CompTIA A+ Core 2 220-1202 (220-1202) — Questions 301375

750 questions total · 10pages · All types, answers revealed

Page 4

Page 5 of 10

Page 6
301
MCQmedium

A customer reports that their laptop frequently disconnects from the office Wi-Fi and reconnects after a few seconds. The network uses WPA2-PSK with AES encryption. The technician checks the router logs and sees repeated '4-way handshake timeout' errors. What is the most likely cause of this issue?

A.The laptop is using an outdated WEP encryption protocol.
B.The router's DHCP lease time is set too short.
C.The laptop is too far from the access point, causing intermittent signal loss.
D.The router is configured for WPA2-Enterprise instead of WPA2-PSK.
AnswerC

Weak signal can cause the 4-way handshake to time out, leading to disconnections.

Why this answer

The '4-way handshake timeout' error indicates that the laptop and access point are failing to complete the WPA2 authentication handshake. Intermittent signal loss due to distance causes packets (including EAPOL frames used in the handshake) to be dropped, leading to repeated timeouts and disconnections. WPA2-PSK with AES is not the issue; the physical layer is the bottleneck.

Exam trap

CompTIA A+ often tests the distinction between Layer 2 authentication failures (4-way handshake) and Layer 3 IP configuration issues (DHCP), so candidates mistakenly choose DHCP lease time when they see 'timeout' in the error.

How to eliminate wrong answers

Option A is wrong because the network uses WPA2-PSK with AES, so the laptop cannot be using WEP; WEP is an outdated protocol that would not even associate with a WPA2 network. Option B is wrong because a short DHCP lease time would cause IP address renewal issues, not 4-way handshake timeouts; the handshake occurs at Layer 2 before DHCP is involved. Option D is wrong because the router logs show WPA2-PSK is in use (the customer reports it), and WPA2-Enterprise would require 802.1X authentication (e.g., RADIUS), not cause a PSK handshake timeout.

302
MCQmedium

A technician is setting up a guest Wi-Fi network in a coffee shop. The owner wants customers to be able to connect easily without entering a password, but still wants basic encryption to prevent eavesdropping. Which security configuration should the technician use?

A.Set up an open network with no encryption and a captive portal for terms of service.
B.Use WPA2-PSK with a simple password like 'coffee123'.
C.Enable WPA3-Enterprise with certificate-based authentication.
D.Use WEP with a shared key printed on a receipt.
AnswerA

An open network allows easy access without a password, and a captive portal can enforce acceptable use, but it does not encrypt traffic; this matches the owner's request for no password.

Why this answer

Option A is correct because an open network with a captive portal allows customers to connect without a password while still providing a layer of control (terms of service acceptance). However, it does not provide encryption, so the owner's desire for 'basic encryption' is not actually met by this configuration. The question contains a contradiction: the owner wants no password but also wants encryption.

In practice, an open network with a captive portal is the only option that allows password-free connectivity, but it offers no encryption, leaving traffic vulnerable to eavesdropping.

Exam trap

Cisco often tests the misconception that a captive portal provides encryption, when in fact it only provides authentication/authorization at the application layer, leaving the wireless link unencrypted.

How to eliminate wrong answers

Option B is wrong because WPA2-PSK requires a pre-shared key (password) to connect, which contradicts the requirement that customers connect without entering a password. Option C is wrong because WPA3-Enterprise with certificate-based authentication requires complex setup and user certificates, which is far beyond a simple coffee shop guest network and also requires authentication credentials. Option D is wrong because WEP is an obsolete, easily cracked encryption protocol that still requires a shared key (password) to connect, and it provides no real security against eavesdropping.

303
MCQeasy

A junior admin needs to list all files in the current directory, including hidden files, with detailed information such as permissions, owner, and size. Which command should they use?

A.ls -l
B.ls -a
C.ls -la
D.ll
AnswerC

The combination -la lists all files in long format, fulfilling the requirement.

Why this answer

The `ls -la` command combines the `-l` (long format) and `-a` (all files, including hidden ones) options. This fulfills the requirement to list all files in the current directory, including hidden files (those starting with a dot), with detailed information such as permissions, owner, group, size, and modification time.

Exam trap

A common mistake is to think that either `ls -l` (shows details but not hidden files) or `ls -a` (shows hidden files but no details) is sufficient. The correct answer is `ls -la` which combines both options.

How to eliminate wrong answers

Option A is wrong because `ls -l` lists files in long format but does not include hidden files (those starting with a dot). Option B is wrong because `ls -a` lists all files including hidden ones but does not provide detailed information such as permissions, owner, or size. Option D is wrong because `ll` is often an alias for `ls -l` (not `ls -la`) in many distributions, so it would not show hidden files unless specifically aliased to include `-a`; it is not a standard command and its behavior is not guaranteed across systems.

304
MCQmedium

A technician is tasked with removing a persistent malware infection that survives reboots and re-infects the system even after a full antivirus scan in Safe Mode. The malware appears to hide in the Master Boot Record (MBR). Which removal method should the technician use?

A.Run a system file checker (sfc /scannow) from within Windows.
B.Use the Windows Recovery Environment to run bootrec /fixmbr.
C.Perform a clean installation of Windows without formatting the drive.
D.Disable System Restore and delete all restore points.
AnswerB

This command rewrites the MBR, removing the malware that resides there.

Why this answer

Option B is correct because the malware is hiding in the Master Boot Record (MBR), which is the first sector of the boot drive and loads before the operating system. Running `bootrec /fixmbr` from the Windows Recovery Environment (WinRE) overwrites the MBR code with a clean Windows bootloader, effectively removing the malware that persists there. This method targets the infection at its source, unlike antivirus scans that run after the OS loads and cannot access the MBR while it is in use.

Exam trap

Cisco often tests the misconception that antivirus scans in Safe Mode can remove all malware, but the trap here is that MBR-based infections load before the OS and require boot-level repair tools like `bootrec /fixmbr` to be eradicated.

How to eliminate wrong answers

Option A is wrong because `sfc /scannow` only checks and repairs protected system files within the Windows installation, not the MBR; it cannot remove malware that resides in the boot sector. Option C is wrong because performing a clean installation of Windows without formatting the drive leaves the MBR intact, allowing the malware to survive and re-infect the new OS installation. Option D is wrong because disabling System Restore and deleting restore points only removes backup copies of system files and registry, not the MBR; the malware in the boot sector remains unaffected.

305
MCQmedium

A user reports that their Windows 10 PC is running slowly and the hard drive light is constantly active. You suspect the indexing service is consuming resources. Which Control Panel applet allows you to modify which folders are indexed, or to rebuild the index?

A.File Explorer Options
B.System > Advanced system settings > Performance
C.Indexing Options
D.Administrative Tools > Services
AnswerC

Indexing Options lets you add or remove indexed locations and rebuild the index to resolve performance issues.

Why this answer

The Indexing Options applet (C) is the correct Control Panel tool for managing the Windows Search index. It allows you to add or remove folders from the index and provides a button to rebuild the index, which can resolve performance issues caused by a corrupted or overly broad index. The constantly active hard drive light indicates the indexing service is actively processing files, and modifying or rebuilding the index directly addresses this resource consumption.

Exam trap

CompTIA often tests the distinction between managing a service's behavior (Indexing Options) versus managing the service's running state (Services.msc), leading candidates to choose Administrative Tools > Services when the question specifically asks about modifying indexed folders or rebuilding the index.

How to eliminate wrong answers

Option A is wrong because File Explorer Options (formerly Folder Options) controls file browsing settings like showing hidden files, folder views, and search behavior, but it does not manage the indexing service or allow you to modify indexed folders or rebuild the index. Option B is wrong because System > Advanced system settings > Performance opens the Performance Options dialog, which configures visual effects, processor scheduling, and virtual memory, not indexing settings. Option D is wrong because Administrative Tools > Services lets you start, stop, or disable the Windows Search service, but it does not provide a GUI to modify which folders are indexed or to trigger a rebuild; those actions require the Indexing Options applet.

306
MCQmedium

A company uses AppLocker to control which applications can run on Windows 10 workstations. A user needs to run a portable application from a USB drive for a presentation, but it is blocked by AppLocker. The user has local admin rights. What is the best way to allow this specific application while maintaining security?

A.Temporarily disable AppLocker service.
B.Add the user to the 'Power Users' group.
C.Create a new AppLocker path rule for the USB drive.
D.Run the application as Administrator.
AnswerC

This allows the specific app while keeping other restrictions in place.

Why this answer

AppLocker enforces application control policies regardless of user privileges, including local admin rights. Creating a new path rule for the USB drive allows the specific portable application to run while keeping AppLocker active and maintaining security for other executables. This is the correct approach because it grants a targeted exception without disabling the entire control mechanism.

Exam trap

The trap here is that candidates assume local admin rights can override AppLocker restrictions, but AppLocker operates at a lower security layer that applies to all users, including administrators.

