CompTIA A+ Core 2 220-1202 (220-1202) — Questions 451525

750 questions total · 10pages · All types, answers revealed

Page 6

Page 7 of 10

Page 8
451
MCQmedium

During a security audit, you discover that a supply closet containing spare hard drives has a door that can be opened with a standard paperclip. What is the most appropriate recommendation to address this vulnerability?

A.Replace the door with a solid-core door and install a deadbolt.
B.Install a privacy filter on the closet door window.
C.Upgrade the lock to a tamper-resistant electronic lock.
D.Place a sign on the door warning of security cameras.
AnswerC

An electronic lock with a secure mechanism prevents bypass with simple tools like a paperclip.

Why this answer

A privacy filter prevents shoulder surfing by limiting the viewing angle of a monitor, protecting sensitive data from being seen by unauthorized individuals. This scenario tests knowledge of visual data protection controls.

452
MCQmedium

After a security incident, a forensic analyst needs to ensure that Windows 10 audit logs capture all successful and failed attempts to access the 'Confidential' folder on a file server. Which audit policy configuration is required?

A.Enable 'Audit account logon events' for success and failure
B.Enable 'Audit object access' and configure the SACL on the folder
C.Enable 'Audit privilege use' for success and failure
D.Enable 'Audit process tracking' for success and failure
AnswerB

Audit object access must be enabled, and a System Access Control List (SACL) must be configured on the folder to specify which access attempts (success/failure) to log.

Why this answer

This question tests understanding of advanced audit policies. To log file access, you need to enable 'Audit File Share' or 'Audit Detailed File Share' under Advanced Audit Policy. The 'Object Access' subcategory must be configured to log both success and failure events for file share access.

453
MCQmedium

A user reports that their Windows 10 PC displays a 'Low Disk Space' warning on the C: drive. You want to use a built-in tool to delete temporary files and empty the Recycle Bin. Which Settings page should you open?

A.System > Storage
B.System > About
C.Apps > Apps & features
D.Update & Security > Windows Update
AnswerA

The Storage page shows disk usage and offers options to run Storage Sense or manually delete temporary files.

Why this answer

The 'Low Disk Space' warning on the C: drive can be resolved by using the built-in Storage Sense or the manual 'Free up space now' feature, both accessible under System > Storage. This page provides tools to delete temporary files, empty the Recycle Bin, and remove other unnecessary data to reclaim disk space without third-party software.

Exam trap

The trap here is that candidates may confuse the 'System > About' page (which shows system info) with the 'System > Storage' page (which manages disk space), or think that 'Apps & features' can delete temporary files, when it only uninstalls applications.

How to eliminate wrong answers

Option B (System > About) is wrong because it displays system information such as device specifications, Windows edition, and OS build, but does not include any tools for disk cleanup or file management. Option C (Apps > Apps & features) is wrong because it allows users to uninstall or manage installed applications, but does not provide direct access to delete temporary files or empty the Recycle Bin. Option D (Update & Security > Windows Update) is wrong because it manages Windows updates and recovery options, not temporary file cleanup or Recycle Bin management.

454
MCQhard

A user reports that they cannot access a shared folder on a file server. You suspect the network path is incorrect or the share is unavailable. Which command can you use to test connectivity to the server and the share simultaneously?

A.ping \\ServerName
B.net view \\ServerName
C.net use Z: \\ServerName\Share
D.tracert \\ServerName
AnswerB

This command lists all shared resources on the server, confirming both connectivity and share availability.

Why this answer

The net view command lists available shared resources on a specified server, allowing you to verify both network connectivity and share availability. It is a quick diagnostic tool for shared folder issues. Other commands either test basic connectivity or map drives but do not list shares.

455
MCQeasy

A customer reports that after a recent software update, their accounting application crashes every time they try to generate a report. The technician checks the change log and finds no record of any update being approved for that application. What should the technician do first?

A.Restore the application from the last known good backup.
B.Document the unauthorized change and escalate it to the change advisory board.
C.Uninstall the update and reinstall the previous version of the application.
D.Contact the software vendor to request a patch for the crash.
AnswerB

Proper change management requires documenting unauthorized changes and escalating them for review before any corrective action is taken.

Why this answer

The technician found an unauthorized change (the update) with no approval record. The first step in change management is to document and escalate the unauthorized change to the Change Advisory Board (CAB) to assess impact, determine root cause, and authorize remediation. Restoring or reinstalling without CAB approval could violate change control policies and introduce additional risks.

Exam trap

CompTIA often tests the distinction between technical troubleshooting and process compliance, trapping candidates who jump to a technical fix (restore, uninstall, or patch) instead of following the documented change management procedure.

How to eliminate wrong answers

Option A is wrong because restoring from backup without first documenting and escalating the unauthorized change bypasses the change management process and could reintroduce the same issue if the backup also contains the unauthorized update. Option C is wrong because uninstalling the update and reinstalling the previous version is a technical action that should only be performed after the CAB has reviewed and approved the remediation plan, as it may affect other dependencies or compliance. Option D is wrong because contacting the vendor for a patch assumes the crash is a known software defect, but the root cause is an unauthorized change that must be addressed through change management first, not a vendor-supported fix.

456
MCQmedium

A user complains that when they run the command 'find /var/log -name "*.log" -type f', they get a 'Permission denied' error for several directories. They need to see all log files regardless. What is the most appropriate command to use instead?

A.find /var/log -name '*.log' -type f 2>/dev/null
B.sudo find /var/log -name '*.log' -type f
C.find /var/log -name '*.log' -type f -exec ls -l {} \;
D.chmod -R 755 /var/log && find /var/log -name '*.log' -type f
AnswerB

Running find with sudo gives root privileges, allowing access to all directories and files.

Why this answer

Using sudo with the find command elevates privileges to root, bypassing permission restrictions and allowing the user to search all directories.

457
MCQeasy

A help desk agent receives a call from a user who receives a 'file not found' error when running a PowerShell script that was working yesterday. The user says they didn't change anything. The script is stored on a network share. Which scripting concept is most likely causing the issue?

A.Execution policy
B.File permissions
C.Script syntax error
D.Network connectivity
AnswerA

Correct. Execution policy settings can block scripts from running, and a change in policy would cause a 'file not found' error if the script is not digitally signed or the policy was set to Restricted.

Why this answer

The most likely cause is the PowerShell execution policy, which controls whether scripts can run on a system. Even though the script worked yesterday, a Group Policy update, a system reboot, or a security change could have reset or tightened the execution policy to 'Restricted' or 'AllSigned' without the user's knowledge. Since the script is on a network share, the execution policy may also block scripts from remote locations (e.g., 'RemoteSigned' requires a trusted publisher for downloaded scripts), causing the 'file not found' error when PowerShell cannot execute the script due to policy restrictions.

Exam trap

CompTIA often tests the misconception that a 'file not found' error always means the file is missing or permissions are wrong, but in PowerShell, the execution policy can cause this error when the script exists but is blocked from running, especially from a network share.

How to eliminate wrong answers

Option B (File permissions) is wrong because a permissions issue would typically produce an 'access denied' error, not a 'file not found' error, and the user states the script was working yesterday without changes. Option C (Script syntax error) is wrong because a syntax error would generate a specific parsing or runtime error message, not a 'file not found' error, and the script was working previously. Option D (Network connectivity) is wrong because a connectivity issue would result in a 'network path not found' or 'drive not available' error, not a 'file not found' error, and the user can likely still access the share (the file exists but PowerShell refuses to run it).

458
MCQmedium

A company is upgrading its network switches and has 10 old switches that still work. The local school district has requested donations of working equipment. What should the technician do?

A.Throw the switches in the company dumpster.
B.Donate the switches to the school district.
C.Send the switches to a recycler even though they work.
D.Keep the switches in storage indefinitely.
AnswerB

Donation is the best option because it reuses functional equipment and benefits the community.

Why this answer

Donating the switches to the school district aligns with the principle of reuse, which is the most environmentally responsible option before recycling or disposal. The switches are still functional, so extending their lifecycle reduces e-waste and benefits the community. This practice supports the waste hierarchy: reduce, reuse, recycle.

Exam trap

CompTIA often tests the distinction between recycling and reuse, where candidates mistakenly choose recycling as the 'green' option, but the exam emphasizes that reuse is always preferable for still-functional equipment.

How to eliminate wrong answers

Option A is wrong because throwing functional switches in a dumpster violates environmental regulations and contributes to e-waste, which can leach hazardous materials like lead and mercury into the soil. Option C is wrong because sending working switches directly to a recycler bypasses the preferred option of reuse, which is more environmentally sustainable and energy-efficient than recycling. Option D is wrong because keeping the switches in storage indefinitely wastes potential utility and space, and does not align with responsible asset disposition or environmental stewardship.

459
MCQmedium

During a security audit, a technician discovers that an employee used a hammer to destroy several old hard drives. The drives are now in pieces, but the organization's policy mandates 'secure data destruction' for compliance. Which additional step should the technician take?

