CompTIA A+ Core 2 220-1202 (220-1202) — Questions 76150

750 questions total · 10pages · All types, answers revealed

Page 1

Page 2 of 10

Page 3
76
MCQmedium

A technician is configuring a new workstation for an executive who requested specific software. The executive's assistant says the executive is very busy and wants the setup done quickly without any questions. What is the most professional response?

A.Proceed with the installation as requested to respect the executive's time.
B.Ask the assistant to confirm the exact software list and any version requirements before starting.
C.Install the software that is most commonly used by other executives.
D.Tell the assistant that you cannot proceed without talking to the executive directly.
AnswerB

This ensures accuracy and prevents rework, showing professionalism and attention to detail.

Why this answer

Option B is correct because it demonstrates professional due diligence: confirming the exact software list and version requirements prevents misconfigurations that could waste the executive's time later. A technician must verify requirements before installation to avoid compatibility issues or missing critical features, which is a core communication skill in the CompTIA A+ 220-1202 domain.

Exam trap

The trap here is that candidates may assume 'respecting time' means immediate action (Option A), but CompTIA tests that professionalism requires verification to prevent costly errors, not blind compliance.

How to eliminate wrong answers

Option A is wrong because proceeding without verification risks installing incorrect software versions or missing dependencies, leading to rework and wasted time. Option C is wrong because assuming 'most commonly used' software may not meet the executive's specific needs, causing functionality gaps and potential security issues. Option D is wrong because refusing to proceed without direct executive contact is overly rigid and unprofessional; the assistant is a valid point of contact for initial coordination.

77
MCQhard

A user reports that they can no longer access the internet after installing a new software application. The technician suspects the application modified system settings. Which security feature could have prevented this?

A.Windows Defender Firewall
B.User Account Control (UAC)
C.BitLocker Drive Encryption
D.Windows Defender Antivirus
AnswerB

UAC prompts for administrator approval before system changes, which could have blocked the application from modifying settings.

Why this answer

User Account Control (UAC) is the correct answer because it is specifically designed to prevent unauthorized changes to system settings by prompting for administrator approval before allowing software to make modifications that affect system-wide configurations, such as network or security settings. When a new application attempts to modify system settings (e.g., proxy, DNS, or firewall rules) without explicit consent, UAC can block or require elevation, thus preventing the reported internet access issue. This aligns with the scenario where the technician suspects the application altered system settings, as UAC directly controls privilege escalation for such actions.

Exam trap

CompTIA A+ exams often test the misconception that a firewall (Option A) can prevent unauthorized system modifications, but the trap here is that firewalls only control network traffic, not local system setting changes, which is a distinct security function handled by UAC.

How to eliminate wrong answers

Option A is wrong because Windows Defender Firewall is a host-based packet filter that controls inbound and outbound network traffic based on rules, but it does not prevent software from modifying system settings like proxy or DNS configurations; it only blocks or allows network connections. Option C is wrong because BitLocker Drive Encryption is a full-disk encryption feature that protects data at rest by encrypting the entire drive, but it has no mechanism to prevent software from altering system settings or network configurations. Option D is wrong because Windows Defender Antivirus is a malware detection and removal tool that scans for known malicious signatures and behaviors, but it does not inherently block legitimate software from changing system settings unless the change is identified as malicious by heuristic analysis, which is not guaranteed for non-malicious applications.

78
MCQhard

A security auditor discovers that a company's data destruction logs show only a quick format was performed on drives before disposal. The drives contained personally identifiable information (PII). What is the primary risk?

A.The drives may not boot properly after disposal.
B.The drives could be reused without any issues.
C.The PII data is still recoverable from the drives.
D.The drives will no longer hold a magnetic charge.
AnswerC

Quick formatting only removes the file system index; data remains on the drive and can be recovered with data recovery tools.

Why this answer

A quick format only clears the file system metadata (e.g., the Master File Table on NTFS) and marks the drive's sectors as available for new data, but it does not overwrite the actual data stored in those sectors. Because the PII data remains physically on the platters or NAND cells, it can be easily recovered using file recovery tools or forensic software. This makes the data destruction process incomplete and poses a severe compliance and privacy risk.

Exam trap

CompTIA often tests the misconception that a quick format erases all data, when in reality it only removes the file system pointers, leaving the actual data intact and recoverable.

How to eliminate wrong answers

Option A is wrong because a quick format does not affect the drive's ability to boot; the drive can still be booted after a quick format if an operating system is installed. Option B is wrong because while the drive can be reused, the underlying PII data remains recoverable, so reuse without proper sanitization does not eliminate the risk of data exposure. Option D is wrong because a quick format does not alter the magnetic charge of the drive's platters; the data is still magnetically stored and recoverable until overwritten.

79
MCQmedium

A client wants to upgrade their entire office of 50 computers and asks for advice on environmentally friendly disposal of the old units. Which approach best aligns with environmental best practices?

A.Donate the computers to a local school without wiping data.
B.Sell the computers to a scrap metal dealer.
C.Contract a certified e-waste recycling company to handle the disposal.
D.Have employees take the computers home for personal use.
AnswerC

This is correct because certified recyclers follow regulations to safely dismantle and recycle components, minimizing pollution.

Why this answer

Option C is correct because certified e-waste recycling companies follow strict environmental regulations (e.g., the Basel Convention and local e-waste laws) to ensure hazardous materials like lead, mercury, and cadmium are safely extracted and disposed of, while also securely destroying data through methods such as degaussing or physical shredding. This approach minimizes environmental harm and aligns with the EPA's recommended practices for responsible electronics recycling.

Exam trap

CompTIA often tests the misconception that donation or reuse is always the greenest option, but the trap here is that environmental best practices require both secure data destruction and proper hazardous material handling, which only a certified e-waste recycler guarantees.

How to eliminate wrong answers

Option A is wrong because donating computers without wiping data violates data privacy best practices and could expose sensitive company information, even if the intent is reuse. Option B is wrong because selling computers to a scrap metal dealer typically bypasses proper hazardous material handling, leading to toxic components like CRT glass or lithium batteries ending up in landfills or being processed unsafely. Option D is wrong because allowing employees to take computers home for personal use does not guarantee environmentally sound disposal and often results in devices being discarded improperly later, without any certified recycling process.

80
MCQeasy

A user reports that their Windows 10 PC is running slowly after they installed a new program. You need to identify which service or startup program is consuming the most CPU resources to troubleshoot the issue. Which administrative tool should you use?

A.Event Viewer
B.Task Manager
C.Services.msc
D.Performance Monitor
AnswerB

Task Manager's Processes tab shows CPU, memory, and disk usage for each running process, allowing you to pinpoint the culprit.

Why this answer

Task Manager provides real-time performance monitoring, including CPU usage per process. This makes it the ideal tool for quickly identifying resource hogs. Other tools like Event Viewer or Services.msc are for different purposes.

81
MCQeasy

During a security audit, you find that a company's server room door is propped open with a trash can to allow airflow. What is the most immediate physical security risk in this scenario?

A.Increased dust entering the server room
B.Fire suppression system may not work
C.Unauthorized personnel can enter the server room
D.The door closer will wear out faster
AnswerC

An unsecured door allows anyone to walk in, defeating the purpose of access controls and posing a serious security threat.

Why this answer

Option C is correct because the most immediate physical security risk of a propped-open server room door is that it completely bypasses access control mechanisms (e.g., badge readers, PIN pads, biometric scanners). This allows any unauthorized person—whether an employee without clearance, a visitor, or an intruder—to enter the server room undetected, potentially leading to theft, vandalism, or data breaches. Physical security controls are the first line of defense, and an open door nullifies them instantly.

Exam trap

This question tests the ability to prioritize immediate security risks over environmental or maintenance issues; the trap is choosing a plausible but less critical concern (like dust or fire suppression) instead of the direct breach of physical access control.

How to eliminate wrong answers

Option A is wrong because while increased dust can be a concern for equipment longevity, it is not the most immediate security risk; dust accumulation is a gradual environmental issue, not an instant security breach. Option B is wrong because a propped-open door does not directly affect the fire suppression system (e.g., FM-200 or inert gas systems) unless the door is part of the room's containment strategy, but the immediate risk is still unauthorized access, not suppression failure. Option D is wrong because door closer wear is a maintenance concern, not a security risk; it is a long-term mechanical issue that does not pose an immediate threat to assets or data.

82
MCQhard

A company's security policy requires that all USB storage devices be blocked on company workstations to prevent data exfiltration. A manager needs to temporarily use a USB drive for a presentation. What is the best way to remediate this while maintaining security?

A.Disable the USB blocking Group Policy for the entire domain
B.Use a Group Policy to allow only the specific USB device by hardware ID, then remove the allowance after use
C.Give the manager a company-approved USB drive and tell them to use it only once
D.Create a local admin account on the manager's workstation and disable the USB block locally
AnswerB

This maintains security by only allowing a known device, and you can revert the policy afterward.

Why this answer

Option B is correct because it uses Group Policy to enforce a device installation restriction by hardware ID, allowing only the specific USB device while blocking all others. This maintains the security policy's intent by preventing unauthorized devices while granting temporary, auditable access. After use, removing the allowance restores the full block without domain-wide disruption.

Exam trap

The trap here is that candidates may choose Option A or D because they think disabling the block domain-wide or using a local admin account is simpler, but CompTIA A+ tests the principle of least privilege and maintaining centralized security controls through Group Policy.

How to eliminate wrong answers

Option A is wrong because disabling the USB blocking Group Policy for the entire domain removes protection from all workstations, violating the security policy and exposing the organization to data exfiltration. Option C is wrong because giving a company-approved USB drive without technical controls does not enforce the block; the manager could still use other USB devices, and the policy relies on user compliance rather than technical enforcement. Option D is wrong because creating a local admin account bypasses Group Policy and weakens security by allowing the manager to disable the block locally, which could be exploited or persist after use.

83
MCQeasy

A user reports that their Android phone will not connect to their corporate Wi-Fi network, but other devices connect fine. They have forgotten the network and re-entered the password, but it still fails. What should you check first?

A.Check if the router is using MAC address filtering.
B.Verify the Wi-Fi password is being entered correctly.
C.Reset the phone's network settings to default.
D.Update the phone's operating system to the latest version.
AnswerB

The most common issue is a typo or case error in the password, especially after forgetting and re-entering the network.

Why this answer

Option B is correct because the most common cause of a single device failing to connect after forgetting and re-entering the network is a typo or case-sensitive error in the Wi-Fi password. Since other devices connect fine, the issue is isolated to the phone, and verifying the password is the quickest, least intrusive step before escalating to more complex troubleshooting.

Exam trap

CompTIA often tests the candidate's ability to follow a logical troubleshooting methodology (OSI model layer by layer), and the trap here is that many candidates jump to advanced settings like MAC filtering or network resets instead of starting with the most basic, user-error-prone step of verifying the password.

How to eliminate wrong answers

Option A is wrong because MAC address filtering would affect all devices not on the allowlist, not just this one phone; since other devices connect fine, the router is not blocking this phone by MAC. Option C is wrong because resetting network settings is a drastic step that should only be taken after simpler checks like password verification, and it would erase saved Wi-Fi networks, Bluetooth pairings, and VPN configurations unnecessarily. Option D is wrong because an OS update is a time-consuming, system-level change that addresses bugs or security flaws, not a password entry issue; the phone's current OS version is unlikely to prevent connection if the password is correct.

84
MCQhard

A user's Windows 10 PC is experiencing random freezes and application crashes. You suspect a corrupted system file. You run sfc /scannow but it reports that it cannot repair some files. What is the next best step to repair the system files using a DISM command?

A.Run chkdsk /f
B.Run DISM /Online /Cleanup-Image /RestoreHealth
C.Run System Restore
D.Run Windows Update
AnswerB

DISM /RestoreHealth repairs the system image, enabling sfc to function correctly afterward.

Why this answer

The correct next step is to run DISM /Online /Cleanup-Image /RestoreHealth because SFC (System File Checker) relies on a healthy component store (WinSxS) to replace corrupted files. When SFC cannot repair files, it indicates the component store itself may be damaged. DISM repairs the component store by using Windows Update as the source, or a specified repair source, thereby enabling SFC to succeed on a subsequent scan.

Exam trap

The trap here is that candidates often assume SFC is the ultimate repair tool and overlook that DISM must fix the underlying component store first, leading them to choose chkdsk or System Restore as a quick fix.

How to eliminate wrong answers

Option A is wrong because chkdsk /f checks and repairs file system integrity and disk errors, not system file corruption; it addresses issues like bad sectors or MFT corruption, not the Windows component store. Option C is wrong because System Restore reverts system files and registry settings to a previous restore point, but it does not directly repair the component store or replace corrupted system files from a known good source; it may also fail if the restore point itself is corrupted. Option D is wrong because Windows Update installs updates and patches but does not repair existing corrupted system files in the component store; DISM is the tool designed for that purpose.

85
MCQhard

A user reports that their iPhone's flashlight is not working, and the camera app shows a black screen. Other apps function normally. The device is up-to-date and has been restarted. What is the most likely hardware-related issue?

