CCNA Windows Administrative Tools Questions

30 questions · Windows Administrative Tools · All types, answers revealed

1
MCQmedium

A small business user needs to set up a VPN connection on their Windows 11 laptop to access company resources. They ask you which tool to use. Which administrative tool should you instruct them to open?

A.Device Manager to install a virtual network adapter.
B.Windows Settings > Network & internet > VPN.
C.Services console to enable the 'Remote Access Connection Manager' service.
D.Task Scheduler to create a task that launches the VPN client.
AnswerB

Correct. The VPN section in Windows Settings allows adding and configuring VPN connections.

Why this answer

Windows 11 includes a built-in VPN client that is configured through the Settings app under Network & internet > VPN. This is the correct administrative tool for a small business user to set up a VPN connection without needing additional software or advanced system tools.

Exam trap

This question tests the misconception that VPN configuration requires modifying system services or hardware settings, leading candidates to choose Device Manager or Services console instead of the straightforward Settings interface.

How to eliminate wrong answers

Option A is wrong because Device Manager is used to manage hardware devices and drivers, not to configure VPN connections; installing a virtual network adapter is not the primary step for setting up a VPN. Option C is wrong because the 'Remote Access Connection Manager' service is automatically started when needed and does not require manual enabling through the Services console for a standard VPN setup. Option D is wrong because Task Scheduler is used to automate tasks at specific times or events, not to launch a VPN client for on-demand connectivity.

2
MCQmedium

After a malware infection, a user's Windows 10 PC has several suspicious scheduled tasks that run at startup. Which administrative tool should you use to review and disable these tasks?

A.Services console to stop the 'Task Scheduler' service.
B.Task Scheduler to examine the task library and disable suspicious entries.
C.Resource Monitor to see which tasks are currently running.
D.Windows Firewall with Advanced Security to block the tasks' network access.
AnswerB

Correct. Task Scheduler provides a full list of scheduled tasks, including those created by malware, and allows disabling or deleting them.

Why this answer

The Task Scheduler (taskschd.msc) is the correct administrative tool to review and disable suspicious scheduled tasks because it provides a centralized library of all tasks, including their triggers, actions, and conditions. After a malware infection, attackers often create persistent scheduled tasks that run at startup; using Task Scheduler, you can navigate to the Task Scheduler Library, locate the malicious entries, and disable or delete them directly without affecting the core Task Scheduler service.

Exam trap

The CompTIA A+ exam often tests the misconception that stopping a service or using a firewall rule can disable a scheduled task, but the correct approach is to use the Task Scheduler itself to manage the task entries directly.

How to eliminate wrong answers

Option A is wrong because stopping the 'Task Scheduler' service would disable all scheduled tasks, including legitimate system tasks, and is not a targeted method for reviewing or disabling specific suspicious entries; it also does not allow you to examine the task library. Option C is wrong because Resource Monitor shows real-time system resource usage and currently running processes, but it does not display scheduled tasks or allow you to disable them; it is not designed for managing task definitions. Option D is wrong because Windows Firewall with Advanced Security controls network traffic based on rules, not scheduled tasks; blocking a task's network access would not disable the task itself, and the task would still execute locally, potentially causing harm.

3
MCQeasy

A user reports that their Windows 10 PC is running slowly after they installed a new program. You need to identify which service or startup program is consuming the most CPU resources to troubleshoot the issue. Which administrative tool should you use?

A.Event Viewer
B.Task Manager
C.Services.msc
D.Performance Monitor
AnswerB

Task Manager's Processes tab shows CPU, memory, and disk usage for each running process, allowing you to pinpoint the culprit.

Why this answer

Task Manager provides real-time performance monitoring, including CPU usage per process. This makes it the ideal tool for quickly identifying resource hogs. Other tools like Event Viewer or Services.msc are for different purposes.

4
MCQhard

A user's Windows 10 PC is experiencing random freezes and application crashes. You suspect a corrupted system file. You run sfc /scannow but it reports that it cannot repair some files. What is the next best step to repair the system files using a DISM command?

A.Run chkdsk /f
B.Run DISM /Online /Cleanup-Image /RestoreHealth
C.Run System Restore
D.Run Windows Update
AnswerB

DISM /RestoreHealth repairs the system image, enabling sfc to function correctly afterward.

Why this answer

The correct next step is to run DISM /Online /Cleanup-Image /RestoreHealth because SFC (System File Checker) relies on a healthy component store (WinSxS) to replace corrupted files. When SFC cannot repair files, it indicates the component store itself may be damaged. DISM repairs the component store by using Windows Update as the source, or a specified repair source, thereby enabling SFC to succeed on a subsequent scan.

Exam trap

The trap here is that candidates often assume SFC is the ultimate repair tool and overlook that DISM must fix the underlying component store first, leading them to choose chkdsk or System Restore as a quick fix.