How to eliminate wrong answers

Option A is wrong because temporarily disabling the AppLocker service removes all application control, exposing the system to unauthorized software and violating security policy. Option B is wrong because the 'Power Users' group does not bypass AppLocker rules; AppLocker evaluates rules based on file path, publisher, or hash, not group membership. Option D is wrong because running the application as Administrator does not override AppLocker; AppLocker blocks execution before the process starts, regardless of the user's privilege level.

307
MCQeasy

A technician is configuring an Android phone for a user who frequently travels internationally. The user wants to ensure that data roaming is disabled to avoid high charges, but still wants to receive calls and texts while abroad. Which setting should the technician configure?

A.Enable Airplane Mode and turn on Wi-Fi.
B.Disable Mobile Data entirely.
C.Turn off Data Roaming in the mobile network settings.
D.Set the network mode to 2G only.
AnswerC

Data Roaming specifically controls cellular data while roaming; turning it off prevents data charges while voice and SMS still work.

Why this answer

Option C is correct because disabling Data Roaming in the mobile network settings prevents the device from using cellular data on foreign networks, which avoids expensive roaming charges, while still allowing voice calls and SMS (which use the cellular voice and signaling channels, not the data channel). This setting is specific to roaming scenarios and does not affect the phone's ability to connect to a visited network for non-data services.

Exam trap

CompTIA often tests the distinction between disabling Mobile Data entirely (which kills all data, even at home) and disabling Data Roaming (which only blocks data while on a foreign network), leading candidates to mistakenly choose Option B.

How to eliminate wrong answers

Option A is wrong because enabling Airplane Mode disables all cellular radios (including voice and SMS), so the user cannot receive calls or texts at all; turning on Wi-Fi only provides internet access, not cellular services. Option B is wrong because disabling Mobile Data entirely (via the quick settings toggle or data usage settings) also disables data on the home network, which is unnecessary and may prevent MMS or other data-dependent features even when not roaming; it does not specifically address roaming behavior. Option D is wrong because setting the network mode to 2G only forces the device to use a slower, often less available network, but does not disable data roaming—if data roaming is enabled, the device could still use 2G data and incur charges; additionally, 2G networks may not support simultaneous voice and data or may have limited coverage.

308
MCQmedium

A technician is configuring a new firewall for a small office. They need to allow remote employees to securely access the internal network. Which technology should be enabled on the firewall?

A.Port forwarding
B.VPN passthrough
C.VPN server
D.DMZ
AnswerC

A VPN server on the firewall enables remote users to establish encrypted connections to the internal network.

Why this answer

A VPN server on the firewall enables secure remote access by encrypting traffic between remote employees and the internal network, typically using protocols like IPsec or SSL/TLS. This provides authenticated, encrypted tunnels that protect data in transit, which is the standard solution for secure remote connectivity.

Exam trap

The trap here is that candidates confuse 'VPN passthrough' (which only forwards existing VPN traffic) with 'VPN server' (which terminates and creates VPN connections), leading them to select option B when the question explicitly asks for enabling secure remote access.

How to eliminate wrong answers

Option A is wrong because port forwarding only redirects external traffic to a specific internal IP/port without encryption or authentication, exposing internal services directly to the internet. Option B is wrong because VPN passthrough merely allows existing VPN traffic (from a client to an external VPN server) to traverse the firewall, it does not terminate or create a VPN connection for remote employees. Option D is wrong because a DMZ is a separate network segment for public-facing servers, not a mechanism for secure remote access to the internal network.

309
MCQeasy

A customer complains that their iPhone's Wi-Fi keeps disconnecting and reconnecting. They have already rebooted the phone and the router. Which of the following is the MOST likely cause?

A.The phone's SIM card is faulty.
B.The Wi-Fi network password was changed recently.
C.The phone's Wi-Fi profile is corrupted.
D.The phone's operating system needs a full restore via iTunes.
AnswerC

A corrupted Wi-Fi profile can cause intermittent disconnects; forgetting the network and reconnecting often fixes this.

Why this answer

This scenario tests knowledge of common mobile Wi-Fi issues. After basic steps, forgetting and reconnecting to the network often resolves profile corruption or authentication problems.

310
MCQmedium

A technician is assigned to install new accounting software on a user's computer. The user is a senior manager who is very busy. The technician arrives and the manager says, 'Just make it work, I don't have time for questions.' Which action is MOST professional?

A.Proceed with the installation without asking any questions to respect their time.
B.Explain that you need just two quick questions to avoid problems later, and keep it brief.
C.Insist on a full meeting to discuss requirements.
D.Install the software and leave a note with questions for later.
AnswerB

This balances respect for their time with the need for accurate setup.

Why this answer

Option B is the most professional action because it balances respect for the manager's time with the need to gather critical information. Asking two quick, targeted questions—such as verifying the software version compatibility with the OS or confirming the required database connection string—can prevent installation failures or post-installation issues that would waste even more of the manager's time. This approach demonstrates proactive problem-solving and aligns with CompTIA's emphasis on effective communication and professionalism.

Exam trap

CompTIA often tests the misconception that respecting a user's time means avoiding all questions, when in fact asking a few targeted, efficient questions demonstrates professionalism and prevents larger issues.

How to eliminate wrong answers

Option A is wrong because proceeding without any questions risks installing incompatible software or misconfiguring settings, which could lead to system instability or data loss, ultimately wasting more of the manager's time. Option C is wrong because insisting on a full meeting is unnecessarily disruptive and fails to respect the manager's stated time constraints, creating a negative user experience. Option D is wrong because installing the software and leaving a note with questions for later may result in the manager ignoring the note, leading to unresolved issues that could require a second visit or cause operational delays.

311
MCQeasy

A user reports that they can no longer access their encrypted files after a recent password change. The files were encrypted using EFS on a Windows 10 Pro workstation. What is the most likely cause of this issue?

A.The user changed the password via Ctrl+Alt+Del, which invalidates the EFS certificate.
B.The user did not back up their EFS certificate before changing the password.
C.The user's account was removed from the local Administrators group during the password change.
D.The hard drive has a hardware failure that corrupted the encrypted files.
AnswerB

EFS uses a certificate tied to the user's password. Without a backup, changing the password can render the encryption key inaccessible, requiring a recovery agent or certificate import.

Why this answer

EFS (Encrypting File System) uses a per-user certificate that is tied to the user's password hash. When a user changes their password without first backing up the EFS certificate, the system may lose access to the private key because the certificate's master key is encrypted with the old password hash. Without a backup of the certificate and private key, the encrypted files become permanently inaccessible.

Exam trap

The trap here is that candidates often think password changes via Ctrl+Alt+Del are safe or that EFS certificates are automatically updated, when in fact the critical step is backing up the EFS certificate before any password change to avoid permanent data loss.

How to eliminate wrong answers

Option A is wrong because changing the password via Ctrl+Alt+Del does not invalidate the EFS certificate; the certificate remains valid, but the system may fail to decrypt the master key if the password change is not handled properly (e.g., via a domain controller or with a password reset disk). Option C is wrong because removing a user from the local Administrators group does not affect EFS decryption capabilities; EFS permissions are based on the user's certificate and private key, not group membership. Option D is wrong because a hardware failure would typically cause read/write errors or data corruption visible at the file system level, not a specific inability to decrypt files after a password change; EFS encryption is independent of physical disk health.

312
MCQmedium

A user has accidentally deleted several important files from their Documents folder on their Mac running macOS Ventura. They need to recover them immediately. Which built-in macOS tool should you guide them to use first?

A.Time Machine from the menu bar.
B.The Trash folder in the Dock.
C.Terminal with the 'cd' and 'ls' commands.
D.System Settings > General > Storage.
AnswerB

When files are deleted normally, they are moved to the Trash. The user can open the Trash, select the files, and choose 'Put Back' to restore them to their original location.

Why this answer

Option B is correct because when files are deleted from the Documents folder on macOS, they are first moved to the Trash, not permanently erased. The Trash folder in the Dock provides immediate access to these files, allowing the user to drag them back to their original location or use the 'Put Back' context menu option. This is the fastest and simplest recovery method before considering any backup or advanced tools.

Exam trap

The trap here is that candidates may overthink the question and jump to Time Machine as a recovery tool, forgetting that macOS first moves deleted files to the Trash, making it the immediate and correct first step.

How to eliminate wrong answers

Option A is wrong because Time Machine is a backup restoration tool that requires a previously configured backup destination and is not the first step for recovering recently deleted files that are still in the Trash. Option C is wrong because Terminal commands like 'cd' and 'ls' are used for navigating directories and listing files, not for recovering deleted files from the Trash or any other location. Option D is wrong because System Settings > General > Storage provides a storage management overview and recommendations, but it does not offer a direct file recovery mechanism for recently deleted files.

