CompTIA A+ Core 2 220-1202 (220-1202) — Questions 226300

750 questions total · 10pages · All types, answers revealed

Page 3

Page 4 of 10

Page 5
226
MCQmedium

A technician is configuring a company-issued Android phone for a new employee. The employee will use the phone for both work (email, calendar) and personal activities. The company requires that work data be securely containerized and managed without affecting the employee's personal apps. Which Android feature should the technician enable?

A.Set up a separate User account for work.
B.Enable the Work Profile via the device's Settings under Accounts.
C.Use Screen Pinning to lock the device to the email app.
D.Install a third-party MDM agent only.
AnswerB

The Work Profile creates a secure, managed container for work apps and data, allowing IT to enforce policies without intruding on the personal side.

Why this answer

Android's Work Profile (part of Android Enterprise) creates a separate, managed profile on the device for work apps and data. This allows IT to enforce policies (like encryption and remote wipe) on the work profile without affecting the personal profile. Multi-User mode is for separate users, not a single user with two contexts, and Screen Pinning is for single-app lockdown.

227
MCQmedium

A technician is tasked with installing a new hard drive in a server rack. The rack is located in a cramped, dusty storage room with poor lighting. Which safety practice should the technician prioritize before beginning the installation?

A.Use a step stool to reach the server rack safely.
B.Wear a dust mask and use a flashlight to improve visibility.
C.Remove the server from the rack and place it on the floor for easier access.
D.Disconnect all power cables in the rack to eliminate electrical hazards.
AnswerB

A dust mask protects against respiratory irritation, and a flashlight ensures the technician can see clearly to avoid mistakes.

Why this answer

The correct answer is B because the scenario describes a cramped, dusty storage room with poor lighting, which creates two immediate hazards: inhalation of dust particles and reduced visibility. Wearing a dust mask protects the technician's respiratory system from airborne particulates, while using a flashlight ensures they can see clearly to avoid accidental contact with components or cables. These measures directly address the environmental risks before any work begins.

Exam trap

CompTIA often tests the candidate's ability to prioritize environmental and personal safety over convenience or overkill measures, and the trap here is that test-takers may choose Option D (disconnecting all power) thinking it is the safest approach, but it is excessive and not the most immediate priority given the specific conditions described.

How to eliminate wrong answers

Option A is wrong because using a step stool does not address the primary hazards of dust inhalation and poor visibility; it only helps with height, which is not the main concern in a cramped space. Option C is wrong because removing the server from the rack and placing it on the floor increases the risk of physical damage to the server and creates a tripping hazard, and it does not mitigate the dust or lighting issues. Option D is wrong because disconnecting all power cables in the rack is an extreme and unnecessary step that could disrupt other critical systems; the technician should only isolate the specific device they are working on, following proper lockout/tagout procedures.

228
MCQeasy

A technician is deploying 20 new laptops to a department. The manager asks the technician to install the software quickly, but the technician knows that a full deployment includes user training and data migration. Which action BEST demonstrates professional communication?

A.Agree to the manager's request and rush the installation to avoid conflict.
B.Explain the standard deployment process and offer a revised timeline that includes training.
C.Install the software and let the users figure out the rest on their own.
D.Tell the manager that training is not part of the technician's job.
AnswerB

This communicates the necessary steps and manages expectations professionally.

Why this answer

Option B is correct because it demonstrates professional communication by clearly explaining the standard deployment process—which includes user training and data migration—and offering a revised timeline. This aligns with the CompTIA A+ objective of managing expectations and ensuring a complete, effective rollout rather than a rushed, incomplete installation.

Exam trap

The trap here is that candidates may think agreeing to the manager's request (Option A) avoids conflict, but CompTIA often tests that professional communication requires setting realistic expectations and explaining the full scope of work, not just immediate compliance.

How to eliminate wrong answers

Option A is wrong because agreeing to rush the installation ignores the necessary steps of user training and data migration, leading to potential user confusion and data loss, which violates professional responsibility. Option C is wrong because installing software without training or support leaves users to figure out the system on their own, which is unprofessional and can cause productivity loss and security risks. Option D is wrong because telling the manager that training is not part of the technician's job dismisses a core component of a full deployment and fails to communicate the technician's role in ensuring successful adoption.

229
MCQeasy

A user complains that their Windows 11 laptop's battery drains quickly even when idle. They have checked the Task Manager and no unusual processes are running. Which built-in tool should you use to generate a detailed report of battery usage and health?

A.Resource Monitor
B.Performance Monitor
C.Powercfg /batteryreport
D.Windows Memory Diagnostic
AnswerC

This command creates a detailed battery report saved as an HTML file in the current directory. It shows battery design capacity, full charge capacity, and usage history, helping identify battery degradation or excessive drain.

Why this answer

Powercfg /batteryreport is the correct built-in tool because it generates a comprehensive HTML report detailing battery capacity history, usage patterns, and estimated life. This command analyzes the system's power efficiency and battery health, which directly addresses the user's complaint of rapid drain even when idle, without relying on running processes visible in Task Manager.

Exam trap

The trap here is that candidates often confuse Resource Monitor or Performance Monitor as tools for battery analysis, but neither provides the specific battery health and usage history that powercfg /batteryreport does.

How to eliminate wrong answers

Option A is wrong because Resource Monitor provides real-time monitoring of CPU, memory, disk, and network usage, but it does not generate a historical or health-focused battery report. Option B is wrong because Performance Monitor tracks system performance counters over time, but it lacks specific battery health and usage reporting capabilities. Option D is wrong because Windows Memory Diagnostic is designed to test RAM for errors, not to analyze battery performance or health.

230
MCQhard

During a forensic investigation, a technician needs to recover files that a user deleted from their Mac's internal SSD several days ago. The Trash has been emptied. Which macOS feature or tool should be attempted first to recover these files?

A.Use the Terminal command 'fs_usage' to locate the deleted files
B.Restore from a Time Machine backup
C.Run Disk Utility First Aid on the SSD
D.Use a third-party file recovery tool immediately
AnswerB

If Time Machine was enabled, you can browse backups and restore the deleted files from before they were deleted.

Why this answer

Time Machine is the built-in macOS backup feature that automatically creates incremental backups of the system. If a Time Machine backup was made before the files were deleted, the user can browse the backup timeline and restore the deleted files directly, even after the Trash has been emptied. This is the simplest and most reliable first step because it does not require specialized tools or risk overwriting data.

Exam trap

The exam often tests the misconception that a built-in utility like Disk Utility First Aid can recover deleted files, when in fact it only repairs volume metadata and has no file recovery capability.

How to eliminate wrong answers

Option A is wrong because 'fs_usage' is a real-time file system monitoring tool that logs current system calls; it cannot locate or recover previously deleted files. Option C is wrong because Disk Utility First Aid repairs file system structure errors (e.g., directory corruption) but does not recover deleted files; it has no undelete capability. Option D is wrong because while third-party tools can sometimes recover deleted files from an SSD, they should not be attempted first if a Time Machine backup exists, as they may overwrite the very data they aim to recover and are less reliable on SSDs due to TRIM.

231
MCQmedium

During a security incident investigation, you discover that an attacker gained physical access to a network closet by using a cloned RFID badge. Which control would have most effectively prevented this type of attack?

A.Install a CCTV camera in the closet
B.Use a biometric reader instead of RFID
C.Add a door sensor alarm
D.Require a second factor like a PIN
AnswerB

Biometrics cannot be cloned like an RFID badge, as they rely on unique physical characteristics.

Why this answer

A biometric reader (e.g., fingerprint or iris scanner) is the most effective control because it authenticates based on a unique physical trait that cannot be cloned or duplicated like an RFID badge. Since the attacker used a cloned RFID badge, a biometric system would have required the attacker's own biometric data, which they cannot replicate from the legitimate user. This directly addresses the root cause of the attack—credential theft via cloning—rather than merely detecting or delaying it.

Exam trap

CompTIA often tests the distinction between preventive and detective controls, and the trap here is that candidates confuse 'detecting' an intrusion (CCTV, door alarm) with 'preventing' the root cause (biometric authentication), leading them to choose a reactive measure instead of a proactive one.

How to eliminate wrong answers

Option A is wrong because a CCTV camera is a detective control that records incidents after they occur; it does not prevent an attacker from gaining physical access with a cloned badge. Option C is wrong because a door sensor alarm is a detection mechanism that alerts to unauthorized entry but does not stop the attacker from entering the closet in the first place. Option D is wrong because requiring a second factor like a PIN still relies on the RFID badge as the first factor; if the badge is cloned, the attacker can still present the cloned badge and then enter a PIN (which could be observed or guessed), so it does not prevent the core cloning attack.

232
MCQhard

A technician is configuring a remote desktop solution for a user who needs to access a Linux server from a Windows 10 workstation. The technician wants to use a secure, encrypted connection. Which remote access technology should the technician configure on the Linux server?

A.RDP
B.VNC
C.SSH
D.Telnet
AnswerC

SSH provides encrypted command-line access and is the standard for secure remote administration of Linux servers.

Why this answer

SSH (Secure Shell) is the correct choice because it provides encrypted, authenticated remote shell access to Linux/Unix servers over an insecure network. It uses TCP port 22 and supports strong encryption algorithms (e.g., AES, ChaCha20) and public-key authentication, making it the standard secure remote access protocol for Linux systems.

Exam trap

The trap here is that candidates often confuse RDP (a Windows-centric GUI protocol) with SSH (a Linux-centric secure shell protocol), or mistakenly think VNC is inherently secure, when in fact SSH is the only option that provides built-in encryption and is the standard for secure Linux remote access.

How to eliminate wrong answers

Option A is wrong because RDP (Remote Desktop Protocol) is a proprietary Microsoft protocol primarily used for remote GUI access to Windows systems, not Linux servers, and while it can be encrypted, it is not the native secure remote access method for Linux. Option B is wrong because VNC (Virtual Network Computing) typically transmits data in cleartext by default and requires additional tunneling (e.g., over SSH) to be secure; it is not inherently encrypted and is not the standard secure remote access technology for Linux servers. Option D is wrong because Telnet transmits all data, including credentials, in plaintext over TCP port 23, providing no encryption or security, and is obsolete for secure remote administration.

233
MCQhard

A technician is tasked with removing malware from a Windows 10 computer that has a Trojan horse that downloaded additional payloads. The technician has already run a full antivirus scan and removed the Trojan, but the computer still exhibits suspicious network activity. What should the technician do next?

A.Reimage the computer immediately.
B.Run a second opinion malware scanner such as Malwarebytes.
C.Reset the web browser settings to default.
D.Disable all startup programs in Task Manager.
AnswerB

A second scanner can find residual malware or backdoors that the primary tool missed.

Why this answer

Even after removing the Trojan with a full antivirus scan, the computer may still have residual malware components (e.g., backdoors, keyloggers, or downloaders) that the primary scanner missed. Running a second opinion scanner like Malwarebytes uses a different detection engine and signature database, increasing the chance of identifying and removing these hidden threats. This step is critical because the suspicious network activity indicates an active infection that the first scan failed to fully eradicate.

Exam trap

CompTIA often tests the misconception that a single antivirus scan is sufficient for complete malware removal, when in fact residual components or stealthy payloads require a second opinion scanner to fully clean the system.

How to eliminate wrong answers

Option A is wrong because reimaging the computer immediately is a drastic step that should only be taken after less destructive remediation methods have failed, and it would destroy any forensic evidence needed to understand the infection. Option C is wrong because resetting browser settings only addresses browser-based symptoms like changed homepages or toolbars, but does not remove the underlying malware that is causing network activity. Option D is wrong because disabling startup programs in Task Manager only prevents known programs from launching at boot, but does not remove or disable the malware process that is already running or hidden from the startup list.

234
MCQmedium

A user reports that a scheduled task running a VBScript fails every time the computer is rebooted. The script works when run manually. The technician checks the task properties and sees the task is set to run with the user's credentials. Which scripting-related issue is most likely causing the failure?

A.The script has a syntax error
B.The script uses absolute paths that change after reboot
C.The task is set to run only when the user is logged on
D.The script is blocked by antivirus software
AnswerC

Correct. If the task is set to run only when the user is logged on, it will fail after reboot if no user logs on interactively. Changing it to 'run whether user is logged on or not' with stored credentials fixes it.

Why this answer

This tests understanding of script execution context and permissions. When a script runs under a user account, it may not have the necessary permissions to access network resources or system files after reboot if the user isn't logged on. The 'run whether user is logged on or not' option requires the password to be stored, and if the password changes or is not provided, the task fails.

235
MCQhard

A technician is troubleshooting a Windows 11 system that intermittently loses network connectivity. They need to continuously monitor the connection to a remote server and log the results to a text file for analysis. Which command should they use?

A.ping -n 100 > log.txt
B.ping -t > log.txt
C.tracert -d > log.txt
D.pathping > log.txt
AnswerB

This sends continuous pings until manually stopped, with output redirected to a log file for analysis.

Why this answer

Option B is correct because the `ping -t` command continuously sends ICMP Echo Request packets to the remote server until manually stopped, which allows the technician to monitor intermittent connectivity issues over an extended period. The `> log.txt` redirection operator captures all output (timestamps and replies) into a text file for later analysis, making it ideal for troubleshooting sporadic network drops.

