CCNA Browser and Application Security Questions

30 questions · Browser and Application Security · All types, answers revealed

1
MCQhard

A technician is troubleshooting a computer that has been infected with ransomware. The ransomware encrypted files and left a note demanding payment. After removing the malware, what is the most important step to prevent future infections?

A.Reinstall the operating system
B.Update all software to the latest versions
C.Implement a strict backup policy and educate users on phishing
D.Disable all browser plugins
AnswerC

Backups mitigate data loss, and user education reduces the likelihood of future infections.

Why this answer

Option C is correct because ransomware often enters through phishing emails or unpatched vulnerabilities. While removing the malware is necessary, preventing future infections requires a combination of user education to avoid phishing attempts and a strict backup policy to ensure data can be restored without paying the ransom. Without addressing the root cause (user behavior and data resilience), the system remains vulnerable to reinfection.

Exam trap

CompTIA often tests the misconception that technical controls alone (like reinstalling the OS or updating software) are sufficient, when in reality, user education and backup policies are the most critical steps to prevent future ransomware infections.

How to eliminate wrong answers

Option A is wrong because reinstalling the operating system removes the malware but does not address the underlying security gaps (e.g., unpatched software or user susceptibility to phishing) that allowed the infection. Option B is wrong because updating software patches known vulnerabilities, but it does not prevent infections caused by user actions like opening malicious email attachments or visiting compromised websites. Option D is wrong because disabling all browser plugins is overly restrictive and does not address the primary infection vector (phishing emails or drive-by downloads), nor does it protect against ransomware that arrives via other means like malicious macros in documents.

2
MCQhard

A company uses a web application for internal communication. A security audit reveals that the application is vulnerable to cross-site scripting (XSS). Which browser security feature can help mitigate the risk for users while the application is being patched?

A.Enable pop-up blocker
B.Configure the browser to use a proxy server
C.Implement Content Security Policy (CSP) headers on the web server
D.Disable JavaScript in the browser
AnswerC

CSP allows the server to specify which scripts are allowed, preventing execution of injected scripts.

Why this answer

Option C is correct because Content Security Policy (CSP) is a browser security mechanism that allows a web server to specify which sources of content (scripts, styles, images, etc.) are trusted. By implementing CSP headers (e.g., Content-Security-Policy: script-src 'self'), the server instructs the browser to block inline scripts and other potentially malicious content, effectively mitigating XSS attacks even before the application code is patched. CSP operates as a defense-in-depth layer that the browser enforces, reducing the attack surface for users.

Exam trap

Many candidates for the CompTIA A+ exam mistakenly think disabling JavaScript is a viable XSS mitigation, but the trap is that this breaks application functionality and is not a selective security control, whereas CSP provides granular control over script execution without disabling all JavaScript.

How to eliminate wrong answers

Option A is wrong because a pop-up blocker only prevents unwanted pop-up windows; it does not inspect or block malicious scripts injected into the page, so it cannot mitigate XSS. Option B is wrong because configuring a proxy server changes how HTTP requests are routed but does not alter the browser's execution of scripts or enforce content restrictions; a proxy cannot prevent the browser from running injected JavaScript. Option D is wrong because disabling JavaScript entirely would break the web application's core functionality (since it is a web application for internal communication, likely relying on JavaScript), and it is not a practical or selective mitigation; CSP allows JavaScript to run from trusted sources while blocking malicious scripts, whereas disabling JavaScript is a blunt, non-selective approach.

3
MCQmedium

A technician is troubleshooting a Windows 10 computer where the user cannot install a legitimate browser extension because the browser displays a warning that extensions from this source are not allowed. What setting is likely blocking the installation?

A.The browser is in private browsing mode.
B.The computer is running Windows 10 in S mode.
C.The user account does not have administrator privileges.
D.The browser's security level is set to high.
AnswerB

S mode only allows apps from the Microsoft Store, which can prevent installation of extensions from outside the store.

Why this answer

Windows 10 in S mode enforces a security policy that restricts application installations exclusively to the Microsoft Store. This includes browser extensions, which are blocked unless they are obtained from the Store. The browser warning directly reflects this OS-level restriction, not a browser-specific setting.

Exam trap

The trap is that candidates often confuse browser-specific security settings (like high security zones or private browsing) with OS-level restrictions, failing to recognize that Windows 10 S mode is a unique configuration tested in CompTIA A+ that blocks all non-Store software, including browser extensions.

How to eliminate wrong answers

Option A is wrong because private browsing mode only prevents local history/cookie storage; it does not block extension installations from any source. Option C is wrong because while administrator privileges may be required for some system-wide installations, standard browser extensions typically install per-user and do not require admin rights; the warning here is about source restriction, not privilege level. Option D is wrong because a high security level in the browser might block active content or prompt for permissions, but it does not produce a warning that extensions from a specific source are not allowed; that behavior is characteristic of Windows 10 S mode.

4
MCQmedium

A user calls the help desk saying that every time they click a link in an email, their browser opens a page that says 'Your computer is infected! Call this number.' They are unable to close the page normally. What type of attack is this, and what is the first step you should take?