A.The battery is failing and cannot provide enough power.
B.The camera app is corrupted; reinstall it.
C.The camera module or its flex cable is damaged.
D.The iOS has a bug that affects the camera and flashlight.
AnswerC

The LED flash is part of the camera module; damage to the module or its connection can disable both the camera and flashlight.

Why this answer

The simultaneous failure of the flashlight and camera strongly points to a shared hardware component failure. Both the camera module and the LED flash are typically integrated on the same flex cable assembly or share a common power management IC. Since other apps function normally and the device has been restarted, a hardware fault in the camera module or its flex cable is the most likely cause.

Exam trap

CompTIA often tests the concept of shared hardware dependencies, where candidates mistakenly attribute a dual-component failure to a software bug or battery issue instead of recognizing the common physical connection.

How to eliminate wrong answers

Option A is wrong because a failing battery would cause system-wide power issues, not isolate the camera and flashlight; the device would likely show a low-battery warning or shut down under load. Option B is wrong because the camera app is a system app that cannot be reinstalled by the user, and a corrupted app would not affect the flashlight, which is controlled by a separate daemon. Option D is wrong because a software bug affecting both camera and flashlight would typically be patched in an up-to-date iOS version, and a restart would not resolve a persistent hardware fault.

86
MCQmedium

A technician is troubleshooting a Windows 10 computer where the user cannot install a legitimate browser extension because the browser displays a warning that extensions from this source are not allowed. What setting is likely blocking the installation?

A.The browser is in private browsing mode.
B.The computer is running Windows 10 in S mode.
C.The user account does not have administrator privileges.
D.The browser's security level is set to high.
AnswerB

S mode only allows apps from the Microsoft Store, which can prevent installation of extensions from outside the store.

Why this answer

Windows 10 in S mode enforces a security policy that restricts application installations exclusively to the Microsoft Store. This includes browser extensions, which are blocked unless they are obtained from the Store. The browser warning directly reflects this OS-level restriction, not a browser-specific setting.

Exam trap

The trap is that candidates often confuse browser-specific security settings (like high security zones or private browsing) with OS-level restrictions, failing to recognize that Windows 10 S mode is a unique configuration tested in CompTIA A+ that blocks all non-Store software, including browser extensions.

How to eliminate wrong answers

Option A is wrong because private browsing mode only prevents local history/cookie storage; it does not block extension installations from any source. Option C is wrong because while administrator privileges may be required for some system-wide installations, standard browser extensions typically install per-user and do not require admin rights; the warning here is about source restriction, not privilege level. Option D is wrong because a high security level in the browser might block active content or prompt for permissions, but it does not produce a warning that extensions from a specific source are not allowed; that behavior is characteristic of Windows 10 S mode.

87
MCQmedium

A user calls the help desk saying that every time they click a link in an email, their browser opens a page that says 'Your computer is infected! Call this number.' They are unable to close the page normally. What type of attack is this, and what is the first step you should take?

A.Phishing attack; immediately change the user's email password
B.Browser hijacker; run a full antivirus scan immediately
C.Tech support scam; force close the browser using Task Manager, then run a security scan
D.Drive-by download; disconnect the computer from the network
AnswerC

This matches the scenario: a fake alert designed to trick the user into calling a scam number. Force closing stops the attack.

Why this answer

This is a tech support scam using a social engineering tactic to frighten the user. The correct first step is to close the browser forcefully using Task Manager, then run a security scan. This tests the ability to distinguish between different attack types and appropriate response procedures.

88
MCQhard

During a routine security scan, a technician finds that a user's workstation has an open port 3389 that is accessible from the internet. The user denies enabling Remote Desktop. What is the most likely security implication and immediate action?

A.The port is likely used by a legitimate application; no action is needed.
B.Disable the Remote Desktop service and block port 3389 at the firewall immediately.
C.Change the RDP listening port to a non-standard port to hide it.
D.Enable Network Level Authentication (NLA) on the workstation.
AnswerB

Disabling the service and blocking the port at the firewall are the correct immediate steps to eliminate the exposure, followed by an investigation into how it was enabled.

Why this answer

Port 3389 is the default port for Remote Desktop Protocol (RDP). An open RDP port accessible from the internet is a critical security risk because it exposes the workstation to brute-force attacks, credential theft, and remote exploitation (e.g., BlueKeep, CVE-2019-0708). The immediate action is to disable the Remote Desktop service and block port 3389 at the firewall, as the user denies enabling it, indicating possible unauthorized activation or malware.

Exam trap

CompTIA A+ exams often test the misconception that changing a default port or enabling additional authentication is sufficient to secure an exposed service, when the correct immediate action is to close the port and disable the service entirely.

How to eliminate wrong answers

Option A is wrong because port 3389 is exclusively assigned to RDP by IANA; no legitimate internet-facing application uses this port by default, and leaving it open invites exploitation. Option C is wrong because changing the listening port to a non-standard port is security through obscurity and does not address the root cause; attackers can still discover the port via scanning and the service remains vulnerable. Option D is wrong because enabling Network Level Authentication (NLA) only adds an authentication layer but does not prevent exposure to the internet; the port remains open and accessible, still allowing brute-force or vulnerability-based attacks.

89
MCQhard

A technician is troubleshooting a server that repeatedly trips the circuit breaker in the data center. The server is plugged into a power strip that is also serving two other high-power devices. What is the most appropriate safety and troubleshooting step?

A.Replace the power strip with a higher-rated one and reset the breaker.
B.Move one of the other high-power devices to a different circuit and plug the server directly into a wall outlet on its own circuit.
C.Reset the breaker and use a UPS with a higher wattage rating.
D.Install a larger circuit breaker in the panel to handle the load.
AnswerB

This reduces the load on the original circuit and ensures the server has dedicated power, preventing overload.

Why this answer

The repeated tripping indicates the circuit is overloaded. The safest and most effective step is to redistribute the load by moving one high-power device to a different circuit and plugging the server directly into a dedicated wall outlet. This isolates the server's power draw and prevents overloading the shared circuit, addressing the root cause without bypassing safety limits.

Exam trap

CompTIA often tests the misconception that upgrading the power strip or breaker is a valid fix, when in fact the correct approach is to redistribute the load to separate circuits to stay within safe electrical limits.

How to eliminate wrong answers

Option A is wrong because replacing the power strip with a higher-rated one does not change the circuit's maximum current capacity (typically 15A or 20A in a data center); the breaker will still trip if the total load exceeds that limit. Option C is wrong because resetting the breaker and using a higher-wattage UPS does not solve the overload; the UPS itself draws power from the same circuit and could still cause tripping if the total load exceeds the breaker rating. Option D is wrong because installing a larger circuit breaker without verifying the wiring gauge and outlet ratings is a fire hazard; the wiring may not be rated for higher current, violating electrical code and safety standards.

90
MCQhard

A user is unable to change their desktop background because the option is grayed out. You suspect a Group Policy setting is enforcing a specific wallpaper. Which Control Panel tool would you use to check if a Group Policy is applied, and what is the specific path to verify this setting?

A.System > Advanced system settings > Performance
B.Personalization > Background
C.Administrative Tools > Local Security Policy
D.Ease of Access Center > Make the computer easier to see
AnswerC

Local Security Policy (secpol.msc) can show applied security policies, including those that restrict desktop settings, though Group Policy Editor is more comprehensive.

Why this answer

The Administrative Tools in Control Panel provides access to 'Local Security Policy' or 'Group Policy Management' for advanced users. However, the quickest way to check applied policies is to run 'rsop.msc' from the Run dialog, which is not in Control Panel. The correct answer tests knowledge that Administrative Tools contains shortcuts to policy editors, but the specific tool is not directly in Control Panel.

The best choice is Administrative Tools > Local Security Policy or Group Policy Editor, depending on Windows edition.

91
MCQmedium

A technician is troubleshooting a Windows 10 computer that exhibits strange behavior: system files are missing, and the computer fails to boot normally. A boot-time virus scan detects a virus that infected the Master Boot Record (MBR). Which tool should the technician use to repair the MBR?

A.System Restore
B.Bootrec.exe /FixMbr
C.SFC /Scannow
D.CHKDSK /F
AnswerB

This command rewrites the MBR, fixing boot issues caused by MBR viruses.

Why this answer

The Bootrec.exe /FixMbr command writes a new Master Boot Record (MBR) to the system partition, overwriting the infected boot code without affecting the existing partition table. This is the correct tool for repairing a virus-compromised MBR that prevents normal booting on Windows 10.

Exam trap

The trap here is that candidates confuse SFC /Scannow with a boot repair tool, but SFC only works on the installed OS and cannot touch the MBR, which is outside the file system.

How to eliminate wrong answers

Option A is wrong because System Restore restores system files and registry settings from a restore point, but it does not repair the MBR, which resides outside the file system in the first sector of the disk. Option C is wrong because SFC /Scannow scans and repairs protected system files within the Windows installation, but it cannot fix the MBR, which is a low-level boot structure not managed by the Windows File Protection mechanism. Option D is wrong because CHKDSK /F checks the file system integrity and fixes logical errors on the disk volume, but it does not write or repair the MBR boot code.

92
MCQhard

A user reports that their Windows 10 PC suddenly shows a 'Your IT administrator has limited access' message when trying to change the desktop background. The user has local administrator rights. Which Group Policy or registry setting is most likely misconfigured?

A.The 'Prevent changing desktop background' policy is enabled in Local Group Policy.
B.The user's account is not part of the Administrators group.
C.The desktop background file is corrupted.
D.The Windows license has expired.
AnswerA

This policy under User Configuration > Administrative Templates > Control Panel > Personalization restricts background changes, overriding admin rights.

Why this answer

The 'Prevent changing desktop background' policy, when enabled in Local Group Policy Editor (gpedit.msc) under User Configuration > Administrative Templates > Control Panel > Personalization, explicitly blocks background changes regardless of local administrator rights. Since the user has local admin rights but still sees the restriction, this policy is the most likely cause, as it overrides user permissions.

Exam trap

CompTIA often tests the misconception that local administrator rights bypass all Group Policy restrictions, but in reality, many administrative templates apply to all users, including administrators, unless specifically configured otherwise.

How to eliminate wrong answers

Option B is wrong because the user already has local administrator rights, so not being part of the Administrators group is contradictory to the scenario. Option C is wrong because a corrupted background file would cause a display issue (e.g., black screen or error), not a specific 'IT administrator has limited access' message. Option D is wrong because an expired Windows license triggers activation warnings (e.g., 'Windows is not activated') and may disable personalization features, but it does not produce the exact 'Your IT administrator has limited access' message, which is specific to Group Policy restrictions.

93
MCQmedium

A graphic designer reports that their MacBook Pro running macOS Monterey suddenly shows a gray screen with a folder icon containing a question mark at startup. They have important client files on the internal SSD. What is the most likely cause of this issue?

A.The user’s Time Machine backup has failed
B.The firmware password is enabled
C.macOS cannot locate a valid boot volume or system folder
D.The user’s login keychain is corrupted
AnswerC

This is the classic symptom of a missing or corrupted boot volume, often fixable via Recovery Mode or Disk Utility.

Why this answer

The gray screen with a folder icon containing a question mark indicates that the Mac's startup process cannot locate a valid boot volume or system folder. This is a classic symptom of a missing or corrupted boot loader, damaged system files, or a disconnected internal SSD, which prevents macOS from finding the required bootable system.

Exam trap

The A+ exam often tests the distinction between boot-level failures (folder icon) and post-boot authentication issues (keychain), so candidates mistakenly choose a corrupted login keychain because they associate question marks with 'missing' items without understanding the boot sequence.

How to eliminate wrong answers

Option A is wrong because a failed Time Machine backup does not affect the startup process; it only impacts the ability to restore files from a backup. Option B is wrong because a firmware password prevents unauthorized booting from external drives or recovery mode but does not cause a folder-with-question-mark icon; that icon specifically indicates no bootable system is found. Option D is wrong because a corrupted login keychain prevents user authentication after macOS loads, not the initial boot process; the folder icon appears before any user login occurs.

94
MCQeasy

An employee finds a USB drive labeled 'Employee Salary Info Q4' in the parking lot. Out of curiosity, they plug it into their work computer to see the contents. What type of social engineering attack is this an example of?

A.Phishing
B.Tailgating
C.Baiting
D.Pretexting
AnswerC

Baiting exploits human curiosity or greed by offering something desirable. The USB drive with a tempting label is a classic baiting technique.

Why this answer

Option C is correct because baiting is a social engineering attack that exploits human curiosity or greed by offering something enticing, such as a USB drive labeled 'Employee Salary Info Q4.' When the employee plugs the USB into their work computer, they may inadvertently install malware (e.g., a keylogger or backdoor) that compromises the system. This attack relies on physical media as the delivery vector, distinguishing it from other social engineering methods.

Exam trap

CompTIA A+ often tests the distinction between baiting and phishing by emphasizing that baiting involves a physical lure (like a USB drive) while phishing is purely digital, causing candidates to confuse the two when the attack involves a digital payload.