Exam trap

A common mistake is thinking that `ping -n 100` or `pathping` provides continuous monitoring, but only `ping -t` (with redirection) allows indefinite logging for intermittent issues.

How to eliminate wrong answers

Option A is wrong because `ping -n 100` sends only 100 ICMP Echo Requests and then stops, which is insufficient for monitoring intermittent connectivity that may occur over hours or days. Option C is wrong because `tracert -d` performs a single route trace to the destination without continuous monitoring, and the `-d` flag only disables DNS resolution, not enabling persistence. Option D is wrong because `pathping` combines ping and traceroute but runs a fixed sequence of probes (default 100 hops and 300 seconds) and then exits, providing a one-time latency and loss report rather than continuous logging.

236
MCQmedium

During a software deployment, a technician must dispose of 50 unused software license CDs. The CDs are still sealed. What is the most environmentally friendly way to handle them?

A.Throw them in the general office trash bin.
B.Shred them and put the pieces in the recycling bin.
C.Donate them to a local school or non-profit that can use them.
D.Burn them in an incinerator to generate energy.
AnswerC

Donation extends the life of the media and reduces waste; it is the most environmentally friendly option.

Why this answer

Donating or recycling the CDs through a media recycling program is the best approach. CDs are made of polycarbonate and can be recycled, but they should not go into regular trash. This question tests knowledge of proper disposal of electronic media.

237
MCQhard

A company is migrating from Windows 10 to Windows 11 on 50 computers. After the upgrade, several users report that a critical line-of-business application no longer works. The application ran fine on Windows 10. You need to get it working without rolling back the entire OS. What is the most efficient solution?

A.Roll back all 50 computers to Windows 10 using the recovery partition.
B.Reinstall the application on each computer in Windows 10 compatibility mode.
C.Enable Hyper-V on each computer and run the application in a Windows 10 virtual machine.
D.Use the Windows 11 'Reset this PC' feature to reinstall Windows 11 and then reinstall the application.
AnswerB

Setting the application to run in Windows 10 compatibility mode often resolves compatibility issues without needing to revert the OS, making it the most efficient solution.

Why this answer

Windows 11 includes a Windows 10 compatibility mode that can be applied to individual applications. Using the Application Compatibility Toolkit (ACT) or the built-in compatibility troubleshooter to set the application to run in Windows 10 compatibility mode is the most efficient fix, as it does not require a full OS rollback.

238
MCQmedium

A security incident is suspected on a Windows 10 workstation. You need to list all active network connections and the associated processes to identify potential malicious activity. Which command provides this information?

A.netstat -a
B.netstat -b
C.tasklist /svc
D.ipconfig /displaydns
AnswerB

This shows active connections and the binary (process) that created them, directly linking network activity to processes.

Why this answer

The `netstat -b` command displays all active TCP/UDP network connections along with the executable (process) name that created each connection. This is essential for identifying which process is communicating over the network, enabling you to spot suspicious activity like malware beaconing outbound.

Exam trap

CompTIA often tests the distinction between `netstat -a` (shows connections only) and `netstat -b` (shows connections with process names), expecting candidates to remember that `-b` requires administrative privileges and is the only option that links network activity to a specific executable.

How to eliminate wrong answers

Option A is wrong because `netstat -a` shows all active connections and listening ports but does not include the associated process name, so you cannot link a connection to a specific executable. Option C is wrong because `tasklist /svc` lists running processes and their associated services, but it does not display network connections or ports. Option D is wrong because `ipconfig /displaydns` shows the contents of the DNS resolver cache, which lists domain names and their resolved IP addresses, not active network connections or processes.

239
MCQmedium

A company policy requires that all web traffic be filtered to block known malicious sites. You need to implement this on the network without installing software on each client. What should you configure?

A.Enable Windows Defender Firewall on each workstation
B.Configure a DNS filtering service on the router or DNS server
C.Install a browser extension on all computers
D.Set the browser security level to high
AnswerB

DNS filtering resolves malicious domains to a block page, preventing access at the network level.

Why this answer

A DNS filtering service works at the network level by resolving domain names against a blocklist of known malicious sites. By configuring this on the router or DNS server, all client traffic is filtered transparently without requiring any software installation on individual workstations, which satisfies the policy requirement.

Exam trap

A common trap on the CompTIA A+ exam is confusing host-based and network-based security controls. Candidates may choose a host-based solution (like firewall or browser settings) instead of recognizing that DNS filtering is a network-level, agentless method that meets the 'no client software' constraint.

How to eliminate wrong answers

Option A is wrong because Windows Defender Firewall filters traffic based on ports and IP addresses, not domain names, and it cannot block specific malicious websites by URL. Option C is wrong because installing a browser extension requires software installation on each client, which violates the 'without installing software on each client' requirement. Option D is wrong because setting the browser security level to high only restricts browser features (e.g., scripts, ActiveX) and does not block access to specific malicious sites by domain or URL.

240
MCQmedium

A small business uses a shared iMac for customer check-ins. The manager wants to restrict which apps users can open and prevent changes to system settings without creating separate user accounts. Which macOS feature should you configure to meet this requirement?

A.Enable FileVault full-disk encryption
B.Configure Parental Controls (Screen Time) for the user account
C.Use the Guest User account
D.Apply a firmware password
AnswerB

Parental Controls (under Screen Time) allow you to limit app usage, block specific apps, and restrict system settings changes for a standard user.

Why this answer

Parental Controls (Screen Time) allows administrators to restrict app usage and system settings changes on a per-user basis without creating separate user accounts. This feature can limit which applications a user can open and prevent modifications to system preferences, meeting the manager's requirement directly.

Exam trap

The trap here is that candidates often confuse Guest User accounts with managed restrictions, not realizing that Guest User only provides a clean session without persistent data but no app or settings controls.

How to eliminate wrong answers

Option A is wrong because FileVault provides full-disk encryption to protect data at rest, not application or settings restrictions. Option C is wrong because the Guest User account allows temporary access with no persistent data but does not provide granular controls to restrict specific apps or prevent system setting changes. Option D is wrong because a firmware password prevents unauthorized users from booting from external devices or accessing recovery mode, but it does not restrict app usage or system settings within macOS.

241
MCQeasy

A user reports that their laser printer is producing faint, streaky prints and has a strong ozone smell. The printer has been in use for three years. What is the most important safety procedure to follow before attempting to service the printer?

A.Replace the toner cartridge immediately.
B.Unplug the printer and discharge the high-voltage power supply.
C.Clean the corona wire with isopropyl alcohol.
D.Reset the printer to factory defaults.
AnswerB

This is the correct safety procedure. Laser printers have capacitors that hold a charge; discharging them prevents electric shock.

Why this answer

The strong ozone smell indicates a high-voltage issue, likely with the corona wire or power supply. Before servicing, you must unplug the printer and discharge the high-voltage power supply to prevent electric shock, as laser printers store lethal voltages in capacitors even when powered off.

Exam trap

CompTIA often tests the distinction between troubleshooting steps and mandatory safety procedures, trapping candidates who confuse cleaning or replacing parts with the prerequisite of power isolation and discharge.

How to eliminate wrong answers

Option A is wrong because replacing the toner cartridge does not address the safety hazard of high-voltage discharge and is a troubleshooting step, not a safety procedure. Option C is wrong because cleaning the corona wire with isopropyl alcohol is a maintenance task that should only be performed after power is disconnected and high voltage is discharged; doing it first risks electric shock. Option D is wrong because resetting to factory defaults is a software configuration step that does not eliminate the risk of high-voltage shock and does not resolve the physical safety concern.

242
MCQeasy

During a security audit, a Linux server is found to have a configuration file that is world-writable. The file /etc/app/config.cfg must only be readable and writable by the root user. Which command should the administrator run?

A.chmod 777 /etc/app/config.cfg
B.chmod 644 /etc/app/config.cfg
C.chmod 600 /etc/app/config.cfg
D.chmod 400 /etc/app/config.cfg
AnswerC

This grants read and write only to the owner (root), and no permissions to group or others, securing the file.

Why this answer

Option C is correct because `chmod 600` sets the file permissions to read and write for the owner (root) and no permissions for group or others. This satisfies the requirement that only root can read and write `/etc/app/config.cfg`, as root is the owner of the file.

Exam trap

The trap here is that candidates may confuse the numeric permission values, often picking `644` (thinking it restricts write access) or `400` (thinking read-only is sufficient), while overlooking the explicit requirement for both read and write by root.

How to eliminate wrong answers

Option A is wrong because `chmod 777` grants read, write, and execute permissions to everyone (owner, group, others), making the file world-writable and world-executable, which violates the security requirement. Option B is wrong because `chmod 644` grants read and write to the owner but read-only to group and others, meaning non-root users can still read the file, which does not meet the 'only root' condition. Option D is wrong because `chmod 400` grants read-only to the owner (root) and no permissions to group or others, but the requirement explicitly states the file must be both readable and writable by root, so write permission is missing.

243
MCQeasy

A technician needs to deploy a configuration change to 50 Windows 10 computers using a script. The script must check if a specific registry key exists before modifying it. Which scripting construct should be used?

A.A for loop
B.A while loop
C.An if-else statement
D.A try-catch block
AnswerC

An if-else statement allows the script to test for the registry key's existence and then act accordingly.

Why this answer

The script needs to conditionally execute code based on whether a registry key exists. An if-else statement is the correct construct for this because it evaluates a condition (e.g., Test-Path 'HKLM:\Software\MyKey') and executes one block if true (modify the key) and another if false (skip or create). Loops are for repetition, not conditional branching, and try-catch handles runtime errors, not existence checks.

Exam trap

The trap here is that candidates confuse conditional logic (if-else) with error handling (try-catch), thinking that checking for existence requires exception handling, when in fact a simple conditional test is the correct and more efficient approach.

How to eliminate wrong answers

Option A is wrong because a for loop is designed for iterating over a sequence or a fixed number of times, not for making a single conditional decision about a registry key's existence. Option B is wrong because a while loop repeats a block of code as long as a condition is true, which is unnecessary for a one-time check and could cause an infinite loop if misused. Option D is wrong because a try-catch block is used to handle exceptions (runtime errors) such as access denied or missing paths, not to test for the existence of a registry key before modification.

244
MCQmedium

A technician is assisting a user who is visibly upset because their critical presentation file was deleted accidentally. The user is speaking loudly and interrupting. What is the best way to handle this situation professionally?

A.Politely ask the user to calm down and speak more quietly so you can understand the issue.
B.Interrupt the user to explain that files can often be recovered from the Recycle Bin or backup.
C.Listen without interrupting, then say, "I can see this is urgent. Let's check the Recycle Bin first, and if it's not there, we have backups."
D.Transfer the user to a supervisor because the user is being difficult.
AnswerC

This validates the user's emotions and provides a clear path forward, demonstrating professionalism and empathy.

Why this answer

Option C is correct because it demonstrates active listening and empathy while immediately addressing the technical issue. The technician first allows the user to vent without interruption, then acknowledges the urgency and proposes a clear, step-by-step recovery plan starting with the Recycle Bin (a common first-resort recovery method) and escalating to backups if needed. This approach de-escalates the emotional situation while efficiently moving toward a solution, which is key for professional customer service in IT support.

Exam trap

CompTIA often tests the candidate's ability to balance empathy with technical action; the trap here is that candidates may choose Option B (interrupting with a solution) because they focus solely on technical correctness, ignoring the professionalism and communication skills required to de-escalate an emotional user.

How to eliminate wrong answers

Option A is wrong because telling an upset user to 'calm down' can be perceived as dismissive and may escalate the situation; it does not address the technical problem. Option B is wrong because interrupting the user, even with a valid technical solution, can increase frustration and prevent the technician from gathering full details about the file deletion (e.g., whether it was permanently deleted or from a specific location). Option D is wrong because transferring a user solely for being upset avoids the technician's responsibility to handle emotional situations professionally and delays resolution; it should only be done if the issue is beyond the technician's scope or authority.

245
MCQhard

A user reports that their Windows 10 PC is unable to connect to network shares on a server, but internet access works fine. You suspect the 'Workstation' service is not running. Which administrative tool should you use to verify and start this service?

A.Task Manager > Startup tab to check if the service is enabled.
B.Network and Sharing Center to run the network troubleshooter.
C.Services console to locate the 'Workstation' service and start it.
D.Device Manager to reinstall the network adapter driver.
AnswerC

Correct. The Services console lists all services, including the Workstation service, and allows starting, stopping, or restarting them.

Why this answer

The 'Workstation' service (LanmanWorkstation) is a core Windows service that enables the computer to initiate outbound SMB connections to network shares. The Services console (services.msc) is the correct administrative tool to check the status of this service and start it if it is stopped. Option C directly addresses the need to verify and manage this service.

Exam trap

The trap here is that candidates may confuse a service issue with a driver or network configuration problem, leading them to choose Device Manager or Network and Sharing Center instead of the Services console.