A.Phishing attack; immediately change the user's email password
B.Browser hijacker; run a full antivirus scan immediately
C.Tech support scam; force close the browser using Task Manager, then run a security scan
D.Drive-by download; disconnect the computer from the network
AnswerC

This matches the scenario: a fake alert designed to trick the user into calling a scam number. Force closing stops the attack.

Why this answer

This is a tech support scam using a social engineering tactic to frighten the user. The correct first step is to close the browser forcefully using Task Manager, then run a security scan. This tests the ability to distinguish between different attack types and appropriate response procedures.

5
MCQeasy

A user reports that their browser frequently redirects to a different search engine, and a new toolbar has appeared. After checking the browser settings, you find the homepage has been changed and there are unknown extensions enabled. What is the most likely cause of this issue?

A.A corrupted browser cache
B.A browser hijacker installed via a malicious extension
C.An outdated browser version
D.A misconfigured proxy server
AnswerB

Browser hijackers often install as extensions and modify settings like homepage and search engine.

Why this answer

This scenario describes classic symptoms of a browser hijacker, a type of malware that modifies browser settings without user consent. The correct answer is to remove the malicious extensions and reset the browser settings. This reinforces the importance of managing browser extensions and understanding common malware behaviors.

6
MCQhard

A company policy requires that all web traffic from employee computers be filtered to block known malicious sites. You need to implement this without installing client software on each machine. Which approach should you use?

A.Configure each browser's proxy settings to use a filtering proxy server.
B.Enable Windows Defender SmartScreen on each computer via Group Policy.
C.Implement a DNS-based content filtering service on the network's DNS server.
D.Install a third-party browser extension on all browsers to block malicious sites.
AnswerC

DNS filtering blocks requests to malicious domains at the network level, affecting all devices without client software.

Why this answer

Option C is correct because DNS-based content filtering operates at the network level, blocking resolution of domains known to host malicious content. This approach requires no client software, as all DNS queries from employee computers are intercepted and filtered by the network's DNS server, enforcing the policy transparently.

Exam trap

Cisco often tests the distinction between client-side and network-level security controls, and the trap here is assuming that proxy settings or browser extensions are acceptable when the question explicitly prohibits installing client software.

How to eliminate wrong answers

Option A is wrong because configuring each browser's proxy settings manually is not a scalable, clientless solution; it requires per-machine configuration and can be bypassed if users change proxy settings. Option B is wrong because Windows Defender SmartScreen is a client-side feature that must be enabled via Group Policy, which still relies on the Windows operating system on each machine and does not meet the 'without installing client software' requirement. Option D is wrong because installing a third-party browser extension requires client-side installation on each browser, violating the no-client-software constraint.

7
MCQhard

A user reports that their browser crashes every time they visit a particular website. Other websites work fine. The technician tries the same website on another computer and it works normally. What is the most likely cause on the user's computer?

A.The website has been blacklisted by the company's firewall.
B.A browser extension is incompatible with that website.
C.The user's network adapter driver is outdated.
D.The website is using a newer version of TLS that the browser doesn't support.
AnswerB

Extensions can cause conflicts with specific site code, leading to crashes. Testing with extensions disabled can confirm this.

Why this answer

Option B is correct because the issue is isolated to a single website on one computer, and the same website works on another computer. This rules out network-wide or server-side problems. Browser extensions can inject scripts, modify headers, or block resources that a specific website requires, causing crashes.

Disabling extensions or testing in incognito mode (which typically disables extensions) can confirm this.

Exam trap

CompTIA often tests the principle of isolation—candidates mistakenly attribute a single-site issue to network-wide or driver problems, but the key is that the problem follows the user's browser configuration, not the network or hardware.

How to eliminate wrong answers

Option A is wrong because if the website were blacklisted by the company's firewall, it would not load on any computer in the network, not just the user's. Option C is wrong because an outdated network adapter driver would cause connectivity issues across all websites, not a single site. Option D is wrong because TLS version incompatibility would result in a connection error or a 'secure connection failed' message, not a browser crash; additionally, if the browser didn't support the TLS version, the other computer would also fail unless it had a different browser or updated TLS stack.

8
MCQmedium

A user reports that after installing a free PDF converter from an advertisement, their browser homepage changed and they see constant pop-ups for antivirus software. A malware scan found PUPs (Potentially Unwanted Programs). What is the best next step to fully remove the unwanted software and restore browser settings?

A.Run System Restore to a point before installation.
B.Use a dedicated adware removal tool and then reset the browser.
C.Manually delete the program from Program Files.
D.Disable the browser's JavaScript and ActiveX.
AnswerB

Adware removal tools are designed to find and remove PUPs that standard antivirus may miss, and resetting the browser cleans up leftover settings.

Why this answer

Option B is correct because PUPs often embed deeply into browser settings and registry entries that a standard uninstall or System Restore may not fully remove. A dedicated adware removal tool targets these specific traces, and resetting the browser ensures all malicious extensions, search providers, and homepage hijacks are cleared, restoring default security configurations.

