CompTIA A+ Core 2 220-1202 (220-1202) — Questions 175

750 questions total · 10pages · All types, answers revealed

Page 1 of 10

Page 2
1
MCQeasy

A user reports that their Windows 10 PC is running slowly and they suspect a background process is consuming too much memory. You need to identify the process and its memory usage without installing any additional tools. Which command-line tool should you use?

A.ipconfig
B.tasklist
C.chkdsk
D.sfc /scannow
AnswerB

tasklist lists all running processes and their memory usage, making it the correct tool for this scenario.

Why this answer

B is correct because the `tasklist` command displays a list of all currently running processes on a Windows system, including their memory usage (in kilobytes) under the 'Mem Usage' column. This built-in command-line tool allows you to identify which process is consuming excessive memory without installing any third-party software, directly addressing the user's need to diagnose a slow PC.

Exam trap

The trap here is that candidates may confuse `tasklist` with `ipconfig` or `sfc` because they are all common Windows command-line tools, but only `tasklist` is designed to display process information and memory usage.

How to eliminate wrong answers

Option A is wrong because `ipconfig` is used to display network configuration details (e.g., IP address, subnet mask, default gateway) and has no capability to list running processes or their memory usage. Option C is wrong because `chkdsk` checks the file system and disk for errors and bad sectors, but it does not provide any information about running processes or memory consumption. Option D is wrong because `sfc /scannow` scans and repairs protected system files, but it does not list processes or report memory usage.

2
MCQeasy

A company's IT policy requires that all wireless traffic be encrypted using the strongest available protocol. A technician is configuring a new access point that supports WPA3-SAE, WPA2-PSK with AES, and WPA2-PSK with TKIP. Which configuration meets the policy?

A.WPA2-PSK with TKIP.
B.WPA2-PSK with AES.
C.WPA3-SAE.
D.A mixed mode of WPA2 and WPA3.
AnswerC

WPA3-SAE is the current strongest standard, offering improved security over WPA2.

Why this answer

WPA3-SAE (Simultaneous Authentication of Equals) is the strongest available wireless encryption protocol among the options, as it replaces the pre-shared key (PSK) model with a more secure handshake that provides forward secrecy and is resistant to offline dictionary attacks. The IT policy requires the strongest available protocol, and WPA3-SAE is superior to both WPA2-PSK variants, making option C the correct choice.

Exam trap

A common misconception is that WPA2-PSK with AES is the strongest option because it uses the AES cipher, but the trap here is that the security of the authentication handshake (SAE vs. PSK) is more critical than the encryption cipher, and WPA3-SAE provides a fundamentally stronger authentication mechanism.

How to eliminate wrong answers

Option A is wrong because WPA2-PSK with TKIP uses the deprecated TKIP cipher, which is vulnerable to attacks like MIC key recovery and is not the strongest available protocol. Option B is wrong because although WPA2-PSK with AES (CCMP) is more secure than TKIP, it still uses the four-way handshake that is susceptible to offline dictionary attacks and lacks forward secrecy, making it weaker than WPA3-SAE. Option D is wrong because a mixed mode of WPA2 and WPA3 would allow clients to connect using WPA2, which is less secure than WPA3-SAE alone, and does not enforce the strongest encryption for all traffic as required by the policy.

3
MCQeasy

A user calls the help desk saying that after upgrading to macOS Ventura, the 'Documents' folder in the sidebar keeps disappearing after every reboot. They need it to stay visible. Which macOS feature or tool should you use to fix this?

A.System Settings > Desktop & Dock
B.Finder > Preferences > Sidebar
C.Terminal command 'defaults write com.apple.finder ShowSidebar -bool true'
D.Spotlight Preferences
AnswerB

This is exactly where users enable or disable folder visibility in the Finder sidebar.

Why this answer

Option B is correct because the visibility of folders like 'Documents' in the Finder sidebar is controlled directly through Finder's own preferences, not through global system settings. By opening Finder > Preferences > Sidebar, you can check the 'Documents' checkbox, which persists the folder's visibility across reboots. This setting is stored per-user in the Finder plist and is not affected by macOS upgrades.

Exam trap

The trap here is that candidates confuse the global 'Show Sidebar' toggle (which hides the entire sidebar) with the per-item visibility settings in Finder's preferences, leading them to choose the Terminal command or System Settings instead of the correct Finder-specific interface.

How to eliminate wrong answers

Option A is wrong because System Settings > Desktop & Dock controls the Dock, Stage Manager, and desktop appearance, but does not include any options for customizing the Finder sidebar. Option C is wrong because the command 'defaults write com.apple.finder ShowSidebar -bool true' only toggles the entire sidebar's visibility (show/hide), not the individual items within it; the specific folder visibility is controlled by a different key (e.g., 'SidebarDevicesSectionDisclosedState'). Option D is wrong because Spotlight Preferences manage search indexing and results, not the persistent visibility of folders in the Finder sidebar.

4
MCQmedium

During a software deployment, a technician needs to ensure that a company-issued Android device automatically connects to the corporate Wi-Fi network and disables the camera for security. Which mobile OS tool should be used to enforce these policies?

A.Use the Android Debug Bridge (ADB) to manually set Wi-Fi and camera permissions
B.Configure the device's built-in Guest Mode
C.Deploy a Mobile Device Management (MDM) profile
D.Install a third-party camera-blocking app from the Play Store
AnswerC

MDM enables remote configuration of Wi-Fi, restrictions, and security policies, making it the correct tool for this task.

Why this answer

Mobile Device Management (MDM) solutions allow administrators to push configuration profiles and restrictions, such as Wi-Fi settings and camera disablement. This is the standard enterprise tool for managing multiple devices centrally.

5
MCQeasy

A customer reports that their laptop was stolen from their desk over the weekend. The laptop contained sensitive client data. Which physical security control should have been implemented to prevent this theft?

A.Biometric authentication
B.Cable lock
C.Full disk encryption
D.Smart card reader
AnswerB

A cable lock physically secures the laptop to a desk, making theft much more difficult and time-consuming.

Why this answer

A cable lock is a physical security control that physically secures the laptop to a desk or immovable object, preventing unauthorized removal. In this scenario, the laptop was stolen from the desk, so a cable lock would have directly prevented the theft by tethering the device in place.

Exam trap

CompTIA often tests the distinction between physical security controls that prevent theft (like cable locks) versus controls that protect data after theft (like encryption), leading candidates to confuse data protection with physical prevention.

How to eliminate wrong answers

Option A is wrong because biometric authentication (e.g., fingerprint or facial recognition) is an access control mechanism that verifies identity, but it does not physically prevent the laptop from being taken. Option C is wrong because full disk encryption protects data confidentiality if the laptop is stolen, but it does not prevent the theft itself. Option D is wrong because a smart card reader is an authentication device that requires a smart card for access, but it does not physically secure the laptop to a location.

6
MCQeasy

A user needs to install a legacy application that requires administrator privileges to run, but they do not have local admin rights. You want to configure the application to always run with the highest privileges available without prompting for credentials. Which tool in Control Panel would you use to set this compatibility option?

A.System
B.Programs and Features
C.User Accounts
D.Administrative Tools
AnswerA

The System applet in Control Panel provides system information and advanced system settings, but it does not allow setting per-application compatibility options like 'Run as administrator'.

Why this answer

The Compatibility tab for an application is accessed by right-clicking the program file or shortcut and selecting Properties. In Control Panel, the System applet does not directly set per-application compatibility. However, among the given options, System is the most related to system settings and permissions, but it does not provide the 'Run as administrator' option without navigating to the program's properties outside of Control Panel.

Exam trap

Candidates may think Programs and Features provides compatibility settings, but the 'Run as administrator' option is only available via the program's own shortcut or executable properties, not through Control Panel.

7
MCQmedium

A user reports that a VBScript logon script that maps network drives stopped working after a Windows update. The script uses the MapNetworkDrive method. Other scripts on the same computer work fine. What is the most likely cause?

A.The script file was deleted by Windows Defender.
B.The update changed the default script host to PowerShell.
C.The update disabled VBScript execution for security reasons.
D.The network share requires SMB 2.0, which is no longer supported.
AnswerC

Microsoft has been disabling VBScript by default in some updates to improve security.

Why this answer

Option C is correct because recent Windows updates have tightened security around legacy scripting hosts, including cscript.exe and wscript.exe. Specifically, Microsoft has introduced a default behavior that blocks VBScript execution via the Windows Script Host unless explicitly allowed by Group Policy or registry settings. Since the user reports that only the VBScript logon script fails while other scripts work, the most likely cause is that the update disabled VBScript execution, not that the script was deleted or that the script host was changed to PowerShell.

Exam trap

The trap here is that candidates may assume a network or SMB protocol issue (Option D) because the script maps network drives, but the question explicitly states other scripts work, pointing to a scripting engine change rather than a network problem.

How to eliminate wrong answers

Option A is wrong because Windows Defender does not delete legitimate logon scripts; it quarantines detected malware, and the user reports other scripts work fine, indicating no system-wide deletion. Option B is wrong because Windows updates do not change the default script host from VBScript to PowerShell; the default host for .vbs files remains wscript.exe unless explicitly reconfigured, and PowerShell scripts use a different file extension (.ps1). Option D is wrong because SMB 2.0 is still supported in modern Windows versions; the issue is specific to VBScript execution, not network protocol compatibility.

8
MCQhard

A technician is tasked with disposing of a server that contains multiple SAS hard drives. The company's data destruction policy mandates that drives must be rendered unreadable by any means. Which combination of methods ensures compliance?

A.Perform a full format on each drive.
B.Use a degausser on each drive and then shred them.
C.Overwrite each drive with zeros using a software tool.
D.Remove the drives and store them in a locked cabinet.
AnswerB

Degaussing erases magnetic media, and shredding physically destroys the drives, ensuring no data recovery is possible.

Why this answer

Option B is correct because degaussing destroys the magnetic field on SAS hard drives, making data unrecoverable, and shredding physically destroys the platters, ensuring compliance with a policy that mandates drives be rendered unreadable by any means. This combination addresses both magnetic and physical recovery methods, which is necessary for high-security data destruction.

Exam trap

CompTIA A+ often tests the misconception that a full format or software overwrite is sufficient for secure data destruction, but the key trap here is that the policy requires drives to be rendered unreadable by any means, which mandates physical destruction or degaussing, not just logical erasure.

How to eliminate wrong answers

Option A is wrong because a full format only removes the file system pointers and may not overwrite all sectors, leaving data recoverable with forensic tools. Option C is wrong because overwriting with zeros using a software tool may not be effective on SAS drives if the drive's firmware remaps bad sectors or if the drive is damaged, and it does not physically destroy the media. Option D is wrong because storing drives in a locked cabinet does not destroy or render data unreadable; it only delays access, violating the policy that mandates drives must be rendered unreadable by any means.

9
MCQhard

A technician needs to deploy a script to 100 Windows 10 computers that will change the local administrator password. The script must run with elevated privileges and not leave the password visible in the script file. Which approach is most secure?

A.Store the password in a plain text file and have the script read it.
B.Use Group Policy Preferences to set the local administrator password.
C.Embed the password in the script using a variable and run it from a hidden share.
D.Use a scheduled task that runs the script as SYSTEM.
AnswerB

Group Policy Preferences can set the password securely with encryption and no script exposure.

Why this answer

Group Policy Preferences (GPP) allows administrators to configure local account passwords securely by encrypting the password in the policy XML file using a 32-byte AES key (though this key is publicly documented, it still provides obfuscation). When deployed via Group Policy, the password is applied with SYSTEM privileges automatically, eliminating the need for a script with embedded credentials or a separate scheduled task. This approach meets the requirements of elevated execution and password non-visibility in a script file.

Exam trap

CompTIA often tests the misconception that embedding a password in a script variable or using SYSTEM-level execution is sufficient for security, when in fact the password remains visible in the script file itself, which is the core vulnerability being assessed.

How to eliminate wrong answers

Option A is wrong because storing the password in a plain text file and having the script read it leaves the password fully visible and accessible to anyone who can read the file, violating the requirement to not leave the password visible. Option C is wrong because embedding the password in a script variable, even if run from a hidden share, still exposes the password in plain text within the script file itself, which can be viewed by anyone with access to the share or the script. Option D is wrong because using a scheduled task running as SYSTEM does not address the password visibility issue—the script would still need to contain or reference the password in plain text, or rely on an insecure storage method.

10
MCQhard

A security incident occurred on a Windows 10 workstation where an attacker gained administrative access and created several hidden user accounts. You need to ensure no unauthorized accounts exist and that the built-in Administrator account is disabled. Which two tools can you use from the command line to list all user accounts and check the status of the Administrator account?

A.Use 'net user' to list accounts and 'net user Administrator | findstr /i active' to check status.
B.Use 'whoami' to list current user and 'net localgroup Administrators' to see group members.
C.Use 'dir C:\Users' to list user profile folders and 'net accounts' to see password policies.
D.Use 'gpresult /R' to list applied policies and 'net start' to see running services.
AnswerA

Net user displays all local user accounts, and piping to findstr can filter for the account's active status.