How to eliminate wrong answers

Option A is wrong because phishing is a digital attack that uses deceptive emails, messages, or websites to trick users into revealing sensitive information, not physical USB drives. Option B is wrong because tailgating involves an unauthorized person physically following an authorized individual into a restricted area without proper authentication, not the use of a dropped USB drive. Option D is wrong because pretexting involves fabricating a scenario or identity (e.g., impersonating IT support) to obtain information, not leaving a physical device to exploit curiosity.

95
MCQhard

A technician is reviewing a PowerShell script that was used in a ransomware attack. The script contains a line that downloads and executes a payload from a remote server. The script uses a technique to bypass execution policy. Which scripting technique is most likely used to bypass the execution policy?

A.Using the 'Set-ExecutionPolicy' cmdlet to change the policy to Unrestricted
B.Using the '-ExecutionPolicy Bypass' parameter when launching PowerShell
C.Using the 'powershell.exe -Command' syntax with an encoded command
D.Signing the script with a self-signed certificate
AnswerB

Correct. This parameter overrides the execution policy for that session only, allowing the script to run without changing system settings. It is a common technique used by attackers.

Why this answer

The '-ExecutionPolicy Bypass' parameter when launching PowerShell tells the PowerShell engine to bypass the execution policy for that session only, allowing any script to run without restriction. This is a common technique used by attackers because it does not require administrative privileges or permanent policy changes, making it stealthy and effective for executing malicious payloads.

Exam trap

CompTIA often tests the distinction between permanently changing the execution policy (which requires admin rights and is detectable) versus using a session-level parameter to bypass it (which is stealthy and does not require admin rights), leading candidates to mistakenly choose the 'Set-ExecutionPolicy' option.

How to eliminate wrong answers

Option A is wrong because using the 'Set-ExecutionPolicy' cmdlet to change the policy to Unrestricted requires administrative privileges and leaves a persistent change that can be detected by security tools; it is not a stealthy bypass technique. Option C is wrong because using 'powershell.exe -Command' with an encoded command is a method to obfuscate the command or avoid character restrictions, but it does not bypass the execution policy—if the policy blocks script execution, the encoded command will still be blocked unless the policy is bypassed separately. Option D is wrong because signing the script with a self-signed certificate does not bypass execution policy; it only allows the script to run if the execution policy is set to AllSigned or RemoteSigned and the certificate is trusted, which is not a bypass technique and requires additional configuration.

96
MCQhard

A technician is troubleshooting a wireless network where users report intermittent connectivity and slow speeds. The network uses WPA2-Enterprise with EAP-TLS and certificate-based authentication. The technician notices that the RADIUS server logs show frequent certificate validation failures. What is the most likely root cause?

A.The access point's firmware is outdated, causing packet loss.
B.The RADIUS server's certificate has expired.
C.Client devices have expired or untrusted certificates.
D.The wireless channel is overlapping with neighboring networks.
AnswerC

Correct. Expired client certificates cause intermittent authentication failures, leading to disconnects and reconnects.

Why this answer

The RADIUS server logs show frequent certificate validation failures, which directly points to an issue with the certificates presented by the clients during EAP-TLS authentication. In WPA2-Enterprise with EAP-TLS, both the server and client must present valid certificates; if client certificates are expired or untrusted, the RADIUS server will reject the authentication, causing intermittent connectivity and slow speeds as clients fail to re-authenticate or roam.

Exam trap

Cisco often tests the distinction between server-side and client-side certificate issues; the trap here is that candidates may assume the RADIUS server's certificate is the problem (Option B) because it is the central authentication point, but the logs specifically show 'validation failures' which in EAP-TLS typically refer to the client certificate failing validation by the server.

How to eliminate wrong answers

Option A is wrong because outdated access point firmware could cause packet loss or performance issues, but it would not produce certificate validation failures in the RADIUS server logs; certificate errors are specific to the authentication process. Option B is wrong because if the RADIUS server's certificate had expired, clients would fail to validate the server, and the logs would show server certificate errors, not frequent client certificate validation failures; the question states the logs show certificate validation failures, which are client-side. Option D is wrong because overlapping wireless channels cause interference, leading to slow speeds and disconnections, but they do not generate certificate validation failures in RADIUS logs; those logs are authentication-specific.

97
MCQhard

A security incident occurred where an unauthorized user gained access to a workstation. The security team needs to review detailed logs of all user logon attempts, including successful and failed logins, for the past 48 hours. Which administrative tool and specific log should you access to provide this information?

A.Event Viewer > Windows Logs > System
B.Event Viewer > Windows Logs > Security
C.Event Viewer > Applications and Services Logs > Microsoft > Windows > TerminalServices-LocalSessionManager
D.Computer Management > System Tools > Shared Folders > Sessions
AnswerB

The Security log contains audit events such as logon/logoff, account management, and policy changes.

Why this answer

Event Viewer's Windows Logs > Security log records all security-related events, including logon attempts (success and failure). This is the standard location for auditing user activity. Other logs like System or Application do not focus on authentication events.

98
MCQeasy

A customer complains that their iOS device's screen orientation is stuck in portrait mode and will not rotate to landscape when they turn the phone sideways. What is the most likely cause and solution?

A.Enable Display Zoom in Settings
B.Toggle the Rotation Lock in Control Center
C.Restart the device
D.Adjust the text size in Accessibility
AnswerB

Rotation Lock is a common iOS feature that prevents the screen from rotating; disabling it resolves the issue.

Why this answer

The most likely cause is that the Rotation Lock is enabled, which prevents the iOS device from switching between portrait and landscape orientations. Toggling the Rotation Lock off in Control Center directly resolves this issue, as it is a common user-accessible setting that can be accidentally activated.

Exam trap

The CompTIA A+ exam often tests the distinction between a user-configurable setting (Rotation Lock) and a system-level troubleshooting step (restart), leading candidates to choose the more generic 'Restart the device' option instead of the specific, correct solution.

How to eliminate wrong answers

Option A is wrong because Display Zoom adjusts the overall screen resolution and icon size, not the orientation lock behavior. Option C is wrong because restarting the device is a generic troubleshooting step that does not address the specific setting causing the orientation lock; it would only be effective if the issue were a temporary software glitch, which is less likely than an enabled lock. Option D is wrong because adjusting text size in Accessibility changes font scaling, not the screen rotation functionality.

99
MCQeasy

During a software deployment, you need to configure a Windows 10 workstation to automatically start a legacy application every time a specific user logs on. Which tool should you use to add this startup entry for that user only?

A.Services.msc
B.Task Manager
C.Computer Management
D.Local Group Policy Editor
AnswerD

Local Group Policy Editor (gpedit.msc) can configure logon scripts for a specific user, which will run the legacy application at logon. This is the appropriate tool for adding a per-user startup entry.

Why this answer

Local Group Policy Editor (gpedit.msc) allows you to assign logon scripts for individual users under User Configuration > Windows Settings > Scripts (Logon/Logoff). This runs the specified application at user logon, meeting the requirement for a per-user startup entry without affecting other users. Task Manager's Startup tab only enables/disables existing entries, not add new ones.

Services.msc manages system-wide services. Computer Management is a container of tools but not directly for adding user-specific startup entries.

Exam trap

CompTIA often tests the distinction between per-user startup (Task Manager) and system-wide startup (Services.msc or Group Policy), and the trap here is that candidates confuse the 'Startup' tab in Task Manager with the 'Startup' folder in the Start menu, or assume that Computer Management's 'Services' node can manage user-specific applications.

How to eliminate wrong answers

Option A is wrong because Services.msc manages Windows services that run in the background under the SYSTEM account or a specified service account, not per-user interactive startup applications. Option C is wrong because Computer Management is a consolidated console for system tools (e.g., Disk Management, Event Viewer, Local Users and Groups) but does not include a per-user startup entry editor; it lacks the granularity to add a startup program for a single user. Option D is wrong because the Local Group Policy Editor (gpedit.msc) can configure startup scripts via Computer Configuration or User Configuration, but those are processed during Group Policy refresh and are intended for domain-managed or local policy-based script execution, not for simply adding a legacy application to the user's Run registry key or Startup folder; it is overkill and not the direct tool for this task.

100
MCQmedium

A customer reports that their Windows 10 desktop shows a black screen with a movable cursor after logging in. They can press Ctrl+Alt+Del and open Task Manager. Which process should be restarted from Task Manager to restore the desktop and taskbar?

A.Restart the 'Windows Explorer' process in Task Manager.
B.End the 'svchost.exe' process group.
C.Start the 'winlogon.exe' process.
D.Run 'msconfig' from the Run dialog to enable normal startup.
AnswerA

Windows Explorer (explorer.exe) manages the desktop and taskbar; restarting it resolves the black screen issue.

Why this answer

The black screen with a movable cursor after login, combined with the ability to open Task Manager via Ctrl+Alt+Del, indicates that the Windows shell (explorer.exe) has crashed or is not running. Restarting the 'Windows Explorer' process from Task Manager (File > Run new task > 'explorer.exe') reloads the desktop, taskbar, and File Explorer, restoring the graphical user interface. This is the standard recovery step for a missing shell in Windows 10.

Exam trap

The trap here is that candidates confuse the 'Windows Explorer' process with Internet Explorer or assume that 'svchost.exe' is the correct service host to restart, when in fact the shell process (explorer.exe) is the specific component responsible for the desktop and taskbar.

How to eliminate wrong answers

Option B is wrong because ending the 'svchost.exe' process group would terminate critical Windows services (e.g., RPC, DHCP, DNS), potentially causing system instability or a blue screen, not restoring the desktop. Option C is wrong because 'winlogon.exe' is a system process that handles interactive logon and cannot be started manually from Task Manager; it is already running if the user can log in, and restarting it would force a logoff. Option D is wrong because 'msconfig' is a system configuration utility used to change boot options or startup mode, not a tool to restart a crashed shell process; running it from the Run dialog would not fix the immediate black screen issue.

101
MCQmedium

A technician receives a ticket from a user who says their email is not working. The technician remotely connects and sees that the user's Outlook profile is corrupt. The user is in the middle of an important project. What is the best way to communicate the necessary steps?

A.Explain that the Outlook profile is corrupt and needs to be rebuilt, which may cause a brief interruption.
B.Tell the user that you will fix it and they should not worry about the details.
C.Use technical terms like 'PST file corruption' and 'registry repair' to sound knowledgeable.
D.Rebuild the profile without informing the user to avoid worrying them.
AnswerA

This is honest, clear, and sets proper expectations without using jargon that might confuse the user.

Why this answer

Option A is correct because it balances transparency with professionalism: the technician clearly explains the issue (corrupt Outlook profile) and the necessary action (rebuild), while proactively managing expectations about a brief interruption. This approach respects the user's need to stay informed during an important project, aligning with ITIL best practices for incident management and user communication.

Exam trap

CompTIA often tests the distinction between technical accuracy and professional communication, trapping candidates who think using technical jargon or acting without consent demonstrates expertise, when in fact the exam emphasizes clear, respectful, and transparent user interaction.

How to eliminate wrong answers

Option B is wrong because it dismisses the user's need for situational awareness; withholding details can erode trust and leave the user unprepared for the interruption. Option C is wrong because using jargon like 'PST file corruption' and 'registry repair' without explanation confuses the user and violates the principle of communicating at the user's technical level. Option D is wrong because rebuilding the profile without informing the user is unethical and unprofessional; it denies the user the opportunity to save work or prepare for downtime, potentially causing data loss or workflow disruption.

102
MCQmedium

A new employee receives an email that appears to be from the company's HR department, asking them to click a link to verify their direct deposit information for payroll. The email contains the company logo and looks professional. What is the most likely social engineering attack?

A.Whaling
B.Phishing
C.Vishing
D.Shoulder surfing
AnswerB

Phishing is a broad category of attacks that use deceptive emails to trick recipients into revealing sensitive information or clicking malicious links. This scenario is a classic phishing attempt.

Why this answer

Phishing is the correct answer because the attack uses a deceptive email that impersonates a legitimate entity (HR department) to trick the recipient into clicking a malicious link. This is a classic example of a broad, untargeted social engineering attack delivered via email, which is the defining characteristic of phishing.

Exam trap

The trap is that candidates may confuse phishing with whaling because both use email, but the key differentiator is the target: phishing is broad and untargeted, while whaling specifically targets high-level executives or individuals with privileged access. For example, an email targeting a CEO about a wire transfer is whaling, while an email targeting many employees about updating HR info is phishing.

How to eliminate wrong answers

Option A is wrong because whaling is a highly targeted form of phishing aimed at senior executives or high-value individuals, not a general employee receiving a mass-distributed email. Option C is wrong because vishing (voice phishing) is conducted over the phone using voice calls or VoIP, not through email. Option D is wrong because shoulder surfing involves directly observing someone's screen or keyboard to steal information, such as passwords, without any electronic communication.

103
MCQeasy

A small business is retiring 20 old desktop PCs that contain sensitive customer data. The IT manager wants to ensure the data is unrecoverable before donating the computers to a local school. Which method should be used?