Exam trap

CompTIA often tests the misconception that System Restore (Option A) is a comprehensive fix for malware, when in reality it may not remove PUPs that persist in user profile folders or browser data that are excluded from restore points.

How to eliminate wrong answers

Option A is wrong because System Restore may not revert changes made by PUPs that modify user-specific registry hives or browser profile data, and it can leave behind residual files that continue to cause pop-ups. Option C is wrong because manually deleting the program from Program Files does not remove the associated registry entries, scheduled tasks, or browser extensions that maintain the unwanted behavior. Option D is wrong because disabling JavaScript and ActiveX only prevents some script-based pop-ups but does not remove the underlying PUP files, registry modifications, or browser hijack settings.

9
MCQmedium

A technician is investigating a security incident where a user's credentials were stolen. The user says they only logged into their email from a coffee shop Wi-Fi. The technician notices that the browser was not using HTTPS for the login page. What is the most likely attack method used?

A.Cross-site scripting (XSS) attack.
B.Man-in-the-middle attack.
C.DNS spoofing attack.
D.Brute force attack.
AnswerB

An attacker on the same network can intercept unencrypted HTTP traffic and capture login credentials.

Why this answer

On an open Wi-Fi network, an attacker can perform a man-in-the-middle attack to intercept unencrypted HTTP traffic. Without HTTPS, the login credentials are sent in plaintext and can be captured easily. This is a common risk on public Wi-Fi.

10
MCQmedium

A company policy requires that all web traffic be filtered to block known malicious sites. You need to implement this on the network without installing software on each client. What should you configure?

A.Enable Windows Defender Firewall on each workstation
B.Configure a DNS filtering service on the router or DNS server
C.Install a browser extension on all computers
D.Set the browser security level to high
AnswerB

DNS filtering resolves malicious domains to a block page, preventing access at the network level.

Why this answer

A DNS filtering service works at the network level by resolving domain names against a blocklist of known malicious sites. By configuring this on the router or DNS server, all client traffic is filtered transparently without requiring any software installation on individual workstations, which satisfies the policy requirement.

Exam trap

A common trap on the CompTIA A+ exam is confusing host-based and network-based security controls. Candidates may choose a host-based solution (like firewall or browser settings) instead of recognizing that DNS filtering is a network-level, agentless method that meets the 'no client software' constraint.

How to eliminate wrong answers

Option A is wrong because Windows Defender Firewall filters traffic based on ports and IP addresses, not domain names, and it cannot block specific malicious websites by URL. Option C is wrong because installing a browser extension requires software installation on each client, which violates the 'without installing software on each client' requirement. Option D is wrong because setting the browser security level to high only restricts browser features (e.g., scripts, ActiveX) and does not block access to specific malicious sites by domain or URL.

11
MCQmedium

A user receives an email with a link that appears to be from their bank, asking them to verify their account. The link leads to a page that looks exactly like the bank's login page. What type of attack is this?

A.A man-in-the-middle attack.
B.A phishing attack.
C.A ransomware attack.
D.A cross-site scripting (XSS) attack.
AnswerB

Phishing uses social engineering to trick users into revealing sensitive information on fraudulent sites.

Why this answer

This scenario describes a phishing attack, where the attacker sends a deceptive email impersonating a trusted entity (the bank) to trick the user into clicking a malicious link. The link leads to a fraudulent website that mimics the legitimate bank login page, designed to capture the user's credentials. Phishing exploits social engineering rather than technical vulnerabilities, relying on the user's trust and inattention to detail.

Exam trap

CompTIA often tests the distinction between phishing and man-in-the-middle attacks by presenting a scenario where the user is tricked into voluntarily providing credentials on a fake site, which is phishing, not an active interception of network traffic.

How to eliminate wrong answers

Option A is wrong because a man-in-the-middle (MITM) attack involves the attacker intercepting and potentially altering communications between two parties in real time, typically by exploiting network-level vulnerabilities (e.g., ARP spoofing or rogue Wi-Fi), not by sending a deceptive email with a fake link. Option C is wrong because a ransomware attack encrypts the victim's files or locks their system and demands payment for decryption, which is not described here; the email does not contain malware or encryption. Option D is wrong because cross-site scripting (XSS) is a web application vulnerability that allows an attacker to inject malicious scripts into trusted websites, executed in the victim's browser; the attack described does not involve injecting scripts into a legitimate site but rather creating a fake login page.

12
MCQeasy

A small business owner wants to ensure that employees cannot install unauthorized browser extensions on company-managed Windows 10 computers. Which method should you use to enforce this restriction?

A.Enable private browsing mode in each browser
B.Configure Group Policy to block extension installation
C.Set the browser homepage to a company-approved site
D.Install an ad-blocker extension
AnswerB

Group Policy allows administrators to enforce browser settings across all domain-joined computers.

Why this answer

Group Policy allows administrators to centrally manage Windows settings, including browser policies. By configuring the 'Block installation of extensions' policy under Administrative Templates for each browser (e.g., Chrome, Edge), you can prevent users from installing unauthorized extensions on company-managed Windows 10 computers.

