CompTIA A+ Core 2 220-1202 (220-1202) — Questions 526600

750 questions total · 10pages · All types, answers revealed

Page 7

Page 8 of 10

Page 9
526
MCQhard

A technician is tasked with securing a legacy web application that only supports HTTP, not HTTPS. The application is critical for internal operations but must be accessible remotely. What is the best way to secure the traffic without modifying the application?

A.Install a self-signed SSL certificate on the server.
B.Use a VPN to access the internal network.
C.Enable HTTP Strict Transport Security (HSTS) on the server.
D.Configure the browser to use a proxy server.
AnswerB

A VPN encrypts all traffic between the remote user and the network, securing the legacy HTTP traffic without changing the app.

Why this answer

Using a VPN encrypts all traffic between the remote user and the internal network, including the unencrypted HTTP traffic from the legacy app. This provides a secure tunnel without requiring changes to the application itself. SSL/TLS termination could also work but requires a reverse proxy setup.

527
MCQmedium

A company uses a private cloud for its development environment. A developer complains that they cannot deploy a new application because the cloud management portal shows a 'resource quota exceeded' error. The technician checks the cluster and finds that CPU and memory usage are below 50%. What is the most likely cause of the error?

A.The hypervisor is in maintenance mode
B.The storage pool is full
C.The developer's resource allocation quota has been reached
D.The virtual switch is not configured for the developer's VLAN
AnswerC

Quotas limit how many resources a user can consume, regardless of total available capacity. The error indicates the developer hit their personal limit.

Why this answer

Resource quotas are administrative limits set per user or project, independent of actual cluster utilization. Even with plenty of free resources, a quota can block deployment. This tests understanding of cloud resource management and the difference between quotas and capacity.

528
MCQhard

A security analyst discovers that an attacker has been using a compromised VPN account to access the corporate network. The account belongs to a former employee who was terminated two weeks ago. Which of the following should the analyst do immediately to prevent further unauthorized access?

A.Review the VPN logs to determine the extent of the breach
B.Disable the former employee's VPN account
C.Change the VPN server's shared secret
D.Notify the former employee about the security incident
AnswerB

Disabling the account immediately cuts off the attacker's access, containing the breach.

Why this answer

The immediate priority is to disable the compromised account to stop the attack. This is a critical security incident that requires swift action. While investigating the breach and reviewing logs are important, they come after containing the threat.

Changing the VPN server password is not sufficient if the account itself is still active.

529
MCQhard

A technician needs to configure a Windows 10 computer to use a static IP address of 192.168.1.100 with subnet mask 255.255.255.0 and default gateway 192.168.1.1. Which command-line tool and syntax should be used?

A.netsh interface ip set address "Local Area Connection" static 192.168.1.100 255.255.255.0 192.168.1.1 1
B.ipconfig /setaddress 192.168.1.100
C.netstat -r
D.ping 192.168.1.1
AnswerA

Correctly sets a static IP with subnet mask and gateway.

Why this answer

The correct answer is `netsh interface ip set address "Local Area Connection" static 192.168.1.100 255.255.255.0 192.168.1.1 1`. This sets a static IP with the specified parameters. `ipconfig` is used for display, `netstat` for connections, and `ping` for testing.

530
MCQmedium

A technician is setting up a remote desktop solution for a small business with five employees who need to access their office PCs from home. The office uses a dynamic public IP address. Which of the following should the technician configure to ensure reliable remote access without requiring users to remember a changing IP?

A.Set up port forwarding on the router
B.Configure a dynamic DNS (DDNS) service
C.Assign each employee a static IP address on the office network
D.Use a VPN with a static IP assigned by the ISP
AnswerB

DDNS automatically updates a domain name with the current public IP, providing a stable address for remote access.

Why this answer

A dynamic DNS (DDNS) service maps a domain name to a changing IP address, allowing users to connect using a consistent hostname. This is a standard solution for environments with dynamic public IPs. Port forwarding alone won't solve the IP change issue, and static IPs are not always available or cost-effective.

531
MCQmedium

After deploying a group policy update, several users report that their mapped network drives are missing. You need to force an immediate refresh of group policy settings on a remote workstation without rebooting. Which command should you run?

A.net use
B.gpresult
C.gpupdate /force
D.nslookup
AnswerC

This command forces an immediate policy refresh, applying the new drive mappings without reboot.

Why this answer

The gpupdate /force command forces an immediate refresh of all group policy settings, including drive maps, without requiring a reboot. It is the standard tool for applying policy changes on Windows. Other commands either manage user accounts or network configurations.

532
MCQmedium

A company deploys a new remote access solution using a VPN concentrator. After setup, users report that they can connect to the VPN but cannot access internal file servers. Other internal resources like email are accessible. Which of the following is the most likely cause?

A.The VPN client is using an incorrect DNS server
B.The file server is not on the same VLAN as the VPN concentrator
C.The VPN concentrator lacks a route to the file server's subnet
D.The users do not have permission to log on locally to the file server
AnswerC

Without a proper route, traffic destined for the file server subnet will not be forwarded correctly, causing access failure.

Why this answer

Option C is correct because the VPN concentrator must have a route to the file server's subnet to forward traffic from VPN clients. Without this route, packets destined for the file server are dropped, while other resources (like email) remain accessible if their subnets are reachable. This is a classic routing issue in remote access VPN deployments.

Exam trap

CompTIA often tests the misconception that VLAN placement or local permissions are the root cause, when the actual issue is a missing route on the VPN concentrator to the specific subnet.

How to eliminate wrong answers

Option A is wrong because an incorrect DNS server would cause name resolution failures for all internal resources, not selectively block file servers while allowing email access. Option B is wrong because VLAN membership is irrelevant for VPN concentrator routing; the concentrator can route to any subnet regardless of VLAN if a route exists. Option D is wrong because local logon permissions are not required for network file access; file server permissions are based on network shares and user credentials, not local logon rights.

533
MCQmedium

A company’s change management policy requires all changes to be approved by the Change Advisory Board (CAB) before implementation. A technician applies an emergency security patch to a critical server without CAB approval because the vulnerability is being actively exploited. What should the technician do after applying the patch?

A.Wait for the next CAB meeting to report the change.
B.Document the change and submit an emergency change request for retroactive approval.
C.Revert the patch and wait for CAB approval.
D.Delete the change log entry to avoid accountability.
AnswerB

This follows the correct procedure for emergency changes: document and seek retroactive approval from the CAB.

Why this answer

Even in emergency changes, documentation and retroactive approval are required. The technician must document the change and notify the CAB as soon as possible to obtain retroactive approval, ensuring compliance with change management policies.

534
MCQhard

A technician is troubleshooting an iPhone that repeatedly prompts for the Apple ID password even after entering it correctly. The device is not connected to any corporate MDM. What is the most likely cause?

A.The device is jailbroken and has a tweak interfering with authentication.
B.The Apple ID password was changed recently and not synced to all services.
C.iCloud Keychain is out of sync and needs to be reset by signing out of iCloud and back in.
D.The device has a hardware fault in the secure enclave.
AnswerC

Keychain sync issues can cause repeated password prompts; signing out and back in refreshes the authentication.

Why this answer

Option C is correct because repeated Apple ID password prompts, even after correct entry, are typically caused by an iCloud Keychain sync conflict. When iCloud Keychain becomes out of sync—often after a password change or device restore—the authentication token chain breaks, forcing the device to re-request the password. Signing out of iCloud and back in resets the local Keychain state and re-establishes a trusted sync relationship with Apple's servers.

Exam trap

CompTIA often tests the misconception that repeated password prompts are always due to a password change or incorrect entry, when in fact iCloud Keychain sync issues are a common cause that requires a sign-out/sign-in cycle to resolve.

How to eliminate wrong answers

Option A is wrong because a jailbroken device with a tweak interfering with authentication would likely cause broader instability or specific app crashes, not a consistent, system-level Apple ID password prompt that persists after correct entry. Option B is wrong because changing the Apple ID password and not syncing to all services would cause authentication failures on services using the old password, not repeated prompts after entering the correct password. Option D is wrong because a hardware fault in the Secure Enclave would manifest as inability to use Touch ID/Face ID or perform cryptographic operations, not as a repeated password prompt that works when entered.

535
MCQeasy

During a software deployment, a technician needs to ensure that a new web application can run in a sandboxed environment to prevent it from accessing other system resources. Which browser feature should be configured?

A.Enable pop-up blocker.
B.Enable private browsing mode.
C.Enable browser sandboxing.
D.Disable JavaScript.
AnswerC

Sandboxing isolates the web application process, preventing it from accessing the system or other tabs, which is exactly what is needed.

Why this answer

Modern browsers use sandboxing to isolate web applications from the operating system and other tabs. This security feature prevents malicious code from affecting the system, and it is often enabled by default but can be configured via browser settings or group policies.

536
MCQmedium

During a network upgrade, a technician needs to run new Ethernet cables through a drop ceiling. What is the most important safety precaution to take?