How to eliminate wrong answers

Option A is wrong because the Task Manager Startup tab only manages programs that launch at user logon, not Windows services; the 'Workstation' service is a system service controlled via the Services console or SC command. Option B is wrong because Network and Sharing Center runs network troubleshooters that diagnose connectivity issues like IP configuration or DNS, but cannot start or stop Windows services. Option D is wrong because Device Manager is used to manage hardware drivers; reinstalling the network adapter driver would not resolve a service that is stopped, and the issue is not driver-related.

246
MCQhard

A company's security policy mandates that all remote access connections must be authenticated using two different factors. A technician is configuring VPN access for teleworkers. Which combination meets this requirement?

A.Username and password only.
B.Smart card and PIN.
C.Biometric fingerprint and a PIN.
D.Two different passwords.
AnswerB, C

Correct. A smart card (something you have) plus a PIN (something you know) constitutes two distinct factors.

Why this answer

Option B (smart card + PIN) uses something you have and something you know, while option C (biometric fingerprint + PIN) uses something you are and something you know. Both combinations satisfy the mandate for two different authentication factors, making both correct. The question does not prioritize one over the other based on practical implementation.

Exam trap

Candidates may think that only the smart card + PIN combination is valid because it's the most common in enterprise VPN setups. However, the question's requirement is simply 'two different factors,' which both B and C meet.

How to eliminate wrong answers

Option A is wrong because username and password are both 'something you know' factors, representing only a single authentication factor, not two different factors. Option C is wrong because biometric fingerprint (something you are) and a PIN (something you know) are two different factors, but the question specifies a smart card and PIN as the correct combination; however, the trap is that biometrics are often considered a valid second factor, but the exam expects the specific pairing of smart card and PIN as the correct answer. Option D is wrong because two different passwords are still both 'something you know' factors, providing only one factor type and no second factor.

247
MCQmedium

During a routine security audit, a technician discovers that an unknown person has been using a badge to enter the building after hours. The badge belongs to a former employee who left the company six months ago. Which type of social engineering attack likely enabled this unauthorized access?

A.Phishing
B.Tailgating
C.Dumpster diving
D.Shoulder surfing
AnswerB

Tailgating is the correct term for unauthorized physical access by following someone in, possibly with a stolen badge.

Why this answer

The correct answer is B, tailgating. This attack involves an unauthorized person physically following an authorized individual into a secured area without using their own credentials. In this scenario, the unknown person used a badge that belonged to a former employee, which indicates they likely gained entry by closely following someone else through a door or turnstile, exploiting the fact that the badge was not deactivated or that the access control system did not require re-authentication for each individual.

Exam trap

The trap here is that candidates often confuse tailgating with phishing or shoulder surfing because all involve deception, but tailgating is specifically a physical access attack that relies on bypassing authentication mechanisms through proximity, not digital or visual eavesdropping.

How to eliminate wrong answers

Option A is wrong because phishing is a digital social engineering attack that uses deceptive emails or messages to trick victims into revealing sensitive information or installing malware; it does not involve physical badge use or building entry. Option C is wrong because dumpster diving involves searching through trash for discarded documents or equipment containing sensitive information, not using a badge to enter a building. Option D is wrong because shoulder surfing is the act of looking over someone's shoulder to obtain passwords, PINs, or other confidential data; it does not involve using a physical badge to gain unauthorized physical access.

248
MCQmedium

An organization is moving to a cloud-based system and needs to dispose of several tape backup cartridges that contain years of financial data. The tapes are LTO-5 and are still readable. Which destruction method is most appropriate?

A.Overwrite the tapes with a bulk eraser or degausser.
B.Perform a quick format of the tapes using a tape drive.
C.Reuse the tapes for non-sensitive data after deleting the files.
D.Burn the tapes in an industrial incinerator.
AnswerA

A degausser designed for tape will destroy the magnetic data, making recovery impossible, and is a standard method for tape disposal.

Why this answer

A degausser or bulk eraser generates a powerful magnetic field that disrupts the magnetic domains on the LTO-5 tape media, rendering the previously stored data unrecoverable. This method is the most appropriate for LTO-5 tapes because it physically destroys the magnetic encoding without requiring a compatible tape drive, and it is faster and more reliable than attempting to overwrite the entire tape. For secure disposal of magnetic media containing sensitive financial data, degaussing is the industry-standard approach when physical destruction is not mandated.

Exam trap

CompTIA A+ often tests the misconception that a quick format or file deletion is sufficient for secure data destruction on magnetic media, when in fact only degaussing or physical destruction ensures the data is irrecoverable.

How to eliminate wrong answers

Option B is wrong because a quick format only erases the file system index or directory structure, not the underlying data on the tape; the financial data remains recoverable with forensic tools. Option C is wrong because simply deleting files or reusing the tapes after file deletion does not remove the residual magnetic signature of the original data, leaving it vulnerable to recovery using specialized equipment. Option D is wrong because while incineration would physically destroy the tapes, it is unnecessarily extreme, costly, and environmentally hazardous for LTO-5 cartridges; degaussing is the appropriate and sufficient method for magnetic media that does not require physical destruction.

249
MCQmedium

A helpdesk technician receives a call from an employee who says their smart card stopped working for building access. The employee is in a hurry and asks the technician to remotely disable the card and issue a temporary PIN for the day. What should the technician do first?

A.Disable the smart card and provide a temporary PIN as requested.
B.Ask the employee to visit the security office in person with a photo ID.
C.Reset the smart card remotely and test it with a badge reader.
D.Send a temporary PIN via email to the employee's company address.
AnswerB

In-person verification with a photo ID ensures the request is legitimate before making changes.

Why this answer

Option B is correct because smart card credentials for physical access are typically managed by a separate physical security system (e.g., an access control server), not the helpdesk's IT identity management system. The technician cannot remotely disable the card or issue a temporary PIN without proper authorization and verification of the caller's identity. The standard procedure is to require in-person verification with a photo ID at the security office to prevent social engineering attacks.

Exam trap

The trap here is that candidates assume the helpdesk has full control over all credential types (logical and physical) and can perform remote operations on smart cards, when in fact physical access systems are usually separate and require in-person identity verification.

How to eliminate wrong answers

Option A is wrong because disabling a smart card and issuing a temporary PIN without verifying the caller's identity violates security policy and could allow an attacker to gain unauthorized physical access. Option C is wrong because the technician cannot reset or test a smart card remotely; smart cards are physical tokens that require local interaction with a reader, and remote testing is not possible. Option D is wrong because sending a temporary PIN via email is insecure; email is not encrypted end-to-end by default and could be intercepted, and the PIN should be delivered through a secure out-of-band method.

250
MCQmedium

A user receives an email with a link that appears to be from their bank, asking them to verify their account. The link leads to a page that looks exactly like the bank's login page. What type of attack is this?

A.A man-in-the-middle attack.
B.A phishing attack.
C.A ransomware attack.
D.A cross-site scripting (XSS) attack.
AnswerB

Phishing uses social engineering to trick users into revealing sensitive information on fraudulent sites.

Why this answer

This scenario describes a phishing attack, where the attacker sends a deceptive email impersonating a trusted entity (the bank) to trick the user into clicking a malicious link. The link leads to a fraudulent website that mimics the legitimate bank login page, designed to capture the user's credentials. Phishing exploits social engineering rather than technical vulnerabilities, relying on the user's trust and inattention to detail.

Exam trap

CompTIA often tests the distinction between phishing and man-in-the-middle attacks by presenting a scenario where the user is tricked into voluntarily providing credentials on a fake site, which is phishing, not an active interception of network traffic.

How to eliminate wrong answers

Option A is wrong because a man-in-the-middle (MITM) attack involves the attacker intercepting and potentially altering communications between two parties in real time, typically by exploiting network-level vulnerabilities (e.g., ARP spoofing or rogue Wi-Fi), not by sending a deceptive email with a fake link. Option C is wrong because a ransomware attack encrypts the victim's files or locks their system and demands payment for decryption, which is not described here; the email does not contain malware or encryption. Option D is wrong because cross-site scripting (XSS) is a web application vulnerability that allows an attacker to inject malicious scripts into trusted websites, executed in the victim's browser; the attack described does not involve injecting scripts into a legitimate site but rather creating a fake login page.

251
MCQmedium

A technician is configuring a wireless network for a school that uses Chromebooks and iPads. The network must support fast roaming and prioritize security. The technician enables WPA2-Enterprise with 802.1X. What additional configuration is needed to ensure seamless roaming between access points?

A.Enable WPA3-SAE on all access points.
B.Configure all access points with the same SSID and passphrase.
C.Enable 802.11r (Fast Roaming) on the wireless controller.
D.Disable WPS on all access points.
AnswerC

802.11r reduces the time required for re-authentication during roaming.

Why this answer

Option C is correct because 802.11r (Fast Roaming) enables seamless key distribution between access points during client transitions, eliminating the need for full re-authentication with the RADIUS server. This is essential for devices like Chromebooks and iPads that move frequently across a school campus, ensuring low-latency roaming while maintaining WPA2-Enterprise security.

Exam trap

A common misconception in CompTIA A+ is that simply using the same SSID and passphrase (Option B) is sufficient for seamless roaming, but in WPA2-Enterprise, the passphrase is not used, and without 802.11r, clients must perform a full 802.1X re-authentication at each AP, causing noticeable delays.

How to eliminate wrong answers

Option A is wrong because WPA3-SAE is a different security protocol for personal networks, not enterprise; it does not integrate with 802.1X and does not address roaming optimization. Option B is wrong because while using the same SSID is necessary for roaming, a shared passphrase is irrelevant for WPA2-Enterprise, which uses per-user credentials via 802.1X, not a pre-shared key. Option D is wrong because disabling WPS improves security by preventing brute-force attacks on PIN-based authentication, but it has no effect on roaming performance or seamless handoff between access points.

252
MCQeasy

A technician is installing a new power supply in a desktop computer. After unplugging the system, what should the technician do before touching any internal components?

A.Wear a grounding strap and immediately open the case.
B.Press and hold the power button for 10 seconds to drain residual charge, then wear an ESD strap.
C.Spray the interior with compressed air to remove dust before touching anything.
D.Remove the CMOS battery first to ensure no power remains.
AnswerB

This discharges the capacitors and reduces shock risk; the ESD strap then prevents static damage.

Why this answer

Option B is correct because pressing and holding the power button for 10 seconds after unplugging the system discharges the remaining charge in the power supply capacitors and other components, reducing the risk of electric shock or damage. Wearing an ESD strap then provides a path to ground for static electricity, protecting sensitive internal components from electrostatic discharge.

Exam trap

CompTIA often tests the misconception that simply unplugging the system makes it safe to work inside, or that removing the CMOS battery is the correct way to eliminate all power, when in fact the primary danger is the residual charge in the power supply capacitors.

How to eliminate wrong answers

Option A is wrong because immediately opening the case and wearing a grounding strap without first draining residual charge from capacitors can expose the technician to a shock hazard; the power supply can hold a dangerous charge for minutes after being unplugged. Option C is wrong because spraying compressed air into the interior before discharging residual power can blow dust into sensitive areas and does not address the immediate safety step of draining stored energy. Option D is wrong because removing the CMOS battery does not discharge the main power supply capacitors; the CMOS battery only powers the real-time clock and BIOS settings, and its removal does not eliminate the high-voltage charge in the PSU.

253
MCQmedium

A company is relocating and needs to dispose of 50 old desktop computers with HDDs that contain sensitive client data. The policy requires data destruction to be verifiable and the drives to be physically destroyed. Which method meets these requirements?

A.Use a degausser and then donate the drives to a school.
B.Overwrite each drive with three passes of random data.
C.Send the drives to a certified e-waste recycler for shredding.
D.Reformat each drive and install a fresh OS for reuse.
AnswerC

Shredding physically destroys the drives and a certified recycler can provide a certificate of destruction, satisfying the policy.

Why this answer

Physical destruction methods like shredding or crushing provide verifiable destruction (e.g., through a certificate of destruction) and ensure the drives cannot be reused, meeting strict security policies. Degaussing also destroys data but may not physically destroy the drive.

254
MCQhard

A company's security policy requires that all workstations use a host-based firewall to block incoming connections except for specific allowed applications. A technician needs to configure this on a Windows 10 PC. Which tool should they use?

A.Windows Defender Antivirus settings
B.Windows Defender Firewall with Advanced Security
C.Group Policy Editor
D.Network and Sharing Center
AnswerB

This MMC snap-in allows creating inbound and outbound rules to block or allow traffic based on application, port, or IP address, meeting the policy requirement.

Why this answer

The Windows Defender Firewall with Advanced Security (wf.msc) is the correct tool because it provides granular control over inbound rules, allowing the technician to block all incoming connections by default and then create explicit allow rules for specific applications. This meets the security policy requirement for a host-based firewall that blocks incoming traffic except for permitted applications.

Exam trap

CompTIA often tests the distinction between basic firewall settings (accessible via Control Panel) and the Advanced Security console, where candidates mistakenly choose the simpler interface or confuse firewall management with antivirus or group policy tools.

How to eliminate wrong answers

Option A is wrong because Windows Defender Antivirus settings manage malware protection, not firewall rules; it cannot create or modify inbound connection rules. Option C is wrong because Group Policy Editor (gpedit.msc) is used to configure system-wide policies across a domain, not for per-workstation firewall rule management on a standalone Windows 10 PC. Option D is wrong because Network and Sharing Center is a network status and troubleshooting interface; it does not provide the advanced inbound rule configuration needed to block all incoming connections except specific applications.