A.Perform a standard format of each hard drive.
B.Use a degausser on each hard drive.
C.Delete all files and empty the Recycle Bin.
D.Run a quick disk cleanup utility.
AnswerB

Degaussing uses a powerful magnetic field to scramble the magnetic domains on the platters, rendering data permanently unrecoverable.

Why this answer

A degausser generates a strong magnetic field that disrupts the magnetic domains on a hard drive's platters, rendering all stored data permanently unrecoverable. This is the only method listed that meets the requirement for complete data destruction before donating the computers, as it physically alters the storage medium.

Exam trap

CompTIA often tests the misconception that a standard format or file deletion permanently removes data, when in fact these methods only alter file system pointers and leave the raw data recoverable with simple software tools.

How to eliminate wrong answers

Option A is wrong because a standard format only rewrites the file system metadata and does not overwrite the actual data sectors, leaving data recoverable with forensic tools. Option C is wrong because deleting files and emptying the Recycle Bin only removes file pointers, not the underlying data, which remains intact on the disk until overwritten. Option D is wrong because a quick disk cleanup utility only removes temporary files and cached data, not sensitive customer data, and does not perform any secure erasure.

104
MCQmedium

A customer reports that their Windows 11 PC is experiencing intermittent application crashes and you suspect file corruption. You need to run a system file check without using the full Windows interface. Which administrative tool can you launch from the Run dialog to open a command prompt with the necessary permissions?

A.Type 'cmd' in the Run dialog and press Enter
B.Type 'powershell' in the Run dialog and press Enter
C.Type 'cmd' in the Run dialog and press Ctrl+Shift+Enter
D.Type 'msconfig' in the Run dialog and press Enter
AnswerC

This launches an elevated command prompt with administrator privileges, required for SFC to repair system files.

Why this answer

Option C is correct because pressing Ctrl+Shift+Enter while typing 'cmd' in the Run dialog launches Command Prompt with administrator privileges, which is required to run the System File Checker (sfc /scannow) to repair file corruption. This bypasses the full Windows interface and provides the necessary elevated permissions.

Exam trap

Cisco often tests the distinction between launching a tool with standard permissions versus elevated permissions, and the trap here is that candidates assume typing 'cmd' alone is sufficient, forgetting that administrative tasks like sfc require the Ctrl+Shift+Enter shortcut to run as administrator.

How to eliminate wrong answers

Option A is wrong because typing 'cmd' and pressing Enter opens Command Prompt with standard user permissions, which lacks the administrative rights needed to run sfc /scannow. Option B is wrong because typing 'powershell' and pressing Enter opens PowerShell with standard user permissions, not elevated, and the question specifically asks for a command prompt, not PowerShell. Option D is wrong because 'msconfig' opens the System Configuration utility, which is a graphical tool for boot settings and services, not a command-line interface for running system file checks.

105
MCQmedium

A customer calls saying that after installing a new printer, their Windows 10 computer now takes much longer to shut down. They have uninstalled the printer software, but the slow shutdown persists. Which tool should you use to identify the cause of the shutdown delay?

A.Task Manager
B.Performance Monitor
C.Event Viewer
D.Disk Cleanup
AnswerC

Event Viewer records system, application, and security logs. During a slow shutdown, the System log often contains warnings or errors from services or drivers that are delaying the process, allowing you to identify the culprit.

Why this answer

Slow shutdowns are often caused by services or drivers that fail to terminate properly. The Event Viewer logs system events, including errors and warnings during shutdown, which can pinpoint the offending component. This is more effective than generic performance monitoring or disk cleanup for this specific issue.

106
MCQeasy

A client brings in a laptop that was used by an employee who left the company. The manager wants to ensure all data is unrecoverable before recycling the laptop. The laptop has a traditional HDD. Which method should be used?

A.Perform a quick format of the drive.
B.Use a degausser to demagnetize the drive.
C.Run a full overwrite using disk-wiping software.
D.Physically shred the drive with a hard drive shredder.
AnswerC

A full overwrite with zeros or random data ensures data is unrecoverable while allowing the drive to be reused.

Why this answer

Option C is correct because disk-wiping software performs a full overwrite of every sector on the HDD with patterns (e.g., zeros, random data), making the original data unrecoverable even with advanced forensic tools. This method is specifically designed for secure data destruction on functional drives, ensuring compliance with data sanitization standards like NIST SP 800-88.

Exam trap

The A+ exam often tests the misconception that a degausser is the best option for data destruction on HDDs, but candidates forget that degaussing destroys the drive's functionality and is not a secure sanitization method for reuse, whereas disk-wiping software allows the drive to be repurposed while ensuring data is unrecoverable.

How to eliminate wrong answers

Option A is wrong because a quick format only clears the file system metadata (e.g., MFT or FAT) and marks sectors as available, leaving the actual data intact and easily recoverable with tools like Recuva or TestDisk. Option B is wrong because a degausser destroys the magnetic field of the platters, rendering the drive unusable, but it does not guarantee data unrecoverability on modern high-coercivity HDDs and may leave residual data that can be recovered with specialized equipment. Option D is wrong because physically shredding the drive destroys the hardware, making data recovery impossible, but it is an overkill for a functional laptop that the manager may want to reuse or donate; the question asks for a method to ensure data is unrecoverable before recycling, and shredding is a disposal method, not a data sanitization method for reuse.

107
MCQhard

A small business wants to secure its network switch located in a shared office area. The switch has no built-in lock. Which combination of physical controls provides the best protection against unauthorized tampering?

A.Place the switch in a lockable cabinet and enable MAC address filtering.
B.Use a cable lock to secure the switch to the desk.
C.Install a privacy filter on the switch's LED display.
D.Apply tamper-evident tape over the switch's vents.
AnswerA

The cabinet prevents physical access, and MAC filtering restricts which devices can connect logically.

Why this answer

A lockable cabinet prevents physical access to the switch, and port security prevents unauthorized devices from connecting to the network. This question tests layered physical and logical security for network infrastructure.

108
MCQeasy

A small business is deploying a new time-tracking application to five workstations. The technician needs to ensure the installation is standardized and repeatable. Which documentation should the technician create before starting the deployment?

A.A list of user passwords for the application.
B.A detailed network topology diagram.
C.A step-by-step installation guide with screenshots.
D.A copy of the software license agreement.
AnswerC

A step-by-step guide ensures each workstation is configured identically and serves as a reference for future deployments.

Why this answer

This question focuses on the importance of creating a deployment plan or runbook before performing installations. Standardized documentation ensures consistency and reduces errors across multiple machines.

109
MCQmedium

A technician is helping a remote user configure a VPN connection. The user is not very technical and is getting frustrated. The technician uses jargon like 'authentication protocol' and 'tunnel endpoint'. Which of the following is the BEST way to improve communication?

A.Continue using technical terms to educate the user.
B.Ask the user to share their screen so the technician can do it remotely.
C.Use simple analogies like 'a secure tunnel for your data' and guide them step by step.
D.Send the user a written guide and end the call.
AnswerC

This makes the concept accessible and reduces frustration.

Why this answer

Option C is correct because it replaces confusing jargon with a simple analogy ('secure tunnel') and provides step-by-step guidance, which directly addresses the user's frustration and lack of technical knowledge. This approach aligns with the CompTIA A+ objective of adapting communication style to the audience, ensuring the user understands the VPN concept without needing to know terms like 'authentication protocol' or 'tunnel endpoint'.

Exam trap

CompTIA often tests the trap that candidates think educating the user with technical terms (Option A) is helpful, but the correct approach is to simplify language and use analogies to match the user's skill level, as per CompTIA's emphasis on customer service and effective communication.

How to eliminate wrong answers

Option A is wrong because continuing to use technical terms like 'authentication protocol' and 'tunnel endpoint' will likely increase the user's frustration and confusion, as they are not technical and need simplified explanations, not education on jargon. Option B is wrong because asking the user to share their screen assumes they can navigate the sharing process, which may be as confusing as the VPN setup itself; it also shifts the burden to the user without improving their understanding. Option D is wrong because sending a written guide and ending the call abandons the user, leaving them to struggle alone with technical documentation, which contradicts the goal of providing effective remote support.

110
MCQmedium

A security incident occurs where an unauthorized PowerShell script was executed on a server, exfiltrating data. The IT manager wants to prevent any unsigned PowerShell scripts from running on all domain computers. Which scripting security measure should be implemented?

A.Set the execution policy to Restricted
B.Set the execution policy to AllSigned
C.Set the execution policy to RemoteSigned
D.Disable PowerShell using Group Policy
AnswerB

Correct. AllSigned requires all scripts to be digitally signed by a trusted publisher. This blocks unsigned scripts while allowing signed, trusted scripts to run.

Why this answer

Option B is correct because setting the execution policy to AllSigned requires that all PowerShell scripts, including those written locally, be digitally signed by a trusted publisher before they can run. This directly addresses the requirement to prevent any unsigned PowerShell scripts from executing on domain computers, as it blocks both remote and local unsigned scripts.

Exam trap

The trap here is that candidates often confuse RemoteSigned with AllSigned, assuming that blocking internet-sourced scripts is sufficient, but they overlook that locally created unsigned scripts (e.g., written by an attacker after gaining access) remain a threat.

How to eliminate wrong answers

Option A is wrong because setting the execution policy to Restricted prevents all PowerShell scripts from running, which is overly restrictive and would block legitimate administrative scripts, not just unsigned ones. Option C is wrong because RemoteSigned only requires scripts downloaded from the internet to be signed; locally created scripts can run unsigned, leaving a gap for attackers to execute locally crafted malicious scripts. Option D is wrong because disabling PowerShell entirely via Group Policy is a heavy-handed approach that breaks legitimate administrative tasks and automation, whereas the requirement is specifically to control script execution, not remove the tool.

111
MCQmedium

A user's Windows 10 PC is infected with ransomware that has encrypted their Documents folder. You need to restore the files from a previous version that was saved by File History. Where do you access the 'Previous Versions' feature to restore these files?

A.File Explorer > Properties > Previous Versions tab
B.Control Panel > File History > Restore personal files
C.Settings > Update & Security > Backup
D.Computer Management > Storage > Disk Management
AnswerA

This is the correct location to view and restore previous versions of files or folders saved by File History or shadow copies.

Why this answer

The 'Previous Versions' tab is accessible via File Explorer by right-clicking a file or folder, selecting Properties, and then clicking the Previous Versions tab. This tab lists shadow copies or File History backups of the selected item, allowing you to restore an earlier version. In this scenario, since File History was enabled, the previous versions of the Documents folder will appear here for restoration.

Exam trap

The trap here is that candidates confuse the File History restore interface (accessed via Control Panel) with the 'Previous Versions' tab in File Explorer, but the question explicitly asks for the location of the 'Previous Versions' feature, which is found in the file or folder's Properties dialog.

How to eliminate wrong answers

Option B is wrong because Control Panel > File History > Restore personal files opens the File History restore interface, which is used to browse and restore files from File History backups, but it does not directly access the 'Previous Versions' tab; the question specifically asks where to access the 'Previous Versions' feature, not the File History restore wizard. Option C is wrong because Settings > Update & Security > Backup is the modern UI for configuring backup settings, including File History, but it does not provide a direct 'Previous Versions' tab for restoring individual files; it only offers options to add a drive or more options. Option D is wrong because Computer Management > Storage > Disk Management is used for managing disk partitions, volumes, and drives, and has no relation to file versioning or restoration from File History.

112
MCQmedium

A technician is decommissioning a server that contained encrypted patient health records. The organization's policy requires data to be destroyed beyond recovery, but the server must be returned to the leasing company. Which method should the technician use?

A.Perform a full format of all drives.
B.Use a degausser on the entire server chassis.
C.Remove the hard drives and physically shred them, then return the server without drives.
D.Run a disk cleanup and delete all files.
AnswerC

Physical destruction of the drives ensures data is unrecoverable, and returning the server without drives complies with the leasing agreement.

Why this answer

Option C is correct because physically shredding the hard drives ensures the encrypted patient health records are destroyed beyond any possible recovery, which satisfies the organization's policy. Returning the server without drives complies with the leasing company's requirement to return the server chassis, as the drives are typically owned by the organization or can be removed per lease terms. This method is the only one that guarantees data destruction at the physical media level, bypassing any residual data on the encrypted drives.

Exam trap

The trap here is that candidates may choose degaussing (Option B) because it effectively destroys magnetic data, but they overlook the requirement to return the server to the leasing company, which degaussing would render inoperable by damaging non-storage electronics.

How to eliminate wrong answers

Option A is wrong because a full format of all drives only overwrites file system metadata and may not securely erase all sectors, especially on SSDs where wear-leveling can leave residual data; encrypted data could still be recoverable with forensic tools. Option B is wrong because using a degausser on the entire server chassis would destroy the magnetic media on HDDs but would also damage or destroy other electronic components (e.g., motherboard, RAM, power supply), making the server non-functional and violating the lease return requirement. Option D is wrong because disk cleanup and deleting files only removes file system pointers, leaving the actual data intact on the storage media, which can be easily recovered with undelete utilities or forensic software.