A.Wear a hard hat to protect against head injuries.
B.Use a non-contact voltage tester to check for live wires.
C.Ensure the area is well-ventilated.
D.Wear anti-static gloves to prevent ESD.
AnswerB

This is the most important precaution. Before running cables, the technician should verify that no live electrical wires are in the path to avoid electrocution.

Why this answer

The most important safety precaution when running cables through a drop ceiling is to use a non-contact voltage tester to check for live wires. Drop ceilings often conceal electrical wiring, and accidentally cutting or damaging a live wire can cause electrocution, fire, or equipment damage. A non-contact voltage tester allows the technician to detect the presence of AC voltage without making physical contact, ensuring the area is safe before handling cables.

Exam trap

CompTIA often tests the distinction between general safety equipment (like hard hats) and task-specific electrical safety tools, so the trap here is that candidates may choose a hard hat as a 'common sense' safety item, overlooking the more critical step of verifying that no live electrical wires are present in the drop ceiling.

How to eliminate wrong answers

Option A is wrong because while a hard hat provides head protection against accidental bumps or falling objects, it is not the most critical precaution when working near electrical hazards in a drop ceiling; the primary risk is electrical shock, not head injury. Option C is wrong because ventilation is not a primary concern when running Ethernet cables through a drop ceiling; the main hazards are electrical and physical, not airborne contaminants or lack of oxygen. Option D is wrong because anti-static gloves are used to prevent electrostatic discharge (ESD) damage to sensitive electronic components, but they do not protect against the immediate life-threatening risk of contact with live electrical wires in a drop ceiling environment.

537
MCQmedium

A user reports that their Windows 10 PC is infected with malware that prevents the Task Manager from opening. You need to terminate a suspicious process from the command line. Which command should you use to forcefully end a process by its name?

A.tasklist /v
B.taskkill /IM malware.exe /F
C.shutdown /r /t 0
D.regedit /e backup.reg
AnswerB

Correct. taskkill /IM terminates the process by image name, and /F forces it to stop.

Why this answer

The taskkill command can terminate processes by name or PID. The /F flag forces termination, which is necessary for stubborn malware. Other commands like tasklist list processes, shutdown reboots the system, and regedit edits the registry.

538
MCQhard

A network administrator is configuring a new wireless network for a hospital that requires the highest level of security for patient data. The network must support 802.1X authentication with smart cards. Which combination of security protocols and authentication methods should be used?

A.WPA2-PSK with PEAP-MSCHAPv2.
B.WPA3-Personal with SAE.
C.WPA2-Enterprise with EAP-TLS.
D.WPA3-Enterprise with EAP-TTLS.
AnswerC

WPA2-Enterprise supports 802.1X, and EAP-TLS uses certificates for mutual authentication, compatible with smart cards.

Why this answer

WPA2-Enterprise (or WPA3-Enterprise) with EAP-TLS provides certificate-based authentication, which can use smart cards. EAP-TLS is considered the most secure because it requires both client and server certificates. This tests knowledge of enterprise authentication methods and their security levels.

539
MCQeasy

A user calls the help desk because their workstation is running very slowly and they notice unusual network activity. You suspect ransomware. What should you do first to contain the threat?

A.Run a full antivirus scan on the affected workstation.
B.Disconnect the workstation from the network immediately.
C.Back up all files to an external drive before taking action.
D.Restart the computer and boot into Safe Mode.
AnswerB

Disconnecting the network cable or disabling the wireless adapter stops the ransomware from spreading and communicating externally, containing the incident.

Why this answer

The immediate priority is containment to prevent the ransomware from spreading to other systems on the network. Isolating the workstation by disconnecting it from the network is the first step, followed by notifying the security team.

540
MCQmedium

A technician is configuring a company-issued Android tablet for a kiosk mode in a retail store. The tablet must only run the store's inventory app and prevent users from accessing other apps or settings. Which built-in Android feature should the technician use?

A.Guest Mode
B.Screen Pinning
C.Developer Options > Force GPU Rendering
D.Do Not Disturb
AnswerB

Screen Pinning locks the device to one app and requires a PIN to unpin, providing the exact kiosk functionality needed.

Why this answer

This question tests knowledge of Android enterprise features. The correct answer is 'Screen Pinning', which locks the device to a single app and requires a PIN or password to exit. This is a native Android security feature ideal for kiosk scenarios without third-party software.

541
MCQeasy

A technician is tasked with disposing of several old UPS batteries from a server room. What is the most environmentally responsible method?

A.Place them in the regular dumpster for pickup.
B.Take them to a local battery recycling center.
C.Burn them in an incinerator to recover energy.
D.Store them indefinitely in a sealed container.
AnswerB

This is correct because recycling centers safely extract lead and acid for reuse, minimizing environmental harm.

Why this answer

Option B is correct because UPS batteries contain hazardous materials such as lead and sulfuric acid, which must be handled through specialized recycling processes to prevent environmental contamination. Local battery recycling centers are equipped to safely extract and reuse these materials, complying with regulations like the Resource Conservation and Recovery Act (RCRA) in the U.S.

Exam trap

CompTIA often tests the misconception that 'recycling' is optional or that 'storing indefinitely' is a safe alternative, when in fact proper disposal through certified recycling centers is legally required for hazardous waste like UPS batteries.

How to eliminate wrong answers

Option A is wrong because placing UPS batteries in a regular dumpster violates environmental regulations (e.g., RCRA) and can lead to soil and water contamination from leaked lead and acid. Option C is wrong because burning UPS batteries in an incinerator releases toxic fumes, including lead oxide and sulfur dioxide, and does not safely recover energy due to the hazardous nature of the materials. Option D is wrong because storing batteries indefinitely in a sealed container is not a disposal method and risks eventual leakage, corrosion, and non-compliance with waste management laws.

542
MCQmedium

A technician is configuring a new wireless network for a school. The network must support hundreds of student devices simultaneously and provide strong security. The school wants to use a single SSID with individual logins for students. Which security protocol should the technician choose?

A.WPA2-PSK with a long passphrase.
B.WPA2-Enterprise with 802.1X and RADIUS.
C.WPA3-Enterprise with 192-bit encryption.
D.WPA3-Personal with SAE.
AnswerC

Correct. WPA3-Enterprise provides individual authentication via 802.1X and uses 192-bit encryption, meeting the school's needs for security and scalability.

Why this answer

WPA3-Enterprise with 192-bit encryption is the most secure option for environments requiring individual authentication and high traffic. It provides stronger encryption and protection against dictionary attacks compared to WPA2-Enterprise.

543
MCQeasy

A user reports that their Android phone automatically switches from Wi-Fi to cellular data when the Wi-Fi signal is weak, even though they want to stay on Wi-Fi. Which setting should you configure to prevent this behavior?

A.Turn off Bluetooth
B.Disable 'Mobile data always active' in Developer Options
C.Enable Airplane Mode
D.Disable 'Switch to mobile data' in Wi-Fi settings
AnswerD

This setting directly controls the automatic transition to cellular data when Wi-Fi is weak, so disabling it keeps the device on Wi-Fi.

Why this answer

The 'Switch to mobile data' or 'Smart Network Switch' option in Android Wi-Fi settings automatically transitions to cellular when Wi-Fi is weak. Disabling this keeps the device connected to Wi-Fi, addressing the user's complaint. This is a common mobile OS feature for network management.

544
MCQeasy

A technician is setting up a wireless network for a home office. The client is concerned about neighbors accessing their internet. The technician enables WPA2-PSK with a strong passphrase. Which additional step should the technician take to ensure the network is as secure as possible?

A.Enable WPS for easy device pairing.
B.Disable SSID broadcast.
C.Disable WPS on the router.
D.Enable MAC address filtering.
AnswerC

WPS is a common attack vector; disabling it forces attackers to crack the passphrase directly.

Why this answer

Disabling WPS prevents attackers from using brute-force attacks to guess the PIN and retrieve the passphrase. WPA2-PSK with a strong passphrase is secure, but WPS can bypass that security.

545
MCQhard

A user complains that their virtual machine, which was working fine yesterday, now displays a 'Blue Screen of Death' (BSOD) on startup. The VM is running Windows 10 and is stored on a shared network drive. The host machine is a Windows Server with plenty of resources. What is the most likely cause of this issue?

A.The host machine ran out of memory while the VM was running.
B.The virtual hard disk file became corrupted due to a network error during the last write operation.
C.The VM's guest additions need to be updated.
D.The hypervisor version is incompatible with the VM configuration.
AnswerB

Network storage is vulnerable to corruption if the connection drops during a write, leading to a BSOD on boot.

Why this answer

A BSOD on VM startup often indicates a corrupted system file or disk issue. Since the VM is stored on a network drive, a network interruption during the last shutdown could have corrupted the virtual hard disk. Insufficient host resources or an outdated hypervisor would typically cause performance issues or failure to start, not a BSOD.

Guest additions issues might cause driver problems but are less likely to cause a BSOD on boot.