255
MCQhard

During a security audit, a technician finds that a user's workstation was infected with malware after the user inserted a USB drive found in the parking lot. The drive was labeled 'Employee Salary Info Q4'. What social engineering principle did the attacker exploit?

A.Scarcity
B.Baiting
C.Pretexting
D.Tailgating
AnswerB

Baiting is the correct term, as the attacker left a malicious device (the bait) to exploit the user's curiosity.

Why this answer

Baiting is the correct answer because the attacker exploited the victim's curiosity by leaving a malware-infected USB drive in a visible location, labeled with an enticing message ('Employee Salary Info Q4'). When the user inserted the drive, the malware executed automatically (e.g., via Autorun.inf in Windows), compromising the workstation. This is a classic baiting attack, which relies on offering something desirable to trick the victim into performing a risky action.

Exam trap

The trap here is that candidates confuse baiting with pretexting because both involve deception, but baiting specifically uses a physical lure (like a USB drive) to trigger an action, whereas pretexting relies on a fabricated story or identity to gain information.

How to eliminate wrong answers

Option A (Scarcity) is wrong because scarcity involves creating a false sense of urgency or limited availability (e.g., 'Only 5 licenses left!'), not leaving a physical device to be found. Option C (Pretexting) is wrong because pretexting requires the attacker to fabricate a false identity or scenario (e.g., pretending to be IT support) to extract information, not relying on the victim's curiosity about a found object. Option D (Tailgating) is wrong because tailgating involves an unauthorized person physically following an authorized person into a restricted area, not leaving a malicious device for the victim to pick up and use.

256
MCQeasy

After deploying a new application to 50 workstations, several users report that the application crashes on launch. You need to quickly check if the application's core DLL files are present and correctly registered on a remote computer. Which command should you use?

A.regsvr32 /s C:\App\core.dll
B.ipconfig /flushdns
C.chkdsk C:
D.tasklist /S remotePC
AnswerD

Tasklist with the /S switch allows querying processes on a remote computer; if the application is running, it implies its DLLs are correctly present and registered.

Why this answer

To check if the application's core DLL files are present and correctly registered on a remote computer, you can use `tasklist /S remotePC` to list running processes on that remote machine. If the application process appears, it indicates that its core DLLs are loaded and properly registered. The other options either run locally (regsvr32) or perform unrelated tasks (ipconfig, chkdsk).

257
MCQeasy

A user calls the help desk, frantic because their banking app shows an unauthorized transfer of $500. They say they received a call earlier from 'bank security' asking them to install a remote access tool to 'verify their account'. What type of social engineering attack did the user fall victim to?

A.Phishing
B.Vishing
C.Smishing
D.Shoulder surfing
AnswerB

Vishing (voice phishing) uses phone calls to impersonate legitimate organizations and trick victims into revealing sensitive information or installing malware. This scenario perfectly matches that description.

Why this answer

The user received a phone call (voice channel) and was tricked into installing remote access software, which is the hallmark of vishing (voice phishing). Unlike phishing, which uses email or malicious links, vishing exploits telephone systems and social engineering to gain unauthorized access or sensitive information.

Exam trap

CompTIA A+ 220-1202 often tests the distinction between vishing and phishing by emphasizing the communication medium (voice call vs. email), so candidates mistakenly choose phishing when the attack vector is a phone call rather than a digital message.

How to eliminate wrong answers

Option A is wrong because phishing typically involves deceptive emails or websites that trick users into clicking a link or entering credentials, not a phone call requesting software installation. Option C is wrong because smishing uses SMS text messages to deliver malicious links or requests, not a live voice call. Option D is wrong because shoulder surfing relies on physically observing a user's screen or keystrokes, not a remote phone-based interaction.

258
MCQhard

A technician needs to deploy a custom configuration profile to 20 Mac computers in a small office without using a third-party MDM. The profile must enforce Wi-Fi settings and disable iCloud. Which macOS tool can create and sign this configuration profile?

A.Apple Configurator
B.System Settings > Profiles
C.Terminal with 'profiles' command
D.Profile Manager in macOS Server
AnswerA

Apple Configurator allows you to create, edit, and sign configuration profiles for macOS and iOS, suitable for small deployments without MDM.

Why this answer

Apple Configurator is the correct tool because it can create and sign custom configuration profiles (.mobileconfig files) for macOS without requiring a third-party MDM. It allows a technician to specify Wi-Fi settings and restrictions like disabling iCloud, then export the signed profile for manual deployment to the 20 Macs via USB or email.

Exam trap

Candidates often confuse Apple Configurator (which creates and signs profiles) with built-in tools like System Settings or the 'profiles' terminal command, which only install or manage existing profiles—not create or sign them.

How to eliminate wrong answers

Option B is wrong because System Settings > Profiles is only for viewing and manually installing profiles that are already signed, not for creating or signing them. Option C is wrong because the Terminal 'profiles' command can install, remove, or list profiles but cannot create or sign a new configuration profile from scratch. Option D is wrong because Profile Manager in macOS Server requires a running MDM service and is considered a third-party MDM solution, which the question explicitly excludes.

259
MCQmedium

A user reports that their Windows 10 PC is unable to connect to shared network folders on the office server. You need to verify that the necessary network discovery and file sharing services are running. Which administrative tool should you open to check the status of services like 'Function Discovery Resource Publication' and 'SSDP Discovery'?

A.Network and Sharing Center
B.Device Manager
C.Services.msc
D.Task Manager
AnswerC

Services.msc allows you to view and manage the status of all Windows services, including network discovery services.

Why this answer

The correct answer is C because the 'Services.msc' (Services console) is the dedicated Microsoft Management Console (MMC) snap-in used to start, stop, and configure Windows services. To verify that 'Function Discovery Resource Publication' (which publishes the machine's resources for network discovery) and 'SSDP Discovery' (which implements the Simple Service Discovery Protocol for UPnP devices) are running, you must open the Services console. Network and Sharing Center only shows connection status and sharing settings, not the underlying service state.

Exam trap

The trap here is that candidates often confuse the 'Network and Sharing Center' (which displays network discovery settings) with the actual service management console, not realizing that the service state must be verified separately in Services.msc because the GUI toggle in Network and Sharing Center only changes the firewall rules, not the underlying service status.

How to eliminate wrong answers

Option A is wrong because Network and Sharing Center is a GUI for viewing network status, setting up new connections, and managing sharing profiles; it does not display or allow control of individual Windows services like 'Function Discovery Resource Publication' or 'SSDP Discovery'. Option B is wrong because Device Manager is used to manage hardware drivers and devices, not software services; it has no interface for service state or startup type. Option D is wrong because Task Manager shows running processes and performance metrics, but it does not list system services by their service name or provide controls for service startup type; it only shows a limited view of processes under the 'Services' tab, not the full service management console.

260
MCQmedium

A technician is configuring a Windows 10 kiosk system that will run a single application in a public library. The kiosk must automatically log on and start the app without any user interaction. Which security setting combination is required?

A.Enable 'Sticky Keys' and configure the 'Ease of Access' settings
B.Configure 'Automatic logon' in the registry and enable 'Assigned Access' for the kiosk account
C.Set the 'Shutdown: Allow system to be shut down without having to log on' policy
D.Enable 'User Account Control: Run all administrators in Admin Approval Mode'
AnswerB

Automatic logon allows the system to boot directly to the desktop, and Assigned Access restricts the user to a single app, creating a proper kiosk environment.

Why this answer

Option B is correct because configuring 'Automatic logon' in the registry (via the WinLogon key) allows the kiosk to boot directly to the desktop without user interaction, while enabling 'Assigned Access' restricts the kiosk account to running only a single specified Universal Windows Platform (UWP) app, preventing access to the rest of the system. This combination meets the requirement for an unattended, single-application kiosk in a public library.

Exam trap

The trap here is that candidates may confuse 'Automatic logon' with general security policies like shutdown permissions or UAC, or mistakenly think accessibility features can automate logon, when in fact only the registry-based autologon combined with Assigned Access satisfies the unattended single-app requirement.

How to eliminate wrong answers

Option A is wrong because 'Sticky Keys' and 'Ease of Access' settings are accessibility features that modify keyboard input behavior, not security or autologon mechanisms; they cannot automatically log on a user or launch a single app. Option C is wrong because the 'Shutdown: Allow system to be shut down without having to log on' policy (a local security policy) only controls whether the shutdown command is available on the logon screen, not autologon or application restriction. Option D is wrong because 'User Account Control: Run all administrators in Admin Approval Mode' is a UAC setting that affects how administrative privileges are elevated, but it does not enable automatic logon or enforce a single-app kiosk environment.

261
MCQmedium

A technician is writing a PowerShell script to check the last boot time of a remote computer. The script uses Get-CimInstance Win32_OperatingSystem. The script works locally but fails with an access denied error when targeting a remote machine. Both computers are domain-joined and the technician has admin rights. What is the most likely issue?

A.The remote computer does not have PowerShell installed.
B.The remote computer has Windows Firewall blocking WMI traffic.
C.The script uses an incorrect namespace.
D.The technician is not a member of the Remote Management Users group.
AnswerB

WMI remote connections require specific firewall rules; if blocked, access is denied.

Why this answer

Get-CimInstance uses the WS-Management (WSMan) protocol, which relies on WinRM. By default, Windows Firewall blocks inbound WinRM traffic on port 5985 (HTTP) and 5986 (HTTPS). Even though the technician has admin rights and both machines are domain-joined, the remote firewall must allow WinRM traffic for the CIM session to succeed.

The local success is because no firewall traversal is needed.

Exam trap

CompTIA often tests the misconception that access denied errors are always due to permissions or group membership, when in fact network-level firewall blocking of WinRM/WMI traffic is a frequent real-world cause.

How to eliminate wrong answers

Option A is wrong because PowerShell is not required on the remote machine for Get-CimInstance; it uses WMI via WinRM, which only requires the WMI service to be running. Option C is wrong because the default namespace for Win32_OperatingSystem is root/cimv2, which is correct and not the cause of an access denied error. Option D is wrong because the Remote Management Users group is not required for WMI access; membership in the local Administrators group on the remote computer is sufficient for WMI queries.

262
MCQmedium

A technician is troubleshooting a remote user's inability to connect to the corporate network via VPN. The user can ping the VPN server's public IP address. Which step should the technician take next to isolate the issue?

A.Reboot the user's modem
B.Check the VPN client logs for errors
C.Disable the user's firewall
D.Reinstall the VPN client software
AnswerB

Logs often contain specific error codes (e.g., authentication failure, certificate issues) that guide further troubleshooting.

Why this answer

Since the user can reach the VPN server, the issue is likely at the authentication or configuration layer. Checking the VPN client logs provides detailed error messages that can pinpoint the problem.

263
MCQhard

A security incident occurred on a Windows 10 workstation, and you need to review detailed logs of user logon attempts, including successful and failed logins, to identify unauthorized access. Which tool should you use to view these security logs?

A.Reliability Monitor
B.Performance Monitor
C.Event Viewer
D.Group Policy Editor
AnswerC

Event Viewer's Security log records all logon events, providing the necessary audit trail.

Why this answer

Event Viewer is the correct tool because it provides access to Windows Security logs, which record detailed information about user logon attempts, including both successful (Event ID 4624) and failed (Event ID 4625) logins. These logs are essential for forensic analysis of unauthorized access on a Windows 10 workstation.

Exam trap

The A+ exam often tests the distinction between tools that view logs (Event Viewer) versus tools that configure settings (Group Policy Editor) or monitor performance (Performance Monitor), leading candidates to confuse administrative utilities.

How to eliminate wrong answers

Option A is wrong because Reliability Monitor tracks system stability and application failures, not security-related logon events. Option B is wrong because Performance Monitor focuses on system performance metrics like CPU and memory usage, not security audit logs. Option D is wrong because Group Policy Editor is used to configure system policies and security settings, not to view existing event logs.

264
MCQmedium

A technician is writing a PowerShell script to retrieve the IP configuration of all computers in a domain and output the results to a CSV file. The script must run on a management workstation and target remote machines. Which cmdlet should the technician use to execute commands on remote computers?

A.Invoke-Command
B.Enter-PSSession
C.Get-WmiObject
D.Out-File
AnswerA

Correct. Invoke-Command runs a script block on one or more remote computers and returns results, perfect for gathering data from many machines.

Why this answer

Invoke-Command is the correct cmdlet because it is designed to execute PowerShell commands or script blocks on one or more remote computers and return the results to the local session. This allows the technician to run the IP configuration retrieval script against all domain computers from the management workstation and then pipe the output to Export-Csv.

Exam trap

CompTIA often tests the distinction between interactive remote sessions (Enter-PSSession) and one-off command execution (Invoke-Command), leading candidates to choose Enter-PSSession when the requirement is to run a script against multiple computers and capture output.