113
MCQmedium

After deploying a new Windows 11 workstation, a user complains that their screens turn off after 3 minutes of inactivity, even though they are reading documents. They want the display to stay on for at least 15 minutes. Which Settings page should you navigate to in order to change this power setting?

A.Settings > Personalization > Lock screen
B.Control Panel > Power Options > Edit Plan Settings
C.Settings > System > Power & battery > Screen and sleep
D.Settings > Accessibility > Display
AnswerC

This is the exact location in Windows 11 Settings to adjust the 'Screen and sleep' timeouts for both plugged in and on battery.

Why this answer

Option C is correct because the modern Windows 11 Settings app consolidates power management under System > Power & battery, where the 'Screen and sleep' section allows you to adjust the 'On battery power, turn off my screen after' and 'When plugged in, turn off my screen after' drop-downs. This directly addresses the user's complaint about the display turning off after 3 minutes of inactivity, enabling a change to 15 minutes.

Exam trap

CompTIA A+ often tests the distinction between the modern Windows 11 Settings app and the legacy Control Panel, trapping candidates who default to the familiar Control Panel path (Option B) instead of recognizing that the question explicitly asks for the 'Settings page' in Windows 11.

How to eliminate wrong answers

Option A is wrong because the Lock screen settings page controls the lock screen timeout and screen saver behavior, not the power-saving display-off timeout; it does not provide the granular 'Screen and sleep' power plan settings. Option B is wrong because while Control Panel > Power Options > Edit Plan Settings does allow changing the 'Turn off the display' timeout, the question specifies 'Which Settings page' (referring to the modern Windows 11 Settings app), and the Control Panel is a legacy interface; the exam expects the modern Settings path for Windows 11. Option D is wrong because Accessibility > Display manages visual accessibility features like text size, color filters, and contrast themes, not power-related screen-off timers.

114
MCQhard

A technician is helping a user who accidentally installed a potentially unwanted program (PUP) that changed their browser homepage and search engine. The user is embarrassed and asks the technician not to tell their manager. What is the most ethical response?

A.Agree not to tell the manager and remove the PUP quietly.
B.Explain that you will remove the PUP but must document the incident per company policy, though you will not share unnecessary details.
C.Tell the user that this is a serious security breach and you have to report it immediately.
D.Ignore the request and report the user to HR for violating IT policy.
AnswerB

This balances empathy with professional responsibility; documentation is often required for security incidents.

Why this answer

Option B is correct because it balances the user's privacy concern with the technician's professional obligation to follow company policy. Documenting the incident (e.g., in a help desk ticket) is standard procedure for tracking PUP infections, which may indicate broader security issues like drive-by downloads or social engineering. The technician can remove the PUP using tools like Malwarebytes or AdwCleaner while omitting the user's name from unnecessary reports, preserving trust without violating policy.

Exam trap

CompTIA often tests the distinction between a 'security incident' (e.g., malware with C2 traffic) and a 'policy violation' (e.g., PUP installation), tempting candidates to overreact with option C or underreact with option A.

How to eliminate wrong answers

Option A is wrong because agreeing to hide the incident violates most corporate IT security policies, which require documentation of any unauthorized software changes to maintain an audit trail and prevent future breaches. Option C is wrong because a PUP changing browser settings is not a 'serious security breach' (e.g., no data exfiltration or privilege escalation); over-reporting it could cause unnecessary panic and damage the user-manager relationship. Option D is wrong because ignoring the user's request and immediately reporting to HR bypasses the proper escalation path (IT should handle the technical fix and documentation first) and is disproportionate for a non-malicious PUP installation.

115
MCQmedium

A user complains that their Mac running macOS Big Sur suddenly shows a message 'Your system has run out of application memory' and applications crash frequently. Activity Monitor shows high memory pressure. What is the most effective built-in tool to diagnose the cause?

A.Console
B.Disk Utility
C.Activity Monitor
D.System Information
AnswerC

Activity Monitor's Memory tab shows memory pressure, usage per app, and can help identify the culprit.

Why this answer

Activity Monitor is the correct tool because it provides real-time metrics on memory pressure, including the 'Memory Pressure' graph, which indicates whether the system is efficiently using memory or thrashing. High memory pressure, combined with the 'Your system has run out of application memory' alert, points to excessive memory usage or a memory leak, which Activity Monitor can pinpoint by sorting processes by memory consumption.

Exam trap

CompTIA often tests whether candidates confuse 'Console' (log viewer) with 'Activity Monitor' (performance monitor), assuming that error messages logged in Console would be the primary diagnostic tool for a memory issue.

How to eliminate wrong answers

Option A is wrong because Console is used for viewing system logs and diagnostic messages, not for real-time memory pressure analysis or identifying which processes are consuming excessive memory. Option B is wrong because Disk Utility is designed for managing and repairing storage volumes, not for diagnosing memory or application memory issues. Option D is wrong because System Information provides a static overview of hardware and software configuration, but lacks the dynamic, process-level memory usage data needed to diagnose a memory pressure problem.

116
MCQeasy

A user reports that their browser frequently redirects to a different search engine, and a new toolbar has appeared. After checking the browser settings, you find the homepage has been changed and there are unknown extensions enabled. What is the most likely cause of this issue?

A.A corrupted browser cache
B.A browser hijacker installed via a malicious extension
C.An outdated browser version
D.A misconfigured proxy server
AnswerB

Browser hijackers often install as extensions and modify settings like homepage and search engine.

Why this answer

This scenario describes classic symptoms of a browser hijacker, a type of malware that modifies browser settings without user consent. The correct answer is to remove the malicious extensions and reset the browser settings. This reinforces the importance of managing browser extensions and understanding common malware behaviors.

117
MCQmedium

A company is implementing a remote access solution for employees using personal smartphones. They need to ensure that corporate email and documents are accessible but that no corporate data remains on the device if it is lost or wiped. Which technology should they use?

A.Virtual Private Network (VPN) with split tunneling.
B.Remote Desktop Protocol (RDP) to a virtual desktop.
C.Mobile Device Management (MDM) with a containerized work profile.
D.Third-party remote access software like LogMeIn.
AnswerC

MDM enables IT to manage corporate data separately, enforce policies, and perform selective wipes, ensuring no corporate data remains on a lost device.

Why this answer

Mobile Device Management (MDM) with a containerized work profile creates a separate, encrypted sandbox on the smartphone that stores corporate email and documents. This container can be remotely wiped by the administrator without affecting the user's personal data, ensuring no corporate data remains on a lost or wiped device.

Exam trap

CompTIA often tests the distinction between remote access technologies that only provide connectivity (VPN, RDP) versus those that enforce data separation and selective wipe (MDM containerization), leading candidates to mistakenly choose VPN or RDP for data protection requirements.

How to eliminate wrong answers

Option A is wrong because a VPN with split tunneling only encrypts traffic to the corporate network but does not prevent corporate data from being stored locally on the device; it offers no containerization or selective wipe capability. Option B is wrong because RDP to a virtual desktop streams the desktop interface but still allows data to be downloaded or copied to the local device unless strict clipboard and drive redirection policies are enforced, and it does not inherently provide a containerized work profile for mobile devices. Option D is wrong because third-party remote access software like LogMeIn provides remote control of a PC but does not isolate corporate data in a sandbox on the smartphone; data can be transferred to the device and remains there after the session ends.

118
MCQhard

A security incident occurred where an unauthorized user accessed a workstation. You need to review the event logs to determine when the breach happened. Which Control Panel applet would you use to launch the Event Viewer?

A.System
B.Security and Maintenance
C.Administrative Tools
D.Device Manager
AnswerC

Administrative Tools includes Event Viewer, Performance Monitor, and other system tools.

Why this answer

Administrative Tools is the Control Panel applet that provides access to advanced system tools, including Event Viewer. To investigate a security breach, you would open Administrative Tools and then launch Event Viewer to review security logs for unauthorized access events. This is the correct path because Event Viewer is not directly listed in the main Control Panel categories; it is nested within Administrative Tools.

Exam trap

CompTIA often tests the distinction between the Security and Maintenance applet (which shows security status but not logs) and Administrative Tools (which contains Event Viewer), leading candidates to mistakenly choose Security and Maintenance because of the word 'Security' in the name.

How to eliminate wrong answers

Option A is wrong because System applet displays basic system information, hardware properties, and performance settings, but does not include a direct link to Event Viewer. Option B is wrong because Security and Maintenance provides system health reports and security status summaries, but it does not host Event Viewer; it may link to troubleshooting tools but not the event log viewer itself. Option D is wrong because Device Manager is used to manage hardware devices and drivers, not to review system or security event logs.

119
MCQmedium

A customer calls the help desk stating that their computer displays 'Bootmgr is missing' and will not start Windows. You suspect the Boot Configuration Data (BCD) is corrupted. Which command-line tool should you use from the Windows Recovery Environment to repair the BCD?

A.chkdsk /r
B.bootrec /rebuildbcd
C.sfc /scannow
D.diskpart
AnswerB

Rebuilds the BCD store, fixing the 'Bootmgr is missing' error.

Why this answer

The correct answer is `bootrec /rebuildbcd`, which scans for Windows installations and rebuilds the BCD store. This is a standard repair for boot manager issues. Other commands are for disk checking, system file repair, or partition management.

120
MCQeasy

A user reports that their workstation is running slowly and they see a pop-up claiming their files are encrypted and a ransom must be paid. They cannot open any documents. What type of malware is most likely responsible?

A.Spyware
B.Ransomware
C.Trojan horse
D.Rootkit
AnswerB

Ransomware encrypts files and displays a ransom demand, which perfectly matches the symptoms described.

Why this answer

Ransomware encrypts files and demands payment for decryption. This scenario describes classic ransomware behavior, where the user is locked out of their data and a ransom note is displayed.

121
MCQmedium

A company is deploying new laptops to remote workers. They need to ensure that if a laptop is stolen, the data on it cannot be accessed. Which two physical security controls should be configured before shipment?

A.Cable lock and privacy filter.
B.Full-disk encryption and a BIOS/UEFI password.
C.Smart card reader and biometric scanner.
D.Asset tracking tag and a Kensington lock slot.
AnswerB

Encryption secures data, and a BIOS password prevents booting from unauthorized media or changing settings.

Why this answer

Full-disk encryption protects data at rest, and a BIOS/UEFI password prevents unauthorized booting or tampering with boot settings. This question tests the combination of controls needed for remote device security.

122
MCQhard

A technician is troubleshooting an Android device that has a corporate email account configured. The user can send emails but cannot receive any. The email server uses IMAP. The technician has verified the username and password are correct. What should the technician check next?

A.Check if the device's date and time are correct.
B.Check the incoming mail server settings (IMAP).
C.Check if the email account has exceeded its storage quota.
D.Check if the device is in power-saving mode.
AnswerB

Since sending works (SMTP), the issue is likely with the incoming server settings, such as a wrong hostname or port.

Why this answer

Since the user can send emails but not receive them, the issue is isolated to the incoming mail path. IMAP uses port 143 (or 993 for SSL/TLS) to retrieve messages, and the incoming server settings (server address, port, security type) must match the corporate email configuration. Incorrect IMAP settings would prevent the device from connecting to the server to download new emails, while SMTP (outgoing) settings remain unaffected, explaining the send-only symptom.

Exam trap

CompTIA often tests the distinction between incoming and outgoing mail protocols (IMAP vs. SMTP) to see if candidates understand that a send-only failure points to the incoming server settings, not authentication or device-level issues.

How to eliminate wrong answers

Option A is wrong because incorrect date and time typically cause SSL/TLS certificate validation failures, which would affect both sending and receiving if the device cannot establish a secure connection; it would not selectively block only incoming mail. Option C is wrong because exceeding the storage quota would prevent the server from accepting new incoming messages, but the client would still be able to connect and see the mailbox (possibly with an error), and the user would also likely be unable to send if the quota is full on the server side. Option D is wrong because power-saving mode may delay background sync or reduce network activity, but it would not permanently prevent receiving emails; the user could still manually refresh or receive emails when the device exits power-saving mode, and sending would also be affected if network access is restricted.

123
MCQmedium

A technician is troubleshooting a batch script that is supposed to delete temporary files older than 30 days. The script runs without errors but does not delete any files. The technician suspects the script's logic is flawed. Which part of the script is most likely incorrect?

A.The script uses the 'del' command without a path
B.The script uses 'forfiles' with the wrong date syntax
C.The script runs as a standard user without admin rights
D.The script uses 'echo' instead of 'del'
AnswerB

Correct. Forfiles uses the '/d' parameter with a date string like '-30' for days. If the syntax is wrong (e.g., using '30' instead of '-30'), it will not match any files.

Why this answer

The 'forfiles' command in Windows uses a specific date syntax with the `/d` parameter. The correct syntax for files older than 30 days is `forfiles /d -30` (negative number means older than). If the script uses a positive number or an incorrect date format like `+30` or `30 days ago`, it will not match any files, resulting in no deletions.

This is the most likely flaw given the symptom of no errors but no action.

Exam trap

CompTIA A+ often tests the subtle difference between positive and negative date offsets in the 'forfiles' command, knowing that candidates may assume a positive number means 'older than' based on experience with other tools like Linux 'find'.

