Question 1hardmultiple choice
Full question →Question 405 of 1,000
hardmultiple choiceObjective-mapped
220-1102 Practice Question: A security administrator is tasked with…
This 220-1102 practice question tests your understanding of a security administrator is tasked with…. Match the stated requirement to the specific cloud service, access model, or configuration option — many options are valid in isolation but not for this scenario. A key principle to apply: appLocker is available in Windows 10 Pro, Enterprise, and Education editions.. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.
A security administrator is tasked with implementing application whitelisting on a fleet of Windows 10 Pro workstations that are not joined to a domain. The goal is to allow only approved applications to run and block all others. The administrator needs a solution that is built into Windows 10 Pro and can be configured locally. Which feature should the administrator use?
Answer choices
Why each option matters
Good practice is not just finding the correct option. The wrong answers often show the exact trap the exam wants you to fall into.
A
Distractor review
Windows Defender Application Control (WDAC)
WDAC is only available in Windows 10 Enterprise and Education editions, not in Pro. It requires domain or management tools for configuration.
B
Best answer
AppLocker
AppLocker is available in Windows 10 Pro and can be configured locally using Local Group Policy to create application whitelist rules.
C
Distractor review
Software Restriction Policies
While available in Pro, Software Restriction Policies are an older and less flexible solution; AppLocker is the modern, recommended feature for application control.
D
Distractor review
Windows Sandbox
Windows Sandbox provides an isolated environment to test untrusted applications but does not block applications from running in the main OS.
Answer analysis
Why the other options are wrong
Understanding why incorrect options are tempting is as important as knowing the correct answer.
- ✗
Windows Defender Application Control (WDAC)
WDAC is only available in Windows 10 Enterprise and Education editions, not in Pro. It requires domain or management tools for configuration.
- ✗
Software Restriction Policies
While available in Pro, Software Restriction Policies are an older and less flexible solution; AppLocker is the modern, recommended feature for application control.
- ✗
Windows Sandbox
Windows Sandbox provides an isolated environment to test untrusted applications but does not block applications from running in the main OS.
Common exam trap
Common exam trap: answer the scenario, not the keyword
Candidates might mistakenly choose WDAC, forgetting it's an Enterprise/Education-only feature, or SRP, overlooking AppLocker's superior capabilities for modern application control.
Technical deep dive
How to think about this question
The core concept being tested is application whitelisting on Windows 10 Pro workstations without domain integration, requiring a built-in, locally configurable solution. AppLocker is the ideal feature for this scenario. Mechanically, AppLocker allows administrators to create rules based on file attributes like publisher, product name, file name, file version, or the file's hash, as well as the path where the application is located. These rules can be configured to either allow or deny applications from running for specific users or groups. For a whitelisting strategy, the administrator would typically configure a default rule to block all unapproved applications and then create explicit allow rules for the necessary software. This granular control ensures that only trusted applications execute, significantly enhancing security by preventing the execution of malware or unauthorized software. The specific constraints of Windows 10 Pro and the requirement for local configuration are critical here. AppLocker is natively available in Windows 10 Pro (as well as Enterprise and Education editions) and can be managed directly on each workstation using the Local Group Policy Editor (gpedit.msc). This makes it perfectly suited for standalone machines not joined to an Active Directory domain, where central management tools like Group Policy Objects (GPOs) are not an option. In contrast, Windows Defender Application Control (WDAC), while a more advanced and robust application control solution, is exclusively available in Windows 10 Enterprise and Education editions. It also typically requires more sophisticated management tools or scripting for effective deployment and configuration across multiple machines, making it unsuitable for a fleet of standalone Pro workstations. Software Restriction Policies (SRP) are an older application control mechanism available in Windows 10 Pro. While SRP can perform whitelisting, it is less flexible and powerful than AppLocker. SRP primarily relies on path rules or hash rules, lacking AppLocker's ability to create rules based on publisher information, which is a much more robust and easier-to-manage method for trusted applications. AppLocker offers more granular control over rule enforcement, including different rule types and the ability to apply rules to specific users or groups, which SRP lacks in comparison. Finally, Windows Sandbox is a completely different technology; it provides a temporary, isolated desktop environment for safely running untrusted applications without affecting the host operating system. It does not function as a persistent application whitelisting or blocking mechanism for the main OS, thus not addressing the core requirement of the question.