How to eliminate wrong answers

Option B (Enter-PSSession) is wrong because it creates an interactive, persistent session with a single remote computer, which is not suitable for running a script against multiple remote machines and capturing output to a CSV file. Option C (Get-WmiObject) is wrong because while it can retrieve WMI data from remote computers using the -ComputerName parameter, it is not a cmdlet for executing arbitrary PowerShell commands or script blocks; it is a specific cmdlet for WMI queries. Option D (Out-File) is wrong because it is used to send output to a text file on the local machine, not to execute commands on remote computers.

265
MCQmedium

A customer brings in a laptop that they want to recycle, but they are concerned about personal data. The laptop has a 256GB SSD and the customer wants to keep the laptop functional for resale. Which method should the technician recommend?

A.Remove the SSD and physically destroy it, then sell the laptop without a drive.
B.Use a degausser on the SSD.
C.Perform a standard format and reinstall Windows.
D.Use the 'Reset this PC' option with the 'Remove everything and clean the drive' setting.
AnswerD

This option performs a secure erase that overwrites all sectors, making data recovery difficult while keeping the laptop functional.

Why this answer

The correct answer is to use the built-in 'Reset this PC' with the 'Remove everything and clean the drive' option, which performs a secure wipe on SSDs. This ensures data is overwritten while keeping the laptop usable. Simple deletion or formatting is insufficient, and physical destruction would make the laptop unusable.

266
MCQeasy

A junior admin needs to list all files in /var/log that were modified in the last 24 hours. Which command accomplishes this?

A.ls -la /var/log | grep '24 hours'
B.find /var/log -mtime 0
C.find /var/log -atime 0
D.locate /var/log | sort -m
AnswerB

This correctly finds files modified within the last 24 hours (0 means less than 1 day ago).

Why this answer

Option B is correct because the `find` command with `-mtime 0` searches for files whose modification time is within the last 24 hours. The `-mtime` argument uses a 24-hour period, where `0` means modified less than 24 hours ago, making it the precise tool for this task.

Exam trap

The A+ exam often tests the distinction between `-mtime` (modification time) and `-atime` (access time), trapping candidates who confuse the two or who think `ls` with `grep` can perform time-based filtering.

How to eliminate wrong answers

Option A is wrong because `ls -la` lists files but does not filter by modification time; piping to `grep '24 hours'` would only match lines containing that literal string, not files modified in the last 24 hours. Option C is wrong because `-atime 0` checks access time (last read), not modification time, so it would list files accessed in the last 24 hours, not those modified. Option D is wrong because `locate` searches a pre-built database of file paths and does not support time-based filtering; `sort -m` merges sorted files, which is irrelevant to listing recently modified files.

267
MCQhard

An organization wants to ensure that even if a laptop is stolen, the data on the hard drive cannot be read. The laptop runs Windows 10 Pro and is used by employees who travel frequently. Which security feature should be enabled?

A.Enable BitLocker Drive Encryption on the system drive.
B.Set a strong BIOS/UEFI password.
C.Configure a screensaver password with a short timeout.
D.Use EFS to encrypt individual files and folders.
AnswerA

BitLocker encrypts the entire drive, ensuring that if the laptop is stolen, the data cannot be accessed without the recovery key or TPM authentication.

Why this answer

BitLocker Drive Encryption is the correct choice because it encrypts the entire system drive at the block level, using AES encryption (typically 128-bit or 256-bit) with a TPM (Trusted Platform Module) to protect the encryption keys. This ensures that if the laptop is stolen, the hard drive cannot be removed and read from another system, as the data remains encrypted without the correct authentication (e.g., TPM + PIN or recovery key).

Exam trap

CompTIA A+ often tests the distinction between encryption at rest (BitLocker) and access control (BIOS password, screensaver) or partial encryption (EFS), leading candidates to choose a non-encryption option that does not protect data when the drive is physically removed.

How to eliminate wrong answers

Option B is wrong because a strong BIOS/UEFI password only prevents unauthorized booting or changes to firmware settings, but it does not encrypt the hard drive; an attacker can remove the drive and read its data directly from another machine. Option C is wrong because a screensaver password with a short timeout only locks the user session when idle, but it does not protect data if the laptop is stolen while powered off or if the drive is removed; it also does not encrypt the drive. Option D is wrong because EFS (Encrypting File System) encrypts only individual files and folders at the file system level, not the entire drive, and it relies on the user's Windows profile, which can be bypassed if the drive is removed or if the user account is compromised; it also does not protect system files or the pagefile.

268
MCQmedium

A company is migrating to new laptops and needs to dispose of 50 old hard drives securely. The drives contain proprietary software and client data. The IT manager wants a method that is both environmentally friendly and compliant with data protection laws. Which disposal method should be chosen?

A.Donate the drives to a local charity after wiping them with a free tool.
B.Use a certified e-waste recycler that offers secure destruction and recycling.
C.Physically break the drives with a drill and dispose of them in the regular trash.
D.Perform a quick format and sell the drives online.
AnswerB

Certified recyclers follow standards for data destruction (e.g., shredding) and recycle materials, meeting both security and environmental goals.

Why this answer

Option B is correct because certified e-waste recyclers follow strict data destruction standards (e.g., NIST SP 800-88) and environmental regulations (e.g., R2 or e-Stewards certification). This ensures the drives are physically destroyed or degaussed to prevent data recovery, while responsibly recycling materials, meeting both security and compliance requirements.

Exam trap

Candidates often think that physical destruction (e.g., drilling) is sufficient for security, but the trap is that it must be combined with proper disposal (e.g., through a certified recycler) to be both environmentally compliant and legally defensible.

How to eliminate wrong answers

Option A is wrong because free wiping tools may not overwrite data to a secure standard (e.g., only a single pass or not covering hidden areas like HPA/DCO), and donating drives still risks residual data exposure if the tool fails or is misused. Option C is wrong because physically breaking drives with a drill does not guarantee complete destruction of all platters or chips, and disposing of them in regular trash violates environmental laws and can lead to data recovery from remaining fragments. Option D is wrong because a quick format only removes the file system pointers, leaving all data intact and easily recoverable with forensic tools, and selling drives online exposes proprietary software and client data to unauthorized parties.

269
MCQmedium

A small business owner wants to ensure that if a laptop is stolen, the data on the drive cannot be read. The laptop runs Windows 11 Pro. What is the most appropriate remediation?

A.Set a strong BIOS password
B.Enable BitLocker on the system drive
C.Install an antivirus with anti-theft features
D.Use a cloud backup service
AnswerB

BitLocker encrypts the entire drive, rendering data inaccessible without the key, even if the drive is removed.

Why this answer

BitLocker is the native full-disk encryption feature in Windows 11 Pro that encrypts the entire system drive, including the operating system, applications, and all user data. If the laptop is stolen, the data on the drive remains unreadable without the recovery key or TPM authentication, even if the drive is removed and attached to another computer. This directly addresses the requirement to prevent data access after theft.

Exam trap

The trap here is that candidates often confuse a BIOS password with drive encryption, thinking it secures the data, but BIOS passwords only control boot access and do not protect against physical drive removal and forensic analysis.

How to eliminate wrong answers

Option A is wrong because a BIOS password only prevents unauthorized booting or BIOS changes but does not encrypt the drive; the data can still be read by removing the drive and connecting it to another system. Option C is wrong because antivirus with anti-theft features typically provides location tracking, remote lock, or wipe capabilities, but it does not encrypt the drive at rest, so data remains accessible if the drive is removed. Option D is wrong because a cloud backup service protects against data loss but does not prevent an attacker from reading data already stored on the laptop's drive.

270
MCQmedium

A technician is tasked with deploying 50 Android tablets for a field sales team. The tablets need to have a consistent set of apps, settings, and security policies. The technician wants to avoid manually configuring each device. Which Android feature should the technician use?

A.Samsung DeX
B.Google Backup
C.Android Enterprise (Zero-Touch Enrollment)
D.Developer Options > OEM Unlocking
AnswerC

Android Enterprise allows IT to enroll devices automatically via QR code or NFC, apply policies, and install apps remotely through an MDM.

Why this answer

Android Enterprise Zero-Touch Enrollment allows IT administrators to provision devices automatically by associating them with a management provider (e.g., Samsung Knox, VMware Workspace ONE) via the manufacturer's portal. When the tablets are powered on and connected to Wi-Fi, they download a policy that enforces apps, settings, and security configurations without any manual intervention. This is the correct solution for deploying 50 tablets consistently.

Exam trap

The trap here is that candidates confuse Google Backup (a personal restore tool) with enterprise provisioning, or think Samsung DeX can manage device settings, when in fact only Android Enterprise Zero-Touch Enrollment automates bulk deployment of apps and policies.

How to eliminate wrong answers

Option A is wrong because Samsung DeX is a desktop-like interface for productivity, not a mass provisioning or enrollment feature. Option B is wrong because Google Backup is designed to restore personal user data (e.g., contacts, app data) from the cloud, not to enforce enterprise-wide policies or install a consistent set of apps across multiple devices. Option D is wrong because Developer Options > OEM Unlocking is used to unlock the bootloader for custom ROMs or rooting, which is a security risk and irrelevant to enterprise enrollment and policy deployment.

271
MCQeasy

A user reports that their Windows 10 computer runs a script every time they log in that maps a network drive, but the drive mapping fails intermittently. The script uses the 'net use' command. Which scripting element should be added to handle the failure gracefully and retry the mapping?

A.A comment line explaining the net use syntax
B.A variable to store the drive letter
C.An exit code check and a loop to retry the mapping
D.A 'pause' command after the net use line
AnswerC

Checking the exit code allows the script to detect failure and a loop can retry the command until success or a maximum number of attempts.

Why this answer

This question tests basic error handling in scripting. Adding error-checking logic, such as checking the exit code of 'net use' and retrying if it fails, makes the script more robust. A simple 'if errorlevel' or 'if %errorlevel% neq 0' construct allows the script to retry the command instead of failing silently.

272
MCQmedium

A user reports that their virtual machine running on a Type 2 hypervisor is extremely slow. The host machine has 16 GB of RAM, and the VM is configured with 8 GB. The host's task manager shows 90% memory usage. What should the technician do to improve the VM's performance?

A.Increase the number of virtual CPUs assigned to the VM.
B.Reduce the amount of RAM allocated to the VM to 4 GB.
C.Change the virtual disk from thin to thick provisioning.
D.Enable hyper-threading on the host CPU.
AnswerB

Reducing the VM's RAM frees up memory for the host, alleviating the memory pressure and improving overall performance.

Why this answer

The host is experiencing 90% memory pressure, meaning the host OS is starved of RAM. A Type 2 hypervisor (like VMware Workstation or VirtualBox) relies on the host OS to manage memory; if the host is paging heavily, the VM will also suffer. Reducing the VM’s allocated RAM from 8 GB to 4 GB frees memory for the host, reducing swapping and improving overall VM performance.

Exam trap

A common mistake is the misconception that adding more virtual resources (vCPUs or disk provisioning changes) always improves performance, when in reality the root cause is host memory starvation, and the correct fix is to reduce the VM's allocated RAM.

How to eliminate wrong answers

Option A is wrong because increasing virtual CPUs would increase CPU scheduling overhead and could worsen performance, especially when the bottleneck is memory, not CPU. Option C is wrong because changing from thin to thick provisioning affects disk I/O performance and storage allocation, not the immediate memory pressure causing the slowness. Option D is wrong because enabling hyper-threading on the host CPU improves parallel processing but does not address the host’s 90% memory usage; it could even increase memory contention if more threads compete for the same limited RAM.

273
MCQeasy

A technician needs to map a network drive to a shared folder on a file server for a user who frequently works remotely. The share path is \\Server\Data. Which command would you use to persistently map this drive as drive letter Z:?

A.net user Z: \\Server\Data /add
B.net use Z: \\Server\Data /persistent:yes
C.chkdsk Z: /f
D.ipconfig /renew
AnswerB

Correctly maps the drive persistently.

Why this answer

Option B is correct because the `net use` command is used to map a network share to a drive letter, and the `/persistent:yes` switch ensures the mapping is reconnected automatically after a reboot or network interruption, which is essential for a user who works remotely. The syntax `net use Z: \\Server\Data /persistent:yes` correctly specifies the drive letter, UNC path, and persistence flag.

Exam trap

The trap here is confusing `net use` with `net user` — candidates often misremember the command name or think `/add` applies to drive mappings, when in fact `net user` is strictly for account management.

How to eliminate wrong answers

Option A is wrong because `net user` is used to manage local user accounts, not to map network drives; the `/add` switch adds a user account, making this command entirely unrelated to drive mapping. Option C is wrong because `chkdsk` checks the file system integrity of a volume and cannot map a network share; the `/f` flag fixes errors on a local disk, not a remote path. Option D is wrong because `ipconfig /renew` renews the DHCP lease for a network adapter, which does not map a drive or create a persistent connection to a shared folder.

274
MCQmedium

A customer calls to report that their laptop won't turn on. The technician suspects a dead battery. Which of the following responses demonstrates proper troubleshooting and professionalism?

A.Tell the customer to buy a new battery immediately.
B.Ask the customer to plug in the charger and see if any lights appear.
C.Say that the motherboard is likely dead and needs replacement.
D.Tell the customer to bring the laptop to the shop without further questions.
AnswerB

This is a logical first step to determine if the battery or power adapter is the issue.

