CompTIA A+ Core 2 220-1202 (220-1202) — Questions 151225

750 questions total · 10pages · All types, answers revealed

Page 2

Page 3 of 10

Page 4
151
MCQeasy

During a printer toner replacement, a technician accidentally spills toner powder on the carpet. What is the correct procedure for cleaning up the spill?

A.Use a standard household vacuum cleaner to quickly remove the toner.
B.Wipe up the toner with a dry paper towel and dispose of it in the trash.
C.Use a toner-rated vacuum or a damp cloth to carefully collect the spill.
D.Pour water on the spill to dissolve the toner, then mop it up.
AnswerC

Toner-rated vacuums have HEPA filters to trap particles; a damp cloth prevents the powder from becoming airborne.

Why this answer

Option C is correct because toner powder is a fine, electrically charged plastic dust that can be hazardous if inhaled or if it melts into carpet fibers. Using a toner-rated vacuum with a HEPA filter safely captures the particles without dispersing them, or a damp cloth can be used to gently lift the toner without smearing it deeper into the carpet. This procedure follows manufacturer safety guidelines and prevents damage to standard vacuums, which can ignite or spread the toner.

Exam trap

CompTIA often tests the misconception that water can dissolve toner because it resembles ink, but toner is a dry plastic powder that requires specialized cleanup to avoid static ignition or permanent carpet damage.

How to eliminate wrong answers

Option A is wrong because standard household vacuum cleaners lack HEPA filtration and can cause the fine toner particles to be expelled into the air, creating an inhalation hazard; additionally, the static buildup inside the vacuum can ignite the toner dust. Option B is wrong because wiping toner with a dry paper towel will grind the particles into the carpet fibers, making removal more difficult and potentially damaging the carpet. Option D is wrong because toner is a plastic-based powder that does not dissolve in water; adding water will create a sticky, paste-like mess that is harder to clean and can stain the carpet permanently.

152
MCQmedium

A small business wants to ensure that all employees use strong passwords that include uppercase, lowercase, numbers, and special characters, and that passwords expire every 60 days. Which tool should be used to enforce these settings on a standalone Windows 10 workstation?

A.Local Users and Groups (lusrmgr.msc)
B.Local Security Policy (secpol.msc)
C.Windows Defender Firewall with Advanced Security
D.Device Manager
AnswerB

This tool provides access to Account Policies, including password complexity and expiration settings.

Why this answer

The Local Security Policy (secpol.msc) is the correct tool because it provides a centralized interface to configure password policies, such as minimum password length, complexity requirements (uppercase, lowercase, numbers, special characters), and maximum password age (e.g., 60 days). These settings are enforced locally on a standalone Windows 10 workstation through the Security Settings node under Account Policies.

Exam trap

CompTIA A+ often tests the distinction between user account management tools (lusrmgr.msc) and security policy enforcement tools (secpol.msc), leading candidates to mistakenly choose Local Users and Groups for password policy configuration.

How to eliminate wrong answers

Option A is wrong because Local Users and Groups (lusrmgr.msc) is used to manage user accounts and group memberships, not to enforce password complexity or expiration policies. Option C is wrong because Windows Defender Firewall with Advanced Security is designed to control inbound and outbound network traffic rules, not to configure password policies. Option D is wrong because Device Manager is used to manage hardware devices and drivers, not to enforce security settings like password policies.

153
MCQmedium

A technician is investigating a security incident where a user's credentials were stolen. The user says they only logged into their email from a coffee shop Wi-Fi. The technician notices that the browser was not using HTTPS for the login page. What is the most likely attack method used?

A.Cross-site scripting (XSS) attack.
B.Man-in-the-middle attack.
C.DNS spoofing attack.
D.Brute force attack.
AnswerB

An attacker on the same network can intercept unencrypted HTTP traffic and capture login credentials.

Why this answer

On an open Wi-Fi network, an attacker can perform a man-in-the-middle attack to intercept unencrypted HTTP traffic. Without HTTPS, the login credentials are sent in plaintext and can be captured easily. This is a common risk on public Wi-Fi.

154
MCQhard

A company is experiencing a security incident where an attacker gained access to the internal network via a compromised VPN account. The technician must prevent future attacks. Which two-factor authentication method should the technician implement for VPN access?

A.Require a complex password with a minimum length of 20 characters
B.Implement a time-based one-time password (TOTP) via an authenticator app
C.Restrict VPN access to specific IP addresses
D.Enable single sign-on (SSO) with Active Directory
AnswerB

TOTP provides a second factor that changes every 30 seconds, making it much harder for an attacker to reuse stolen credentials.

Why this answer

Two-factor authentication (2FA) adds a second factor beyond the password, such as a one-time code from an authenticator app. This significantly reduces the risk of account compromise even if the password is stolen.

155
MCQmedium

During a security audit, you find that a user's workstation has a USB device that automatically logs in to a cloud storage account when inserted. What security best practice is being violated?

A.Password complexity requirements
B.Account lockout policies
C.Disabling auto-run
D.Enforcing screen locks
AnswerC

Disabling auto-run prevents devices from automatically executing code, which stops this type of automatic login.

Why this answer

USB auto-run devices can bypass authentication and pose a security risk. Disabling auto-run prevents unauthorized access and malware from executing automatically, which is a key security practice.

156
MCQhard

During a security audit, you need to identify all user accounts that have been created or modified in the last 24 hours on a Windows Server. Which command-line tool can parse security event logs to extract this information?

A.wevtutil qe Security /q:"*[System[TimeCreated[timediff(@SystemTime) <= 86400000]]]"
B.eventvwr
C.net user
D.diskpart
AnswerA

This command queries the Security log for events created in the last 24 hours (86400000 ms), enabling precise filtering for account changes.

Why this answer

The wevtutil command with the 'qe' (query-events) parameter and an XPath filter can directly query the Security event log for events created within a specific time window. The filter '*[System[TimeCreated[timediff(@SystemTime) <= 86400000]]]' retrieves events whose creation time is within the last 86,400,000 milliseconds (24 hours), allowing you to identify user accounts created or modified via event IDs such as 4720 (user created) or 4738 (user changed).

Exam trap

CompTIA exams often test the distinction between graphical tools (eventvwr) and command-line tools (wevtutil), and candidates may confuse 'net user' as a log-parsing tool when it only shows current account state, not historical changes.

How to eliminate wrong answers

Option B (eventvwr) is wrong because it is a graphical Event Viewer tool, not a command-line tool, and cannot be used in scripts or automated audits without additional interaction. Option C (net user) is wrong because it only displays current user account properties or modifies accounts, but it cannot parse historical security event logs to show accounts created or modified in the last 24 hours. Option D (diskpart) is wrong because it is a disk partitioning utility and has no capability to query event logs or user account information.

157
MCQeasy

A receptionist holds the door for a person carrying a large box, assuming they work in the building. Later, that person is seen plugging a USB drive into a workstation in the finance department. Which social engineering technique was most likely used to gain initial access?

A.Phishing
B.Pretexting
C.Tailgating
D.Baiting
AnswerC

Tailgating occurs when an unauthorized person follows an authorized person into a restricted area without proper authentication.

Why this answer

The correct answer is C because tailgating involves an unauthorized person gaining physical access to a secure area by following an authorized individual. In this scenario, the receptionist held the door for the person carrying a large box, assuming they worked in the building, which allowed the attacker to bypass physical security controls without authentication.

Exam trap

The trap here is that candidates confuse tailgating with pretexting, as both involve deception, but tailgating specifically relies on physical proximity and social norms rather than a fabricated story or identity.

How to eliminate wrong answers

Option A is wrong because phishing is a digital social engineering technique that uses deceptive emails or messages to trick victims into revealing credentials or installing malware, not physical access. Option B is wrong because pretexting involves creating a fabricated scenario or identity to obtain information, such as impersonating IT support, but here the attacker simply followed someone in without a detailed story. Option D is wrong because baiting involves offering something enticing (e.g., a free USB drive) to lure a victim into compromising security, but the attacker in this case used physical proximity, not a lure.

158
MCQmedium

A user complains that their computer is running slowly and they see a USB drive they don't recognize plugged into the front port. What is the first step a technician should take to address this potential security issue?

A.Run a full antivirus scan on the computer.
B.Check the USB drive's contents to see what it contains.
C.Ask the user to unplug the USB drive immediately.
D.Disable the USB ports in the BIOS.
AnswerC

Removing the device stops any ongoing malicious activity and is the first step in containment.

Why this answer

Option C is correct because the immediate priority is to contain the potential security threat by physically removing the unknown USB drive. This follows the principle of least privilege and incident response best practices: isolate the suspect device before performing any analysis or remediation. Unplugging the drive stops any ongoing data exfiltration or malware installation, which is the first step in a security incident response.

Exam trap

The trap here is that candidates often jump to scanning or investigating the drive (options A or B) because they focus on detection rather than containment, but the CompTIA A+ 220-1102 exam emphasizes immediate isolation as the first step in security incident response.

How to eliminate wrong answers

Option A is wrong because running a full antivirus scan while the unknown USB drive is still connected could allow malware to execute or spread during the scan, and antivirus may not detect all threats (e.g., zero-day exploits or fileless malware). Option B is wrong because checking the USB drive's contents exposes the technician to potential malware (e.g., autorun.inf triggering a payload) and could compromise the system further; forensic analysis should be done in a controlled environment. Option D is wrong because disabling USB ports in the BIOS is a long-term administrative control that takes time and may affect legitimate devices; it does not address the immediate threat of the already-connected unknown drive.

159
MCQmedium

A technician is troubleshooting a printer issue and finds a sticky note under the keyboard with the domain admin password written on it. The user says they kept it there 'for convenience.' Which social engineering attack does this practice most enable?

A.Phishing
B.Shoulder surfing
C.Tailgating
D.Baiting
AnswerB

Shoulder surfing involves visually obtaining information like passwords; a sticky note in plain view makes this trivial.

Why this answer

The sticky note with the domain admin password under the keyboard directly enables shoulder surfing, where an attacker visually captures sensitive information (the password) by looking over the user's shoulder or at the exposed note. This is a physical social engineering attack that exploits the convenience of storing credentials in plain sight, bypassing any technical authentication controls.

Exam trap

The trap here is that candidates may confuse shoulder surfing with baiting because both involve physical access, but baiting requires an active lure (like a malicious USB drive) whereas shoulder surfing is purely passive observation of exposed information.

How to eliminate wrong answers

Option A is wrong because phishing is a digital social engineering attack that uses deceptive emails, messages, or websites to trick users into revealing credentials, not a physical note left under a keyboard. Option C is wrong because tailgating involves an unauthorized person following an authorized individual into a restricted area without proper authentication, not the exposure of written credentials. Option D is wrong because baiting involves offering something enticing (e.g., a USB drive labeled 'Confidential' or a free download) to lure a victim into executing malware or revealing information, not the passive discovery of a password on a sticky note.

160
MCQeasy

A technician is deploying a new virtual machine on a Type 1 hypervisor. The VM will run a Linux web server and needs to be isolated from the corporate network except for HTTPS traffic. Which networking configuration should the technician implement?

A.Bridge the VM directly to the physical network adapter
B.Use a virtual switch set to host-only mode and configure port forwarding for HTTPS
C.Attach the VM to a NAT network without any port forwarding
D.Assign the VM an IP from the corporate DHCP scope
AnswerB

Host-only mode isolates the VM from the physical network, and port forwarding allows only HTTPS traffic from the host to the VM, meeting the security requirement.

Why this answer

Option B is correct because a host-only virtual switch creates an isolated network between the host and the VM, preventing direct access from the corporate network. By configuring port forwarding on the host, the technician can selectively allow only HTTPS traffic (TCP/443) to reach the VM while keeping it otherwise isolated. This meets the requirement of isolation except for HTTPS.

Exam trap

In CompTIA A+ exams, candidates often confuse host-only and NAT networking modes, mistakenly thinking NAT alone provides inbound access, but NAT without port forwarding only allows outbound connections.

How to eliminate wrong answers

Option A is wrong because bridging the VM directly to the physical network adapter would place the VM on the same Layer 2 broadcast domain as the corporate network, providing no isolation. Option C is wrong because a NAT network without port forwarding would allow the VM to initiate outbound connections but would not permit inbound HTTPS traffic from the corporate network, failing the requirement to allow HTTPS. Option D is wrong because assigning the VM an IP from the corporate DHCP scope would give the VM a routable corporate IP address, making it directly accessible from the corporate network and defeating the isolation requirement.

161
MCQeasy

A technician receives a complaint from a user that their email account was used to send spam. The user insists they did not send the emails. What is the MOST appropriate first step in handling this security incident professionally?

A.Tell the user they must have clicked on a phishing link and it's their fault.
B.Immediately reset the user's password and check the email logs for unauthorized access.
C.Ignore the complaint because spam is common.
D.Ask the user to change their password and not worry about it.
AnswerB

This secures the account and gathers evidence, following security best practices.

Why this answer

Option B is correct because the immediate reset of the user's password stops further unauthorized use of the account, and checking email logs (e.g., SMTP logs, IMAP/POP3 access logs, or Exchange/Office 365 audit logs) allows the technician to identify the source of the spam, such as a compromised credential or a malicious forwarding rule. This follows the CompTIA A+ incident response procedure of containment first, then investigation, while maintaining professional communication with the user.

Exam trap

CompTIA often tests the candidate's ability to prioritize containment over investigation or blame; the trap here is that many candidates jump to blaming the user (Option A) or taking a passive approach (Option D), when the correct first step is to immediately secure the account by resetting the password.