Why this answer

The 'net user' command lists all local user accounts on a Windows system, which is necessary to identify hidden or unauthorized accounts. Piping 'net user Administrator' through 'findstr /i active' filters the output to show whether the built-in Administrator account is enabled or disabled, as the status line contains 'Active' or 'Account active' depending on the locale. This combination directly fulfills the requirement to list all accounts and check the Administrator account's status from the command line.

Exam trap

CompTIA often tests the distinction between listing all accounts versus showing only the current user or group membership, leading candidates to confuse 'whoami' or 'net localgroup' with account enumeration commands.

How to eliminate wrong answers

Option B is wrong because 'whoami' only displays the currently logged-in user, not a list of all accounts, and 'net localgroup Administrators' shows group membership, not the status of the Administrator account itself. Option C is wrong because 'dir C:\Users' lists user profile folders, which may not exist for hidden accounts or system accounts, and 'net accounts' displays password and lockout policies, not account status. Option D is wrong because 'gpresult /R' shows applied Group Policy settings, not user accounts, and 'net start' lists running services, which is irrelevant to account enumeration or status checking.

11
MCQhard

A security incident occurred where an employee's workstation was infected with ransomware. The IT manager wants to ensure that all future workstations have Controlled Folder Access enabled to protect critical data from unauthorized changes. Which Windows Security applet should be used to configure this?

A.Windows Security > Firewall & network protection
B.Windows Security > App & browser control
C.Windows Security > Device security
D.Windows Security > Virus & threat protection > Manage ransomware protection
AnswerD

This is the exact path to enable Controlled Folder Access and manage protected folders and allowed apps.

Why this answer

Controlled Folder Access is a feature of Windows Defender Exploit Guard, found in the Windows Security app under Virus & threat protection > Manage ransomware protection. It must be enabled and configured with protected folders and allowed apps.

12
MCQmedium

A user reports that their corporate laptop can connect to the guest Wi-Fi network but not to the internal corporate network. Both networks use WPA2-Enterprise with 802.1X. The laptop works fine on other corporate networks. What is the most likely issue?

A.The laptop's wireless card is faulty.
B.The corporate network's RADIUS certificate has expired or is untrusted.
C.The corporate network is using a different SSID than expected.
D.The laptop's Wi-Fi profile is configured for WPA2-Personal instead of Enterprise.
AnswerB

Correct. Expired or untrusted certificates cause 802.1X authentication to fail, while the guest network (likely PSK) works fine.

Why this answer

The laptop connects to guest Wi-Fi but not the corporate network, and works on other corporate networks, isolating the issue to the specific corporate network's RADIUS authentication. Since both networks use WPA2-Enterprise with 802.1X, the most likely cause is that the corporate network's RADIUS certificate has expired or is untrusted, causing the 802.1X EAP-TLS or PEAP handshake to fail. The guest network likely uses a different authentication method (e.g., PSK or a separate RADIUS server with a valid certificate), explaining why it works.

Exam trap

CompTIA often tests the distinction between association (Layer 2) and authentication (EAP/802.1X), trapping candidates who assume a connection failure is due to signal or hardware rather than certificate trust issues.

How to eliminate wrong answers

Option A is wrong because a faulty wireless card would affect connectivity to both the guest and corporate networks, not just the corporate one, and the laptop works fine on other corporate networks. Option C is wrong because a different SSID would prevent the laptop from even seeing or attempting to connect to the corporate network, yet the user reports a connection attempt that fails, implying the SSID is known and selected. Option D is wrong because if the profile were configured for WPA2-Personal instead of Enterprise, the laptop would fail to authenticate on any WPA2-Enterprise network, including the guest network (if it also uses 802.1X), and the laptop works on other corporate networks, ruling out a profile mismatch.

13
MCQmedium

A user reports that their Windows 10 PC is running slowly and they suspect too many programs are starting automatically. They want to disable a few startup items without uninstalling them. Which tool should you use to manage these startup programs?

A.Services.msc
B.Task Manager > Startup tab
C.Control Panel > Programs and Features
D.Settings > Apps > Startup
AnswerB

Task Manager's Startup tab lists all startup programs and their impact, allowing you to disable them easily.

Why this answer

Task Manager's Startup tab provides a straightforward interface to enable or disable startup programs without uninstalling them. It displays each startup item's name, publisher, status, and startup impact, allowing users to selectively disable unwanted entries. This is the correct tool for managing startup programs in Windows 10.

Exam trap

The trap here is that candidates confuse the Settings > Apps > Startup page (which is a simplified version) with the full-featured Task Manager Startup tab, or they mistakenly think Services.msc is the correct tool because they associate 'startup' with 'services'.

How to eliminate wrong answers

Option A is wrong because Services.msc manages Windows services (background processes that run independently of user logon), not user-installed startup programs; disabling a service could break system functionality. Option C is wrong because Control Panel > Programs and Features is used to uninstall or change installed programs, not to manage their startup behavior. Option D is wrong because Settings > Apps > Startup in Windows 10 only shows a list of startup apps with toggle switches, but it does not provide the detailed startup impact information or the ability to manage all startup items (e.g., those from the registry or startup folder) that Task Manager's Startup tab offers.

14
MCQhard

A technician is investigating a security incident where a user's corporate email account was accessed from an unknown device. The user's iPhone shows no suspicious apps, and the password was recently changed. Which of the following is the MOST likely cause?

A.The user's iCloud account was compromised, and the email is synced via Exchange.
B.An OAuth token or app-specific password was stolen and used to access the account.
C.The user's iPhone has a jailbreak that hides malicious apps.
D.The corporate email server has a backdoor account.
AnswerB

OAuth tokens or app-specific passwords can grant persistent access to email without needing the main password, making them a common vector for continued access.

Why this answer

Option B is correct because OAuth tokens or app-specific passwords bypass the need for the primary password, allowing persistent access even after a password change. Since the user's iPhone shows no suspicious apps and the password was recently changed, a stolen token is the most plausible vector for unauthorized email access via Exchange ActiveSync or modern authentication.

Exam trap

CompTIA often tests the distinction between password-based attacks and token-based persistence, where candidates mistakenly assume that changing the password immediately revokes all access, ignoring OAuth tokens or app-specific passwords that remain valid.

How to eliminate wrong answers

Option A is wrong because iCloud compromise alone does not directly grant access to a corporate Exchange email account unless the email is configured via iCloud Mail or the iCloud Keychain stores the Exchange credentials; the scenario specifies the email is synced via Exchange, not iCloud. Option C is wrong because a jailbreak that hides malicious apps is unlikely to be the cause given the user's iPhone shows no suspicious apps, and jailbreak detection would typically flag such behavior; moreover, hidden apps would still leave traces in system logs or profiles. Option D is wrong because a backdoor account on the corporate email server would be a server-side vulnerability, not a client-side issue, and the question focuses on the user's device and account access; such a backdoor would not be tied to the user's specific password change.

15
MCQhard

A technician is troubleshooting a computer that has been infected with ransomware. The ransomware encrypted files and left a note demanding payment. After removing the malware, what is the most important step to prevent future infections?

A.Reinstall the operating system
B.Update all software to the latest versions
C.Implement a strict backup policy and educate users on phishing
D.Disable all browser plugins
AnswerC

Backups mitigate data loss, and user education reduces the likelihood of future infections.

Why this answer

Option C is correct because ransomware often enters through phishing emails or unpatched vulnerabilities. While removing the malware is necessary, preventing future infections requires a combination of user education to avoid phishing attempts and a strict backup policy to ensure data can be restored without paying the ransom. Without addressing the root cause (user behavior and data resilience), the system remains vulnerable to reinfection.

Exam trap

CompTIA often tests the misconception that technical controls alone (like reinstalling the OS or updating software) are sufficient, when in reality, user education and backup policies are the most critical steps to prevent future ransomware infections.

How to eliminate wrong answers

Option A is wrong because reinstalling the operating system removes the malware but does not address the underlying security gaps (e.g., unpatched software or user susceptibility to phishing) that allowed the infection. Option B is wrong because updating software patches known vulnerabilities, but it does not prevent infections caused by user actions like opening malicious email attachments or visiting compromised websites. Option D is wrong because disabling all browser plugins is overly restrictive and does not address the primary infection vector (phishing emails or drive-by downloads), nor does it protect against ransomware that arrives via other means like malicious macros in documents.

16
MCQhard

A technician is writing a Python script to automate the installation of software on multiple Windows machines. The script needs to check if the software is already installed by looking for a specific registry key. If the key exists, the script should skip the installation. Which Python library and method should the technician use to read the registry?

A.Use the 'os' module with 'os.regread'
B.Use the 'subprocess' module to run 'reg query'
C.Use the 'winreg' module with 'OpenKey' and 'QueryValueEx'
D.Use the 'sys' module to access registry via system calls
AnswerC

The winreg module is designed for registry access and provides the necessary functions.

Why this answer

The `winreg` module is the standard Python library for accessing the Windows registry. `OpenKey` opens a specified registry key, and `QueryValueEx` retrieves the value data and type for a given value name. This allows the script to check for the software's registry key and conditionally skip installation if it exists.

Exam trap

CompTIA often tests the distinction between general-purpose modules (`os`, `sys`, `subprocess`) and platform-specific modules (`winreg`), trapping candidates who assume a generic module can handle registry access or who overlook the native Python library for Windows registry operations.

How to eliminate wrong answers

Option A is wrong because the `os` module does not have an `os.regread` function; it provides operating system interfaces like file and process management, not registry access. Option B is wrong because while `subprocess` can run `reg query`, it is an indirect, slower, and less reliable method that requires parsing command output, whereas `winreg` provides direct, native registry access. Option D is wrong because the `sys` module provides system-specific parameters and functions (e.g., `sys.path`, `sys.argv`), not registry access; it cannot be used to read the registry via system calls.

17
MCQhard

An employee finds a USB drive labeled 'Employee Bonuses Q4' in the parking lot and plugs it into their work computer to see the contents. The computer immediately begins exhibiting erratic behavior. Which social engineering attack was executed?

A.Phishing
B.Pretexting
C.Baiting
D.Tailgating
AnswerC

Baiting uses an enticing item (like a labeled USB drive) to trick a victim into introducing malware into a system.

Why this answer

The correct answer is C, baiting. Baiting is a social engineering attack that uses a physical device (like a USB drive) or digital offer to lure a victim into taking an action that compromises security. In this scenario, the attacker left a USB drive labeled with an enticing file name ('Employee Bonuses Q4') in a public location, and the victim plugged it into their work computer, which then executed malicious code (e.g., autorun.inf or a malicious script) that caused erratic behavior.

This is a classic example of a physical baiting attack, distinct from phishing or pretexting which rely on digital communication or fabricated scenarios.

Exam trap

The trap here is that candidates often confuse baiting with phishing because both involve deception, but CompTIA A+ 220-1202 specifically tests the distinction that baiting uses a physical or digital lure (like a USB drive or free download) while phishing relies on electronic communication.

How to eliminate wrong answers

Option A is wrong because phishing is a social engineering attack delivered via electronic communication (e.g., email, SMS, or fake websites) that tricks the user into revealing credentials or clicking a malicious link, not by physically plugging in a USB drive. Option B is wrong because pretexting involves creating a fabricated scenario or false identity (e.g., impersonating IT support) to obtain information, not using a physical lure like a USB drive. Option D is wrong because tailgating (or piggybacking) is a physical security attack where an unauthorized person follows an authorized individual into a restricted area without proper authentication, not involving a USB drive or computer interaction.

18
MCQmedium

A small business wants to migrate its on-premises file server to the cloud to reduce hardware maintenance costs. They need low-latency access for local employees and want to avoid egress fees for large data transfers. Which cloud deployment model best meets these requirements?

A.Public cloud
B.Private cloud
C.Hybrid cloud
D.Community cloud
AnswerC

Hybrid cloud allows the business to keep frequently accessed data on-premises (private) for low latency and use public cloud for backup and scalability, reducing egress fees.

Why this answer

The hybrid cloud model allows the business to keep sensitive or frequently accessed data on-premises (or in a local edge location) for low-latency access, while leveraging the public cloud for scalability and backup. By using a hybrid architecture, egress fees for large data transfers are avoided because bulk data can be processed locally and only metadata or less critical data is sent to the cloud. This directly addresses the need to reduce hardware maintenance costs while maintaining performance and controlling data transfer costs.

Exam trap

CompTIA often tests the misconception that 'public cloud' is always the cheapest option, but the trap here is that egress fees and latency requirements make hybrid cloud the correct choice for this specific scenario, not public cloud.

How to eliminate wrong answers

Option A is wrong because a public cloud alone would require all data to be transferred over the internet or a direct connection, incurring egress fees for large transfers and potentially higher latency for local employees. Option B is wrong because a private cloud still requires the business to own and maintain the underlying hardware, which does not reduce hardware maintenance costs as required. Option D is wrong because a community cloud is shared among several organizations with common concerns (e.g., regulatory compliance), but it does not inherently provide low-latency local access or eliminate egress fees for a single business's file server migration.

19
MCQeasy

A user is unable to print to a network printer after a Windows update. Other users on the same network can print successfully. Which Windows tool should you use to view detailed error messages related to the print spooler service?

A.Device Manager
B.Services.msc
C.Event Viewer
D.Performance Monitor
AnswerC

Event Viewer records print spooler errors and warnings, making it the correct tool for troubleshooting the cause of the failure.