Exam trap

The trap here is that candidates may confuse browser security features (like private browsing or homepage settings) with actual policy-based controls, overlooking that only Group Policy or registry-based policies can centrally enforce restrictions on extension installation in a managed environment.

How to eliminate wrong answers

Option A is wrong because enabling private browsing mode only prevents the browser from storing history, cookies, and form data; it does not restrict extension installation. Option C is wrong because setting the browser homepage to a company-approved site only controls the default startup page, not the ability to install extensions. Option D is wrong because installing an ad-blocker extension does not enforce a restriction; it is itself an extension and does not prevent other extensions from being installed.

13
MCQmedium

A user's browser is displaying a warning that the website's certificate is not trusted, even though the URL is correct. The technician checks the date and time on the computer and finds it is set to 2019. What is the most likely cause of the certificate warning?

A.The website's SSL certificate has been revoked.
B.The browser's certificate store is corrupted.
C.The system date is incorrect, causing certificate validation to fail.
D.The user is connected to a malicious proxy.
AnswerC

SSL certificates rely on accurate date/time; a mismatch causes the browser to reject the certificate as invalid.

Why this answer

The system date is set to 2019, which is outside the certificate's validity period. SSL/TLS certificates have a specific notBefore and notAfter date range; when the client's clock is outside this range, the browser rejects the certificate as untrusted. This is the most direct and common cause of the warning given the symptom and the technician's finding.

Exam trap

CompTIA A+ often tests the candidate's ability to distinguish between certificate revocation, corruption, and simple date/time misconfiguration, trapping those who overthink the problem or assume a security breach (like a proxy) when the most basic setting is wrong.

How to eliminate wrong answers

Option A is wrong because a revoked certificate would trigger a different warning (e.g., 'certificate revoked') and is not caused by an incorrect system date; revocation is checked via CRL or OCSP, not local clock. Option B is wrong because a corrupted certificate store would cause failures across many sites, not just one, and the date issue is a specific, isolated cause. Option D is wrong because a malicious proxy would typically present a different certificate or cause a different error (e.g., name mismatch or untrusted root), not a date-related warning, and the technician already found the date is incorrect.

14
MCQmedium

During a security audit, you discover that a user's browser has multiple pop-up windows appearing, even when no websites are open. The user denies installing any software. Which tool should you use to identify and remove the underlying cause?

A.Reset the browser settings to default
B.Run a full scan with Windows Defender or another anti-malware tool
C.Disable JavaScript in the browser
D.Clear the browser cache and cookies
AnswerB

Anti-malware tools can detect and remove adware and PUPs that cause pop-ups.

Why this answer

Pop-ups appearing without a browser suggest adware or a potentially unwanted program (PUP) running as a background process. Using Windows Defender or an anti-malware scanner is the correct approach. This tests understanding of adware behavior and removal tools.

15
MCQhard

During a security incident response, you discover that a user's browser has a rogue extension that exfiltrates data to a remote server. The extension was installed after the user clicked a fake update prompt on a website. What vulnerability was exploited?

A.A zero-day vulnerability in the browser.
B.An insecure direct object reference (IDOR) vulnerability.
C.Social engineering.
D.A cross-site request forgery (CSRF) attack.
AnswerC

The user was manipulated into installing the extension by a deceptive prompt, which is a classic social engineering technique.

Why this answer

The correct answer is C because the attack exploited the user's trust and lack of caution, not a technical flaw in the browser or web application. The user was tricked into installing a rogue extension by clicking a fake update prompt, which is a classic social engineering technique that manipulates human psychology rather than exploiting code vulnerabilities.

Exam trap

The A+ exam often tests the distinction between technical exploits and human-factor attacks, and the trap here is that candidates may assume any browser-related compromise must involve a technical vulnerability like a zero-day, overlooking that social engineering bypasses technical controls entirely.

How to eliminate wrong answers

Option A is wrong because a zero-day vulnerability is an unknown, unpatched flaw in software code that allows an attacker to compromise a system without user interaction; here, the browser itself was not exploited—the user willingly installed the extension. Option B is wrong because an insecure direct object reference (IDOR) vulnerability involves exposing a direct reference to an internal object (like a file or database record) without proper access control, which is unrelated to tricking a user into installing a malicious extension. Option D is wrong because a cross-site request forgery (CSRF) attack forces an authenticated user to execute unwanted actions on a web application where they are logged in, typically via a crafted link or form; this scenario involves no forged requests—the user actively clicked a fake prompt.

16
MCQeasy

A user reports that their web browser frequently redirects to an unfamiliar search engine and displays pop-up ads even when no tabs are open. What is the most likely cause of this behavior?

A.The browser needs to be updated to the latest version.
B.The user has accidentally enabled a malicious browser extension.
C.The internet connection is unstable and causing DNS errors.
D.The browser cache is full and needs to be cleared.
AnswerB

A malicious extension can hijack browser settings, redirect searches, and inject ads. This is a common vector for browser hijackers.