How to eliminate wrong answers

Option A is wrong because chkdsk /f checks and repairs file system integrity and disk errors, not system file corruption; it addresses issues like bad sectors or MFT corruption, not the Windows component store. Option C is wrong because System Restore reverts system files and registry settings to a previous restore point, but it does not directly repair the component store or replace corrupted system files from a known good source; it may also fail if the restore point itself is corrupted. Option D is wrong because Windows Update installs updates and patches but does not repair existing corrupted system files in the component store; DISM is the tool designed for that purpose.

5
MCQhard

A security incident occurred where an unauthorized user gained access to a workstation. The security team needs to review detailed logs of all user logon attempts, including successful and failed logins, for the past 48 hours. Which administrative tool and specific log should you access to provide this information?

A.Event Viewer > Windows Logs > System
B.Event Viewer > Windows Logs > Security
C.Event Viewer > Applications and Services Logs > Microsoft > Windows > TerminalServices-LocalSessionManager
D.Computer Management > System Tools > Shared Folders > Sessions
AnswerB

The Security log contains audit events such as logon/logoff, account management, and policy changes.

Why this answer

Event Viewer's Windows Logs > Security log records all security-related events, including logon attempts (success and failure). This is the standard location for auditing user activity. Other logs like System or Application do not focus on authentication events.

6
MCQeasy

During a software deployment, you need to configure a Windows 10 workstation to automatically start a legacy application every time a specific user logs on. Which tool should you use to add this startup entry for that user only?

A.Services.msc
B.Task Manager
C.Computer Management
D.Local Group Policy Editor
AnswerD

Local Group Policy Editor (gpedit.msc) can configure logon scripts for a specific user, which will run the legacy application at logon. This is the appropriate tool for adding a per-user startup entry.

Why this answer

Local Group Policy Editor (gpedit.msc) allows you to assign logon scripts for individual users under User Configuration > Windows Settings > Scripts (Logon/Logoff). This runs the specified application at user logon, meeting the requirement for a per-user startup entry without affecting other users. Task Manager's Startup tab only enables/disables existing entries, not add new ones.

Services.msc manages system-wide services. Computer Management is a container of tools but not directly for adding user-specific startup entries.

Exam trap

CompTIA often tests the distinction between per-user startup (Task Manager) and system-wide startup (Services.msc or Group Policy), and the trap here is that candidates confuse the 'Startup' tab in Task Manager with the 'Startup' folder in the Start menu, or assume that Computer Management's 'Services' node can manage user-specific applications.

How to eliminate wrong answers

Option A is wrong because Services.msc manages Windows services that run in the background under the SYSTEM account or a specified service account, not per-user interactive startup applications. Option C is wrong because Computer Management is a consolidated console for system tools (e.g., Disk Management, Event Viewer, Local Users and Groups) but does not include a per-user startup entry editor; it lacks the granularity to add a startup program for a single user. Option D is wrong because the Local Group Policy Editor (gpedit.msc) can configure startup scripts via Computer Configuration or User Configuration, but those are processed during Group Policy refresh and are intended for domain-managed or local policy-based script execution, not for simply adding a legacy application to the user's Run registry key or Startup folder; it is overkill and not the direct tool for this task.

7
MCQmedium

A customer reports that their Windows 11 PC is experiencing intermittent application crashes and you suspect file corruption. You need to run a system file check without using the full Windows interface. Which administrative tool can you launch from the Run dialog to open a command prompt with the necessary permissions?

A.Type 'cmd' in the Run dialog and press Enter
B.Type 'powershell' in the Run dialog and press Enter
C.Type 'cmd' in the Run dialog and press Ctrl+Shift+Enter
D.Type 'msconfig' in the Run dialog and press Enter
AnswerC

This launches an elevated command prompt with administrator privileges, required for SFC to repair system files.

Why this answer

Option C is correct because pressing Ctrl+Shift+Enter while typing 'cmd' in the Run dialog launches Command Prompt with administrator privileges, which is required to run the System File Checker (sfc /scannow) to repair file corruption. This bypasses the full Windows interface and provides the necessary elevated permissions.

Exam trap

Cisco often tests the distinction between launching a tool with standard permissions versus elevated permissions, and the trap here is that candidates assume typing 'cmd' alone is sufficient, forgetting that administrative tasks like sfc require the Ctrl+Shift+Enter shortcut to run as administrator.

How to eliminate wrong answers

Option A is wrong because typing 'cmd' and pressing Enter opens Command Prompt with standard user permissions, which lacks the administrative rights needed to run sfc /scannow. Option B is wrong because typing 'powershell' and pressing Enter opens PowerShell with standard user permissions, not elevated, and the question specifically asks for a command prompt, not PowerShell. Option D is wrong because 'msconfig' opens the System Configuration utility, which is a graphical tool for boot settings and services, not a command-line interface for running system file checks.

8
MCQmedium

Your company is deploying a new application that requires .NET Framework 3.5 on multiple Windows 10 workstations. You need to enable this feature on a single test machine first. Which tool should you use?

A.Programs and Features
B.Windows Features
C.Device Manager
D.Services
AnswerB

Windows Features lets you add or remove Windows components like .NET Framework 3.5 directly from the operating system.