How to eliminate wrong answers

Option A is wrong because the 'del' command without a path would default to the current directory, which could still delete files if the script is in the correct folder; the issue is not about missing a path but about the selection logic. Option C is wrong because deleting temporary files in user-writable locations (like %TEMP%) does not require admin rights; standard users can delete their own temp files. Option D is wrong because if the script used 'echo' instead of 'del', it would output the file names but not delete them, which would be noticeable to the technician; the symptom states the script runs without errors but does not delete files, implying the deletion command is present but not targeting the correct files.

124
MCQeasy

A small business wants to ensure that only authorized personnel can access the server room. The budget is limited, and they need a simple, cost-effective solution. Which logical security control should they implement first?

A.Install a biometric fingerprint scanner on the door.
B.Require a smart card or key fob to unlock the door.
C.Implement a strong password policy for all user accounts.
D.Hire a security guard to check IDs at the entrance.
AnswerB

Smart cards or key fobs are relatively inexpensive, easy to manage, and provide a logical access control mechanism that can be quickly revoked if lost.

Why this answer

A smart card or key fob provides a simple, cost-effective logical access control for the server room door. It authenticates users via a physical token and a PIN or proximity reader, which is far cheaper than biometric systems and more reliable than a password policy that doesn't control physical entry. This directly restricts physical access to authorized personnel without ongoing costs like a security guard.

Exam trap

CompTIA often tests the distinction between logical and physical security controls, and the trap here is that candidates confuse a strong password policy (a logical control for user accounts) with a physical access control mechanism for a server room door.

How to eliminate wrong answers

Option A is wrong because biometric fingerprint scanners are significantly more expensive to purchase, install, and maintain, and they often require ongoing calibration and user enrollment, making them unsuitable for a limited budget. Option C is wrong because a strong password policy controls logical access to user accounts and network resources, not physical entry to a server room; it does not prevent an unauthorized person from walking through the door. Option D is wrong because hiring a security guard is a recurring, high-cost solution that exceeds the limited budget and is not a logical security control—it is a physical security measure.

125
MCQmedium

You are configuring a new Windows 10 workstation for a remote employee who will connect to the corporate VPN. The user should not be able to install software or change system settings. Which tool should you use to enforce these restrictions?

A.User Account Control (UAC) settings
B.Local Group Policy Editor
C.Device Manager
D.Registry Editor
AnswerB

Local Group Policy Editor can enforce software installation restrictions and control panel access for specific users or groups.

Why this answer

Local Group Policy Editor (gpedit.msc) allows you to configure security and restriction policies on a standalone computer. You can disable the ability to install software by setting the 'Disable Windows Installer' policy and restrict access to Control Panel settings. This is the appropriate tool for a non-domain joined machine.

126
MCQhard

A technician is configuring a kiosk mode on a company-owned Android tablet for customer use. After enabling the dedicated device management app, the tablet still allows users to exit the kiosk app by pressing the home button. Which setting did the technician MOST likely overlook?

A.The tablet's screen timeout setting.
B.The 'Lock task mode' or 'Pin app' feature.
C.The tablet's Wi-Fi configuration.
D.The device's date and time settings.
AnswerB

Lock task mode (or app pinning) prevents users from leaving the designated app, which is essential for kiosk mode.

Why this answer

The technician enabled the dedicated device management app but did not activate Android's 'Lock task mode' (or 'Pin app' feature). This mode is required to pin the kiosk app to the foreground and block system navigation keys (Home, Recent Apps), preventing users from exiting the app. Without it, the Home button remains functional, allowing escape from the kiosk environment.

Exam trap

CompTIA often tests the distinction between enabling a dedicated device management app and actually locking the device into kiosk mode, leading candidates to overlook the mandatory 'Lock task mode' or 'Pin app' configuration step.

How to eliminate wrong answers

Option A is wrong because screen timeout settings control display sleep duration, not the ability to exit a kiosk app via the Home button. Option C is wrong because Wi-Fi configuration affects network connectivity, not the enforcement of app pinning or navigation blocking. Option D is wrong because date and time settings are unrelated to kiosk mode behavior; they do not prevent the Home button from exiting the app.

127
MCQhard

A company policy requires that all web traffic from employee computers be filtered to block known malicious sites. You need to implement this without installing client software on each machine. Which approach should you use?

A.Configure each browser's proxy settings to use a filtering proxy server.
B.Enable Windows Defender SmartScreen on each computer via Group Policy.
C.Implement a DNS-based content filtering service on the network's DNS server.
D.Install a third-party browser extension on all browsers to block malicious sites.
AnswerC

DNS filtering blocks requests to malicious domains at the network level, affecting all devices without client software.

Why this answer

Option C is correct because DNS-based content filtering operates at the network level, blocking resolution of domains known to host malicious content. This approach requires no client software, as all DNS queries from employee computers are intercepted and filtered by the network's DNS server, enforcing the policy transparently.

Exam trap

Cisco often tests the distinction between client-side and network-level security controls, and the trap here is assuming that proxy settings or browser extensions are acceptable when the question explicitly prohibits installing client software.

How to eliminate wrong answers

Option A is wrong because configuring each browser's proxy settings manually is not a scalable, clientless solution; it requires per-machine configuration and can be bypassed if users change proxy settings. Option B is wrong because Windows Defender SmartScreen is a client-side feature that must be enabled via Group Policy, which still relies on the Windows operating system on each machine and does not meet the 'without installing client software' requirement. Option D is wrong because installing a third-party browser extension requires client-side installation on each browser, violating the no-client-software constraint.

128
MCQmedium

A technician is configuring a VPN for a remote user. The user's home router uses NAT, and the technician wants to ensure the VPN traffic is encapsulated and encrypted. Which VPN protocol should the technician choose for the best balance of security and compatibility?

A.PPTP
B.L2TP/IPsec
C.OpenVPN
D.SSTP
AnswerC

OpenVPN is highly configurable, works through NAT, and offers strong encryption, making it a reliable choice.

Why this answer

OpenVPN is the correct choice because it provides a robust balance of security and compatibility, especially for remote users behind NAT. It uses SSL/TLS for encryption and can operate over a single UDP or TCP port (typically 1194), which easily traverses NAT without requiring additional configuration. Unlike L2TP/IPsec, OpenVPN does not rely on IPsec's NAT-sensitive protocols like ESP, making it more reliable across home routers.

Exam trap

CompTIA often tests the misconception that L2TP/IPsec is always the best for security and compatibility, but the trap here is that IPsec's ESP protocol can fail with NAT unless NAT-T is enabled, making OpenVPN a more practical choice for remote users behind home routers.

How to eliminate wrong answers

Option A is wrong because PPTP uses outdated MPPE encryption (RC4) and has known vulnerabilities, making it insecure for modern use. Option B is wrong because L2TP/IPsec can have issues with NAT traversal due to IPsec's ESP protocol, often requiring NAT-T or additional router configuration, which reduces compatibility with home routers. Option D is wrong because SSTP is primarily designed for Windows environments and uses TCP port 443, which can be blocked or throttled by some firewalls, and it lacks the cross-platform compatibility of OpenVPN.

129
MCQhard

A company uses a private cloud for its internal applications. The IT team wants to ensure that if one physical host fails, the virtual machines running on it can be automatically restarted on another host with minimal downtime. Which feature should they implement?

A.Fault tolerance
B.High availability
C.Live migration
D.Snapshots
AnswerB

High availability monitors hosts and automatically restarts VMs on another host if a failure occurs, meeting the requirement of minimal downtime.

Why this answer

High availability (HA) is the correct feature because it is designed to automatically restart virtual machines on a surviving host within a cluster when a physical host fails. HA uses heartbeat monitoring between hosts and a resource manager to detect failures and trigger VM restarts, minimizing downtime without requiring manual intervention.

Exam trap

CompTIA A+ candidates often confuse High Availability (automatic restart after failure) with Fault Tolerance (continuous uptime with a secondary VM), leading them to mistakenly choose FT when the question asks for automatic restart with minimal downtime rather than zero downtime.

How to eliminate wrong answers

Option A is wrong because Fault Tolerance (FT) provides continuous availability by maintaining a secondary VM in lockstep with the primary, but it is not designed for automatic restart after host failure—it requires a secondary host to be pre-configured and has high resource overhead. Option C is wrong because Live Migration (vMotion) moves a running VM from one host to another with zero downtime, but it is a manual or scheduled process and does not automatically respond to a host failure. Option D is wrong because Snapshots capture the state of a VM at a point in time for backup or rollback purposes, but they do not provide any automatic restart or failover capability when a host fails.

130
MCQmedium

A user reports that their web browser's homepage has changed to an unfamiliar search engine, and new toolbars have appeared without their consent. They have not installed any new software recently. Which type of malware is most likely responsible?

A.Trojan horse
B.Worm
C.Browser hijacker
D.Ransomware
AnswerC

Browser hijackers specifically alter browser settings like homepage and add toolbars without user consent.

Why this answer

The symptoms—unwanted homepage changes, unfamiliar search engine, and new toolbars—are classic signs of a browser hijacker. This malware modifies browser settings (e.g., via registry keys or extension policies) without user consent, often bundled with freeware or installed through drive-by downloads. Unlike other malware types, it specifically targets the browser's configuration to redirect traffic and generate ad revenue.

Exam trap

CompTIA often tests the distinction between malware types by focusing on specific symptoms—here, the trap is that candidates confuse a browser hijacker with a Trojan horse because both can be installed without consent, but only the hijacker directly targets browser settings.

How to eliminate wrong answers

Option A is wrong because a Trojan horse masquerades as legitimate software to perform malicious actions (e.g., data theft or backdoor access), but it does not specifically alter browser settings or add toolbars as its primary function. Option B is wrong because a worm self-replicates across networks to spread, often exploiting vulnerabilities, but it does not typically modify browser homepages or install toolbars. Option D is wrong because ransomware encrypts files or locks the system to demand payment, not change browser settings or add toolbars.

131
MCQeasy

A small business uses a cloud-based accounting application. Several employees report that they can no longer access the application, and they receive a message stating that the service is temporarily unavailable. The business's internet connection is working, and other cloud services are accessible. What is the most likely cause of this issue?

A.The user's browser cache is corrupted.
B.The cloud service provider is experiencing an outage.
C.The business's firewall is blocking the accounting application.
D.The employees' user accounts have been disabled.
AnswerB

A provider-side outage would affect all users of that specific service, matching the symptoms of multiple employees unable to access only that application.

Why this answer

The correct answer is B because the scenario describes a service-specific outage: the cloud-based accounting application is inaccessible while other cloud services and the internet connection remain functional. This pattern—one application failing while others work—strongly indicates that the issue is isolated to that particular cloud service provider, not the local network or user accounts. A provider outage would cause the 'temporarily unavailable' message, as the application's servers are unreachable.

Exam trap

CompTIA A+ often tests the distinction between client-side issues (cache, firewall, account status) and provider-side outages by presenting a scenario where only one service fails, tempting candidates to blame local configuration rather than recognizing the service-specific outage pattern.

How to eliminate wrong answers

Option A is wrong because a corrupted browser cache would typically cause display or loading issues for a single user, not a service-wide 'temporarily unavailable' message affecting multiple employees simultaneously; clearing the cache might resolve local rendering problems but cannot block access to a remote server. Option C is wrong because if the business's firewall were blocking the accounting application, it would affect all cloud services or at least produce a different error (e.g., connection timeout or access denied), not a provider-side 'temporarily unavailable' message, and other cloud services remain accessible. Option D is wrong because disabled user accounts would result in authentication failures (e.g., 'invalid credentials' or 'account locked') for each affected employee, not a generic 'service temporarily unavailable' message that appears before login.

132
MCQhard

A technician is investigating a data breach and discovers that an attacker obtained sensitive files by searching through the company's recycling bins. The bins contained printed reports with customer names and account numbers. What social engineering attack was used?

A.Tailgating
B.Shoulder surfing
C.Dumpster diving
D.Phishing
AnswerC

Dumpster diving is the correct term for retrieving information from discarded materials.

Why this answer

Dumpster diving is the physical act of searching through trash to find sensitive information. This attack relies on the failure to properly dispose of documents. Shredding or secure disposal policies are essential countermeasures.

133
MCQhard

A company experiences a data breach after an attacker physically removes a hard drive from an unsecured workstation. The workstation was in a public area. Which combination of physical and logical controls would have best prevented this?

A.Cable lock and BIOS password
B.Cable lock and full-disk encryption
C.Security camera and Windows password
D.Proximity card reader and screen lock
AnswerB

The cable lock deters theft; full-disk encryption ensures data is unreadable if the drive is stolen.

Why this answer

Option B is correct because a cable lock physically secures the workstation to a fixed object, preventing the attacker from removing the hard drive, while full-disk encryption (FDE) renders the data on the drive unreadable even if the drive is physically removed. Together, they address both the physical theft vector and the data exposure risk, which a single control cannot achieve. Without FDE, a BIOS password or Windows password can be bypassed by removing the drive and reading it from another system.