A.Document the destruction and consider it complete.
B.Use a degausser on the remaining pieces.
C.Visually inspect the platters for scratches and breaks, then shred any intact platters.
D.Run a data recovery tool on the pieces to see if data remains.
AnswerC

Visual inspection ensures platters are damaged; shredding any intact ones guarantees data destruction and meets compliance.

Why this answer

The correct answer is to verify the destruction by inspecting the platters for visible damage and ensuring they are not intact. Hammering may leave platters partially readable. This question tests the concept of verification in data destruction, as physical methods must be confirmed effective.

460
MCQmedium

A company's security policy mandates that all USB flash drives must be encrypted before use. A user inserts a new USB drive and wants to encrypt it on a Windows 10 Pro workstation. Which built-in tool should be used?

A.Use EFS (Encrypting File System) on the USB drive.
B.Enable BitLocker To Go on the USB drive.
C.Format the drive as exFAT and set a password.
D.Use the cipher command to encrypt the drive.
AnswerB

BitLocker To Go is specifically for encrypting removable drives and is built into Windows Pro/Enterprise.

Why this answer

BitLocker To Go is the built-in Windows 10 Pro feature specifically designed to encrypt removable drives such as USB flash drives. It uses AES encryption to protect the entire volume, and the drive can be accessed only with a password, smart card, or recovery key. This directly satisfies the company's mandate for encrypting USB drives before use.

Exam trap

CompTIA often tests the distinction between EFS (file-level encryption) and BitLocker (full-volume encryption), and the trap here is that candidates mistakenly choose EFS because they associate 'encryption' with file-level protection, not realizing that EFS cannot encrypt an entire removable drive and is not designed for USB flash drives.

How to eliminate wrong answers

Option A is wrong because EFS (Encrypting File System) encrypts individual files and folders on NTFS volumes, but it does not encrypt entire removable drives and is not supported on USB flash drives formatted with FAT32 or exFAT. Option C is wrong because formatting as exFAT and setting a password is not a built-in Windows encryption feature; exFAT does not natively support password-based encryption, and any such password would be implemented by third-party software, not Windows. Option D is wrong because the cipher command is used to manage EFS encryption on NTFS volumes and to overwrite deleted data; it cannot encrypt an entire USB drive or enable BitLocker To Go.

461
MCQeasy

A user reports that their Windows 10 laptop shows a 'Your license will expire soon' watermark on the desktop. They recently replaced the motherboard. Which Control Panel applet should you use to re-activate Windows?

A.Device Manager
B.System
C.User Accounts
D.Network and Sharing Center
AnswerB

The System applet displays Windows edition, activation status, and a link to change the product key or activate.

Why this answer

The System applet (also known as 'System Properties' or 'About' in Settings) is the correct Control Panel location to view and manage Windows activation status. After replacing the motherboard, Windows 10 detects a significant hardware change and may require re-activation. The System applet provides a 'Change product key' or 'Activate Windows' link to enter a new or existing license key, or to use the activation troubleshooter to re-activate with a digital license tied to a Microsoft account.

Exam trap

CompTIA often tests the misconception that Device Manager is used for activation because it deals with hardware changes, but Device Manager only manages drivers, not licensing.

How to eliminate wrong answers

Option A (Device Manager) is wrong because it is used to manage hardware drivers and devices, not to handle Windows licensing or activation. Option C (User Accounts) is wrong because it manages user profiles, passwords, and credentials, not the operating system's license activation. Option D (Network and Sharing Center) is wrong because it configures network adapters, sharing settings, and internet connections, none of which are involved in the Windows activation process.

462
MCQhard

A company's security policy requires that user accounts be disabled after 90 days of inactivity. An administrator needs to implement this automatically. Which feature should they configure?

A.Password expiration policy
B.Account lockout threshold
C.User account expiration
D.Group Policy refresh interval
AnswerC

User account expiration can be set to disable accounts after a specific date or period of inactivity, meeting the requirement.

Why this answer

Account expiration policies can be set to automatically disable accounts after a specified period of inactivity. This enforces the security policy without manual intervention.

463
MCQeasy

A small business owner asks you to configure their office computers so that employees cannot install unauthorized browser extensions. Which policy setting should you implement?

A.Disable the browser's developer mode in the settings.
B.Set the browser to always use private browsing mode.
C.Use Group Policy to block extension installation and whitelist approved extensions.
D.Install a pop-up blocker on each computer.
AnswerC

Group Policy allows administrators to centrally control browser settings, including blocking extensions and allowing only approved ones.

Why this answer

Group Policy is the correct tool in Windows environments to enforce restrictions on browser extensions across multiple computers. This prevents users from adding potentially malicious or unapproved extensions, enhancing security.

464
MCQeasy

A user is unable to install a new app on their Android tablet because the device claims there is 'insufficient storage,' even though they have deleted several large files. What is the most likely reason for this error?

A.The device's SD card is corrupted.
B.The app is incompatible with the Android version.
C.The deleted files are still in the recycle bin or trash folder, taking up space.
D.The tablet's battery is too low to complete the installation.
AnswerC

Android devices often move deleted files to a recycle bin; these must be emptied to free up space.

Why this answer

On Android devices, deleted files are moved to a recycle bin or trash folder (e.g., in the Files by Google app or the Gallery app's trash), not permanently erased. The system still counts these files as occupied storage until the trash is emptied, so even after deleting large files, the available space remains unchanged, causing the 'insufficient storage' error during app installation.

Exam trap

CompTIA often tests the misconception that deleting files immediately frees up space, ignoring the recycle bin/trash mechanism that is standard on modern Android devices.

How to eliminate wrong answers

Option A is wrong because a corrupted SD card would typically cause read/write errors or the card to be unmountable, not a specific 'insufficient storage' message; the error is about space, not card integrity. Option B is wrong because app incompatibility with the Android version usually triggers a 'not compatible' or 'app not installed' error, not a storage-related message. Option D is wrong because low battery prevents installation due to power-saving policies, but the error message would be about battery level, not storage space.

465
MCQmedium

A technician is tasked with disposing of a large batch of optical discs (CD-Rs and DVD-Rs) that contain archived customer records. The company policy requires data to be unrecoverable. Which disposal method is most appropriate?

A.Use a degausser to demagnetize the discs.
B.Overwrite the discs with a disk-wiping tool.
C.Shred the discs using an industrial cross-cut shredder.
D.Perform a quick format on the discs.
AnswerC

Shredding physically breaks the discs into small pieces, making data recovery impossible.

Why this answer

Optical discs cannot be overwritten (write-once media). Physical destruction, such as shredding or breaking, is the only reliable way to ensure data is unrecoverable. Degaussing has no effect on optical media.

466
MCQhard

A security audit reveals that a company's remote access solution uses a VPN with pre-shared keys (PSK) for authentication. The auditor recommends upgrading to certificate-based authentication. Which of the following is the primary security advantage of certificate-based authentication over PSK?

A.Certificates are easier to configure and manage than PSK.
B.Certificates provide mutual authentication and are unique per device, reducing the risk of a single compromised key affecting all users.
C.Certificates eliminate the need for a VPN server.
D.Certificates are faster than PSK for establishing VPN connections.
AnswerB

Each certificate is unique and can be revoked individually. If a device is lost, only that certificate needs to be revoked, unlike PSK where the shared key must be changed for everyone.

Why this answer

Certificate-based authentication provides mutual authentication, meaning both the VPN client and server verify each other's identity using digital certificates issued by a trusted Certificate Authority (CA). Unlike PSK, which is a shared secret that can be leaked and reused across all devices, each certificate is unique per device, so compromise of one certificate does not expose the entire VPN infrastructure. This significantly reduces the blast radius of a security breach and aligns with the principle of least privilege.

Exam trap

CompTIA often tests the misconception that certificates are 'easier' or 'faster' than PSK, when in reality the primary security advantage is mutual authentication and per-device uniqueness, not operational simplicity or performance.

How to eliminate wrong answers

Option A is wrong because certificates are generally more complex to configure and manage than PSK, requiring a PKI infrastructure, CA servers, and certificate lifecycle management, whereas PSK is a simple shared string. Option C is wrong because certificates do not eliminate the need for a VPN server; the VPN server is still required to terminate the tunnel and enforce policies, regardless of the authentication method. Option D is wrong because certificate-based authentication often introduces additional latency due to certificate validation, CRL checks, and OCSP lookups, making it typically slower than PSK for establishing VPN connections.

467
MCQmedium

A technician is replacing the thermal paste on a CPU. After cleaning the old paste, the technician accidentally touches the CPU contacts with bare fingers. What is the primary concern?

A.The CPU may be damaged by electrostatic discharge (ESD).
B.The CPU may overheat due to improper thermal paste application.
C.The CPU contacts may become contaminated with oils from the skin.
D.The CPU may be physically damaged by the pressure of the touch.
AnswerC

This is correct. Skin oils can cause poor contact and corrosion, leading to system instability or failure.

Why this answer

Touching the CPU contacts with bare fingers transfers natural oils and contaminants from the skin onto the gold-plated contact pads. These oils can cause corrosion over time or create an insulating layer that impedes proper electrical connectivity, leading to intermittent failures or permanent damage. The primary concern is contamination, not ESD, overheating, or physical pressure.