Why this answer

The described behavior—unwanted redirects to an unfamiliar search engine and pop-up ads appearing even with no tabs open—is a classic symptom of adware or a malicious browser extension. Such extensions hijack browser settings, inject ads, and redirect search queries without the user's consent. Unlike a simple update or cache issue, this requires a malicious add-on that has been granted permissions to modify web content and navigation.

Exam trap

CompTIA often tests the misconception that browser issues are always caused by outdated software or cache problems, when in fact malicious extensions are a common source of persistent adware behavior that updates and cache clearing cannot fix.

How to eliminate wrong answers

Option A is wrong because updating the browser version patches security vulnerabilities but does not remove already-installed malicious extensions or undo their configuration changes. Option C is wrong because unstable internet connections or DNS errors cause timeouts or failure to load pages, not persistent redirects to a specific unfamiliar search engine or pop-up ads when no tabs are open. Option D is wrong because a full browser cache may slow performance or cause stale content to display, but it cannot generate pop-up ads or redirects to an unknown search engine; those actions require active code execution, not cached data.

17
MCQeasy

During a security audit, you find that a user's browser has an outdated version of Adobe Flash Player installed. What is the primary security risk associated with this finding?

A.The browser will run slower and may crash frequently.
B.The user will be unable to view some web content.
C.Attackers can exploit known vulnerabilities in the plugin to install malware.
D.The browser will automatically disable the plugin.
AnswerC

Outdated plugins have unpatched security holes that attackers frequently target to compromise systems.

Why this answer

Outdated Adobe Flash Player versions contain publicly known vulnerabilities (CVEs) that attackers can exploit via drive-by downloads or malicious advertisements. Exploiting these flaws allows arbitrary code execution, enabling malware installation without user interaction. This is the primary security risk because unpatched plugins are a common entry point for ransomware, spyware, and botnets.

Exam trap

CompTIA often tests the distinction between operational issues (performance, compatibility) and actual security vulnerabilities, trapping candidates who confuse 'annoying' with 'dangerous'.

How to eliminate wrong answers

Option A is wrong because performance issues like slower browsing or crashes are operational annoyances, not the primary security risk; outdated Flash may cause instability, but the core concern is exploitation. Option B is wrong because inability to view content is a compatibility issue, not a security risk; while some sites may require newer Flash, the audit focuses on vulnerabilities, not functionality. Option D is wrong because modern browsers (e.g., Chrome, Edge) may block or disable outdated Flash by default, but this is a mitigation, not the risk itself; the risk exists before the browser takes action.

18
MCQeasy

A customer says that when they click a link in an email, it opens a website that looks exactly like their bank's login page, but the URL starts with 'http://' instead of 'https://'. What is the most likely security concern?

A.The website is using an expired SSL certificate.
B.The user's browser is infected with adware.
C.The email contains a phishing link.
D.The user's DNS server has been compromised.
AnswerC

The combination of a lookalike page and HTTP instead of HTTPS is classic phishing, designed to steal login credentials.

Why this answer

The absence of HTTPS and the lookalike page strongly indicate a phishing attempt. Phishing sites often mimic legitimate sites to steal credentials, and the lack of encryption is a red flag. Users should never enter credentials on non-HTTPS pages, especially from email links.

19
MCQmedium

A technician is configuring a shared kiosk computer in a library. The requirement is that users must not be able to download files or install software. Which browser security setting should be configured?

A.Disable JavaScript in the browser.
B.Enable the browser's private browsing mode.
C.Set the browser to block all downloads and prompt for a save location.
D.Clear the browser cache and cookies daily.
AnswerC

Blocking downloads prevents users from saving files, which is essential for a kiosk environment.

Why this answer

Option C is correct because blocking all downloads and prompting for a save location prevents users from saving executable files or malicious content to the kiosk, which directly addresses the requirement to prevent file downloads and software installations. This setting is typically found in the browser's security or privacy settings and overrides any user attempt to download files, ensuring that no files are saved to the local system.

Exam trap

CompTIA often tests the misconception that private browsing mode (Option B) provides security against downloads or installations, when in fact it only addresses local privacy, not file-saving restrictions.

How to eliminate wrong answers

Option A is wrong because disabling JavaScript would break many modern websites and web applications, but it does not prevent users from downloading files or installing software; JavaScript is a scripting language for dynamic content, not a download control mechanism. Option B is wrong because enabling private browsing mode only prevents the browser from storing history, cookies, and temporary files locally; it does not block downloads or software installations, as users can still save files to disk. Option D is wrong because clearing the browser cache and cookies daily is a privacy and performance measure, not a security control to block downloads or installations; it does not restrict the user's ability to save files or run executables.

20
MCQeasy

A small business owner asks you to configure their office computers so that employees cannot install unauthorized browser extensions. Which policy setting should you implement?

A.Disable the browser's developer mode in the settings.
B.Set the browser to always use private browsing mode.
C.Use Group Policy to block extension installation and whitelist approved extensions.
D.Install a pop-up blocker on each computer.
AnswerC

Group Policy allows administrators to centrally control browser settings, including blocking extensions and allowing only approved ones.