Exam trap

A common trap in this question is that candidates think a BIOS password or OS login password protects data at rest, when in fact these controls only protect the system while it is running and can be bypassed by removing the storage device.

How to eliminate wrong answers

Option A is wrong because a cable lock prevents physical removal, but a BIOS password only protects the boot process; an attacker can remove the hard drive and access its data by connecting it to another machine, bypassing the BIOS password entirely. Option C is wrong because a security camera only provides after-the-fact identification, not prevention, and a Windows password can be bypassed by removing the hard drive and reading it from another system. Option D is wrong because a proximity card reader controls access to the area, but if the workstation is already in a public area, it does not prevent the attacker from physically removing the hard drive, and a screen lock is easily bypassed by removing the drive.

134
MCQmedium

A system administrator needs to find all files in /var/log that have been modified in the last 24 hours to check for recent activity. Which command accomplishes this?

A.find /var/log -mtime -1
B.find /var/log -atime -1
C.find /var/log -ctime -1
D.find /var/log -mmin -1440
AnswerA

This correctly finds files modified within the last 24 hours using -mtime -1.

Why this answer

The correct answer is A because the `find` command with `-mtime -1` searches for files whose content (modification time) was changed within the last 24 hours. This is exactly what the administrator needs to check for recent activity in /var/log.

Exam trap

CompTIA often tests the distinction between `-mtime` (modification), `-atime` (access), and `-ctime` (inode change), and candidates frequently confuse `-ctime` with content modification or pick `-atime` thinking 'activity' includes reads.

How to eliminate wrong answers

Option B is wrong because `-atime -1` checks access time (last read), not modification time, so it would include files that were only read but not changed. Option C is wrong because `-ctime -1` checks inode change time (metadata changes like permissions or ownership), not file content modification. Option D is wrong because `-mmin -1440` checks for files modified within the last 1440 minutes (24 hours), which is functionally equivalent to `-mtime -1`, but the question asks for a command that 'accomplishes this' and option A is the standard, correct syntax; option D uses minutes instead of days and is less common, but more importantly, the exam expects `-mtime -1` as the precise answer.

135
MCQeasy

A user in the accounting department cannot print to a network printer that other users can access. They are running Windows 10. When they try to print, they get a message: 'Windows cannot connect to the printer. Access is denied.' What is the most likely cause of this issue?

A.The printer driver is corrupt on the user's computer.
B.The network cable is unplugged from the user's computer.
C.The user does not have permission to use the printer.
D.The printer is out of paper or toner.
AnswerC

The 'access denied' error directly points to a permissions issue; the print server or printer security settings need to be checked and the user granted access.

Why this answer

The error message 'Access is denied' specifically indicates a permissions issue at the printer or print server level, not a connectivity or hardware problem. Since other users can print successfully, the printer and network are functional, isolating the cause to the user's lack of permission to use the printer. In Windows, printer permissions are managed via the Security tab in printer properties, where the 'Print' permission must be granted to the user or their group.

Exam trap

The trap here is that candidates may assume a generic 'cannot connect' error implies a network or driver problem, ignoring the specific 'Access is denied' wording that points directly to permissions.

How to eliminate wrong answers

Option A is wrong because a corrupt printer driver would typically cause a different error, such as 'Driver is unavailable' or print job failures, not an 'Access is denied' message. Option B is wrong because an unplugged network cable would result in a 'No network connection' or 'Printer not found' error, not an access-denied message, and other users would also be affected if the network were down. Option D is wrong because an out-of-paper or toner condition generates printer-specific status messages (e.g., 'Out of paper' or 'Toner low') on the printer display or in the print queue, not an 'Access is denied' error on the client computer.

136
MCQhard

A user's Windows 10 laptop fails to boot and shows 'INACCESSIBLE_BOOT_DEVICE' blue screen error. The technician suspects a recent driver update for the storage controller. Which recovery environment command can be used to disable the problematic driver from loading?

A.Run 'bcdedit /set {default} safeboot minimal' from the recovery command prompt.
B.Run 'diskpart' and then 'clean' to wipe the disk.
C.Run 'chkdsk /f' to fix file system errors.
D.Run 'bootrec /fixboot' to repair the boot sector.
AnswerA

This command forces the system to boot into Safe Mode, bypassing the problematic driver and allowing repair.

Why this answer

The 'INACCESSIBLE_BOOT_DEVICE' error often occurs after a faulty storage controller driver update. Booting into Safe Mode with minimal drivers can bypass the problematic driver. The command 'bcdedit /set {default} safeboot minimal' configures the boot loader to start Windows in Safe Mode on the next restart, loading only essential drivers and services, which allows the technician to roll back or uninstall the offending driver.

Exam trap

The trap here is that candidates often confuse 'bcdedit' with 'bootrec' commands, assuming 'bootrec /fixboot' or 'chkdsk' can resolve driver-related boot failures, when in fact only Safe Mode or driver rollback via the recovery environment addresses the root cause.

How to eliminate wrong answers

Option B is wrong because 'diskpart clean' wipes the entire disk partition table, destroying all data and making the system unbootable — it does not disable a driver. Option C is wrong because 'chkdsk /f' repairs file system corruption, not driver-related boot failures; it cannot disable a storage controller driver. Option D is wrong because 'bootrec /fixboot' rewrites the boot sector code, which addresses bootloader corruption but does not prevent a specific driver from loading.

137
MCQmedium

A system administrator configures a new VPN server for remote employees. The requirement is that all traffic from the remote user's device must be routed through the corporate network to enforce security policies. Which VPN protocol setting should the administrator enable?

A.Enable split tunneling
B.Disable split tunneling
C.Use PPTP instead of L2TP
D.Increase the MTU size
AnswerB

Disabling split tunneling forces all traffic through the VPN tunnel, ensuring all traffic is subject to corporate security controls.

Why this answer

Disabling split tunneling ensures that all traffic from the remote user's device is routed through the corporate VPN tunnel, enforcing security policies such as content filtering and intrusion detection. When split tunneling is enabled, only traffic destined for the corporate network goes through the VPN, while internet-bound traffic bypasses it, violating the requirement. This setting is typically configured in the VPN client or server profile (e.g., using the 'DisableSplitTunneling' registry key on Windows or the 'tunnel-all' directive in OpenVPN).

Exam trap

CompTIA often tests the misconception that the choice of VPN protocol (PPTP vs. L2TP) determines traffic routing behavior, when in fact split tunneling is a separate policy setting that must be explicitly enabled or disabled.

How to eliminate wrong answers

Option A is wrong because enabling split tunneling would allow remote users to access the internet directly without traversing the corporate network, which directly contradicts the requirement to route all traffic through the corporate network. Option C is wrong because using PPTP instead of L2TP does not affect traffic routing behavior; PPTP and L2TP are tunneling protocols that encapsulate data, but split tunneling is a separate routing policy that must be configured regardless of the protocol chosen. Option D is wrong because increasing the MTU size addresses packet fragmentation issues, not traffic routing; it can improve performance but does not enforce that all traffic is sent through the VPN tunnel.

138
MCQeasy

A small business wants to prevent unauthorized individuals from following employees through a secure entrance after badge access is granted. Which physical security control is specifically designed to address this threat?

A.Install a biometric fingerprint scanner
B.Use a proximity card reader
C.Deploy a mantrap
D.Add a security guard
AnswerC

A mantrap physically isolates each person, ensuring only one authenticated individual passes through at a time.

Why this answer

A mantrap is a physical security control consisting of two interlocking doors with a small vestibule between them. It prevents tailgating by allowing only one person to enter at a time; the first door must close and lock before the second door can open, ensuring that only the authenticated individual passes through.

Exam trap

The trap here is that candidates confuse authentication controls (biometrics, card readers) with access control mechanisms that prevent tailgating, failing to recognize that authentication alone does not enforce single-person entry.

How to eliminate wrong answers

Option A is wrong because a biometric fingerprint scanner authenticates identity but does not prevent an unauthorized person from following an authorized user through the door after access is granted. Option B is wrong because a proximity card reader grants access based on a card but offers no mechanism to stop tailgating once the door is opened. Option D is wrong because a security guard can monitor and intervene, but the question asks for a control specifically designed to address tailgating; a mantrap is a dedicated engineered solution, whereas a guard is a human control that may be inconsistent or bypassed.

139
MCQmedium

A user reports that their Android phone's Bluetooth keeps disconnecting from their car's hands-free system. The technician has already cleared the Bluetooth cache and re-paired the devices. What should the technician do NEXT?

A.Perform a factory reset on the phone.
B.Update the car's infotainment system firmware.
C.Replace the phone's Bluetooth antenna.
D.Disable Bluetooth power saving mode on the phone.
AnswerB

Many car manufacturers release firmware updates to fix Bluetooth compatibility issues, making this a targeted solution.

Why this answer

Option B is correct because after basic troubleshooting (cache clear and re-pair) fails, the next logical step is to check for firmware updates on the car's infotainment system. Bluetooth connectivity issues between a phone and a car are often caused by incompatibilities or bugs in the car's Bluetooth stack, which can be resolved by updating the car's firmware. The technician should prioritize updating the car's system before considering hardware replacement or more drastic phone resets.

Exam trap

The trap here is that candidates may assume the phone is always at fault and jump to a factory reset (Option A) or hardware replacement (Option C), when in reality the car's infotainment firmware is a frequent source of Bluetooth instability that should be addressed first.

How to eliminate wrong answers

Option A is wrong because a factory reset on the phone is a drastic step that should only be taken after exhausting all other software-based troubleshooting; it would delete all user data and is unlikely to fix a Bluetooth issue that persists after cache clearing and re-pairing, especially if the problem is on the car side. Option C is wrong because replacing the phone's Bluetooth antenna is a hardware repair that is premature at this stage; Bluetooth disconnections are rarely caused by a faulty antenna, and the technician has not yet ruled out software or firmware issues on either device. Option D is wrong because disabling Bluetooth power saving mode on the phone is a valid step but should have been considered earlier in the troubleshooting process (e.g., before or alongside cache clearing); it is not the next best step after cache clearing and re-pairing, and the question implies those steps have already been done without success.

140
MCQeasy

A help desk technician receives a complaint that a shared network printer is no longer accessible after a scheduled firmware update was applied to the print server last night. The change was documented but no rollback plan was included. What should the technician do first?

A.Reboot the print server to clear any temporary errors.
B.Restore the print server to its previous firmware version.
C.Submit a new change request to update the firmware again.
D.Disable the printer in Active Directory and re-add it.
AnswerB

Restoring the previous firmware is the most direct way to reverse the change, even though the rollback plan was missing; it should be done following proper change control.

Why this answer

Option B is correct because the scheduled firmware update directly caused the printer to become inaccessible, and without a documented rollback plan, reverting to the previous firmware version is the safest and most immediate way to restore service. This aligns with change management best practices, which prioritize backing out a failed change before troubleshooting further, as the root cause is clearly the firmware update.

Exam trap

The trap here is that candidates often choose to reboot the server (Option A) as a generic troubleshooting step, but the question specifies the change was a firmware update, so the only effective first action is to revert that specific change.

How to eliminate wrong answers

Option A is wrong because rebooting the print server may clear temporary errors but will not revert the firmware version, so if the new firmware is incompatible or buggy, the issue will persist after the reboot. Option C is wrong because submitting a new change request to update the firmware again would repeat the same action that caused the outage, which is illogical and violates change management principles. Option D is wrong because disabling and re-adding the printer in Active Directory addresses only the printer object and driver mapping, not the underlying firmware incompatibility on the print server.

141
MCQhard

A user reports that their browser crashes every time they visit a particular website. Other websites work fine. The technician tries the same website on another computer and it works normally. What is the most likely cause on the user's computer?

A.The website has been blacklisted by the company's firewall.
B.A browser extension is incompatible with that website.
C.The user's network adapter driver is outdated.
D.The website is using a newer version of TLS that the browser doesn't support.
AnswerB

Extensions can cause conflicts with specific site code, leading to crashes. Testing with extensions disabled can confirm this.

Why this answer

Option B is correct because the issue is isolated to a single website on one computer, and the same website works on another computer. This rules out network-wide or server-side problems. Browser extensions can inject scripts, modify headers, or block resources that a specific website requires, causing crashes.

Disabling extensions or testing in incognito mode (which typically disables extensions) can confirm this.

Exam trap

CompTIA often tests the principle of isolation—candidates mistakenly attribute a single-site issue to network-wide or driver problems, but the key is that the problem follows the user's browser configuration, not the network or hardware.

How to eliminate wrong answers

Option A is wrong because if the website were blacklisted by the company's firewall, it would not load on any computer in the network, not just the user's. Option C is wrong because an outdated network adapter driver would cause connectivity issues across all websites, not a single site. Option D is wrong because TLS version incompatibility would result in a connection error or a 'secure connection failed' message, not a browser crash; additionally, if the browser didn't support the TLS version, the other computer would also fail unless it had a different browser or updated TLS stack.

142
MCQeasy

A helpdesk technician is assisting a user who is unable to find a file named 'notes.txt' they saved earlier. The user is in their home directory. Which command will search the entire filesystem for this file?