Why this answer

Event Viewer (C) is the correct tool because it logs detailed error messages from the print spooler service (spoolsv.exe) under 'Windows Logs > System' or 'Applications and Services Logs > Microsoft > Windows > PrintService'. When a Windows update breaks printing for a single user, Event Viewer captures spooler errors such as access denied, driver conflicts, or RPC failures that are not shown in other tools.

Exam trap

The trap here is that candidates confuse Services.msc (which only manages service state) with Event Viewer (which provides the actual error logs), leading them to pick B when they need to view detailed error messages.

How to eliminate wrong answers

Option A is wrong because Device Manager is used to view and manage hardware devices and drivers, but it does not show runtime error logs or service-specific messages from the print spooler. Option B is wrong because Services.msc allows you to start, stop, or restart the print spooler service and view its status, but it does not display detailed error messages or event logs. Option D is wrong because Performance Monitor tracks system performance counters (e.g., CPU, memory, print queue length) over time, but it does not log or display error messages from the print spooler service.

20
MCQeasy

A user calls the help desk saying they cannot log into their Windows 10 workstation because a message claims their files are encrypted and they must pay a ransom. What is the most effective remediation approach?

A.Pay the ransom to get the decryption key
B.Reboot into Safe Mode and run a malware scan
C.Disconnect from the network and restore files from a verified backup
D.Run System Restore to a point before the attack
AnswerC

This isolates the infection and recovers the data without paying, following best practices for ransomware remediation.

Why this answer

Option C is correct because ransomware encrypts files with a key known only to the attacker, making decryption without the key impossible. Disconnecting from the network prevents the ransomware from spreading to other systems, and restoring from a verified backup is the only reliable way to recover the original files without paying the ransom.

Exam trap

CompTIA often tests the misconception that removing the malware (via Safe Mode or System Restore) will undo the encryption, when in fact encryption is a cryptographic operation that persists after the malware is gone.

How to eliminate wrong answers

Option A is wrong because paying the ransom does not guarantee the attacker will provide a working decryption key, and it encourages further criminal activity. Option B is wrong because rebooting into Safe Mode and running a malware scan can remove the ransomware executable but cannot decrypt files that are already encrypted; the encryption persists. Option D is wrong because System Restore does not affect user files; it only restores system files and registry settings, leaving the encrypted files unchanged.

21
MCQhard

A technician is decommissioning a server that contains a lithium-ion battery backup module. The battery is not swollen but is several years old. What is the proper disposal procedure?

A.Remove the battery and place it in the regular trash since it is not swollen.
B.Short the terminals to fully discharge the battery before disposal.
C.Discharge the battery using a proper load, then recycle it through a certified lithium battery recycler.
D.Store the battery in a metal container and return it to the manufacturer for disposal.
AnswerC

Safe discharge followed by certified recycling ensures environmental compliance and safety. This is the industry best practice.

Why this answer

Option C is correct because lithium-ion batteries, even if not visibly swollen, degrade over time and can still pose a fire or chemical hazard if improperly disposed. The proper procedure is to safely discharge the battery using a certified load to remove residual energy, then recycle it through a certified lithium battery recycler to comply with environmental regulations and safety standards.

Exam trap

CompTIA often tests the misconception that a battery that is not swollen is safe for regular disposal, when in fact all lithium-ion batteries require special handling due to residual energy and chemical hazards.

How to eliminate wrong answers

Option A is wrong because placing a lithium-ion battery in regular trash violates environmental regulations (e.g., RCRA in the US) and creates fire and toxic waste hazards, regardless of whether it appears swollen. Option B is wrong because shorting the terminals of a lithium-ion battery can cause a short circuit, leading to rapid discharge, overheating, fire, or explosion; safe discharge requires a controlled load. Option D is wrong because storing a lithium-ion battery in a metal container without prior discharge or proper packaging can create a short-circuit risk and is not a standard disposal procedure; returning to the manufacturer is acceptable only if they provide a specific take-back program, but the question asks for the proper disposal procedure, which emphasizes safe discharge and certified recycling.

22
MCQhard

A user reports that their Windows 10 computer is displaying a 'Your IT department has limited access to some features of this app' message when trying to run a legacy application. The application worked before the latest Windows update. Which security feature is most likely causing this issue?

A.Windows Defender Firewall with Advanced Security
B.Windows Defender Application Guard
C.User Account Control (UAC)
D.BitLocker Drive Encryption
AnswerB

Application Guard uses container technology to isolate untrusted apps, and the message is typical when an app tries to access resources outside the container.

Why this answer

Windows Defender Application Guard (WDAG) is a security feature that isolates untrusted applications in a Hyper-V container, restricting their access to system resources. The 'Your IT department has limited access to some features of this app' message indicates that WDAG is blocking the legacy application, likely because the app is not trusted or is being treated as untrusted after a Windows update that tightened WDAG policies.

Exam trap

The common mistake is confusing User Account Control (UAC) with Windows Defender Application Guard. UAC prompts for elevation when an app requires administrator privileges, while Application Guard restricts app features in an isolated container. The message 'Your IT department has limited access to some features of this app' indicates Application Guard is blocking the legacy app.

How to eliminate wrong answers

Option A is wrong because Windows Defender Firewall with Advanced Security controls network traffic based on rules, not application-level feature access within the OS, and would not produce this specific message. Option C is wrong because User Account Control (UAC) prompts for elevation or blocks changes requiring admin rights, but it does not limit access to app features with this message; UAC uses consent prompts, not feature restriction messages. Option D is wrong because BitLocker Drive Encryption encrypts the entire drive to protect data at rest, and does not interact with running applications to limit their features.

23
MCQhard

A technician is troubleshooting a recurring network outage that occurs every Tuesday at 3 PM. After reviewing the change log, the technician finds that a scheduled backup job runs at that time. What is the best course of action?

A.Disable the backup job immediately to restore network stability.
B.Document the correlation and propose a change to the backup schedule.
C.Increase the network bandwidth to accommodate the backup traffic.
D.Ignore the issue since the backup is a critical process.
AnswerB

Proper documentation of the issue allows the CAB to evaluate and approve a schedule change, balancing network performance and backup needs.

Why this answer

This question tests the ability to correlate documented changes with incidents. The best action is to update the documentation to reflect the impact and then work with the change advisory board to reschedule the backup or mitigate the outage.

24
MCQeasy

A customer complains that their new smartphone connects to their home Wi-Fi but has no internet access. The router is configured with WPA2-PSK and a 64-character pre-shared key. Other devices work fine. What is the most likely cause?

A.The smartphone's Wi-Fi antenna is faulty.
B.The smartphone is using a wrong or mistyped Wi-Fi password.
C.The router's DHCP server has run out of IP addresses.
D.The smartphone's DNS settings are misconfigured.
AnswerB

Correct. A mistyped 64-character password would cause authentication failure, preventing internet access even though the device appears connected.

Why this answer

The most likely cause is a mistyped or incorrect Wi-Fi password. Since the smartphone connects to the Wi-Fi network (association and authentication succeed at Layer 2) but has no internet access, the device is likely using a wrong pre-shared key that still allows partial connectivity due to WPA2-PSK's four-way handshake behavior—if the key is incorrect, the handshake fails, but some implementations may show a 'connected' status without proper encryption. Other devices work fine, ruling out router-side issues like DHCP exhaustion or DNS misconfiguration.

Exam trap

Cisco often tests the distinction between 'connected to Wi-Fi' (Layer 2 association) and 'has internet access' (Layer 3 connectivity), trapping candidates who assume any connectivity issue must be DHCP or DNS related, when the root cause is often an authentication failure due to a mistyped password.

How to eliminate wrong answers

Option A is wrong because a faulty Wi-Fi antenna would prevent the smartphone from connecting to the Wi-Fi at all, not just block internet access. Option C is wrong because if the router's DHCP server had run out of IP addresses, the smartphone would fail to obtain an IP address and would not show a 'connected' status; other devices working fine also indicates DHCP is functional. Option D is wrong because DNS misconfiguration would still allow the smartphone to have internet access via IP addresses (e.g., pinging 8.8.8.8 would work), and the symptom is a complete lack of internet access, not just name resolution failure.

25
MCQhard

A security administrator needs to prevent users from running unauthorized software on Windows 10 Enterprise workstations. They want to allow only applications that are signed by approved publishers. Which Windows security feature should be configured?

A.Windows Defender Firewall with Advanced Security
B.BitLocker Drive Encryption
C.Windows Defender Application Control (WDAC)
D.User Account Control (UAC)
AnswerC

WDAC uses code integrity policies to allow only approved, signed applications to run, meeting the requirement exactly.

Why this answer

Windows Defender Application Control (WDAC) is the correct feature because it enforces an application control policy that allows only executables, scripts, and installers signed by approved publishers to run. Unlike AppLocker, WDAC operates at the kernel level and can be configured via Group Policy or MDM to create a trust chain based on the publisher's digital signature, effectively blocking all unauthorized software.

Exam trap

CompTIA often tests the distinction between application control (WDAC/AppLocker) and privilege elevation (UAC), so candidates mistakenly choose UAC because they associate it with blocking software, but UAC only prompts for admin approval, not publisher-based whitelisting.

How to eliminate wrong answers

Option A is wrong because Windows Defender Firewall with Advanced Security controls network traffic based on port, protocol, and IP address rules, not application execution or code signing. Option B is wrong because BitLocker Drive Encryption provides full-disk encryption to protect data at rest but does not enforce any application whitelisting or publisher signing policies. Option D is wrong because User Account Control (UAC) prompts for elevation of privileges but does not restrict which applications can run based on their digital signature or publisher; it only controls administrative consent.

26
MCQhard

After a security incident, a forensic analyst needs to review the event logs on a Windows 10 system to determine when a specific user account was created. The logs are intact. Which Windows security setting must be enabled to ensure that account creation events are recorded?

A.Enable 'Audit Logon Events' in Local Security Policy.
B.Enable 'Audit Account Management' in Advanced Audit Policy.
C.Turn on 'File and Printer Sharing' in Network and Sharing Center.
D.Configure Windows Defender to scan for new accounts.
AnswerB

This setting specifically logs account creation, modification, and deletion events.

Why this answer

Option B is correct because user account creation is an account management event, not a logon event. In Windows 10, the 'Audit Account Management' policy under Advanced Audit Policy Configuration must be enabled to record Security Event ID 4720 (a user account was created). This setting logs all changes to user and group accounts, including creation, modification, and deletion.

Exam trap

The trap here is that candidates confuse 'Audit Logon Events' (which deals with authentication) with 'Audit Account Management' (which deals with account creation and modification), leading them to select the wrong policy for recording account creation.

How to eliminate wrong answers

Option A is wrong because 'Audit Logon Events' records logon/logoff attempts (Event IDs 4624, 4625), not account creation events; account creation falls under account management auditing. Option C is wrong because 'File and Printer Sharing' is a network discovery and sharing feature that has no impact on security event logging or auditing. Option D is wrong because Windows Defender is an antivirus/antimalware solution that does not audit account creation events; it does not generate or record security event logs for user account operations.

27
MCQeasy

A technician needs to dispose of several old CRT monitors from an office. What is the proper disposal method according to environmental safety regulations?

A.Place them in the regular dumpster for bulk trash pickup.
B.Take them to a certified e-waste recycling center.
C.Smash the glass and separate the components for metal recycling.
D.Donate them to a local school for reuse.
AnswerB

Certified recyclers safely handle hazardous components and ensure compliance with environmental regulations.

Why this answer

CRT monitors contain hazardous materials such as lead, phosphor, and other heavy metals that are harmful to the environment if disposed of in landfills. Certified e-waste recycling centers follow strict environmental regulations to safely dismantle and recycle these components, preventing toxic substances from contaminating soil and groundwater.

Exam trap

CompTIA often tests the misconception that donating or reusing old equipment is always the best environmental practice, but the trap here is that the question specifically asks about proper disposal according to environmental safety regulations, which mandates certified recycling for hazardous e-waste like CRTs.

How to eliminate wrong answers

Option A is wrong because placing CRT monitors in a regular dumpster violates environmental regulations due to the hazardous materials (lead, cadmium) they contain, which can leach into landfills. Option C is wrong because smashing the glass releases toxic phosphor dust and lead into the air and environment, posing health risks and violating safety protocols. Option D is wrong while donating for reuse may seem environmentally friendly, it does not address the eventual disposal of the monitors when they fail; proper disposal still requires certified recycling to handle the hazardous components at end-of-life.

28
MCQhard

A company is decommissioning a data center and must destroy 1000 HDDs and 200 SSDs. The policy mandates that all data be destroyed on-site and that the drives be rendered physically unusable. Which combination of methods is most efficient?

A.Degauss all drives and then recycle them.
B.Use a hard drive shredder to shred all drives.
C.Overwrite all drives with a three-pass wipe.
D.Use a degausser for HDDs and a secure erase for SSDs.
AnswerB

A shredder physically destroys both HDDs and SSDs, meeting the requirement for on-site physical destruction efficiently.

Why this answer

Option B is correct because shredding physically destroys both HDDs and SSDs in a single pass, meeting the policy requirement for on-site destruction and rendering drives physically unusable. Degaussing is ineffective for SSDs due to their flash memory, and overwriting is too slow for 1000 drives and also ineffective for SSDs with TRIM or wear-leveling. Shredding is the most efficient method for mixed media at scale.