Why this answer

Windows Features (accessible via 'Turn Windows features on or off' in the Control Panel or Settings) is the correct tool to enable .NET Framework 3.5 on a Windows 10 workstation. This feature includes .NET 2.0 and 3.0, and it can be installed from local sources or Windows Update. Programs and Features is used for uninstalling or changing installed programs, not for enabling Windows roles or features.

Exam trap

The trap here is that candidates confuse 'Programs and Features' (which manages installed applications) with 'Turn Windows features on or off' (which manages Windows components), leading them to select A instead of B.

How to eliminate wrong answers

Option A is wrong because Programs and Features is designed for managing installed applications (e.g., uninstalling, repairing, or changing software), not for enabling Windows OS features like .NET Framework 3.5. Option C is wrong because Device Manager is used to manage hardware devices, drivers, and resources (e.g., updating drivers, disabling devices), not for enabling software features. Option D is wrong because Services (services.msc) manages background Windows services (e.g., starting, stopping, or configuring service startup types), not for installing or enabling Windows features.

9
MCQmedium

After installing a new printer, a user reports that print jobs are stuck in the queue and cannot be deleted. You need to stop and restart the print spooler service to clear the queue. Which administrative tool allows you to manage this service?

A.Task Manager
B.Services.msc
C.Device Manager
D.Event Viewer
AnswerB

Services.msc lists all services, including the Print Spooler, and allows you to stop, start, or restart them.

Why this answer

The Print Spooler is a Windows service that manages print jobs. To stop and restart it, you need the Services management console, which is accessed by running 'services.msc'. This tool allows you to start, stop, pause, and configure services, making it the correct administrative tool for clearing a stuck print queue.

Exam trap

The trap here is that candidates often confuse Task Manager with service management because both can stop processes, but Task Manager cannot manage Windows services directly; only services.msc or the command line can stop and restart the Print Spooler service.

How to eliminate wrong answers

Option A is wrong because Task Manager is used to manage running processes, applications, and system performance, not to control Windows services like the Print Spooler. Option C is wrong because Device Manager is used to manage hardware devices and drivers, not to start or stop services. Option D is wrong because Event Viewer is used to view system, security, and application logs, not to manage services.

10
MCQmedium

A user reports that their Windows 10 PC frequently crashes with a blue screen error. You want to analyze the memory dump files to identify the faulty driver. Which tool should you use to view and analyze these dump files?

A.Event Viewer
B.Windows Memory Diagnostic
C.Performance Monitor
D.Task Manager
AnswerA

Event Viewer logs system errors, including blue screen events, and provides details about the crash, including the dump file path.

Why this answer

Event Viewer is the correct tool because it logs system events, including blue screen errors (BugCheck events), and provides access to memory dump files. You can view the details of a crash under 'Windows Logs > System' and filter by event ID 1001, which includes the path to the dump file and the module that caused the failure. This allows you to identify the faulty driver by analyzing the dump file directly or by using additional tools like WinDbg.

Exam trap

The trap here is that candidates often confuse Windows Memory Diagnostic (a RAM tester) with a tool for analyzing crash dumps, or they assume Task Manager or Performance Monitor can provide crash analysis, but only Event Viewer logs the crash event and points to the dump file location.

How to eliminate wrong answers

Option B is wrong because Windows Memory Diagnostic is a tool for testing physical RAM for hardware errors, not for analyzing memory dump files from crashes. Option C is wrong because Performance Monitor is used to collect and analyze real-time performance data (e.g., CPU, disk usage) over time, not to view or analyze crash dump files. Option D is wrong because Task Manager provides a snapshot of running processes, performance metrics, and startup programs, but it cannot display or analyze memory dump files from blue screen errors.

11
MCQhard

A user reports that their Windows 10 PC is unable to connect to network shares on a server, but internet access works fine. You suspect the 'Workstation' service is not running. Which administrative tool should you use to verify and start this service?

A.Task Manager > Startup tab to check if the service is enabled.
B.Network and Sharing Center to run the network troubleshooter.
C.Services console to locate the 'Workstation' service and start it.
D.Device Manager to reinstall the network adapter driver.
AnswerC

Correct. The Services console lists all services, including the Workstation service, and allows starting, stopping, or restarting them.

Why this answer

The 'Workstation' service (LanmanWorkstation) is a core Windows service that enables the computer to initiate outbound SMB connections to network shares. The Services console (services.msc) is the correct administrative tool to check the status of this service and start it if it is stopped. Option C directly addresses the need to verify and manage this service.

Exam trap

The trap here is that candidates may confuse a service issue with a driver or network configuration problem, leading them to choose Device Manager or Network and Sharing Center instead of the Services console.

How to eliminate wrong answers

Option A is wrong because the Task Manager Startup tab only manages programs that launch at user logon, not Windows services; the 'Workstation' service is a system service controlled via the Services console or SC command. Option B is wrong because Network and Sharing Center runs network troubleshooters that diagnose connectivity issues like IP configuration or DNS, but cannot start or stop Windows services. Option D is wrong because Device Manager is used to manage hardware drivers; reinstalling the network adapter driver would not resolve a service that is stopped, and the issue is not driver-related.