313
MCQeasy

A customer complains that their Windows 11 desktop suddenly shows a blue screen with the error 'CRITICAL_PROCESS_DIED' every time they try to launch a specific video editing application. Other programs work fine. What is the most likely cause and the best first troubleshooting step?

A.Run a memory diagnostic to check for faulty RAM.
B.Update the graphics card driver.
C.Reinstall the video editing application.
D.Perform a system restore to a point before the issue started.
AnswerC

Reinstalling the application replaces corrupted files that are specific to that program, which is the most direct solution for an app-specific crash.

Why this answer

The error 'CRITICAL_PROCESS_DIED' indicates that a critical system process terminated unexpectedly. Since the issue occurs only when launching a specific video editing application and other programs work fine, the problem is isolated to that application's files or dependencies. Reinstalling the application is the most direct first step to replace corrupted or missing components without affecting other system settings.

Exam trap

The CompTIA A+ exam often tests the trap that candidates confuse a system-wide error with a hardware or driver issue, when the error is actually application-specific and best resolved by reinstalling the affected software.

How to eliminate wrong answers

Option A is wrong because faulty RAM typically causes random crashes, blue screens during various operations, or memory-related errors like 'MEMORY_MANAGEMENT', not a process-specific error tied to a single application. Option B is wrong because a graphics driver issue would likely cause display artifacts, rendering problems, or crashes in multiple graphics-intensive applications, not exclusively in one video editing app. Option D is wrong because performing a system restore is a more invasive step that reverts system-wide changes and should be reserved for issues affecting multiple applications or system stability, not a single application's launch failure.

314
MCQmedium

A technician is cleaning the inside of a desktop computer that has accumulated a large amount of dust. What is the safest method to remove the dust?

A.Use a standard household vacuum cleaner with a brush attachment.
B.Use compressed air to blow the dust out of the case.
C.Use a damp cloth to wipe down the components.
D.Use a soft brush to sweep the dust out.
AnswerB

Compressed air is the recommended method. It effectively removes dust without generating static or causing physical damage to components.

Why this answer

Compressed air is the safest method because it dislodges dust without physical contact, avoiding electrostatic discharge (ESD) or mechanical damage to sensitive components. Unlike other methods, it does not introduce moisture or static buildup, and it can reach tight spaces between heatsinks and circuit boards.

Exam trap

The trap here is that candidates assume a vacuum cleaner is safe because it 'sucks' dust away, but CompTIA tests the understanding that vacuum cleaners generate dangerous static charges and lack the precision needed for delicate electronics.

How to eliminate wrong answers

Option A is wrong because household vacuum cleaners generate static electricity and can create ESD that damages sensitive electronics; they also lack sufficient filtration to prevent recirculation of fine dust. Option C is wrong because a damp cloth introduces moisture, which can cause short circuits, corrosion, or oxidation on exposed contacts and PCB traces. Option D is wrong because a soft brush can generate static charge through friction and may dislodge components or bend delicate pins if not used with extreme care.

315
MCQmedium

A user reports that their computer's hard drive is making clicking noises and they cannot access certain files. You want to check the disk for errors and attempt to repair any bad sectors. Which command should you run from an elevated command prompt?

A.chkdsk /f
B.chkdsk /r
C.sfc /scannow
D.diskpart
AnswerB

Scans for bad sectors and recovers readable data, appropriate for clicking drives.

Why this answer

The correct command is `chkdsk /r` because it locates bad sectors on the hard drive and recovers readable information from them. The `/r` switch implies `/f` (which fixes file system errors) and additionally performs a surface scan to identify and mark bad sectors, directly addressing the clicking noise and file access issue.

Exam trap

The trap here is that candidates confuse `/f` (file system repair) with `/r` (bad sector recovery), assuming that fixing file system errors also addresses physical disk damage, but `/r` is the only switch that performs a surface scan for bad sectors.

How to eliminate wrong answers

Option A is wrong because `chkdsk /f` only fixes file system errors (e.g., in the MFT or directory structure) without scanning for or repairing bad sectors on the disk surface; it does not address physical media damage indicated by clicking noises. Option C is wrong because `sfc /scannow` (System File Checker) verifies and repairs protected system files, such as Windows DLLs and executables, not the hard drive's physical sectors or file system integrity. Option D is wrong because `diskpart` is a disk partitioning tool used to manage volumes and partitions (create, delete, extend) and has no capability to check for errors or repair bad sectors.

316
MCQmedium

A technician needs to create a bootable USB drive that can run Windows PE to deploy a custom Windows 10 image to multiple laptops. Which Windows tool should they use to create this bootable media?

A.Windows Media Creation Tool
B.Windows System Image Manager (Windows SIM)
C.Windows ADK (Assessment and Deployment Kit)
D.Disk Management
AnswerC

The Windows ADK provides the tools to build a custom Windows PE image and create bootable USB drives for deployment.

Why this answer

The Windows Assessment and Deployment Kit (Windows ADK) includes the Deployment Tools, which contain the necessary utilities (such as `copype.cmd` and `MakeWinPEMedia`) to create a bootable Windows PE USB drive. This is the correct tool for building custom WinPE media to deploy a Windows 10 image to multiple laptops, as it provides the full environment for customizing and generating the bootable image.

Exam trap

The trap here is that candidates often confuse the Windows Media Creation Tool (which creates standard Windows installation media) with the ADK's tools for creating custom WinPE bootable media, leading them to select option A.

How to eliminate wrong answers

Option A is wrong because the Windows Media Creation Tool is designed to download and create installation media for Windows 10 (e.g., for clean installs or upgrades), not to generate a custom Windows PE environment for imaging. Option B is wrong because Windows System Image Manager (Windows SIM) is used to create and manage unattended answer files (Unattend.xml) for automated installations, not to create bootable media. Option D is wrong because Disk Management is a utility for managing disk partitions and volumes (e.g., formatting, shrinking volumes), and it cannot create a bootable Windows PE USB drive.

317
MCQmedium

A technician is troubleshooting a Mac that fails to boot and displays a prohibitory symbol (a circle with a slash). The user had recently installed a new third-party SSD. What is the most likely cause?

A.The SSD is formatted as NTFS
B.The SSD is not properly connected or is incompatible with the Mac’s storage controller
C.The user’s home folder is corrupted
D.The Mac’s NVRAM needs resetting
AnswerB

Incompatible or improperly connected drives prevent macOS from loading, shown by the prohibitory symbol.

Why this answer

The prohibitory symbol indicates that the Mac cannot locate a valid operating system on the startup disk. Since the user recently installed a third-party SSD, the most likely cause is that the drive is either not properly connected (e.g., loose SATA or NVMe cable) or is incompatible with the Mac's storage controller (e.g., using a PCIe 4.0 SSD in a Mac that only supports PCIe 3.0, or a non-Apple NVMe drive lacking the required firmware for macOS). This prevents the Mac from reading the boot loader or system files.

Exam trap

Candidates often mistakenly think the prohibitory symbol is caused by file system format (like NTFS) or software corruption, when in fact it is almost always a hardware or firmware-level incompatibility preventing the drive from being recognized as bootable.

How to eliminate wrong answers

Option A is wrong because NTFS is a Windows file system, but macOS can read NTFS volumes; the prohibitory symbol is not caused by the file system format—it appears when the drive is not recognized as bootable, regardless of format. Option C is wrong because a corrupted home folder would prevent the user from logging in after the system boots, not stop the boot process itself; the prohibitory symbol appears before the login window. Option D is wrong because resetting NVRAM clears certain hardware settings but cannot fix a physical connection issue or an incompatible SSD; if the drive were properly connected and compatible, NVRAM reset might help with boot selection, but it is not the root cause here.

318
MCQmedium

A technician is setting up a new workstation in a cubicle. The cubicle has multiple power strips daisy-chained together to provide enough outlets. What is the correct safety action the technician should take?

A.Continue using the daisy-chained setup since it is convenient and all strips are rated for 15 amps.
B.Remove the daisy chain and plug each device directly into a wall outlet using a single power strip with surge protection.
C.Replace all power strips with heavy-duty extension cords rated for the total load.
D.Install a UPS at the end of the daisy chain to regulate power.
AnswerB

This reduces the risk of overload and ensures each strip is properly protected by a circuit breaker.

Why this answer

Daisy-chaining power strips is a fire hazard because it can exceed the ampacity of the circuit, leading to overheating and potential electrical fires. The correct safety action is to remove the daisy chain and plug each device directly into a wall outlet, using a single power strip with surge protection to safely distribute power without overloading the circuit.

Exam trap

CompTIA often tests the misconception that using multiple high-rated power strips in series is safe as long as each strip's rating is not exceeded, ignoring the cumulative load on the upstream circuit and the fire risk from daisy-chaining.

