CCNA Windows Os Features Tools Questions

30 questions · Windows Os Features Tools topic · All types, answers revealed

1
MCQhard

A security incident occurred on a Windows 10 workstation where an attacker gained administrative access and created several hidden user accounts. You need to ensure no unauthorized accounts exist and that the built-in Administrator account is disabled. Which two tools can you use from the command line to list all user accounts and check the status of the Administrator account?

A.Use 'net user' to list accounts and 'net user Administrator | findstr /i active' to check status.
B.Use 'whoami' to list current user and 'net localgroup Administrators' to see group members.
C.Use 'dir C:\Users' to list user profile folders and 'net accounts' to see password policies.
D.Use 'gpresult /R' to list applied policies and 'net start' to see running services.
AnswerA

Net user displays all local user accounts, and piping to findstr can filter for the account's active status.

Why this answer

The 'net user' command lists all local user accounts on a Windows system, which is necessary to identify hidden or unauthorized accounts. Piping 'net user Administrator' through 'findstr /i active' filters the output to show whether the built-in Administrator account is enabled or disabled, as the status line contains 'Active' or 'Account active' depending on the locale. This combination directly fulfills the requirement to list all accounts and check the Administrator account's status from the command line.

Exam trap

CompTIA often tests the distinction between listing all accounts versus showing only the current user or group membership, leading candidates to confuse 'whoami' or 'net localgroup' with account enumeration commands.

How to eliminate wrong answers

Option B is wrong because 'whoami' only displays the currently logged-in user, not a list of all accounts, and 'net localgroup Administrators' shows group membership, not the status of the Administrator account itself. Option C is wrong because 'dir C:\Users' lists user profile folders, which may not exist for hidden accounts or system accounts, and 'net accounts' displays password and lockout policies, not account status. Option D is wrong because 'gpresult /R' shows applied Group Policy settings, not user accounts, and 'net start' lists running services, which is irrelevant to account enumeration or status checking.

2
MCQeasy

A user is unable to print to a network printer after a Windows update. Other users on the same network can print successfully. Which Windows tool should you use to view detailed error messages related to the print spooler service?

A.Device Manager
B.Services.msc
C.Event Viewer
D.Performance Monitor
AnswerC

Event Viewer records print spooler errors and warnings, making it the correct tool for troubleshooting the cause of the failure.

Why this answer

Event Viewer (C) is the correct tool because it logs detailed error messages from the print spooler service (spoolsv.exe) under 'Windows Logs > System' or 'Applications and Services Logs > Microsoft > Windows > PrintService'. When a Windows update breaks printing for a single user, Event Viewer captures spooler errors such as access denied, driver conflicts, or RPC failures that are not shown in other tools.

Exam trap

The trap here is that candidates confuse Services.msc (which only manages service state) with Event Viewer (which provides the actual error logs), leading them to pick B when they need to view detailed error messages.

How to eliminate wrong answers

Option A is wrong because Device Manager is used to view and manage hardware devices and drivers, but it does not show runtime error logs or service-specific messages from the print spooler. Option B is wrong because Services.msc allows you to start, stop, or restart the print spooler service and view its status, but it does not display detailed error messages or event logs. Option D is wrong because Performance Monitor tracks system performance counters (e.g., CPU, memory, print queue length) over time, but it does not log or display error messages from the print spooler service.

3
MCQeasy

A user needs to access a shared folder on a Windows 10 workstation from their Windows 11 laptop. Both devices are on the same local network. Which Windows feature must be enabled on the workstation to allow file sharing?

A.Network Discovery
B.File and Printer Sharing
C.HomeGroup
D.Windows Firewall
AnswerB

Enabling File and Printer Sharing allows the workstation to share folders and printers with other network devices.

Why this answer

File and Printer Sharing (option B) is the correct feature because it enables the Server Message Block (SMB) protocol on the workstation, which is the underlying protocol Windows uses for shared folder access. Without this service running and allowed through the firewall, other devices cannot connect to the workstation's shared resources, regardless of network discovery or firewall settings.

Exam trap

CompTIA often tests the distinction between Network Discovery (which only controls visibility) and File and Printer Sharing (which actually enables resource access), leading candidates to mistakenly select Network Discovery when the question asks about enabling file sharing.

How to eliminate wrong answers

Option A is wrong because Network Discovery only allows the workstation to see other devices on the network and be seen by them; it does not enable the actual sharing of folders or files. Option C is wrong because HomeGroup was removed from Windows 10 (version 1803 and later) and Windows 11; it is a deprecated feature and not required for standard SMB-based file sharing. Option D is wrong because Windows Firewall is a security component that can block or allow traffic, but it is not the feature that enables file sharing; in fact, File and Printer Sharing must be allowed as an exception within the firewall for sharing to work.

4
MCQmedium

A user on a Windows 10 computer is unable to install a new application because they receive an error that 'Windows cannot verify the publisher of this driver software.' The application is from a trusted vendor. Which tool should you use to temporarily disable driver signature enforcement to complete the installation?