Exam trap

CompTIA often tests the distinction between immediate ESD damage and long-term contamination risks, trapping candidates who assume any physical contact with components must be an ESD concern rather than recognizing the specific hazard of skin oils on electrical contacts.

How to eliminate wrong answers

Option A is wrong because while ESD is a general risk when handling components, the question specifies that the technician touched the contacts after cleaning, and the primary concern from skin contact is oil contamination, not ESD (which is mitigated by grounding). Option B is wrong because improper thermal paste application affects heat transfer from the IHS to the cooler, not the CPU contacts; touching contacts does not directly cause overheating. Option D is wrong because the pressure from a light touch is negligible and far below the force required to physically damage the CPU contacts or substrate.

468
MCQeasy

A receptionist at a company receives a call from someone claiming to be from the IT department. The caller says they need her password to perform an urgent server update. The receptionist provides the password. What type of social engineering attack is this?

A.Tailgating
B.Pretexting
C.Phishing
D.Baiting
AnswerB

Pretexting is when an attacker invents a plausible scenario to trick a victim into providing information or access. The caller's false identity as IT staff is a classic pretext.

Why this answer

This is a classic example of pretexting, where the attacker creates a fabricated scenario (pretext) to trick the victim into divulging sensitive information. The caller impersonated an IT staff member to establish trust and authority.

469
MCQeasy

A user reports that a scheduled backup script on their Windows 10 workstation runs every day but fails to complete. The script uses PowerShell to copy files to a network share. When the user runs the script manually from an elevated PowerShell prompt, it works. What is the most likely cause of the failure?

A.The script file extension is .ps1 instead of .bat.
B.The scheduled task is not set to run with highest privileges.
C.The network share is mapped as a drive letter, which is not available during system startup.
D.PowerShell execution policy is set to Restricted for the SYSTEM account.
AnswerB

If the script needs admin rights, the task must be configured to run with highest privileges; otherwise it fails.

Why this answer

Scheduled tasks often run with limited permissions, so if the script requires administrative rights, it will fail when triggered automatically. The correct answer highlights the need to configure the task to run with highest privileges.

470
MCQmedium

A small business has a shared Windows 10 workstation that multiple employees use. They want to ensure that each user's desktop settings, files, and application data are completely isolated and that users cannot access each other's data. Which feature should you configure to achieve this?

A.Enable the built-in Guest account for all users.
B.Create standard local user accounts and set NTFS permissions on each user's profile folder.
C.Join the computer to a domain and use roaming profiles.
D.Enable BitLocker on the system drive.
AnswerB

Standard users have restricted permissions, and NTFS permissions on profile folders prevent other users from accessing the data.

Why this answer

Standard local user accounts with NTFS permissions provide isolation by default; each user has their own profile folder with restricted permissions. The other options either don't enforce isolation (guest account) or are for different purposes (domain, BitLocker).

471
MCQhard

A security incident is reported: an employee's company-issued Android phone is displaying persistent pop-up ads, even when no browser is open. The employee admits to side-loading a game from an unknown website. What is the most likely cause and best immediate action?

A.The phone has a virus; perform a factory reset immediately.
B.The side-loaded app is adware; boot into safe mode and uninstall it.
C.The browser is infected; clear the browser cache and data.
D.The phone's firmware is compromised; reflash the stock ROM.
AnswerB

Safe mode disables third-party apps, allowing the user to remove the malicious app without interference.

Why this answer

The persistent pop-up ads, even without a browser open, indicate adware behavior typical of malicious apps. Since the employee side-loaded a game from an unknown website, the most likely cause is that the side-loaded app contains adware. Booting into safe mode (which disables third-party apps) and uninstalling the suspicious app is the best immediate action because it removes the adware without data loss, unlike a factory reset.

Exam trap

CompTIA often tests the distinction between adware and a general virus, and the trap here is that candidates may jump to a factory reset (Option A) without considering the less destructive safe-mode uninstall, or they may incorrectly attribute the pop-ups to the browser (Option C) when the behavior occurs system-wide.

How to eliminate wrong answers

Option A is wrong because a 'virus' is a broad term; the specific symptom of pop-up ads points to adware, not a general virus, and a factory reset is an overly drastic first step that wipes all data unnecessarily. Option C is wrong because the pop-ups occur even when no browser is open, indicating the issue is not browser-based; clearing browser cache and data would not affect a system-level adware app. Option D is wrong because firmware compromise is rare and typically requires persistent root-level access; side-loading a game does not typically flash firmware, and reflashing the stock ROM is a last-resort measure that would wipe the device and is not the best immediate action.

472
MCQhard

A user's Android phone is running extremely slowly after installing a new launcher app. They want to revert to the default launcher without losing data. What is the correct procedure?

A.Uninstall the new launcher app via the Play Store.
B.Perform a factory reset from Recovery Mode.
C.Go to Settings > Apps > Default apps > Home app and select the default launcher.
D.Clear the cache partition from Recovery Mode.
AnswerC

This changes the active launcher without uninstalling the new one, preserving data and allowing easy switching back.

Why this answer

Option C is correct because Android allows users to change the default home app via Settings > Apps > Default apps > Home app without uninstalling the new launcher or losing any data. This procedure simply reassigns the default launcher to the system's built-in launcher, preserving all installed apps, settings, and user data.

Exam trap

CompTIA often tests the misconception that uninstalling a problematic app is the only way to revert its effects, but in Android, the default app assignment persists even after uninstallation, requiring a manual default reset to avoid instability.

How to eliminate wrong answers

Option A is wrong because uninstalling the new launcher app via the Play Store will remove the app but does not automatically revert the default home app assignment; the system may still try to use the missing launcher, causing instability or requiring a manual default reset. Option B is wrong because performing a factory reset from Recovery Mode wipes all user data, including apps, settings, and personal files, which is unnecessary and destructive when the goal is only to change the default launcher without data loss. Option D is wrong because clearing the cache partition from Recovery Mode removes temporary system cache files, which does not affect the default launcher assignment or resolve the performance issue caused by the new launcher app.

473
MCQmedium

A technician is troubleshooting an iPhone that fails to activate after a software update. The phone displays 'Activation Error' and the SIM card is known to be working. Which of the following steps should the technician perform FIRST?

A.Replace the SIM card with a new one.
B.Restore the iPhone using iTunes or Finder.
C.Check Apple's System Status page for activation server outages.
D.Reset the iPhone's network settings.
AnswerC

If Apple's activation servers are down, no device can activate; checking this saves time and effort.

Why this answer

The 'Activation Error' after a software update typically indicates that the iPhone cannot reach Apple's activation servers to verify its eligibility. Since the SIM card is known to be working, the most logical first step is to check Apple's System Status page to rule out a server-side outage, which is a common cause of activation failures and can be resolved without any device-side intervention.

Exam trap

CompTIA often tests the candidate's ability to prioritize simple, non-invasive checks (like server status) over more disruptive troubleshooting steps, and the trap here is that many candidates jump to restoring the device or replacing hardware without first verifying external dependencies.

How to eliminate wrong answers

Option A is wrong because the SIM card is already confirmed to be working, so replacing it would be unnecessary and would not address a server-side activation issue. Option B is wrong because restoring the iPhone using iTunes or Finder is a more drastic step that should be taken only after confirming that Apple's activation servers are online; a restore could also fail if the servers are down. Option D is wrong because resetting network settings would not help if the activation servers themselves are unavailable; this step is more appropriate for connectivity issues unrelated to server outages.

474
MCQmedium

A user's laptop running Windows 10 Pro connects to the corporate Wi-Fi but cannot access internal resources. The network uses WPA2-Enterprise with PEAP-MSCHAPv2. The laptop's wireless profile is configured correctly. Other users in the same office can access resources. What is the most likely cause?

A.The laptop's wireless adapter is faulty.
B.The user's domain account is locked or the password has expired.
C.The access point is broadcasting on a congested channel.
D.The laptop has an incorrect IP address from DHCP.
AnswerB

PEAP-MSCHAPv2 uses domain credentials; an account issue would prevent successful authentication and network access.

Why this answer

In a WPA2-Enterprise environment, the user's domain credentials are used for authentication. If the account is locked or the password has expired, authentication will fail even though the wireless association succeeds. This tests understanding of enterprise authentication integration.

475
MCQmedium

A technician is tasked with replacing a faulty power supply in a desktop computer that is part of a critical patient record system at a clinic. Before starting, the technician reviews the change management policy. Which step should the technician perform first?

A.Power off the workstation and disconnect all cables
B.Submit a change request to the change advisory board (CAB)
C.Back up the patient records to an external drive
D.Notify the clinic staff that the system will be offline
AnswerB

Formal approval from the CAB ensures the change is reviewed for risks and scheduled appropriately.

Why this answer

Option B is correct because the change management policy requires that any modification to a system handling critical patient records must first be formally approved via a change request submitted to the Change Advisory Board (CAB). This ensures that risks are assessed, downtime is scheduled, and compliance with healthcare data regulations (e.g., HIPAA) is maintained before any physical work begins.