How to eliminate wrong answers

Option A is wrong because daisy-chaining power strips, even if each is rated for 15 amps, can still overload the wall outlet circuit (typically 15 or 20 amps) and violates OSHA and NEC safety standards. Option C is wrong because heavy-duty extension cords are not designed for permanent use and can still cause voltage drop or overheating if the total load exceeds the cord's rating; they also lack surge protection. Option D is wrong because installing a UPS at the end of a daisy chain does not address the root hazard of overloading the circuit; it only adds battery backup and surge protection, but the daisy chain itself remains a fire risk.

319
MCQmedium

A technician is replacing a power supply in a desktop computer. After unplugging the unit, what additional step should be taken to ensure personal safety before touching internal components?

A.Wear an anti-static wrist strap.
B.Press and hold the power button for 10 seconds.
C.Remove the CMOS battery.
D.Unplug all peripheral cables.
AnswerB

This discharges residual power stored in the capacitors, making it safe to work inside the case.

Why this answer

After unplugging the power supply, pressing and holding the power button for 10 seconds discharges residual electrical charge stored in the system's capacitors (especially in the power supply and motherboard). This step, often called a 'parasitic drain,' ensures that no stored voltage remains that could cause an electric shock or damage components when touched. It is a standard safety practice before working inside a desktop computer.

Exam trap

CompTIA often tests the distinction between ESD protection (anti-static wrist strap) and electrical safety (discharging capacitors), causing candidates to mistakenly choose the wrist strap as the primary safety step after unplugging.

How to eliminate wrong answers

Option A is wrong because an anti-static wrist strap protects against electrostatic discharge (ESD) damage to components, not against electric shock from stored charge; it does not discharge the power supply's capacitors. Option C is wrong because removing the CMOS battery clears BIOS settings and may help drain some motherboard capacitors, but it does not discharge the main power supply capacitors, which hold the highest risk of shock. Option D is wrong because unplugging peripheral cables reduces cable clutter but does not discharge the internal capacitors that pose a shock hazard.

320
MCQhard

A technician is creating a PowerShell script that must be deployed via Group Policy to all workstations. The script should run in the user context and display a message if the user's password is about to expire within 7 days. The script must not show any PowerShell console window. Which scripting technique should be used?

A.Use the 'Write-Host' cmdlet to display the message
B.Use a VBScript with a pop-up message box
C.Use the '-NoProfile' parameter when starting PowerShell
D.Use a scheduled task with 'Run whether user is logged on or not'
AnswerB

Correct. A VBScript can create a pop-up message box using 'MsgBox' and can be run with 'WScript.Shell' in hidden mode, satisfying both the hidden window and user notification requirements.

Why this answer

Option B is correct because VBScript's `MsgBox` function creates a pop-up message box that runs in the user context without a console window, making it ideal for displaying password-expiry warnings via Group Policy. PowerShell scripts, even with `-WindowStyle Hidden`, briefly flash a console window unless compiled into an executable, which violates the requirement to show no console window. VBScript natively integrates with Windows Script Host (WSH) to produce a GUI pop-up without any console overhead.

Exam trap

The trap here is that candidates assume PowerShell's `-WindowStyle Hidden` or `-NoProfile` eliminates the console window entirely, but they overlook that PowerShell.exe is inherently a console application and will still flash a window, whereas VBScript's `wscript.exe` host runs without any console.

How to eliminate wrong answers

Option A is wrong because `Write-Host` outputs text to the PowerShell console, which would display a console window, contradicting the requirement to show no console. Option C is wrong because `-NoProfile` only prevents loading PowerShell profiles, but does not suppress the console window itself; the script would still launch a visible PowerShell window. Option D is wrong because a scheduled task with 'Run whether user is logged on or not' runs in the system context, not the user context, and would not display a message to the logged-on user.

321
MCQmedium

A user reports that they received a voicemail from the company's HR director asking them to call back a number to verify their account details for payroll. The user is suspicious because the HR director is on vacation. What type of social engineering attack is this?

A.Smishing
B.Vishing
C.Pretexting
D.Pharming
AnswerB

Vishing is the correct term for voice-based phishing attacks via phone calls or voicemail.

Why this answer

Vishing (voice phishing) is the correct classification because the attack uses a phone call—specifically a voicemail—to trick the user into calling back and divulging sensitive payroll information. Unlike phishing via email or SMS, vishing exploits voice communication channels to bypass text-based security filters and create a false sense of urgency or authority.

Exam trap

The key differentiator between vishing and pretexting is the communication channel—vishing specifically involves voice (phone/voicemail), while pretexting can occur via any medium (email, in-person, etc.).

How to eliminate wrong answers

Option A is wrong because smishing uses SMS text messages, not voicemail or phone calls. Option C is wrong because pretexting is a broader social engineering technique that involves fabricating a scenario (pretext) to steal information, but the specific delivery method here—a voicemail requesting a callback—makes vishing the more precise term. Option D is wrong because pharming redirects users from legitimate websites to fraudulent ones by poisoning DNS caches or modifying host files, which does not involve direct voice communication.

322
MCQmedium

A user cannot run a command because they get 'permission denied' even though they are in the sudoers file. The command is located in /opt/custom/bin. Which command will show the current permissions and ownership of the file?

A.stat /opt/custom/bin/command
B.ls -l /opt/custom/bin/command
C.file /opt/custom/bin/command
D.chmod /opt/custom/bin/command
AnswerB

This is the standard command to view permissions, owner, and group in a concise format.

Why this answer

Option B is correct because the 'ls -l' command displays the file's permissions (e.g., -rwxr-xr-x), ownership (user and group), and other metadata. This directly shows whether the file is executable and who owns it, which is essential for diagnosing a 'permission denied' error despite sudoers membership.

Exam trap

CompTIA often tests the distinction between viewing permissions ('ls -l' or 'stat') and modifying them ('chmod'), and candidates may confuse 'file' (type detection) with 'ls -l' (permission display).

How to eliminate wrong answers

Option A is wrong because 'stat' shows detailed file metadata (inode, timestamps, etc.) but does not display permissions and ownership in a concise, human-readable format like 'ls -l'. Option C is wrong because 'file' determines the file type (e.g., ELF binary, script) but does not show permissions or ownership. Option D is wrong because 'chmod' is used to change permissions, not to view them; running it without a mode argument will produce an error.

323
MCQeasy

A help desk technician receives a complaint that a shared file in /opt/app/data cannot be read by any user except root. The file permissions are -rw-------. Which command will allow the group 'developers' to read the file?

A.chmod o+r /opt/app/data
B.chmod 644 /opt/app/data
C.chmod g+r /opt/app/data
D.chown :developers /opt/app/data
AnswerC

This adds read permission specifically for the group, which is the minimal required change.

Why this answer

The file currently has permissions `-rw-------`, meaning only the owner (root) has read and write access. To allow the group 'developers' to read the file, you need to add read permission for the group. The command `chmod g+r /opt/app/data` adds read permission for the group, which is the correct approach.

This directly addresses the requirement without altering other permissions unnecessarily.

Exam trap

The trap here is that examinees often confuse changing group ownership (`chown :developers`) with granting group permissions (`chmod g+r`), or they mistakenly apply permissions to 'others' (`o+r`) instead of the group, failing to realize that the group must have explicit read permission to access the file.

How to eliminate wrong answers

Option A is wrong because `chmod o+r` adds read permission for 'others' (users not the owner and not in the group), not for the group 'developers'. Option B is wrong because `chmod 644` sets permissions to `-rw-r--r--`, which gives read access to both group and others, but it also removes any existing special permissions (like setuid/setgid) and does not specifically target only the group; it is overly broad and changes the owner's permissions unnecessarily. Option D is wrong because `chown :developers /opt/app/data` changes the group ownership of the file to 'developers', but it does not change the file's permissions; the file still has `-rw-------`, so even after changing the group, members of 'developers' still cannot read the file because no group read permission is set.

324
MCQeasy

A small business owner wants to ensure that employees cannot install unauthorized browser extensions on company-managed Windows 10 computers. Which method should you use to enforce this restriction?

A.Enable private browsing mode in each browser
B.Configure Group Policy to block extension installation
C.Set the browser homepage to a company-approved site
D.Install an ad-blocker extension
AnswerB

Group Policy allows administrators to enforce browser settings across all domain-joined computers.

Why this answer

Group Policy allows administrators to centrally manage Windows settings, including browser policies. By configuring the 'Block installation of extensions' policy under Administrative Templates for each browser (e.g., Chrome, Edge), you can prevent users from installing unauthorized extensions on company-managed Windows 10 computers.

Exam trap

The trap here is that candidates may confuse browser security features (like private browsing or homepage settings) with actual policy-based controls, overlooking that only Group Policy or registry-based policies can centrally enforce restrictions on extension installation in a managed environment.