12
MCQmedium

A user reports that their Windows 10 PC is unable to connect to shared network folders on the office server. You need to verify that the necessary network discovery and file sharing services are running. Which administrative tool should you open to check the status of services like 'Function Discovery Resource Publication' and 'SSDP Discovery'?

A.Network and Sharing Center
B.Device Manager
C.Services.msc
D.Task Manager
AnswerC

Services.msc allows you to view and manage the status of all Windows services, including network discovery services.

Why this answer

The correct answer is C because the 'Services.msc' (Services console) is the dedicated Microsoft Management Console (MMC) snap-in used to start, stop, and configure Windows services. To verify that 'Function Discovery Resource Publication' (which publishes the machine's resources for network discovery) and 'SSDP Discovery' (which implements the Simple Service Discovery Protocol for UPnP devices) are running, you must open the Services console. Network and Sharing Center only shows connection status and sharing settings, not the underlying service state.

Exam trap

The trap here is that candidates often confuse the 'Network and Sharing Center' (which displays network discovery settings) with the actual service management console, not realizing that the service state must be verified separately in Services.msc because the GUI toggle in Network and Sharing Center only changes the firewall rules, not the underlying service status.

How to eliminate wrong answers

Option A is wrong because Network and Sharing Center is a GUI for viewing network status, setting up new connections, and managing sharing profiles; it does not display or allow control of individual Windows services like 'Function Discovery Resource Publication' or 'SSDP Discovery'. Option B is wrong because Device Manager is used to manage hardware drivers and devices, not software services; it has no interface for service state or startup type. Option D is wrong because Task Manager shows running processes and performance metrics, but it does not list system services by their service name or provide controls for service startup type; it only shows a limited view of processes under the 'Services' tab, not the full service management console.

13
MCQhard

A security incident occurred on a Windows 10 workstation, and you need to review detailed logs of user logon attempts, including successful and failed logins, to identify unauthorized access. Which tool should you use to view these security logs?

A.Reliability Monitor
B.Performance Monitor
C.Event Viewer
D.Group Policy Editor
AnswerC

Event Viewer's Security log records all logon events, providing the necessary audit trail.

Why this answer

Event Viewer is the correct tool because it provides access to Windows Security logs, which record detailed information about user logon attempts, including both successful (Event ID 4624) and failed (Event ID 4625) logins. These logs are essential for forensic analysis of unauthorized access on a Windows 10 workstation.

Exam trap

The A+ exam often tests the distinction between tools that view logs (Event Viewer) versus tools that configure settings (Group Policy Editor) or monitor performance (Performance Monitor), leading candidates to confuse administrative utilities.

How to eliminate wrong answers

Option A is wrong because Reliability Monitor tracks system stability and application failures, not security-related logon events. Option B is wrong because Performance Monitor focuses on system performance metrics like CPU and memory usage, not security audit logs. Option D is wrong because Group Policy Editor is used to configure system policies and security settings, not to view existing event logs.

14
MCQeasy

A customer complains that their Windows 10 PC is running very slowly after a recent software installation. You suspect a new background service is consuming excessive CPU. Which built-in administrative tool should you use to identify the offending service?

A.Device Manager to check for driver issues.
B.Services console (services.msc) to locate and stop the problematic service.
C.Event Viewer to review system logs.
D.Performance Monitor to create a data collector set.
AnswerB

Correct. The Services console provides a comprehensive list of services and their status, allowing you to stop or disable the offending service.

Why this answer

The Services console (services.msc) allows you to view all running services, their status, and resource usage. By sorting services by CPU consumption or stopping suspected services one by one, you can identify which newly installed service is causing high CPU usage. This is the direct tool for managing and troubleshooting Windows services.

Exam trap

The trap here is that candidates may choose Event Viewer (C) because they think logs will show the CPU issue, but Event Viewer does not display real-time per-process CPU metrics, whereas the Services console directly manages the offending service.

How to eliminate wrong answers

Option A is wrong because Device Manager is used to manage hardware drivers and devices, not to monitor or control software services consuming CPU. Option C is wrong because Event Viewer shows system logs and error events, but does not provide real-time CPU usage per process or service. Option D is wrong because Performance Monitor can create data collector sets for long-term performance analysis, but it is not the quickest or most direct tool for identifying a specific service consuming excessive CPU; the Services console is more immediate.

15
MCQmedium

Your company's security policy requires that all workstations have the latest Windows security updates installed. You need to verify the update history on a user's Windows 10 PC to ensure no critical updates are missing. Which tool should you use?

A.Windows Update
B.Event Viewer
C.System Information
D.Reliability Monitor
AnswerA

Windows Update provides a history of installed updates and allows you to check for missing updates.