Why this answer

A systematic approach to troubleshooting shows competence. Starting with simple checks and explaining each step keeps the customer informed and involved.

275
MCQhard

A technician is troubleshooting a slow Remote Desktop connection for a user working from home. The user's internet speed test shows 50 Mbps download and 10 Mbps upload. The office network has a 100 Mbps symmetrical connection. Which of the following is the most likely cause of the slowness?

A.The office network is oversubscribed
B.The user's internet connection has high latency
C.The user's upload speed is insufficient for RDP
D.The VPN is using an outdated encryption protocol
AnswerC

RDP sends screen updates from the host to the client, so the host's upload speed (user's upload) is critical. 10 Mbps may be too low for a good experience.

Why this answer

When using Remote Desktop Protocol (RDP), the client computer sends keyboard and mouse inputs, clipboard data, and other commands to the remote server. This upstream traffic, while typically small, can become a bottleneck if the session involves high-resolution graphics, multiple monitors, or frequent file transfers from the client to the server. The user's internet speed test shows only 10 Mbps upload, which may be insufficient to handle the continuous stream of input and session data required for a responsive RDP experience, especially if other applications are also competing for upload bandwidth.

Therefore, the user's upload speed is the most likely cause of the slowness.

Exam trap

CompTIA often tests the misconception that download speed is the primary factor for RDP performance, when in reality the user's upload speed is the bottleneck because RDP sends client input and screen updates upstream.

How to eliminate wrong answers

Option A is wrong because the office network has a 100 Mbps symmetrical connection, and oversubscription would cause slowness for all users, not just this remote user; the question states only this user is experiencing slowness. Option B is wrong because high latency would cause lag or delay, not necessarily slowness in throughput; the user's speed test shows adequate download/upload speeds, and latency is not measured in Mbps. Option D is wrong because outdated encryption protocols (e.g., PPTP) can cause security vulnerabilities but do not inherently cause slowness; modern VPNs with AES encryption have negligible performance impact compared to bandwidth limitations.

276
MCQeasy

During a software deployment, a technician must explain to a non-technical manager why a critical security update requires an immediate reboot of all workstations, even though it interrupts work. The manager is concerned about productivity loss. How should the technician communicate this?

A."The update fixes a vulnerability that could let attackers steal company data. A reboot is required to apply it. The risk of a breach outweighs the short downtime."
B."Just schedule the reboot for after hours and it won't affect productivity."
C."It's IT policy. We have to do this. Please inform your team."
D."The update is mandatory, but you can delay it for a week if needed."
AnswerA

This explains the security risk in business terms and justifies the reboot, demonstrating effective communication with non-technical stakeholders.

Why this answer

Option A is correct because it directly addresses the manager's concern about productivity loss by clearly explaining the security risk (data theft via an unpatched vulnerability) and why the reboot is necessary to apply the update. This approach uses risk-benefit language that a non-technical manager can understand, aligning with the CompTIA A+ objective of communicating technical requirements to stakeholders in business terms.

Exam trap

CompTIA often tests the candidate's ability to prioritize security over convenience and to communicate technical risks in business terms, so the trap here is choosing a technically correct but poorly communicated answer (like B or C) that fails to address the manager's legitimate productivity concerns.

How to eliminate wrong answers

Option B is wrong because it suggests scheduling the reboot for after hours, which may not be feasible if the security update requires an immediate reboot to close a critical vulnerability that is actively being exploited; delaying the reboot even a few hours could expose the network to attack. Option C is wrong because citing 'IT policy' without explaining the technical reason fails to build trust or address the manager's productivity concern, and it does not provide the necessary context for why the reboot cannot be deferred. Option D is wrong because allowing a one-week delay for a critical security update is irresponsible; the vulnerability could be exploited in the wild within hours, and delaying the patch violates security best practices and potentially compliance requirements.

277
MCQhard

A technician is investigating a security incident where multiple workstations on the same network are showing signs of infection: slow performance, unusual network traffic, and the presence of a file named 'svch0st.exe' in the Startup folder. The technician suspects a worm that spreads through network shares. What is the most effective containment strategy?

A.Run a full antivirus scan on all workstations simultaneously.
B.Disable network shares and isolate infected workstations from the network.
C.Update the antivirus definitions on one workstation and scan it.
D.Reboot all workstations into Safe Mode with Networking.
AnswerB

This stops the worm from spreading via file shares and prevents further infection.

Why this answer

Disabling network shares and isolating infected workstations from the network is the most effective containment strategy because the worm spreads through network shares (SMB protocol). By cutting off the propagation vector (network shares) and isolating infected hosts, you prevent the worm from reaching other workstations, even if the malware is still active locally. This aligns with the immediate containment phase of incident response, which prioritizes stopping the spread over remediation.

Exam trap

Cisco often tests the distinction between remediation (cleaning the infection) and containment (stopping the spread), and the trap here is that candidates choose a remediation action like scanning or updating definitions instead of the immediate containment step of disabling the propagation vector.

How to eliminate wrong answers

Option A is wrong because running a full antivirus scan on all workstations simultaneously does not stop the worm from actively spreading through network shares during the scan; the worm can continue to infect new systems while scans are running, and scanning without isolation is ineffective for containment. Option C is wrong because updating antivirus definitions on one workstation and scanning only that single system ignores the fact that the worm is already on multiple workstations and actively spreading via network shares; this does not contain the outbreak. Option D is wrong because rebooting all workstations into Safe Mode with Networking still leaves network shares enabled and the workstations connected to the network, allowing the worm to continue spreading via SMB; Safe Mode with Networking does not disable file sharing or isolate the systems.

278
MCQhard

A technician is investigating a security breach where sensitive customer data was exfiltrated. The only malware found is a hidden driver that intercepts keystrokes and sends them to a remote server. Which malware type is responsible, and what is the best removal strategy?

A.Spyware; remove by running a standard antivirus scan.
B.Keylogger; use a rescue disk to boot and run an anti-rootkit scanner.
C.Ransomware; restore from backup.
D.Adware; uninstall suspicious programs from Control Panel.
AnswerB

A keylogger that operates as a rootkit needs a boot-time scan to bypass its stealth mechanisms.

Why this answer

The malware is a hidden driver that intercepts keystrokes and sends them to a remote server, which is the classic behavior of a keylogger. Because it is a driver, it likely operates at the kernel level, making it a rootkit. Standard antivirus scans may miss it because the OS is compromised, so the best removal strategy is to boot from a rescue disk (clean OS) and run an anti-rootkit scanner to detect and remove the driver without the rootkit hiding itself.

Exam trap

The CompTIA A+ exam often tests the misconception that any malware that steals data is spyware, but the specific mechanism (hidden driver intercepting keystrokes) points to a keylogger, and the trap is that candidates overlook the need for a rescue disk because they assume a standard antivirus scan can remove kernel-level threats.

How to eliminate wrong answers

Option A is wrong because spyware typically collects browsing habits or personal data without necessarily intercepting keystrokes, and a standard antivirus scan is often ineffective against kernel-level drivers that hide from the OS. Option C is wrong because ransomware encrypts files and demands payment, not exfiltrates data via keystroke interception; restoring from backup does not remove the hidden driver. Option D is wrong because adware displays unwanted ads and is usually removed via Control Panel, but a hidden driver keylogger requires specialized tools like anti-rootkit scanners, not simple uninstallation.

279
MCQeasy

A customer reports that their laptop was stolen from a locked office over the weekend. The office door uses a standard key lock, and the laptop was not physically secured. Which physical security control would have most likely prevented this theft?

A.Use a smart card reader on the door
B.Install a security camera in the hallway
C.Attach a cable lock to the laptop
D.Enable BitLocker on the laptop
AnswerC

A cable lock anchors the laptop to a fixed object, making theft much harder and time-consuming.

Why this answer

This question tests knowledge of physical security controls that deter theft. A cable lock physically attaches the laptop to a desk, making it difficult to remove quickly. Key locks on doors alone are insufficient if someone gains access; cable locks provide a secondary layer of defense.

280
MCQeasy

A user reports that they can no longer connect to the company network from home using VPN. They confirm their internet connection is working and that they can browse websites. Which of the following should a technician check first to resolve the VPN connectivity issue?

A.Check if the VPN client software is up to date
B.Verify the user's VPN username and password
C.Restart the VPN server at the data center
D.Reinstall the network adapter drivers
AnswerB

Incorrect or expired credentials are a frequent cause of VPN connection failures, and verifying them is a logical first troubleshooting step.

Why this answer

The user's internet connection is working (they can browse websites), which rules out general network connectivity issues. The most common cause of VPN authentication failure is incorrect or expired credentials, so verifying the username and password is the quickest and most logical first step before escalating to more complex troubleshooting.

Exam trap

CompTIA often tests the principle of 'start with the simplest and most likely cause'—the trap here is that candidates jump to advanced fixes like updating software or restarting servers, overlooking the basic credential check that resolves the majority of single-user VPN failures.

How to eliminate wrong answers

Option A is wrong because checking if the VPN client software is up to date is a secondary step; outdated client software typically causes compatibility or feature issues, not authentication failures, and the user's ability to browse indicates the client is at least launching. Option C is wrong because restarting the VPN server at the data center is a drastic, disruptive action that should only be taken after ruling out client-side and authentication issues; it is not a first-line troubleshooting step for a single user. Option D is wrong because reinstalling network adapter drivers addresses hardware or driver-level connectivity problems, but the user's internet is working, so the network adapter is functioning correctly.

281
MCQmedium

A user complains that their Android phone's battery drains extremely fast after a recent OS update. They have already tried restarting the device. What is the most likely cause and solution?

A.The update installed a malware app; perform a factory reset.
B.The update reset battery optimization settings; re-enable them.
C.The device is performing background indexing; wait a day or two.
D.The battery is failing due to the update; replace the battery.
AnswerC

Post-update background tasks often cause temporary drain; patience is the recommended first step.

Why this answer

After a major OS update, Android devices often perform background indexing of files, media, and app data to optimize search and performance. This process is CPU- and I/O-intensive, causing increased battery drain for 24–48 hours. The correct solution is to wait a day or two for indexing to complete, as restarting alone does not stop this background task.

Exam trap

CompTIA often tests the misconception that any post-update battery drain is due to malware or a failing battery, when in fact background system processes like indexing are the most common cause.

How to eliminate wrong answers

Option A is wrong because malware is not a typical consequence of an official OS update from the device manufacturer or carrier; a factory reset is an extreme and unnecessary step for temporary post-update battery drain. Option B is wrong because OS updates do not reset battery optimization settings; they may change default app permissions or background restrictions, but the core optimization settings remain intact. Option D is wrong because a battery does not suddenly fail due to a software update; battery degradation is gradual and unrelated to OS version changes.

282
MCQhard

A technician is troubleshooting a user's slow computer. The user mentions they received a call from 'Windows Support' saying their computer had a virus. The user gave the caller remote access to 'fix' it. Now, the computer is running slower and has strange pop-ups. What is the most likely consequence of this social engineering attack?

A.The computer is now part of a botnet used for DDoS attacks.
B.The attacker installed a keylogger to steal credentials and sensitive data.
C.The computer's BIOS has been corrupted.
D.The hard drive has been physically damaged.
AnswerB

A keylogger is a common payload in tech support scams. The attacker can capture passwords, banking info, and other sensitive data, leading to identity theft or financial loss.

Why this answer

The attacker gained remote access to the user's computer under the guise of tech support. Once in, they installed a keylogger to capture keystrokes, which is a common payload in such social engineering attacks. This allows the attacker to steal credentials, banking information, and other sensitive data, explaining the continued slow performance and pop-ups.

Exam trap

CompTIA A+ often tests the distinction between generic malware effects (like botnet membership) and the specific, high-value goal of credential theft in social engineering scenarios, leading candidates to choose a broader but less precise answer.

How to eliminate wrong answers

Option A is wrong because while a botnet infection is possible, the immediate and most likely consequence of a tech support scam is credential theft via a keylogger, not necessarily DDoS participation. Option C is wrong because BIOS corruption requires specific, targeted firmware-level access and is not a typical outcome of a remote desktop session; the attacker would need to reboot into a special mode or use a BIOS flashing tool. Option D is wrong because physical hard drive damage cannot occur through remote access; the symptoms are caused by malicious software, not hardware failure.

283
MCQmedium

A technician is configuring a new virtual machine for a developer. The developer needs to run multiple isolated environments for testing, but the host machine has limited storage space. Which type of virtual disk configuration should the technician use to minimize storage usage while still allowing the VM to grow as needed?

A.Thick provisioning
B.Thin provisioning
C.Fixed-size disk
D.Dynamic disk
AnswerB

Thin provisioning allocates storage as needed, allowing the VM to grow while using only the space actually required, minimizing storage usage.

Why this answer

Thin provisioning (Option B) allocates storage on demand, writing only the data blocks that are actually used, which minimizes initial storage consumption while allowing the virtual disk to grow dynamically up to its maximum configured size. This is ideal for the developer's scenario of multiple isolated test environments on a host with limited storage space.

