must document the resolution in the change log to maintain an accurate audit trail of changes and their outcomes. This aligns with change management best practices, ensuring that future technicians can see what was done to fix the problem and avoid repeating the same troubleshooting steps. Closing the ticket after documenting the resolution completes the incident management lifecycle.

Exam trap

The trap here is that candidates may confuse the informal step of notifying the user (Option C) with the formal documentation requirement, or they may think that reverting the policy (Option D) is necessary without first verifying that the issue is fully resolved and documented.

How to eliminate wrong answers

Option B is wrong because deleting the change log entry violates change management policy by destroying the audit trail, making it impossible to track what changes were made and why. Option C is wrong because while notifying the user is courteous, it is not the most appropriate documentation step; the primary documentation requirement is updating the formal change log, not sending an informal email. Option D is wrong because creating a new change request to revert the group policy is premature and unnecessary; the issue has already been resolved, and reverting the policy without analysis could reintroduce security vulnerabilities or break other configurations.

438
MCQmedium

During a corporate device deployment, a technician configures an iPhone for a new employee. The employee later reports that they cannot receive emails on the native Mail app, but can access the webmail interface in Safari. What is the most likely misconfiguration?

A.The email account password was entered incorrectly.
B.The outgoing mail server (SMTP) settings are wrong.
C.The incoming mail server settings are incorrect.
D.The device's date and time are set incorrectly.
AnswerC

Incorrect incoming server settings (e.g., wrong hostname or port) will prevent the app from downloading emails, while webmail uses different settings.

Why this answer

The user can access webmail via Safari but cannot receive emails in the native Mail app. This indicates the email account credentials are valid and the network connection is working, but the incoming mail server (POP3/IMAP) settings are misconfigured. Incorrect incoming server hostname, port, or SSL/TLS settings would prevent the Mail app from downloading new messages while leaving webmail unaffected.

Exam trap

The trap here is that candidates confuse incoming and outgoing mail server roles, assuming any email problem must be SMTP-related, when the symptom of being able to send but not receive points directly to the incoming server settings.

How to eliminate wrong answers

Option A is wrong because if the password were incorrect, the user would also be unable to log in to webmail, which they can access successfully. Option B is wrong because incorrect SMTP settings would prevent sending emails, not receiving them; the issue is specifically about not receiving emails. Option D is wrong because incorrect date and time would typically cause SSL/TLS certificate validation failures affecting both sending and receiving, and would also impact webmail access over HTTPS, which is working.

439
MCQmedium

A technician is configuring a new server rack in a shared office space. Which physical security measure should be applied to prevent unauthorized physical access to the servers?

A.Install a door alarm on the office entrance
B.Use rack-mount locks on each server chassis
C.Enable BitLocker on all server drives
D.Configure a strong BIOS password
AnswerB

Rack-mount locks physically prevent the server from being slid out or tampered with, directly securing the hardware.

Why this answer

Rack-mount locks secure the server chassis within the rack, preventing unauthorized removal or tampering with individual servers. This is a standard physical control for multi-tenant or shared spaces where racks are accessible.

440
MCQmedium

A user reports that they cannot access a shared folder on the network, but other users can. The folder is on a Windows 10 Pro workstation. What should you check first to resolve this issue?

A.Check the Windows Defender Firewall settings
B.Check the NTFS permissions on the folder
C.Check the user’s password expiration status
D.Check the User Account Control settings
AnswerB

NTFS permissions can explicitly deny a user, causing access issues for that individual.

Why this answer

NTFS permissions control access at the file system level, while share permissions control network access. A user-specific deny entry on the NTFS permissions can block an individual user while allowing others.

441
MCQhard

After a security incident, a Windows 10 workstation is suspected of having malware that prevents the Task Manager and Command Prompt from opening. You need to run a system scan. Which tool can you use from the Windows Recovery Environment (WinRE) to perform an offline antivirus scan?