546
MCQhard

A healthcare clinic is disposing of 50 hard drives that contained protected health information (PHI). The compliance officer insists on a method that meets HIPAA requirements and provides a certificate of destruction. Which approach should be taken?

A.Overwrite the drives with zeros and reuse them in non-patient areas.
B.Use a degausser and then recycle the drives as scrap metal.
C.Hire a certified e-waste recycler to physically shred the drives and provide a certificate of destruction.
D.Perform a cryptographic erase if the drives support it.
AnswerC

A certified recycler will shred the drives and issue a certificate, meeting HIPAA requirements and providing audit-proof documentation.

Why this answer

HIPAA requires that PHI be rendered unrecoverable. Many organizations use a certified third-party destruction service that provides a certificate of destruction. Physical shredding is a common compliant method.

547
MCQeasy

A small business wants to migrate its on-premises file server to a cloud service to reduce hardware maintenance costs. The data must be accessible from any device with an internet connection and should support real-time collaboration. Which cloud service model best meets these requirements?

A.Infrastructure as a Service (IaaS)
B.Platform as a Service (PaaS)
C.Software as a Service (SaaS)
D.Desktop as a Service (DaaS)
AnswerC

SaaS delivers fully managed applications like cloud file storage and collaboration suites, meeting the need for accessibility and real-time collaboration without hardware management.

Why this answer

SaaS provides ready-to-use software applications over the internet, such as Google Workspace or Microsoft 365, which include file storage and collaboration features. This eliminates the need for the business to manage underlying infrastructure. The scenario tests knowledge of cloud service models: SaaS, PaaS, and IaaS.

548
MCQmedium

A user reports that their Windows 11 computer is infected with ransomware. Files are encrypted and a ransom note is displayed. The user has a backup from two days ago stored on an external drive that was disconnected after the backup. What is the best course of action to recover the data?

A.Pay the ransom to get the decryption key.
B.Disconnect the computer from the network and restore files from the external backup.
C.Run a full antivirus scan to remove the ransomware and then restore files.
D.Use System Restore to revert the system to a previous state.
AnswerB

Disconnecting prevents the ransomware from spreading or communicating, and restoring from an unaffected backup is the best way to recover data without paying.

Why this answer

Since the backup was stored on a disconnected external drive, it is likely not encrypted by the ransomware. The best action is to disconnect the infected computer from the network to prevent further spread, then restore the files from the clean backup.

549
MCQeasy

A company policy requires that all sensitive data stored on laptops must be unreadable if the device is lost or stolen. A technician is tasked with implementing a solution that works transparently for users. Which approach should they take?

A.Enable BitLocker drive encryption on each laptop.
B.Set a BIOS password on each laptop.
C.Implement a folder-level password policy using EFS.
D.Configure a screensaver password with a 1-minute timeout.
AnswerA

BitLocker provides full disk encryption that protects data at rest and works transparently after unlock.

Why this answer

Full disk encryption (FDE) encrypts the entire drive, making data unreadable without the decryption key. It operates transparently after the user authenticates at boot, meeting the policy requirement. BitLocker is a common implementation for Windows systems.

550
MCQeasy

A user reports that their system is running very slowly, and they see frequent pop-up ads even when no browser is open. They also notice that their default search engine has changed without their permission. Which type of malware is most likely causing these symptoms?

A.Virus
B.Adware
C.Ransomware
D.Rootkit
AnswerB

Adware is known for displaying unwanted advertisements and modifying browser settings, matching the user's symptoms.

Why this answer

Adware is designed to display unwanted advertisements and can modify browser settings, causing pop-ups and search engine hijacking. Unlike a virus or worm, adware does not typically replicate itself or require a host file to spread. The symptoms described—pop-ups outside the browser and unauthorized search engine changes—are classic signs of adware infection.

551
MCQeasy

During a desktop computer deployment, a technician needs to dispose of several used toner cartridges. What is the most environmentally responsible method?

A.Throw them in the regular trash since they are mostly plastic.
B.Recycle them through a certified e-waste recycler or manufacturer take-back program.
C.Burn them in an incinerator to generate energy.
D.Sell them to a scrap metal dealer.
AnswerB

This ensures proper handling of hazardous materials and allows the cartridge to be remanufactured or recycled. It is the recommended method by environmental agencies.

Why this answer

Option B is correct because toner cartridges contain plastic, metal, and residual toner powder, which are hazardous to the environment if landfilled. Certified e-waste recyclers or manufacturer take-back programs ensure proper disassembly, material recovery, and safe disposal of toxic components, complying with regulations like the EPA's Resource Conservation and Recovery Act (RCRA). This method minimizes environmental harm and supports circular economy principles.

Exam trap

The trap here is that candidates assume 'mostly plastic' means safe for regular trash, ignoring that toner powder is a hazardous substance regulated by environmental agencies.

How to eliminate wrong answers

Option A is wrong because throwing toner cartridges in regular trash violates environmental regulations (e.g., RCRA) as residual toner is classified as hazardous waste, and plastics do not biodegrade in landfills. Option C is wrong because burning toner cartridges in an incinerator releases toxic fumes, including dioxins and heavy metals from the toner powder, and is not a standard energy-recovery method for e-waste. Option D is wrong because toner cartridges are not primarily scrap metal; they contain plastic, foam, and toner, making them unsuitable for scrap metal recycling, and a scrap metal dealer would reject them or improperly dispose of non-metal components.

552
MCQeasy

A customer complains that after a recent Windows update, their default web browser keeps resetting to Microsoft Edge. They want to set Google Chrome as the default. Where in the Settings app would you configure this?

A.Apps > Apps & features
B.Personalization > Start
C.Apps > Default apps
D.Update & Security > Windows Update
AnswerC

The Default apps page lets you set defaults for web browser, email, music player, and more.

Why this answer

Option C is correct because the 'Default apps' page under Apps in the Settings app is the specific location where you can change the default web browser from Microsoft Edge to Google Chrome. This setting controls which application handles protocols like HTTP and HTTPS, and it allows you to set Chrome as the default by selecting it from the list of installed browsers.

Exam trap

CompTIA often tests the misconception that 'Apps & features' is the correct location for setting defaults, but candidates must remember that default app configuration is a separate, dedicated section under 'Default apps' within the Apps category.

How to eliminate wrong answers

Option A is wrong because 'Apps & features' is used to manage installed applications (uninstall, modify, or move them) but does not provide any option to set default applications or file associations. Option B is wrong because 'Personalization > Start' controls the appearance and behavior of the Start menu, such as which folders appear and whether to show recently added apps, and has nothing to do with default browser settings. Option D is wrong because 'Update & Security > Windows Update' is solely for managing Windows updates, including checking for, installing, and configuring update settings, and does not include any functionality for configuring default apps.

553
MCQhard

A technician needs to create a new user 'jdoe' with a home directory and set the password in one command. Which command accomplishes this?

A.useradd -m jdoe && passwd jdoe
B.adduser jdoe
C.useradd jdoe && passwd jdoe
D.usermod -m jdoe
AnswerA

This correctly creates the user with a home directory and then prompts to set the password.

Why this answer

This tests the useradd command with the -m option to create a home directory, and passwd to set the password. useradd -m jdoe creates the user and home directory; then passwd jdoe sets the password. No single command does both; the scenario implies two steps.

554
MCQeasy

A company policy requires that all USB flash drives be encrypted before use. A technician needs to configure a new drive for a manager who will store confidential client data. Which built-in Windows tool should the technician use?

A.EFS (Encrypting File System)
B.BitLocker To Go
C.Windows Defender Firewall
D.Device Manager
AnswerB

BitLocker To Go is specifically for encrypting removable drives, providing full-disk encryption with password or smart card authentication.

Why this answer

BitLocker To Go is the correct built-in Windows tool for encrypting removable drives like USB flash drives. It provides full-disk encryption specifically designed for portable storage, ensuring that the confidential client data on the drive is protected if the drive is lost or stolen.

Exam trap

CompTIA often tests the distinction between EFS (file-level encryption) and BitLocker (full-disk encryption), and the trap here is that candidates may confuse EFS with BitLocker To Go because both involve encryption, but EFS cannot encrypt entire removable drives for portable use.

How to eliminate wrong answers

Option A is wrong because EFS (Encrypting File System) encrypts individual files and folders on NTFS volumes, not entire removable drives, and it does not support encrypting USB flash drives for use on other systems without additional configuration. Option C is wrong because Windows Defender Firewall is a network security tool that filters incoming and outgoing traffic based on rules; it does not provide any data-at-rest encryption for storage devices. Option D is wrong because Device Manager is used to manage hardware drivers and device settings, not to perform encryption or security configurations on storage media.

555
MCQmedium

A technician is troubleshooting a Windows 10 system that fails to boot with a 'Bootmgr is missing' error. They need to repair the boot configuration data (BCD) from the Windows Recovery Environment. Which command should they use?