How to eliminate wrong answers

Option A is wrong because blaming the user without evidence violates professional conduct and may overlook other causes like a compromised password or a malicious script on the client machine. Option C is wrong because ignoring a security incident, especially one involving unauthorized email use, violates security policy and could allow further damage or data breach. Option D is wrong because simply asking the user to change their password without verifying logs or resetting the account leaves the incident uncontained and fails to confirm whether the attacker still has access or has set up persistence mechanisms like forwarding rules.

162
MCQeasy

During a security audit, it is discovered that an old server's hard drives were simply deleted and the server was sold to a recycler. The recycler later reported finding readable files on the drives. Which data disposal standard was violated?

A.NIST SP 800-88
B.PCI DSS
C.HIPAA
D.ISO 27001
AnswerA

NIST SP 800-88 provides guidelines for media sanitization, requiring overwriting or destruction. Deleting files does not meet these standards.

Why this answer

NIST SP 800-88 provides guidelines for media sanitization, including clear, purge, and destroy methods. Simply deleting files only removes directory pointers, leaving data recoverable until overwritten. The recycler's ability to read files indicates that the drives were not sanitized according to NIST SP 800-88 standards, which require overwriting or physical destruction for sensitive data.

Exam trap

CompTIA often tests the distinction between a general security framework (like HIPAA or PCI DSS) and a specific technical disposal standard (NIST SP 800-88), trapping candidates who confuse compliance requirements with the actual sanitization methodology.

How to eliminate wrong answers

Option B (PCI DSS) is wrong because PCI DSS is a security standard for payment card data, not a specific data disposal standard; while it requires secure disposal, it does not define the technical methods like NIST SP 800-88 does. Option C (HIPAA) is wrong because HIPAA governs protected health information (PHI) disposal but does not prescribe the specific sanitization techniques or levels (clear, purge, destroy) that NIST SP 800-88 details. Option D (ISO 27001) is wrong because ISO 27001 is an information security management system (ISMS) standard that requires a disposal policy but does not provide the granular, step-by-step sanitization procedures found in NIST SP 800-88.

163
MCQmedium

A company's server room has a door with a proximity card reader. Employees report that the door sometimes does not close fully, allowing it to be pushed open without a card. What is the best solution?

A.Replace the proximity card reader with a biometric reader
B.Install a door closer mechanism
C.Add a security camera to monitor the door
D.Increase the frequency of badge audits
AnswerB

A door closer automatically pulls the door shut and ensures it latches, preventing unauthorized entry through an unsecured door.

Why this answer

The core issue is that the door fails to close fully, bypassing the proximity card reader's access control. A door closer mechanism is a mechanical device that automatically pulls the door shut, ensuring it latches and requires card authentication to re-enter. This directly addresses the physical vulnerability without changing the authentication method.

Exam trap

The trap here is that candidates focus on the authentication technology (card reader) rather than the physical barrier integrity, mistakenly thinking a stronger authentication method (biometric) will solve a mechanical latching problem.

How to eliminate wrong answers

Option A is wrong because replacing the reader with a biometric reader does not fix the mechanical problem of the door not closing; it only changes the authentication factor, leaving the bypass vulnerability intact. Option C is wrong because adding a security camera only monitors the door after the fact, it does not prevent unauthorized entry when the door is left ajar. Option D is wrong because increasing badge audit frequency is an administrative control that detects misuse but does not physically secure the door from being pushed open without a card.

164
MCQeasy

A customer reports that their old laptop, which they sold online, still contains personal files that the new owner accessed. The customer had only performed a 'Reset this PC' with the 'Remove everything' option. What should the technician recommend to prevent this in the future?

A.Perform a factory reset from the recovery partition.
B.Use a third-party data wiping tool that overwrites the drive multiple times.
C.Remove the hard drive and physically destroy it.
D.Change the user password before selling.
AnswerB

A wiping tool overwrites all sectors with patterns multiple times, making data recovery infeasible.

Why this answer

The 'Reset this PC' with 'Remove everything' option in Windows performs a quick format or a single-pass overwrite, which leaves data recoverable by file recovery tools. A third-party data wiping tool that overwrites the drive multiple times (e.g., using the DoD 5220.22-M standard) ensures that the data is irrecoverable by overwriting all sectors with patterns, preventing any future access.

Exam trap

The trap here is that candidates assume 'Remove everything' in Windows performs a secure erase, but it only removes file pointers, not the underlying data, making it vulnerable to recovery.

How to eliminate wrong answers

Option A is wrong because a factory reset from the recovery partition typically performs a similar quick format or reinstallation, not a secure wipe, leaving data recoverable. Option C is wrong because physically destroying the hard drive is an extreme measure that is unnecessary for resale; secure wiping is sufficient and allows the drive to be reused. Option D is wrong because changing the user password does not remove or overwrite the existing personal files; the new owner can still access them via a password reset or by booting from external media.

165
MCQeasy

A user complains that their MacBook Air running macOS Monterey frequently runs out of memory and slows down when they have multiple browser tabs and apps open. They want to see which processes are consuming the most memory without installing third-party software. Which macOS tool should you instruct them to use?

A.Force Quit Applications window (Cmd+Option+Esc).
B.System Preferences > Memory.
C.Terminal with the 'top' command.
D.Activity Monitor from the Utilities folder.
AnswerD

Activity Monitor provides a graphical interface to view memory usage, CPU load, and other system metrics. It is the appropriate tool for this scenario.

Why this answer

Activity Monitor (option D) is the built-in macOS utility that provides real-time monitoring of CPU, memory, energy, disk, and network usage. It allows users to view memory pressure, list processes sorted by memory consumption, and identify resource hogs without any third-party software. This directly addresses the user's need to see which processes are consuming the most memory.

Exam trap

CompTIA often tests the distinction between a diagnostic tool (Activity Monitor) and a troubleshooting shortcut (Force Quit), leading candidates to mistakenly choose the Force Quit window because it is a common keyboard shortcut for dealing with unresponsive apps, even though it lacks memory monitoring capabilities.

How to eliminate wrong answers

Option A is wrong because the Force Quit Applications window (Cmd+Option+Esc) only lists running applications and allows you to force quit them; it does not show memory usage details or process-level memory consumption. Option B is wrong because System Preferences does not have a 'Memory' pane; macOS Monterey's memory management settings are not exposed in System Preferences, and there is no dedicated memory configuration interface there. Option C is wrong because while the 'top' command in Terminal can display process memory usage, it is a command-line tool that requires familiarity with terminal syntax and does not provide the graphical, user-friendly interface the user would expect for diagnosing memory issues; Activity Monitor is the recommended GUI tool for this task.

166
MCQhard

A technician is performing a routine software update on a finance department server. The change management documentation specifies that the update must be applied during a maintenance window from 2:00 AM to 4:00 AM. At 3:30 AM, the update fails with an error. The technician has no rollback plan documented. What should the technician do?

A.Attempt to roll back the update using the server’s built-in recovery options.
B.Leave the server in its current state and escalate the issue to the change manager.
C.Continue troubleshooting until the maintenance window ends, then document the failure.
D.Reboot the server to clear the error and retry the update.
AnswerB

Escalating ensures that the change manager can coordinate a proper response, possibly involving the CAB, and document the failure for future improvements.

Why this answer

Option B is correct because the technician has no documented rollback plan, and the change management process requires that any deviation from the approved plan—such as a failed update—must be escalated to the change manager for a decision. Attempting an undocumented rollback or continuing to troubleshoot without authorization risks data corruption, service disruption, or violating compliance policies. The technician’s primary duty is to preserve the server’s current state and follow the escalation path defined in the change management policy.

Exam trap

The trap here is that candidates assume built-in recovery options (Option A) are always safe to use, but the exam tests that without a documented rollback plan, any recovery attempt is an unauthorized change that violates change management procedures.

How to eliminate wrong answers

Option A is wrong because using the server’s built-in recovery options without a documented rollback plan is an unauthorized deviation from the change management process; it could cause irreversible data loss or configuration corruption, and the technician has no approved procedure to validate the recovery steps. Option C is wrong because continuing to troubleshoot past the maintenance window without authorization violates the change window constraints and could extend the outage beyond the approved downtime, increasing risk to the finance department’s operations. Option D is wrong because rebooting the server to clear the error and retrying the update is an unapproved action that may mask the root cause, potentially leading to a partial or inconsistent update state, and it ignores the requirement to escalate when the documented plan fails.

167
MCQhard

A user's Windows 11 PC displays a 'Critical Process Died' blue screen error after a recent Windows Update. The system boots into a recovery loop. Which advanced startup option should be used to remove the problematic update?

A.Boot into Safe Mode from the recovery environment and uninstall the latest update.
B.Use System Restore to revert to a point before the update.
C.Run the Windows Memory Diagnostic tool to check for RAM issues.
D.Perform a clean installation of Windows 11 using the recovery USB.
AnswerA

Safe Mode loads minimal drivers, allowing the technician to uninstall the update without the crash occurring.

Why this answer

Option A is correct because booting into Safe Mode from the Windows Recovery Environment (WinRE) allows you to access the desktop with minimal drivers and services, then use Settings > Windows Update > Update History > Uninstall updates to remove the problematic cumulative update. This directly addresses the 'Critical Process Died' bugcheck (0x000000EF), which often results from a corrupted system file or driver conflict introduced by a recent update, and Safe Mode bypasses the crash loop to enable the uninstall.

Exam trap

The trap here is that candidates often choose System Restore (Option B) because it sounds like a general 'undo' tool, but they fail to recognize that uninstalling the specific update is faster, more targeted, and does not require a pre-existing restore point, which may not exist after a forced update.

How to eliminate wrong answers

Option B is wrong because System Restore reverts the entire system state (registry, system files, installed applications) to a previous restore point, which is a broader and slower operation than simply uninstalling the specific update; it may also fail if no restore point exists or if the update itself corrupted the restore point data. Option C is wrong because the Windows Memory Diagnostic tool tests for physical RAM defects (e.g., bad memory cells, timing errors) and is irrelevant to a software-caused stop code like 'Critical Process Died' that stems from a Windows Update. Option D is wrong because performing a clean installation of Windows 11 using a recovery USB is a destructive, last-resort process that wipes all data and applications, whereas the problem can be solved non-destructively by simply removing the offending update.

168
MCQmedium

Your company is deploying a new application that requires .NET Framework 3.5 on multiple Windows 10 workstations. You need to enable this feature on a single test machine first. Which tool should you use?

A.Programs and Features
B.Windows Features
C.Device Manager
D.Services
AnswerB

Windows Features lets you add or remove Windows components like .NET Framework 3.5 directly from the operating system.

Why this answer

Windows Features (accessible via 'Turn Windows features on or off' in the Control Panel or Settings) is the correct tool to enable .NET Framework 3.5 on a Windows 10 workstation. This feature includes .NET 2.0 and 3.0, and it can be installed from local sources or Windows Update. Programs and Features is used for uninstalling or changing installed programs, not for enabling Windows roles or features.

Exam trap

The trap here is that candidates confuse 'Programs and Features' (which manages installed applications) with 'Turn Windows features on or off' (which manages Windows components), leading them to select A instead of B.

How to eliminate wrong answers

Option A is wrong because Programs and Features is designed for managing installed applications (e.g., uninstalling, repairing, or changing software), not for enabling Windows OS features like .NET Framework 3.5. Option C is wrong because Device Manager is used to manage hardware devices, drivers, and resources (e.g., updating drivers, disabling devices), not for enabling software features. Option D is wrong because Services (services.msc) manages background Windows services (e.g., starting, stopping, or configuring service startup types), not for installing or enabling Windows features.

169
MCQhard

During a routine security walkthrough, you notice that an employee has propped open a secured door to the server room with a doorstop to allow easy access for a cleaning crew. What is the most immediate action you should take?

A.Remove the doorstop and close the door.
B.Document the incident and report it to the security manager.
C.Reprimand the employee who propped the door.
D.Install a door alarm that sounds if the door is open too long.
AnswerA

This immediately restores the physical security of the server room.

Why this answer

The immediate priority is to restore the physical security control by removing the doorstop and closing the door. A propped-open door bypasses the access control system (e.g., card reader, electronic lock), allowing unauthorized entry to the server room. This action directly mitigates the active vulnerability without delay.

Exam trap

CompTIA often tests the distinction between immediate corrective action and administrative follow-up, trapping candidates who choose documentation or reprimand over directly closing the security gap.

How to eliminate wrong answers

Option B is wrong because documenting and reporting, while important, is a secondary step; the immediate threat of unauthorized access must be addressed first. Option C is wrong because reprimanding the employee is a managerial or HR action that does not resolve the current security breach. Option D is wrong because installing a door alarm is a long-term corrective control, not an immediate response to an active physical security gap.

170
MCQmedium

After installing a new printer, a user reports that print jobs are stuck in the queue and cannot be deleted. You need to stop and restart the print spooler service to clear the queue. Which administrative tool allows you to manage this service?

A.Task Manager
B.Services.msc
C.Device Manager
D.Event Viewer
AnswerB

Services.msc lists all services, including the Print Spooler, and allows you to stop, start, or restart them.

Why this answer

The Print Spooler is a Windows service that manages print jobs. To stop and restart it, you need the Services management console, which is accessed by running 'services.msc'. This tool allows you to start, stop, pause, and configure services, making it the correct administrative tool for clearing a stuck print queue.

Exam trap

The trap here is that candidates often confuse Task Manager with service management because both can stop processes, but Task Manager cannot manage Windows services directly; only services.msc or the command line can stop and restart the Print Spooler service.