Exam trap

CompTIA often tests the misconception that immediate physical safety steps (like powering off) or data backup should come first, but the exam emphasizes that change management approval is the mandatory initial step in any planned maintenance on a critical system.

How to eliminate wrong answers

Option A is wrong because powering off and disconnecting cables before obtaining change approval violates the change management process, potentially causing unauthorized downtime and data access risks. Option C is wrong because backing up patient records is a data protection step that should be performed after the change is approved, not before; the technician must first secure authorization to proceed. Option D is wrong because notifying clinic staff of an outage without prior CAB approval could disrupt critical operations and bypass the formal communication and scheduling protocols required by the change management policy.

476
MCQmedium

A small business owner wants to prevent employees from installing any software on their Windows 10 workstations without administrator approval. Which Control Panel or Settings feature should you configure to enforce this restriction?

A.Windows Defender Firewall
B.User Accounts > Change User Account Control settings
C.System > Advanced system settings > Performance
D.Ease of Access > Make the keyboard easier to use
AnswerB

UAC settings can be set to 'Always notify' to prompt for admin credentials whenever a program tries to make changes, effectively blocking unauthorized installations.

Why this answer

User Account Control (UAC) settings in Control Panel can be adjusted to always notify and require administrator credentials for installations. However, the most effective method is to make users standard accounts (not administrators) and configure UAC to the highest level.

477
MCQhard

A user reports that their computer is sending out a large amount of network traffic even when they are not using the internet. The antivirus detects a file named 'expl0rer.exe' in the startup folder. What type of malware is most likely causing this behavior?

A.Spyware
B.Botnet
C.Virus
D.Trojan
AnswerB

Botnet malware uses the infected machine to perform coordinated activities, causing unusual network traffic.

Why this answer

A botnet is a network of infected computers that are remotely controlled to perform tasks like sending spam or launching DDoS attacks. The unusual network traffic and startup file indicate the machine is part of a botnet. Removal requires disconnecting from the network and scanning with updated anti-malware.

478
MCQeasy

A small business is upgrading its workstations and needs to dispose of 20 old hard drives that contain confidential payroll records. The company wants the lowest-cost method that ensures data cannot be recovered. Which disposal method should be recommended?

A.Use a degausser on each drive.
B.Perform a standard format on each drive.
C.Drill holes through the platters of each drive.
D.Reformat the drives and install a fresh OS.
AnswerC

Drilling physically damages the platters, making data unrecoverable at very low cost. This is a common low-budget disposal method.

Why this answer

For cost-sensitive environments with sensitive data, physical destruction is often the most reliable and inexpensive method. Drilling through the platters is a low-cost way to render the drive unreadable without specialized equipment.

479
MCQmedium

A customer reports that their browser shows a 'Your connection is not private' warning when visiting their online banking site, but other websites work fine. What is the most likely cause?

A.The user's system date and time are incorrect.
B.The bank's SSL certificate has expired or is misconfigured.
C.The user's browser is infected with a man-in-the-middle proxy.
D.The user's anti-virus is blocking the connection.
AnswerB

A single-site certificate error points to a problem with that site's certificate, not the client.

Why this answer

This warning typically indicates a certificate issue, such as an expired or invalid SSL certificate on the banking site itself. It is not a problem with the user's browser or computer.

480
MCQeasy

A technician is tasked with disposing of several old CRT monitors from a client's office. What is the correct disposal method for these monitors?

A.Place them in the regular office trash for pickup.
B.Sell them to a scrap metal dealer.
C.Take them to a certified e-waste recycling facility.
D.Disassemble them and recycle the plastic and metal separately.
AnswerC

This is the correct method. Certified facilities follow regulations to safely handle and recycle hazardous materials from CRT monitors.

Why this answer

CRT monitors contain hazardous materials such as lead, phosphor, and other heavy metals that pose environmental and health risks. Certified e-waste recycling facilities are equipped to safely dismantle and process these components in compliance with environmental regulations like the EPA's Resource Conservation and Recovery Act (RCRA). Option C is the correct disposal method because it ensures legal and environmentally responsible handling of e-waste.

Exam trap

CompTIA often tests the misconception that disassembling e-waste for recycling is acceptable for a technician, but the trap is that without proper training and equipment, disassembly of CRTs is dangerous and non-compliant with safety procedures.

How to eliminate wrong answers

Option A is wrong because placing CRT monitors in regular office trash violates hazardous waste disposal laws and can lead to environmental contamination from lead and other toxins. Option B is wrong because scrap metal dealers typically lack the certification and equipment to safely handle hazardous CRT components, and selling them may result in illegal export or improper disposal. Option D is wrong because disassembling CRT monitors without proper training and equipment can expose the technician to high-voltage capacitors, implosion risks, and toxic dust, and it is not a recommended or compliant disposal method for individuals without specialized certification.

481
MCQeasy

A help desk technician needs to remotely control a user's Windows 10 workstation to install a software update. The user is not technically savvy and needs simple instructions. Which built-in Windows tool should the technician instruct the user to launch to allow remote control?

A.Remote Desktop Connection
B.Windows Remote Assistance
C.Quick Assist
D.Task Manager
AnswerB

Remote Assistance allows a user to invite a technician to view or control their desktop, making it ideal for this scenario.

Why this answer

Windows Remote Assistance (option B) is the correct built-in tool because it allows a user to invite a technician to remotely control their Windows 10 workstation via an invitation file or Easy Connect, using Remote Desktop Protocol (RDP) on TCP port 3389 but with a session-sharing model that requires the user's consent. This is ideal for a non-technical user, as they can launch it from the Start menu and follow simple prompts to generate an invitation or use a Microsoft account to share a code.

Exam trap

The trap here is that candidates often confuse Remote Desktop Connection (option A) with Remote Assistance because both use RDP, but Remote Desktop Connection is designed for direct, unattended remote access, not for an attended, consent-based support session that a non-technical user can easily initiate.

How to eliminate wrong answers

Option A is wrong because Remote Desktop Connection is a client tool used to initiate an outbound RDP session to another computer, not to allow inbound remote control; it requires the target machine to already have Remote Desktop enabled and does not provide a simple invitation mechanism for a non-technical user. Option C is wrong because Quick Assist is a separate tool introduced in Windows 10 version 1607 that uses a different underlying protocol (HTTPS-based) and is not built into earlier versions; while it can be used for remote assistance, the question specifies 'built-in Windows tool' and Windows Remote Assistance is the classic built-in tool available since Windows XP. Option D is wrong because Task Manager is a system utility for monitoring processes, performance, and starting/stopping applications, and it has no capability for remote control or screen sharing.

482
MCQhard

A technician is tasked with migrating a physical server running a legacy OS that does not support virtualization drivers. The technician needs to ensure the OS can boot and run in a virtual machine. Which of the following steps is most critical before performing the physical-to-virtual (P2V) conversion?

A.Increase the physical server's RAM before conversion
B.Ensure the legacy OS has the latest service pack installed
C.Use a P2V tool that can inject the correct HAL and storage drivers for the hypervisor
D.Create a full backup of the physical server
AnswerC

Injecting drivers ensures the legacy OS can recognize the virtual hardware and boot successfully after conversion.

Why this answer

Legacy OSes often lack drivers for virtualized hardware, so using a P2V tool that can inject the necessary HAL and storage drivers during conversion is essential. Without this, the VM will likely blue screen on boot. This tests advanced knowledge of P2V migration challenges and driver injection.

483
MCQmedium

A technician needs to copy a directory tree from /home/user/docs to a backup location /backup/docs, preserving all permissions, ownership, and timestamps. Which command should they use?

A.cp -r /home/user/docs /backup/docs
B.cp -a /home/user/docs /backup/docs
C.cp -p /home/user/docs /backup/docs
D.rsync -r /home/user/docs /backup/docs
AnswerB

The -a (archive) option preserves all attributes including permissions, ownership, and timestamps.

Why this answer

The cp command with the -a (archive) option preserves permissions, ownership, timestamps, and copies recursively. It is the standard way to duplicate directory trees with metadata.

484
MCQmedium

A technician is documenting a configuration change to a firewall rule that allows remote access for a new employee. The technician must ensure the documentation is clear for future audits. Which of the following is the most critical piece of information to include?

A.The exact date and time the rule was added.
B.The IP address of the new employee's remote location.
C.The business justification for the rule.
D.The name of the technician who made the change.
AnswerC

The justification explains the need for the change and is essential for audit compliance and future review.

Why this answer

Option C is correct because change management documentation must include the business justification to demonstrate that the change was authorized and necessary. Without a clear reason, auditors cannot verify that the firewall rule complies with organizational security policy or regulatory requirements. The business justification provides the context needed to distinguish legitimate changes from unauthorized or malicious modifications.

Exam trap

CompTIA often tests the principle that operational details (who, when, where) are less critical than the business justification in change management documentation, tempting candidates to choose the most concrete or easily recorded detail instead of the most audit-relevant one.