A.bootrec /fixmbr
B.bootrec /fixboot
C.bootrec /rebuildbcd
D.sfc /scannow
AnswerC

This command rebuilds the BCD store, directly fixing the 'Bootmgr is missing' error.

Why this answer

The bootrec /rebuildbcd command scans all drives for Windows installations and rebuilds the Boot Configuration Data store. This is the standard recovery command for missing or corrupt BCD. Other commands either fix the master boot record or system files, not the BCD specifically.

556
MCQmedium

During a security incident investigation, a technician finds that an attacker called the help desk, pretended to be a new employee who forgot their password, and successfully reset it. The attacker knew the employee's name and department. Which social engineering technique was used?

A.Phishing
B.Pretexting
C.Tailgating
D.Shoulder surfing
AnswerB

Pretexting is the correct term, as the attacker created a false identity and scenario to gain the help desk's trust.

Why this answer

Pretexting is the creation of a fabricated scenario (the pretext) to obtain information or access. The attacker used the employee's details to build credibility and trick the help desk. This highlights the importance of identity verification procedures.

557
MCQmedium

During a security audit, a technician notices that an unauthorized person is standing just behind an employee at the secure door, waiting for the employee to badge in so they can enter without badging themselves. What type of social engineering attack is being attempted?

A.Pretexting
B.Baiting
C.Tailgating
D.Phishing
AnswerC

Tailgating is when an unauthorized person gains access by closely following an authorized person through a secure entry point. This is exactly what is described.

Why this answer

This is tailgating (or piggybacking), where an unauthorized person follows an authorized individual into a restricted area without proper authentication. The attacker is exploiting the employee's politeness or lack of awareness.

558
MCQeasy

A technician is writing a batch script to automate the installation of a software package on multiple Windows workstations. The script needs to check if the software is already installed before attempting installation. Which scripting construct should the technician use?

A.A for loop
B.An if statement
C.A variable
D.A while loop
AnswerB

Correct. An if statement evaluates a condition (e.g., 'if exist C:\Program Files\Software\app.exe') and conditionally runs the installation command.

Why this answer

This tests knowledge of conditional logic in scripting. An 'if' statement allows the script to check a condition (e.g., existence of a registry key or file) and execute code only if the condition is true or false. Loops are for repetition, and variables store data, not control flow.

559
MCQeasy

A user reports that their virtual machine, which is used for testing software, suddenly lost network connectivity. The host machine is connected to the internet and can browse websites. The VM is configured with a bridged network adapter. What is the most likely cause of this issue?

A.The host's firewall is blocking the VM's network traffic.
B.The VM's DHCP lease has expired and it failed to obtain a new IP address.
C.The virtual switch on the host has been disabled.
D.The VM's operating system is corrupted.
AnswerB

Bridged networking relies on DHCP; an expired lease without renewal causes loss of network access.

Why this answer

In bridged mode, the VM gets its own IP address from the network's DHCP server. If the DHCP lease expired and the VM cannot renew it, connectivity is lost. The host's connection is fine, so the issue is specific to the VM's network configuration.

A misconfigured firewall on the host would affect all VMs, not just one. The virtual switch is part of the hypervisor and unlikely to fail without affecting other VMs.

560
MCQmedium

A help desk technician receives a complaint that a user’s custom software application stopped working after a Windows update was installed automatically overnight. The technician checks the system and finds the update is not in the approved change log. What should the technician do next?

A.Reinstall the custom application immediately
B.Roll back the Windows update and document the incident
C.Leave the update in place and submit a new change request for the application
D.Disable Windows Update on the workstation permanently
AnswerB

Rolling back the update restores the previous working state, and documentation helps prevent future unauthorized updates.

Why this answer

Option B is correct because the update was installed without authorization (not in the approved change log), violating change management policy. The technician should immediately roll back the update to restore application functionality and then document the incident to ensure proper change control procedures are followed. This aligns with the CompTIA A+ change management process: identify the unauthorized change, reverse it, and report it.

Exam trap

The trap here is that candidates may think restoring functionality (Option A) or preventing future updates (Option D) is the priority, but CompTIA emphasizes that following change management documentation and incident reporting is the correct first step, not just fixing the symptom.

How to eliminate wrong answers

Option A is wrong because reinstalling the custom application does not address the root cause (the unauthorized Windows update) and may waste time if the update breaks the application again. Option C is wrong because leaving an unauthorized update in place bypasses change management controls and could cause further instability; a new change request should be submitted before, not after, the change is applied. Option D is wrong because permanently disabling Windows Update leaves the system vulnerable to security patches and is an overreaction; the proper response is to manage updates through an approved change process, not disable the service entirely.

561
MCQhard

A technician is investigating a privilege escalation vulnerability. They need to list all files in /usr/bin that have the SUID or SGID bit set and are owned by root. Which single command will achieve this?

A.find /usr/bin -user root -perm -6000
B.find /usr/bin -user root -perm 4000 -o -perm 2000
C.ls -la /usr/bin | grep '^...s'
D.find /usr/bin -user root -perm /6000
AnswerD

This correctly uses the / prefix to match files with either SUID or SGID bit set, and filters by owner root.

Why this answer

The correct answer is D because find /usr/bin -user root -perm /6000 finds files owned by root with either SUID (4000) or SGID (2000) bit set. The -perm /6000 uses the 'any' match syntax (GNU find) to match files with either bit.

562
MCQhard

A technician needs to deploy a custom Windows 10 image to 50 identical workstations. The image must include specific drivers, applications, and settings. Which tool should the technician use to create and manage the deployment image?

A.System Preparation Tool (Sysprep)
B.Deployment Image Servicing and Management (DISM)
C.Windows Preinstallation Environment (Windows PE)
D.Windows Assessment and Deployment Kit (Windows ADK)
AnswerA

Sysprep generalizes the Windows installation by removing system-specific data, making the image ready for deployment on multiple computers.

Why this answer

System Preparation Tool (Sysprep) is used to generalize a Windows installation so it can be imaged and deployed to multiple computers. DISM is used to capture and apply images, but Sysprep is required to prepare the OS for imaging. Windows PE is a minimal OS for deployment tasks, not for creating the image.

Windows ADK includes deployment tools but Sysprep is the specific tool for image preparation.

563
MCQmedium

A technician is troubleshooting a PowerShell script that collects system information and writes it to a log file. The script runs without errors but the log file is empty. The script uses Out-File to write data. What is the most likely issue?

A.The script is not running with administrative privileges.
B.The Out-File cmdlet is misspelled.
C.The command before Out-File does not produce any output.
D.The log file path contains a forward slash instead of a backslash.
AnswerC

If the command returns nothing, Out-File writes an empty file.

Why this answer

If a PowerShell command does not produce output, piping it to Out-File will result in an empty file. The issue is that the command used does not generate any output.

564
MCQhard

A user reports that their Windows 11 laptop's search bar is not returning results for local files, though web searches work. You suspect the indexing service is not running or the index is corrupted. Which tool should you use to rebuild the search index?

A.Services.msc
B.Indexing Options in Control Panel
C.Task Manager
D.Windows Settings > Privacy & security > Searching Windows
AnswerB

Indexing Options provides an 'Advanced' button with a 'Rebuild' option to recreate the search index from scratch.

Why this answer

The Indexing Options control panel (accessible via Control Panel or by searching 'indexing options') provides a direct interface to manage the Windows Search index, including the ability to rebuild it. Rebuilding the index is the appropriate fix when the index is corrupted or not functioning, as it forces Windows to re-scan all indexed locations and create a fresh index database, resolving issues where local file searches fail but web searches (which do not rely on the local index) still work.

Exam trap

The trap here is that candidates confuse the 'Searching Windows' settings in the modern Windows Settings app (which controls privacy and cloud search options) with the legacy Indexing Options control panel that actually contains the rebuild function.

How to eliminate wrong answers

Option A is wrong because Services.msc allows you to start, stop, or restart the Windows Search service, but it does not provide a direct option to rebuild the search index; rebuilding requires the Indexing Options interface. Option C is wrong because Task Manager is used to manage running processes, monitor performance, and start/stop applications, but it has no capability to manage or rebuild the search index. Option D is wrong because Windows Settings > Privacy & security > Searching Windows controls privacy-related search settings (e.g., whether to include cloud content or history), but it does not include a rebuild option for the local search index; the rebuild function is exclusively in the legacy Indexing Options control panel.

565
MCQeasy

A customer calls saying their home Wi-Fi network suddenly stopped working after they changed the router's security mode from WPA2-PSK to WPA2-Enterprise. All their devices previously connected fine. What is the most likely cause of the problem?

A.The router's firmware is outdated.
B.The devices do not support the new encryption cipher.
C.The router is now requiring a username and password from a RADIUS server, which the home network lacks.
D.The SSID was changed during the configuration.
AnswerC

WPA2-Enterprise relies on 802.1X authentication with a RADIUS server; home networks typically do not have this infrastructure, so devices cannot authenticate.