How to eliminate wrong answers

Option A is wrong because Task Manager is used to manage running processes, applications, and system performance, not to control Windows services like the Print Spooler. Option C is wrong because Device Manager is used to manage hardware devices and drivers, not to start or stop services. Option D is wrong because Event Viewer is used to view system, security, and application logs, not to manage services.

171
MCQeasy

During a routine security audit, a technician discovers that a user's workstation has a program that records keystrokes and periodically sends the data to an external server. The user denies installing any software recently. Which type of malware is this?

A.Trojan horse
B.Worm
C.Keylogger
D.Ransomware
AnswerC

A keylogger specifically records keystrokes and sends them to an attacker, exactly as described.

Why this answer

The program described records keystrokes and exfiltrates them to an external server, which is the defining behavior of a keylogger. This type of malware captures user input, such as usernames and passwords, and sends the data to an attacker. The user's denial of installing software suggests the keylogger may have been delivered stealthily, often via a Trojan horse or drive-by download, but the core functionality is keylogging.

Exam trap

The trap here is that candidates may confuse the delivery method (e.g., a Trojan horse) with the malware's primary function, but the question focuses on the observed behavior (keystroke recording and data exfiltration), which directly identifies it as a keylogger, not the method of installation.

How to eliminate wrong answers

Option A is wrong because a Trojan horse is a type of malware that disguises itself as legitimate software to trick users into installing it, but the question specifically describes keystroke recording and data exfiltration, which is the primary function of a keylogger, not the deceptive delivery mechanism of a Trojan. Option B is wrong because a worm is a self-replicating malware that spreads across networks without user interaction, exploiting vulnerabilities to propagate, whereas the described program does not exhibit self-replication or network-spreading behavior. Option D is wrong because ransomware encrypts files or locks the system and demands a ransom for decryption, which is not mentioned; the program here silently records keystrokes and sends data, not extorts the user.

172
MCQmedium

A technician is troubleshooting a PC that repeatedly shuts down. The user mentions the computer is plugged into a power strip that also has a space heater and a laser printer. What is the most likely cause of the shutdowns?

A.The computer's power supply is failing.
B.The power strip is overloaded and cannot supply stable voltage.
C.The space heater is emitting electrical interference.
D.The laser printer needs a toner replacement.
AnswerB

Excessive load on the power strip causes voltage sag or trips the breaker, leading to shutdowns.

Why this answer

The most likely cause is that the power strip is overloaded because it is simultaneously supplying power to a space heater (a high-wattage resistive load), a laser printer (which draws significant current during fuser warm-up), and the PC. This overload causes the power strip's circuit breaker to trip or the voltage to sag below the PC's power supply tolerance, resulting in repeated shutdowns. Option B is correct because the combined current draw exceeds the power strip's rated capacity, leading to unstable voltage delivery.

Exam trap

CompTIA often tests the concept that high-wattage peripherals sharing a power strip can cause voltage sags or breaker trips, leading candidates to incorrectly blame the PC's power supply (Option A) or assume electrical interference (Option C) rather than recognizing the simple overload condition.

How to eliminate wrong answers

Option A is wrong because a failing power supply typically causes random shutdowns or failure to power on, but the user's description of a shared power strip with high-draw devices points to an external power issue, not an internal component failure. Option C is wrong because electrical interference from a space heater would cause data corruption or erratic behavior, not systematic shutdowns; space heaters are resistive loads that do not generate significant EMI that would trip a PC's overcurrent protection. Option D is wrong because a laser printer needing a toner replacement would produce faded prints or a 'toner low' warning, but it has no effect on the PC's power stability or shutdown behavior.

173
MCQeasy

A small business owner wants to prevent employees from changing system time, installing printers, and modifying power settings on their Windows 10 workstations. They do not want to remove local admin rights entirely. Which Windows security tool should be used to apply these restrictions?

A.Windows Defender Security Center
B.Local Users and Groups (lusrmgr.msc)
C.Local Group Policy Editor (gpedit.msc)
D.Registry Editor (regedit)
AnswerC

Group Policy can enforce specific restrictions on user actions without removing admin rights.

Why this answer

The Local Group Policy Editor (gpedit.msc) allows administrators to configure granular security settings for users and computers without removing local admin rights. Specifically, it can enforce restrictions on system time changes (via 'Change the system time' user right), printer installation (via 'Device Installation Restrictions'), and power settings (via 'Power Management' policies) through Computer Configuration or User Configuration nodes. This tool applies these settings via Group Policy objects that are processed locally, making it the correct choice for non-domain workstations.

Exam trap

A common misconception tested in this exam is that Local Users and Groups (lusrmgr.msc) can enforce granular restrictions like printer installation or power settings, when in reality it only manages group membership and cannot apply detailed policy-based controls.

How to eliminate wrong answers

Option A is wrong because Windows Defender Security Center focuses on antivirus, firewall, and device security features (e.g., exploit protection, app & browser control), not on user permission restrictions like system time or printer installation. Option B is wrong because Local Users and Groups (lusrmgr.msc) manages user accounts and group memberships, but it cannot apply granular policy restrictions such as preventing printer installation or modifying power settings; it only controls membership in groups like Administrators or Users. Option D is wrong because Registry Editor (regedit) directly edits the Windows Registry, which is error-prone, unsupported for policy enforcement, and lacks the structured, auditable interface of Group Policy; it is not a security tool designed for applying consistent restrictions across multiple users.

174
MCQmedium

A small office has several old CRT monitors that need to be replaced. The office manager asks the technician to simply place them in the dumpster. What should the technician do?

A.Comply with the manager's request to avoid conflict.
B.Break the monitors down to salvage the copper, then discard the glass.
C.Contact a licensed e-waste recycler to pick up the monitors for proper disposal.
D.Donate the monitors to a local school.
AnswerC

This is the correct procedure. Licensed recyclers handle hazardous materials safely and ensure compliance with environmental laws.

Why this answer

CRT monitors contain leaded glass and other hazardous materials, making them regulated e-waste. The technician must follow local hazardous waste disposal laws and arrange for proper recycling or disposal through a certified e-waste facility.

175
MCQeasy

During a software installation, a technician receives a pop-up warning that the application requires administrator privileges. The user is logged in with a standard account. What is the most appropriate action for the technician to take?

A.Ask the user to log in with an administrator account and install the software.
B.Right-click the installer and select 'Run as administrator', then enter admin credentials.
C.Temporarily add the user to the Administrators group, install, then remove them.
D.Cancel the installation and escalate to a senior technician.
AnswerB

This allows the installation to proceed with elevated privileges without changing the user's account, maintaining security.

Why this answer

Option B is correct because the technician can use the 'Run as administrator' feature to supply administrative credentials for a one-time elevated installation without changing the user's account type. This adheres to the principle of least privilege, maintaining security by not permanently elevating the standard user's rights.

Exam trap

CompTIA often tests the misconception that temporarily adding a user to the Administrators group is acceptable, when in fact the 'Run as administrator' feature is the proper, secure method for one-time elevation without altering account permissions.

How to eliminate wrong answers

Option A is wrong because asking the user to log in with an administrator account violates security best practices by exposing administrative credentials to a standard user and potentially leaving the system in an elevated state. Option C is wrong because temporarily adding the user to the Administrators group introduces unnecessary risk of privilege escalation and may leave residual group membership changes if not properly reverted. Option D is wrong because escalating to a senior technician is an overreaction for a routine task that the technician can resolve directly using 'Run as administrator'.

176
MCQmedium

A technician is setting up a new wireless network for a small office. They want to ensure that only company-issued devices can connect, and that data transmitted over the air is encrypted. Which combination of settings should they use?

A.WPA2 with TKIP encryption and SSID broadcast disabled.
B.WPA3 with AES encryption and MAC address filtering.
C.WEP with 128-bit key and a strong password.
D.Open network with a captive portal requiring employee login.
AnswerB

WPA3 with AES provides strong encryption, and MAC filtering restricts access to approved devices.

Why this answer

Option B is correct because WPA3 with AES encryption provides the strongest wireless security standard, ensuring robust data confidentiality and integrity. MAC address filtering adds an additional layer of access control, allowing only company-issued devices (with pre-approved MAC addresses) to connect, which aligns with the requirement to restrict access to authorized devices.

Exam trap

A common misconception is that disabling SSID broadcast or using MAC filtering alone provides strong security, but the trap here is that encryption (WPA3 with AES) is the primary defense, and MAC filtering is only a supplementary control, not a replacement for encryption.

How to eliminate wrong answers

Option A is wrong because WPA2 with TKIP encryption is outdated and insecure; TKIP is deprecated and vulnerable to attacks like Michael and Beck-Tews, and disabling SSID broadcast only hides the network name, not preventing determined attackers from discovering it. Option C is wrong because WEP with any key length, including 128-bit, is fundamentally broken and can be cracked in minutes using tools like aircrack-ng, providing no real security. Option D is wrong because an open network with a captive portal does not encrypt data transmitted over the air, leaving it vulnerable to eavesdropping and man-in-the-middle attacks, and it does not prevent unauthorized devices from associating with the network.

177
MCQhard

A company is moving to a new office and needs to dispose of 200 fluorescent light tubes from the old ceiling fixtures. What is the legally required and environmentally responsible disposal method?

A.Break them into small pieces and place them in a sealed bag in the trash.
B.Contact a certified universal waste recycler to pick them up.
C.Place them in the regular recycling bin for glass.
D.Burn them in an industrial incinerator.
AnswerB

Universal waste recyclers are licensed to handle mercury-containing lamps and ensure safe recycling.

Why this answer

Fluorescent light tubes contain mercury, a hazardous substance, so they are classified as universal waste under the Resource Conservation and Recovery Act (RCRA). Option B is correct because certified universal waste recyclers are legally authorized to handle, transport, and recycle mercury-containing lamps, ensuring environmental compliance and safety.

Exam trap

The trap here is that candidates may assume 'recycling' means placing items in a standard bin, but CompTIA A+ 220-1202 tests the specific legal classification of fluorescent lamps as universal waste requiring a certified handler.

How to eliminate wrong answers

Option A is wrong because breaking fluorescent tubes releases toxic mercury vapor and creates hazardous dust, which is illegal under EPA universal waste rules and poses serious health risks. Option C is wrong because regular glass recycling bins cannot process mercury-containing lamps; the mercury would contaminate the recycling stream and violate hazardous waste disposal regulations. Option D is wrong because industrial incinerators are not designed for universal waste lamps; burning them releases mercury into the atmosphere, which is prohibited by the Clean Air Act and RCRA.

178
MCQeasy

A customer calls saying that after installing a new application, their Windows 11 desktop icons are scattered and the taskbar keeps disappearing. They need a quick way to restore the default desktop layout and taskbar behavior without affecting personal files. Which built-in tool should you guide them to use?

A.Reset this PC with the 'Keep my files' option.
B.System Restore from the System Protection tab.
C.Refresh the desktop by right-clicking and selecting 'Refresh'.
D.Use the Deployment Imaging Service and Management Tool (DISM) to repair the system image.
AnswerB

System Restore reverts system files and registry to a prior state, which can fix application-induced problems without affecting personal data.

Why this answer

System Restore reverts system files, registry settings, and installed applications to a previous restore point without affecting personal files. Since the issue began after installing a new application, rolling back to a point before that installation will restore the default desktop layout and taskbar behavior. This is the quickest built-in tool for undoing system changes while preserving user data.

Exam trap

The CompTIA A+ exam often tests the distinction between 'System Restore' and 'Reset this PC' — the trap here is that candidates may choose 'Reset this PC with Keep my files' because it sounds like a safe option, but it is actually a full OS reinstallation that removes all apps and settings, whereas System Restore is a targeted rollback that preserves installed applications and user data.

How to eliminate wrong answers

Option A is wrong because 'Reset this PC with the Keep my files option' reinstalls Windows and removes all installed applications and settings, which is a more drastic and time-consuming process than needed for a simple layout/taskbar issue. Option C is wrong because right-clicking and selecting 'Refresh' only redraws the current desktop icons and does not restore their original positions or fix taskbar behavior. Option D is wrong because DISM is used to repair the Windows system image (e.g., corrupted component store) and does not revert application-installation changes or restore desktop/taskbar settings.

179
MCQmedium

A technician is troubleshooting a Mac that fails to connect to a Wi-Fi network. The network is visible, but entering the correct password results in an 'unable to join the network' error. The technician wants to delete the saved network configuration to start fresh. Which macOS tool or location should they use?

A.System Settings > Network > Wi-Fi > Details > Remove this network.
B.Keychain Access and delete the Wi-Fi password entry.
C.Terminal with the 'networksetup -setairportnetwork' command.
D.System Information > Network > Wi-Fi.
AnswerA

This is the correct graphical method to forget a Wi-Fi network. It removes the saved password and any custom network settings, allowing a fresh connection attempt.

Why this answer

Option A is correct because macOS stores Wi-Fi network configurations (including SSID, security type, and saved passwords) in the system's network preferences. By navigating to System Settings > Network > Wi-Fi, clicking Details next to the network, and selecting 'Remove This Network', the technician completely deletes the saved configuration, forcing macOS to treat the network as new on the next connection attempt. This resolves issues where a corrupted or outdated saved configuration prevents successful authentication despite entering the correct password.

Exam trap

The trap here is that candidates often assume deleting just the password from Keychain Access (Option B) is sufficient, but Cisco tests the understanding that macOS requires removing the entire network configuration to clear all cached parameters that could cause authentication failures.