A.Device Manager
B.System Configuration (msconfig)
C.Advanced Startup Options (Disable driver signature enforcement)
D.Command Prompt with bcdedit /set testsigning on
AnswerC

This option in the Recovery Environment allows the system to boot with driver signature enforcement disabled, enabling installation of the driver.

Why this answer

Option C is correct because the error 'Windows cannot verify the publisher of this driver software' indicates that the driver lacks a valid digital signature, which is required by default on 64-bit Windows 10. The Advanced Startup Options menu provides a direct way to boot with 'Disable driver signature enforcement' temporarily, allowing the unsigned driver to load for the current session without permanently altering the system's security policy.

Exam trap

The trap here is that candidates often confuse 'bcdedit /set testsigning on' (which permanently enables test-signed drivers) with the temporary disable option in Advanced Startup Options, or they mistakenly think Device Manager or msconfig can override driver signature enforcement at the boot level.

How to eliminate wrong answers

Option A is wrong because Device Manager is used to manage hardware devices and update drivers, but it cannot bypass driver signature enforcement; it will still block installation of an unsigned driver. Option B is wrong because System Configuration (msconfig) is used to configure boot options like safe mode or startup services, but it does not have a built-in setting to disable driver signature enforcement; you would need to use Advanced Startup Options or a command-line tool. Option D is wrong because 'bcdedit /set testsigning on' enables Test Signing mode, which permanently allows unsigned drivers to load, but this is a persistent change that weakens security and is not intended for a one-time installation; it also requires a reboot and leaves the system in a less secure state.

5
MCQmedium

A user's Windows 10 PC is infected with ransomware that has encrypted their Documents folder. You need to restore the files from a previous version that was saved by File History. Where do you access the 'Previous Versions' feature to restore these files?

A.File Explorer > Properties > Previous Versions tab
B.Control Panel > File History > Restore personal files
C.Settings > Update & Security > Backup
D.Computer Management > Storage > Disk Management
AnswerA

This is the correct location to view and restore previous versions of files or folders saved by File History or shadow copies.

Why this answer

The 'Previous Versions' tab is accessible via File Explorer by right-clicking a file or folder, selecting Properties, and then clicking the Previous Versions tab. This tab lists shadow copies or File History backups of the selected item, allowing you to restore an earlier version. In this scenario, since File History was enabled, the previous versions of the Documents folder will appear here for restoration.

Exam trap

The trap here is that candidates confuse the File History restore interface (accessed via Control Panel) with the 'Previous Versions' tab in File Explorer, but the question explicitly asks for the location of the 'Previous Versions' feature, which is found in the file or folder's Properties dialog.

How to eliminate wrong answers

Option B is wrong because Control Panel > File History > Restore personal files opens the File History restore interface, which is used to browse and restore files from File History backups, but it does not directly access the 'Previous Versions' tab; the question specifically asks where to access the 'Previous Versions' feature, not the File History restore wizard. Option C is wrong because Settings > Update & Security > Backup is the modern UI for configuring backup settings, including File History, but it does not provide a direct 'Previous Versions' tab for restoring individual files; it only offers options to add a drive or more options. Option D is wrong because Computer Management > Storage > Disk Management is used for managing disk partitions, volumes, and drives, and has no relation to file versioning or restoration from File History.

6
MCQmedium

You are configuring a new Windows 10 workstation for a remote employee who will connect to the corporate VPN. The user should not be able to install software or change system settings. Which tool should you use to enforce these restrictions?

A.User Account Control (UAC) settings
B.Local Group Policy Editor
C.Device Manager
D.Registry Editor
AnswerB

Local Group Policy Editor can enforce software installation restrictions and control panel access for specific users or groups.

Why this answer

Local Group Policy Editor (gpedit.msc) allows you to configure security and restriction policies on a standalone computer. You can disable the ability to install software by setting the 'Disable Windows Installer' policy and restrict access to Control Panel settings. This is the appropriate tool for a non-domain joined machine.

7
MCQeasy

A customer calls saying that after installing a new application, their Windows 11 desktop icons are scattered and the taskbar keeps disappearing. They need a quick way to restore the default desktop layout and taskbar behavior without affecting personal files. Which built-in tool should you guide them to use?

A.Reset this PC with the 'Keep my files' option.
B.System Restore from the System Protection tab.
C.Refresh the desktop by right-clicking and selecting 'Refresh'.
D.Use the Deployment Imaging Service and Management Tool (DISM) to repair the system image.
AnswerB

System Restore reverts system files and registry to a prior state, which can fix application-induced problems without affecting personal data.

Why this answer

The System Restore tool rolls back system files and registry settings to a previous restore point, which can undo changes made by the problematic application. It does not affect personal files. The other options either don't target system changes or are too drastic.

8
MCQmedium

A user reports that their Windows 11 laptop suddenly shows a blue screen with an error message every time they try to boot. You need to access advanced troubleshooting options to repair the system. Which key should you press during startup to access the Windows Recovery Environment (WinRE)?

A.F8
B.F11
C.F2
D.F12
AnswerB

F11 is the common key to access the Windows Recovery Environment on many modern systems, providing repair options.