Exam trap

CompTIA A+ often tests the misconception that degaussing is a universal solution for all drive types, but candidates must remember that SSDs are immune to magnetic fields and require physical destruction or specialized methods like encryption key destruction.

How to eliminate wrong answers

Option A is wrong because degaussing only works on magnetic media like HDDs; SSDs use NAND flash memory and are not affected by magnetic fields, so they would remain intact and data could be recoverable. Option C is wrong because overwriting with a three-pass wipe is extremely time-consuming for 1000 drives and does not guarantee data destruction on SSDs due to over-provisioning, wear-leveling, and TRIM commands that prevent overwriting all cells. Option D is wrong because while degaussing HDDs is effective, using a secure erase for SSDs is not a physical destruction method and does not render the drives physically unusable as mandated; additionally, secure erase can fail on some SSDs or leave data recoverable if not verified.

29
MCQmedium

A technician is configuring a Windows 10 kiosk machine that will run a single web application in full-screen mode. The machine must not allow users to access the desktop, taskbar, or other apps. Which Windows security feature should be used to accomplish this?

A.Local Group Policy to hide the taskbar.
B.User Account Control set to 'Always notify.'
C.Windows Defender Application Guard
D.Assigned Access (Kiosk Mode)
AnswerD

This feature locks the device to a single app, providing the required security and restriction.

Why this answer

Assigned Access (Kiosk Mode) is the correct Windows security feature because it locks down the device to run a single Universal Windows Platform (UWP) app or a web browser in full-screen mode, preventing users from accessing the desktop, taskbar, or other applications. This feature is specifically designed for kiosk scenarios and enforces a restricted user experience by configuring a local or domain user account to launch only the designated app upon sign-in.

Exam trap

CompTIA A+ often tests the distinction between features that merely hide UI elements (like Group Policy) versus those that enforce a locked-down user experience (like Assigned Access), leading candidates to choose a partial solution like hiding the taskbar instead of the full kiosk mode.

How to eliminate wrong answers

Option A is wrong because Local Group Policy to hide the taskbar only hides the taskbar visually but does not prevent users from accessing the desktop or launching other apps via keyboard shortcuts (e.g., Ctrl+Alt+Del, Alt+Tab, or Win+D). Option B is wrong because User Account Control set to 'Always notify' only prompts for consent or credentials when changes are made to the system; it does not restrict access to the desktop, taskbar, or other applications. Option C is wrong because Windows Defender Application Guard is a hardware-isolated browser container for Microsoft Edge that protects against malicious websites, but it does not enforce a single-app kiosk experience or block access to the desktop or other apps.

30
MCQmedium

A user is trying to install a legacy application on Windows 10, but the installer fails with a message about 'incompatible version'. The application is known to work on Windows 7. Which compatibility settings should you try first to allow the installation to proceed?

A.Set the installer to run as an administrator.
B.Enable the 'Reduced color mode' compatibility setting.
C.Right-click the installer, go to Properties > Compatibility, and check 'Run this program in compatibility mode for: Windows 7'.
D.Use the Program Compatibility Troubleshooter from the Control Panel.
AnswerC

This setting makes Windows 10 report itself as Windows 7 to the application, which is the most direct fix for a version incompatibility error during installation.

Why this answer

Windows 10 includes compatibility modes that emulate older versions of Windows. Running the installer in compatibility mode for Windows 7 can often resolve version-check errors, as it tricks the application into thinking it is running on a compatible OS.

31
MCQhard

An organization experiences a data breach when an attacker physically removes hard drives from a decommissioned server that was placed in a storage area without being properly sanitized. What physical security control should have been implemented?

A.Install a surveillance camera in the storage area.
B.Require a smart card to access the storage area.
C.Use a degausser to erase the hard drives before disposal.
D.Apply tamper-evident seals to the server chassis.
AnswerC

Degaussing renders the data unrecoverable, eliminating the risk even if drives are stolen.

Why this answer

Option C is correct because the core issue is that the hard drives were not properly sanitized before disposal, allowing an attacker to recover data from them. A degausser is a physical security control that uses a strong magnetic field to erase data on magnetic media, such as hard disk drives (HDDs), rendering the drives unreadable and unrecoverable. This directly addresses the root cause of the breach by ensuring data is destroyed before the hardware leaves a secure environment.

Exam trap

CompTIA often tests the distinction between preventive controls (like sanitization) and detective or deterrent controls (like cameras or seals), leading candidates to choose a control that monitors or restricts access rather than the one that directly eliminates the data vulnerability.

How to eliminate wrong answers

Option A is wrong because installing a surveillance camera is a detective control that records activity but does not prevent an attacker from physically removing and reading data from unsanitized drives; it only provides evidence after the fact. Option B is wrong because requiring a smart card to access the storage area is an access control that restricts entry but does not address the fundamental failure to sanitize the drives; an authorized person with access could still remove and exploit the drives. Option D is wrong because applying tamper-evident seals to the server chassis is a deterrent that indicates if the server has been opened, but it does not prevent data recovery from the drives themselves, nor does it sanitize the data; the attacker could still remove the drives and bypass the seals.

32
MCQmedium

A technician is deploying a new application to 20 sales laptops. The change management plan requires a pilot test on 2 laptops before full deployment. After testing, the technician finds the application works but conflicts with the VPN client. What should the technician do?

A.Deploy the application to all laptops and disable the VPN client on each.
B.Document the conflict and submit a revised change request with a resolution plan.
C.Continue with the deployment and note the conflict in the change log.
D.Uninstall the VPN client from all laptops and reinstall after the deployment.
AnswerB

Proper change management requires documenting the issue and seeking approval for a revised plan before proceeding.

Why this answer

Option B is correct because the change management process requires that any issues discovered during pilot testing be formally documented and addressed before full deployment. Since the application conflicts with the VPN client, the technician must submit a revised change request that includes a resolution plan (e.g., updating the application, modifying VPN configuration, or scheduling a coordinated deployment). This ensures compliance with organizational change control policies and minimizes risk to production systems.

Exam trap

CompTIA often tests the misconception that a discovered conflict can be ignored or worked around without formal change management approval, tempting candidates to choose options that prioritize speed over process compliance.

How to eliminate wrong answers

Option A is wrong because deploying the application to all laptops and disabling the VPN client on each bypasses the change management process and could disrupt remote access for sales staff, violating security and operational requirements. Option C is wrong because continuing with deployment while merely noting the conflict in the change log fails to resolve the known issue, which could lead to widespread VPN failures and non-compliance with the pilot test requirement. Option D is wrong because uninstalling the VPN client from all laptops before deployment is a disruptive workaround that ignores the root cause and may violate security policies; the conflict should be resolved through proper change management, not by removing critical software.

33
MCQmedium

A user installs a new application and immediately receives a 'The application was unable to start correctly (0xc000007b)' error. The application worked on another computer with the same Windows version. Which component is most likely causing this error?

A.The application requires a newer version of DirectX.
B.The Visual C++ Redistributable package is missing or corrupted.
C.The user does not have administrative privileges.
D.The hard drive has bad sectors affecting the application files.
AnswerB

This error often occurs when a 64-bit application tries to load a 32-bit DLL or vice versa; reinstalling the correct Visual C++ Redistributable resolves it.

Why this answer

Error code 0xc000007b is a STATUS_INVALID_IMAGE_FORMAT error, typically indicating a mismatch between 32-bit and 64-bit binaries. The most common cause is a missing or corrupted Visual C++ Redistributable package, which provides essential runtime libraries (e.g., MSVCR120.dll) that the application depends on. Without these libraries, the application cannot load correctly, even if the Windows version matches.

Exam trap

CompTIA often tests the 0xc000007b error by pairing it with a plausible but incorrect option like DirectX, exploiting the fact that many candidates associate all 'missing DLL' errors with DirectX or graphics issues.

How to eliminate wrong answers

Option A is wrong because DirectX errors usually produce different error codes (e.g., 0xc000007b is not a DirectX-specific error) and DirectX is primarily for graphics APIs, not general application startup. Option C is wrong because insufficient administrative privileges typically trigger 'Access Denied' or UAC prompts, not error 0xc000007b. Option D is wrong because bad sectors on the hard drive would cause file read errors or data corruption, not a specific STATUS_INVALID_IMAGE_FORMAT error; the error occurs before the application files are fully read.

34
MCQmedium

A technician needs to deploy a virtual machine for a client who requires a specific operating system that is not supported by the hypervisor's default settings. The technician has the ISO file for the OS. What should the technician do to install the OS on the VM?

A.Copy the ISO file directly to the virtual hard disk.
B.Mount the ISO file as a virtual CD/DVD drive and boot from it.
C.Use a USB flash drive with the ISO and plug it into the host.
D.Change the hypervisor's default settings to support the OS.
AnswerB

Mounting the ISO as a virtual optical drive allows the VM to boot from it and begin the OS installation process.

Why this answer

Mounting the ISO file as a virtual CD/DVD drive is the correct method because hypervisors emulate optical drives for VM boot devices. By attaching the ISO to the virtual drive and setting the boot order to CD/DVD first, the VM can boot from the ISO and begin the OS installation process. This approach works regardless of whether the OS is in the hypervisor's default supported list, as the installation media is presented directly to the guest.

Exam trap

The exam may test the misconception that an unsupported OS cannot be installed at all, leading candidates to choose 'change hypervisor settings,' when in fact any OS can be installed via standard boot media like an ISO mounted as a virtual CD/DVD.

How to eliminate wrong answers

Option A is wrong because copying the ISO directly to the virtual hard disk does not create a bootable environment; the VM would attempt to boot from a raw ISO file on the disk, which is not a valid bootable filesystem structure. Option C is wrong because plugging a USB flash drive into the host does not automatically make it available to the VM; the USB device must be passed through to the VM via USB passthrough or a virtual USB controller, and the VM must be configured to boot from it. Option D is wrong because changing the hypervisor's default settings does not add support for an unsupported OS; hypervisors support OS installation via standard boot media (ISO, PXE) regardless of the default OS list, and the 'default settings' typically refer to guest OS templates or optimizations, not a block on installation.

35
MCQmedium

A user reports that a scheduled task runs a VBScript every morning, but the script fails with an 'ActiveX component can't create object' error. The script uses a COM object to interact with an application. What is the most likely cause of this error?

A.The script is running with insufficient permissions to create files
B.The COM object's DLL is not registered or the application is not installed
C.The script contains a syntax error in the CreateObject line
D.The scheduled task is set to run when the user is not logged in
AnswerB

CreateObject requires the COM component to be registered; if missing, the error occurs.

Why this answer

The 'ActiveX component can't create object' error occurs when the VBScript's CreateObject call fails because the COM class it references is not available. This typically means the DLL that implements the COM object is not registered (e.g., via regsvr32) or the application that provides the object is not installed on the system. Without the registered COM component, the script cannot instantiate the object, leading to this specific runtime error.

Exam trap

CompTIA often tests the distinction between runtime COM registration errors and other script failures, so the trap here is that candidates mistakenly attribute the error to permissions or syntax when the root cause is a missing or unregistered COM component.

How to eliminate wrong answers

Option A is wrong because insufficient permissions to create files would produce a 'Permission denied' error, not an 'ActiveX component can't create object' error, which is specifically about COM instantiation failure. Option C is wrong because a syntax error in the CreateObject line would cause a compile-time error (e.g., 'Expected end of statement') before the script even attempts to create the object, not a runtime 'ActiveX component can't create object' error. Option D is wrong because the scheduled task running when the user is not logged in can cause issues with interactive desktop access or network drives, but it does not prevent COM object creation; the error is about the COM component itself being missing or unregistered, not about session context.

36
MCQhard

A technician is called to a server room where a UPS battery is emitting a strong sulfur smell and the casing feels warm. What immediate action should the technician take?

A.Open the UPS to ventilate the battery compartment.
B.Continue monitoring the UPS until it shuts down automatically.
C.Disconnect the UPS from the mains and move it outside to a safe area.
D.Spray the UPS with a fire extinguisher as a precaution.
AnswerC

Removing the UPS from the building and isolating it from power reduces the risk of fire. This should be done with proper PPE and caution.

Why this answer

A strong sulfur smell and warm casing from a UPS battery indicate thermal runaway, a condition where internal chemical reactions generate excessive heat, potentially leading to fire or explosion. The immediate priority is to disconnect the UPS from mains power to stop charging and remove it to a safe, well-ventilated outdoor area to mitigate the risk of toxic gas release or catastrophic failure.

Exam trap

CompTIA often tests the misconception that opening the UPS or using a fire extinguisher is a safe first response, when in fact the correct action is to isolate and remove the hazard to prevent escalation of thermal runaway.

How to eliminate wrong answers

Option A is wrong because opening the UPS battery compartment exposes the technician to toxic hydrogen sulfide gas and risks electrical shock or short circuits from exposed terminals, worsening the hazard. Option B is wrong because continuing to monitor the UPS while it is in thermal runaway allows the condition to escalate, increasing the likelihood of fire, explosion, or release of corrosive electrolyte. Option D is wrong because spraying a UPS with a fire extinguisher is premature and ineffective—thermal runaway is an internal chemical process, not an open flame, and extinguisher discharge can cause electrical shorts or damage equipment without addressing the root cause.