A.System File Checker (sfc /scannow /offbootdir=C:\ /offwindir=C:\Windows)
B.Windows Memory Diagnostic
C.Microsoft Defender Offline Scan
D.Diskpart
AnswerC

This offline scan can be initiated from WinRE and uses up-to-date virus definitions to detect and remove malware without loading the infected Windows installation.

Why this answer

Windows Defender Offline (now part of Microsoft Defender Antivirus) can be run from the Windows Recovery Environment to scan for malware without booting the infected OS. This bypasses malware that blocks security tools in the normal Windows environment. It is the appropriate tool for this scenario.

442
MCQmedium

A help desk ticket states that a user cannot write to a shared directory /data/projects. The directory permissions are drwxr-xr-x and the user is in the 'staff' group. The directory's group owner is 'staff'. What is the most likely cause?

A.The user does not have read permission on the directory.
B.The directory lacks group write permission.
C.The user is not the owner of the directory.
D.The sticky bit is set on the directory.
AnswerB

The group has r-x, meaning no write permission; adding group write (chmod g+w) would resolve the issue.

Why this answer

The directory has group read and execute permissions (r-x) but no write permission for the group. Since the user is in the 'staff' group, they need group write permission to create or modify files.

443
MCQeasy

A customer reports that their computer is emitting a loud, continuous beep and the monitor shows no display. The technician suspects a hardware issue. What is the most important safety step to take before opening the case?

A.Put on anti-static wrist strap and grounding mat.
B.Unplug the power cord from the wall outlet.
C.Press the power button to discharge residual power.
D.Wear safety goggles to protect eyes from debris.
AnswerB

This is the correct first step to prevent electric shock. It ensures no power is flowing to the components.

Why this answer

The most important safety step before opening a computer case is to unplug the power cord from the wall outlet. This ensures complete disconnection from the AC mains, eliminating the risk of electric shock from exposed internal components, such as the power supply unit (PSU) capacitors, which can hold a dangerous charge even when the system is off. While other steps like wearing an anti-static wrist strap are good practices, they do not address the primary hazard of lethal voltage.

Exam trap

The trap here is that candidates often confuse ESD prevention (anti-static wrist strap) with electrical safety, or they think pressing the power button is a substitute for unplugging the power cord, when in fact the power button discharge step is only safe after the cord is removed.

How to eliminate wrong answers

Option A is wrong because, while an anti-static wrist strap and grounding mat protect against electrostatic discharge (ESD) damage to sensitive components, they do not prevent electric shock from the power supply; the technician could still be electrocuted if the system is plugged in. Option C is wrong because pressing the power button to discharge residual power is a step performed after unplugging the power cord to drain the capacitors, but it is not a safety step that removes the primary AC power hazard; attempting this while the cord is still plugged in can cause arcing or shock. Option D is wrong because safety goggles protect against physical debris like dust or loose screws, but they do not address the immediate electrical safety risk of opening a live system.

444
MCQmedium

A technician is configuring a new Mac mini for a kiosk application. The kiosk should run only a single web browser in full-screen mode, and users should not be able to exit the app or access the desktop. Which macOS feature should be used to enforce this?

A.Enable Guided Access in Accessibility settings
B.Configure a user account with Parental Controls set to allow only the browser app
C.Use the 'Single App Mode' setting in System Settings
D.Set the browser as a Login Item for a standard user
AnswerB

Parental Controls (Screen Time) can limit the user to a single app, and combined with auto-login and the app set as a login item, this approximates kiosk mode.

Why this answer

Guided Access is an iOS feature, not available on macOS. Single App Mode is a configuration available through Mobile Device Management (MDM) profiles, not a built-in GUI feature. The built-in macOS feature that can achieve this is to create a user account with Parental Controls (Screen Time) set to allow only a specific app, combined with auto-login and the app set to launch at login.

However, the most direct built-in tool is to use the 'Login Items' and 'App Limits' in Screen Time, but for true kiosk mode, a third-party tool or MDM is often needed. Among the options, the best built-in approach is to use Parental Controls to restrict apps.

445
MCQeasy

A technician is configuring a remote desktop solution for a user who needs to access a Windows 10 Pro workstation from a Linux laptop. Which protocol should the technician ensure is enabled on the Windows machine?