Why this answer

Option B is correct because pressing F11 during the Windows 11 boot process is the standard key to access the Windows Recovery Environment (WinRE) on most modern systems. WinRE provides advanced troubleshooting tools such as System Restore, Startup Repair, Command Prompt, and Safe Mode, which are essential for repairing a system that fails to boot due to a blue screen error.

Exam trap

The trap here is that candidates often confuse the F8 key (used in legacy Windows) with the modern F11 key for WinRE, or they mistakenly think F2 or F12 are used for recovery instead of firmware or boot menu access.

How to eliminate wrong answers

Option A is wrong because F8 was used in older Windows versions (e.g., Windows 7) to access the Advanced Boot Options menu, but in Windows 11, the F8 key is disabled by default for faster boot times and is not the standard key to access WinRE. Option C is wrong because F2 typically enters the system BIOS or UEFI firmware settings, not the Windows Recovery Environment. Option D is wrong because F12 usually opens the one-time boot menu for selecting a boot device (e.g., USB or DVD), not WinRE.

9
MCQhard

A Windows 10 workstation is experiencing random blue screen errors with the stop code 'IRQL_NOT_LESS_OR_EQUAL'. You suspect a faulty driver. You need to analyze the memory dump files to identify the offending driver. Which built-in tool should you use to view the dump file?

A.Event Viewer (eventvwr.msc) – filter by System logs with level 'Error'.
B.Performance Monitor (perfmon.msc) – add a Data Collector Set for crash dumps.
C.Windows Memory Diagnostic (mdsched.exe) – run a memory test.
D.Windows Debugging Tools (WinDbg) – open the .dmp file.
AnswerD

WinDbg is designed to debug crash dumps and can identify the driver causing the stop error.

Why this answer

WinDbg (Windows Debugging Tools) is the correct built-in tool for analyzing memory dump (.dmp) files. It can parse crash dump data and identify the specific driver or module that caused the IRQL_NOT_LESS_OR_EQUAL stop code by examining the stack trace and loaded module list. This is the standard approach for post-mortem debugging of blue screen errors.

Exam trap

CompTIA often tests the distinction between tools that record crash events (Event Viewer) versus tools that analyze the actual dump data (WinDbg), leading candidates to mistakenly choose Event Viewer because they see 'Error' logs related to the crash.

How to eliminate wrong answers

Option A is wrong because Event Viewer logs system events and errors but does not parse or display the contents of memory dump files; it only records that a crash occurred. Option B is wrong because Performance Monitor tracks real-time performance counters and historical data via Data Collector Sets, but it cannot open or analyze .dmp crash dump files. Option C is wrong because Windows Memory Diagnostic (mdsched.exe) tests physical RAM for hardware faults and does not analyze existing dump files; it is used to rule out memory issues, not to identify a faulty driver from a crash dump.

10
MCQmedium

A company's security policy requires that all Windows 10 workstations automatically install critical updates as soon as they are released. However, users must not be forced to restart during work hours. Which Windows Update setting should you configure to meet these requirements?

A.Defer feature updates
B.Set Active Hours to cover the workday
C.Set the connection as metered
D.Configure Windows Update to 'Notify to schedule restart'
AnswerB

Active Hours prevent automatic restarts during specified times, while updates can still install automatically outside those hours.

Why this answer

Configuring Active Hours in Windows Update allows you to specify the time range during which the system should not automatically restart after installing updates. By setting Active Hours to cover the entire workday, critical updates can be downloaded and installed automatically, but the required restart is deferred until outside those hours, meeting both the security policy and the user experience requirement.

Exam trap

CompTIA often tests the distinction between controlling update installation versus controlling restart behavior; the trap here is that candidates may confuse 'deferring updates' with 'scheduling restarts,' or think that marking a connection as metered is a valid way to manage restart timing, when it actually blocks all automatic updates.

How to eliminate wrong answers

Option A is wrong because 'Defer feature updates' delays the installation of non-security feature updates, not critical security updates, and does not control restart timing. Option C is wrong because setting the connection as metered prevents all automatic downloads of updates, including critical ones, which violates the policy requiring automatic installation. Option D is wrong because 'Notify to schedule restart' only alerts the user to schedule a restart but does not enforce automatic installation of critical updates; it relies on user action, which may delay installation and violate the policy.

11
MCQmedium

A technician needs to create a bootable USB drive that can run Windows PE to deploy a custom Windows 10 image to multiple laptops. Which Windows tool should they use to create this bootable media?

A.Windows Media Creation Tool
B.Windows System Image Manager (Windows SIM)
C.Windows ADK (Assessment and Deployment Kit)
D.Disk Management
AnswerC

The Windows ADK provides the tools to build a custom Windows PE image and create bootable USB drives for deployment.

Why this answer

The Windows Assessment and Deployment Kit (Windows ADK) includes the Deployment Tools, which contain the necessary utilities (such as `copype.cmd` and `MakeWinPEMedia`) to create a bootable Windows PE USB drive. This is the correct tool for building custom WinPE media to deploy a Windows 10 image to multiple laptops, as it provides the full environment for customizing and generating the bootable image.

Exam trap

The trap here is that candidates often confuse the Windows Media Creation Tool (which creates standard Windows installation media) with the ADK's tools for creating custom WinPE bootable media, leading them to select option A.