Exam trap

The A+ exam often tests the distinction between thin provisioning and dynamic disks, where candidates mistakenly choose 'dynamic disk' because it sounds like it grows, but it is a Windows RAID-like volume manager, not a virtual disk provisioning type.

How to eliminate wrong answers

Option A is wrong because thick provisioning pre-allocates the entire virtual disk size at creation, consuming maximum storage immediately and defeating the goal of minimizing storage usage. Option C is wrong because a fixed-size disk is synonymous with thick provisioning, requiring the full allocated space upfront with no ability to grow dynamically. Option D is wrong because 'dynamic disk' is a Windows disk management concept unrelated to virtual disk provisioning; the correct VMware/Hyper-V term for on-demand allocation is thin provisioning.

284
MCQmedium

A user complains that their Remote Desktop session to a Windows 10 Pro workstation frequently disconnects after a few minutes of inactivity. The workstation is on a local network. Which setting should the technician modify on the host computer to prevent this?

A.Disable the screensaver
B.Increase the idle session limit in Remote Desktop settings
C.Change the power plan to High Performance
D.Enable Network Level Authentication
AnswerB

This setting controls how long a session remains active when idle; increasing it will prevent early disconnection.

Why this answer

The Remote Desktop Session Host (RDSH) has a configurable idle session limit that disconnects sessions after a period of inactivity. By default, Windows 10 Pro may enforce a short idle timeout (often 1-5 minutes) to conserve resources. Increasing this limit in the Remote Desktop Session Host settings (under Local Group Policy or the Remote Desktop Services configuration) prevents the automatic disconnection the user is experiencing.

Exam trap

The trap here is that candidates confuse the idle session timeout with power management or screensaver settings, assuming that preventing the screen from turning off will keep the RDP session alive, when in fact the disconnect is controlled by a dedicated Remote Desktop timeout policy.

How to eliminate wrong answers

Option A is wrong because disabling the screensaver prevents the screen from locking or turning off, but it does not affect the Remote Desktop idle session timeout, which is controlled by RDSH policies, not display settings. Option C is wrong because changing the power plan to High Performance prevents the computer from sleeping or reducing power, but the idle disconnect is a session-level timeout set in Remote Desktop services, not a power management feature. Option D is wrong because Network Level Authentication (NLA) is a security feature that requires pre-authentication before a full RDP connection is established; it does not control session disconnection due to inactivity.

285
MCQmedium

A company is moving its on-premises email server to a cloud-based service. The IT manager is concerned about data security and wants to ensure that the email data is encrypted both at rest and in transit. Which cloud service model is the company most likely using?

A.Infrastructure as a Service (IaaS)
B.Platform as a Service (PaaS)
C.Software as a Service (SaaS)
D.Desktop as a Service (DaaS)
AnswerC

SaaS provides a fully managed application, such as cloud-based email, where the provider handles security, including encryption at rest and in transit.

Why this answer

The company is moving its on-premises email server to a cloud-based service, which means they are using a complete email application delivered over the internet. Software as a Service (SaaS) provides ready-to-use applications like email (e.g., Microsoft 365, Google Workspace) where the provider manages the infrastructure, platform, and application, including encryption at rest (e.g., AES-256) and in transit (e.g., TLS 1.2/1.3). This aligns with the IT manager's concern about data security without the company needing to manage underlying servers or platforms.

Exam trap

The exam often tests the distinction between IaaS, PaaS, and SaaS by presenting a scenario where a specific application (like email) is being moved, and the trap is that candidates confuse the underlying infrastructure (IaaS) with the service model that actually provides the application (SaaS).

How to eliminate wrong answers

Option A is wrong because Infrastructure as a Service (IaaS) provides virtualized computing resources (e.g., VMs, storage) but not a pre-built email application; the company would still need to install and manage the email server software and configure encryption themselves. Option B is wrong because Platform as a Service (PaaS) provides a development and deployment environment (e.g., runtime, database) but not a ready-to-use email application; the company would have to build or deploy their own email solution on the platform. Option D is wrong because Desktop as a Service (DaaS) delivers virtual desktops to end-users, not a specific application like email; it focuses on providing a full desktop OS experience, not a managed email service.

286
MCQmedium

During a wireless site survey, a technician discovers that an employee has set up a personal wireless router in their cubicle, connected to the corporate network. This rogue access point is broadcasting an open SSID. Which security risk is most immediately concerning?

A.The rogue AP may cause radio frequency interference with the corporate WLAN.
B.The rogue AP provides an unencrypted entry point for attackers to access the corporate network.
C.The rogue AP will consume additional power from the corporate UPS.
D.The rogue AP's DHCP server may conflict with the corporate DHCP server.
AnswerB

An open SSID means no encryption or authentication, allowing anyone to connect and potentially launch attacks or access sensitive data.

Why this answer

The most immediate security risk of a rogue access point broadcasting an open SSID is that it provides an unencrypted entry point into the corporate network. Any attacker within range can associate with the open SSID and, because the AP is connected to the corporate LAN, gain direct access to internal resources without authentication or encryption, bypassing perimeter security controls.

Exam trap

Cisco often tests the distinction between operational nuisances (interference, DHCP conflicts, power draw) and actual security threats, so the trap here is that candidates may focus on the technical annoyance of a rogue AP rather than the critical security implication of an unencrypted entry point.

How to eliminate wrong answers

Option A is wrong because while a rogue AP can cause RF interference, that is a performance issue, not a security risk, and the question specifically asks about the most immediately concerning security risk. Option C is wrong because power consumption from a single small AP is negligible and does not represent a meaningful security threat. Option D is wrong because a DHCP conflict is a network configuration problem that can cause connectivity issues, but it is not a security vulnerability; the open SSID allowing unauthorized network access is far more critical.

287
MCQeasy

A user reports that their workstation cannot connect to the company file server after a scheduled network maintenance window last night. The technician checks the change management records and finds no mention of any changes to the file server. What is the most likely cause of the issue?

A.The file server requires a firmware update
B.The maintenance window affected a network switch that the file server relies on
C.The user’s account password has expired
D.The file server’s hard drive has failed
AnswerB

Undocumented changes to network infrastructure, like a switch, can disrupt connectivity even if the server itself was not changed.

Why this answer

The scheduled network maintenance window is the key clue: it likely involved changes to network infrastructure such as switches, routers, or VLAN configurations. If a network switch that the file server depends on was modified or rebooted during maintenance, the workstation would lose connectivity even though the file server itself was untouched. Change management records only track changes to the file server, not to network devices, so the absence of file server changes does not rule out a network-level cause.

Exam trap

CompTIA often tests the concept that change management records only reflect changes to the specific device in question, not to the broader network infrastructure, leading candidates to overlook network-level causes like a switch misconfiguration during maintenance.

How to eliminate wrong answers

Option A is wrong because a firmware update is a planned change that would be documented in change management; it is not a typical outcome of a maintenance window and would not suddenly cause a connectivity issue without prior notice. Option C is wrong because an expired password would prevent authentication but not block network connectivity to the file server; the user would still be able to ping or reach the server at the transport layer. Option D is wrong because a hard drive failure would cause the file server to become unresponsive or fail to boot, but the user would likely see a 'server not found' error rather than a simple connectivity loss, and such a failure is unrelated to the scheduled maintenance window.

288
MCQmedium

A technician is replacing a damaged power supply in a desktop PC. After removing the old unit, the technician notices a large capacitor on the motherboard is bulging. What should the technician do to safely handle this situation?

A.Proceed with installing the new power supply and ignore the bulging capacitor.
B.Use a screwdriver to short the capacitor leads to discharge it.
C.Wear insulated gloves and carefully remove the motherboard for replacement.
D.Apply electrical tape over the bulging capacitor to contain it.
AnswerC

Insulated gloves protect against shock, and replacing the motherboard removes the hazard entirely, which is the safest approach.

Why this answer

A bulging capacitor indicates a failed or failing component that can leak electrolyte, cause further damage, or even burst. The safest course is to wear insulated gloves to avoid electric shock or chemical exposure and replace the entire motherboard, as the capacitor cannot be safely repaired in the field. Ignoring it or attempting makeshift fixes risks short circuits, fire, or injury.

Exam trap

The trap here is that candidates may think a bulging capacitor is harmless or can be safely discharged with a screwdriver, but the exam tests the correct safety protocol of replacing the damaged component with proper personal protective equipment.

How to eliminate wrong answers

Option A is wrong because ignoring a bulging capacitor can lead to electrolyte leakage, short circuits, or catastrophic failure that may damage the new power supply or other components. Option B is wrong because shorting capacitor leads with a screwdriver can cause a dangerous spark, electric shock, or damage to the motherboard traces; capacitors should be discharged through a proper resistor or allowed to self-discharge. Option D is wrong because applying electrical tape does not address the internal failure, and the capacitor may still leak, burst, or cause a short circuit under load.

289
MCQmedium

A user reports that a shared file on a Linux server is not accessible to their team. The file permissions are -rwxr----- and the user is a member of the group 'staff'. The file's group owner is 'admin'. Which command should the administrator run to allow the staff group to read the file?

A.chmod 755 file
B.chmod g+r file
C.chgrp staff file
D.chown user:staff file
AnswerC

This changes the group to 'staff', so the group read permission applies to the user's team, granting access.

Why this answer

The file's current permissions (-rwxr-----) grant the owner full access and the group 'admin' read-only access, but the user is in the 'staff' group, not 'admin'. To allow the 'staff' group to read the file, the file's group owner must be changed to 'staff' using `chgrp staff file`. This ensures that the group read permission (r--) applies to members of the 'staff' group.

Exam trap

The trap here is that candidates often confuse 'chmod g+r' (which modifies permissions for the current group) with changing the group ownership, leading them to overlook the core issue that the file's group owner is 'admin', not 'staff'.

How to eliminate wrong answers

Option A is wrong because `chmod 755 file` sets permissions to -rwxr-xr-x, which would give read and execute to everyone, including users outside the intended group, and does not address the group ownership mismatch. Option B is wrong because `chmod g+r file` adds read permission for the current group owner ('admin'), not for the 'staff' group; the user is in 'staff', so this command does not grant access to the user's group. Option D is wrong because `chown user:staff file` changes both the owner and group to 'user' and 'staff', which is excessive and could disrupt other access controls; the requirement is only to change the group ownership to 'staff', not the file owner.

290
MCQhard

During a major software rollout, a technician discovers that the deployment script modifies a registry key that is also used by a legacy application. The change was not included in the original change request. What should the technician do?

A.Proceed with the deployment since the registry change is necessary for the new software.
B.Modify the script to skip the registry change and continue.
C.Stop the deployment and submit a new change request for the registry modification.
D.Document the registry change after the deployment is complete.
AnswerC

Stopping and submitting a new request ensures the change is properly reviewed and documented, preventing unintended consequences.

Why this answer

Option C is correct because any unapproved change to a system, even if necessary, must follow the change management process. The technician discovered that the deployment script modifies a registry key shared with a legacy application, which was not included in the original change request. Stopping the deployment and submitting a new change request ensures proper review, risk assessment, and approval before altering a shared resource that could impact the legacy application.

Exam trap

The trap here is that candidates may think a necessary change can be made immediately without approval, confusing 'necessary' with 'authorized,' but CompTIA emphasizes that all changes must follow the change management process regardless of urgency.

How to eliminate wrong answers

Option A is wrong because proceeding without approval violates change management policy and could cause unexpected failures in the legacy application due to the unplanned registry modification. Option B is wrong because skipping the registry change may break the new software deployment, as the script likely depends on that key for functionality, and modifying the script without authorization is also a change management violation. Option D is wrong because documenting the change after deployment bypasses the required pre-approval process and does not mitigate the risk of impacting the legacy application during the rollout.

291
MCQeasy

A customer complains that their Windows 10 PC is running very slowly after a recent software installation. You suspect a new background service is consuming excessive CPU. Which built-in administrative tool should you use to identify the offending service?

A.Device Manager to check for driver issues.
B.Services console (services.msc) to locate and stop the problematic service.
C.Event Viewer to review system logs.
D.Performance Monitor to create a data collector set.
AnswerB

Correct. The Services console provides a comprehensive list of services and their status, allowing you to stop or disable the offending service.

Why this answer

The Services console (services.msc) allows you to view all running services, their status, and resource usage. By sorting services by CPU consumption or stopping suspected services one by one, you can identify which newly installed service is causing high CPU usage. This is the direct tool for managing and troubleshooting Windows services.

Exam trap

The trap here is that candidates may choose Event Viewer (C) because they think logs will show the CPU issue, but Event Viewer does not display real-time per-process CPU metrics, whereas the Services console directly manages the offending service.

How to eliminate wrong answers

Option A is wrong because Device Manager is used to manage hardware drivers and devices, not to monitor or control software services consuming CPU. Option C is wrong because Event Viewer shows system logs and error events, but does not provide real-time CPU usage per process or service. Option D is wrong because Performance Monitor can create data collector sets for long-term performance analysis, but it is not the quickest or most direct tool for identifying a specific service consuming excessive CPU; the Services console is more immediate.

292
MCQhard

During a routine security audit, a technician discovers that a user's computer has a program that opens a backdoor on port 4444 and allows remote control. The program was installed alongside a free PDF converter the user downloaded last week. Which malware type is this, and what is the most effective removal method?