How to eliminate wrong answers

Option A is wrong because while the date and time are useful for tracking, they are not the most critical piece; auditors need the 'why' behind the change, not just the 'when'. Option B is wrong because the remote employee's IP address may be dynamic or subject to change, and including it without the business justification does not prove the rule was authorized; the justification is what validates the rule's purpose. Option D is wrong because the technician's name is secondary to the business justification; knowing who made the change is less important than understanding why the change was made, and auditors focus on authorization and necessity, not just attribution.

485
MCQmedium

A customer reports that their Windows 11 PC is displaying a 'Low Disk Space' warning on the C: drive. You need to quickly free up space by removing temporary files and system cache. Which administrative tool should you use?

A.Defragment and Optimize Drives to consolidate free space.
B.Disk Cleanup to delete temporary files and system cache.
C.Computer Management > Disk Management to shrink the volume.
D.Event Viewer to clear application logs.
AnswerB

Correct. Disk Cleanup safely removes temporary files, recycle bin contents, and other cache to free disk space.

Why this answer

Disk Cleanup (cleanmgr.exe) is the built-in tool for removing temporary files, system cache, and other unnecessary data. Storage Sense can automate this, but Disk Cleanup is the direct tool for manual cleanup. The other options do not clean temporary files.

486
MCQmedium

During a software deployment, you need to create a script that runs automatically every time a user logs into their Windows 10 domain-joined computer. Which tool should you use to configure this task?

A.Task Scheduler
B.Group Policy Management Console
C.Local Group Policy Editor
D.Windows PowerShell ISE
AnswerA

Task Scheduler can create a task that triggers 'At log on' for any user, running the script automatically.

Why this answer

Task Scheduler is the correct tool because it allows you to create a task that triggers on a specific event, such as user logon. You can set the trigger to 'At log on' for any user or a specific user, and the task will run automatically each time the user logs into the Windows 10 domain-joined computer. This is the native Windows mechanism for scheduling scripts or programs to run at logon without requiring additional configuration.

Exam trap

CompTIA often tests the distinction between tools that configure local machine behavior (Task Scheduler) versus tools that manage domain-wide policies (Group Policy Management Console), leading candidates to mistakenly choose GPMC for a local logon script task.

How to eliminate wrong answers

Option B (Group Policy Management Console) is wrong because it is used to manage Group Policy Objects (GPOs) across an Active Directory domain, not to schedule a local script to run at user logon; while you could deploy a logon script via GPO, the question specifies configuring the task directly on the computer, not centrally deploying it. Option C (Local Group Policy Editor) is wrong because it edits local Group Policy settings on a single machine, but it does not provide a direct way to schedule a script to run at logon; you would need to assign a logon script via the 'Scripts (Logon/Logoff)' policy, which is less flexible than Task Scheduler and does not allow event-based triggers like 'At logon' with specific conditions. Option D (Windows PowerShell ISE) is wrong because it is an integrated scripting environment for writing and debugging PowerShell scripts, not a tool for scheduling tasks; you would still need to use Task Scheduler or another scheduler to run the script automatically at logon.

487
MCQmedium

A technician is troubleshooting a computer that displays a fake security alert claiming the system is infected and urging the user to call a toll-free number. The alert cannot be closed and appears on top of all other windows. What is the best removal approach?

A.End the process 'svchost.exe' in Task Manager.
B.Restart the computer and press F8 to boot into Safe Mode with Networking, then run a malware scan.
C.Call the toll-free number to get help removing the alert.
D.Use System Restore to revert to a previous restore point.
AnswerB

Safe Mode loads minimal drivers and services, preventing the scareware from running and allowing removal.

Why this answer

This is a tech support scam, a form of scareware that uses a persistent pop-up. Booting into Safe Mode with Networking allows the technician to run an anti-malware scan without the rogue process interfering. Safe Mode loads only essential drivers, preventing the scareware from starting.

488
MCQhard

A company's security policy requires that all laptops returned by employees be sanitized before redeployment. A technician uses a degausser on a laptop's SSD. What is the likely outcome?

A.The SSD is completely erased and ready for reuse.
B.The SSD is physically destroyed and unusable.
C.The SSD is unaffected and still contains data.
D.The laptop's BIOS is reset.
AnswerB

Degaussing can damage the SSD's controller and make the drive inoperable, but it does not guarantee data erasure.

Why this answer

A degausser generates a powerful magnetic field to erase data from magnetic media. SSDs (Solid State Drives) store data in NAND flash memory cells, which are not magnetic. The intense magnetic field from a degausser induces high currents in the SSD's internal circuitry, physically destroying the controller and memory chips, rendering the drive completely unusable.

Exam trap

The trap here is that candidates assume degaussing works on all storage devices, but Cisco tests the distinction between magnetic media (HDDs) and solid-state media (SSDs), where degaussing physically destroys SSDs rather than erasing them.

How to eliminate wrong answers

Option A is wrong because degaussing an SSD does not perform a logical erase; it physically destroys the drive's electronics, making it impossible to reuse. Option C is wrong because the degausser's magnetic field induces destructive currents in the SSD's non-magnetic NAND flash, physically damaging the components and making data retrieval impossible. Option D is wrong because degaussing targets the storage drive, not the motherboard or BIOS chip; the BIOS remains unaffected unless the degausser is strong enough to damage other nearby components, but the primary outcome is SSD destruction.

489
MCQmedium

A company uses a Remote Desktop Gateway to allow employees to access internal desktops from the internet. Users report that they can connect to the gateway but cannot see any available desktops in the list. Which of the following is the most likely cause?

A.The Remote Desktop Gateway service is not running on the server.
B.The users are not members of the correct Active Directory group that is allowed to access specific desktops.
C.The desktops are powered off or disconnected from the network.
D.The user's RDP client is outdated and cannot display the list.
AnswerB

RD Gateway uses connection authorization policies (CAP) and resource authorization policies (RAP). If users are not in the allowed group, they can connect to the gateway but see no resources.

Why this answer

The Remote Desktop Gateway (RD Gateway) acts as a proxy, allowing external RDP connections to internal desktops. When users can connect to the gateway itself but see no desktops, it typically indicates an authorization failure: the RD Gateway uses Resource Authorization Policies (RAPs) to control which desktops a user can access. If the user is not a member of the Active Directory group specified in the RAP, the gateway will deny the list of available desktops, even though the gateway connection succeeds.

Exam trap

CompTIA often tests the distinction between gateway connectivity (CAP) and resource visibility (RAP), tempting candidates to choose generic network or client issues when the real problem is authorization policy misconfiguration.

How to eliminate wrong answers

Option A is wrong because if the RD Gateway service were not running, users would not be able to connect to the gateway at all; the symptom here is a successful connection but no desktop list. Option C is wrong because powered-off or disconnected desktops would still appear in the list (though they might show as unavailable); the RD Gateway does not filter the list based on desktop power state. Option D is wrong because an outdated RDP client might cause display or feature issues, but it would not prevent the gateway from returning the list of desktops; the list is generated server-side based on RAPs.

490
MCQhard

A technician is writing a Python script to automate the cleanup of user profiles on a Windows server. The script must iterate through all user profile folders in 'C:\Users', check the last modified date, and delete profiles older than 90 days. Which scripting concept is essential for this task?

A.Error handling with try-except
B.A for loop to iterate over folders
C.A while loop with a counter
D.A function to calculate date difference
AnswerB

Correct. A for loop allows the script to process each folder in the directory one by one, which is fundamental to this task.

Why this answer

This question tests understanding of loops, conditionals, and file system operations in a scripting language. A 'for' loop is needed to iterate through each folder, combined with an 'if' statement to check the date condition. Without a loop, the script would only process one folder.

Error handling is important but not the core concept for iteration.

491
MCQmedium

During a security audit, it is discovered that a former employee's user account is still active and has been used to log in remotely three times in the past month. Which logical security principle has been violated?

A.Separation of duties
B.Least privilege
C.Defense in depth
D.Mandatory access control
AnswerB

The former employee no longer needs any access, so the account violates least privilege by still having permissions.

Why this answer

The principle of least privilege requires that users have only the access necessary for their job. An inactive account with remote access violates this and also the principle of account lifecycle management. The immediate issue is that the account should have been disabled upon termination.

492
MCQmedium

A user reports that a script they run daily now fails with 'Permission denied' even though they haven't changed any permissions. The script is located in /usr/local/bin/script.sh and has permissions -rwxr-xr-x. The user is in the 'users' group. What is the most likely issue?

A.The script's shebang line is incorrect.
B.The /usr/local/bin partition is mounted with the noexec option.
C.The user does not have read permission on the script.
D.The script has been replaced with a directory.
AnswerB

If the filesystem is mounted with noexec, no binaries or scripts can be executed, even if permissions are correct.

Why this answer

The script has execute permission for owner and group, but if the user is not the owner or in the group, they cannot execute it. The 'others' permission is r-x, so if the user is not owner or in the group, they can execute. However, the script is in /usr/local/bin which may require root to execute? Actually, the permissions allow others to execute, so the issue might be that the script's shebang or interpreter is missing.

A more common issue is that the script's interpreter (e.g., /bin/bash) might be missing or the script has Windows line endings. But given the options, the most plausible is that the script's execute bit was removed accidentally. However, the scenario says they haven't changed permissions.