KKey Concepts to Remember
- AppLocker is available in Windows 10 Pro, Enterprise, and Education editions.
- It can be configured locally via Local Group Policy Editor (gpedit.msc).
- AppLocker supports whitelisting and blacklisting applications based on publisher, path, or file hash rules.
- It provides more granular control and flexibility than Software Restriction Policies (SRP).
TExam Day Tips
- Watch for words such as best, first, most likely and least administrative effort.
- Review why wrong options are wrong, not only why the correct option is correct.
Key takeaway
AppLocker is available in Windows 10 Pro, Enterprise, and Education editions.
Related practice questions
Related 220-1102 practice-question pages
Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.
CompTIA A+ hardware practice questions
Practise 220-1102 questions linked to CompTIA A+ hardware.
CompTIA A+ mobile devices practice questions
Practise 220-1102 questions linked to CompTIA A+ mobile devices.
CompTIA A+ networking practice questions
Practise 220-1102 questions linked to CompTIA A+ networking.
CompTIA A+ operating systems practice questions
Practise 220-1102 questions linked to CompTIA A+ operating systems.
CompTIA A+ security practice questions
Practise 220-1102 questions linked to CompTIA A+ security.
CompTIA A+ software troubleshooting questions
Practise 220-1102 questions linked to CompTIA A+ software troubleshooting questions.
CompTIA A+ operational procedures questions
Practise 220-1102 questions linked to CompTIA A+ operational procedures questions.
More questions from this exam
Keep practising from the same exam bank, or move into a focused topic page if this question exposed a weak area.
Question 1
A change advisory board (CAB) approved a standard change to update antivirus definitions on all servers. The technician completes the update on a file server and verifies the server is functioning normally. According to change management best practices, what documentation should the technician complete?
Question 2
A company's change management policy requires all server changes to be approved by the Change Advisory Board (CAB). A technician discovers that a critical database server's operating system needs a security patch to comply with a new regulatory requirement that takes effect in one week. The patch has a known risk of causing service downtime. The next scheduled CAB meeting is in two weeks. What should the technician do FIRST?
Question 3
A company is implementing a bring-your-own-device (BYOD) policy and needs to ensure that corporate data on employee mobile devices is protected. Which of the following is the MOST important technical control to implement?
Question 4
A company requires employees to present both a smart card and a PIN to log into their workstations. Which authentication principle is being implemented?
Question 5
A company requires all Windows 10 workstations to be able to join an Active Directory domain. Which edition of Windows 10 must be installed on these workstations?
Question 6
A company wants to allow employees to securely access internal resources from home via the internet. Which method provides the highest level of security for remote desktop connections?
Practice this exam
Start a free 220-1102 practice session
Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.
FAQ
Questions learners often ask
What does this 220-1102 question test?
AppLocker is available in Windows 10 Pro, Enterprise, and Education editions.
What is the correct answer to this question?
The correct answer is: AppLocker — AppLocker is built into Windows 10 Pro and can be configured via Local Group Policy to create rules that allow or deny applications based on file path, publisher, or hash. It is the recommended application control tool for Pro editions. Windows Defender Application Control (WDAC) is available only in Enterprise and Education editions. Software Restriction Policies are an older, less flexible feature. Windows Sandbox is for isolated testing, not whitelisting.
What should I do if I get this 220-1102 question wrong?
Review appLocker is available in Windows 10 Pro, Enterprise, and Education editions., then practise related 220-1102 questions on the same topic to reinforce the concept.
About these practice questions
Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →
Keep practising
More 220-1102 practice questions
- A change advisory board (CAB) approved a standard change to update antivirus definitions on all servers. The technician…
- A company's change management policy requires all server changes to be approved by the Change Advisory Board (CAB). A te…
- A company is implementing a bring-your-own-device (BYOD) policy and needs to ensure that corporate data on employee mobi…
- A company requires employees to present both a smart card and a PIN to log into their workstations. Which authentication…
- A company requires all Windows 10 workstations to be able to join an Active Directory domain. Which edition of Windows 1…
- A company wants to allow employees to securely access internal resources from home via the internet. Which method provid…
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Loading comments…
Sign in to join the discussion.
This 220-1102 practice question is part of Courseiva's free CompTIA certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the 220-1102 exam.