How to eliminate wrong answers

Option B is wrong because deleting the Wi-Fi password entry from Keychain Access only removes the stored password, not the full network configuration (e.g., security type, proxy settings, or 802.1X profiles). The 'unable to join' error can persist if other saved parameters are corrupted. Option C is wrong because the 'networksetup -setairportnetwork' command is used to join a network by specifying the SSID and password, not to delete a saved network configuration; it does not remove existing saved settings.

Option D is wrong because System Information > Network > Wi-Fi only displays read-only hardware and connection details (e.g., MAC address, signal strength) and provides no capability to modify or delete saved network configurations.

180
MCQmedium

After a power outage, a Windows 10 computer boots to a black screen with the message 'Bootmgr is missing'. The technician has a Windows installation USB. Which repair command should be used to rebuild the Boot Configuration Data (BCD)?

A.From the recovery command prompt, run 'bootrec /fixmbr'.
B.Run 'bootrec /fixboot'.
C.Run 'bootrec /rebuildbcd'.
D.Run 'sfc /scannow /offbootdir=C:\ /offwindir=C:\Windows'.
AnswerC

This command scans for Windows installations and rebuilds the BCD, directly addressing the missing Bootmgr error.

Why this answer

The 'Bootmgr is missing' error indicates that the Boot Configuration Data (BCD) store is corrupted or missing. The 'bootrec /rebuildbcd' command scans all disks for Windows installations and prompts you to add them to a new BCD store, directly rebuilding the BCD. This is the correct repair for a missing or corrupt BCD, which is the specific cause of this error.

Exam trap

The trap here is that candidates confuse the purpose of 'bootrec /fixmbr' and 'bootrec /fixboot' (which repair the boot sector and MBR) with rebuilding the BCD store, leading them to choose a wrong option when the specific error is about a missing or corrupt BCD.

How to eliminate wrong answers

Option A is wrong because 'bootrec /fixmbr' repairs the Master Boot Record (MBR) on the system partition, which handles the initial boot process but does not rebuild the BCD store. Option B is wrong because 'bootrec /fixboot' writes a new boot sector to the system partition, which is used for loading the boot manager but does not address a missing or corrupt BCD. Option D is wrong because 'sfc /scannow /offbootdir=C:\ /offwindir=C:\Windows' checks and repairs system file integrity, not the BCD store, and is used for corrupted Windows system files, not boot configuration data.

181
MCQmedium

A technician needs to migrate a physical server running a legacy application to a virtual machine on a Type 2 hypervisor for testing. The application requires direct access to a PCIe USB controller card. Which of the following is the best approach to ensure the application continues to function?

A.Use a virtual USB controller and map it to the host's USB port
B.Install the application directly on the host and share the USB device via network
C.Enable PCI passthrough for the USB controller card to the VM
D.Convert the physical server to a VM using P2V and rely on emulated USB
AnswerC

PCI passthrough grants the VM exclusive access to the physical USB controller, meeting the application's requirement for direct hardware control.

Why this answer

Option C is correct because PCI passthrough (also known as VT-d or IOMMU) allows the VM to directly access the physical PCIe USB controller card, providing the legacy application with the exact hardware it requires without emulation or translation overhead. This is essential for applications that need direct hardware access and cannot function through a virtualized or shared USB controller.

Exam trap

A common misconception in CompTIA A+ is that virtual USB controllers (Option A) or P2V with emulation (Option D) can satisfy direct hardware access requirements, when in fact only PCI passthrough provides the necessary low-level hardware control for legacy applications that depend on specific PCIe devices.

How to eliminate wrong answers

Option A is wrong because a virtual USB controller emulates generic USB hardware, which does not provide direct access to the specific PCIe USB controller card the legacy application requires; the application may fail due to missing proprietary drivers or direct memory access. Option B is wrong because installing the application on the host and sharing the USB device via network introduces network latency and breaks the isolation of the VM testing environment, and the application expects direct hardware access, not a network-shared device. Option D is wrong because P2V conversion with emulated USB relies on a virtualized USB controller that does not expose the physical PCIe USB controller card, so the application will not have the direct hardware access it needs to function correctly.

182
MCQmedium

A technician is tasked with deploying a virtual machine for a new employee. The VM will run a Linux distribution and needs to be isolated from the corporate network but still have internet access for updates. Which network configuration should the technician choose for the VM?

A.Bridged networking
B.NAT (Network Address Translation)
C.Host-only networking
D.Internal networking
AnswerB

NAT provides internet access through the host while keeping the VM isolated from the corporate network.

Why this answer

NAT (Network Address Translation) allows the VM to access the internet through the host's IP address while keeping the VM on a private subnet, effectively isolating it from the corporate network. The host acts as a router, translating the VM's private IP to the host's external IP for outbound traffic, which meets the requirement of internet access for updates without direct corporate network connectivity.

Exam trap

A common misconception in CompTIA A+ scenarios is that internet access requires a direct network connection, leading candidates to choose bridged networking. However, they overlook the isolation requirement that NAT satisfies by hiding the VM behind the host's IP address.

How to eliminate wrong answers

Option A is wrong because bridged networking places the VM directly on the physical corporate network, giving it its own IP address from the same subnet as the host, which violates the isolation requirement. Option C is wrong because host-only networking creates a private network between the host and VM but does not provide internet access; it lacks a NAT gateway or routing to external networks. Option D is wrong because internal networking only allows communication between VMs on the same host, with no connectivity to the host or the internet, so updates cannot be downloaded.

183
MCQmedium

A small business owner reports that all their Microsoft Office documents are now encrypted with a '.crypt' extension and a ransom note demands payment in cryptocurrency. They have a backup from last week stored on an external drive that was disconnected after the backup. What is the best recovery strategy?

A.Pay the ransom to obtain the decryption key.
B.Restore the files from the disconnected external backup after removing the malware.
C.Run a decryptor tool downloaded from a random website.
D.Use System Restore to revert the system to a previous state.
AnswerB

An offline backup is immune to ransomware encryption; restoring it after cleaning the system recovers data safely.

Why this answer

Since the backup is offline and not encrypted, restoring from it is the safest and most reliable recovery method. Paying the ransom is discouraged as it funds criminals and may not work. The system should be cleaned of malware before restoration.

184
MCQmedium

A user reports that their virtual machine running on a Type 2 hypervisor is extremely slow, especially during disk operations. The host machine has 16 GB of RAM and an SSD, but the VM is configured with 2 GB of RAM and a 100 GB dynamically expanding virtual hard disk. What is the most likely cause of the performance issue?

A.The VM has insufficient RAM allocated.
B.The host is running out of physical memory.
C.The virtual hard disk type is dynamically expanding.
D.The VM is using an older version of the virtualization software.
AnswerC

Dynamically expanding disks grow on demand, causing fragmentation and slower I/O compared to fixed-size disks.

Why this answer

A dynamically expanding virtual hard disk grows in size as data is written, but it does not pre-allocate the full 100 GB. This causes significant overhead because every write operation requires the hypervisor to update the disk's metadata and expand the underlying file, leading to poor I/O performance, especially on a Type 2 hypervisor where the host OS manages the file system. The SSD helps, but the dynamic expansion still introduces latency that a fixed-size VHD would avoid.

Exam trap

CompTIA A+ often tests the misconception that RAM or host memory is the primary cause of VM slowness, but the specific symptom of slow disk operations points directly to the virtual hard disk type, not memory allocation.

How to eliminate wrong answers

Option A is wrong because 2 GB of RAM is sufficient for many lightweight guest OS workloads, and insufficient RAM would cause swapping or out-of-memory errors, not specifically slow disk operations. Option B is wrong because the host has 16 GB of RAM, and the VM only uses 2 GB, leaving ample physical memory for the host and other processes; running out of memory would manifest as system-wide slowdowns, not isolated disk I/O slowness. Option D is wrong because an older version of virtualization software might lack features or have bugs, but the described symptom—slow disk operations with a dynamically expanding disk—is a well-known characteristic of the disk type itself, not the software version.

185
MCQeasy

A small office is decommissioning several SSDs from old laptops. The technician needs to ensure data is destroyed securely and the drives can be resold. Which method is most appropriate?

A.Run a multi-pass overwrite with random data.
B.Use the ATA Secure Erase command.
C.Degauss the SSDs to remove magnetic data.
D.Perform a standard delete and empty the recycle bin.
AnswerB

ATA Secure Erase clears all flash cells to an unprogrammed state, ensuring data is gone and the SSD is reusable.

Why this answer

The ATA Secure Erase command is the most appropriate method because it is specifically designed for SSDs, issuing a secure erase command at the firmware level that resets all cells to their unprogrammed state, effectively destroying all data in seconds. This method is reliable, fast, and does not wear out the NAND flash cells like multi-pass overwrites would, making it ideal for decommissioning and reselling SSDs.

Exam trap

CompTIA often tests the misconception that degaussing works on all storage media or that multi-pass overwrites are universally secure, when in fact SSDs require a different approach due to their NAND flash architecture and wear-leveling algorithms.

How to eliminate wrong answers

Option A is wrong because multi-pass overwrites are ineffective on SSDs due to wear leveling and the inability to target specific logical blocks; the drive's controller may remap writes to different physical cells, leaving original data intact. Option C is wrong because degaussing uses a strong magnetic field to erase data on magnetic media (HDDs), but SSDs store data electronically in NAND flash cells and are not affected by magnetic fields, so degaussing would not destroy the data and could damage the drive's controller. Option D is wrong because a standard delete and emptying the recycle bin only removes file system pointers, leaving the actual data recoverable with simple software tools, which is not secure destruction.

186
MCQmedium

A user reports that their Windows 11 laptop suddenly shows a blue screen with an error message every time they try to boot. You need to access advanced troubleshooting options to repair the system. Which key should you press during startup to access the Windows Recovery Environment (WinRE)?

A.F8
B.F11
C.F2
D.F12
AnswerB

F11 is the common key to access the Windows Recovery Environment on many modern systems, providing repair options.

Why this answer

Option B is correct because pressing F11 during the Windows 11 boot process is the standard key to access the Windows Recovery Environment (WinRE) on most modern systems. WinRE provides advanced troubleshooting tools such as System Restore, Startup Repair, Command Prompt, and Safe Mode, which are essential for repairing a system that fails to boot due to a blue screen error.

Exam trap

The trap here is that candidates often confuse the F8 key (used in legacy Windows) with the modern F11 key for WinRE, or they mistakenly think F2 or F12 are used for recovery instead of firmware or boot menu access.

How to eliminate wrong answers

Option A is wrong because F8 was used in older Windows versions (e.g., Windows 7) to access the Advanced Boot Options menu, but in Windows 11, the F8 key is disabled by default for faster boot times and is not the standard key to access WinRE. Option C is wrong because F2 typically enters the system BIOS or UEFI firmware settings, not the Windows Recovery Environment. Option D is wrong because F12 usually opens the one-time boot menu for selecting a boot device (e.g., USB or DVD), not WinRE.

187
MCQhard

A company requires that all remote access sessions be recorded for compliance purposes. The current VPN solution does not support session recording. Which of the following additional technologies can be integrated to capture and store remote desktop sessions?

A.Implement a Remote Desktop Gateway with session recording software
B.Use SSH tunneling for all remote access
C.Configure the VPN to use PPTP instead of L2TP
D.Deploy a VNC server on each remote workstation
AnswerA

RD Gateway can be used to securely publish RDP applications and desktops, and third-party software can record all sessions for compliance.

Why this answer

A Remote Desktop Gateway (RD Gateway) can be configured to broker and log RDP sessions, and when combined with a session recording solution, it can capture all activity. VPN alone does not provide session recording, and other methods like VNC or SSH typically lack built-in recording features.

188
MCQeasy

A user is setting up a new Android tablet for a child and wants to restrict access to adult content, limit app purchases, and set screen time limits. Which built-in Android feature should the technician configure?

A.Guest Mode
B.Google Family Link
C.Do Not Disturb
D.Developer Options
AnswerB

Family Link is designed specifically for parental controls, offering content restrictions, purchase approvals, and usage limits.

Why this answer

Google Family Link is the built-in Android parental control feature that allows a technician to restrict adult content via SafeSearch filtering, limit app purchases by requiring parental approval, and set screen time limits through daily usage schedules. It operates by linking the child's device to a parent's Google account, enabling remote management of digital ground rules without third-party software.

Exam trap

CompTIA A+ often tests the distinction between general user modes (Guest Mode) and dedicated parental control features (Family Link), leading candidates to mistakenly choose Guest Mode because they confuse temporary user isolation with content and time restrictions.

How to eliminate wrong answers

Option A is wrong because Guest Mode provides a temporary user session with no access to the primary user's apps or data, but it does not include any content filtering, purchase restrictions, or screen time controls. Option C is wrong because Do Not Disturb only silences notifications and calls; it cannot block adult content, limit app purchases, or enforce screen time limits. Option D is wrong because Developer Options are intended for app development and debugging (e.g., USB debugging, GPU rendering) and offer no parental control or content restriction capabilities.

189
MCQeasy

A graphic designer needs to create a bootable macOS installer on an external SSD to deploy macOS Sonoma to multiple iMacs in the office. They have the 'Install macOS Sonoma.app' file. Which built-in macOS tool should they use to create the bootable drive?

A.Disk Utility to restore the .app file to the SSD.
B.System Information to verify the SSD is bootable.
C.Terminal with the 'createinstallmedia' command.
D.Migration Assistant to copy the app to the SSD.
AnswerC

This is the correct built-in tool. The command syntax is 'sudo /Applications/Install macOS Sonoma.app/Contents/Resources/createinstallmedia --volume /Volumes/MyVolume'. It creates a bootable installer.