Another possibility is that the filesystem was remounted with noexec. For this question, we'll focus on the noexec mount.

493
MCQmedium

A technician is configuring a new workstation for a customer who is concerned about energy consumption. Which setting should the technician enable to reduce power usage when the computer is idle?

A.Disable the screensaver and set the display to turn off after 30 minutes.
B.Enable hibernation mode after 1 hour of inactivity.
C.Enable sleep mode after 15 minutes of inactivity.
D.Set the power plan to 'High performance' to reduce power draw.
AnswerC

This is correct because sleep mode reduces power consumption significantly while allowing quick wake-up, making it ideal for typical idle periods.

Why this answer

Option C is correct because enabling sleep mode after 15 minutes of inactivity places the computer into a low-power state (S3 sleep, Suspend-to-RAM) where the CPU is powered down but RAM retains data, allowing a quick wake-up. This directly reduces energy consumption during idle periods more effectively than simply turning off the display, as it cuts power to the processor, drives, and most peripherals.

Exam trap

The trap here is that candidates often confuse 'turning off the display' with full system power saving, or they assume that a longer idle timer (like 1 hour for hibernation) is better than a shorter one (15 minutes for sleep), not realizing that sleep mode engages much sooner and thus saves more energy over typical idle periods.

How to eliminate wrong answers

Option A is wrong because disabling the screensaver and setting the display to turn off only reduces power to the monitor; the rest of the system (CPU, RAM, drives) remains fully active, consuming significant power. Option B is wrong because hibernation mode (S4 state) saves the system state to disk and completely powers off, but after 1 hour it is less aggressive than sleep after 15 minutes, meaning the system wastes more energy during the first 45 minutes of idle time. Option D is wrong because the 'High performance' power plan maximizes CPU speed and prevents power-saving features, actually increasing power draw rather than reducing it.

494
MCQmedium

A user is concerned about privacy because a recently installed application is accessing their webcam and microphone without clear permission. They want to review and revoke permissions for specific apps. Which Control Panel path should you use?

A.Control Panel > System and Security > Security and Maintenance
B.Settings > Privacy > Camera
C.Control Panel > User Accounts > Credential Manager
D.Control Panel > Hardware and Sound > Devices and Printers
AnswerB

The Privacy section in Settings lets you control which apps can access the camera, microphone, and other sensors.

Why this answer

The Privacy settings are managed through the Settings app in Windows 10/11, not the traditional Control Panel. However, the question tests knowledge of where privacy controls are located. The correct path is Settings > Privacy > Camera/Microphone, which allows per-app permission management.

495
MCQeasy

A small business wants to ensure that only authorized employees can access the file server from their laptops. Each laptop has a unique MAC address. Which security measure should be implemented on the network switch?

A.Disable SSID broadcast
B.Enable WPA3 encryption
C.Configure MAC filtering
D.Change the default admin password
AnswerC

MAC filtering allows only devices with approved MAC addresses to access the network, meeting the requirement.

Why this answer

MAC address filtering restricts network access to devices with approved MAC addresses, providing a basic layer of security. This is a simple way to allow only specific laptops to connect to the file server.

496
MCQeasy

A user reports that they cannot execute a shell script they wrote in their home directory. The script has permissions -rw-r--r--. Which command should be used to allow the owner to execute the script?

A.chmod 755 script.sh
B.chmod u+x script.sh
C.chmod +r script.sh
D.chmod 644 script.sh
AnswerB

This adds execute permission only for the owner, which is exactly what is required.

Why this answer

This question tests understanding of the chmod command for modifying file permissions. The script currently lacks execute permission for the owner; chmod u+x adds execute permission for the user (owner).

497
MCQhard

A security incident occurs where an attacker captures the 4-way handshake of a WPA2-PSK network and successfully cracks the passphrase offline. The technician is tasked with preventing this type of attack in the future. Which protocol should the technician implement?

A.WPA2-PSK with a longer passphrase.
B.WPA3-SAE.
C.WPA2-Enterprise with PEAP-MSCHAPv2.
D.WPA2-PSK with TKIP.
AnswerB

WPA3-SAE uses SAE, which is resistant to offline dictionary attacks, even if the handshake is captured.

Why this answer

WPA3-SAE uses Simultaneous Authentication of Equals (SAE), which provides forward secrecy and prevents offline dictionary attacks. WPA2-PSK is vulnerable to handshake capture and offline cracking.

498
MCQhard

A technician is deploying laptops for a sales team that works remotely from coffee shops and client sites. The laptops contain sensitive customer data. Which physical security control is most practical for these mobile devices?

A.Install a laptop tracking software
B.Use a biometric fingerprint reader on the laptop
C.Require a smart card for login
D.Attach a cable lock to the laptop
AnswerD

A cable lock physically anchors the laptop to a table or desk, making it difficult to steal, which is the most practical physical control for mobile devices.

Why this answer

For mobile devices, a Kensington lock (cable lock) is a standard, lightweight physical security measure that can be used in various locations to tether the laptop to a fixed object, deterring opportunistic theft.

499
MCQeasy

A small business owner wants to restrict app installations on company Macs to only the Mac App Store to prevent employees from downloading unapproved software. Which macOS security feature should you configure?

A.FileVault
B.System Integrity Protection (SIP)
C.Gatekeeper
D.Parental Controls
AnswerC

Gatekeeper allows administrators to set allowed app sources: App Store, App Store and identified developers, or anywhere.

Why this answer

Gatekeeper controls where apps can be installed from. Setting it to 'App Store' restricts installations to only Mac App Store apps, meeting the business requirement.

500
MCQeasy

During a software deployment, you need to copy a configuration file from a network share to multiple workstations. The command must run silently and overwrite existing files. Which command should you use?

A.copy /y
B.xcopy /y
C.move /y
D.robocopy /mir
AnswerB

xcopy /y copies files and directories, suppressing confirmation prompts to overwrite, ideal for silent deployment.

Why this answer

The xcopy command with the /y switch suppresses the prompt to confirm overwriting, and /s copies directories and subdirectories (if needed). It is designed for file copying with advanced options like silent overwrite. Other commands either do not copy files or lack the silent overwrite feature.

501
MCQmedium

A technician is troubleshooting a laser printer that is producing smudged prints. The technician needs to remove the toner cartridge to inspect the drum. What safety precaution should be taken?

A.Wear a respirator mask to avoid inhaling toner particles.
B.Discharge the high-voltage power supply before touching the drum.
C.Avoid touching the drum surface and handle the cartridge carefully to prevent toner spills.
D.Use a vacuum cleaner to clean any spilled toner immediately.
AnswerC

This is correct. The drum is sensitive to light and scratches, and toner spills can cause health issues. Careful handling is essential.

Why this answer

Option C is correct because the primary safety precaution when handling a toner cartridge is to avoid touching the drum surface, which is sensitive to light, oils, and scratches, and to handle the cartridge carefully to prevent toner spills. Toner is a fine powder that can be messy and difficult to clean, but it is not a respiratory hazard under normal handling conditions, so a respirator is not required. The high-voltage power supply in a laser printer is typically discharged automatically when the printer is unplugged, and using a vacuum cleaner for toner spills is dangerous because toner can be electrostatically charged and may cause a fire or explosion in a standard vacuum.

Exam trap

CompTIA often tests the misconception that toner is toxic and requires a respirator, or that high-voltage components need manual discharge, when in fact the immediate risk is physical damage to the drum and the electrostatic fire hazard from improper cleanup.

How to eliminate wrong answers

Option A is wrong because toner particles are not a respiratory hazard under normal handling conditions; a respirator mask is unnecessary and not a standard safety precaution for toner cartridge removal. Option B is wrong because the high-voltage power supply in a laser printer is designed to discharge automatically when the printer is unplugged and the power is removed; there is no need to manually discharge it before touching the drum, and doing so could be dangerous. Option D is wrong because using a standard vacuum cleaner to clean toner spills is a fire and explosion hazard due to the electrostatic charge of toner particles; only a toner-rated or anti-static vacuum should be used.

502
MCQeasy

An employee receives an email that appears to be from the CEO, asking them to urgently wire funds to a new vendor. The email address looks similar to the CEO's but has a slight typo. What type of social engineering attack is this?

A.Phishing
B.Whaling
C.Spear phishing
D.Vishing
AnswerB

Whaling is a targeted phishing attack against high-profile individuals like the CEO, often involving impersonation.

Why this answer

This is a classic whaling attack, a form of phishing that targets high-level executives or impersonates them to trick employees into performing actions like wire transfers. The spoofed email address and urgent request are typical indicators. Whaling is a specific type of social engineering focused on senior staff.

503
MCQhard

A technician is preparing to deploy a security patch to 50 workstations. The change request has been approved, and the patch has been tested on a pilot group. During the deployment, five workstations fail to install the patch. What should the technician do next according to change management best practices?

A.Continue deploying to the remaining workstations and troubleshoot the failures later
B.Halt the deployment and execute the rollback plan for the failed workstations
C.Force the patch to install using administrative tools
D.Submit a new change request for the failed workstations
AnswerB

Halting and rolling back is the correct response to mitigate risk and adhere to the change plan.