A.Worm; use a network-based firewall to block port 4444.
B.Trojan horse; boot into Safe Mode and run a full anti-malware scan.
C.Ransomware; pay the ransom to regain control.
D.Rootkit; perform a clean installation of Windows.
AnswerB

The program is a Trojan that came bundled with freeware; Safe Mode scanning can remove it.

Why this answer

The program is a Trojan horse because it disguises itself as a legitimate PDF converter while secretly installing a backdoor. The most effective removal method is to boot into Safe Mode, which loads only essential drivers and services, preventing the Trojan from running, and then perform a full anti-malware scan to detect and remove the malicious files.

Exam trap

The A+ exam often tests the distinction between a Trojan horse and a worm by emphasizing that a Trojan requires user action to install, whereas a worm spreads autonomously, leading candidates to incorrectly choose 'worm' when they see a backdoor on a specific port.

How to eliminate wrong answers

Option A is wrong because a worm self-replicates and spreads across networks without user interaction, whereas this malware required the user to download and install it alongside a PDF converter. Option C is wrong because ransomware typically encrypts files and demands payment for decryption, not opening a backdoor for remote control. Option D is wrong because a rootkit hides deep in the operating system, often at the kernel level, and requires a clean installation to ensure removal; however, this program is a user-level Trojan that can be removed via Safe Mode scanning without full reinstallation.

293
MCQmedium

A company has a policy that all workstations must automatically lock after 10 minutes of inactivity. A user complains that their computer does not lock automatically. Which setting should you check and remediate?

A.Check the power plan settings for sleep timeout
B.Verify that the screen saver is enabled and set to 'On resume, display logon screen' with a 10-minute wait
C.Ensure Windows Update is fully installed
D.Disable the Fast Startup feature
AnswerB

This setting locks the workstation after the specified inactivity period, meeting the policy.

Why this answer

Option B is correct because the automatic lock behavior in Windows is controlled by the screen saver settings. When 'On resume, display logon screen' is enabled with a 10-minute wait, the screen saver triggers after inactivity and locks the workstation by requiring authentication upon resume. This is the standard mechanism for enforcing a lock timeout, not the power plan sleep timeout.

Exam trap

CompTIA often tests the distinction between sleep/screen saver/lock settings, and the trap here is that candidates confuse the power plan sleep timeout with the screen saver lock timeout, assuming sleep automatically locks the workstation.

How to eliminate wrong answers

Option A is wrong because the power plan sleep timeout controls when the system enters a low-power sleep state, not the lock screen; a computer can be idle and unlocked without sleeping. Option C is wrong because Windows Update installation status does not affect the screen saver or lock timeout behavior; missing updates would not prevent automatic locking. Option D is wrong because Fast Startup is a boot optimization feature that affects shutdown and startup, not idle-time locking; disabling it has no impact on the lock timeout.

294
MCQeasy

A user reports that their MacBook Pro running macOS Ventura is unable to open any applications after a recent system update. They see a spinning beach ball when clicking app icons. Which macOS tool should you use first to diagnose and resolve this issue?

A.Terminal
B.Activity Monitor
C.Disk Utility
D.System Information
AnswerB

Activity Monitor shows real-time system resource usage, allowing you to identify processes consuming excessive CPU or memory, which is the correct first step.

Why this answer

Activity Monitor is the correct first tool because it allows you to inspect running processes, CPU usage, memory pressure, and disk activity. The spinning beach ball indicates a hung or unresponsive process, likely caused by a kernel extension or system daemon failing after the update. Activity Monitor can identify the offending process (e.g., a high CPU or stuck I/O process) so you can force quit it or gather logs for further troubleshooting.

Exam trap

CompTIA A+ exams often test the misconception that Disk Utility is the universal fix for post-update issues, but the spinning beach ball is a process-level symptom, not a filesystem problem, so Activity Monitor is the correct initial diagnostic tool.

How to eliminate wrong answers

Option A is wrong because Terminal is a command-line interface that requires prior knowledge of specific commands (e.g., `top`, `kill`, `fs_usage`) and is not the first diagnostic tool for a GUI-level hang; it is more advanced and less accessible for initial triage. Option C is wrong because Disk Utility is used for repairing disk permissions, verifying disk integrity, and managing volumes, but the issue here is a process hang, not a filesystem corruption or disk error. Option D is wrong because System Information provides hardware and software configuration details but does not show real-time process activity or resource usage, making it useless for diagnosing a spinning beach ball caused by a stuck application.

295
MCQmedium

A technician is preparing to replace a failed hard drive in a server that hosts a critical database. The change requires a planned downtime of two hours. Which documentation must the technician review before proceeding?

A.The server's warranty information.
B.The approved change request and the backout plan.
C.The network topology diagram.
D.The employee handbook.
AnswerB

Reviewing the change request confirms authorization, and the backout plan provides steps to restore service if the replacement fails.

Why this answer

Option B is correct because before performing any hardware replacement that requires planned downtime, the technician must review the approved change request to confirm the change has been authorized and to understand the scope, risk, and implementation steps. The backout plan is equally critical as it provides the documented steps to revert the server to its previous state if the replacement fails, ensuring database integrity and minimizing extended downtime. This aligns with ITIL change management best practices and CompTIA A+ 220-1202 objectives for documentation review during hardware maintenance.

Exam trap

The trap here is that candidates confuse operational documentation (like network diagrams or warranty info) with the change management artifacts (change request and backout plan) that are mandatory before any planned downtime, leading them to choose a plausible but incorrect option.

How to eliminate wrong answers

Option A is wrong because warranty information is irrelevant to the immediate task of replacing a failed hard drive; it would be consulted after the fact for potential RMA, not before the procedure. Option C is wrong because a network topology diagram shows how devices are connected but does not contain the authorization, risk assessment, or rollback steps needed for a planned hardware change. Option D is wrong because the employee handbook covers company policies and conduct, not the technical change management documentation required for server maintenance.

296
MCQmedium

A user reports that their computer is running slowly and they suspect a virus. After scanning, the technician finds malware that has encrypted several files. The technician decides to wipe the drive and reinstall the OS. What should be done to ensure the malware is completely removed before data destruction?

A.Run a quick format and then reinstall the OS.
B.Use a secure erase utility that overwrites the entire drive including the boot sector.
C.Delete the encrypted files and run a registry cleaner.
D.Use System Restore to revert to a previous state.
AnswerB

Secure erase overwrites all areas, including the boot sector, eliminating persistent malware.

Why this answer

Some malware can persist in the boot sector or firmware. A full wipe of the entire drive (including the boot sector) using a secure erase or low-level format ensures no malware remnants remain. A simple format may leave boot-sector malware intact.

297
MCQeasy

During a network upgrade, a technician needs to dispose of several old CRT monitors. Which disposal method complies with environmental regulations?

A.Place them in the regular dumpster for pickup.
B.Sell them to a scrap metal dealer.
C.Take them to an e-waste recycling center.
D.Remove the glass and dispose of the plastic casing separately.
AnswerC

E-waste recycling centers are equipped to safely handle and recycle hazardous components in CRTs.

Why this answer

CRT monitors contain hazardous materials like lead, phosphorus, and other heavy metals that require specialized handling. Taking them to an e-waste recycling center ensures compliance with environmental regulations such as the Resource Conservation and Recovery Act (RCRA) and local e-waste laws, as these facilities are equipped to safely dismantle and recycle the toxic components.

Exam trap

CompTIA often tests the misconception that 'recycling' or 'selling to scrap' is always acceptable, but the trap here is that only certified e-waste recycling centers are legally authorized to handle CRT monitors due to their hazardous material content, while scrap dealers and general recycling are not compliant.

How to eliminate wrong answers

Option A is wrong because placing CRT monitors in a regular dumpster violates environmental regulations due to the leaded glass and other hazardous substances, which can leach into landfills and contaminate soil and groundwater. Option B is wrong because selling CRT monitors to a scrap metal dealer is not compliant unless the dealer is a certified e-waste recycler; general scrap dealers often lack the permits and processes to handle the toxic components safely, and the monitors may contain non-metallic hazardous materials. Option D is wrong because removing the glass and disposing of the plastic casing separately does not address the hazardous nature of the leaded glass, which still requires proper e-waste recycling; moreover, this practice is typically illegal without proper certification and equipment to prevent environmental release.

298
MCQmedium

A small business has no formal change management process. A technician installs a new antivirus program on a server, which later conflicts with the existing backup software, causing backups to fail. Which principle of change management was most clearly violated?

A.The change was not tested in a staging environment
B.The change was not approved by the change advisory board
C.The change was not documented or communicated to stakeholders
D.The technician did not create a rollback plan
AnswerC

Without documentation, there is no record of what changed, making troubleshooting difficult and violating the core principle of change management.

Why this answer

The scenario describes a small business with no formal change management process. The core failure is that the technician installed new antivirus software without documenting the change or communicating it to stakeholders (such as the backup administrator or other IT staff). If the change had been documented and communicated, the potential conflict with the existing backup software could have been identified and avoided.

This directly violates the principle that all changes must be documented and communicated to relevant parties, even in the absence of a formal CAB or staging environment.

Exam trap

CompTIA often tests the distinction between formal processes (like CAB approval or staging environments) and the fundamental principle of communication and documentation, leading candidates to overthink and select a more 'technical' or 'formal' answer when the scenario clearly lacks any formal structure.

How to eliminate wrong answers

Option A is wrong because while testing in a staging environment is a best practice, the question explicitly states there is 'no formal change management process,' and the primary violation is the lack of communication and documentation, not the absence of a staging environment. Option B is wrong because a Change Advisory Board (CAB) is a formal governance body typically used in larger organizations; a small business without a formal process would not have a CAB, so failing to get CAB approval is not the most clearly violated principle. Option D is wrong because although a rollback plan is important, the technician could have avoided the conflict entirely by simply communicating the change to stakeholders; the lack of a rollback plan is a secondary issue, not the core violation of change management principles.

299
MCQmedium

A company's security policy requires that all Windows 10 workstations automatically install critical updates as soon as they are released. However, users must not be forced to restart during work hours. Which Windows Update setting should you configure to meet these requirements?

A.Defer feature updates
B.Set Active Hours to cover the workday
C.Set the connection as metered
D.Configure Windows Update to 'Notify to schedule restart'
AnswerB

Active Hours prevent automatic restarts during specified times, while updates can still install automatically outside those hours.

Why this answer

Configuring Active Hours in Windows Update allows you to specify the time range during which the system should not automatically restart after installing updates. By setting Active Hours to cover the entire workday, critical updates can be downloaded and installed automatically, but the required restart is deferred until outside those hours, meeting both the security policy and the user experience requirement.

Exam trap

CompTIA often tests the distinction between controlling update installation versus controlling restart behavior; the trap here is that candidates may confuse 'deferring updates' with 'scheduling restarts,' or think that marking a connection as metered is a valid way to manage restart timing, when it actually blocks all automatic updates.

How to eliminate wrong answers

Option A is wrong because 'Defer feature updates' delays the installation of non-security feature updates, not critical security updates, and does not control restart timing. Option C is wrong because setting the connection as metered prevents all automatic downloads of updates, including critical ones, which violates the policy requiring automatic installation. Option D is wrong because 'Notify to schedule restart' only alerts the user to schedule a restart but does not enforce automatic installation of critical updates; it relies on user action, which may delay installation and violate the policy.

300
MCQeasy

A technician is configuring a cloud-based backup solution for a company's critical data. The company wants to ensure that if the primary cloud provider experiences an outage, the data remains accessible from another provider. Which concept should the technician implement?

A.High availability
B.Cloud federation
C.Load balancing
D.Disaster recovery plan
AnswerB

Cloud federation enables interoperability between different cloud providers, allowing data to be replicated and accessed across them.

Why this answer

Cloud federation enables the interconnection of multiple cloud providers' environments, allowing data and resources to be shared across them. By implementing cloud federation, the technician can replicate critical data to a secondary provider, ensuring that if the primary provider experiences an outage, the data remains accessible from the federated provider. This directly addresses the requirement for cross-provider data accessibility during a provider outage.

Exam trap

CompTIA A+ often tests the distinction between high availability (which keeps services running within a single provider) and cloud federation (which ensures data accessibility across providers), leading candidates to mistakenly choose high availability when the question explicitly requires cross-provider access.

How to eliminate wrong answers

Option A is wrong because high availability (HA) focuses on eliminating single points of failure within a single provider's infrastructure (e.g., redundant servers, storage, or network paths) to ensure service uptime, but it does not provide data accessibility from a different provider if the entire primary provider fails. Option C is wrong because load balancing distributes incoming traffic across multiple servers or resources to optimize performance and availability, but it does not replicate data to another provider or ensure data access during a provider-wide outage. Option D is wrong because a disaster recovery plan (DRP) outlines the processes and procedures for recovering data and IT infrastructure after a disaster, but it is a broader strategy that may include cloud federation; the specific concept that enables cross-provider data accessibility is cloud federation, not the plan itself.

Page 3

Page 4 of 10

Page 5

All pages

CompTIA A+ Core 2 220-1202 220-1202 Questions 226–300 | Page 4/10 | Courseiva