How to eliminate wrong answers

Option A is wrong because the Windows Media Creation Tool is designed to download and create installation media for Windows 10 (e.g., for clean installs or upgrades), not to generate a custom Windows PE environment for imaging. Option B is wrong because Windows System Image Manager (Windows SIM) is used to create and manage unattended answer files (Unattend.xml) for automated installations, not to create bootable media. Option D is wrong because Disk Management is a utility for managing disk partitions and volumes (e.g., formatting, shrinking volumes), and it cannot create a bootable Windows PE USB drive.

12
MCQhard

You are troubleshooting a Windows 10 PC that fails to boot with the error 'Boot Configuration Data is missing.' Which built-in tool can you use from the Windows Recovery Environment to rebuild the BCD store?

A.System File Checker (sfc /scannow)
B.Diskpart
C.Bootrec.exe
D.CHKDSK
AnswerC

Bootrec.exe with the /rebuildbcd switch scans for Windows installations and rebuilds the BCD store, fixing the missing BCD error.

Why this answer

Bootrec.exe is the correct built-in tool for rebuilding the Boot Configuration Data (BCD) store from the Windows Recovery Environment (WinRE). The specific command 'bootrec /rebuildbcd' scans all disks for Windows installations and allows you to rebuild the BCD store, directly addressing the 'Boot Configuration Data is missing' error. Other tools like SFC, Diskpart, and CHKDSK do not have the capability to reconstruct the BCD store.

Exam trap

The trap here is that candidates often confuse System File Checker (SFC) as a universal repair tool, but it cannot fix boot configuration issues because the BCD store is not a system file protected by Windows File Protection.

How to eliminate wrong answers

Option A is wrong because System File Checker (sfc /scannow) scans and repairs protected system files, but it does not interact with or rebuild the BCD store, which is a separate boot configuration database. Option B is wrong because Diskpart is a disk partitioning tool used to manage volumes and partitions, not to repair boot configuration data; it cannot rebuild the BCD store. Option D is wrong because CHKDSK checks the file system for integrity and fixes logical disk errors, but it has no mechanism to rebuild or repair the BCD store, which is stored in a hidden system partition.

13
MCQmedium

A technician is configuring a new Windows 10 workstation for a user who requires access to files stored on an encrypted USB drive. The drive uses BitLocker To Go. What must the technician do to ensure the user can access the drive on this computer?

A.Enable BitLocker on the workstation's internal drive
B.Provide the user with the drive's password or recovery key
C.Format the USB drive to NTFS
D.Install the BitLocker Drive Encryption feature from Control Panel
AnswerB

The user must enter the password or recovery key to unlock the drive; this is the standard method for BitLocker To Go access.

Why this answer

BitLocker To Go encrypts removable drives with a password or recovery key. To access the drive on a new Windows 10 workstation, the technician must provide the user with the drive's password or recovery key, as the drive is already encrypted and requires authentication at mount time. No additional configuration is needed on the workstation beyond entering the correct credentials.

Exam trap

The trap here is that candidates may think additional software or feature installation is required, but BitLocker To Go is a built-in capability of Windows 10 Pro/Enterprise that only needs the correct authentication credential to unlock the drive.

How to eliminate wrong answers

Option A is wrong because enabling BitLocker on the workstation's internal drive is unrelated to accessing an already-encrypted BitLocker To Go USB drive; the internal drive encryption does not affect removable drive access. Option C is wrong because formatting the USB drive to NTFS would erase all data and remove the existing BitLocker encryption, which is counterproductive since the user needs to access existing encrypted files. Option D is wrong because the BitLocker Drive Encryption feature is already included in Windows 10 Pro and Enterprise editions; it does not need to be installed separately, and the technician only needs to provide the password or recovery key.

14
MCQmedium

A small business has a shared Windows 10 workstation that multiple employees use. They want to ensure that each user's desktop settings, files, and application data are completely isolated and that users cannot access each other's data. Which feature should you configure to achieve this?

A.Enable the built-in Guest account for all users.
B.Create standard local user accounts and set NTFS permissions on each user's profile folder.
C.Join the computer to a domain and use roaming profiles.
D.Enable BitLocker on the system drive.
AnswerB

Standard users have restricted permissions, and NTFS permissions on profile folders prevent other users from accessing the data.

Why this answer

Standard local user accounts with NTFS permissions provide isolation by default; each user has their own profile folder with restricted permissions. The other options either don't enforce isolation (guest account) or are for different purposes (domain, BitLocker).

15
MCQmedium

During a software deployment, you need to create a script that runs automatically every time a user logs into their Windows 10 domain-joined computer. Which tool should you use to configure this task?

A.Task Scheduler
B.Group Policy Management Console
C.Local Group Policy Editor
D.Windows PowerShell ISE
AnswerA

Task Scheduler can create a task that triggers 'At log on' for any user, running the script automatically.

Why this answer

Task Scheduler is the correct tool because it allows you to create a task that triggers on a specific event, such as user logon. You can set the trigger to 'At log on' for any user or a specific user, and the task will run automatically each time the user logs into the Windows 10 domain-joined computer. This is the native Windows mechanism for scheduling scripts or programs to run at logon without requiring additional configuration.