A.VNC
B.RDP
C.SSH
D.Telnet
AnswerB

RDP is built into Windows and can be accessed from Linux using compatible clients.

Why this answer

RDP (Remote Desktop Protocol) is the native protocol used by Windows for remote desktop connections. Windows 10 Pro includes an RDP server that listens on TCP port 3389, allowing clients such as the Microsoft Remote Desktop client on Linux to connect and provide a full graphical desktop experience. The technician must ensure the 'Allow remote connections to this computer' setting is enabled and that the Windows Firewall permits inbound RDP traffic.

Exam trap

CompTIA often tests the distinction between native Windows remote desktop (RDP) and cross-platform or command-line protocols, leading candidates to confuse VNC (which is also graphical but not native to Windows) or SSH (which is secure but not graphical) with the correct answer.

How to eliminate wrong answers

Option A is wrong because VNC (Virtual Network Computing) is a cross-platform remote desktop protocol but is not native to Windows; it requires third-party software on both ends and typically uses RFB (Remote Framebuffer) protocol on port 5900, not the built-in Windows solution. Option C is wrong because SSH (Secure Shell) provides encrypted command-line access and file transfer (using port 22) but does not natively support a full graphical desktop environment on Windows without additional components like X11 forwarding or third-party tools. Option D is wrong because Telnet is an unencrypted, text-only protocol (port 23) that offers no graphical interface and is deprecated due to security vulnerabilities; it is not suitable for remote desktop access.

446
MCQmedium

A user reports that their MacBook Air running macOS Monterey is running slowly and they suspect a startup item is consuming resources. They want to see which applications launch automatically at login and disable unnecessary ones. Which macOS tool should they use?

A.Activity Monitor and sort by CPU usage.
B.System Settings > General > Login Items.
C.Terminal with the 'launchctl list' command.
D.Force Quit Applications window.
AnswerB

This is the correct location to view and manage login items. The user can remove unnecessary applications to speed up the login process and reduce background resource usage.

Why this answer

System Settings > General > Login Items (or System Preferences > Users & Groups > Login Items on older macOS) lists all applications and services that start automatically when the user logs in. From there, the user can select an item and click the minus button to disable it. Activity Monitor shows running processes but does not manage startup items.

447
MCQmedium

During a security audit, you find that several employees have been using the same weak password for their domain accounts. Which remediation should you implement first?

A.Disable the user accounts and require a manager to re-enable them
B.Configure a password policy in Group Policy requiring complexity and minimum length
C.Send a company-wide email reminding users to choose strong passwords
D.Install a third-party password manager for all employees
AnswerB

A Group Policy password policy enforces strong passwords domain-wide, preventing future weak passwords.

Why this answer

Option B is correct because the most effective first step to prevent weak passwords is to enforce a strong password policy via Group Policy. This centrally mandates complexity requirements (e.g., uppercase, lowercase, digits, special characters) and a minimum length (typically 8–14 characters), which directly blocks the use of simple, common passwords at the domain level. Unlike awareness campaigns or reactive measures, this technical control proactively enforces security standards across all domain accounts.

Exam trap

CompTIA often tests the distinction between administrative controls (like emails or account disabling) and technical controls (like Group Policy), where candidates mistakenly choose a non-technical, awareness-based option (C) over a policy-enforced technical solution (B).

How to eliminate wrong answers

Option A is wrong because disabling accounts and requiring manager re-enablement is a reactive, disruptive measure that does not address the root cause—employees will likely continue using weak passwords once re-enabled. Option C is wrong because a company-wide email is a non-technical, awareness-only approach that relies on voluntary compliance and does not prevent users from choosing weak passwords; it lacks enforcement. Option D is wrong because installing a third-party password manager, while helpful for password storage and generation, does not enforce a minimum password complexity or length policy on the domain accounts themselves and is a secondary measure, not the first remediation step.

448
MCQhard

A security analyst discovers that a user's workstation has been compromised by a rootkit that hides its processes from Task Manager. The rootkit is not detected by the installed antivirus. Which step is most effective for remediation?