Why this answer

The correct tool is Terminal with the 'createinstallmedia' command because it is the built-in macOS utility specifically designed to create a bootable installer from the 'Install macOS Sonoma.app' file. This command writes the necessary boot files and installer data to the target volume, ensuring the external SSD can boot and install macOS on multiple iMacs.

Exam trap

The trap here is that candidates may think Disk Utility can create a bootable installer by simply restoring the .app file, but Disk Utility cannot interpret an application bundle as a bootable source; only the 'createinstallmedia' command properly writes the installer's bootable structure.

How to eliminate wrong answers

Option A is wrong because Disk Utility cannot restore a .app file to create a bootable installer; it is used for formatting, partitioning, and restoring disk images, not for creating bootable macOS installers. Option B is wrong because System Information only reports hardware and software details, such as whether a drive is connected or its partition scheme, but it cannot create a bootable installer. Option D is wrong because Migration Assistant is designed to transfer user data, applications, and settings from one Mac to another, not to create bootable installer media.

190
MCQmedium

A technician is configuring a new server and follows a documented standard operating procedure (SOP). After completion, the technician realizes the SOP is outdated and omits a critical security setting. What should the technician do?

A.Apply the missing setting and update the SOP to include it.
B.Ignore the missing setting since the SOP was followed.
C.Submit a change request to update the SOP without applying the setting.
D.Revert the server configuration and wait for an updated SOP.
AnswerA

Applying the missing setting corrects the security issue, and updating the SOP ensures the documentation is accurate for future use.

Why this answer

Option A is correct because the technician discovered a security gap in the SOP that could leave the server vulnerable. The proper action is to immediately apply the missing critical security setting to protect the server, then update the SOP to reflect the correct procedure. This aligns with change management best practices where security findings take precedence over outdated documentation, and the SOP must be corrected to prevent future misconfigurations.

Exam trap

The trap here is that candidates may think following the SOP exactly is always correct, but CompTIA A+ tests the principle that security and risk mitigation override strict adherence to outdated documentation when a known vulnerability is identified.

How to eliminate wrong answers

Option B is wrong because ignoring a known security omission violates the principle of due diligence and could expose the server to exploitation; following an outdated SOP does not excuse the technician from applying necessary security controls. Option C is wrong because submitting a change request to update the SOP without applying the setting leaves the server in an insecure state during the approval process, which is unacceptable for critical security configurations. Option D is wrong because reverting the server and waiting for an updated SOP introduces unnecessary downtime and delays, while the technician already knows the correct setting and can apply it immediately to secure the server.

191
MCQeasy

A user is traveling and needs to access a file on their office computer. They have a dynamic IP address at the hotel. Which remote access technology should the technician recommend for a secure connection?

A.Configure a direct RDP connection using the user's home IP address.
B.Set up a Virtual Private Network (VPN) client on the user's laptop to connect to the office network.
C.Use a remote desktop gateway that requires a static IP on the user's end.
D.Email the file to the user as an attachment.
AnswerB

A VPN client works with any internet connection, regardless of IP address, and provides encrypted access to the office network.

Why this answer

Option B is correct because a VPN client creates an encrypted tunnel between the user's laptop and the office network, allowing secure access to files regardless of the user's dynamic IP address. VPNs authenticate the user and encrypt all traffic, protecting data over untrusted networks like hotel Wi-Fi.

Exam trap

CompTIA often tests the misconception that remote access requires a static IP or that direct RDP is acceptable, but the key is that a VPN handles dynamic IPs and provides encryption, which is essential for secure remote access over public networks.

How to eliminate wrong answers

Option A is wrong because a direct RDP connection using the user's home IP address is irrelevant—the user is at a hotel with a dynamic IP, not at home, and RDP directly exposed to the internet is insecure and not recommended. Option C is wrong because a remote desktop gateway does not require a static IP on the user's end; it typically uses a gateway server that accepts connections from any IP, but the statement incorrectly implies a static IP is mandatory. Option D is wrong because emailing the file as an attachment is not a remote access technology and poses security risks (e.g., interception, lack of encryption in transit) and does not provide ongoing access to the office computer.

192
MCQeasy

A user reports that their Windows 10 computer is displaying a message that 'Windows Defender Antivirus is turned off' even though they have not disabled it. They have also noticed that they cannot open the Windows Security app. What is the most likely cause?

A.Windows Defender is disabled via Group Policy
B.The computer is infected with malware
C.Windows needs a critical update
D.User Account Control is blocking the app
AnswerB

Malware often disables security software and blocks access to security tools to prevent removal.

Why this answer

When a user sees 'Windows Defender Antivirus is turned off' and cannot open the Windows Security app, the most likely cause is malware that has disabled the antivirus and blocked access to security settings to prevent removal. Malware often modifies registry keys or terminates Windows Defender services (e.g., WinDefend) to evade detection, and it may also corrupt or block the Windows Security Center UI (SecurityHealthService.exe). This is a common symptom of ransomware or trojans that specifically target Windows Defender.

Exam trap

Candidates may incorrectly attribute this to Group Policy (Option A) because the symptom resembles a managed environment, but malware can achieve the same effect locally. The inability to open the Windows Security app is a key differentiator that points to infection rather than policy.

How to eliminate wrong answers

Option A is wrong because Group Policy disabling Windows Defender would typically prevent it from running, but the user would still be able to open the Windows Security app (it would show a 'managed by your organization' message). Option C is wrong because a critical update might cause temporary issues, but it would not independently disable Defender and block the Security app; updates do not intentionally break security features. Option D is wrong because User Account Control (UAC) prompts for elevation but does not block the Windows Security app from launching; if UAC were the issue, the user would see a prompt, not a complete inability to open the app.

193
MCQeasy

A user working from home reports that they can no longer connect to the company's internal file server using Remote Desktop. They confirm their internet connection is working. Which remote access technology should the technician verify is still active on the user's VPN client?

A.SSH tunnel
B.Remote Desktop Gateway
C.VPN connection
D.VNC server
AnswerC

A VPN connection provides encrypted access to the corporate network, which is necessary before RDP can reach internal resources.

Why this answer

The user's internet connection is working, but they cannot reach the internal file server via Remote Desktop. This indicates the VPN tunnel, which provides encrypted access to the internal network, has likely dropped or is misconfigured. Without an active VPN connection, the user's client cannot route traffic to the private IP range of the file server, even though general internet access is available.

Exam trap

CompTIA often tests the misconception that Remote Desktop Gateway (RD Gateway) is a VPN client technology, when in fact it is a separate role that proxies RDP connections over HTTPS and does not provide full network-layer access like a VPN tunnel does.

How to eliminate wrong answers

Option A is wrong because an SSH tunnel is a port-forwarding mechanism typically used for secure shell access or specific TCP port forwarding, not for establishing a full network-layer connection to an internal corporate network; it would not be the primary technology verified on a VPN client. Option B is wrong because Remote Desktop Gateway (RD Gateway) is a role service that allows RDP connections over HTTPS from the internet, but it is not a VPN client technology; the question specifically asks about verifying a technology on the user's VPN client. Option D is wrong because a VNC server is a remote desktop sharing protocol that operates over a direct network connection or VPN, but it is not a VPN client technology itself; verifying a VNC server would not restore network-layer access to the internal file server.

194
MCQhard

A Windows 10 workstation is experiencing random blue screen errors with the stop code 'IRQL_NOT_LESS_OR_EQUAL'. You suspect a faulty driver. You need to analyze the memory dump files to identify the offending driver. Which built-in tool should you use to view the dump file?

A.Event Viewer (eventvwr.msc) – filter by System logs with level 'Error'.
B.Performance Monitor (perfmon.msc) – add a Data Collector Set for crash dumps.
C.Windows Memory Diagnostic (mdsched.exe) – run a memory test.
D.Windows Debugging Tools (WinDbg) – open the .dmp file.
AnswerD

WinDbg is designed to debug crash dumps and can identify the driver causing the stop error.

Why this answer

WinDbg (Windows Debugging Tools) is the correct built-in tool for analyzing memory dump (.dmp) files. It can parse crash dump data and identify the specific driver or module that caused the IRQL_NOT_LESS_OR_EQUAL stop code by examining the stack trace and loaded module list. This is the standard approach for post-mortem debugging of blue screen errors.

Exam trap

CompTIA often tests the distinction between tools that record crash events (Event Viewer) versus tools that analyze the actual dump data (WinDbg), leading candidates to mistakenly choose Event Viewer because they see 'Error' logs related to the crash.

How to eliminate wrong answers

Option A is wrong because Event Viewer logs system events and errors but does not parse or display the contents of memory dump files; it only records that a crash occurred. Option B is wrong because Performance Monitor tracks real-time performance counters and historical data via Data Collector Sets, but it cannot open or analyze .dmp crash dump files. Option C is wrong because Windows Memory Diagnostic (mdsched.exe) tests physical RAM for hardware faults and does not analyze existing dump files; it is used to rule out memory issues, not to identify a faulty driver from a crash dump.

195
MCQmedium

During a security incident, you need to identify which processes are listening on specific network ports on a Windows server. Which command-line tool should you use?

A.nslookup
B.tracert
C.netstat -an
D.ipconfig /all
AnswerC

Correct. netstat -an displays all active connections and listening ports with numerical addresses, helping identify suspicious services.

Why this answer

The `netstat -an` command displays all active TCP connections and the TCP/UDP ports on which the computer is listening, with numerical addresses and port numbers. This makes it the correct tool to identify which processes are listening on specific network ports during a security incident on a Windows server.

Exam trap

CompTIA often tests the distinction between commands that show network configuration (ipconfig) versus those that show active connections and listening ports (netstat), leading candidates to confuse ipconfig /all as a tool for port enumeration.

How to eliminate wrong answers

Option A is wrong because `nslookup` is a DNS query tool used to resolve domain names to IP addresses, not to display listening ports or network connections. Option B is wrong because `tracert` (trace route) is used to determine the path packets take to a destination, showing hop-by-hop latency, not local port listening states. Option D is wrong because `ipconfig /all` displays detailed TCP/IP configuration for all network adapters, such as IP addresses, subnet masks, and DNS servers, but does not show listening ports or active connections.

196
MCQhard

A technician is troubleshooting a network switch that has stopped working. Upon arrival, the technician notices a strong smell of burnt plastic and sees that the power cable is melted near the connector. What is the most appropriate safety action?

A.Unplug the power cable from the switch.
B.Turn off the circuit breaker supplying the outlet.
C.Replace the power cable with a new one.
D.Spray the cable with a Class C fire extinguisher.
AnswerB

This safely disconnects power without the technician touching the damaged cable.

Why this answer

The strong smell of burnt plastic and melted power cable indicate an electrical fault that could cause a fire or electric shock. Turning off the circuit breaker (Option B) is the most appropriate safety action because it disconnects power at the source, eliminating the risk of arcing or electrocution before any physical contact is made with the damaged equipment.

Exam trap

CompTIA often tests the misconception that unplugging the cable (Option A) is the fastest safe action, but the trap is that touching a melted or damaged connector while the circuit is live can cause electrocution or arc flash, making breaker isolation the correct first step.

How to eliminate wrong answers

Option A is wrong because unplugging the cable from the switch could expose the technician to arcing, electric shock, or burns if the connector is already damaged or shorted. Option C is wrong because replacing the cable without first de-energizing the circuit could cause a short circuit or fire if the outlet or switch power supply is still live. Option D is wrong because a Class C fire extinguisher is designed for electrical fires, but spraying a melted cable that is still energized may not address the underlying electrical hazard and could delay proper de-energization.

197
MCQmedium

A technician is troubleshooting an Android tablet that cannot connect to a corporate Wi-Fi network. Other devices connect fine. The tablet shows 'Saved, secured' but no IP address. What is the most likely cause?

A.The Wi-Fi adapter is faulty.
B.The tablet has a static IP address configured that conflicts with the network.
C.The corporate network requires a VPN profile that is missing.
D.The tablet's MAC address is blocked by the router.
AnswerB

A static IP set incorrectly can prevent DHCP from assigning an address, leading to no IP and connection failure.

Why this answer

The tablet shows 'Saved, secured' but has no IP address, indicating it successfully associated and authenticated with the Wi-Fi network but failed to obtain an IP address via DHCP. A static IP configuration that conflicts with the network's DHCP scope or subnet prevents the device from receiving a valid lease, causing the IP assignment failure while other devices using DHCP connect normally.

Exam trap

CompTIA often tests the distinction between Layer 2 (association/authentication) and Layer 3 (IP assignment) failures, and the trap here is that candidates assume 'Saved, secured' means full connectivity, overlooking that a static IP can cause a Layer 3 issue without any Layer 2 errors.

How to eliminate wrong answers

Option A is wrong because a faulty Wi-Fi adapter would typically prevent association or show 'Saved, secured' at all, and the tablet would likely not see the network or would fail during authentication. Option C is wrong because a missing VPN profile would not prevent IP address assignment; VPNs operate at a higher layer after a network connection is established, and the tablet would still get an IP address from DHCP. Option D is wrong because a MAC address block by the router would prevent association or authentication, resulting in a 'Saved' or 'Authentication error' status, not 'Saved, secured' with no IP address.

198
MCQhard

A user's Windows 10 laptop is experiencing random restarts, especially under heavy load like gaming or video rendering. The Event Viewer shows multiple 'Kernel-Power 41' critical errors. The CPU temperature is normal, and the power supply is functioning. Which component is most likely causing the issue?