37
MCQmedium

A technician is tasked with decommissioning a RAID array of SSDs that stored proprietary source code. The company policy requires that the drives be reused in another department. Which method ensures data is securely removed while preserving the SSDs?

A.Run a full format on each SSD.
B.Use the drive manufacturer's secure erase utility.
C.Degauss the SSDs.
D.Overwrite the drives with zeros three times.
AnswerB

Manufacturer secure erase sends a command that resets all NAND cells, making data unrecoverable while allowing the SSD to be reused.

Why this answer

The drive manufacturer's secure erase utility (e.g., ATA Secure Erase) issues a hardware-level command that triggers the SSD's internal controller to cryptographically erase all data by resetting the encryption key, which is instantaneous and preserves the drive's health. This method is specifically designed for SSDs because traditional overwriting (like zero-filling) is ineffective on SSDs due to wear-leveling and garbage collection, which can leave data remnants in over-provisioned or reallocated sectors.

Exam trap

Candidates often mistakenly believe that multiple overwrites (like the DoD 5220.22-M standard) are universally effective, but SSDs require a different approach due to their internal architecture. Degaussing is destructive for magnetic drives and not applicable to flash-based storage.

How to eliminate wrong answers

Option A is wrong because a full format on an SSD does not securely erase data; it only marks the file system as empty and may trigger a TRIM command, but data remains recoverable until overwritten by new writes. Option C is wrong because degaussing an SSD destroys the magnetic storage medium (NAND flash is not magnetic), rendering the drive completely inoperable and unusable for reuse, which violates the policy to preserve the drives. Option D is wrong because overwriting SSDs with zeros three times is ineffective due to wear-leveling and the SSD's inability to guarantee that all logical blocks map to the same physical cells, leaving data potentially recoverable from over-provisioned or retired blocks.

38
MCQhard

A user's iPhone is running iOS 15 and they are unable to install a new app from the App Store. The error message says 'Unable to Download App. This app requires iOS 16 or later.' However, the user's iPhone model supports iOS 16. Which built-in iOS feature should the technician use to resolve this?

A.Offload the app and reinstall it.
B.Clear the App Store cache by force-closing the app.
C.Perform a factory reset.
D.Update iOS via Settings > General > Software Update.
AnswerD

Updating to iOS 16 via Software Update meets the app's requirement, allowing the download to proceed.

Why this answer

The error message explicitly states that the app requires iOS 16 or later, and the user's iPhone model supports iOS 16. The correct resolution is to update the device's operating system via Settings > General > Software Update, which is the built-in mechanism for installing iOS updates. This directly addresses the compatibility requirement by upgrading the OS to a version that meets the app's minimum deployment target.

Exam trap

The trap here is that candidates may confuse a storage or cache issue with a version compatibility issue, or incorrectly assume that a factory reset or app reinstall can bypass the OS version check, when in fact the error is a hard requirement enforced by the App Store's validation logic.

How to eliminate wrong answers

Option A is wrong because offloading and reinstalling the app does not change the iOS version; it only removes and re-downloads the app data, which would still fail with the same error if iOS 15 remains. Option B is wrong because clearing the App Store cache by force-closing the app does not alter the device's iOS version; it only refreshes temporary data and cannot resolve a version-based compatibility issue. Option C is wrong because performing a factory reset erases all content and settings but does not upgrade the iOS version; the device would still be on iOS 15 after the reset, so the app would still be incompatible.

39
MCQmedium

A user reports that an application fails to start because a configuration file is owned by root with permissions 644, but the application runs as user 'appuser'. Which command will allow 'appuser' to edit the file without changing ownership?

A.chmod 666 config.cfg
B.chown appuser config.cfg
C.chgrp appgroup config.cfg && chmod g+w config.cfg
D.setfacl -m u:appuser:rw config.cfg
AnswerC

This changes the group to one that includes appuser and adds group write permission, allowing editing without changing the owner.

Why this answer

This tests understanding of file permissions and groups. By adding 'appuser' to the file's group and granting group write permission, the user can edit without being owner.

40
MCQmedium

During a security audit, you discover that a Windows 10 workstation has a weak local administrator password. The company policy requires all local admin passwords to be at least 12 characters with complexity. Which tool can enforce this policy for all future password changes on that workstation?

A.Local Users and Groups (lusrmgr.msc)
B.Local Security Policy (secpol.msc)
C.Registry Editor (regedit)
D.Windows Defender Firewall with Advanced Security
AnswerB

This tool provides granular control over security policies, including password requirements.

Why this answer

B is correct because the Local Security Policy (secpol.msc) includes the 'Password Policy' settings under Account Policies, where you can configure minimum password length (12 characters) and password complexity requirements. These settings are enforced by the Local Security Authority (LSA) for all future password changes on the workstation, directly aligning with the company policy.

Exam trap

The trap here is that candidates often confuse user account management tools (like lusrmgr.msc) with security policy enforcement tools, thinking they can set password requirements directly in the user properties, when in fact password policies are enforced system-wide via the Local Security Policy.

How to eliminate wrong answers

Option A is wrong because Local Users and Groups (lusrmgr.msc) is used to manage user accounts and groups, not to enforce password policies; it cannot set minimum length or complexity requirements. Option C is wrong because Registry Editor (regedit) can modify password policy values indirectly via registry keys (e.g., under HKLM\SAM), but it is not the intended tool for policy enforcement and lacks the structured interface and validation provided by secpol.msc. Option D is wrong because Windows Defender Firewall with Advanced Security manages network traffic filtering and firewall rules, not local password policies.

41
MCQmedium

A graphic designer is running out of storage space on their MacBook Air. They have a large collection of old design files that they rarely access but want to keep available on demand without manual intervention. Which macOS feature should you enable to automatically free up space?

A.Enable Time Machine to an external drive
B.Turn on iCloud Drive and select 'Optimize Mac Storage'
C.Use Disk Utility to erase and repartition the drive
D.Configure a local Time Machine snapshot schedule
AnswerB

This setting automatically stores older files in iCloud and keeps space-optimized versions locally, freeing up disk space.

Why this answer

Option B is correct because iCloud Drive with 'Optimize Mac Storage' automatically moves rarely accessed files from the local drive to iCloud, keeping them available on demand while freeing up local space. This feature is designed exactly for the scenario of maintaining access to large, infrequently used files without manual intervention, leveraging cloud storage to offload data seamlessly.

Exam trap

CompTIA often tests the misconception that backup solutions like Time Machine can free up space, when in reality they only duplicate data and require manual deletion of local files to reclaim storage.

How to eliminate wrong answers

Option A is wrong because Time Machine is a backup solution that creates incremental backups to an external drive; it does not automatically free up local storage by offloading files—it only duplicates them for recovery purposes. Option C is wrong because erasing and repartitioning the drive is a destructive process that would delete all data, not preserve it for on-demand access, and is unrelated to automatic space management. Option D is wrong because local Time Machine snapshots are temporary backups stored on the same drive; they consume additional space rather than freeing it, and they are not designed for on-demand file retrieval without manual restoration.

42
MCQmedium

A technician is helping a user who is upset because their important presentation file was accidentally deleted. The user is very emotional and raising their voice. What is the best way for the technician to handle this situation?

A.Tell the user to calm down and that losing data is not a big deal.
B.Raise your voice to match the user's tone to show you are taking it seriously.
C.Listen calmly, apologize for the inconvenience, and explain steps to recover the file from the recycle bin or backup.
D.Transfer the call to a manager immediately.
AnswerC

This shows empathy and provides a solution-oriented approach, which is key to professional communication.

Why this answer

Option C is correct because it demonstrates the professional communication and empathy required in a support role. The technician remains calm, acknowledges the user's frustration, and immediately provides a technical solution—recovering the file from the Recycle Bin or a backup. This aligns with CompTIA's emphasis on active listening, de-escalation, and problem-solving without dismissing the user's concerns.

Exam trap

The trap here is that candidates may think escalating to a manager (Option D) is the safest choice, but CompTIA expects the technician to first apply technical troubleshooting and de-escalation techniques before transferring the call.

How to eliminate wrong answers

Option A is wrong because telling a user to 'calm down' and minimizing the loss of data dismisses their emotional state and violates professional conduct; it can escalate the situation and damage trust. Option B is wrong because matching the user's raised tone is confrontational and unprofessional; it does not de-escalate the situation and can lead to a hostile interaction. Option D is wrong because transferring the call to a manager immediately is premature; the technician should first attempt to resolve the issue using standard recovery methods (e.g., Recycle Bin, backup) before escalating.

43
MCQmedium

A user reports receiving a phone call from someone claiming to be from 'Microsoft Support' saying their computer has a virus and asking for remote access to fix it. The user did not grant access. What type of attack was attempted?

A.Phishing
B.Vishing
C.Smishing
D.Pretexting
AnswerB

Vishing is voice phishing, using phone calls to deceive victims into granting remote access or revealing information.

Why this answer

This is a vishing (voice phishing) attack, a social engineering technique where the attacker uses phone calls to trick victims into providing sensitive information or remote access. Legitimate companies like Microsoft do not make unsolicited support calls.

44
MCQmedium

A user reports that their computer is running slowly after they installed a 'free system cleaner' from a pop-up ad. The technician suspects malware. What is the most appropriate first step in handling this situation professionally?

A.Immediately run a full antivirus scan and quarantine any threats found.
B.Ask the user to describe exactly what they installed and from where, without sounding accusatory.
C.Tell the user that installing software from pop-ups is dangerous and they should know better.
D.Remotely uninstall the program without informing the user.
AnswerB

This gathers necessary information while maintaining a non-judgmental tone, which encourages the user to cooperate.

Why this answer

Option B is correct because the first step in handling a potential malware infection professionally is to gather information from the user without judgment. Asking the user to describe what they installed and from where helps the technician understand the attack vector (e.g., a fake pop-up ad), which is critical for selecting the appropriate remediation steps and for any future security awareness training. This approach maintains trust and encourages the user to report issues promptly, which is essential for effective incident response.

Exam trap

CompTIA often tests the distinction between technical urgency and professional communication, where candidates mistakenly choose a technically correct action (like running a scan) over the professionally required first step of gathering information without blame.

How to eliminate wrong answers

Option A is wrong because immediately running a full antivirus scan without first gathering information from the user can disrupt their workflow, may miss root cause analysis (e.g., the specific file or URL involved), and does not address the professional need to understand the user's actions for future prevention. Option C is wrong because telling the user they should know better is accusatory and unprofessional; it damages the technician-user relationship and discourages the user from reporting future security incidents, which is a core violation of professional communication standards. Option D is wrong because remotely uninstalling the program without informing the user violates user consent and transparency, and it may remove evidence needed for deeper forensic analysis or for identifying additional malware components.

45
MCQmedium

A company is implementing a new policy that requires users to authenticate using both a password and a one-time code sent to their mobile phone. What type of authentication factor is the one-time code?

A.Something you are
B.Something you know
C.Something you have
D.Somewhere you are
AnswerC

The one-time code is delivered to a device (the phone) that the user possesses, making it a 'something you have' factor.

Why this answer

Authentication factors are categorized as something you know (password), something you have (token or phone), and something you are (biometrics). A one-time code sent to a mobile phone is considered 'something you have' because access to the phone is required. This question tests the classification of multi-factor authentication components.

46
MCQhard

A user reports that their Mac running macOS Ventura frequently asks for the admin password when trying to change network settings, even though they are the only user. They want this to stop. What is the most secure way to address this?

A.Disable System Integrity Protection (SIP)
B.Change the user account type from Standard to Administrator in Users & Groups
C.Use the 'security authorizationdb' command to remove the requirement
D.Turn off FileVault
AnswerB

Admin accounts can change network settings without re-entering credentials. This is the standard fix, though it broadens privileges.

Why this answer

Option B is correct because changing the user account type from Standard to Administrator in System Settings > Users & Groups grants the user the necessary privileges to modify network settings without repeated authentication prompts. On macOS Ventura, only administrator accounts can unlock network preferences by default; a standard user is prompted for admin credentials each time. This is the most secure approach because it avoids disabling security features like SIP or FileVault.

Exam trap

CompTIA often tests the misconception that disabling a security feature like SIP or FileVault is a valid shortcut to stop password prompts, when the correct approach is to adjust user account privileges within the existing security framework.

How to eliminate wrong answers

Option A is wrong because disabling System Integrity Protection (SIP) removes critical kernel-level protections and does not address the authentication requirement for network settings; SIP controls file system integrity, not authorization policies. Option C is wrong because using the 'security authorizationdb' command to remove the requirement would globally weaken the authorization database, potentially allowing any process to change network settings without authentication, which is less secure than simply elevating the user account. Option D is wrong because turning off FileVault disables full-disk encryption and has no effect on per-application or per-preference authentication prompts; FileVault protects data at rest, not authorization for system preferences.

47
MCQeasy

A user needs to access a shared folder on a Windows 10 workstation from their Windows 11 laptop. Both devices are on the same local network. Which Windows feature must be enabled on the workstation to allow file sharing?

A.Network Discovery
B.File and Printer Sharing
C.HomeGroup
D.Windows Firewall
AnswerB

Enabling File and Printer Sharing allows the workstation to share folders and printers with other network devices.

