Question 1mediummultiple choice
Full question →Question 387 of 1,000
mediummultiple choiceObjective-mapped
220-1102 Practice Question: A technician is configuring Windows Defender…
This 220-1102 practice question tests your understanding of a technician is configuring windows defender…. Read the scenario carefully and evaluate each option against the stated constraints before committing to an answer. A key principle to apply: windows Defender Firewall processes rules based on specificity and explicit actions.. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.
A technician is configuring Windows Defender Firewall on a Windows 10 workstation. The technician needs to allow inbound Remote Desktop (RDP) connections only from a specific IP address, 192.168.1.100. All other inbound connections should be blocked. How should the technician configure the rules?
Answer choices
Why each option matters
Good practice is not just finding the correct option. The wrong answers often show the exact trap the exam wants you to fall into.
A
Distractor review
Create a single inbound allow rule for RDP with source IP set to 'Any'
This would allow RDP from any IP address, which does not restrict access to the specific IP.
B
Distractor review
Create a single inbound allow rule for RDP with the source IP set to 192.168.1.100
While this allow rule permits the desired IP, if the default inbound action is to allow all traffic that is not explicitly blocked, then other IPs might still connect. A complementary block rule is needed.
C
Distractor review
Create a single inbound block rule for RDP with source IP set to 'Any'
This would block all RDP connections, including from the specific IP, which is not the goal.
D
Best answer
Create an inbound allow rule for RDP with source IP 192.168.1.100 and an inbound block rule for RDP with source IP 'Any'
This combination ensures that only the specified IP is allowed to connect via RDP, while all other IPs are explicitly blocked, providing the tightest security.
Answer analysis
Why the other options are wrong
Understanding why incorrect options are tempting is as important as knowing the correct answer.
- ✗
Create a single inbound allow rule for RDP with source IP set to 'Any'
This would allow RDP from any IP address, which does not restrict access to the specific IP.
- ✗
Create a single inbound allow rule for RDP with the source IP set to 192.168.1.100
While this allow rule permits the desired IP, if the default inbound action is to allow all traffic that is not explicitly blocked, then other IPs might still connect. A complementary block rule is needed.
- ✗
Create a single inbound block rule for RDP with source IP set to 'Any'
This would block all RDP connections, including from the specific IP, which is not the goal.
Common exam trap
Common exam trap: answer the scenario, not the keyword
Candidates often mistakenly believe a single allow rule for the specific IP (Option B) is sufficient, overlooking the need for an explicit block to override potential default allows.
Technical deep dive
How to think about this question
Windows Defender Firewall operates on a principle where rules are processed in a specific order, and explicit block rules generally override allow rules, especially when dealing with the same traffic type. When configuring inbound connections, the default behavior for network profiles (Domain, Private, Public) is typically to block unsolicited inbound connections unless an explicit allow rule exists. However, relying solely on this default can be insufficient for granular control, particularly when a service like RDP is involved, which might have pre-existing allow rules or be enabled by default during installation, potentially allowing broader access than desired. To achieve the requirement of allowing RDP *only* from 192.168.1.100 and explicitly blocking all other RDP attempts, a two-rule approach is necessary. First, an inbound allow rule for TCP port 3389 (RDP) must be created, specifically scoped to the source IP address 192.168.1.100. This rule explicitly permits the desired connection. Second, a complementary inbound block rule for TCP port 3389 should be created with the source IP address set to 'Any'. This explicit block rule ensures that any RDP connection attempt originating from an IP address other than 192.168.1.100 will be denied, effectively overriding any less specific allow rules or default behaviors that might otherwise permit the connection. This combination provides the highest level of security and precision for the specified RDP access. Option B, creating only an allow rule for the specific IP, is insufficient because if there's another broader allow rule for RDP (e.g., from a pre-configured setting or a default profile) or if the firewall's default inbound behavior for that profile is to allow, then other IPs could still connect. Option A would open RDP to the entire network, which is not the goal, while Option C would block RDP entirely, including the desired connection. The explicit block rule in conjunction with the explicit allow rule is crucial for enforcing the "only from" constraint.
KKey Concepts to Remember
- Windows Defender Firewall processes rules based on specificity and explicit actions.
- Explicit block rules generally take precedence over allow rules for the same traffic.
- Remote Desktop Protocol (RDP) uses TCP port 3389 by default.