A.Run a full antivirus scan in Safe Mode.
B.Use System Restore to revert to a previous state.
C.Boot from a rescue disk and perform an offline antivirus scan.
D.Reinstall the operating system from the recovery partition.
AnswerC

An offline scan from a rescue disk runs outside the infected OS, preventing the rootkit from hiding and allowing detection.

Why this answer

Option C is correct because a rootkit that hides its processes from Task Manager and evades the installed antivirus operates at a deep level within the operating system, often in kernel mode. Booting from a rescue disk (e.g., a live CD/USB with an offline scanner) loads a clean operating system environment, preventing the rootkit from loading and allowing the antivirus to scan the infected system's files without interference. This offline approach is the most effective remediation step when the rootkit is actively hiding from the installed AV in the normal OS context.

Exam trap

The trap here is that candidates often assume Safe Mode or System Restore can bypass rootkit persistence, but Cisco tests the understanding that rootkits operate below the OS layer and require a clean, offline environment to be reliably detected and removed.

How to eliminate wrong answers

Option A is wrong because running a full antivirus scan in Safe Mode may still allow some rootkits to load if they hook into kernel drivers that are loaded even in Safe Mode, and the rootkit's evasion techniques can persist, leading to a missed detection. Option B is wrong because System Restore does not remove rootkits; it only reverts system files and registry settings to a previous state, while the rootkit's files and persistence mechanisms (e.g., in boot sectors or kernel drivers) often remain intact and can re-infect the system. Option D is wrong because reinstalling from the recovery partition may not fully remove a rootkit if it has infected the Master Boot Record (MBR) or firmware, as the recovery partition itself could be compromised or the rootkit may persist across a standard reinstall that does not wipe all partitions.

449
MCQmedium

A user needs to connect to a work VPN but cannot find the VPN settings in the network tray. You need to guide them to the correct location to add a VPN connection. Where in Windows Settings would you direct them?

A.Network & Internet > Status
B.Network & Internet > Ethernet
C.Network & Internet > VPN
D.Network & Internet > Proxy
AnswerC

The VPN page allows adding and managing VPN connections.

Why this answer

Option C is correct because the VPN settings in Windows are located under Network & Internet > VPN. This is the dedicated section where users can add, configure, and manage VPN connections, including setting up a new VPN profile with the server address, authentication method, and protocol (e.g., IKEv2, SSTP, or L2TP/IPsec). The network tray only shows existing connections; to add a new VPN, you must navigate to this specific settings page.

Exam trap

The trap here is that candidates may confuse the network tray's quick-access VPN list with the actual settings location, or assume VPN configuration is under Status or Ethernet due to its association with network connectivity, but Windows isolates VPN setup under a dedicated VPN page.

How to eliminate wrong answers

Option A is wrong because Network & Internet > Status displays the current network status, data usage, and network properties, but does not provide options to add or configure VPN connections. Option B is wrong because Network & Internet > Ethernet is used for managing wired Ethernet adapter settings, such as IP configuration and DNS, and has no VPN-related functionality. Option D is wrong because Network & Internet > Proxy is for configuring proxy server settings (e.g., automatic or manual proxy setup), which is unrelated to VPN connection management.

450
MCQmedium

A technician is setting up a new workstation in a cubicle. The user complains of eye strain and glare from the overhead lights. Which environmental adjustment should the technician recommend first?

A.Replace the overhead fluorescent tubes with LED bulbs.
B.Apply a matte screen filter to the monitor.
C.Rotate the monitor 90 degrees so the light hits the side of the screen.
D.Increase the monitor's brightness to overpower the glare.
AnswerC

Positioning the monitor perpendicular to light sources minimizes glare. This is a quick, zero-cost ergonomic adjustment.

Why this answer

Glare from overhead lighting is a common cause of eye strain. The simplest and most effective fix is to reposition the monitor so that the light source is perpendicular to the screen, reducing direct glare.

Page 5

Page 6 of 10

Page 7

All pages