How to eliminate wrong answers

Option A is wrong because enabling private browsing mode only prevents the browser from storing history, cookies, and form data; it does not restrict extension installation. Option C is wrong because setting the browser homepage to a company-approved site only controls the default startup page, not the ability to install extensions. Option D is wrong because installing an ad-blocker extension does not enforce a restriction; it is itself an extension and does not prevent other extensions from being installed.

325
MCQhard

A technician is decommissioning a server room and finds several old cathode ray tube (CRT) monitors that still work. The company wants to dispose of them responsibly. What should the technician do?

A.Sell the monitors to a local thrift store for reuse.
B.Break the glass tubes to reduce volume and then place them in a dumpster.
C.Contact a certified CRT recycler for pickup and recycling.
D.Donate the monitors to a school art department for projects.
AnswerC

This is correct because certified recyclers have the equipment to safely extract lead and other materials, complying with environmental laws.

Why this answer

CRT monitors contain leaded glass and other hazardous materials (e.g., phosphors, barium) that are classified as universal waste under the Resource Conservation and Recovery Act (RCRA). Disposing of them in a dumpster or donating them for non-certified reuse can violate environmental regulations. A certified CRT recycler ensures the monitors are dismantled safely, with leaded glass separated and recycled in compliance with EPA guidelines.

Exam trap

The trap here is that candidates assume 'reuse' or 'donation' is always environmentally friendly, but Cisco tests that CRTs are hazardous e-waste requiring certified recycling, not just any second-hand use.

How to eliminate wrong answers

Option A is wrong because thrift stores typically lack the certification to handle hazardous e-waste; selling CRTs for reuse may still lead to improper disposal later and does not guarantee responsible end-of-life management. Option B is wrong because breaking the glass tubes releases toxic lead dust and phosphor powder, creating an immediate health hazard and violating RCRA rules against land disposal of hazardous waste. Option D is wrong because school art departments are not equipped to safely handle or dispose of leaded glass; using CRTs for art projects still results in eventual improper disposal and potential environmental contamination.

326
MCQeasy

During a security incident, a technician needs to verify whether a specific application was granted camera and microphone permissions on a macOS computer. Which macOS tool should they use to check these privacy settings?

A.Keychain Access
B.System Settings > Privacy & Security
C.Console
D.Terminal with 'tccutil' command
AnswerB

This is the correct location to view and manage app permissions for camera, microphone, and other privacy-sensitive features.

Why this answer

System Settings > Privacy & Security is the correct tool because macOS centralizes all privacy-related permissions—including camera and microphone access—in this GUI panel. The technician can navigate to the specific application under the Camera and Microphone sub-sections to verify granted permissions. This is the standard, user-facing interface for managing privacy controls on macOS.

Exam trap

The trap here is that candidates may confuse the 'tccutil' command (Option D) as a tool for checking permissions, when in fact it is only used for resetting or modifying the TCC database, not for viewing current permissions.

How to eliminate wrong answers

Option A is wrong because Keychain Access manages passwords, certificates, and secure notes, not application permissions for hardware like the camera or microphone. Option C is wrong because Console displays system logs and diagnostic messages, not privacy settings or permission states. Option D is wrong because while the 'tccutil' command can reset privacy permissions via Terminal, it is not designed to simply check or view current permissions; it requires administrative privileges and is used for bulk resets, not verification.

327
MCQhard

A user reports that their cloud-based virtual desktop (VDI) is disconnecting frequently. The user's internet connection is stable, and other cloud services work fine. The technician checks the VDI's resource usage and finds that the virtual machine's RAM is consistently at 95% usage. What should the technician do to resolve the disconnections?

A.Reduce the amount of RAM allocated to the VDI.
B.Increase the amount of RAM allocated to the VDI.
C.Reinstall the VDI client software on the user's device.
D.Enable GPU acceleration for the VDI.
AnswerB

Increasing RAM gives the VM more memory to work with, reducing the likelihood of unresponsiveness and disconnections.

Why this answer

This scenario tests advanced troubleshooting of VDI performance. High memory usage can cause the VM to become unresponsive, leading to disconnections. Increasing the VM's RAM allocation directly addresses the resource bottleneck.

Reducing RAM would worsen the problem, and network or GPU issues are not indicated.

328
MCQmedium

A technician is troubleshooting a user's inability to access a specific website. The user can access other websites without issue. The technician wants to check the route packets take to the problematic server and identify where the connection fails. Which command should be used?

A.ping -t example.com
B.tracert example.com
C.nslookup example.com
D.netstat -an
AnswerB

Traces the route and displays each hop, ideal for identifying where connectivity fails.

Why this answer

The `tracert` command (short for 'trace route') is the correct tool because it sends ICMP Echo Request packets with incrementally increasing TTL (Time to Live) values, causing each router along the path to reply with an ICMP Time Exceeded message. This reveals the exact hop-by-hop path to the destination and pinpoints where the connection fails, which is precisely what the technician needs to diagnose a site-specific outage.

Exam trap

CompTIA A+ often tests the distinction between connectivity testing (`ping`) and path discovery (`tracert`), trapping candidates who think `ping -t` is sufficient for route analysis, when it only verifies end-to-end reachability without hop-by-hop detail.

How to eliminate wrong answers

Option A is wrong because `ping -t` continuously sends ICMP Echo Requests to the target; it only confirms reachability or loss, but does not show the route or identify which hop is failing. Option C is wrong because `nslookup` is a DNS query tool that resolves a domain name to an IP address; it does not test network path or routing. Option D is wrong because `netstat -an` displays active network connections, listening ports, and protocol statistics on the local machine; it provides no information about the path packets take to a remote server.

329
MCQhard

During a security audit, you find that a server room door has a standard key lock, but the key is kept in an unlocked drawer nearby. Which physical security principle is being violated?

A.Least privilege
B.Defense in depth
C.Separation of duties
D.Change management
AnswerB

Defense in depth means using multiple layers of security; storing the key insecurely removes the protection of the lock.

Why this answer

The principle of defense in depth requires multiple layers of security. Storing the key in an unlocked drawer negates the door lock, creating a single point of failure. Proper key management is essential.

330
MCQmedium

A technician receives an angry email from a user claiming that the technician's previous fix made their computer worse. The technician knows the fix was correct. Which response is MOST professional?

A.Reply with a detailed technical explanation proving the fix was right.
B.Ignore the email to avoid an argument.
C.Apologize for the inconvenience and schedule a time to revisit the issue.
D.Forward the email to the user's manager to complain about the user's tone.
AnswerC

This de-escalates the situation and shows willingness to help, even if the original fix was correct.

Why this answer

Option C is correct because the most professional response in this scenario is to de-escalate the situation by acknowledging the user's frustration and offering to re-engage on the issue. Even if the technician's fix was technically correct, the user's perception of a problem is a valid concern that must be addressed to maintain trust and service quality. Scheduling a follow-up allows the technician to re-evaluate the system, verify that no other changes have affected the computer, and provide reassurance, which aligns with ITIL best practices for incident management and customer service.

Exam trap

CompTIA often tests the candidate's ability to prioritize emotional intelligence and de-escalation over technical accuracy, trapping those who think proving the fix was right (Option A) is the most professional response, when in fact it ignores the user's perspective and can damage the customer relationship.

How to eliminate wrong answers

Option A is wrong because replying with a detailed technical explanation, while factually accurate, is likely to be perceived as defensive and condescending, escalating the conflict rather than resolving the user's emotional concern; professionalism requires empathy over technical correctness. Option B is wrong because ignoring the email is a form of avoidance that neglects the user's complaint, potentially damaging the technician's reputation and the IT department's credibility, and it fails to address any underlying issue that may have arisen from the fix or subsequent changes. Option D is wrong because forwarding the email to the user's manager to complain about the user's tone is unprofessional, violates confidentiality, and shifts blame instead of focusing on problem resolution; it undermines the technician's role as a service provider and could create unnecessary workplace conflict.

331
MCQhard

A company deploys a fleet of Android tablets that need to be configured so that only pre-approved apps can be installed, and the Google Play Store must be hidden from users. The tablets are not enrolled in an MDM. Which Android feature can be used to achieve this without third-party software?

A.Enable Guest Mode and restrict app installation via parental controls.
B.Use a free kiosk app that utilizes Android's Lock Task Mode to pin approved apps and hide the launcher.
C.Boot the device into Safe Mode and disable the Play Store from there.
D.Remove the Google account from the device and disable the Play Store via Settings > Apps.
AnswerB

Using a free kiosk app constitutes third-party software, which contradicts the 'without third-party software' requirement. The underlying Lock Task Mode is native, but the option explicitly suggests using an app, making it incorrect.

Why this answer

None of the provided options achieve the desired configuration without third-party software. Option B mentions using a free kiosk app, which is a third-party software, thus violating the requirement. The correct approach would be to use Android's native Lock Task Mode directly via Developer Options or Android Management APIs, which does not require any third-party app.

The other options (A, C, D) do not restrict app installation to pre-approved apps or are reversible.