Exam trap

CompTIA often tests the distinction between tools that configure local machine behavior (Task Scheduler) versus tools that manage domain-wide policies (Group Policy Management Console), leading candidates to mistakenly choose GPMC for a local logon script task.

How to eliminate wrong answers

Option B (Group Policy Management Console) is wrong because it is used to manage Group Policy Objects (GPOs) across an Active Directory domain, not to schedule a local script to run at user logon; while you could deploy a logon script via GPO, the question specifies configuring the task directly on the computer, not centrally deploying it. Option C (Local Group Policy Editor) is wrong because it edits local Group Policy settings on a single machine, but it does not provide a direct way to schedule a script to run at logon; you would need to assign a logon script via the 'Scripts (Logon/Logoff)' policy, which is less flexible than Task Scheduler and does not allow event-based triggers like 'At logon' with specific conditions. Option D (Windows PowerShell ISE) is wrong because it is an integrated scripting environment for writing and debugging PowerShell scripts, not a tool for scheduling tasks; you would still need to use Task Scheduler or another scheduler to run the script automatically at logon.

16
MCQhard

A technician needs to deploy a custom Windows 10 image to 50 identical workstations. The image must include specific drivers, applications, and settings. Which tool should the technician use to create and manage the deployment image?

A.System Preparation Tool (Sysprep)
B.Deployment Image Servicing and Management (DISM)
C.Windows Preinstallation Environment (Windows PE)
D.Windows Assessment and Deployment Kit (Windows ADK)
AnswerA

Sysprep generalizes the Windows installation by removing system-specific data, making the image ready for deployment on multiple computers.

Why this answer

System Preparation Tool (Sysprep) is used to generalize a Windows installation so it can be imaged and deployed to multiple computers. DISM is used to capture and apply images, but Sysprep is required to prepare the OS for imaging. Windows PE is a minimal OS for deployment tasks, not for creating the image.

Windows ADK includes deployment tools but Sysprep is the specific tool for image preparation.

17
MCQhard

A user reports that their Windows 11 laptop's search bar is not returning results for local files, though web searches work. You suspect the indexing service is not running or the index is corrupted. Which tool should you use to rebuild the search index?

A.Services.msc
B.Indexing Options in Control Panel
C.Task Manager
D.Windows Settings > Privacy & security > Searching Windows
AnswerB

Indexing Options provides an 'Advanced' button with a 'Rebuild' option to recreate the search index from scratch.

Why this answer

The Indexing Options control panel (accessible via Control Panel or by searching 'indexing options') provides a direct interface to manage the Windows Search index, including the ability to rebuild it. Rebuilding the index is the appropriate fix when the index is corrupted or not functioning, as it forces Windows to re-scan all indexed locations and create a fresh index database, resolving issues where local file searches fail but web searches (which do not rely on the local index) still work.

Exam trap

The trap here is that candidates confuse the 'Searching Windows' settings in the modern Windows Settings app (which controls privacy and cloud search options) with the legacy Indexing Options control panel that actually contains the rebuild function.

How to eliminate wrong answers

Option A is wrong because Services.msc allows you to start, stop, or restart the Windows Search service, but it does not provide a direct option to rebuild the search index; rebuilding requires the Indexing Options interface. Option C is wrong because Task Manager is used to manage running processes, monitor performance, and start/stop applications, but it has no capability to manage or rebuild the search index. Option D is wrong because Windows Settings > Privacy & security > Searching Windows controls privacy-related search settings (e.g., whether to include cloud content or history), but it does not include a rebuild option for the local search index; the rebuild function is exclusively in the legacy Indexing Options control panel.

18
MCQmedium

A user on a Windows 10 Pro workstation complains that they cannot change their desktop background or theme, and several personalization settings are grayed out. The computer is not joined to a domain. Which Group Policy or local policy setting is most likely causing this restriction?

A.The 'Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands' policy.
B.The 'Prohibit access to Control Panel and PC settings' policy.
C.The 'Prevent changing desktop background' policy.
D.The 'Turn off all Windows Spotlight features' policy.
AnswerC

This policy specifically disables the ability to change the desktop background and related personalization options.

Why this answer

The Local Group Policy Editor (gpedit.msc) can enforce user restrictions. The specific policy 'Prevent changing desktop background' under User Configuration > Administrative Templates > Control Panel > Personalization would cause this symptom. The other options are either not specific to personalization or affect different settings.

19
MCQmedium

A technician is troubleshooting a Windows 11 computer that fails to boot with a 'Bootmgr is missing' error. They have a Windows installation USB. Which tool from the Windows Recovery Environment should they use to repair the boot configuration data (BCD)?

A.System File Checker (sfc /scannow)
B.Bootrec (bootrec /rebuildbcd)
C.DISM (DISM /Online /Cleanup-Image /RestoreHealth)
D.Diskpart (diskpart /s script.txt)
AnswerB

Bootrec is specifically designed to repair boot-related issues, including rebuilding the BCD store.