Why this answer

WPA2-Enterprise requires a RADIUS authentication server, which is not present in a typical home network. WPA2-PSK uses a pre-shared key, which is standard for home use. This question tests the understanding of the difference between Personal and Enterprise modes.

566
MCQmedium

A technician receives a ticket from a user who says their email is 'broken.' Upon investigation, the technician finds that the user's mailbox is full. The user is known for being confrontational. Which response best demonstrates professionalism?

A."Your mailbox is full. Delete some emails and empty your trash. Let me know if that fixes it."
B."This is a common issue when people don't manage their inbox. Please clean it up."
C."I'll increase your mailbox quota so you don't have to delete anything."
D."Your email isn't broken; you just have too many messages."
AnswerA

This is direct, clear, and gives a specific action. It does not blame the user and remains professional.

Why this answer

Option A is correct because it directly addresses the root cause (full mailbox) with a clear, actionable solution (delete emails and empty trash) while maintaining a neutral, professional tone. The technician avoids blaming the user or escalating the situation, which is critical when dealing with a confrontational user. This response focuses on resolving the issue without unnecessary commentary, aligning with CompTIA's emphasis on professionalism and effective communication.

Exam trap

CompTIA often tests the trap of choosing a technically expedient solution (like increasing quota) over a professional communication approach, leading candidates to overlook the importance of de-escalating a confrontational user by providing a clear, non-judgmental resolution.

How to eliminate wrong answers

Option B is wrong because it includes a judgmental phrase ('people don't manage their inbox') that can be perceived as condescending, which may provoke a confrontational user and violates professional communication standards. Option C is wrong because increasing the mailbox quota without addressing the underlying storage issue is a temporary workaround that could lead to future problems (e.g., exceeding server limits or violating organizational email retention policies), and it fails to educate the user on proper mailbox management. Option D is wrong because it dismisses the user's concern by stating 'your email isn't broken,' which invalidates their experience and can escalate tension; the technician should acknowledge the issue while explaining the cause professionally.

567
MCQhard

A company's cloud-based CRM application is experiencing intermittent outages. The IT team suspects a distributed denial-of-service (DDoS) attack. Which cloud characteristic is most directly impacted by such an attack?

A.On-demand self-service
B.Broad network access
C.Availability
D.Resource pooling
AnswerC

Availability ensures that cloud services are accessible when needed. A DDoS attack specifically aims to deny availability by overwhelming the service.

Why this answer

A DDoS attack floods the service with traffic, making it unavailable to legitimate users, directly impacting availability. Cloud services rely on high availability, but an attack can overwhelm resources. This tests understanding of the five essential characteristics of cloud computing (on-demand self-service, broad network access, resource pooling, rapid elasticity, measured service) and the CIA triad.

568
MCQeasy

A small business owner reports that after upgrading their wireless router to a newer model, several older laptops running Windows 7 can no longer connect to the Wi-Fi network. The new router is configured to use WPA3. What is the most likely reason for the connection failures?

A.The laptops have outdated wireless drivers that do not support WPA3.
B.The router's firewall is blocking the older laptops' MAC addresses.
C.The laptops are using an incompatible encryption cipher like TKIP.
D.The router's SSID is hidden, and the laptops cannot discover it.
AnswerA

Correct. Older Windows 7 laptops typically lack WPA3 support in both drivers and OS, making them unable to authenticate with a WPA3-only network.

Why this answer

WPA3 is the latest wireless security protocol, but it is not backward-compatible with older operating systems like Windows 7, which only support WPA2. The technician should configure the router to use WPA2/WPA3 mixed mode or WPA2 only to ensure compatibility with all devices.

569
MCQhard

After a failed Windows Update, a Windows 10 system repeatedly attempts to install the update and fails. You need to stop the Windows Update service and delete the temporary update files from the command line. Which two commands, in order, should you use? (Select the first command from the options.)

A.net stop wuauserv
B.sfc /scannow
C.dism /online /cleanup-image /restorehealth
D.taskkill /IM svchost.exe /F
AnswerA

Correct. net stop wuauserv stops the Windows Update service, allowing deletion of its temporary files.

Why this answer

First, you must stop the Windows Update service using net stop wuauserv. Then, delete the contents of the SoftwareDistribution folder (e.g., del /f /s /q C:\Windows\SoftwareDistribution\*). Other commands like sfc repair system files, dism repair the image, and taskkill terminate processes but are not the correct sequence.

570
MCQhard

A user reports that their computer is infected with a virus that has encrypted all their personal files and left a text file with instructions to pay a ransom. The technician has verified the infection is ransomware. The company has a backup policy. What is the best course of action to recover the data?

A.Pay the ransom and hope the decryption key is provided.
B.Use a ransomware decryption tool from a reputable source.
C.Restore the files from a recent backup after removing the malware.
D.Reinstall the operating system and hope the files become accessible.
AnswerC

Restoring from backup is the most reliable way to recover data without paying the ransom.

Why this answer

The best approach for ransomware recovery is to restore files from a known clean backup after removing the malware. Decryption tools are not always available, and paying the ransom is discouraged. Reinstalling the OS is needed only if the system is compromised, but data recovery is the priority.

571
MCQmedium

A technician is troubleshooting a VM that fails to boot with the error 'Operating system not found'. The VM was working yesterday. The technician checks the virtual machine settings and sees that the virtual hard disk is attached to the IDE controller. What should the technician do first?

A.Reattach the virtual hard disk to the SCSI controller
B.Check the VM's boot order in the BIOS and ensure the virtual hard disk is first
C.Increase the VM's memory allocation
D.Restore the VM from a recent snapshot
AnswerB

The boot order may have been changed accidentally, causing the VM to try booting from another device that has no OS.

Why this answer

The boot order in the VM's BIOS might be set to boot from a different device (e.g., network or CD-ROM) before the hard disk. Changing the boot order to prioritize the virtual hard disk is the most direct fix. This tests knowledge of VM boot configuration and BIOS settings.

572
MCQmedium

A user on a Windows 10 Pro workstation complains that they cannot change their desktop background or theme, and several personalization settings are grayed out. The computer is not joined to a domain. Which Group Policy or local policy setting is most likely causing this restriction?

A.The 'Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands' policy.
B.The 'Prohibit access to Control Panel and PC settings' policy.
C.The 'Prevent changing desktop background' policy.
D.The 'Turn off all Windows Spotlight features' policy.
AnswerC

This policy specifically disables the ability to change the desktop background and related personalization options.

Why this answer

The Local Group Policy Editor (gpedit.msc) can enforce user restrictions. The specific policy 'Prevent changing desktop background' under User Configuration > Administrative Templates > Control Panel > Personalization would cause this symptom. The other options are either not specific to personalization or affect different settings.

573
MCQmedium

A technician is troubleshooting a Windows 11 computer that fails to boot with a 'Bootmgr is missing' error. They have a Windows installation USB. Which tool from the Windows Recovery Environment should they use to repair the boot configuration data (BCD)?

A.System File Checker (sfc /scannow)
B.Bootrec (bootrec /rebuildbcd)
C.DISM (DISM /Online /Cleanup-Image /RestoreHealth)
D.Diskpart (diskpart /s script.txt)
AnswerB

Bootrec is specifically designed to repair boot-related issues, including rebuilding the BCD store.

Why this answer

The 'Bootmgr is missing' error indicates that the Boot Configuration Data (BCD) store is corrupted or missing. The `bootrec /rebuildbcd` command scans all disks for Windows installations and rebuilds the BCD store from scratch, directly addressing the missing or corrupted boot configuration. This is the correct tool in the Windows Recovery Environment for repairing BCD issues.

Exam trap

The trap here is that candidates confuse `bootrec /rebuildbcd` with `sfc /scannow` or `DISM`, thinking any 'repair' tool can fix boot issues, but only `bootrec` specifically targets the BCD store required for the boot manager to locate the Windows loader.

How to eliminate wrong answers

Option A is wrong because System File Checker (sfc /scannow) repairs corrupted system files, not the boot configuration data (BCD) store; it operates on protected system files like DLLs and executables, not boot manager metadata. Option C is wrong because DISM /Online /Cleanup-Image /RestoreHealth repairs the Windows image (component store) for servicing issues, such as corruption in the system files used by Windows Update, and does not interact with the BCD store or boot sector. Option D is wrong because Diskpart is a disk partitioning tool used to manage volumes and partitions (e.g., create, delete, format), not to repair boot configuration data; running a script with `diskpart /s script.txt` would execute partition commands, not fix the BCD.

574
MCQeasy

After installing a new application, a user's Windows 10 system fails to boot and displays a 'Bootmgr is missing' error. Which command-line tool should you use from the Windows Recovery Environment to repair the boot configuration?

A.diskpart
B.bootrec
C.sfc /scannow
D.chkdsk /f
AnswerB

Correct. bootrec with /fixboot or /rebuildbcd repairs the boot configuration data (BCD) and fixes boot manager issues.