Why this answer

Windows Update settings (in Settings app or old Control Panel) shows update history, including installed updates and their dates. This is the standard way to check which updates have been applied.

16
MCQmedium

A technician is troubleshooting a Windows 10 PC that fails to boot with a 'Bootmgr is missing' error. They need to repair the boot configuration. Which administrative tool should be used from the Windows Recovery Environment (WinRE)?

A.System Restore to revert to a previous restore point.
B.Command Prompt to run bootrec /rebuildbcd.
C.Device Manager to update the disk driver.
D.Local Security Policy to adjust boot options.
AnswerB

Correct. The bootrec command can rebuild the Boot Configuration Data (BCD) and fix the missing bootmgr error.

Why this answer

The Command Prompt in WinRE allows running bootrec.exe and bcdedit.exe to repair the boot configuration. System Restore and Startup Repair are also in WinRE but do not directly rebuild the BCD. The other options are not available in WinRE.

17
MCQmedium

A user reports that their Windows 10 PC fails to boot and displays a 'Boot Configuration Data is missing' error. You need to repair the boot configuration using the Windows Recovery Environment. Which administrative tool should you run from the command prompt in the recovery environment?

A.sfc /scannow
B.bootrec /rebuildbcd
C.DISM /Online /Cleanup-Image /RestoreHealth
D.chkdsk /f
AnswerB

Bootrec with the /rebuildbcd switch scans for Windows installations and rebuilds the BCD store, fixing boot errors.

Why this answer

The 'Boot Configuration Data is missing' error indicates that the BCD store, which contains boot-time configuration parameters, is corrupted or missing. The `bootrec /rebuildbcd` command scans all disks for Windows installations and allows you to rebuild the BCD store from scratch, directly addressing the missing or corrupt boot configuration data.

Exam trap

Cisco often tests the distinction between file-level repair tools (sfc, DISM) and boot-level repair tools (bootrec), so the trap here is that candidates confuse 'system file corruption' with 'boot configuration corruption' and choose sfc or DISM instead of the correct bootrec command.

How to eliminate wrong answers

Option A is wrong because `sfc /scannow` (System File Checker) scans and repairs protected system files, but it does not rebuild the Boot Configuration Data store, which is a separate boot-critical component. Option C is wrong because `DISM /Online /Cleanup-Image /RestoreHealth` repairs the Windows system image and component store corruption, but it requires the OS to be online and cannot be used from the Windows Recovery Environment command prompt to fix a missing BCD. Option D is wrong because `chkdsk /f` checks the file system for logical and physical errors on the disk, but it does not create or repair the boot configuration data store.

18
MCQhard

A user reports that their Windows 10 PC is infected with malware that keeps reinstalling after removal. You need to boot into a minimal environment to run antivirus scans without malware interference. Which advanced startup option should you use?

A.Enable Boot Logging
B.Safe Mode
C.Last Known Good Configuration
D.Debugging Mode
AnswerB

Safe Mode loads only minimal drivers and services, preventing malware from starting, making it ideal for scanning.

Why this answer

Safe Mode (B) loads Windows with a minimal set of drivers and services, preventing malware that runs as a startup program or service from loading. This allows antivirus software to scan and remove the infection without interference, addressing the scenario where malware reinstalls after removal in a normal boot.

Exam trap

CompTIA A+ candidates often mistakenly think that Last Known Good Configuration (C) can remove malware, but it only reverts driver/registry changes and does not clean infections that persist across boots. Safe Mode is the correct choice for malware removal.

How to eliminate wrong answers

Option A is wrong because Enable Boot Logging creates a log of drivers loaded during boot (ntbtlog.txt) but does not restrict malware from loading, so it does not provide a minimal environment for antivirus scans. Option C is wrong because Last Known Good Configuration reverts to the last successful registry and driver configuration after a failed boot, but it does not prevent malware from loading if the malware was present in that configuration; it is designed for driver or configuration issues, not persistent malware. Option D is wrong because Debugging Mode enables kernel debugging over serial or IEEE 1394 for advanced troubleshooting, but it loads all normal drivers and services, allowing malware to run and interfere with scans.

19
MCQeasy

A small business owner wants to ensure that only authorized users can log into their Windows 10 workstations. They need a tool to create and manage user accounts and set password policies. Which administrative tool should you use?

A.Computer Management
B.Local Users and Groups
C.Group Policy Editor
D.Task Scheduler
AnswerB

Local Users and Groups directly allows you to create and manage user accounts and set password policies on a local machine.

Why this answer

Local Users and Groups (lusrmgr.msc) is the snap-in for managing user accounts, groups, and local security policies on a standalone Windows system. It allows creating, modifying, and deleting users and setting password requirements.

20
MCQmedium

A user reports that their application crashes with an 'Access Denied' error when trying to write to a specific folder. You have verified the user has Full Control NTFS permissions. Which administrative tool should you use to check for any file encryption or compression that might be blocking the write?