Exam trap

Candidates may assume that using a kiosk app is necessary for Lock Task Mode, but the feature is native and can be configured directly without additional software.

How to eliminate wrong answers

Option A is wrong because Guest Mode and parental controls do not hide the Play Store or prevent installation of new apps; they only limit certain actions and can be bypassed by the user. Option C is wrong because Safe Mode is a diagnostic mode that disables third-party apps, not a configuration tool for permanently hiding the Play Store or restricting app installations. Option D is wrong because simply removing the Google account and disabling the Play Store via Settings > Apps does not prevent the user from re-enabling the Play Store or installing apps from other sources; it is a reversible user-level setting, not a locked-down configuration.

332
MCQmedium

A technician is setting up a wireless network for a small office that handles sensitive client data. The office has a mix of modern laptops and a few legacy printers that only support WEP. What should the technician do to maintain security while keeping the printers functional?

A.Enable WEP on the main router and set a complex 128-bit key.
B.Replace the printers with modern ones that support WPA2.
C.Create a separate VLAN for the printers using WEP and a strong passphrase, and keep the main network on WPA2.
D.Set the router to mixed mode (WEP + WPA2) and use a single SSID.
AnswerC

Correct. This isolates the insecure WEP traffic to the printer VLAN, protecting the main network and sensitive data.

Why this answer

Option C is correct because it isolates the insecure WEP-based printers on a separate VLAN, preventing their weak encryption from compromising the main network which uses WPA2. This allows the legacy printers to remain functional while sensitive client data on the main network is protected by the stronger WPA2 protocol.

Exam trap

The trap here is that candidates often think mixed mode (WEP + WPA2) is a valid compromise, but CompTIA A+ tests the understanding that mixed mode on a single SSID downgrades security for all devices, whereas VLAN segmentation isolates the weak protocol without affecting the secure network.

How to eliminate wrong answers

Option A is wrong because WEP is fundamentally broken and can be cracked in minutes using tools like aircrack-ng, regardless of key length; a complex 128-bit key does not fix the underlying RC4 cipher weaknesses. Option B is wrong because replacing functional printers is an unnecessary cost and not a network configuration solution; the question asks how to maintain security while keeping the printers functional. Option D is wrong because mixed mode (WEP + WPA2) on a single SSID forces all clients to use the lowest common denominator security, allowing attackers to downgrade modern clients to WEP and compromise the entire network.

333
MCQeasy

A technician is configuring a company-issued iPhone for a new employee. After setting up the email account, the employee says they cannot receive emails, but they can send them. Which setting should the technician check first?

A.The outgoing mail server (SMTP) settings.
B.The incoming mail server (IMAP/POP3) settings.
C.The device's date and time settings.
D.The phone's VPN configuration.
AnswerB

Incorrect incoming server settings prevent the phone from retrieving emails, which matches the symptom.

Why this answer

The symptom—able to send but not receive emails—indicates a problem with the incoming mail server configuration. Sending uses SMTP (outgoing), while receiving uses IMAP or POP3 (incoming). The technician should first verify the incoming mail server settings (server hostname, port, SSL/TLS, and authentication) because a misconfiguration there would prevent the device from downloading new messages.

Exam trap

CompTIA often tests the distinction between incoming and outgoing mail protocols, and the trap here is that candidates mistakenly focus on SMTP (outgoing) because they think 'send' and 'receive' are handled by the same server, when in fact they use separate protocols and settings.

How to eliminate wrong answers

Option A is wrong because the outgoing mail server (SMTP) settings are responsible for sending emails, which the employee can already do successfully, so checking SMTP would not resolve the receive issue. Option C is wrong because incorrect date and time settings can cause SSL/TLS certificate validation failures for both sending and receiving, but the employee can send emails, indicating that the device's time is likely correct or at least not the primary cause of the receive-only failure. Option D is wrong because a VPN configuration issue would typically affect all network traffic or specific app connectivity, not selectively block incoming email while allowing outgoing email; email protocols operate independently of VPN unless the VPN is misconfigured to block specific ports.

334
MCQhard

You are troubleshooting a Windows 10 PC that fails to boot with the error 'Boot Configuration Data is missing.' Which built-in tool can you use from the Windows Recovery Environment to rebuild the BCD store?

A.System File Checker (sfc /scannow)
B.Diskpart
C.Bootrec.exe
D.CHKDSK
AnswerC

Bootrec.exe with the /rebuildbcd switch scans for Windows installations and rebuilds the BCD store, fixing the missing BCD error.

Why this answer

Bootrec.exe is the correct built-in tool for rebuilding the Boot Configuration Data (BCD) store from the Windows Recovery Environment (WinRE). The specific command 'bootrec /rebuildbcd' scans all disks for Windows installations and allows you to rebuild the BCD store, directly addressing the 'Boot Configuration Data is missing' error. Other tools like SFC, Diskpart, and CHKDSK do not have the capability to reconstruct the BCD store.

Exam trap

The trap here is that candidates often confuse System File Checker (SFC) as a universal repair tool, but it cannot fix boot configuration issues because the BCD store is not a system file protected by Windows File Protection.

How to eliminate wrong answers

Option A is wrong because System File Checker (sfc /scannow) scans and repairs protected system files, but it does not interact with or rebuild the BCD store, which is a separate boot configuration database. Option B is wrong because Diskpart is a disk partitioning tool used to manage volumes and partitions, not to repair boot configuration data; it cannot rebuild the BCD store. Option D is wrong because CHKDSK checks the file system for integrity and fixes logical disk errors, but it has no mechanism to rebuild or repair the BCD store, which is stored in a hidden system partition.

335
MCQeasy

A customer's iPhone is experiencing frequent app crashes and the device feels warm to the touch. They have not installed any new apps recently. What is the most likely cause?

A.The device has a virus or malware.
B.The battery is failing and needs replacement.
C.The operating system needs to be updated.
D.Too many apps are running in the background.
AnswerC

Outdated iOS versions often contain bugs that cause apps to crash and the device to overheat; updating can resolve these issues.

Why this answer

Overheating in mobile devices often leads to performance throttling and app instability. This scenario suggests a resource-intensive background process or a failing battery, but the most common cause of overheating and crashes without new apps is an outdated OS with known bugs. Keeping iOS updated resolves many stability issues.

336
MCQmedium

During a security audit, a technician discovers that an employee has been using a third-party remote desktop tool without IT approval. The employee claims it was necessary to access a legacy application. Which security risk is most directly associated with unauthorized remote access tools?

A.Increased bandwidth usage
B.Man-in-the-middle attacks
C.Compatibility issues with the operating system
D.Increased licensing costs
AnswerB

Unauthorized tools may not use strong encryption, exposing sessions to interception and manipulation.

Why this answer

Unauthorized remote desktop tools often lack the encryption and authentication controls found in approved solutions like SSH or RDP with Network Level Authentication. This exposes the connection to man-in-the-middle attacks, where an attacker can intercept, decrypt, or modify the traffic between the employee's workstation and the legacy application server, potentially capturing credentials or sensitive data.

Exam trap

CompTIA often tests the distinction between operational issues (bandwidth, compatibility, cost) and actual security threats, so candidates mistakenly choose a non-security answer like increased bandwidth usage because it sounds like a plausible downside of remote access tools.

How to eliminate wrong answers

Option A is wrong because increased bandwidth usage is a performance concern, not a direct security risk, and unauthorized remote tools may actually use less bandwidth than approved ones. Option C is wrong because compatibility issues with the operating system are a functional problem, not a security risk, and the employee's claim of needing access to a legacy application suggests compatibility was achieved, not a risk. Option D is wrong because increased licensing costs are a financial or compliance issue, not a security risk, and unauthorized tools typically avoid licensing fees altogether.

337
MCQhard

A technician is updating the documentation for a server that had its RAID controller replaced. The technician must ensure that future technicians can quickly identify the new hardware configuration. Which type of documentation should be updated?

A.The network topology diagram.
B.The change management log.
C.The server's asset inventory record.
D.The knowledge base article for RAID troubleshooting.
AnswerC

The asset inventory or CMDB stores hardware specifications, making it easy for future technicians to identify the RAID controller.

Why this answer

The server's asset inventory record (Option C) is the correct documentation to update because it contains the detailed hardware configuration of the server, including the RAID controller model, firmware version, and disk layout. Future technicians rely on this record to quickly identify the exact hardware components without having to physically inspect the server or dig through logs. Updating the asset inventory ensures that the documented configuration matches the actual hardware, which is critical for troubleshooting, warranty claims, and future upgrades.

Exam trap

CompTIA often tests the distinction between operational documentation (like asset inventory) and process documentation (like change logs or knowledge bases), and the trap here is that candidates confuse the change management log (which tracks the change event) with the hardware configuration record (which documents the resulting state).