Why this answer

The bootrec tool is specifically designed to repair boot-related issues like a missing or corrupted Boot Manager. The /fixboot and /rebuildbcd options can resolve the 'Bootmgr is missing' error. Other tools like diskpart manage disks, sfc repairs system files, and chkdsk checks disk integrity.

575
MCQeasy

During a security audit at a law firm, the IT manager wants to ensure that all wireless communication is encrypted with the strongest available standard that is also compatible with their mix of Windows 10 laptops and iOS tablets. Which security protocol should you recommend?

A.WEP
B.WPA2-TKIP
C.WPA3-Personal
D.WPA2-Enterprise
AnswerC

WPA3-Personal provides the strongest security for a small office environment without a RADIUS server, and is backward compatible with WPA2 devices.

Why this answer

WPA3 is the latest Wi-Fi security standard, offering stronger encryption (GCMP-256) and improved authentication (SAE). It is backward compatible with WPA2 devices, making it suitable for mixed environments. This question tests knowledge of current wireless security standards and their compatibility.

576
MCQhard

A user on a Mac running macOS Big Sur needs to share a folder on their local network with a Windows colleague. The user wants the folder to appear as a network drive on the Windows machine without installing additional software. Which macOS feature should they enable and configure?

A.Screen Sharing in System Settings > Sharing.
B.File Sharing in System Settings > Sharing, and ensure SMB is enabled.
C.Internet Sharing in System Settings > Sharing.
D.Remote Login in System Settings > Sharing.
AnswerB

File Sharing with SMB is the standard way to share folders with Windows clients. The user must also add the specific folder to the Shared Folders list and set appropriate permissions.

Why this answer

File Sharing in System Settings uses SMB (Server Message Block) protocol, which is natively supported by Windows. By enabling File Sharing and adding the folder to the Shared Folders list, the Mac acts as an SMB server. The Windows user can then connect to it using the Mac's IP address or hostname.

Screen Sharing is for remote desktop, not file sharing.

577
MCQhard

A technician is reviewing the change management log and finds that a previous change to the email server was marked as 'completed' but the email service has been intermittent since then. The technician suspects the change was not fully tested. Which step in the change management process was most likely skipped?

A.The change request was not submitted
B.The change was not approved by the CAB
C.A post-implementation review was not conducted
D.The rollback plan was not documented
AnswerC

A post-implementation review would have caught the intermittent issue and prevented the change from being marked as completed.

Why this answer

Option C is correct because a post-implementation review (PIR) is the step where the change is verified to have met its objectives without causing adverse effects. Since the email service became intermittent after the change was marked 'completed', the lack of a PIR means the change was not validated in production, allowing the underlying issue to go undetected. In the CompTIA change management process, the PIR ensures that the change has been fully tested and that any residual problems are identified and addressed before the change is closed.

Exam trap

CompTIA often tests the distinction between the approval step and the validation step, trapping candidates who assume that a completed change must have been approved, when the real issue is the failure to verify the change's success through a post-implementation review.

How to eliminate wrong answers

Option A is wrong because the change was logged in the change management log as 'completed', which implies a change request was submitted and processed; the issue is not the absence of a request but the lack of validation after implementation. Option B is wrong because CAB approval is typically required for high-risk or significant changes, but the email server change was already approved and implemented; the skipped step is the verification of success, not the approval itself. Option D is wrong because while a rollback plan is important for reverting a failed change, the problem here is that the change was not fully tested and its impact was not assessed post-implementation; a documented rollback plan would not have prevented the intermittent service if the root cause was not identified during testing.

578
MCQeasy

An iOS user complains that their iPhone will not connect to a known Wi-Fi network, but other devices on the same network work fine. Which iOS-specific troubleshooting step should you perform first to resolve this issue without erasing any personal data?

A.Reset All Settings from the General > Reset menu.
B.Erase All Content and Settings to start fresh.
C.Use the 'Reset Network Settings' option in Settings > General > Reset.
D.Restore the iPhone from an iCloud backup.
AnswerC

This option clears Wi-Fi passwords, cellular settings, and VPN configurations, often fixing connectivity problems without affecting user data.

Why this answer

The correct step is to use the 'Reset Network Settings' option in iOS, which clears saved Wi-Fi networks, VPN configurations, and other network-related settings without affecting personal data like photos or contacts. This often resolves stubborn Wi-Fi connection issues. A full factory reset or iCloud restore would be excessive and data-destructive.

579
MCQeasy

A technician receives a call from someone claiming to be from the company's IT security team, asking for the administrator password to 'run a critical update.' The caller's voice sounds stressed and they mention a data breach. What should the technician do?

A.Provide the password immediately to prevent a data breach.
B.Ask for a callback number and verify it against the company directory.
C.Ignore the call because IT never calls about updates.
D.Change the password and give them the new one.
AnswerB

Verifying the caller's identity through official channels is the standard security procedure to prevent credential theft.

Why this answer

This is a classic social engineering attempt using urgency and authority to pressure the victim into divulging credentials. The correct response is to verify the caller's identity through official channels before providing any sensitive information.

580
MCQeasy

A customer is returning a leased laptop that contains sensitive client data. The lease agreement requires that the data be irrecoverably destroyed, but the laptop must remain functional for the next lessee. Which method should you use?

A.Perform a quick format of the hard drive.
B.Use a degausser to demagnetize the drive.
C.Run a secure erase utility that overwrites all sectors with zeros.
D.Physically shred the hard drive.
AnswerC

Secure erase overwrites every sector, making data unrecoverable while leaving the drive intact and usable for the next lessee.

Why this answer

Data destruction methods vary by need. For this scenario, the drive must stay functional, so physical destruction or degaussing is not appropriate. A secure wipe using a tool that overwrites all sectors is the correct approach because it renders data unrecoverable while preserving the drive's usability.

581
MCQeasy

A user reports that they cannot connect to the company's internal file server from home using the provided VPN client. They can access the internet without issues. Which of the following is the most likely cause of this problem?

A.The user's home router is blocking VPN traffic on port 443.
B.The VPN client is configured for split tunneling, and the file server's IP range is not in the allowed routes.
C.The file server is powered off or experiencing a hardware failure.
D.The user's VPN client software is outdated and needs to be reinstalled.
AnswerB

Split tunneling routes only specific traffic through the VPN. If the file server's subnet is omitted, the user cannot reach it, even though the VPN is connected.

Why this answer

Split tunneling allows the VPN client to route only specific traffic (e.g., corporate subnets) through the encrypted tunnel, while all other traffic goes directly to the internet. If the file server's IP range is not included in the allowed routes, traffic to that server will bypass the VPN and be sent unencrypted to the user's local gateway, which cannot reach the internal server. This matches the symptom: internet works, but the file server is unreachable.

Exam trap

The trap here is that candidates often assume any remote access issue is due to firewall blocking or server failure, overlooking the specific split tunneling misconfiguration that allows internet but blocks internal resources.

How to eliminate wrong answers

Option A is wrong because port 443 is typically used for HTTPS or SSL/TLS-based VPNs (e.g., OpenVPN, SSTP), and if the home router were blocking it, the VPN client would fail to establish any connection at all, not just fail to reach the file server. Option C is wrong because a powered-off or failed file server would affect all users, not just a remote VPN user, and the user can access the internet, indicating the VPN tunnel itself is up. Option D is wrong because outdated VPN client software would typically cause connection failures or authentication errors, not a selective inability to reach a specific internal resource while internet access works.

582
MCQeasy

A user reports that their Windows 10 PC shows a 'Low Disk Space' warning on the C: drive. You need to free up space by removing temporary files, system cache, and previous Windows installations. Which tool provides a guided cleanup for these items?

A.Disk Management
B.Defragment and Optimize Drives
C.Disk Cleanup
D.Storage Spaces
AnswerC

Disk Cleanup scans for and removes temporary files, system cache, and previous Windows installations to free up disk space.

Why this answer

Disk Cleanup is the built-in tool designed to safely delete temporary files, system cache, and old Windows installations. It offers a simple interface to select categories of files to remove. Other tools like Storage Spaces or Defragment are for different disk management tasks.

583
MCQmedium

A technician is troubleshooting a remote user's inability to connect to the office network via VPN. The user can ping the VPN server's public IP address but the VPN connection fails after entering credentials. The VPN logs show an authentication error. What should the technician check next?

A.Verify that the VPN server's firewall is allowing UDP port 500 and 4500.
B.Check if the user's account is locked out or if the password has expired.
C.Reinstall the VPN client software on the user's computer.
D.Configure the VPN to use a different encryption protocol.
AnswerB

An authentication error directly indicates a problem with the user's credentials. Locked accounts or expired passwords are common causes.

Why this answer

The VPN logs show an authentication error, which indicates the failure occurs during the credential validation phase, not during network connectivity. Since the user can ping the VPN server's public IP, Layer 3 connectivity is intact, and the issue is likely with the user's account status. Checking if the account is locked out or the password has expired directly addresses the authentication failure.