A.locate notes.txt
B.grep notes.txt /
C.find ~ -name notes.txt
D.find / -name notes.txt
AnswerD

This searches the entire filesystem from root, making it the correct command for a full system search.

Why this answer

Option D is correct because the `find / -name notes.txt` command starts at the root directory (`/`) and recursively searches the entire filesystem for a file named exactly 'notes.txt'. The `-name` option performs a case-sensitive match on the filename, and the starting point `/` ensures all mounted filesystems are included.

Exam trap

The exam often tests the distinction between `find` and `locate`, where candidates mistakenly choose `locate` for a real-time search without considering that the database may not be current, or they confuse the starting directory argument (e.g., `~` vs. `/`).

How to eliminate wrong answers

Option A is wrong because `locate` relies on a pre-built database (usually updated daily via `updatedb`) and may not find a file saved recently if the database hasn't been refreshed; it also does not search the live filesystem in real-time. Option B is wrong because `grep notes.txt /` attempts to search the root directory as a file for the pattern 'notes.txt', but `/` is a directory, not a regular file, so `grep` will either fail with an error or produce no meaningful results; `grep` is designed for searching file contents, not filenames. Option C is wrong because `find ~ -name notes.txt` limits the search to the user's home directory (`~`), not the entire filesystem, so it will miss the file if it was saved elsewhere.

143
MCQeasy

A small office wants to dispose of 20 old CRT monitors. The local landfill does not accept e-waste. Which disposal method is both legal and environmentally responsible?

A.Place them in the dumpster behind the office after hours.
B.Contact a certified e-waste recycling company to pick them up.
C.Break them down and put the plastic and metal in separate recycling bins.
D.Sell them to a scrap metal dealer.
AnswerB

Certified recyclers handle hazardous materials safely and ensure components are reclaimed or disposed of properly.

Why this answer

CRT monitors contain hazardous materials like lead and phosphor, making them e-waste that cannot be disposed of in regular trash. Certified e-waste recycling companies follow environmental regulations to safely dismantle and recycle these components, ensuring legal compliance and responsible handling.

Exam trap

CompTIA often tests the misconception that recycling bins or scrap dealers are acceptable for e-waste, when in fact only certified e-waste recyclers can legally and safely handle hazardous materials like those in CRTs.

How to eliminate wrong answers

Option A is wrong because placing e-waste in a dumpster is illegal in most jurisdictions and environmentally irresponsible due to toxic materials like lead leaching into landfills. Option C is wrong because breaking down CRTs without proper equipment releases hazardous dust and requires specialized handling; general recycling bins do not accept e-waste components. Option D is wrong because scrap metal dealers typically lack certification for handling hazardous e-waste, and selling CRTs for scrap may violate environmental laws if the materials are not processed safely.

144
MCQmedium

A technician needs to write a batch script that will copy a configuration file from a network share to the local system32 directory only if the file on the share is newer than the local copy. Which command should the technician use to perform this conditional copy?

A.copy /y \\server\share\config.txt C:\Windows\System32\
B.xcopy \\server\share\config.txt C:\Windows\System32\ /d /y
C.robocopy \\server\share C:\Windows\System32 config.txt /mir
D.move /y \\server\share\config.txt C:\Windows\System32\
AnswerB

Xcopy with /d copies only if the source is newer, and /y suppresses prompts.

Why this answer

Option B is correct because the `xcopy` command with the `/d` switch copies files only if the source file is newer than the destination file, and `/y` suppresses confirmation prompts. This meets the requirement of a conditional copy based on file timestamp comparison.

Exam trap

CompTIA A+ often tests the distinction between `copy`, `xcopy`, and `robocopy` switches, and the trap here is that candidates may choose `copy /y` thinking it is sufficient, overlooking the need for a timestamp-based conditional check that only `xcopy /d` provides.

How to eliminate wrong answers

Option A is wrong because `copy /y` always overwrites the destination without any timestamp check, so it does not conditionally copy only when the source is newer. Option C is wrong because `robocopy /mir` mirrors an entire directory tree, including deleting files in the destination that no longer exist in the source, which is excessive and destructive for a single-file copy task. Option D is wrong because `move` relocates the file from the network share to the local system, removing it from the source, which is not a copy operation and does not perform any timestamp-based condition.

145
MCQmedium

A company's security policy requires all wireless traffic to be encrypted with AES. A technician is configuring a new access point and sees the following options: WPA2-PSK (TKIP), WPA2-PSK (AES), WPA3-SAE, and WEP. Which option should the technician select?

A.WPA2-PSK (TKIP)
B.WPA2-PSK (AES)
C.WPA3-SAE
D.WEP
AnswerC

Correct. WPA3-SAE uses AES encryption and provides stronger security than WPA2, making it the best choice.

Why this answer

C is correct because WPA3-SAE (Simultaneous Authentication of Equals) is the only option that uses AES encryption by default and meets the company's security policy requirement for AES encryption. WPA3-SAE replaces the pre-shared key (PSK) with a more secure handshake and mandates AES-CCMP or AES-GCMP, ensuring compliance with the policy.

Exam trap

CompTIA A+ often tests the misconception that WPA2-PSK (AES) is the best choice because it uses AES, but the trap here is that the question asks which option the technician should select, and WPA3-SAE is the most secure and modern protocol that also meets the AES requirement, making it the correct answer over the older WPA2 variant.

How to eliminate wrong answers

Option A is wrong because WPA2-PSK (TKIP) uses the TKIP encryption protocol, which is based on RC4 and does not use AES, violating the policy. Option B is wrong because although WPA2-PSK (AES) uses AES encryption, it is an older standard that lacks the security enhancements of WPA3, such as forward secrecy and protection against offline dictionary attacks, but more importantly, the question asks for the option that should be selected, and WPA3-SAE is the superior choice that also meets the AES requirement. Option D is wrong because WEP uses RC4 encryption and is completely insecure, with no support for AES, and is deprecated by all security standards.

146
MCQmedium

A user reports that after installing a free PDF converter from an advertisement, their browser homepage changed and they see constant pop-ups for antivirus software. A malware scan found PUPs (Potentially Unwanted Programs). What is the best next step to fully remove the unwanted software and restore browser settings?

A.Run System Restore to a point before installation.
B.Use a dedicated adware removal tool and then reset the browser.
C.Manually delete the program from Program Files.
D.Disable the browser's JavaScript and ActiveX.
AnswerB

Adware removal tools are designed to find and remove PUPs that standard antivirus may miss, and resetting the browser cleans up leftover settings.

Why this answer

Option B is correct because PUPs often embed deeply into browser settings and registry entries that a standard uninstall or System Restore may not fully remove. A dedicated adware removal tool targets these specific traces, and resetting the browser ensures all malicious extensions, search providers, and homepage hijacks are cleared, restoring default security configurations.

Exam trap

CompTIA often tests the misconception that System Restore (Option A) is a comprehensive fix for malware, when in reality it may not remove PUPs that persist in user profile folders or browser data that are excluded from restore points.

How to eliminate wrong answers

Option A is wrong because System Restore may not revert changes made by PUPs that modify user-specific registry hives or browser profile data, and it can leave behind residual files that continue to cause pop-ups. Option C is wrong because manually deleting the program from Program Files does not remove the associated registry entries, scheduled tasks, or browser extensions that maintain the unwanted behavior. Option D is wrong because disabling JavaScript and ActiveX only prevents some script-based pop-ups but does not remove the underlying PUP files, registry modifications, or browser hijack settings.

147
MCQeasy

A customer reports that their desktop computer is running extremely slowly, and they see frequent pop-up advertisements even when no browser is open. Task Manager shows a process named 'svch0st.exe' consuming 95% CPU. Which type of malware is most likely causing these symptoms?

A.Ransomware
B.Adware
C.Rootkit
D.Spyware
AnswerB

Adware displays unwanted ads and often runs processes that impersonate legitimate ones, matching the symptoms described.

Why this answer

Adware displays unwanted advertisements and often masquerades as legitimate processes. The misspelled 'svch0st.exe' mimics a Windows system process, a common adware tactic. This malware type is best removed using a dedicated anti-malware tool.

148
MCQmedium

A user reports that after a technician recycled an old computer by simply deleting the user profile, the next user found personal documents in the 'Recycle Bin'. Which step was missed in the data disposal process?

A.The technician should have performed a quick format.
B.The technician should have used a data wiping tool that overwrites the free space.
C.The technician should have removed the hard drive and stored it.
D.The technician should have disabled the Recycle Bin.
AnswerB

A wiping tool overwrites the sectors where deleted files reside, making them unrecoverable. This step was missed.

Why this answer

Deleting a user profile only removes the user's registry and profile folder, but personal documents remain in the Recycle Bin because the Recycle Bin is a system-protected hidden folder that is not cleared by profile deletion. A data wiping tool that overwrites free space is required to securely erase the contents of the Recycle Bin and any other residual data, ensuring that deleted files cannot be recovered.

Exam trap

CompTIA often tests the misconception that deleting a user profile or emptying the Recycle Bin is sufficient for data disposal, when in fact both actions leave recoverable data on the free space that requires overwriting to be secure.

How to eliminate wrong answers

Option A is wrong because a quick format only clears the file system metadata (e.g., the MFT or FAT table) and does not overwrite the actual data sectors, leaving the Recycle Bin contents intact and recoverable. Option C is wrong because removing and storing the hard drive is a physical security measure for decommissioning, not a data disposal step for a recycled computer that will be reused by another user. Option D is wrong because disabling the Recycle Bin only prevents future files from being stored there; it does not erase existing files already in the Recycle Bin, so the personal documents would remain.

149
MCQhard

A company's IT policy requires that all disposed hard drives be physically destroyed to prevent data breaches. Which method has the least environmental impact while ensuring data destruction?

A.Use a degausser to erase the drive and then recycle it.
B.Drill holes through the platters and then dispose of the drive in e-waste.
C.Shred the hard drive using an industrial shredder and then recycle the metal fragments.
D.Overwrite the drive with zeros multiple times and then donate it.
AnswerC

This is correct because shredding ensures complete data destruction and the metal can be recycled, minimizing environmental impact.

Why this answer

Option C is correct because industrial shredding physically destroys the platters into small fragments, making data recovery impossible, and the resulting metal fragments can be recycled, minimizing environmental impact. Unlike degaussing or drilling, shredding ensures complete destruction without leaving large e-waste components, and the recycling of ferrous and non-ferrous metals reduces raw material extraction.

Exam trap

CompTIA often tests the misconception that degaussing or overwriting is sufficient for physical destruction policies, but the key distinction is that physical destruction requires the drive to be rendered physically unusable and unrecoverable, not just magnetically or logically erased.

How to eliminate wrong answers

Option A is wrong because degaussing destroys the magnetic domains on the platters, making the drive unusable, but the drive itself remains a bulky e-waste item that must be disposed of; recycling a degaussed drive still requires energy and processing, and degaussing does not physically destroy the drive, so it may not meet a policy requiring physical destruction. Option B is wrong because drilling holes through the platters leaves large portions of the platters intact, and data may still be recoverable from undamaged areas using specialized forensic tools; additionally, disposing of the drive in e-waste without recycling the metal components has a higher environmental impact than shredding and recycling. Option D is wrong because overwriting with zeros multiple times does not physically destroy the drive, and donating it violates the policy requiring physical destruction; even with multiple overwrites, advanced recovery techniques (e.g., magnetic force microscopy) might recover residual data, and the drive is not disposed of as required.

150
MCQeasy

During a printer toner replacement, a technician accidentally spills toner powder on the carpet. What is the proper cleanup procedure?

A.Use a vacuum cleaner with a standard bag to suck up the toner.
B.Wipe the toner with a damp cloth using hot water.
C.Blot the toner with a cold, damp cloth and then use a HEPA-filter vacuum.
D.Sweep the toner into a dustpan and dispose of it in the trash.
AnswerC

This is correct because cold water prevents melting, and a HEPA vacuum traps fine particles, ensuring safe and effective cleanup.

Why this answer

Option C is correct because toner powder is extremely fine and can become airborne if mishandled. Blotting with a cold, damp cloth prevents the toner from spreading, and using a HEPA-filter vacuum ensures that microscopic toner particles are trapped without being exhausted back into the environment. Standard vacuum cleaners lack HEPA filtration and can release toner dust into the air, causing respiratory hazards.

Exam trap

CompTIA often tests the misconception that any vacuum or damp cloth is acceptable for toner cleanup, but the trap is that only a HEPA-filter vacuum combined with cold water blotting prevents particle dispersion and permanent staining.

How to eliminate wrong answers

Option A is wrong because using a vacuum cleaner with a standard bag does not trap ultrafine toner particles; the vacuum's exhaust can blow toner dust into the air, creating a health risk and further contamination. Option B is wrong because wiping toner with a damp cloth using hot water can cause the toner to melt or fuse into the carpet fibers, making permanent stains and releasing fumes. Option D is wrong because sweeping toner with a dustpan generates airborne dust, and disposing of it in regular trash is unsafe as toner is a fine particulate that can become airborne in landfills.

Page 1

Page 2 of 10

Page 3

All pages