How to eliminate wrong answers

Option A is wrong because a network topology diagram shows how devices are connected on the network (e.g., switches, routers, IP subnets), not the internal hardware components of a server like a RAID controller. Option B is wrong because the change management log records the approval and timeline of changes (e.g., who authorized the replacement, when it occurred), but it does not serve as a quick-reference for the new hardware configuration. Option D is wrong because a knowledge base article for RAID troubleshooting provides generic guidance on resolving RAID issues, not the specific hardware details of this particular server's RAID controller.

338
MCQhard

A technician is troubleshooting a network issue for a remote employee. The employee's internet connection is unstable, and the technician suspects the home router. The employee is not technical and becomes defensive when the technician asks about their router setup. Which approach is MOST effective?

A.Tell the employee that their router is probably cheap and needs replacement.
B.Say, 'Let's work together to check a few things on your router to improve your connection.'
C.Ask the employee to run a command prompt command without explanation.
D.Escalate the issue to a senior technician without further attempts.
AnswerB

This collaborative language reduces blame and invites cooperation.

Why this answer

Option B is correct because it uses a collaborative, non-confrontational approach that respects the employee's lack of technical knowledge and defuses defensiveness. By saying 'Let's work together,' the technician invites the employee to participate without blame, making it easier to guide them through checking the router's configuration (e.g., verifying Wi-Fi channel congestion, checking for firmware updates, or reviewing DHCP lease times) without requiring the employee to understand technical details. This aligns with CompTIA's emphasis on professionalism and effective communication in remote troubleshooting.

Exam trap

CompTIA often tests the candidate's ability to choose the most professional and effective communication strategy in a stressful or non-technical user scenario, where the trap is that candidates may select a technically correct but socially inappropriate option (like A or C) because they focus on the technical fix rather than the human interaction required to achieve it.

How to eliminate wrong answers

Option A is wrong because telling the employee their router is 'probably cheap and needs replacement' is dismissive, insulting, and fails to diagnose the actual issue; it assumes hardware fault without evidence and can damage trust, making the employee less cooperative. Option C is wrong because asking a non-technical employee to run a command prompt command without explanation (e.g., 'ipconfig /flushdns' or 'ping 8.8.8.8') creates confusion and anxiety, and the employee may misinterpret or incorrectly execute the command, leading to wasted time or further issues. Option D is wrong because escalating to a senior technician without attempting any troubleshooting abdicates the technician's responsibility and fails to leverage the opportunity to resolve the issue with basic communication and guidance, which is inefficient and unprofessional.

339
MCQmedium

A technician is troubleshooting an Android device that cannot receive SMS messages, though data and calls work fine. The user recently installed a messaging app from an unknown source. Which mobile OS feature should be checked first?

A.Verify that the device is not in Airplane Mode
B.Check the 'Default SMS app' setting in Apps & Notifications
C.Clear the cache of the Phone app
D.Disable Google Play Protect
AnswerB

If the default SMS app is misconfigured or incompatible, SMS delivery fails; resetting to the native app often resolves this.

Why this answer

The core issue is that SMS messages are not being received, while data and calls work fine. On Android, SMS routing is handled by a designated 'Default SMS app.' If a third-party messaging app from an unknown source was recently installed, it may have claimed this role, but misconfigured or lacks the necessary permissions (e.g., SMS permissions) to properly receive messages. Checking the 'Default SMS app' setting under Apps & Notifications is the first logical step to ensure the correct app is assigned to handle SMS, as Android will only deliver incoming SMS to the designated default app.

Exam trap

CompTIA often tests the misconception that SMS issues are always related to network connectivity or Airplane Mode, but the real trap here is that Android's SMS routing is app-dependent, and a third-party app can hijack the default SMS role without the user's awareness, causing SMS to fail while other services work.

How to eliminate wrong answers

Option A is wrong because Airplane Mode disables all cellular radios, which would also prevent data and calls from working; since data and calls are functioning, Airplane Mode is not the cause. Option C is wrong because the Phone app handles voice calls and its cache is unrelated to SMS message routing or reception; clearing it would not resolve a missing default SMS app issue. Option D is wrong because Google Play Protect scans apps for malware but does not control SMS routing or permissions; disabling it would not fix the SMS delivery problem and could actually reduce security.

340
MCQeasy

A small business owner calls for support because all of their files on the server have been renamed with a .encrypted extension, and a text file named 'README_TO_DECRYPT.txt' appears on the desktop demanding a Bitcoin payment. What is the first step the technician should take?

A.Pay the ransom to get the decryption key immediately.
B.Disconnect the server from the network.
C.Run a full antivirus scan on the server.
D.Restore files from a recent backup immediately.
AnswerB

Disconnecting the server stops the ransomware from encrypting additional files and spreading to other systems.

Why this answer

The first step in a ransomware incident is to isolate the infected system from the network to prevent the malware from spreading to other devices. Paying the ransom is discouraged as it does not guarantee data recovery and funds criminal activity. After isolation, the technician can assess the damage and attempt recovery from backups.

341
MCQmedium

Your company's security policy requires that all workstations have the latest Windows security updates installed. You need to verify the update history on a user's Windows 10 PC to ensure no critical updates are missing. Which tool should you use?

A.Windows Update
B.Event Viewer
C.System Information
D.Reliability Monitor
AnswerA

Windows Update provides a history of installed updates and allows you to check for missing updates.

Why this answer

Windows Update settings (in Settings app or old Control Panel) shows update history, including installed updates and their dates. This is the standard way to check which updates have been applied.

342
MCQmedium

A user's iPhone 13 suddenly shows a black screen with a spinning gear icon after an iOS update. The device does not respond to touch or button presses. What is the most likely cause and the correct first step?

A.The battery is dead; connect to a charger and wait.
B.Force restart the iPhone by pressing and releasing Volume Up, then Volume Down, then holding the Side button until the Apple logo appears.
C.Place the device in DFU mode and restore via Finder.
D.The screen is damaged; replace the display assembly.
AnswerB

This force restart sequence is the correct procedure for iPhone 8 and later models to exit a frozen update state.

Why this answer

The black screen with a spinning gear icon after an iOS update indicates the device is stuck in a boot loop or update process, not a hardware failure. A force restart (Volume Up, Volume Down, hold Side button) is the correct first step because it forces the iPhone to reboot without erasing data, often resolving temporary software hangs. This sequence is specific to iPhone 7 and later models, including the iPhone 13, and bypasses unresponsive touch or button inputs.

Exam trap

CompTIA often tests the distinction between a force restart and DFU mode, where candidates mistakenly jump to DFU restore (Option C) as the first step, not realizing that a force restart is a non-destructive recovery method that resolves most post-update boot loops.

How to eliminate wrong answers

Option A is wrong because a dead battery would show a black screen without the spinning gear icon, and the device would respond to a charger by displaying a low-battery indicator; the gear icon indicates the OS is partially active. Option C is wrong because DFU mode and restore via Finder is a more drastic step that erases all data and should only be attempted after simpler recovery methods like force restart fail; it is not the first step. Option D is wrong because a damaged display would typically show physical cracks, discoloration, or no image at all, not a spinning gear icon, and the device would still respond to button presses or sounds.

343
MCQhard

A security audit reveals that a Windows 10 workstation has an unauthorized local user account. You need to remove this account from the command line without using the GUI. Which command should you use?

A.net localgroup Administrators UnauthorizedUser /delete
B.net user UnauthorizedUser /delete
C.wmic useraccount where name='UnauthorizedUser' delete
D.gpresult /r
AnswerB

Correct. net user /delete removes the specified user account from the system.

Why this answer

The `net user UnauthorizedUser /delete` command correctly removes a local user account from the command line. The `net user` command is designed to manage local user accounts, and the `/delete` switch removes the specified account from the local Security Accounts Manager (SAM) database. This is the standard Windows CLI tool for deleting a local user without using the GUI.

Exam trap

CompTIA often tests the distinction between deleting a user account (`net user /delete`) and removing a user from a group (`net localgroup /delete`), trapping candidates who confuse group membership removal with account deletion.

How to eliminate wrong answers

Option A is wrong because `net localgroup Administrators UnauthorizedUser /delete` removes the user from the Administrators group, not the user account itself; the account remains on the system. Option C is wrong because `wmic useraccount where name='UnauthorizedUser' delete` is a valid command for deleting a user account via WMI, but the question specifically asks for a command that removes the account, and `net user /delete` is the more direct and commonly tested CLI method; however, the primary reason it is not the best answer is that the exam expects `net user` for this task, and `wmic` is deprecated in newer Windows versions. Option D is wrong because `gpresult /r` displays Resultant Set of Policy (RSoP) data for Group Policy, not user account management.

344
MCQeasy

A company wants to allow external contractors to access a specific internal web application without installing any client software. Which remote access technology best meets this requirement?

A.VPN with a client
B.Remote Desktop Protocol
C.Reverse proxy
D.SSH
AnswerC

A reverse proxy allows access to web applications through a standard browser without additional software.