Why this answer

The 'Bootmgr is missing' error indicates that the Boot Configuration Data (BCD) store is corrupted or missing. The `bootrec /rebuildbcd` command scans all disks for Windows installations and rebuilds the BCD store from scratch, directly addressing the missing or corrupted boot configuration. This is the correct tool in the Windows Recovery Environment for repairing BCD issues.

Exam trap

The trap here is that candidates confuse `bootrec /rebuildbcd` with `sfc /scannow` or `DISM`, thinking any 'repair' tool can fix boot issues, but only `bootrec` specifically targets the BCD store required for the boot manager to locate the Windows loader.

How to eliminate wrong answers

Option A is wrong because System File Checker (sfc /scannow) repairs corrupted system files, not the boot configuration data (BCD) store; it operates on protected system files like DLLs and executables, not boot manager metadata. Option C is wrong because DISM /Online /Cleanup-Image /RestoreHealth repairs the Windows image (component store) for servicing issues, such as corruption in the system files used by Windows Update, and does not interact with the BCD store or boot sector. Option D is wrong because Diskpart is a disk partitioning tool used to manage volumes and partitions (e.g., create, delete, format), not to repair boot configuration data; running a script with `diskpart /s script.txt` would execute partition commands, not fix the BCD.

20
MCQmedium

A user reports that their Windows 10 laptop is running very slowly after a recent software installation. You suspect a driver conflict. You need to boot the system with a minimal set of drivers and services to troubleshoot, but you must not use Safe Mode because the user needs network access for remote support. Which boot configuration should you set using the System Configuration tool?

A.Set the boot to 'Safe boot' with 'Network' selected under Boot options.
B.Under the General tab, select 'Diagnostic startup'.
C.Under the General tab, select 'Selective startup' and uncheck 'Load system services'.
D.Under the Boot tab, check 'No GUI boot' and set the timeout to 0.
AnswerB

Diagnostic startup loads only basic devices and services, and it does not disable networking entirely, allowing remote support.

Why this answer

The System Configuration (msconfig) tool allows you to enable 'Selective startup' and load only essential services and startup items, while still allowing network drivers to load. Safe Mode with Networking would also work but is not a msconfig setting; the question specifies using msconfig.

21
MCQeasy

A user reports that after a recent Windows update, their laptop takes significantly longer to boot and they see a message about 'Preparing Automatic Repair' before the login screen appears. You need to access the advanced startup options to disable automatic restart on system failure. Which tool or feature should you use to boot into the Windows Recovery Environment (WinRE) from a running system?

A.Boot from a Windows installation USB and select 'Repair your computer'.
B.Press F8 repeatedly during boot to access advanced boot options.
C.Hold the Shift key while clicking Restart from the Start menu power options.
D.Open the System Configuration tool (msconfig) and set the boot to 'Safe Mode' under the Boot tab.
AnswerC

This is the standard built-in method to boot directly into WinRE without external media.

Why this answer

Option C is correct because holding the Shift key while clicking Restart forces the system to boot directly into the Windows Recovery Environment (WinRE) without needing installation media. This method leverages the built-in boot configuration data (BCD) to load the recovery tools, including the option to disable automatic restart on system failure under advanced startup settings.

Exam trap

The trap here is that candidates may confuse the deprecated F8 method (Option B) with the modern Shift+Restart method, or assume that msconfig (Option D) can directly launch WinRE, when in fact it only configures Safe Mode boot options.

How to eliminate wrong answers

Option A is wrong because booting from a Windows installation USB and selecting 'Repair your computer' is a valid way to access WinRE, but it requires external media and is not the most direct method from a running system; the question specifies 'from a running system,' making this an unnecessary extra step. Option B is wrong because pressing F8 during boot to access advanced boot options was deprecated in Windows 8 and later; modern Windows systems use a fast startup process that makes F8 unreliable, and it does not reliably lead to WinRE. Option D is wrong because opening the System Configuration tool (msconfig) and setting the boot to 'Safe Mode' under the Boot tab only configures the system to boot into Safe Mode on the next restart, not into WinRE, and it does not provide access to the advanced startup options needed to disable automatic restart on system failure.

22
MCQmedium

After installing a new application, a user reports that their default web browser keeps changing to a different one without their consent. Which Windows feature can you use to prevent applications from changing file associations and default programs?

A.Programs and Features
B.Default Programs (Control Panel)
C.Local Group Policy Editor
D.Registry Editor
AnswerC

Group Policy can enforce 'Set a default associations configuration file' to lock file associations and prevent changes by users or apps.

Why this answer

The Local Group Policy Editor (gpedit.msc) allows administrators to configure the 'Set a default associations configuration file' policy under Computer Configuration > Administrative Templates > Windows Components > File Explorer. When enabled, this policy prevents applications from changing file associations and default programs by locking the association file, overriding any user or application changes. This is the correct tool for enforcing system-wide control over default programs in Windows 10/11 Pro, Enterprise, or Education editions.

Exam trap

CompTIA often tests the misconception that Default Programs in Control Panel can lock associations, but it only provides a manual interface for setting them without any enforcement mechanism against application changes.