Why this answer

File and Printer Sharing (option B) is the correct feature because it enables the Server Message Block (SMB) protocol on the workstation, which is the underlying protocol Windows uses for shared folder access. Without this service running and allowed through the firewall, other devices cannot connect to the workstation's shared resources, regardless of network discovery or firewall settings.

Exam trap

CompTIA often tests the distinction between Network Discovery (which only controls visibility) and File and Printer Sharing (which actually enables resource access), leading candidates to mistakenly select Network Discovery when the question asks about enabling file sharing.

How to eliminate wrong answers

Option A is wrong because Network Discovery only allows the workstation to see other devices on the network and be seen by them; it does not enable the actual sharing of folders or files. Option C is wrong because HomeGroup was removed from Windows 10 (version 1803 and later) and Windows 11; it is a deprecated feature and not required for standard SMB-based file sharing. Option D is wrong because Windows Firewall is a security component that can block or allow traffic, but it is not the feature that enables file sharing; in fact, File and Printer Sharing must be allowed as an exception within the firewall for sharing to work.

48
MCQmedium

During a software installation, a technician receives an error that the system does not meet the minimum requirements. The technician decides to override the check by modifying the registry. What safety procedure should be followed before making registry changes?

A.Disable User Account Control (UAC).
B.Create a system restore point.
C.Run the installation as an administrator.
D.Close all other running applications.
AnswerB

A restore point allows the system to be reverted to a previous state if registry edits cause problems.

Why this answer

Creating a system restore point before modifying the registry is the correct safety procedure because it captures the current system state, including registry keys, drivers, and system files. If the registry edit causes instability or boot failure, the restore point allows the technician to revert the system to its previous working configuration without data loss. This is a standard best practice for any registry modification, as even minor errors can render the system unbootable.

Exam trap

CompTIA often tests the distinction between permission elevation (running as admin) and system protection (restore point), leading candidates to mistakenly choose 'Run as administrator' because they think it bypasses the error, when in fact the question explicitly asks for the safety procedure before making registry changes.

How to eliminate wrong answers

Option A is wrong because disabling User Account Control (UAC) reduces system security by allowing all processes to run with elevated privileges without prompting, but it does not provide a rollback mechanism for registry changes; it only removes the elevation prompt, not the risk of corruption. Option C is wrong because running the installation as an administrator only ensures the installer has sufficient permissions to write to protected areas like the registry, but it does not create a backup or restore point; if the registry edit fails, there is no way to undo it. Option D is wrong because closing other applications reduces resource conflicts and potential interference during installation, but it does not safeguard against registry corruption; it is a general best practice for stability, not a safety procedure for registry modifications.

49
MCQeasy

A new employee is setting up their workstation and receives a phone call from someone claiming to be from the IT department. The caller says there is a critical security update and needs the employee's login credentials to install it remotely. What social engineering principle is the attacker primarily exploiting?

A.Urgency
B.Scarcity
C.Authority
D.Social proof
AnswerC

Authority is the correct answer, as the attacker uses the perceived power of IT to gain compliance.

Why this answer

The attacker is impersonating IT staff, which leverages the principle of authority. By claiming to be from the IT department, the attacker exploits the employee's tendency to comply with perceived organizational authority, especially regarding security updates. This is a classic social engineering tactic where the attacker uses a trusted role to bypass security protocols.

Exam trap

CompTIA often tests the distinction between urgency and authority: candidates confuse the caller's demand for immediate action (urgency) with the underlying exploitation of the caller's claimed position (authority), but the question explicitly asks for the primary principle being exploited.

How to eliminate wrong answers

Option A is wrong because urgency involves creating a sense of immediate need (e.g., 'act now or your account will be locked'), but here the primary driver is the caller's claimed role, not a time pressure. Option B is wrong because scarcity involves limited availability (e.g., 'only a few licenses left'), which is not present in this scenario. Option D is wrong because social proof relies on others' behavior (e.g., 'everyone else is doing it'), whereas this attack uses a single authoritative figure.

50
MCQmedium

A technician is configuring a small office network and wants to ensure that guest users can access the internet but cannot connect to internal company resources like file servers or printers. Which logical security method should be implemented?

A.Enable MAC address filtering on the wireless access point.
B.Implement a guest VLAN that is isolated from the internal network.
C.Require a complex password for the guest Wi-Fi network.
D.Disable the SSID broadcast for the guest network.
AnswerB

A guest VLAN creates a separate logical network segment, allowing internet access while blocking access to internal resources via routing rules.

Why this answer

Option B is correct because a guest VLAN configured with access control lists (ACLs) or private VLAN features isolates guest traffic from the internal corporate VLAN. This ensures guest users can reach the internet via a default gateway or NAT while being unable to route or bridge to internal subnets containing file servers or printers. This is a standard logical segmentation method defined in IEEE 802.1Q.

Exam trap

In CompTIA A+ exams, candidates often confuse access control methods like passwords or SSID hiding with true network segmentation. The key is that logical segmentation via VLANs isolates traffic at Layer 2, whereas authentication and association controls only restrict who can connect, not what they can access once connected.

How to eliminate wrong answers

Option A is wrong because MAC address filtering only controls which devices can associate with the wireless network; it does not restrict access to internal resources once a device is connected. Option C is wrong because a complex password only authenticates users to the Wi-Fi network; it does not prevent authenticated guest users from accessing internal subnets. Option D is wrong because disabling SSID broadcast merely hides the network name from beacon frames; it does not provide any logical separation between guest and internal traffic.

51
MCQeasy

A technician is tasked with deploying a new virtual machine for a client who needs to run a legacy application that requires a specific configuration. The client wants the VM to be isolated from the host operating system but still needs to access physical USB devices connected to the host. Which type of virtualization technology should the technician use?

A.Type 1 hypervisor
B.Type 2 hypervisor
C.Container-based virtualization
D.Desktop virtualization (VDI)
AnswerB

Type 2 hypervisors run on a host OS and natively support USB passthrough, allowing the VM to access physical USB devices while maintaining isolation from the host.

Why this answer

A Type 2 hypervisor runs on top of a host operating system and provides the necessary isolation for the VM while allowing the host OS to manage physical hardware, including USB devices. This setup enables the legacy application to run in a VM with its specific configuration, and the hypervisor can pass through USB devices from the host to the VM via USB passthrough or redirection, meeting the client's requirement for both isolation and USB access.

Exam trap

A common misconception is that Type 1 hypervisors are always better for isolation and hardware access, but the trap here is that Type 1 hypervisors lack a host OS to easily manage USB device redirection, making Type 2 the correct choice for client-side VM isolation with USB access.

How to eliminate wrong answers

Option A is wrong because a Type 1 hypervisor runs directly on hardware without a host OS, which would make it more difficult to access physical USB devices connected to the host without additional configuration or a management OS, and it is typically used for server virtualization rather than client-side legacy application isolation. Option C is wrong because container-based virtualization shares the host OS kernel and does not provide full isolation from the host, nor does it natively support direct access to physical USB devices without complex host-level mapping. Option D is wrong because Desktop virtualization (VDI) delivers virtual desktops from a central server, not from the local host, and the client's requirement is for a VM on the local host with direct USB access, not a remote desktop solution.

52
MCQeasy

A user reports that a specific application crashes immediately on launch. You want to verify the integrity of the application's core files without reinstalling. Which command-line tool can you use to scan and repair system files that the application depends on?

A.sfc /scannow
B.chkdsk /f
C.tasklist
D.dism /online /cleanup-image /restorehealth
AnswerA

Correct. sfc scans and repairs corrupted system files that might cause application crashes.

Why this answer

The `sfc /scannow` (System File Checker) command scans all protected system files and replaces corrupted versions with a cached copy located in the `%WinDir%\System32\dllcache` directory. Since the application crashes on launch, it likely depends on core Windows system files (e.g., DLLs, executables) that may be corrupted or missing. Running `sfc /scannow` verifies and repairs these system files without reinstalling the application itself, directly addressing the integrity of the dependencies.

Exam trap

The trap here is that candidates often confuse `dism` with `sfc` because both repair system files, but `dism` repairs the component store (the source for SFC) rather than the installed system files themselves, making `sfc /scannow` the correct first-line tool for verifying and repairing application-dependent system files.

How to eliminate wrong answers

Option B is wrong because `chkdsk /f` checks the file system for logical and physical errors on a disk volume (e.g., bad sectors, cross-linked files) and does not scan or repair the content of system files that an application depends on. Option C is wrong because `tasklist` only displays a list of currently running processes and their associated details (PID, session name, memory usage); it cannot scan or repair any files. Option D is wrong because `dism /online /cleanup-image /restorehealth` repairs the Windows system image (the source files used by SFC) and is typically used when SFC itself fails due to a corrupted component store, but it does not directly scan and repair the application's dependent system files in the same targeted manner as SFC.

53
MCQhard

A technician is troubleshooting a printer that is not printing. The user insists that the printer was working yesterday and nothing has changed. The technician finds that the printer's IP address has changed due to a DHCP lease renewal. What is the best way to explain this to the user?

A.Explain that the printer's IP address changed because of DHCP, and that you will assign a static IP to prevent future issues.
B.Tell the user that the network changed the printer's address and it is not your fault.
C.Use technical jargon like 'DHCP lease expiration' and 'subnet mask misconfiguration' to sound authoritative.
D.Say that the printer is faulty and needs to be replaced.
AnswerA

This provides a clear, non-technical explanation and a solution, which is professional and reassuring.

Why this answer

Option A is correct because it directly addresses the root cause (DHCP lease renewal changing the printer's IP) and provides a clear, non-technical explanation to the user while outlining the solution (assigning a static IP). This demonstrates effective communication and professionalism by taking ownership of the issue and preventing recurrence, aligning with CompTIA's troubleshooting methodology.

Exam trap

The trap here is that candidates may choose Option C, thinking technical jargon demonstrates expertise, but CompTIA emphasizes explaining issues in user-friendly terms to maintain professionalism and trust.

How to eliminate wrong answers

Option B is wrong because it shifts blame to the network without offering a solution, which is unprofessional and fails to resolve the user's concern. Option C is wrong because using technical jargon like 'DHCP lease expiration' and 'subnet mask misconfiguration' without explanation confuses the user and violates the principle of clear communication. Option D is wrong because it incorrectly attributes the issue to a faulty printer, ignoring the actual DHCP-related IP change and leading to unnecessary replacement costs.

54
MCQeasy

A user reports that their Android phone's battery drains rapidly after a recent app update. They have already tried restarting the device. Which of the following should a technician recommend FIRST to diagnose the issue?

A.Perform a factory reset.
B.Check battery usage in Settings to identify the app consuming the most power.
C.Replace the battery immediately.
D.Disable all background data.
AnswerB

Battery usage statistics show which app or service is draining the battery, making this the logical first step in troubleshooting.

Why this answer

Option B is correct because the first step in diagnosing rapid battery drain after an app update is to use the built-in battery usage tool in Android Settings. This tool provides a per-app breakdown of power consumption, allowing the technician to identify which specific app is consuming excessive energy without making invasive changes. Restarting the device already failed to resolve the issue, so checking battery stats is the logical next step before any destructive or restrictive actions.

Exam trap

CompTIA often tests the principle of 'least invasive first' in troubleshooting, and the trap here is that candidates may jump to a factory reset (Option A) as a quick fix, overlooking the simple diagnostic step of checking battery usage statistics that directly pinpoints the problematic app.

How to eliminate wrong answers

Option A is wrong because performing a factory reset is a drastic, data-destructive step that should only be considered after all non-destructive diagnostics have failed; it does not help identify the root cause and may unnecessarily erase user data. Option C is wrong because replacing the battery immediately assumes the hardware is faulty, but the problem started after a software update, making a software-related cause far more likely; battery replacement is premature without first verifying app-level power usage. Option D is wrong because disabling all background data is an overly broad and restrictive measure that can break legitimate app functionality; it should only be applied to the specific misbehaving app after identification, not as a blanket solution.

55
MCQeasy

A small business deploys 20 Android tablets for inventory management. The tablets must remain in a single app (the inventory app) and prevent users from accessing settings or other apps. Which Android feature should you enable to lock the devices into this single-app mode?

A.Enable Guest Mode from the user switcher.
B.Use the Screen Pinning feature in Security settings.
C.Set up a separate user account with restricted profile.
D.Activate Factory Reset Protection (FRP).
AnswerB

Screen Pinning locks the device to a single app, and to unpin the user must enter a PIN or password, preventing unauthorized access to other apps or settings.

Why this answer

Screen Pinning (option B) is the correct Android feature to lock a device into a single app. When enabled, it prevents users from leaving the pinned app, accessing the home screen, recent apps, or notification shade without entering a PIN or password. This is ideal for kiosk-mode deployments like inventory management tablets, as it restricts the device to exactly one application.

Exam trap

The trap here is that candidates confuse 'restricted profiles' (which limit app access but still allow app switching) with 'screen pinning' (which truly locks the device to one app), leading them to select option C instead of the correct B.