A.The RAM is faulty.
B.The graphics card is overheating.
C.The motherboard is failing.
D.The Windows installation is corrupt.
AnswerC

A failing motherboard can cause unstable power delivery to components, leading to random restarts under load, which matches the Kernel-Power 41 errors and the symptom pattern.

Why this answer

Kernel-Power 41 errors indicate unexpected shutdowns or restarts. Under heavy load, a failing power supply (even if it appears to function) can cause voltage drops that trigger restarts. However, if the PSU is ruled out, the most likely culprit is the motherboard, as it regulates power delivery to components and can cause instability under load.

199
MCQmedium

A technician is helping a customer configure a new laptop. The customer mentions they received a pop-up on their old computer warning of a virus and a phone number to call for support. The customer called the number and gave remote access to a 'technician' who then installed several programs. What social engineering attack occurred?

A.Shoulder surfing
B.Phishing
C.Tech support scam
D.Dumpster diving
AnswerC

Tech support scams specifically use fake alerts and phone calls to trick users into granting remote access.

Why this answer

This is a classic tech support scam, a form of social engineering where attackers use fake virus warnings to gain remote access. The pop-up is designed to scare the user into calling a fraudulent support number. Once access is granted, the attacker can install malware or steal data.

200
MCQmedium

A customer complains that their Windows 11 laptop cannot connect to the internet, but other devices on the same network work fine. You suspect the IP configuration is incorrect. Which command will release and renew the IP address from the DHCP server?

A.ipconfig /flushdns
B.ipconfig /release then ipconfig /renew
C.ipconfig /all
D.ping 127.0.0.1
AnswerB

This sequence releases the current IP and obtains a new one from DHCP, directly addressing the connectivity issue.

Why this answer

The `ipconfig /release` command releases the current DHCP lease, setting the IP address to 0.0.0.0, and `ipconfig /renew` sends a DHCPDISCOVER broadcast to obtain a new IP configuration from the DHCP server. This is the correct sequence to resolve an incorrect IP configuration that prevents a Windows 11 client from connecting to the internet while other devices work fine.

Exam trap

The exam often tests the exact two-step sequence of `ipconfig /release` then `ipconfig /renew` as a required troubleshooting procedure, and the trap is that candidates may think a single command like `ipconfig /renew` alone is sufficient, or confuse it with other `ipconfig` subcommands like `/flushdns` or `/all`.

How to eliminate wrong answers

Option A is wrong because `ipconfig /flushdns` clears the DNS resolver cache, which resolves hostname-to-IP resolution issues, not IP address configuration problems. Option C is wrong because `ipconfig /all` displays current IP configuration details but does not change or renew the IP address. Option D is wrong because `ping 127.0.0.1` tests the local TCP/IP stack loopback interface and verifies that the protocol is installed, but it does not release or renew the IP address from DHCP.

201
MCQmedium

A company requires that all sensitive data be encrypted when stored on laptops. Which technology should be implemented to ensure data is protected even if a laptop is stolen?

A.File-level encryption using EFS
B.BitLocker Drive Encryption
C.TPM chip only
D.Secure Boot
AnswerB

BitLocker provides full disk encryption, protecting all data on the drive, which is ideal for stolen laptops.

Why this answer

BitLocker Drive Encryption provides full-volume encryption that protects all data on the system drive, including the operating system, applications, and user files. Even if a laptop is stolen and the hard drive is removed, the data remains inaccessible without the correct recovery key or authentication credentials, ensuring compliance with data protection requirements.

Exam trap

The trap here is that candidates often confuse file-level encryption (EFS) with full-disk encryption, mistakenly believing that encrypting individual files provides sufficient protection for an entire stolen laptop, when in fact EFS leaves system files, temporary files, and the pagefile unencrypted and vulnerable.

How to eliminate wrong answers

Option A is wrong because file-level encryption using EFS (Encrypting File System) only encrypts individual files or folders and relies on the user's profile and certificate, which can be bypassed if an attacker gains administrative access or extracts the decryption keys from the operating system. Option C is wrong because a TPM chip alone does not encrypt data; it is a hardware component that stores cryptographic keys and can be used with BitLocker to enhance security, but without full-disk encryption software, the data on the drive remains unencrypted and readable. Option D is wrong because Secure Boot is a UEFI feature that verifies the integrity of the boot process to prevent unauthorized operating systems or malware from loading, but it does not encrypt any data on the storage device.

202
MCQmedium

A technician is decommissioning a server that contained highly sensitive financial data. The server has multiple HDDs in a RAID array. The company policy requires data destruction to be certified. Which approach is most efficient and secure?

A.Perform a single overwrite on the RAID logical volume.
B.Remove each drive and wipe them individually using a secure erase tool.
C.Degauss the entire server chassis.
D.Reformat the RAID array and reinstall the OS.
AnswerB

Wiping each drive individually ensures all physical sectors are overwritten, regardless of RAID configuration.

Why this answer

Option B is correct because secure erase tools (e.g., ATA Secure Erase) perform a cryptographic or full overwrite at the drive firmware level, ensuring each HDD is individually sanitized and can be certified. In a RAID array, the controller may cache or stripe data, so wiping the logical volume (Option A) or reformatting (Option D) does not guarantee all physical sectors on every drive are overwritten, leaving residual data recoverable. Degaussing (Option C) destroys the drives' magnetic media but is impractical for a full chassis and may not provide certified destruction for mixed media.

Exam trap

CompTIA often tests the misconception that wiping a RAID logical volume is equivalent to wiping each physical drive, but the trap is that RAID controllers abstract the physical layout, so logical operations may miss hidden or spare sectors on individual HDDs.

How to eliminate wrong answers

Option A is wrong because a single overwrite on the RAID logical volume only targets the logical block addresses presented by the RAID controller, not the physical sectors on each drive; RAID striping and spare sectors can leave data intact on individual HDDs. Option C is wrong because degaussing the entire server chassis is not feasible—degaussers require close proximity to each drive's platters, and the chassis itself may contain non-magnetic components (e.g., SSDs) that are not affected, plus it does not provide a verifiable certificate for each drive. Option D is wrong because reformatting the RAID array and reinstalling the OS only overwrites file system metadata and a small portion of the data area, leaving the vast majority of financial data recoverable with forensic tools.

203
MCQeasy

A user reports that after a recent Windows update, their standard user account can no longer install certain applications that previously installed without issue. The update changed the default User Account Control (UAC) behavior. Which UAC setting would most likely restore the previous behavior while still prompting for consent?

A.Always notify me (dim my desktop)
B.Notify me only when apps try to make changes to my computer (do not dim my desktop)
C.Notify me only when apps try to make changes to my computer (dim my desktop)
D.Never notify me
AnswerB

This is the default setting for standard users and allows prompts without the secure desktop, which matches the described previous behavior.

Why this answer

The default UAC behavior in Windows is 'Notify me only when apps try to make changes to my computer (dim my desktop)' — this prompts for consent when an app requests administrative privileges, but does not prompt for standard user account changes that are handled by the system. The update changed the behavior to a more restrictive setting, likely 'Always notify me (dim my desktop)', which prompts for any system change, including those that previously installed without issue. Option B, 'Notify me only when apps try to make changes to my computer (do not dim my desktop)', restores the previous behavior by prompting for consent only when an app attempts to make a change, but without dimming the desktop, which is a less intrusive prompt that still maintains security.

Exam trap

CompTIA often tests the distinction between the 'dim my desktop' and 'do not dim my desktop' variants of the same notification level, where candidates mistakenly think the dimming behavior is tied to the notification frequency rather than the Secure Desktop switch.

How to eliminate wrong answers

Option A is wrong because 'Always notify me (dim my desktop)' is the most restrictive UAC setting, prompting for any change to Windows settings or app installations, which would cause the exact issue the user is experiencing — it does not restore the previous behavior. Option C is wrong because 'Notify me only when apps try to make changes to my computer (dim my desktop)' is the default UAC setting that dims the desktop, but the user's previous behavior was that apps installed without issue, implying the setting was less restrictive (do not dim), so this would still prompt for consent and dim the desktop, not restoring the exact previous behavior. Option D is wrong because 'Never notify me' disables UAC entirely, which would allow any app to install without prompting, but this removes all security prompts and is not a recommended practice — it also does not 'prompt for consent' as the question requires.

204
MCQhard

During a security audit, a technician discovers that a company Android device has an app that can read SMS messages and access contacts without the user's knowledge. The app was sideloaded. What built-in Android security feature could have prevented this?

A.Samsung Knox
B.Google Play Protect
C.Android Device Manager
D.Verified Boot
AnswerB

Play Protect continuously scans apps, including sideloaded ones, and can alert users to suspicious permission requests.

Why this answer

Google Play Protect is the correct answer because it is Android's built-in security feature that scans apps for malicious behavior, including those sideloaded from outside the Play Store. It can block or warn about apps that request excessive permissions like reading SMS and accessing contacts without user knowledge. This feature would have prevented the malicious app from being installed or alerted the user before installation.

Exam trap

In this question, the trap is to think that any security feature like Verified Boot or Android Device Manager would prevent sideloading. However, only Play Protect actively scans apps for suspicious behavior and excessive permissions, regardless of installation source.

How to eliminate wrong answers

Option A is wrong because Samsung Knox is a hardware-backed security platform for enterprise devices that provides containerization and secure boot, but it does not scan sideloaded apps for malicious behavior. Option C is wrong because Android Device Manager (now Find My Device) is a remote tracking, locking, and wiping tool, not an app-scanning or permission-control feature. Option D is wrong because Verified Boot ensures the integrity of the system partition at startup by checking cryptographic signatures, but it does not inspect or block sideloaded apps after the device has booted.

205
MCQmedium

A user calls the help desk because their Windows 10 PC is not showing any sound icon in the system tray, and audio is not working. You suspect the audio service is disabled. Which Control Panel applet would you use to check and restart the Windows Audio service?

A.Sound
B.Device Manager
C.Administrative Tools
D.System
AnswerC

Administrative Tools contains shortcuts to Services, Event Viewer, and other system management consoles.

Why this answer

The Windows Audio service is a background service that must be running for audio to function. The Administrative Tools applet provides access to the Services console (services.msc), where you can check the status of the Windows Audio service and restart it if it is disabled or stopped. This is the correct tool because the Sound applet only configures playback devices and volume, not service states.

Exam trap

CompTIA often tests the misconception that the Sound applet or Device Manager can manage services, but only Administrative Tools (or directly running services.msc) allows you to check and restart the Windows Audio service.

How to eliminate wrong answers

Option A is wrong because the Sound applet is used to manage playback devices, recording devices, and system sounds, but it does not provide any interface to view or control Windows services. Option B is wrong because Device Manager is used to manage hardware drivers and devices, not to start or stop system services like Windows Audio. Option D is wrong because the System applet displays basic system information, such as OS version and hardware specs, and does not include service management capabilities.

206
MCQeasy

A software deployment script fails because it cannot write to the /opt/app directory. The directory currently has permissions drwxr-xr-x and is owned by root. The script runs as a non-root user. Which command would allow the script to write files without compromising security more than necessary?

A.chmod o+w /opt/app
B.chmod 777 /opt/app
C.chown user:user /opt/app
D.chmod g+w /opt/app
AnswerA

This adds write permission for others, allowing the non-root script to write while keeping group permissions unchanged.

Why this answer

The correct answer is A because chmod o+w /opt/app adds write permission for 'others' (the non-root user), which is the minimal change needed. The script runs as a non-root user, so this grants write access without affecting group permissions.

207
MCQmedium

A technician is configuring a new workstation for a user who is blind and uses a screen reader. The user requests that all software be installed with accessibility features enabled. During the setup, the technician encounters an error that requires a command-line fix. What is the most professional approach?

A.Perform the command-line fix silently and inform the user later that everything is working.
B.Explain that a command-line step is needed, ask if they are comfortable with that, and offer to complete it while describing the process.
C.Ask the user to watch the screen and guide you through the command-line steps.
D.Skip the accessibility features to avoid the error, since the screen reader works anyway.
AnswerB

This shows respect by informing the user and offering assistance, aligning with professional and inclusive communication practices.

Why this answer

Option B is correct because it respects the user's disability by seeking their consent and providing an accessible description of the command-line process, aligning with both professional communication and the requirement to maintain accessibility. The technician demonstrates empathy and collaboration, ensuring the user remains informed and in control of their workstation setup.

Exam trap

The trap here is that candidates may assume technical proficiency overrides user consent, or they may fail to adapt communication methods for users with disabilities, leading them to choose option A or C instead of the collaborative approach in B.

How to eliminate wrong answers

Option A is wrong because performing the fix silently violates professional ethics by withholding information from the user, especially one who relies on assistive technology and may need to understand the change for future troubleshooting. Option C is wrong because asking a blind user to watch the screen is insensitive and impractical, as screen readers provide auditory output, not visual guidance; this option shows a lack of understanding of accessibility needs. Option D is wrong because skipping accessibility features to avoid an error undermines the user's explicit request and could leave the system non-compliant with accessibility standards, potentially causing issues with the screen reader's functionality.

208
MCQmedium

During a security audit, a technician discovers that a small office's wireless router is still using WPA-TKIP. The office has 20 devices, including some older smartphones that cannot support WPA2. What should the technician recommend to improve security without replacing all devices?