Exam trap

CompTIA often tests the distinction between connectivity issues (Layer 3 reachability) and authentication issues (Layer 7 credential validation), leading candidates to incorrectly focus on firewall ports or client software when the logs clearly point to an authentication failure.

How to eliminate wrong answers

Option A is wrong because UDP ports 500 and 4500 are used for IPsec IKE traffic, and the user can already ping the VPN server, so firewall rules are not the immediate cause of an authentication error. Option C is wrong because reinstalling the VPN client software would not resolve an authentication error that occurs after credentials are entered; the client is functioning enough to reach the server. Option D is wrong because changing the encryption protocol would not fix an authentication error; it would only alter how data is secured after authentication succeeds.

584
MCQeasy

A small office wants to restrict access to the server room to only authorized IT staff. They need a solution that does not require keys or cards that can be lost. Which physical security control should they implement?

A.Keyed lock
B.Proximity card reader
C.Biometric lock
D.Cipher lock
AnswerC

Biometric locks use fingerprints or other unique traits, so no keys or cards are needed, meeting the requirement perfectly.

Why this answer

Biometric locks use unique physical characteristics like fingerprints, eliminating the need for keys or cards that can be lost or stolen. This question tests knowledge of access control methods that combine security with convenience.

585
MCQeasy

A user reports that their laptop was stolen from their desk overnight. The security team reviews badge logs and finds no after-hours access to the floor. What physical security control should be implemented to prevent this from recurring?

A.Install a biometric fingerprint reader on the laptop.
B.Require a smart card to log in to the laptop.
C.Use a cable lock to secure the laptop to the desk.
D.Enable full-disk encryption on the laptop.
AnswerC

A cable lock physically attaches the laptop to a stationary object, deterring theft.

Why this answer

Cable locks are simple, effective physical security controls that deter theft by anchoring portable devices to a fixed object. This scenario tests the understanding of basic physical security measures for endpoint devices.

586
MCQmedium

A technician is configuring a new Windows 10 workstation for a remote employee. The employee will use the laptop to access company resources via VPN. Which security setting should be configured to ensure the VPN connection is always used when accessing the internet?

A.Enable split tunneling to improve performance.
B.Disable split tunneling to force all traffic through the VPN.
C.Configure the VPN to use PPTP protocol.
D.Set the VPN to connect only when accessing internal websites.
AnswerB

Disabling split tunneling ensures all internet traffic goes through the corporate VPN, maintaining security policies.

Why this answer

Disabling split tunneling ensures that all network traffic, including internet-bound traffic, is routed through the VPN tunnel. This forces the VPN connection to be always used when accessing the internet, which is essential for enforcing security policies and ensuring that company resources are protected even when the remote employee accesses external websites.

Exam trap

CompTIA often tests the misconception that enabling split tunneling improves security by reducing VPN load, when in fact it creates a security risk by allowing non-VPN traffic to bypass corporate security controls.

How to eliminate wrong answers

Option A is wrong because enabling split tunneling would allow internet-bound traffic to bypass the VPN, directly contradicting the requirement to always use the VPN for internet access. Option C is wrong because PPTP is an outdated and insecure protocol; the question asks about a security setting to force traffic through the VPN, not about the protocol choice. Option D is wrong because setting the VPN to connect only when accessing internal websites would not force all internet traffic through the VPN; it would only trigger the VPN for internal resource requests, leaving other internet traffic unprotected.

587
MCQmedium

A user receives an email from what appears to be their bank, asking them to click a link and verify their account due to suspicious activity. The email contains several spelling errors and the link points to an unfamiliar domain. What type of attack is this?

A.Spear phishing
B.Phishing
C.Whaling
D.Vishing
AnswerB

Phishing involves mass emails that appear from trusted sources to steal credentials, matching this scenario.

Why this answer

Phishing attacks use deceptive emails to trick users into revealing sensitive information. The suspicious link and errors indicate a phishing attempt, not a legitimate bank communication.

588
MCQeasy

A small business owner wants to deploy a custom inventory app to five company-owned iPads. The app is not available on the App Store. Which method should you use to install it?

A.Use Apple Configurator to install the app directly.
B.Download the app from a third-party website and open it in Safari.
C.Email the app file to each user and have them install it.
D.Enable sideloading in Settings and install via iTunes.
AnswerA

Apple Configurator allows supervised devices to install custom in-house apps signed with an enterprise certificate.

Why this answer

Apple Configurator allows IT administrators to install enterprise or custom in-house apps directly onto supervised iOS devices without requiring the App Store. Since the app is not available on the App Store and the iPads are company-owned, Apple Configurator provides a supported, secure method for direct installation using a Mac.

Exam trap

CompTIA often tests the misconception that iOS supports general sideloading or direct file installation like Android, when in reality iOS strictly controls app installation through the App Store, enterprise distribution, or supervised device management tools like Apple Configurator.

How to eliminate wrong answers

Option B is wrong because downloading an app from a third-party website and opening it in Safari is not a supported installation method on iOS; iOS does not allow direct installation from arbitrary websites without enterprise distribution certificates or jailbreaking. Option C is wrong because emailing an app file (.ipa) to users does not work on iOS; the operating system blocks installation of apps from email attachments due to security restrictions. Option D is wrong because iOS does not have a general 'sideloading' toggle in Settings; sideloading via iTunes is limited to free Apple Developer accounts with a 7-day expiry and requires the app to be signed, making it impractical for permanent deployment to five company-owned iPads.

589
MCQmedium

A technician is troubleshooting a DNS resolution issue on a Windows 10 workstation. The user can ping an IP address but not a domain name. Which command should be used to clear the local DNS cache?

A.nslookup example.com
B.ipconfig /flushdns
C.netstat -r
D.ping -a 192.168.1.1
AnswerB

Correct. ipconfig /flushdns clears the DNS resolver cache, forcing the system to query DNS servers fresh.

Why this answer

The ipconfig /flushdns command clears the DNS resolver cache, which can resolve issues caused by stale or corrupted entries. Other commands like nslookup query DNS servers, netstat show connections, and ping test connectivity but do not clear the cache.

590
MCQeasy

A user calls the help desk, frustrated because their computer is running slowly after installing a new antivirus program. The technician suspects the antivirus is causing high CPU usage. Which of the following is the MOST appropriate initial response?

A.Tell the user to uninstall the antivirus immediately.
B.Explain that antivirus programs always slow down computers and there's nothing to be done.
C.Apologize for the frustration and ask the user to describe when the slowness started.
D.Immediately remote into the computer to check CPU usage.
AnswerC

This shows empathy and gathers critical information to diagnose the problem effectively.

Why this answer

Option C is correct because it follows the CompTIA A+ troubleshooting methodology by first gathering information and showing empathy. The technician needs to confirm the timeline of the slowness relative to the antivirus installation, as other factors (e.g., a Windows update, disk I/O bottleneck, or malware) could be the root cause. Jumping to conclusions without verifying the symptom onset violates the 'identify the problem' step and risks misdiagnosis.

Exam trap

CompTIA often tests the candidate's ability to prioritize the troubleshooting methodology over technical action—the trap here is that many candidates choose Option D because they think immediate remote access is efficient, but the exam emphasizes gathering information and showing empathy as the first step.

How to eliminate wrong answers

Option A is wrong because uninstalling the antivirus immediately removes security protection without confirming it is the cause, and the slowness could stem from a different issue like a pending update or driver conflict. Option B is wrong because it dismisses the user's frustration and is factually incorrect—modern antivirus programs can be tuned (e.g., excluding scheduled scans during peak usage, adjusting real-time protection settings) to minimize performance impact. Option D is wrong because remotely accessing the computer without first explaining the action and obtaining consent violates professional conduct and the user's privacy; the technician should first ask questions to narrow down the problem before taking invasive steps.

591
MCQeasy

A customer reports that their computer is running slowly and they see pop-up ads even when no browser is open. They suspect malware. Which of the following should you perform first to remediate this issue?

A.Run a full antivirus scan
B.Disconnect the computer from the network
C.Reboot the computer in Safe Mode
D.Restore from a recent backup
AnswerB

Disconnecting stops active malware from communicating or spreading, making it the priority first step.

Why this answer

Disconnecting the computer from the network is the first step because it immediately stops the malware from communicating with its command-and-control (C2) server, preventing further data exfiltration, additional payload downloads, or remote control. This containment step is critical before any remediation (like scanning or rebooting) to avoid the malware spreading or causing more damage.

Exam trap

The trap here is that candidates often jump to running an antivirus scan (Option A) as the immediate action, but CompTIA emphasizes containment first to prevent further damage or data loss, especially when active C2 communication is suspected.

How to eliminate wrong answers

Option A is wrong because running a full antivirus scan while the computer is still connected to the network allows active malware to continue communicating with its C2 server, potentially downloading more malicious code or exfiltrating data during the scan. Option C is wrong because rebooting into Safe Mode does not immediately stop network-based threats; the malware may still have network access in Safe Mode with networking, and the reboot itself could trigger destructive payloads. Option D is wrong because restoring from a recent backup should only be performed after confirming the backup is clean and the current infection is contained; doing it first risks reinfecting the system from the backup or missing active malware still on the network.