How to eliminate wrong answers

Option A is wrong because Programs and Features is used to uninstall, change, or repair installed programs, not to prevent applications from changing file associations or default programs. Option B is wrong because Default Programs in Control Panel allows users to manually set file associations and default programs, but it does not prevent other applications from changing them afterward. Option D is wrong because Registry Editor (regedit) can be used to manually modify association keys (e.g., HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations), but it does not provide a built-in mechanism to lock or prevent changes by other applications.

23
MCQeasy

During a software deployment, you need to ensure that a legacy application always runs with administrative privileges, even for standard users. How can you configure this using Windows built-in tools?

A.Set the application's shortcut to 'Run as administrator' in the Compatibility tab
B.Disable User Account Control (UAC) in the Control Panel
C.Add the user to the local Administrators group
D.Use the 'Run as different user' option from the Shift+right-click menu
AnswerA

This setting forces the application to request elevation every time it runs, which works if the user has the necessary credentials.

Why this answer

Option A is correct because the Compatibility tab in a shortcut's properties allows you to set the 'Run as administrator' flag, which embeds a compatibility manifest that prompts for elevation via UAC when the application is launched. This ensures the legacy application always runs with administrative privileges, even for standard users, by triggering a credential prompt for an administrator account.

Exam trap

CompTIA often tests the misconception that disabling UAC or adding users to the Administrators group is the correct way to grant admin rights to a single application, when the targeted 'Run as administrator' shortcut setting is the proper built-in method.

How to eliminate wrong answers

Option B is wrong because disabling UAC globally would remove the elevation prompt, but the application would still run with the user's limited privileges, not administrative rights, and it weakens system security. Option C is wrong because adding a standard user to the local Administrators group grants permanent administrative rights to the entire user account, which is excessive and violates the principle of least privilege; it is not a targeted solution for a single application. Option D is wrong because 'Run as different user' allows running an application under a different user account, but it does not automatically grant administrative privileges; the specified user must already have the necessary rights, and it requires manual intervention each time.

24
MCQeasy

A customer reports that their Windows 10 laptop is running slowly and they suspect a program is using too much memory. They ask you to check the system's resource usage. Which built-in Windows tool would you use to view real-time memory, CPU, and disk usage?

A.Resource Monitor
B.Task Manager
C.Performance Monitor
D.System Configuration (msconfig)
AnswerB

Task Manager shows real-time CPU, memory, disk, and network usage in the Performance tab, making it the quickest tool for this scenario.

Why this answer

Task Manager provides a real-time overview of system performance, including memory, CPU, and disk usage, making it the ideal tool for diagnosing resource bottlenecks. The Resource Monitor offers more detailed data but is accessed from Task Manager, not directly. Performance Monitor and System Configuration are for advanced logging and startup management, respectively.

25
MCQeasy

During a routine security audit, you discover that several user accounts on a Windows 10 workstation have local administrator privileges when they should only be standard users. You need to quickly review and modify user account types from the command line. Which built-in tool should you use?

A.lusrmgr.msc (Local Users and Groups MMC)
B.net user
C.net localgroup
D.diskpart
AnswerC

Net localgroup allows you to add or remove users from local groups like Administrators from the command line.

Why this answer

The 'net localgroup' command allows you to view and modify local group memberships, such as adding or removing users from the Administrators group. The other options are either for different purposes (like disk management) or require a GUI.

26
MCQeasy

A customer needs to transfer their user profile, documents, and application settings from an old Windows 7 PC to a new Windows 10 PC. Which Windows tool is specifically designed for this purpose?

A.Windows Easy Transfer
B.File History
C.User State Migration Tool (USMT)
D.Windows Backup and Restore
AnswerC

USMT is the correct tool for migrating user profiles, files, and settings between Windows installations in a domain environment.

Why this answer

The User State Migration Tool (USMT) is a command-line tool designed for large-scale migrations of user profiles and settings. It is included in the Windows Assessment and Deployment Kit (ADK). For simpler transfers, Windows Easy Transfer was used in older versions, but USMT is the enterprise-grade solution.

27
MCQhard

A company is migrating from Windows 10 to Windows 11 on several workstations. You need to verify that each computer meets the minimum hardware requirements, including TPM 2.0 and Secure Boot capability, before deploying the upgrade. Which built-in tool should you run on each machine to generate a compatibility report?

A.System Information (msinfo32.exe) and manually check the System Summary for TPM and Secure Boot status.
B.Windows 11 PC Health Check app (downloaded from Microsoft).
C.Deployment Imaging and Servicing Management (DISM) with the /Get-CurrentEdition option.
D.System Restore (rstrui.exe) to revert to a previous state if the upgrade fails.
AnswerB

This tool is specifically designed to check Windows 11 compatibility and provides a clear pass/fail report.

Why this answer

The Windows 11 PC Health Check app is the official Microsoft tool designed specifically to verify compatibility with Windows 11, including TPM 2.0 and Secure Boot capability. It generates a detailed compatibility report, making it the correct built-in tool for this pre-upgrade validation task.

Exam trap

The trap here is that candidates may confuse the PC Health Check app with the older Windows 10 Upgrade Assistant or rely on manual checks via msinfo32, but the exam specifically tests knowledge of the dedicated compatibility tool introduced for Windows 11.