A.Keep WPA-TKIP but enable MAC address filtering to block unauthorized devices.
B.Upgrade the router to support WPA2 and configure it to use WPA2-PSK with AES encryption.
C.Change the SSID to something non-descript and disable SSID broadcast.
D.Switch to WPA3 and set up a separate guest network for older devices.
AnswerA

Correct. MAC address filtering adds a basic access control layer that is not present with WPA-TKIP alone, and it does not require replacing devices. Although it is weak, it is the only option that improves security without breaking connectivity for the older smartphones.

Why this answer

In this scenario, the older smartphones cannot support WPA2, so upgrading to WPA2-PSK (option B) would break connectivity for those devices. Option A (keeping WPA-TKIP but enabling MAC address filtering) is the only choice that maintains connectivity for all devices without replacement. While MAC filtering is a weak security measure that can be bypassed by MAC spoofing, it does add a layer of access control that was not present before.

This is a minimal improvement, and the technician should plan to replace the older devices or isolate them on a separate network as soon as feasible. Options C and D do not solve the core encryption weakness and either fail to improve security or would also break connectivity.

Exam trap

A common trap is to assume that upgrading to WPA2 is always an option, but the question explicitly states that older devices cannot support it. The candidate must carefully read the scenario and recognize that MAC filtering, while weak, is the only option that does not disrupt connectivity.

How to eliminate wrong answers

Option A is wrong because MAC address filtering can be trivially bypassed by sniffing allowed MAC addresses from the air and spoofing them, and it does nothing to fix the broken TKIP encryption. Option C is wrong because hiding the SSID and using a non-descript name provides no real security—the SSID is still broadcast in probe requests and can be discovered with tools like Kismet or Wireshark, and it does not address the weak TKIP encryption. Option D is wrong because WPA3 is not backward-compatible with devices that cannot even support WPA2; older smartphones that lack WPA2 support will not have the hardware or drivers for WPA3, so this would either fail to connect or require device replacement, which the question explicitly rules out.

209
MCQmedium

During a security incident, a technician discovers that a user's computer has a program that hides its processes from Task Manager and allows an attacker to remotely control the system. The technician suspects a rootkit. Which removal method is most effective for a rootkit?

A.Run a system restore to a point before the infection.
B.Use an antivirus boot disk to scan and remove the rootkit.
C.Reinstall the operating system from a trusted source.
D.Delete the rootkit's files manually in Safe Mode.
AnswerC

A clean installation ensures all traces of the rootkit are removed.

Why this answer

Option C is correct because rootkits operate at a deep level within the operating system, often hooking kernel-mode functions or modifying system files to hide their presence. Reinstalling the OS from a trusted source ensures that all rootkit components, including those embedded in the boot sector or kernel, are completely removed, as no residual malicious code remains. This method is the only guaranteed way to eliminate a rootkit that has compromised the system's integrity.

Exam trap

CompTIA A+ often tests the misconception that Safe Mode or boot-time scans are sufficient for rootkit removal, but the trap here is that rootkits operate at a lower level than these methods can reliably clean, making a full OS reinstall the only definitive solution.

How to eliminate wrong answers

Option A is wrong because System Restore does not remove rootkits; it only reverts system files and registry settings to a previous state, but rootkits often persist in the Master Boot Record (MBR) or kernel memory, which System Restore does not touch. Option B is wrong because while an antivirus boot disk can detect and remove many rootkits, sophisticated rootkits may employ techniques such as direct kernel object manipulation (DKOM) or fileless persistence that evade even boot-time scans, leaving remnants behind. Option D is wrong because manually deleting rootkit files in Safe Mode is ineffective, as rootkits often load before the Safe Mode boot process or hide their files and processes from standard file system enumeration, and they may have already modified critical system components that require a clean installation to restore.

210
MCQmedium

A company is upgrading its fleet of laptops and needs to securely erase data from the old hard drives before disposal. The drives are magnetic (HDDs). Which method is both environmentally sound and ensures data destruction?

A.Perform a quick format and then donate the drives.
B.Use a degausser to demagnetize the drives, then recycle them as e-waste.
C.Overwrite the drives with zeros once and then throw them in the trash.
D.Drill holes through the platters and then place them in the regular recycling bin.
AnswerB

Degaussing renders the data unrecoverable and the drives become scrap metal/plastic that can be recycled. This is a secure and environmentally responsible method.

Why this answer

Option B is correct because degaussing uses a strong magnetic field to randomize the magnetic domains on the platters, rendering all data unrecoverable. This method is environmentally sound as the drives can then be responsibly recycled as e-waste, avoiding landfill contamination.

Exam trap

The trap here is that candidates may think a single overwrite or physical destruction (drilling) is sufficient, but CompTIA A+ tests that degaussing is the only method among the options that both ensures complete data destruction on magnetic media and allows for environmentally responsible e-waste recycling.

How to eliminate wrong answers

Option A is wrong because a quick format only clears the file system index, leaving the actual data intact and recoverable with forensic tools; donating drives with residual data poses a security risk. Option C is wrong because a single overwrite with zeros is insufficient for modern HDDs with high areal density, as residual magnetism can still be recovered using specialized equipment (e.g., magnetic force microscopy), and throwing drives in the trash is environmentally harmful. Option D is wrong because drilling holes physically destroys the platters but does not guarantee complete data destruction (data may remain on undamaged sectors), and placing them in a regular recycling bin is not environmentally sound as HDDs contain hazardous materials that require specialized e-waste processing.

211
MCQmedium

A user calls the help desk because their Windows 10 laptop will not connect to any Wi-Fi network. The Wi-Fi adapter is enabled in Device Manager and shows no errors, but the network list is empty. Other devices connect fine. Which command should be run first to reset the network stack?

A.Run 'ipconfig /release' followed by 'ipconfig /renew'.
B.Run 'netsh winsock reset' from an elevated Command Prompt.
C.Run 'sfc /scannow' to check system files.
D.Run 'net start wlansvc' to start the WLAN AutoConfig service.
AnswerB

Winsock reset restores the network stack to default, fixing issues where no networks are visible.

Why this answer

The 'netsh winsock reset' command is the correct first step because it resets the Winsock catalog, which manages network I/O and API calls. When the Wi-Fi adapter shows no errors but the network list is empty, the issue is often a corrupted Winsock configuration rather than a driver or service failure. This command restores the Winsock stack to a clean state without requiring a reboot, making it the most direct fix for this specific symptom.

Exam trap

CompTIA often tests the distinction between resetting the network stack (Winsock) versus restarting a service or refreshing an IP lease, and the trap here is that candidates mistakenly choose 'ipconfig /renew' because they think the issue is DHCP-related, when the empty network list indicates a lower-level Winsock corruption.

How to eliminate wrong answers

Option A is wrong because 'ipconfig /release' and 'ipconfig /renew' only refresh DHCP leases and IP addresses; they do not reset the network stack or fix a corrupted Winsock catalog, and they require an active connection to a network, which the user lacks. Option C is wrong because 'sfc /scannow' checks and repairs system file integrity, not the network stack; while a corrupted system file could theoretically cause network issues, it is not the first-line diagnostic for an empty Wi-Fi list with a functional adapter. Option D is wrong because 'net start wlansvc' starts the WLAN AutoConfig service, but the scenario states the adapter is enabled and shows no errors, implying the service is already running; forcing a start would either fail or be redundant, and it does not address Winsock corruption.

212
MCQhard

A system administrator needs to add a new user 'jdoe' to the system and ensure that their home directory is created with restrictive permissions so that no other users can access it. Which command sequence achieves this?

A.useradd -m jdoe && chmod 700 /home/jdoe
B.useradd jdoe && chmod 755 /home/jdoe
C.adduser jdoe --private
D.useradd -m -g jdoe jdoe
AnswerA

This creates the user with a home directory and then sets the directory permissions to 700 (owner only), preventing others from accessing it.

Why this answer

Option A is correct because `useradd -m jdoe` creates the user and their home directory `/home/jdoe`, and `chmod 700 /home/jdoe` sets the directory permissions to `rwx------`, which grants full access only to the owner (jdoe) and denies all access to group and others. This meets the requirement of restrictive permissions so that no other users can access the home directory.

Exam trap

CompTIA often tests the distinction between creating a user with default permissions versus explicitly setting restrictive permissions, and the trap here is that candidates may assume `useradd -m` alone or a group-based option (like `-g`) automatically enforces privacy, when in fact the umask or default settings can leave the home directory accessible to others.

How to eliminate wrong answers

Option B is wrong because `chmod 755 /home/jdoe` sets permissions to `rwxr-xr-x`, which allows other users to read and execute (i.e., traverse) the home directory, violating the requirement for no other user access. Option C is wrong because `adduser jdoe --private` is not a valid command in standard Linux distributions; `adduser` is a Perl script that does not support a `--private` flag, and even if it did, it would not guarantee the specific restrictive permission of 700. Option D is wrong because `useradd -m -g jdoe jdoe` creates the user with a primary group named `jdoe` (which is typically the same as the username) but does not set any restrictive permissions on the home directory; the default umask (often 022) would result in permissions like 755, allowing other users access.

213
MCQhard

A technician is troubleshooting an Android device that is unable to connect to a corporate Wi-Fi network using WPA2-Enterprise with a username and password. The device connects successfully to other open Wi-Fi networks. Which Android setting should the technician check first to resolve the authentication failure?

A.Verify that the device's IP address is set to DHCP.
B.Check if a CA certificate is installed and selected in the Wi-Fi network's advanced settings.
C.Disable the proxy settings for that Wi-Fi network.
D.Configure a static MAC address on the device.
AnswerB

WPA2-Enterprise often requires a CA certificate to validate the server; if it is missing or not selected, the authentication will fail.

Why this answer

WPA2-Enterprise with username/password authentication typically requires a CA certificate to validate the RADIUS server's identity. Without a trusted CA certificate installed and selected in the Wi-Fi network's advanced security settings, the Android device will reject the connection attempt, even though the credentials are correct. This is the most common cause of authentication failure in enterprise Wi-Fi environments.

Exam trap

A common trap is that candidates think credential issues (wrong username/password) are the primary cause of WPA2-Enterprise failures, but the real issue is that Android requires explicit CA certificate selection for enterprise networks, unlike some other OSes that may use system certificates automatically.

How to eliminate wrong answers

Option A is wrong because DHCP vs. static IP addressing affects IP layer connectivity, not 802.1X/EAP authentication; the device can successfully obtain an IP address after authentication completes. Option C is wrong because proxy settings control application-layer traffic routing, not the underlying WPA2-Enterprise authentication handshake. Option D is wrong because configuring a static MAC address is unrelated to 802.1X certificate validation; MAC addresses are used for device identification, not for EAP-TLS or PEAP authentication.

214
MCQmedium

During a routine security audit, you find that several workstations have the same local administrator password. The company policy requires unique passwords for each machine. Which tool or method should you use to enforce unique local administrator passwords across the domain?

A.Use Group Policy to set a standard local admin password.
B.Enable BitLocker on each workstation.
C.Deploy Microsoft LAPS (Local Administrator Password Solution).
D.Disable the local administrator account on all workstations.
AnswerC

LAPS automatically manages unique local admin passwords and stores them securely in AD, meeting the policy requirement.

Why this answer

Microsoft LAPS (Local Administrator Password Solution) is the correct tool because it automatically manages local administrator passwords on domain-joined computers, storing them in Active Directory and rotating them to unique values per machine. This directly enforces the policy of unique local admin passwords without manual intervention, using the `AdmPwd` extension and Group Policy to configure password complexity and rotation intervals.

Exam trap

CompTIA often tests the misconception that Group Policy can enforce unique passwords, but candidates must remember that Group Policy applies the same setting to all objects in its scope, making it unsuitable for uniqueness; LAPS is the specific Microsoft solution designed for this exact requirement.

How to eliminate wrong answers

Option A is wrong because using Group Policy to set a standard local admin password would enforce the same password on all workstations, directly violating the requirement for unique passwords per machine. Option B is wrong because BitLocker is a full-disk encryption technology that protects data at rest, not a mechanism for managing or rotating local administrator passwords. Option D is wrong because disabling the local administrator account is a security hardening measure but does not address the requirement for unique passwords; it avoids the password uniqueness issue rather than solving it, and some applications or scenarios may require the local admin account to remain enabled.

215
MCQeasy

A user reports that their Android phone is running slowly and the battery drains quickly. They have many apps installed. Which built-in Android feature should you use to identify and stop a misbehaving app that is consuming excessive CPU and battery resources?

A.Use a third-party Task Killer app to automatically close background processes.
B.Check the Battery Usage menu in Settings to see which app is using the most power.
C.Perform a factory reset from the Recovery Mode menu.
D.Enable Developer Options and increase the background process limit.
AnswerB

The Battery Usage menu provides a detailed breakdown of power consumption by app and system services, enabling targeted troubleshooting.

Why this answer

The Battery Usage menu in Android Settings (found under Settings > Battery > Battery Usage) provides a detailed breakdown of power consumption by app and system components. It shows CPU, network, and sensor usage, allowing you to identify an app that is misbehaving by consuming excessive resources. From this menu, you can force stop the app, clear its cache, or uninstall it directly, which is the correct built-in approach for diagnosing and stopping a resource-hungry app without third-party tools or destructive resets.

Exam trap

CompTIA often tests the misconception that third-party task killers or developer options are appropriate troubleshooting tools, when in fact Android's built-in Battery Usage menu is the correct, non-destructive method to identify resource-hungry apps.