Why this answer

Group Policy allows centralized management of browser settings in a domain environment. By configuring the 'Configure the list of force-installed extensions' and 'Block external extensions' policies, an administrator can whitelist approved extensions and prevent users from installing any others. This directly addresses the requirement to block unauthorized browser extensions.

Exam trap

CompTIA often tests the distinction between user-configurable browser settings (like disabling developer mode or enabling private browsing) and centrally enforced Group Policy settings that cannot be overridden by the user.

How to eliminate wrong answers

Option A is wrong because disabling developer mode only prevents access to developer tools and does not block extension installation; extensions can still be installed via the Chrome Web Store or other methods. Option B is wrong because private browsing mode (Incognito) does not restrict extension installation; it only prevents browsing history from being saved locally. Option D is wrong because a pop-up blocker only suppresses unwanted pop-up windows and has no effect on the installation or management of browser extensions.

21
MCQmedium

A customer reports that their browser shows a 'Your connection is not private' warning when visiting their online banking site, but other websites work fine. What is the most likely cause?

A.The user's system date and time are incorrect.
B.The bank's SSL certificate has expired or is misconfigured.
C.The user's browser is infected with a man-in-the-middle proxy.
D.The user's anti-virus is blocking the connection.
AnswerB

A single-site certificate error points to a problem with that site's certificate, not the client.

Why this answer

The 'Your connection is not private' warning indicates a TLS/SSL certificate validation failure. Since only the banking site is affected, the issue is specific to that site's certificate, not a system-wide problem. The most common cause is that the bank's SSL certificate has expired, is self-signed, or does not match the domain name, triggering the browser's certificate trust check.

Exam trap

The CompTIA A+ exam often tests the distinction between a site-specific certificate issue (affecting one site) versus a client-side configuration problem (affecting all sites), leading candidates to incorrectly choose the date/time or proxy options.

How to eliminate wrong answers

Option A is wrong because an incorrect system date/time would cause certificate validation failures for all HTTPS sites, not just the banking site. Option C is wrong because a man-in-the-middle proxy would intercept all HTTPS traffic, causing warnings on multiple sites, not just one. Option D is wrong because anti-virus software typically blocks connections entirely or injects its own certificate, which would affect all HTTPS sites, not a single site.

22
MCQmedium

A technician is configuring a kiosk computer that will be used by the public to access a specific website. The technician wants to prevent users from navigating to other sites or changing browser settings. Which browser feature should be enabled?

A.Enable private browsing mode.
B.Enable parental controls.
C.Enable kiosk mode.
D.Disable the address bar via group policy.
AnswerC

Kiosk mode restricts the browser to a single full-screen application, preventing navigation to other sites and access to browser settings.

Why this answer

Kiosk mode locks the browser to a specific site or set of sites, hides the address bar, and disables settings access. This is ideal for public terminals. Other options like private browsing or parental controls do not provide the same level of restriction.

23
MCQhard

A technician is tasked with securing a legacy web application that only supports HTTP, not HTTPS. The application is critical for internal operations but must be accessible remotely. What is the best way to secure the traffic without modifying the application?

A.Install a self-signed SSL certificate on the server.
B.Use a VPN to access the internal network.
C.Enable HTTP Strict Transport Security (HSTS) on the server.
D.Configure the browser to use a proxy server.
AnswerB

A VPN encrypts all traffic between the remote user and the network, securing the legacy HTTP traffic without changing the app.

Why this answer

Option B is correct because a VPN creates an encrypted tunnel between the remote user and the internal network, securing all HTTP traffic without any modification to the legacy application. Since the application only supports HTTP, it cannot serve HTTPS natively, and a VPN provides transport-layer encryption (e.g., IPsec or TLS-based VPN) that protects data in transit over untrusted networks.

Exam trap

A common misconception is that installing a certificate or enabling a security header can magically convert an HTTP-only application to HTTPS, when in fact the application must natively support TLS termination to use those features.

How to eliminate wrong answers

Option A is wrong because installing a self-signed SSL certificate on the server does not enable HTTPS; the application itself must support HTTPS to use the certificate, and a legacy HTTP-only application cannot serve HTTPS without code changes. Option C is wrong because HSTS is an HTTP response header that enforces HTTPS connections from browsers, but it requires the server to already support HTTPS, which this legacy application does not. Option D is wrong because configuring the browser to use a proxy server only redirects traffic through an intermediary; it does not encrypt the traffic between the client and the proxy, leaving the HTTP data exposed on the network.

24
MCQeasy

During a software deployment, a technician needs to ensure that a new web application can run in a sandboxed environment to prevent it from accessing other system resources. Which browser feature should be configured?

A.Enable pop-up blocker.
B.Enable private browsing mode.
C.Enable browser sandboxing.
D.Disable JavaScript.
AnswerC

Sandboxing isolates the web application process, preventing it from accessing the system or other tabs, which is exactly what is needed.

Why this answer

Option C is correct because browser sandboxing is a security mechanism that isolates the web application's processes from the rest of the system, preventing it from accessing other system resources such as the file system, registry, or other processes. This is commonly implemented in modern browsers (e.g., Chrome's multi-process architecture with a sandbox layer) to contain potential exploits from a compromised web application.