Why this answer

According to change management best practices, when a deployment encounters failures, the immediate priority is to halt the deployment to prevent further issues and then execute the rollback plan to restore the failed workstations to their previous known-good state. This ensures stability and minimizes disruption, as the rollback plan was already defined and approved as part of the change request. Continuing or forcing the patch could lead to system instability or security vulnerabilities.

Exam trap

CompTIA often tests the misconception that troubleshooting can be deferred or that a new change request is required for each failure, when in fact the approved change request already covers rollback procedures for failed deployments.

How to eliminate wrong answers

Option A is wrong because continuing the deployment while ignoring failures violates the change management principle of risk mitigation; it could propagate errors or leave systems in an inconsistent state, making later troubleshooting more complex. Option C is wrong because forcing the patch installation with administrative tools bypasses the tested deployment process and could cause system corruption or incompatibility, especially if the failures indicate a deeper issue like driver conflicts or missing dependencies. Option D is wrong because submitting a new change request for only five workstations is unnecessary and inefficient; the existing approved change request already includes a rollback plan for handling failures, and a new request would delay resolution without adding value.

504
MCQeasy

During a routine security audit, a technician discovers that a server was patched out of the approved maintenance window. The patch was applied by a junior admin who was not authorized. What is the most important step to include in the incident documentation?

A.The name of the junior admin who applied the patch.
B.The reason the patch was applied outside the maintenance window.
C.The exact time the patch was applied.
D.The patch's version number and source.
AnswerB

Documenting the justification helps the change advisory board understand the context and decide whether to approve the change retroactively.

Why this answer

The most important step in incident documentation is to capture the reason the patch was applied outside the approved maintenance window. This directly addresses the root cause of the unauthorized change, which is critical for post-incident review, process improvement, and preventing recurrence. Without the reason, the documentation fails to support a meaningful root cause analysis (RCA) and corrective action planning.

Exam trap

CompTIA often tests the distinction between documenting what happened versus why it happened, and the trap here is that candidates focus on technical details (time, version, person) instead of the root cause reason that drives corrective action.

How to eliminate wrong answers

Option A is wrong because while the name of the junior admin may be noted for accountability, it is not the most important element for understanding the incident's cause and preventing future occurrences. Option C is wrong because the exact time, though useful for timeline reconstruction, does not explain why the change was made outside policy. Option D is wrong because the patch version and source are technical details that help identify the change but do not address the procedural violation or its underlying motivation.

505
MCQeasy

A user complains that their computer is running very slowly, and they see frequent pop-up ads even when no browser is open. They also notice a new toolbar in their browser that they did not install. What is the most likely security issue?

A.A rootkit has hidden itself in the system's firmware.
B.A worm is spreading through the network, consuming bandwidth.
C.The system is infected with adware that displays unsolicited advertisements.
D.A Trojan horse has stolen the user's banking credentials.
AnswerC

Adware is specifically designed to generate revenue through unwanted ads and often bundles toolbars, matching the user's description exactly.

Why this answer

Adware is a type of malware that displays unwanted advertisements and often installs toolbars or other software without user consent. It can significantly degrade system performance. This question tests the ability to identify adware based on symptoms like pop-ups and unauthorized toolbars.

506
MCQeasy

A school IT administrator needs to remotely lock a lost MacBook and display a custom message with contact information. The MacBook is enrolled in the school’s MDM and has an internet connection. Which macOS feature should they use?

A.Remote Desktop
B.Find My Mac
C.FileVault
D.Terminal command 'sudo pmset'
AnswerB

Find My Mac allows locking, erasing, and displaying a message on the lost device via iCloud.

Why this answer

Find My Mac is the built-in Apple feature for locating, locking, and erasing lost devices. For MDM-enrolled devices, the school can also use their MDM solution, but Find My Mac is the direct user-facing tool.

507
MCQhard

During a forensic investigation, an analyst needs to list all files in a directory that have been modified in the last 24 hours, including hidden files, and display the results with full path and timestamp. Which command should they use?

A.ls -laR --time-style=full-iso | grep '2025-03-21'
B.find . -mtime -1 -ls
C.stat * .* | grep Modify
D.find . -newer /tmp/ref -ls
AnswerB

This finds files modified within the last 24 hours and uses -ls to show full details including path and timestamp.

Why this answer

The find command with -mtime -1 finds files modified less than 1 day ago, and -ls displays detailed information including full path and timestamp. This is efficient for forensic searches.

508
MCQmedium

A technician is configuring a kiosk computer that will be used by the public to access a specific website. The technician wants to prevent users from navigating to other sites or changing browser settings. Which browser feature should be enabled?

A.Enable private browsing mode.
B.Enable parental controls.
C.Enable kiosk mode.
D.Disable the address bar via group policy.
AnswerC

Kiosk mode restricts the browser to a single full-screen application, preventing navigation to other sites and access to browser settings.

Why this answer

Kiosk mode locks the browser to a specific site or set of sites, hides the address bar, and disables settings access. This is ideal for public terminals. Other options like private browsing or parental controls do not provide the same level of restriction.

509
MCQeasy

A company is considering moving its email system from an on-premises Exchange server to a cloud-based solution. Which cloud service model would best fit this migration?

A.IaaS (Infrastructure as a Service)
B.PaaS (Platform as a Service)
C.SaaS (Software as a Service)
D.DaaS (Desktop as a Service)
AnswerC

SaaS delivers fully managed software applications, such as cloud-based email, eliminating the need for on-premises servers.

Why this answer

SaaS (Software as a Service) provides ready-to-use applications like email (e.g., Office 365, Gmail) without managing the underlying infrastructure. IaaS would require the company to still manage the email server software. PaaS is for application development, not end-user applications.

DaaS is for desktop virtualization.

510
MCQhard

A user reports that their Windows 11 laptop's battery drains quickly even when idle. They have already checked for background apps and power-hungry processes. Which single Settings page can you use to generate a detailed battery usage report showing which apps and hardware have consumed the most power over the last 24 hours?

A.Settings > System > Power & battery > Battery saver
B.Settings > System > Power & battery > Battery usage
C.Control Panel > Power Options > Edit Plan Settings
D.Settings > Privacy & security > Diagnostics & feedback
AnswerB

This section shows a detailed breakdown of battery consumption by app and system components over the last 24 hours or 7 days.

Why this answer

The correct tool is 'Battery usage' under Settings > System > Power & battery. This page provides a graph and detailed list of app and hardware power consumption, which can help identify the cause of rapid drain.

511
MCQeasy

A small business owner reports that after upgrading their wireless router to a newer model, their older laptops running Windows 7 cannot connect to the Wi-Fi network. The new router is configured with WPA3-Personal. Which of the following is the most likely reason for the connectivity failure?

A.The router's SSID is hidden.
B.The laptops' wireless adapters do not support WPA3.
C.The router is broadcasting on a 5 GHz band only.
D.The laptops have incorrect DNS settings.
AnswerB

WPA3 is a newer security standard; older hardware and drivers often lack support, forcing a fallback to WPA2 or causing connection failures.

Why this answer

WPA3 is not supported on older operating systems like Windows 7, which only support up to WPA2. The correct solution is to either downgrade to WPA2 or update the wireless adapter drivers if possible. This question tests knowledge of backward compatibility between WPA2 and WPA3.

512
MCQeasy

While upgrading a workstation, you find that the old lithium-ion battery is swollen. What is the safest and most environmentally sound way to handle this battery?

A.Puncture the battery to release the pressure, then throw it in the trash.
B.Place it in a fireproof container and contact a hazardous waste disposal service.
C.Put it in a sealed plastic bag and put it in the regular recycling bin.
D.Freeze the battery to stop the swelling, then dispose of it in the trash.
AnswerB

This method minimizes fire risk and ensures the battery is disposed of according to environmental regulations.

Why this answer

A swollen lithium-ion battery is a fire hazard and must be handled with care. Placing it in a fireproof container and contacting a hazardous waste facility ensures safe disposal. This question emphasizes the importance of proper battery disposal to prevent fires and environmental contamination.

513
MCQhard

A user reports that they cannot install a signed driver for a new graphics card because Windows displays a 'Windows can't verify the publisher of this driver software' error. You need to adjust the driver signing enforcement settings to allow installation. Which Control Panel tool allows you to change driver signing behavior?

A.Device Manager
B.System > Advanced system settings > Hardware > Device Installation Settings
C.Programs and Features > Turn Windows features on or off
D.Administrative Tools > Services
AnswerB

This path lets you control whether Windows automatically downloads driver updates and whether to allow unsigned drivers.

Why this answer

The System applet's 'Advanced system settings' includes a 'Hardware' tab with 'Device Installation Settings'. However, driver signing enforcement is configured via 'Startup and Recovery' or by using the 'bcdedit' command. The correct answer is System > Advanced system settings > Hardware > Device Installation Settings, which lets you choose whether to automatically download drivers and allow unsigned drivers.

514
MCQmedium

A user reports that their iPhone 13 is not receiving text messages from Android users, but iMessage conversations with other iPhone users work fine. After checking that the user is not blocked, which step should you take to resolve this issue?