A.Computer Management > Shared Folders to view open files.
B.Local Security Policy to check user rights assignments.
C.File Explorer > right-click folder > Properties > Advanced to view encryption and compression attributes.
D.Registry Editor to modify the folder's security descriptor.
AnswerC

Correct. The Advanced Attributes dialog shows whether the folder is encrypted or compressed, which can cause access issues.

Why this answer

Option C is correct because the 'Access Denied' error despite Full Control NTFS permissions indicates a file-level attribute conflict. File encryption (EFS) or compression attributes are stored in the folder's Advanced Attributes dialog, accessible via File Explorer > Properties > Advanced. These attributes can block write access even when NTFS permissions are permissive, as encryption requires the user's EFS certificate and compression changes the file's physical layout.

Exam trap

The trap here is that candidates assume 'Access Denied' always means insufficient NTFS permissions, so they focus on permission tools (like Shared Folders or Security Policy) instead of checking file attributes like encryption or compression that override permission-based access.

How to eliminate wrong answers

Option A is wrong because Computer Management > Shared Folders > Open Files shows which files are currently locked by network sessions, not encryption or compression attributes; it cannot diagnose attribute-based write blocks. Option B is wrong because Local Security Policy manages user rights assignments (e.g., 'Log on locally', 'Shut down the system'), not file-level encryption or compression settings. Option D is wrong because Registry Editor modifies system-wide security descriptors in the registry, not per-folder encryption or compression attributes; folder attributes are stored in the NTFS master file table (MFT), not the registry.

21
MCQmedium

A customer reports that their Windows 11 PC is displaying a 'Low Disk Space' warning on the C: drive. You need to quickly free up space by removing temporary files and system cache. Which administrative tool should you use?

A.Defragment and Optimize Drives to consolidate free space.
B.Disk Cleanup to delete temporary files and system cache.
C.Computer Management > Disk Management to shrink the volume.
D.Event Viewer to clear application logs.
AnswerB

Correct. Disk Cleanup safely removes temporary files, recycle bin contents, and other cache to free disk space.

Why this answer

Disk Cleanup (cleanmgr.exe) is the built-in tool for removing temporary files, system cache, and other unnecessary data. Storage Sense can automate this, but Disk Cleanup is the direct tool for manual cleanup. The other options do not clean temporary files.

22
MCQeasy

A customer complains that their Windows 11 laptop frequently freezes after waking from sleep. You suspect a driver issue and need to view detailed hardware and driver information to diagnose the problem. Which administrative tool should you open first?

A.Disk Management
B.System Configuration (msconfig)
C.Device Manager
D.Event Viewer
AnswerC

Device Manager lists all hardware and allows you to check driver properties, update drivers, or roll back problematic ones.

Why this answer

Device Manager is the correct tool because it provides a centralized view of all hardware components and their associated drivers. You can expand categories like 'System devices' or 'Batteries' to check for driver conflicts, outdated drivers, or power management settings that could cause freezing after sleep. It also allows you to update, roll back, or disable drivers directly, which is essential for diagnosing wake-from-sleep issues.

Exam trap

CompTIA often tests the distinction between Event Viewer (for logs) and Device Manager (for live driver/hardware status), trapping candidates who think logs are the first step when the question asks for viewing detailed hardware and driver information.

How to eliminate wrong answers

Option A is wrong because Disk Management is used for managing disk partitions, volumes, and file systems, not for viewing hardware or driver details. Option B is wrong because System Configuration (msconfig) controls startup programs, boot options, and services, but does not display hardware or driver information. Option D is wrong because Event Viewer logs system events and errors, which can help after a freeze occurs, but it does not show detailed hardware and driver information directly; Device Manager is the first tool to inspect driver status.

23
MCQeasy

A user reports that their Windows 10 PC shows a 'Low Disk Space' warning on the C: drive. You need to free up space by removing temporary files, system cache, and previous Windows installations. Which tool provides a guided cleanup for these items?

A.Disk Management
B.Defragment and Optimize Drives
C.Disk Cleanup
D.Storage Spaces
AnswerC

Disk Cleanup scans for and removes temporary files, system cache, and previous Windows installations to free up disk space.

Why this answer

Disk Cleanup (cleanmgr.exe) is the built-in Windows tool specifically designed to free disk space by removing temporary files, system cache, and previous Windows installations. It provides a guided, checkbox-driven interface that lets users select categories such as 'Temporary Internet Files', 'Delivery Optimization Files', and 'Windows Update Cleanup' (which includes previous Windows installations). This makes it the correct choice for the described scenario.

Exam trap

The A+ exam often tests the distinction between tools that manage disk space (Disk Cleanup) versus tools that manage disk structure (Disk Management) or performance (Defragment), so the trap is that candidates may confuse 'freeing up space' with 'optimizing' or 'managing' the drive.

How to eliminate wrong answers

Option A is wrong because Disk Management is used for partitioning, formatting, and managing drive letters, not for cleaning temporary files or system caches. Option B is wrong because Defragment and Optimize Drives (dfrgui.exe) reorganizes file fragments on a drive to improve performance but does not remove any files or free up space. Option D is wrong because Storage Spaces is a storage virtualization feature that pools physical drives into logical storage pools, and it does not provide a cleanup interface for temporary files or previous Windows installations.