Exam trap

CompTIA often tests the distinction between privacy features (like private browsing) and security features (like sandboxing), leading candidates to confuse 'preventing local storage of data' with 'preventing system resource access.'

How to eliminate wrong answers

Option A is wrong because enabling a pop-up blocker only prevents unwanted pop-up windows from appearing; it does not restrict the web application's access to system resources or provide any sandboxing. Option B is wrong because private browsing mode (e.g., Incognito in Chrome) only prevents the browser from storing local history, cookies, and form data; it does not isolate the application from the underlying operating system or other system resources. Option D is wrong because disabling JavaScript would break most modern web applications, but it does not create a sandboxed environment; it merely removes a scripting capability, leaving other attack vectors (e.g., HTML, CSS, or plugin exploits) uncontained.

25
MCQhard

A user's browser is infected with a malicious extension that steals credentials. The extension was installed via a drive-by download from a compromised website. After removing the extension, what additional step should you take to ensure the credentials are not compromised?

A.Clear the browser cache and cookies
B.Run a full antivirus scan
C.Reset the browser settings to default
D.Change all passwords that were entered while the extension was active
AnswerD

Since credentials may have been captured, changing passwords is essential to prevent unauthorized access.

Why this answer

Option D is correct because a malicious browser extension that steals credentials has already exfiltrated any passwords entered while it was active. Removing the extension stops further theft, but the compromised credentials remain exposed. Changing all passwords ensures that stolen credentials are invalidated, preventing unauthorized access to accounts.

Exam trap

CompTIA often tests the misconception that removing the malicious component or clearing local data is sufficient, when in fact the attacker already has the stolen credentials and only changing passwords remediates the actual compromise.

How to eliminate wrong answers

Option A is wrong because clearing the browser cache and cookies removes local data like session tokens or stored form entries, but does not address credentials that were already sent to an attacker via the extension. Option B is wrong because running a full antivirus scan targets malware on the system, but the malicious extension has already been removed; the core issue is the theft of credentials, not persistent malware. Option C is wrong because resetting browser settings to default removes configurations and extensions, which is redundant after removal, but does not change passwords that were already compromised.

26
MCQeasy

A user reports that their browser frequently redirects to a search page they never set, and they see unfamiliar toolbars. After running a malware scan that found nothing, what should the technician do next to resolve the issue?

A.Replace the network cable.
B.Reset the browser settings to default.
C.Update the network adapter driver.
D.Reinstall the operating system.
AnswerB

Resetting the browser removes all add-ons, toolbars, and restores default homepage and search settings, which effectively eliminates browser hijackers.

Why this answer

The symptoms—unwanted redirects and unfamiliar toolbars—are classic signs of browser hijacking, often caused by a malicious extension or a changed proxy configuration. Since a malware scan found nothing, the next logical step is to reset the browser settings to default, which removes all extensions, restores the homepage and search engine, and clears cached data that may be enforcing the redirects. This action directly addresses the most common vector for such behavior without resorting to hardware or OS-level changes.

Exam trap

The trap here is that candidates often jump to reinstalling the OS or scanning for malware again, but CompTIA tests whether you recognize that browser-specific issues are best resolved with browser-level tools before escalating to system-wide repairs.

How to eliminate wrong answers

Option A is wrong because replacing the network cable would only fix physical connectivity issues, not software-based browser hijacking or redirects caused by extensions or proxy settings. Option C is wrong because updating the network adapter driver addresses hardware-level network communication problems, not browser-level configuration or add-on issues. Option D is wrong because reinstalling the operating system is an extreme, time-consuming measure that is unnecessary when the problem is isolated to the browser; resetting browser settings is a far more targeted and efficient first step.

27
MCQmedium

A small business owner wants to ensure that employees cannot install browser extensions or add-ons without administrator approval. Which method should the technician use to enforce this restriction across all company computers?

A.Configure each browser's settings manually on every computer.
B.Use Group Policy to disable extension installation.
C.Install a third-party firewall to block extension downloads.
D.Set the browser to private browsing mode.
AnswerB

Group Policy provides centralized control to block extension installations across all domain-joined computers.

Why this answer

Group Policy (specifically the Administrative Templates for Google Chrome, Microsoft Edge, or Firefox) provides a centralized method to enforce browser settings across all domain-joined computers. By configuring the 'Block external extensions' or 'ExtensionInstallBlockList' policy, the technician can prevent users from installing extensions without administrator approval, ensuring consistent enforcement without manual intervention on each machine.

Exam trap

The trap here is that candidates often think a firewall or manual configuration is sufficient, but the A+ exam tests the understanding that Group Policy is the only centralized, scalable method for enforcing browser restrictions in a domain environment, while firewalls operate at the network layer and cannot intercept browser-internal operations.

How to eliminate wrong answers

Option A is wrong because manually configuring each browser's settings on every computer is not scalable, prone to human error, and does not provide centralized enforcement or auditing. Option C is wrong because a third-party firewall blocks network traffic (e.g., downloads from specific URLs) but cannot control the browser's internal extension installation process, which occurs via the browser's own APIs and registry. Option D is wrong because private browsing mode only prevents local history and cookie storage; it does not restrict extension installation, which remains fully functional in private mode.