How to eliminate wrong answers

Option A is wrong because Guest Mode creates a temporary user account with its own apps and settings, but it does not lock the device to a single app; the guest can still navigate to other apps or system settings. Option C is wrong because a restricted profile limits which apps a secondary user can access, but it still allows the user to switch between permitted apps and access system UI elements like the status bar; it does not enforce single-app confinement. Option D is wrong because Factory Reset Protection (FRP) is a security feature that prevents unauthorized use of a device after a factory reset by requiring the previous Google account credentials; it has no function for locking the device into a single app during normal operation.

56
MCQmedium

A user reports that their Windows 10 laptop suddenly shows a black screen with a movable mouse cursor after logging in. They can press Ctrl+Alt+Del to open the security screen. Which troubleshooting step should you perform first to restore the desktop?

A.Boot into Safe Mode and run System File Checker (sfc /scannow).
B.Press Ctrl+Alt+Del, open Task Manager, then run a new task and type 'explorer.exe'.
C.Perform a system restore to a point before the issue started.
D.Check the display driver by pressing Windows+P and switching display modes.
AnswerB

This restarts the Windows shell, which is the most common fix for a black screen with a cursor. It is quick, safe, and often restores the desktop immediately.

Why this answer

A black screen with a cursor after login often indicates that the Windows Explorer shell (explorer.exe) has crashed or is not starting properly. Using Task Manager to manually restart the explorer.exe process is a quick and non-destructive first step that often resolves the issue without rebooting.

57
MCQeasy

A user calls the help desk saying their PC suddenly displays a ransom note demanding payment in Bitcoin to unlock their files. They cannot open any documents or images. What is the first action you should take?

A.Pay the ransom to get the decryption key.
B.Run a full antivirus scan immediately.
C.Disconnect the PC from the network.
D.Restore files from a recent backup without disconnecting.
AnswerC

Disconnecting stops the ransomware from encrypting network drives and contacting its command server, limiting damage.

Why this answer

The correct first action is to disconnect the PC from the network (Option C). This immediately isolates the infected system, preventing the ransomware from communicating with its command-and-control (C2) server to exfiltrate data or encrypt additional network shares. It also stops the ransomware from spreading laterally to other devices on the same LAN, which is critical for containment before any remediation steps are taken.

Exam trap

CompTIA often tests the principle of 'containment before eradication' — the trap here is that candidates may jump to scanning (Option B) or backup restoration (Option D) without first isolating the system, which would allow the ransomware to continue spreading or re-encrypting files during those actions.

How to eliminate wrong answers

Option A is wrong because paying the ransom does not guarantee you will receive a working decryption key, and it encourages further criminal activity; law enforcement and security best practices strongly advise against paying. Option B is wrong because running a full antivirus scan while the PC is still connected to the network allows the ransomware to continue communicating with its C2 server and potentially encrypt more files or spread to other systems; containment must come first. Option D is wrong because restoring files from a backup without first disconnecting the network risks re-infection if the backup media is still accessible over the network or if the ransomware is still active and can immediately re-encrypt the restored files.

58
MCQhard

A technician is investigating a computer that has been sending spam emails from the user's account without their knowledge. The user has not installed any new software recently. The technician finds a process running that matches a known botnet client. Which two steps should the technician take first to mitigate the threat?

A.Disconnect the computer from the network and terminate the malicious process.
B.Run a full antivirus scan and then update the firewall rules.
C.Change the user's email password and run a malware scan.
D.Reboot the computer into Safe Mode and then run a scan.
AnswerA

Disconnecting stops the botnet's command-and-control communication, and terminating the process halts the spam.

Why this answer

The immediate priority is to disconnect the computer from the network to stop the botnet communication and prevent further spam. Then, the technician should identify and terminate the malicious process. Scanning without disconnecting may allow continued data exfiltration.

59
MCQmedium

A technician is configuring a shared Android tablet for a retail kiosk. The tablet should only run a single point-of-sale app and prevent users from accessing settings or other apps. Which Android feature should be used?

A.Enable Guest Mode
B.Use Screen Pinning from the Overview (Recent Apps) menu
C.Boot the device into Safe Mode
D.Install a launcher replacement app
AnswerB

Screen Pinning locks the device to one app, and exiting requires a PIN, making it suitable for kiosk use.

Why this answer

Screen Pinning is the correct Android feature for kiosk mode because it locks the device to a single app, preventing users from navigating away to settings or other apps. When enabled from the Overview (Recent Apps) menu, it requires a PIN or password to unpin, ensuring the point-of-sale app remains the only accessible interface. This directly meets the requirement of a dedicated retail kiosk without needing third-party software or complex configurations.

Exam trap

A common mistake is that Safe Mode or Guest Mode can restrict app access, but Safe Mode disables third-party apps and Guest Mode still allows app switching, neither of which achieves the single-app lockdown required for a kiosk.

How to eliminate wrong answers

Option A is wrong because Guest Mode creates a separate user profile with limited access but does not lock the device to a single app; users can still switch to other apps or settings within the guest session. Option C is wrong because Safe Mode boots the device with only pre-installed system apps, disabling third-party apps like the point-of-sale app, which is counterproductive for a kiosk. Option D is wrong because a launcher replacement app can customize the home screen but does not enforce single-app lockdown; users can still access the Overview menu or notifications to launch other apps unless combined with additional restrictions like Screen Pinning.

60
MCQhard

A malicious script is suspected to have changed permissions on critical system files. The administrator needs to restore the /etc/passwd file to its default permissions, which are 644. The file is currently 777. Which command will set the correct permissions?

A.chmod 644 /etc/passwd
B.chmod 600 /etc/passwd
C.chmod 755 /etc/passwd
D.chmod 444 /etc/passwd
AnswerA

This sets owner read/write, group read, others read, which is the correct default for /etc/passwd.

Why this answer

The correct answer is A because chmod 644 /etc/passwd sets the permissions to rw-r--r--, which is the standard for /etc/passwd. This removes the world-writable and executable bits.

61
MCQmedium

A small business user needs to set up a VPN connection on their Windows 11 laptop to access company resources. They ask you which tool to use. Which administrative tool should you instruct them to open?

A.Device Manager to install a virtual network adapter.
B.Windows Settings > Network & internet > VPN.
C.Services console to enable the 'Remote Access Connection Manager' service.
D.Task Scheduler to create a task that launches the VPN client.
AnswerB

Correct. The VPN section in Windows Settings allows adding and configuring VPN connections.

Why this answer

Windows 11 includes a built-in VPN client that is configured through the Settings app under Network & internet > VPN. This is the correct administrative tool for a small business user to set up a VPN connection without needing additional software or advanced system tools.

Exam trap

This question tests the misconception that VPN configuration requires modifying system services or hardware settings, leading candidates to choose Device Manager or Services console instead of the straightforward Settings interface.

How to eliminate wrong answers

Option A is wrong because Device Manager is used to manage hardware devices and drivers, not to configure VPN connections; installing a virtual network adapter is not the primary step for setting up a VPN. Option C is wrong because the 'Remote Access Connection Manager' service is automatically started when needed and does not require manual enabling through the Services console for a standard VPN setup. Option D is wrong because Task Scheduler is used to automate tasks at specific times or events, not to launch a VPN client for on-demand connectivity.

62
MCQeasy

A company policy requires that all USB flash drives be automatically scanned for malware when inserted. Which Windows security setting should be configured to enforce this?

A.Enable Windows Defender Real-time Protection
B.Configure BitLocker To Go
C.Enable Windows Firewall
D.Set User Account Control to Always Notify
AnswerA

Real-time protection monitors file activity, including when a USB drive is inserted, and automatically scans for malware.

Why this answer

Windows Defender Real-time Protection (now part of Microsoft Defender Antivirus) automatically scans removable media, including USB flash drives, for malware upon insertion. This setting enforces the company policy by ensuring that any file accessed or executed from the drive is checked against known threat signatures in real time, without requiring manual scans.

Exam trap

The trap here is that candidates confuse encryption (BitLocker To Go) with malware scanning, or assume that network firewalls or UAC can protect against threats introduced via removable media, when only real-time antimalware scanning directly addresses the policy requirement.

How to eliminate wrong answers

Option B is wrong because BitLocker To Go provides encryption for USB drives to protect data at rest, not malware scanning. Option C is wrong because Windows Firewall controls network traffic based on rules and does not scan local storage devices for malware. Option D is wrong because User Account Control (UAC) prompts for administrative consent before system changes but does not perform any malware detection or scanning of inserted media.

63
MCQmedium

A user on a Windows 10 computer is unable to install a new application because they receive an error that 'Windows cannot verify the publisher of this driver software.' The application is from a trusted vendor. Which tool should you use to temporarily disable driver signature enforcement to complete the installation?

A.Device Manager
B.System Configuration (msconfig)
C.Advanced Startup Options (Disable driver signature enforcement)
D.Command Prompt with bcdedit /set testsigning on
AnswerC

This option in the Recovery Environment allows the system to boot with driver signature enforcement disabled, enabling installation of the driver.

Why this answer

Option C is correct because the error 'Windows cannot verify the publisher of this driver software' indicates that the driver lacks a valid digital signature, which is required by default on 64-bit Windows 10. The Advanced Startup Options menu provides a direct way to boot with 'Disable driver signature enforcement' temporarily, allowing the unsigned driver to load for the current session without permanently altering the system's security policy.

Exam trap

The trap here is that candidates often confuse 'bcdedit /set testsigning on' (which permanently enables test-signed drivers) with the temporary disable option in Advanced Startup Options, or they mistakenly think Device Manager or msconfig can override driver signature enforcement at the boot level.

How to eliminate wrong answers

Option A is wrong because Device Manager is used to manage hardware devices and update drivers, but it cannot bypass driver signature enforcement; it will still block installation of an unsigned driver. Option B is wrong because System Configuration (msconfig) is used to configure boot options like safe mode or startup services, but it does not have a built-in setting to disable driver signature enforcement; you would need to use Advanced Startup Options or a command-line tool. Option D is wrong because 'bcdedit /set testsigning on' enables Test Signing mode, which permanently allows unsigned drivers to load, but this is a persistent change that weakens security and is not intended for a one-time installation; it also requires a reboot and leaves the system in a less secure state.

64
MCQeasy

A small business owner wants to allow a remote employee to access their office desktop from home, but is concerned about security. They currently have a standard router with a public IP. Which of the following is the most secure method to enable this access?

A.Enable port forwarding on the router for TCP 3389 to the desktop's IP address.
B.Configure a VPN server on the office network and have the employee connect via VPN before using RDP.
C.Use a third-party remote desktop service like TeamViewer without additional configuration.
D.Change the RDP port to a non-standard port number and enable port forwarding.
AnswerB

A VPN encrypts all traffic and requires authentication, adding a layer of security before RDP access is permitted.

Why this answer

Exposing RDP directly to the internet is risky due to brute-force attacks. A VPN creates an encrypted tunnel, authenticating the user before allowing access to the internal network, making it far more secure. This is the recommended best practice.

65
MCQeasy

A company uses a cloud-based SaaS application for customer relationship management (CRM). Several employees report that they cannot access the CRM this morning, but internet connectivity is working. The IT support team checks the cloud provider's status page and finds no reported outages. What should the technician check next?

A.Verify that the DNS server is resolving the CRM URL correctly.
B.Check if the users' accounts have expired or if passwords need to be reset.
C.Reboot the company's firewall to clear any temporary blocks.
D.Reinstall the CRM application on the affected workstations.
AnswerB

Expired passwords or locked accounts are common reasons for individual access failures to SaaS applications.

Why this answer

When a cloud service is accessible to some but not others, the issue is often local authentication or configuration. Expired credentials or browser cache problems are common causes. The cloud provider's status page shows no outage, so the issue is likely client-side.

DNS and firewall settings would affect all users if misconfigured.

66
MCQhard

A security incident has occurred: a user's Mac running macOS Ventura was infected with malware that modified system files. The technician needs to boot the Mac into a mode that loads only essential Apple-signed kernel extensions and prevents third-party software from loading, in order to safely remove the malware. Which startup mode should they use?

A.Single-user mode (Command + S).
B.Verbose mode (Command + V).
C.Safe Mode (Shift key during startup).
D.Target Disk Mode (T key).
AnswerC

Safe Mode disables all non-Apple kernel extensions, startup items, and login items, providing a clean environment to remove malware. It also checks the startup disk for errors.

Why this answer

Safe Mode (Shift key during startup) is correct because it forces macOS to load only essential kernel extensions that are signed by Apple, disables all third-party startup items and login items, and runs a directory integrity check. This minimal environment prevents the malware from loading its own kernel extensions or other malicious code, allowing the technician to safely remove the infected files without interference.

Exam trap

Cisco often tests the distinction between startup modes that change the boot environment (Safe Mode) versus those that only alter the user interface or provide diagnostic output (Verbose, Single-user), leading candidates to mistakenly choose Single-user mode for malware removal when it does not restrict third-party kernel extensions.

How to eliminate wrong answers

Option A is wrong because Single-user mode (Command + S) boots into a command-line interface as root without the GUI, but it does not restrict kernel extension loading—third-party kexts can still be loaded, and the malware may already be active in the kernel space. Option B is wrong because Verbose mode (Command + V) merely displays detailed boot logs on screen; it does not disable third-party software or kernel extensions, so the malware would still load normally. Option D is wrong because Target Disk Mode (T key) turns the Mac into an external disk for file transfer over Thunderbolt or FireWire; it does not provide a secure environment for malware removal and does not prevent the malware from executing on the host system.