592
MCQmedium

A user reports that their computer has been acting strangely: files are missing, and the mouse cursor moves on its own, opening programs and typing messages. The technician suspects a remote access Trojan (RAT). What is the most effective immediate action to stop the unauthorized access?

A.Run a full antivirus scan while the user is logged off.
B.Disconnect the Ethernet cable and disable Wi-Fi.
C.Change the user's password and log off.
D.Restore the system to a previous restore point.
AnswerB

Disconnecting the network immediately stops the remote attacker from controlling the computer.

Why this answer

A RAT gives an attacker remote control of the system. The immediate action is to disconnect the computer from the network, which cuts off the attacker's connection. After isolation, the technician can run scans and remove the malware.

Continuing to work while connected risks data theft or further damage.

593
MCQhard

A technician is tasked with decommissioning a server that contains a RAID array of hard drives. The drives are still functional, but the data must be securely erased. What is the most secure method to ensure data cannot be recovered?

A.Perform a quick format of each drive.
B.Overwrite the drives with zeros using a low-level format.
C.Use a degausser to erase the magnetic data on the drives.
D.Physically destroy the drives with a hammer.
AnswerC

Degaussing destroys the magnetic domains, making data unrecoverable. It is the most secure method for magnetic drives.

Why this answer

Degaussing destroys the magnetic field on the platters, making data unrecoverable. Physical destruction is also secure, but degaussing is the most efficient for bulk drives. Simply reformatting or overwriting may leave recoverable data.

594
MCQeasy

A company is implementing a new policy to prevent tailgating at the main entrance. Which physical security control should they deploy?

A.Security cameras
B.Biometric reader
C.Mantrap
D.Badge reader
AnswerC

A mantrap creates a small vestibule with two doors, allowing only one person to pass after authentication, directly preventing tailgating.

Why this answer

A mantrap uses two interlocking doors to ensure only one person can enter at a time, effectively preventing tailgating. This tests understanding of specialized access controls designed to enforce one-person-per-authentication.

595
MCQeasy

A customer reports that their Windows 10 PC is slow and displays pop-up ads even when no browser is open. They suspect malware. After running a full antivirus scan, the symptoms persist. Which step should you take next to remediate the issue?

A.Reinstall the operating system.
B.Run a scan with a dedicated anti-malware tool like Malwarebytes.
C.Disable Windows Defender permanently.
D.Clear the browser cache and cookies.
AnswerB

Adware and PUPs often evade standard antivirus; a dedicated anti-malware tool is designed to detect and remove them.

Why this answer

Option B is correct because standard antivirus software often misses potentially unwanted programs (PUPs) and adware that inject pop-ups into the system. A dedicated anti-malware tool like Malwarebytes uses heuristic analysis and signature databases specifically tuned to detect and remove adware, browser hijackers, and other low-level threats that traditional AV engines may overlook.

Exam trap

CompTIA often tests the distinction between standard antivirus and specialized anti-malware tools, trapping candidates who assume that a full antivirus scan is sufficient to remove all types of malware, especially adware and PUPs.

How to eliminate wrong answers

Option A is wrong because reinstalling the operating system is an extreme, time-consuming step that should only be taken after all other remediation methods have failed, and it does not address the root cause of the infection. Option C is wrong because disabling Windows Defender permanently would remove a critical layer of real-time protection, leaving the system vulnerable to further infections and violating best practices for security. Option D is wrong because clearing browser cache and cookies only removes temporary web data and cannot eliminate adware or malware that is running as a background process or service on the system.

596
MCQmedium

A user reports that their Windows 10 laptop will not boot and displays the error 'Bootmgr is missing'. They have a valid Windows installation USB. Which steps should you take to repair the boot manager?

A.Boot from the USB, go to Troubleshoot > Advanced Options > Command Prompt, and run 'bootrec /rebuildbcd' and 'bootrec /fixmbr'.
B.Boot from the USB and select 'Repair your computer' > 'Startup Repair'.
C.Boot from the USB and run 'sfc /scannow' from the Command Prompt.
D.Boot from the USB and perform a system restore to a previous point.
AnswerA

These bootrec commands are specifically designed to rebuild the BCD and repair the master boot record, fixing the 'Bootmgr is missing' error.

Why this answer

The 'Bootmgr is missing' error indicates that the Boot Configuration Data (BCD) is corrupted or missing. Booting from the Windows installation USB and using the bootrec command-line tool can rebuild the BCD and fix the boot manager.

597
MCQeasy

A user reports that their Windows 10 laptop takes an unusually long time to boot and frequently shows a 'Preparing Automatic Repair' screen before finally loading the desktop. Which Windows tool should be used first to diagnose and potentially fix the boot process?

A.Run the System File Checker (SFC) from an elevated Command Prompt.
B.Perform a full system restore from a backup made last month.
C.Use the Disk Cleanup tool to remove temporary files.
D.Reinstall Windows using the 'Reset this PC' option.
AnswerA

SFC scans and repairs corrupted system files, which can resolve boot delays and automatic repair loops.

Why this answer

The 'Preparing Automatic Repair' loop and slow boot often indicate corruption in critical boot files, such as the Boot Configuration Data (BCD) or system files. Running System File Checker (SFC) from an elevated Command Prompt scans and repairs protected system files, addressing the root cause without data loss. This is the first-line diagnostic tool for boot integrity issues before escalating to more destructive methods.

Exam trap

CompTIA often tests the misconception that Disk Cleanup or a full restore is the appropriate first step for boot issues, when in fact SFC is the correct initial diagnostic tool for file corruption without data loss.

How to eliminate wrong answers

Option B is wrong because performing a full system restore from a backup is a reactive, data-loss-prone step that should only be used after less invasive repairs fail; it does not diagnose the specific boot file corruption. Option C is wrong because Disk Cleanup only removes temporary files and does not repair system files or boot configuration, making it irrelevant to boot loops. Option D is wrong because reinstalling Windows via 'Reset this PC' is a last-resort destructive recovery that wipes applications and settings, and is not the first tool to use for boot file corruption.

598
MCQeasy

During a routine security audit, a technician finds that a user's computer has an unknown program running that is sending keystrokes and screenshots to a remote server. The user did not install this program. Which type of malware is this?

A.Rootkit
B.Worm
C.Keylogger
D.Ransomware
AnswerC

A keylogger records keystrokes and often captures screenshots, matching the described behavior.

Why this answer

A keylogger records keystrokes and can capture screenshots, sending data to an attacker. This is a form of spyware, not a worm, rootkit, or ransomware, which have different behaviors.

599
MCQhard

A company's login script uses a batch file that calls multiple other scripts. Recently, the script stopped working after a Windows update. The technician discovers that the script uses 'call' to run sub-scripts, but one of the sub-scripts contains an 'exit' command that terminates the entire batch process. How should the technician modify the sub-script to prevent this?

A.Replace 'exit' with 'goto :eof'
B.Change 'exit' to 'exit /b'
C.Remove the 'exit' command entirely
D.Use 'endlocal' before 'exit'
AnswerB

'exit /b' exits the current batch script and returns to the caller, preserving the call chain.

Why this answer

The 'exit' command without parameters terminates the entire command interpreter (cmd.exe), which kills the parent batch file as well. Using 'exit /b' instead exits only the current batch script or subroutine, returning control to the calling script. This preserves the intended flow when sub-scripts are invoked via 'call'.

Exam trap

CompTIA often tests the difference between 'exit' (terminates the entire command shell) and 'exit /b' (exits only the current batch script), leading candidates to mistakenly think 'exit' is always safe in sub-scripts.

How to eliminate wrong answers

Option A is wrong because 'goto :eof' is used to jump to the end of the current batch file, but it does not exit a subroutine that was called; it simply transfers control, which may not stop execution of the sub-script if there are more commands after the label. Option C is wrong because removing the 'exit' command entirely would leave the sub-script to continue executing any subsequent commands, potentially causing unintended behavior or an infinite loop. Option D is wrong because 'endlocal' only ends local variable scope set by 'setlocal'; it does not affect the termination behavior of the 'exit' command and does not prevent the parent batch from being terminated.

600
MCQhard

A technician needs to deploy a software update to 100 computers in a domain. The update requires administrative privileges. The technician wants to run the installer silently without user interaction. Which command-line syntax should be used?

A.msiexec /i update.msi /passive
B.msiexec /i update.msi /quiet /norestart
C.msiexec /i update.msi /qb
D.msiexec /i update.msi /l* log.txt
AnswerB

Installs silently and prevents automatic restart.

Why this answer

The correct answer is `msiexec /i update.msi /quiet /norestart`. This installs the MSI silently without prompting the user. `/passive` shows a progress bar, `/qb` shows a basic UI, and `/l*` creates a log file but does not suppress UI.

Page 7

Page 8 of 10

Page 9

All pages