28
MCQmedium

A user reports that their browser displays a warning saying 'Your connection is not private' when visiting a frequently used banking site. After checking, you see the certificate error is for a different domain. What is the most likely cause?

A.The user's system date and time are incorrect
B.The website's SSL certificate has expired
C.A malicious proxy or DNS hijacking is redirecting traffic to a fake site
D.The browser needs to be updated to the latest version
AnswerC

A man-in-the-middle attack can present a certificate for a different domain, indicating redirection to a fraudulent site.

Why this answer

The certificate error for a different domain indicates that the browser is being directed to a server whose SSL certificate does not match the expected banking site's domain. This is a classic sign of a man-in-the-middle attack, often caused by malicious proxy or DNS hijacking, where traffic is redirected to a fraudulent server presenting a certificate for a different domain.

Exam trap

CompTIA often tests the distinction between certificate errors caused by date/time issues versus domain mismatches, and the trap here is that candidates may confuse a 'different domain' error with a simple expired certificate or browser update issue.

How to eliminate wrong answers

Option A is wrong because an incorrect system date and time would cause a certificate validity error (e.g., 'not yet valid' or 'expired'), but the error would still reference the correct domain, not a different one. Option B is wrong because an expired SSL certificate would produce a warning about the certificate being out of date, but the domain in the certificate would still match the banking site's domain. Option D is wrong because an outdated browser might lack support for newer TLS versions or cipher suites, but it would not cause a certificate domain mismatch; the error would typically be about protocol or cipher incompatibility, not a different domain.

29
MCQeasy

A user calls the help desk complaining that their browser homepage keeps changing to a site they did not set, and they cannot change it back. You remotely check and find no malware. What is the most likely cause?

A.The user's browser profile is corrupted.
B.A recently installed program modified the browser settings during installation.
C.The user's DNS settings are being hijacked by the ISP.
D.The browser's shortcut target is pointing to a different URL.
AnswerB

Many free applications bundle browser modifications; if the user did not uncheck those options, the homepage changes.

Why this answer

Option B is correct because many legitimate software installers include bundled programs or browser extensions that modify the default homepage, search provider, or new tab page as part of their installation routine. Even without malware, these changes are often made via registry keys (e.g., HKCU\Software\Microsoft\Internet Explorer\Main\Start Page) or browser policy files, and the user may not have unchecked the relevant option during setup. Since no malware was found, a recently installed program is the most likely cause of the unwanted homepage change.

Exam trap

The trap here is that candidates often assume any unwanted homepage change must be malware, but CompTIA tests the concept that legitimate software can alter browser settings during installation, and the absence of malware points to a non-malicious program as the cause.

How to eliminate wrong answers

Option A is wrong because a corrupted browser profile typically causes crashes, missing bookmarks, or sync errors, not a persistent homepage change that the user cannot revert. Option C is wrong because ISP DNS hijacking redirects all DNS queries for a domain to a different IP, which would affect navigation to any site, not just change the browser's homepage setting; the homepage is a local browser preference, not a DNS resolution issue. Option D is wrong because a modified shortcut target would only affect the homepage if the browser is launched with a command-line argument (e.g., --homepage URL), but the user would still be able to change the homepage within the browser settings; the shortcut target does not override the internal browser preference unless explicitly configured that way.

30
MCQmedium

You are configuring a new Windows 10 computer for a user who frequently downloads files from the internet. To reduce the risk of malware, you want to block the execution of downloaded files from the internet until they are scanned by antivirus. Which Windows feature should you enable?

A.Windows Defender Firewall
B.Windows Defender Application Guard
C.BitLocker Drive Encryption
D.User Account Control (UAC)
AnswerB

Windows Defender Application Guard runs untrusted files in an isolated container but does not block execution until scanning; it allows execution within a sandbox.

Why this answer

None of the listed options correctly address the requirement. The feature that blocks execution of downloaded files until they are scanned is Windows Defender SmartScreen or Windows Defender Antivirus real-time protection. Windows Defender Application Guard isolates files in a sandbox but does not block execution pending scan; it allows execution but in a container.

Windows Defender Firewall controls network traffic, BitLocker encrypts drives, and UAC prompts for elevation but does not scan files.

Exam trap

Candidates may confuse Application Guard's sandboxing with pre-execution scanning. However, the specific feature for blocking execution until scan is SmartScreen, which is not listed here.

How to eliminate wrong answers

Option A is wrong because Windows Defender Firewall controls network traffic based on rules (e.g., blocking inbound/outbound connections) but does not inspect or block execution of downloaded files on the local system. Option C is wrong because BitLocker Drive Encryption provides full-disk encryption to protect data at rest but has no mechanism to scan or block execution of downloaded files. Option D is wrong because User Account Control (UAC) prompts for administrative consent before system-level changes but does not scan or block execution of user-downloaded files from the internet.

Ready to test yourself?

Try a timed practice session using only Browser and Application Security questions.