How to eliminate wrong answers

Option A is wrong because manually checking System Information (msinfo32.exe) for TPM and Secure Boot status is inefficient and does not generate a compatibility report; it only displays raw hardware data without assessing Windows 11 requirements. Option C is wrong because DISM with /Get-CurrentEdition is used to display the current edition of Windows (e.g., Pro, Enterprise) and is unrelated to hardware compatibility checks. Option D is wrong because System Restore (rstrui.exe) is a recovery tool for reverting system changes, not a compatibility assessment tool.

28
MCQeasy

A user reports that their Windows 10 laptop is running slowly and frequently shows a 'Low Memory' warning. They have 8 GB of RAM and are not running any unusual applications. Which built-in Windows tool should you use to determine if a specific process is leaking memory?

A.Performance Monitor
B.Task Manager
C.Event Viewer
D.System Configuration (msconfig)
AnswerB

Task Manager's Processes tab shows current memory usage for each process, making it ideal for spotting a memory leak.

Why this answer

Task Manager (Option B) is the correct tool because it provides a real-time view of per-process memory usage, including the 'Memory (Active Private Working Set)' column, which can identify a process that is consuming an abnormally increasing amount of RAM over time—indicative of a memory leak. Unlike other tools, Task Manager allows you to quickly sort processes by memory usage and observe growth without needing to configure counters or parse logs.

Exam trap

CompTIA often tests the misconception that Performance Monitor is the only tool for memory leak diagnosis, but Task Manager is the correct first-line tool for quickly identifying a leaking process in a user-reported scenario.

How to eliminate wrong answers

Option A is wrong because Performance Monitor requires you to manually add specific counters (e.g., Process\Private Bytes) and set up data collector sets to track memory usage over time, which is more complex and not the quickest built-in tool for identifying a leaking process on a user's laptop. Option C is wrong because Event Viewer logs system, security, and application events, but it does not display real-time per-process memory consumption or memory leak patterns; it would only show low memory warnings after the fact, not the specific process causing the leak. Option D is wrong because System Configuration (msconfig) is used to manage boot options, startup programs, and services, not to monitor or diagnose active memory usage or leaks.

29
MCQhard

A security incident occurred on a Windows 10 workstation where an unauthorized user gained access. The technician needs to review detailed security events, such as logon attempts and file access, to determine the scope of the breach. Which tool should the technician use to examine these logs?

A.Event Viewer
B.Resource Monitor
C.Performance Monitor
D.Local Security Policy
AnswerA

Event Viewer's Windows Logs > Security section contains detailed records of security-related events, such as logon successes and failures.

Why this answer

Event Viewer is the correct tool because it provides a centralized, detailed log of security-related events, including logon attempts (Event ID 4624 for successful logons, 4625 for failed logons) and file access audits (Event ID 4663). These logs are essential for forensic analysis to determine the scope of a breach on a Windows 10 workstation.

Exam trap

CompTIA often tests the distinction between tools that configure security settings (Local Security Policy) versus tools that review logged events (Event Viewer), leading candidates to confuse policy configuration with log review.

How to eliminate wrong answers

Option B (Resource Monitor) is wrong because it focuses on real-time performance data such as CPU, memory, disk, and network usage, not historical security event logs. Option C (Performance Monitor) is wrong because it tracks system performance counters and creates data collector sets for performance analysis, not security event auditing. Option D (Local Security Policy) is wrong because it is used to configure security settings like password policies and audit policies, not to review existing event logs.

30
MCQhard

A company is migrating from Windows 7 to Windows 10 and needs to automate the installation of 200 workstations with identical software and settings. They have a reference computer already configured. Which Windows tool should they use to capture and deploy a custom system image?

A.Windows System Image Manager (Windows SIM)
B.System Preparation Tool (Sysprep)
C.Windows Recovery Environment (WinRE)
D.Windows Backup and Restore
AnswerB

Sysprep prepares the reference installation for imaging by generalizing it, which is the first step in creating a deployable image.

Why this answer

Sysprep is the correct tool because it generalizes a Windows installation by removing unique system identifiers (such as the computer SID, computer name, and driver caches) so that the reference computer’s image can be safely captured and deployed to multiple workstations. After Sysprep runs with the /generalize option, the image is captured using a tool like DISM or ImageX, then deployed to 200 identical workstations, ensuring each machine generates its own unique SID and settings on first boot.

Exam trap

The trap here is that candidates confuse Sysprep with Windows SIM, thinking that creating an answer file is the same as capturing an image, but Sysprep is the prerequisite generalization step that makes the image safe for cloning, while Windows SIM only creates automation scripts.

How to eliminate wrong answers

Option A is wrong because Windows System Image Manager (Windows SIM) is used to create unattended answer files (Unattend.xml) that automate installation settings, not to capture or deploy a system image. Option C is wrong because Windows Recovery Environment (WinRE) is a diagnostic and recovery platform for repairing a broken OS, not a tool for capturing or deploying a custom image. Option D is wrong because Windows Backup and Restore creates file-level or system-state backups, not a hardware-independent, deployable system image suitable for cloning to multiple workstations.

Ready to test yourself?

Try a timed practice session using only Windows Os Features Tools questions.