24
MCQeasy

A user reports that their Windows 10 PC is running slowly and they see many background processes in Task Manager. You need to identify which processes are consuming the most CPU and memory resources without installing any additional software. Which built-in Windows tool should you use?

A.Performance Monitor
B.Resource Monitor
C.Task Manager
D.System Configuration (msconfig)
AnswerC

Task Manager lists all running processes and their CPU/memory usage, allowing you to sort and identify high-consumption processes.

Why this answer

Task Manager (Option C) is the correct built-in tool because it provides a real-time, sortable list of all running processes, displaying their CPU and memory usage directly on the Processes tab. This allows you to quickly identify which processes are consuming the most resources without needing to install additional software, as the user specifically requested.

Exam trap

The trap here is that candidates often confuse Resource Monitor (Option B) as the primary tool for resource monitoring, but the question asks for the tool to 'identify which processes are consuming the most CPU and memory resources' without installing software, and Task Manager is the immediate, built-in solution for that specific task.

How to eliminate wrong answers

Option A is wrong because Performance Monitor is a tool for logging and analyzing performance counters over time, not for viewing real-time per-process CPU and memory usage in a simple list. Option B is wrong because Resource Monitor offers more detailed per-process resource data (including disk and network), but it is not the primary tool for a quick, immediate identification of top resource consumers; Task Manager is the first-line tool for this task. Option D is wrong because System Configuration (msconfig) is used to manage startup programs, boot options, and services, not to monitor current CPU or memory consumption of running processes.

25
MCQhard

A security incident has occurred: an employee's workstation was used to access unauthorized websites. The manager wants to review recent web browsing history and application usage. Which administrative tool can provide a comprehensive timeline of user activity on the Windows 10 system?

A.Performance Monitor to create a trace of user actions.
B.Task Scheduler to view past task executions.
C.Event Viewer to examine Security and Application logs for user activity.
D.Local Users and Groups to check user group memberships.
AnswerC

Correct. Event Viewer logs security events (logons) and application events, which can help reconstruct user activity.

Why this answer

Event Viewer is the correct administrative tool because it consolidates Security logs (e.g., event ID 4624 for logons, 4648 for explicit logon attempts) and Application logs that record user activity such as web browsing and application launches. By filtering these logs, a manager can reconstruct a timeline of user actions on the Windows 10 system, including unauthorized website access.

Exam trap

CompTIA often tests the misconception that Performance Monitor can trace user actions because of its name, but it is strictly a performance data collector, not an activity logger.

How to eliminate wrong answers

Option A is wrong because Performance Monitor is designed to collect performance counters and system resource usage data, not to log user activity or web browsing history; it cannot provide a timeline of user actions. Option B is wrong because Task Scheduler only shows scheduled tasks and their execution history, not arbitrary user-initiated activities like web browsing or application usage. Option D is wrong because Local Users and Groups is used to manage user accounts and group memberships, not to audit or review past user activity.

26
MCQmedium

A user is unable to install a new printer on their Windows 10 workstation because the 'Print Spooler' service is not running. You need to start the service and ensure it starts automatically on boot. Which tool should you use?

A.Device Manager
B.Services
C.Task Scheduler
D.System Configuration
AnswerB

Services provides the interface to manage all Windows services, including starting and setting startup types.

Why this answer

The Print Spooler is a Windows service that manages print jobs sent to the printer. To start it and set its startup type to Automatic, you must use the Services console (services.msc), which provides direct control over service state and startup configuration. Device Manager manages hardware drivers, not service states.

Exam trap

The trap here is that candidates confuse Device Manager's ability to update or roll back printer drivers with the ability to start the underlying Print Spooler service, which is a service management task, not a device management task.

How to eliminate wrong answers

Option A is wrong because Device Manager is used to manage hardware devices and their drivers, not to start or configure Windows services like the Print Spooler. Option C is wrong because Task Scheduler is designed to schedule automated tasks or scripts at specific times or events, not to manage the runtime state or startup type of a service. Option D is wrong because System Configuration (msconfig) controls boot options, startup programs, and general system startup behavior, but it does not allow you to start a stopped service or change its startup type to Automatic.

27
MCQhard

A technician needs to deploy a custom security policy to all Windows 10 workstations in a small office. The policy must restrict access to the Control Panel and prevent users from changing system settings. Which administrative tool should be used to create and apply this policy locally on each machine?

A.Local Security Policy (secpol.msc)
B.User Accounts (netplwiz)
C.Local Group Policy Editor (gpedit.msc)
D.System Configuration (msconfig)
AnswerC

Local Group Policy Editor provides Administrative Templates that include settings to hide or restrict access to Control Panel and system settings.