How to eliminate wrong answers

Option A is wrong because third-party Task Killer apps are unnecessary on modern Android (6.0+) and can actually worsen performance by killing apps that the system would otherwise manage efficiently, leading to increased CPU usage as apps restart. Option C is wrong because a factory reset is a drastic, data-destructive measure that should only be used as a last resort for systemic issues like malware or OS corruption, not for identifying a single misbehaving app. Option D is wrong because increasing the background process limit in Developer Options would allow more apps to run in the background, potentially worsening battery drain and slowdowns, rather than helping identify or stop the problematic app.

216
MCQeasy

After installing a new printer driver, a user's Windows 11 computer crashes with a blue screen error every time they try to print. The computer works fine otherwise. Which boot option should be used to restore functionality without affecting user data?

A.Boot into Safe Mode and uninstall the printer driver.
B.Use Last Known Good Configuration to revert driver changes.
C.Run System Restore from the recovery environment.
D.Perform a clean installation of Windows 11.
AnswerA

Safe Mode loads minimal drivers, allowing the technician to remove the faulty driver without the crash occurring.

Why this answer

The problem is caused by a faulty driver, and the safest way to recover is to boot into Safe Mode, which loads only essential drivers. From Safe Mode, the technician can uninstall the problematic printer driver. This tests understanding of Safe Mode as a troubleshooting environment for driver conflicts.

217
MCQmedium

A technician is troubleshooting an Android phone that cannot send or receive SMS messages, but can make and receive calls and use mobile data. The phone is on a corporate plan with a new SIM card. What is the most likely cause?

A.The phone's IMEI is blacklisted.
B.The SMS message center number is incorrect or missing.
C.The mobile data APN settings are incorrect.
D.The phone is in airplane mode.
AnswerB

The SMSC is required for SMS routing; if it's wrong, SMS will fail while other services work.

Why this answer

The SMS message center number (SMSC) is a required parameter stored on the SIM card or phone that tells the device where to route outgoing SMS messages for delivery. If this number is incorrect or missing, the phone cannot send or receive SMS, but voice calls and mobile data remain unaffected because they use separate signaling paths (CSFB for calls and packet-switched data for mobile data). A new SIM card may have a misconfigured or missing SMSC, which is the most likely cause given the symptom pattern.

Exam trap

CompTIA often tests the distinction between services that use the control plane (SMS, voice) versus the data plane (mobile data), leading candidates to incorrectly blame APN settings (Option C) when the issue is actually a missing SMSC number.

How to eliminate wrong answers

Option A is wrong because an IMEI blacklist blocks all cellular services (calls, SMS, data) on the network, not just SMS, and the phone can still make calls and use data. Option C is wrong because incorrect APN settings affect mobile data connectivity, not SMS; SMS uses the control channel (SS7 or SIP) and does not rely on APN configuration. Option D is wrong because airplane mode disables all radios, preventing calls, data, and SMS, which contradicts the symptom that calls and data work.

218
MCQhard

A security incident response team needs to find all files in /var/www that have the SUID bit set, which may indicate a privilege escalation risk. Which command should they use?

A.find /var/www -type f -perm 4000
B.find /var/www -type f -perm /4000
C.ls -la /var/www | grep '^...s'
D.chmod -R u+s /var/www
AnswerB

The /4000 syntax finds any file where the SUID bit is set, regardless of other permission bits.

Why this answer

Option B is correct because the `find` command with `-perm /4000` matches any file that has the SUID bit set (the 4000 octal permission), regardless of other permission bits. The `/` prefix tells `find` to match if any of the specified permission bits are set, which is the precise way to locate files with the SUID bit enabled. This command will recursively search `/var/www` for regular files (`-type f`) with the SUID bit, helping identify potential privilege escalation risks.

Exam trap

CompTIA often tests the distinction between `-perm 4000` (exact match) and `-perm /4000` (any match), where candidates mistakenly choose the exact match option, not realizing it will miss files with additional permission bits set.

How to eliminate wrong answers

Option A is wrong because `-perm 4000` matches files with exactly the permission 4000 (i.e., only the SUID bit set and no other bits), which would miss files that have the SUID bit set along with other permissions like 4755. Option C is wrong because `ls -la /var/www | grep '^...s'` only checks the first level of `/var/www` and does not search recursively, so it would miss files in subdirectories; also, the grep pattern is incorrect as it expects the SUID indicator in the owner execute position but does not account for other permission patterns. Option D is wrong because `chmod -R u+s /var/www` sets the SUID bit on all files and directories recursively, which is a dangerous action that would create privilege escalation risks, not find them.

219
MCQmedium

A user on a corporate iOS device complains that they cannot install a required business app from the App Store because the device is 'supervised' and shows a message that installation is blocked. What is the most likely reason and solution?

A.The user needs to sign out of iCloud and sign back in
B.The device has a configuration profile that disables App Store installs; update the MDM policy
C.Perform a factory reset to remove supervision
D.Enable 'Allow Untrusted Shortcuts' in Settings
AnswerB

Supervised devices often have restrictions set by MDM; adjusting the policy to allow installs or adding the app to a whitelist resolves the issue.

Why this answer

The 'supervised' status on iOS devices is an MDM-enforced mode that allows granular restrictions. The error message about installation being blocked indicates a configuration profile or MDM policy specifically disables App Store installations. Updating the MDM policy to allow installs is the correct solution, as it directly addresses the restriction without compromising supervision.

Exam trap

CompTIA often tests the misconception that 'supervised' means the device is locked down permanently, leading candidates to suggest a factory reset, when in fact supervision is a management state that can be adjusted via MDM policies without wiping the device.

How to eliminate wrong answers

Option A is wrong because signing out of iCloud does not affect MDM-enforced restrictions like App Store installation blocks; iCloud is for personal data sync, not device management policies. Option C is wrong because a factory reset removes supervision but also wipes all data and defeats the purpose of corporate management; it is an extreme measure that does not solve the policy issue. Option D is wrong because 'Allow Untrusted Shortcuts' is a setting for running unsigned shortcuts, not for App Store installation permissions; it is unrelated to MDM restrictions.

220
MCQhard

A user reports that their MacBook Air running macOS Monterey will not connect to a Wi-Fi network that other devices can connect to. The Wi-Fi menu shows the network but clicking it does nothing. Which macOS tool should you use to reset the Wi-Fi configuration?

A.Network Utility
B.Wireless Diagnostics
C.System Information > Wi-Fi
D.Terminal command 'sudo ifconfig en0 down'
AnswerB

Wireless Diagnostics, when launched with Option-click on the Wi-Fi icon, offers a 'Monitor' and 'Log' but also a 'Wi-Fi Reset' option that clears saved networks and preferences.

Why this answer

Wireless Diagnostics is the correct tool because it includes a dedicated 'Wi-Fi Reset' option under the Window menu (or accessible via the 'Utilities' menu in some versions). This option resets Wi-Fi configuration without requiring manual removal of plist files or terminal commands. Network Utility is deprecated and not used for Wi-Fi resets.

System Information provides hardware/software info but cannot reset Wi-Fi. The ifconfig command can bring the interface down but does not reset persistent Wi-Fi settings.

221
MCQmedium

A company uses a login script that sets environment variables and maps drives based on the user's department. The script works for most users, but some report that the drive mappings are missing. The script is written in batch and uses 'if' statements to check department codes. What is the most likely cause of the intermittent failures?

A.The script runs too early before the network is fully initialized
B.The department codes in the script do not match the actual codes due to case sensitivity
C.The script is using 'setx' instead of 'set' for environment variables
D.The user accounts lack permission to run login scripts
AnswerB

Batch 'if' comparisons are case-sensitive by default, so 'Sales' and 'sales' would not match, causing the mapping to be skipped.

Why this answer

Batch file 'if' statements are case-sensitive by default when comparing strings. If the script checks for department codes like 'SALES' but the actual environment variable or user input contains 'sales' or 'Sales', the comparison fails and the drive mapping block is skipped. This explains why the issue is intermittent — it depends on how the department code is stored or passed.

Exam trap

CompTIA often tests the case sensitivity of batch file string comparisons, knowing that candidates assume string comparisons are case-insensitive by default, leading them to overlook this subtle but critical behavior.

How to eliminate wrong answers

Option A is wrong because network initialization issues would affect all users or cause complete failure, not just drive mappings for specific departments, and the script works for most users. Option C is wrong because 'setx' sets persistent environment variables, which would not cause intermittent drive mapping failures; the script uses 'set' for temporary variables, and the issue is with conditional logic, not variable persistence. Option D is wrong because if user accounts lacked permission to run login scripts, the script would fail entirely for those users, not just skip drive mappings intermittently.

222
MCQhard

A technician is troubleshooting a Windows 10 computer that randomly restarts without any error message. The system does not create a minidump file. Which advanced startup option should be disabled in the System Properties to help capture the error for analysis?

A.Fast Startup
B.Automatic restart
C.Write an event to the system log
D.Small memory dump (256 KB)
AnswerB

Disabling 'Automatic restart' under Startup and Recovery in System Properties will stop the system from rebooting on a system failure, allowing the error to be seen and dump files to be written.

Why this answer

When 'Automatic restart' is enabled, the system restarts immediately after a critical error (BSOD) without displaying the error screen or creating a dump file. Disabling this option allows the system to halt on the blue screen, showing the error code and enabling dump file generation for troubleshooting.

223
MCQhard

During a security audit, a technician discovers that an unauthorized person accessed a restricted server room by pretending to be a fire inspector. The person had a fake ID and clipboard. Which social engineering technique was used, and what is the best mitigation?

A.Tailgating; install mantraps at entrances.
B.Phishing; implement email filtering.
C.Pretexting; enforce visitor check-in and verification procedures.
D.Baiting; disable USB ports on workstations.
AnswerC

Pretexting uses a fabricated identity; verifying visitors against official records and requiring escorts prevents this.

Why this answer

The attacker used a fabricated identity (fake ID and clipboard) to create a false scenario—pretending to be a fire inspector—which is the hallmark of pretexting. The best mitigation is to enforce visitor check-in and verification procedures, such as requiring government-issued ID validation and escort policies, to prevent unauthorized access based on fabricated roles.

Exam trap

CompTIA often tests the distinction between pretexting and tailgating, where candidates confuse impersonation with simply following someone through a door; the trap here is that the fake ID and clipboard clearly indicate a fabricated identity (pretexting), not physical piggybacking.

How to eliminate wrong answers

Option A is wrong because tailgating involves an unauthorized person following an authorized person through a secured door without consent, not using a fake identity or pretext. Option B is wrong because phishing is a digital attack using fraudulent emails or messages to steal credentials, not an in-person impersonation with a fake ID. Option D is wrong because baiting involves offering something enticing (e.g., a free USB drive) to trick a victim into installing malware, not impersonating an authority figure to gain physical access.

224
MCQmedium

A small business owner wants to allow their remote employees to securely access a specific internal application without giving them full network access. Which remote access technology should the technician recommend?

A.Site-to-site VPN
B.Remote Desktop Services
C.Application gateway
D.SSH tunneling
AnswerC

An application gateway (like a reverse proxy) allows secure access to specific applications without granting full network access.

Why this answer

An application gateway (reverse proxy) is the correct choice because it provides granular, application-layer access control, allowing remote employees to reach a specific internal application without granting them full network-level access. Unlike VPNs that create a tunnel to the entire network, an application gateway authenticates and proxies only the designated application traffic, often using protocols like HTTPS and enforcing policies at Layer 7.

Exam trap

The trap here is that candidates often confuse 'remote access' with 'full network connectivity' and choose a VPN (site-to-site or client-based) because they think encryption alone solves the access control problem, overlooking the need for application-specific, least-privilege access.

How to eliminate wrong answers

Option A is wrong because a site-to-site VPN connects entire networks (e.g., branch office to headquarters), giving remote employees full network access, not just to a single application. Option B is wrong because Remote Desktop Services provides a full desktop session or individual applications via RDP, but it exposes the entire desktop environment or multiple apps, not a single internal application with granular access control. Option D is wrong because SSH tunneling creates an encrypted tunnel for specific TCP ports, but it requires manual configuration, exposes the underlying network if misconfigured, and does not provide application-layer filtering or authentication for a single web application.

225
MCQmedium

A user reports that their Windows 10 PC frequently crashes with a blue screen error. You want to analyze the memory dump files to identify the faulty driver. Which tool should you use to view and analyze these dump files?

A.Event Viewer
B.Windows Memory Diagnostic
C.Performance Monitor
D.Task Manager
AnswerA

Event Viewer logs system errors, including blue screen events, and provides details about the crash, including the dump file path.

Why this answer

Event Viewer is the correct tool because it logs system events, including blue screen errors (BugCheck events), and provides access to memory dump files. You can view the details of a crash under 'Windows Logs > System' and filter by event ID 1001, which includes the path to the dump file and the module that caused the failure. This allows you to identify the faulty driver by analyzing the dump file directly or by using additional tools like WinDbg.

Exam trap

The trap here is that candidates often confuse Windows Memory Diagnostic (a RAM tester) with a tool for analyzing crash dumps, or they assume Task Manager or Performance Monitor can provide crash analysis, but only Event Viewer logs the crash event and points to the dump file location.

How to eliminate wrong answers

Option B is wrong because Windows Memory Diagnostic is a tool for testing physical RAM for hardware errors, not for analyzing memory dump files from crashes. Option C is wrong because Performance Monitor is used to collect and analyze real-time performance data (e.g., CPU, disk usage) over time, not to view or analyze crash dump files. Option D is wrong because Task Manager provides a snapshot of running processes, performance metrics, and startup programs, but it cannot display or analyze memory dump files from blue screen errors.

Page 2

Page 3 of 10

Page 4

All pages