67
MCQmedium

A user reports that their Android phone's screen is flickering and the touch response is erratic after they dropped it. They have already tried a reboot. Which built-in diagnostic tool should you use to test the touchscreen and display functionality without any third-party apps?

A.Boot the device into Safe Mode to see if the issue persists.
B.Open the phone dialer and enter the hardware test code (e.g., *#0*#).
C.Enable 'Show taps' in Developer Options.
D.Perform a factory reset from Recovery Mode.
AnswerB

Many Android manufacturers include a built-in hardware diagnostic menu accessible via secret codes, allowing you to test the touchscreen, display, and other components.

Why this answer

Option B is correct because the Samsung service menu code *#0*# (or similar manufacturer-specific codes) provides a built-in hardware diagnostic suite that tests the touchscreen, display colors, and other sensors directly, without requiring any third-party apps. This is the appropriate tool for isolating a hardware issue after a physical drop, as it bypasses the OS layer to test the underlying hardware components.

Exam trap

CompTIA often tests the distinction between software troubleshooting (Safe Mode, factory reset) and hardware diagnostics (built-in test codes), and the trap here is that candidates confuse Safe Mode's ability to disable third-party apps with a hardware test, when in fact it only rules out app conflicts.

How to eliminate wrong answers

Option A is wrong because Safe Mode only disables third-party apps and does not test hardware; it would not isolate a physical screen or touch controller issue caused by impact damage. Option C is wrong because 'Show taps' in Developer Options only visualizes touch input on the screen and does not perform any diagnostic or stress test of the display or touch hardware. Option D is wrong because a factory reset erases all user data and resets software settings but does not test or repair hardware; it is a software troubleshooting step that would be ineffective for a physical drop damage.

68
MCQmedium

A technician is setting up remote access for a salesperson who frequently works from coffee shops. The company uses a VPN with two-factor authentication (2FA). The salesperson reports that after entering their username and password, they receive a prompt for a code but do not have their token. What should the technician do to resolve this?

A.Disable two-factor authentication for the user's account temporarily.
B.Provide the user with a one-time bypass code from the administrator console.
C.Instruct the user to reset their password and try again.
D.Ask the user to connect from a different network location.
AnswerB

Most 2FA systems allow administrators to generate temporary codes for users who have lost their token, maintaining security while granting access.

Why this answer

This scenario tests knowledge of 2FA troubleshooting. The user has a token but does not have it available. The correct action is to provide a temporary bypass code, which is a standard feature of 2FA systems for such situations.

Disabling 2FA would weaken security, and other options are not appropriate.

69
MCQmedium

After a malware infection, a user's Windows 10 PC has several suspicious scheduled tasks that run at startup. Which administrative tool should you use to review and disable these tasks?

A.Services console to stop the 'Task Scheduler' service.
B.Task Scheduler to examine the task library and disable suspicious entries.
C.Resource Monitor to see which tasks are currently running.
D.Windows Firewall with Advanced Security to block the tasks' network access.
AnswerB

Correct. Task Scheduler provides a full list of scheduled tasks, including those created by malware, and allows disabling or deleting them.

Why this answer

The Task Scheduler (taskschd.msc) is the correct administrative tool to review and disable suspicious scheduled tasks because it provides a centralized library of all tasks, including their triggers, actions, and conditions. After a malware infection, attackers often create persistent scheduled tasks that run at startup; using Task Scheduler, you can navigate to the Task Scheduler Library, locate the malicious entries, and disable or delete them directly without affecting the core Task Scheduler service.

Exam trap

The CompTIA A+ exam often tests the misconception that stopping a service or using a firewall rule can disable a scheduled task, but the correct approach is to use the Task Scheduler itself to manage the task entries directly.

How to eliminate wrong answers

Option A is wrong because stopping the 'Task Scheduler' service would disable all scheduled tasks, including legitimate system tasks, and is not a targeted method for reviewing or disabling specific suspicious entries; it also does not allow you to examine the task library. Option C is wrong because Resource Monitor shows real-time system resource usage and currently running processes, but it does not display scheduled tasks or allow you to disable them; it is not designed for managing task definitions. Option D is wrong because Windows Firewall with Advanced Security controls network traffic based on rules, not scheduled tasks; blocking a task's network access would not disable the task itself, and the task would still execute locally, potentially causing harm.

70
MCQmedium

During a security audit, a technician discovers that an employee's company-issued iPhone has been jailbroken. The employee claims they only did it to customize the home screen. Which security risk is most directly associated with a jailbroken device in a corporate environment?

A.The device cannot receive iOS updates.
B.It voids the warranty.
C.It bypasses app sandbox restrictions, potentially exposing corporate data.
D.The device will perform slower.
AnswerC

Jailbreaking removes iOS security layers, including sandboxing, allowing malicious apps to access data from other apps, which is a severe data leakage risk.

Why this answer

Jailbreaking removes the iOS sandbox restrictions that normally isolate each app's data and prevent unauthorized access to the file system. Without these restrictions, a malicious or compromised app on the jailbroken device can read, copy, or exfiltrate corporate data stored by other apps (e.g., email, VPN certificates, MDM profiles), directly violating data confidentiality in a corporate environment.

Exam trap

The trap here is that candidates focus on the employee's stated reason (customization) and mistakenly choose a non-security answer like 'voids warranty' or 'slower performance,' overlooking the fundamental security principle that jailbreaking breaks app isolation and exposes corporate data.

How to eliminate wrong answers

Option A is wrong because jailbroken devices can still receive iOS updates, though they often break the jailbreak; the primary security risk is not the inability to update but the bypass of sandbox restrictions. Option B is wrong because voiding the warranty is a legal/contractual issue, not a direct security risk to corporate data. Option D is wrong because performance degradation is not a guaranteed or primary security concern; the core risk is the loss of app isolation and data protection.

71
MCQmedium

A user reports that their MacBook Pro running macOS Big Sur will not boot past the Apple logo. You suspect a corrupted system file. You need to boot into a special mode to run Disk Utility's First Aid on the startup volume. Which key combination should you hold during startup?

A.Hold the Option (⌥) key.
B.Hold Command (⌘) + R.
C.Hold the Shift key.
D.Hold Command (⌘) + Option (⌥) + P + R.
AnswerB

This boots into macOS Recovery, where Disk Utility is available. Running First Aid can repair disk errors that may be preventing the system from booting.

Why this answer

Holding Command (⌘) + R during startup boots macOS into the built-in macOS Recovery system, which includes Disk Utility. From there, you can run First Aid on the startup volume to repair a corrupted system file. This is the standard recovery mode for Intel-based Macs running macOS Big Sur.

Exam trap

The CompTIA A+ exam often tests the distinction between recovery modes (Command+R) and other startup key combinations (like Option for Startup Manager or Shift for Safe Mode), expecting candidates to confuse the purpose of each key combination.

How to eliminate wrong answers

Option A is wrong because holding the Option (⌥) key boots into the Startup Manager, which lets you select a different startup disk, not a recovery environment. Option C is wrong because holding the Shift key boots into Safe Mode, which disables non-essential kernel extensions and login items but does not provide Disk Utility or First Aid for repairing system files. Option D is wrong because holding Command (⌘) + Option (⌥) + P + R resets the NVRAM/PRAM (non-volatile random-access memory/parameter RAM), which clears certain hardware settings but does not load a recovery environment or allow disk repair.

72
MCQmedium

A user reports that their computer is displaying a message claiming their files are encrypted and they must pay 0.5 Bitcoin to a specific address to regain access. The user cannot open any documents or photos. What is the first step the technician should take to respond to this incident?

A.Pay the ransom to recover the files immediately.
B.Disconnect the computer from the network.
C.Run a full antivirus scan to remove the malware.
D.Reboot the computer into Safe Mode.
AnswerB

Isolating the system prevents the ransomware from spreading to other networked devices.

Why this answer

The first step in a ransomware incident is to isolate the infected system from the network to prevent the malware from spreading to other devices. Attempting to decrypt without tools or paying the ransom are not recommended initial actions.

73
MCQmedium

A non-profit organization is upgrading its computers and wants to donate the old ones to a local school. The HDDs contain donor information that must be kept confidential. The organization wants the drives to be reusable. Which method should be used?

A.Use a degausser to erase the drives.
B.Physically drill holes through the drive platters.
C.Perform a full overwrite with zeros using disk-wiping software.
D.Delete all files and empty the recycle bin.
AnswerC

A full overwrite ensures data is unrecoverable while keeping the drive fully functional for the school.

Why this answer

Option C is correct because performing a full overwrite with zeros using disk-wiping software ensures that all data on the HDDs is irrecoverably destroyed while leaving the drives functional for reuse. This method meets the organization's need for confidentiality (donor information) and reusability, as it overwrites every sector of the drive, including hidden areas like the HPA and DCO, with a known pattern (e.g., zeros or random data), making data recovery infeasible with standard tools.

Exam trap

A+ often tests the misconception that deleting files or using a degausser is sufficient for data confidentiality while maintaining reusability, but degaussing destroys the drive's functionality and deleting files leaves recoverable data, so candidates must recognize that only a full overwrite balances security and reuse.

How to eliminate wrong answers

Option A is wrong because using a degausser exposes the drives to a strong magnetic field that destroys the servo tracks and low-level formatting, rendering the HDDs completely unusable and non-reusable, which contradicts the requirement for reusability. Option B is wrong because physically drilling holes through the drive platters destroys the platters and makes the drives non-functional, preventing reuse; this method is appropriate only for physical destruction, not for drives that need to be repurposed. Option D is wrong because deleting files and emptying the recycle bin only removes file system pointers, leaving the actual data intact on the platters; the data can be easily recovered using file recovery software, failing to ensure confidentiality.

74
MCQhard

A company uses a web application for internal communication. A security audit reveals that the application is vulnerable to cross-site scripting (XSS). Which browser security feature can help mitigate the risk for users while the application is being patched?

A.Enable pop-up blocker
B.Configure the browser to use a proxy server
C.Implement Content Security Policy (CSP) headers on the web server
D.Disable JavaScript in the browser
AnswerC

CSP allows the server to specify which scripts are allowed, preventing execution of injected scripts.

Why this answer

Option C is correct because Content Security Policy (CSP) is a browser security mechanism that allows a web server to specify which sources of content (scripts, styles, images, etc.) are trusted. By implementing CSP headers (e.g., Content-Security-Policy: script-src 'self'), the server instructs the browser to block inline scripts and other potentially malicious content, effectively mitigating XSS attacks even before the application code is patched. CSP operates as a defense-in-depth layer that the browser enforces, reducing the attack surface for users.

Exam trap

Many candidates for the CompTIA A+ exam mistakenly think disabling JavaScript is a viable XSS mitigation, but the trap is that this breaks application functionality and is not a selective security control, whereas CSP provides granular control over script execution without disabling all JavaScript.

How to eliminate wrong answers

Option A is wrong because a pop-up blocker only prevents unwanted pop-up windows; it does not inspect or block malicious scripts injected into the page, so it cannot mitigate XSS. Option B is wrong because configuring a proxy server changes how HTTP requests are routed but does not alter the browser's execution of scripts or enforce content restrictions; a proxy cannot prevent the browser from running injected JavaScript. Option D is wrong because disabling JavaScript entirely would break the web application's core functionality (since it is a web application for internal communication, likely relying on JavaScript), and it is not a practical or selective mitigation; CSP allows JavaScript to run from trusted sources while blocking malicious scripts, whereas disabling JavaScript is a blunt, non-selective approach.

75
MCQhard

A technician receives an email that appears to be from the company's HR department asking them to click a link to update their direct deposit information. The email contains several grammatical errors and the sender's domain is 'company-hr.com' instead of the official 'company.com'. What is the most effective way to confirm this is a phishing attempt?

A.Reply to the email asking for verification.
B.Click the link to see if it looks legitimate.
C.Forward the email to the company's security team for analysis.
D.Call the phone number listed in the email signature.
AnswerC

Forwarding to the security team allows experts to analyze headers, links, and other indicators to confirm phishing.

Why this answer

Option C is correct because forwarding the suspicious email to the company's security team allows trained analysts to inspect headers, attachments, and URLs in a sandboxed environment without exposing the technician to risk. This aligns with organizational incident response procedures for phishing, as the security team can verify the sender domain (e.g., SPF/DKIM/DMARC failures) and determine if the email is malicious.

Exam trap

CompTIA A+ exams often test the principle that verifying suspicious emails through official channels (e.g., security team) is safer than any direct interaction with the email's contents or contacts, and the trap here is that candidates may think calling a listed number is safe, but attackers can spoof phone numbers or use VoIP to appear legitimate.

How to eliminate wrong answers

Option A is wrong because replying to the email confirms the technician's address as active to the attacker and may trigger further targeted attacks; legitimate HR would not request sensitive updates via an unverified link. Option B is wrong because clicking the link could execute a drive-by download, redirect to a credential harvesting page, or install malware, even if the page appears legitimate. Option D is wrong because the phone number in the email signature is likely controlled by the attacker or spoofed, and calling it could lead to social engineering or verification of the technician's contact details.

Page 1 of 10

Page 2

All pages