- Combining an explicit allow rule with a broader explicit block rule ensures precise access control.
TExam Day Tips
- Watch for words such as best, first, most likely and least administrative effort.
- Review why wrong options are wrong, not only why the correct option is correct.
Key takeaway
Windows Defender Firewall processes rules based on specificity and explicit actions.
Related practice questions
Related 220-1102 practice-question pages
Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.
CompTIA A+ hardware practice questions
Practise 220-1102 questions linked to CompTIA A+ hardware.
CompTIA A+ mobile devices practice questions
Practise 220-1102 questions linked to CompTIA A+ mobile devices.
CompTIA A+ networking practice questions
Practise 220-1102 questions linked to CompTIA A+ networking.
CompTIA A+ operating systems practice questions
Practise 220-1102 questions linked to CompTIA A+ operating systems.
CompTIA A+ security practice questions
Practise 220-1102 questions linked to CompTIA A+ security.
CompTIA A+ software troubleshooting questions
Practise 220-1102 questions linked to CompTIA A+ software troubleshooting questions.
CompTIA A+ operational procedures questions
Practise 220-1102 questions linked to CompTIA A+ operational procedures questions.
More questions from this exam
Keep practising from the same exam bank, or move into a focused topic page if this question exposed a weak area.
Question 1
A change advisory board (CAB) approved a standard change to update antivirus definitions on all servers. The technician completes the update on a file server and verifies the server is functioning normally. According to change management best practices, what documentation should the technician complete?
Question 2
A company's change management policy requires all server changes to be approved by the Change Advisory Board (CAB). A technician discovers that a critical database server's operating system needs a security patch to comply with a new regulatory requirement that takes effect in one week. The patch has a known risk of causing service downtime. The next scheduled CAB meeting is in two weeks. What should the technician do FIRST?
Question 3
A company is implementing a bring-your-own-device (BYOD) policy and needs to ensure that corporate data on employee mobile devices is protected. Which of the following is the MOST important technical control to implement?
Question 4
A company requires employees to present both a smart card and a PIN to log into their workstations. Which authentication principle is being implemented?
Question 5
A company requires all Windows 10 workstations to be able to join an Active Directory domain. Which edition of Windows 10 must be installed on these workstations?
Question 6
A company wants to allow employees to securely access internal resources from home via the internet. Which method provides the highest level of security for remote desktop connections?
Practice this exam
Start a free 220-1102 practice session
Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.
FAQ
Questions learners often ask
What does this 220-1102 question test?
Windows Defender Firewall processes rules based on specificity and explicit actions.
What is the correct answer to this question?
The correct answer is: Create an inbound allow rule for RDP with source IP 192.168.1.100 and an inbound block rule for RDP with source IP 'Any' — The best practice is to create an inbound allow rule for RDP that specifies the source IP as 192.168.1.100. However, if the default firewall behavior is to allow inbound connections that match no explicit allow rule (i.e., default allow), then a separate inbound block rule for RDP with source 'Any' would also be needed to override the default. In Windows Defender Firewall, the default inbound behavior is to block unless explicitly allowed. But if technician wants to be explicit or if there are other rules that might allow RDP from any IP, it's common to create both an allow rule for the specific IP and a block rule for all other IPs to ensure only that IP can connect. The option 'Both b and c' represents this combined configuration, which is the most secure and precise method.
What should I do if I get this 220-1102 question wrong?
Review windows Defender Firewall processes rules based on specificity and explicit actions., then practise related 220-1102 questions on the same topic to reinforce the concept.
About these practice questions
Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →
Keep practising
More 220-1102 practice questions
- A change advisory board (CAB) approved a standard change to update antivirus definitions on all servers. The technician…
- A company's change management policy requires all server changes to be approved by the Change Advisory Board (CAB). A te…
- A company is implementing a bring-your-own-device (BYOD) policy and needs to ensure that corporate data on employee mobi…
- A company requires employees to present both a smart card and a PIN to log into their workstations. Which authentication…
- A company requires all Windows 10 workstations to be able to join an Active Directory domain. Which edition of Windows 1…
- A company wants to allow employees to securely access internal resources from home via the internet. Which method provid…
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Loading comments…
Sign in to join the discussion.
This 220-1102 practice question is part of Courseiva's free CompTIA certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the 220-1102 exam.