A.Disable iMessage in Settings > Messages.
B.Reset Network Settings from General > Reset.
C.Toggle Airplane Mode on and off.
D.Sign out of iCloud and sign back in.
AnswerA

Turning off iMessage forces the device to send and receive all messages as SMS/MMS, which resolves the issue of missing texts from non-Apple devices.

Why this answer

This is a classic symptom of iMessage being stuck on the user's phone number. When an iPhone user switches to Android or if iMessage activation fails, messages from Android users may not arrive. The fix is to turn off iMessage, which forces the phone to use SMS/MMS for all messages.

Resetting network settings or toggling Airplane Mode are not targeted solutions.

515
MCQeasy

A technician is configuring a new Windows 10 workstation for a remote employee who will handle sensitive customer data. Which security feature should be enabled to ensure that if the laptop is lost, the data remains protected?

A.Windows Defender Firewall
B.User Account Control (UAC)
C.BitLocker Drive Encryption
D.Windows Hello for Business
AnswerC

BitLocker encrypts the drive, making data unreadable without the key, ideal for lost or stolen devices.

Why this answer

BitLocker Drive Encryption (C) is the correct choice because it provides full-disk encryption using AES encryption algorithms, ensuring that if the laptop is lost or stolen, the sensitive customer data remains inaccessible without the recovery key or TPM authentication. This directly addresses the requirement to protect data at rest on a lost device.

Exam trap

CompTIA often tests the distinction between authentication/access control features (like UAC or Windows Hello) and data-at-rest encryption (BitLocker), leading candidates to choose a security feature that protects the system while running rather than protecting data when the device is physically compromised.

How to eliminate wrong answers

Option A is wrong because Windows Defender Firewall is a network security feature that monitors and controls incoming/outgoing traffic based on rules, but it does not encrypt data on the drive, so it cannot protect data if the laptop is physically lost. Option B is wrong because User Account Control (UAC) prompts for permission before allowing system-level changes to prevent unauthorized software from making modifications, but it does not encrypt the drive or protect data when the device is offline. Option D is wrong because Windows Hello for Business provides biometric or PIN-based authentication for user sign-in, but it does not encrypt the storage volume, so data remains readable if the drive is removed or the device is accessed via other means.

516
MCQmedium

A technician is troubleshooting why a smart card reader at a secure entrance fails intermittently. Users can sometimes enter, but other times the reader does not respond. What should the technician check first?

A.Update the smart card reader firmware
B.Replace the smart cards for all users
C.Check the cabling and connections to the reader
D.Reconfigure the access control software
AnswerC

Intermittent connectivity often points to loose or damaged cables; verifying physical connections is a quick and effective first step.

Why this answer

Loose or damaged cabling is a common cause of intermittent failures in physical access control systems. Checking the physical connection is a logical first step before moving to software or configuration issues.

517
MCQeasy

A user reports that they cannot execute a custom shell script they created in their home directory. The script is owned by the user and has permissions set to 644. Which command should be used to allow the owner to execute the script?

A.chmod 755 script.sh
B.chmod u+x script.sh
C.chmod 644 script.sh
D.chown user:user script.sh
AnswerB

This adds execute permission only for the owner, preserving the existing read/write permissions for others.

Why this answer

The correct answer is B because the chmod command with u+x adds execute permission for the owner. Permissions 644 (rw-r--r--) do not include execute, so the owner cannot run the script until execute is granted.

518
MCQeasy

A customer reports that their Windows 10 computer is running very slowly, and they see frequent pop-up ads even when no browser is open. They also notice a new toolbar in their browser that they did not install. What type of malware is most likely causing these symptoms?

A.Ransomware
B.Adware
C.Virus
D.Worm
AnswerB

Adware generates pop-up ads and installs unwanted toolbars, matching the described symptoms exactly.

Why this answer

Adware displays unwanted advertisements and often installs browser toolbars, slowing down the system. Unlike a virus or worm, adware does not self-replicate, and ransomware would demand payment rather than show ads.

519
MCQhard

A user's iPhone is running iOS 16 and they cannot update to the latest iOS 17 because the 'Software Update' section in Settings shows 'Unable to Check for Update'. The device is connected to Wi-Fi and has sufficient storage. Which advanced troubleshooting step should you take to resolve this update issue?

A.Reset All Settings from General > Reset.
B.Restore the iPhone using an iCloud backup.
C.Use a computer with Finder (macOS) or iTunes (Windows) to download and install the update.
D.Disable iCloud Private Relay in iCloud settings.
AnswerC

Using a computer forces the device to download the update via a wired connection, bypassing the device's own update mechanism and often resolving cache or network issues.

Why this answer

The error 'Unable to Check for Update' on iOS often indicates a corrupted software update cache or a DNS resolution issue. The most effective step is to use a computer (Mac or PC) to force the update via Finder or iTunes, which bypasses the device's own update mechanism. Restarting the device or resetting network settings may not clear the underlying cache issue, and an iCloud restore would be too destructive.

520
MCQhard

During a routine check, a technician finds that a user's Windows 10 computer has an outdated antivirus that hasn't updated in 3 months. The user claims they never saw any update prompts. What is the most likely reason and the appropriate remediation?

A.The antivirus subscription has expired; renew it
B.The Windows Update service is disabled; re-enable it and set to automatic
C.The user has manually set the antivirus to manual update mode
D.The computer is infected with a virus that blocks updates
AnswerB

If the Windows Update service is disabled, the antivirus cannot receive updates, and the user would not see prompts. Enabling it resolves the issue.

Why this answer

Outdated antivirus often results from the update service being disabled or misconfigured. Checking the Windows Update or antivirus update service ensures that automatic updates can run, preventing future lapses.

521
MCQmedium

A user complains that their Android phone's battery drains quickly after installing a new weather app. The phone is warm to the touch even when idle. What should you do to resolve this?

A.Replace the battery immediately.
B.Check battery usage in Settings to see which app is consuming power.
C.Perform a factory reset to remove all apps.
D.Update the phone's operating system to the latest version.
AnswerB

Battery usage stats will show the weather app if it is draining power, allowing targeted action.

Why this answer

Battery drain and overheating after app installation indicate a misbehaving app. The best first step is to check battery usage statistics to identify the culprit, then force stop or uninstall that app. This is a standard Android troubleshooting procedure.

522
MCQeasy

A customer complains that their Windows 11 laptop frequently freezes after waking from sleep. You suspect a driver issue and need to view detailed hardware and driver information to diagnose the problem. Which administrative tool should you open first?

A.Disk Management
B.System Configuration (msconfig)
C.Device Manager
D.Event Viewer
AnswerC

Device Manager lists all hardware and allows you to check driver properties, update drivers, or roll back problematic ones.

Why this answer

Device Manager provides a centralized view of all hardware devices and their drivers, including driver status and version details. This makes it the go-to tool for driver-related troubleshooting. Other tools like Disk Management or System Configuration serve different purposes.

523
MCQeasy

A small business wants to ensure that only authorized employees can access the file server from their laptops. Each laptop has a unique hardware ID. Which logical security method should be implemented to enforce this restriction?

A.Require a complex password for the file server share.
B.Enable MAC address filtering on the network switch or router.
C.Install a host-based firewall on each laptop.
D.Disable the guest account on the file server.
AnswerB

MAC filtering ties access to the specific hardware addresses of the laptops, meeting the requirement.

Why this answer

MAC address filtering restricts network access based on the unique hardware identifier of a device's network interface. This is a simple logical security control that can be applied at the network level to allow only known laptops. It is not as strong as certificate-based authentication but directly addresses the requirement.

524
MCQeasy

A user reports that their computer is infected with a virus and they have been trying to remove it using a free online scanner, but the problem persists. The technician suspects the malware may have disabled the antivirus software. Which safe mode should the technician use to run a full system scan?

A.Safe Mode
B.Safe Mode with Command Prompt
C.Safe Mode with Networking
D.Last Known Good Configuration
AnswerC

This mode provides network access, allowing the technician to download updated tools while keeping malware disabled.

Why this answer

Safe Mode with Networking allows the technician to boot with minimal drivers and services while still having network access to download updated antivirus definitions or removal tools. Safe Mode alone does not provide network access, which is often needed to get the latest malware signatures. This mode also prevents many malware variants from loading, making removal easier.

525
MCQmedium

A technician is cleaning a computer that has been infected with a rootkit. After running a standard antivirus scan, the malware is still detected on reboot. Which step should the technician take next to ensure complete removal?

A.Perform a clean installation of Windows.
B.Boot from a rescue disk and run a malware scan.
C.Disable System Restore and run the antivirus again.
D.Run the antivirus in Safe Mode.
AnswerB

A rescue disk boots a trusted OS, bypassing the rootkit and enabling effective removal.

Why this answer

Rootkits load before the operating system and can hide from standard scans. Booting from a rescue disk (e.g., a bootable anti-malware USB) loads a clean OS environment, allowing the scanner to detect and remove the rootkit without interference.

Page 6

Page 7 of 10

Page 8

All pages