Why this answer

The Local Group Policy Editor (gpedit.msc) is the correct tool because it provides the administrative templates and policy nodes (e.g., User Configuration > Administrative Templates > Control Panel) needed to restrict access to Control Panel and prevent system setting changes. These settings are written to the local Group Policy Objects (GPOs) stored in %SystemRoot%\System32\GroupPolicy, which Windows applies at user logon. This tool is available on Windows 10 Pro, Enterprise, and Education editions, but not on Windows 10 Home.

Exam trap

A common misconception is that Local Security Policy (secpol.msc) can handle all policy restrictions, but it only covers security-specific settings, not administrative templates for UI restrictions like Control Panel access.

How to eliminate wrong answers

Option A is wrong because Local Security Policy (secpol.msc) only manages security-related policies such as account policies, audit policies, and user rights assignments; it does not include administrative templates for restricting Control Panel access or system settings. Option B is wrong because User Accounts (netplwiz) is used to manage user account properties, passwords, and automatic logon settings, not to deploy custom security policies that restrict Control Panel or system changes. Option D is wrong because System Configuration (msconfig) is a boot and startup configuration tool for troubleshooting (e.g., selective startup, boot options, services), and it cannot create or apply security policies to restrict user access to system settings.

28
MCQhard

A server administrator needs to grant a junior technician the ability to reset user passwords on a Windows Server 2019 domain controller, but without giving them full administrative rights. Which administrative tool should be used to delegate this specific permission?

A.Local Security Policy to assign the 'Reset passwords' user right.
B.Active Directory Users and Computers and use the Delegation of Control Wizard.
C.Group Policy Management Console to create a policy that allows password resets.
D.Computer Management to add the technician to the 'Account Operators' group.
AnswerB

Correct. ADUC's Delegation of Control Wizard allows granting specific permissions like password reset on selected OUs or users.

Why this answer

The Delegation of Control Wizard in Active Directory Users and Computers is the correct tool because it allows an administrator to grant specific permissions, such as resetting user passwords, to a non-administrative user without granting full administrative rights. This wizard modifies the ACL on the selected organizational unit (OU) or container, enabling granular control over tasks like password resets while preserving security boundaries.

Exam trap

The Delegation of Control Wizard allows granular permissions, whereas built-in groups like Account Operators grant overly broad rights, violating the principle of least privilege.

How to eliminate wrong answers

Option A is wrong because Local Security Policy assigns user rights (e.g., 'Log on locally') at the local machine level, not granular Active Directory permissions like resetting passwords, and it cannot delegate AD-specific tasks. Option C is wrong because Group Policy Management Console applies computer or user configuration settings via GPOs, not delegated permissions for AD object operations like password resets; it cannot grant a user the ability to modify AD objects. Option D is wrong because adding the technician to the 'Account Operators' group grants broad permissions to manage user accounts, groups, and passwords across the domain, which exceeds the requirement of only resetting passwords and introduces unnecessary security risks.

29
MCQeasy

A user reports that after a recent Windows update, the 'Local Users and Groups' snap-in is missing from the Computer Management console. The user needs to add a new local user account. Which administrative tool should be used to complete this task?

A.Run lusrmgr.msc from the Run dialog.
B.Open the Services console (services.msc) and restart the 'User Manager' service.
C.Use the Disk Management tool to create a new user volume.
D.Open the Registry Editor and modify the SAM registry hive.
AnswerA

Correct. lusrmgr.msc launches the Local Users and Groups snap-in directly, allowing user account creation.

Why this answer

The 'Local Users and Groups' snap-in is a Microsoft Management Console (MMC) component that can be launched directly by running lusrmgr.msc from the Run dialog. This command opens the Local Users and Groups manager, which allows you to create, modify, and delete local user accounts and groups without needing the Computer Management console. Since the snap-in is missing from the console due to the update, using the standalone MMC command is the correct workaround.

Exam trap

The exam often tests the misconception that missing snap-ins require service restarts or registry edits, but the correct approach is to use the standalone MMC command for the specific snap-in.

How to eliminate wrong answers

Option B is wrong because there is no 'User Manager' service in Windows; the Local Users and Groups functionality is not a service that can be restarted via services.msc. Option C is wrong because Disk Management is used for managing disk partitions and volumes, not for creating user accounts. Option D is wrong because directly editing the SAM registry hive is unsupported, dangerous, and not a standard administrative tool for adding user accounts; it can corrupt the security database.

30
MCQeasy

A customer complains that their Windows 10 PC fails to boot and displays a 'Bootmgr is missing' error. You suspect the Boot Configuration Data (BCD) is corrupted. Which tool should you use to repair the BCD from the Windows Recovery Environment?

A.chkdsk /f
B.sfc /scannow
C.bootrec /rebuildbcd
D.diskpart
AnswerC

bootrec /rebuildbcd scans all disks for Windows installations and adds them to the BCD store, fixing corruption.

Why this answer

The bootrec tool is specifically designed to repair BCD and boot sector issues. Running bootrec /rebuildbcd scans for Windows installations and rebuilds the BCD store.

Ready to test yourself?

Try a timed practice session using only Windows Administrative Tools questions.