Why this answer

A reverse proxy is the correct choice because it allows external contractors to access a specific internal web application through a public-facing proxy server without requiring any client software installation. The reverse proxy terminates the external connection and forwards requests to the internal web server, handling authentication and encryption at the proxy layer, which meets the requirement of zero client-side setup.

Exam trap

The trap here is that candidates often confuse 'remote access' with VPN or RDP, assuming any secure remote connection requires a client, but the question specifically tests the understanding that a reverse proxy provides application-layer access without client software, unlike VPN or RDP which require dedicated clients.

How to eliminate wrong answers

Option A is wrong because a VPN with a client requires installing and configuring VPN client software on the contractor's device, which violates the 'without installing any client software' requirement. Option B is wrong because Remote Desktop Protocol (RDP) requires a client application (such as Microsoft Remote Desktop Client) to be installed on the accessing device, and it provides full desktop access rather than access to a specific web application. Option D is wrong because SSH is a protocol for secure command-line access to remote systems, typically requiring an SSH client (like PuTTY or OpenSSH) to be installed, and it does not natively provide web application access without additional tunneling or port forwarding.

345
MCQmedium

A user's browser is displaying a warning that the website's certificate is not trusted, even though the URL is correct. The technician checks the date and time on the computer and finds it is set to 2019. What is the most likely cause of the certificate warning?

A.The website's SSL certificate has been revoked.
B.The browser's certificate store is corrupted.
C.The system date is incorrect, causing certificate validation to fail.
D.The user is connected to a malicious proxy.
AnswerC

SSL certificates rely on accurate date/time; a mismatch causes the browser to reject the certificate as invalid.

Why this answer

The system date is set to 2019, which is outside the certificate's validity period. SSL/TLS certificates have a specific notBefore and notAfter date range; when the client's clock is outside this range, the browser rejects the certificate as untrusted. This is the most direct and common cause of the warning given the symptom and the technician's finding.

Exam trap

CompTIA A+ often tests the candidate's ability to distinguish between certificate revocation, corruption, and simple date/time misconfiguration, trapping those who overthink the problem or assume a security breach (like a proxy) when the most basic setting is wrong.

How to eliminate wrong answers

Option A is wrong because a revoked certificate would trigger a different warning (e.g., 'certificate revoked') and is not caused by an incorrect system date; revocation is checked via CRL or OCSP, not local clock. Option B is wrong because a corrupted certificate store would cause failures across many sites, not just one, and the date issue is a specific, isolated cause. Option D is wrong because a malicious proxy would typically present a different certificate or cause a different error (e.g., name mismatch or untrusted root), not a date-related warning, and the technician already found the date is incorrect.

346
MCQeasy

A user on an Android tablet reports that the Google Play Store is not downloading any apps, showing an error message about insufficient storage. The device's storage settings show 2GB free. What should you do first?

A.Factory reset the tablet.
B.Clear the cache and data of the Google Play Store app.
C.Uninstall large apps to free up more storage.
D.Check for a system update.
AnswerB

This clears corrupted temporary files that may be causing the error, and is a safe first step.

Why this answer

Clearing the cache and data of the Google Play Store app is the correct first step because the error message about insufficient storage, despite 2GB free, often indicates a corrupted cache or data within the Play Store itself. This corruption can cause the Play Store to misreport storage availability or fail to initialize downloads. Clearing these app-specific files forces the Play Store to rebuild its state, resolving the false positive without affecting user data or requiring additional free space.

Exam trap

CompTIA often tests the misconception that 'insufficient storage' errors always require freeing up physical space, when in reality the error can stem from a corrupted app cache that misreports storage, making clearing the cache the correct first step rather than deleting apps.

How to eliminate wrong answers

Option A is wrong because a factory reset is a drastic, last-resort measure that wipes all user data and settings; it is not appropriate for a software-level issue like a corrupted Play Store cache, which can be resolved with a targeted app data clear. Option C is wrong because uninstalling large apps to free up more storage addresses a genuine lack of space, but the device already shows 2GB free, which should be sufficient for most app downloads; the problem is a false storage detection, not actual insufficient capacity. Option D is wrong because checking for a system update is a general maintenance step that does not directly fix a corrupted Play Store cache or data; while updates can resolve bugs, the immediate symptom of a false storage error is best addressed by clearing the app's local data first.

347
MCQhard

A company's network was breached, and forensic analysis reveals that an attacker used a pass-the-hash attack to move laterally. Which security measure would most effectively prevent this type of attack in the future?

A.Require all users to change passwords every 30 days.
B.Implement network segmentation and firewall rules.
C.Enable Windows Defender Credential Guard.
D.Disable NTLM authentication entirely.
AnswerC

Credential Guard protects credential hashes by storing them in a virtualized container, preventing pass-the-hash attacks.

Why this answer

Windows Defender Credential Guard uses virtualization-based security (VBS) to isolate and protect NTLM password hashes and Kerberos tickets in a secure container, preventing attackers from extracting them from LSASS memory even if they have administrative access. This directly stops pass-the-hash attacks because the hashes are never accessible to the operating system or tools like Mimikatz.

Exam trap

CompTIA often tests the misconception that network segmentation or disabling NTLM alone stops pass-the-hash, but the core issue is protecting the hash in memory, which only Credential Guard (or equivalent) addresses.

How to eliminate wrong answers

Option A is wrong because frequent password changes do not prevent pass-the-hash attacks; the attacker uses the hash of the current password, and changing passwords every 30 days does not protect the hash stored in memory during an active session. Option B is wrong because network segmentation and firewall rules can limit lateral movement but do not prevent the extraction or reuse of password hashes from a compromised host; the attacker can still move within the allowed segment. Option D is wrong because disabling NTLM authentication entirely is often impractical due to legacy application dependencies, and pass-the-hash attacks can also target Kerberos tickets (pass-the-ticket), so this measure is not comprehensive and may break critical services.

348
MCQmedium

A small office has a UPS that emits a loud beeping sound and a burning smell. The technician suspects the battery is overheating. What is the correct immediate action?

A.Replace the battery while the UPS is still plugged in.
B.Unplug the UPS and move it to an open, well-ventilated area.
C.Reset the UPS by pressing the power button.
D.Spray the UPS with a fire extinguisher.
AnswerB

This removes the power source and reduces the risk of fire or fume inhalation.

Why this answer

The correct immediate action is to unplug the UPS and move it to an open, well-ventilated area. A burning smell combined with loud beeping indicates a critical thermal runaway condition in the battery, which can lead to fire or explosion. Disconnecting the UPS from mains power stops the charging current that is likely exacerbating the overheating, and moving it to a ventilated area reduces the risk of toxic gas accumulation and fire spread.

Exam trap

CompTIA often tests the misconception that resetting the UPS or replacing the battery while powered on is a safe troubleshooting step, when in fact the immediate priority is to isolate the hazard by disconnecting power and ventilating the area.

How to eliminate wrong answers

Option A is wrong because replacing a battery while the UPS is still plugged in exposes the technician to high DC voltage (typically 12V–48V) and the risk of short circuits or electric shock, and the continued charging current could accelerate thermal runaway. Option C is wrong because resetting the UPS by pressing the power button does not address the underlying overheating battery; it may briefly silence the alarm but will not stop the chemical reaction causing the burning smell, and could even restart charging. Option D is wrong because spraying a UPS with a fire extinguisher, especially a CO2 or dry chemical type, can damage sensitive electronics, create a conductive residue, and is not the correct first response; the priority is to disconnect power and ventilate, not to apply an extinguisher to a device that is not yet on fire.

349
MCQhard

During a network upgrade, a technician finds a box of old NICs, cables, and small electronic components that are no longer needed. The company has no formal e-waste policy. What should the technician do?

A.Throw the items in the dumpster since they are small and the company has no policy.
B.Store the items indefinitely in a closet until a policy is created.
C.Research local e-waste recycling facilities and present a disposal plan to the manager for approval.
D.Sell the items online as a lot to a recycler.
AnswerC

This demonstrates environmental responsibility and helps the company establish a proper e-waste process. It is the correct professional approach.

Why this answer

Option C is correct because, in the absence of a formal e-waste policy, the technician must act responsibly by researching local e-waste recycling facilities and presenting a disposal plan to the manager for approval. This aligns with environmental best practices and regulatory compliance, as improper disposal of electronic components can violate local laws and harm the environment. The technician should not unilaterally dispose of or sell the items without management authorization.

Exam trap

CompTIA often tests the trap that 'no policy means no rules,' leading candidates to choose Option A or B, but the correct approach is to proactively research and propose a compliant disposal plan rather than ignoring the issue or taking unilateral action.

How to eliminate wrong answers

Option A is wrong because throwing e-waste in a dumpster is illegal in many jurisdictions due to hazardous materials like lead, mercury, and cadmium found in NICs and electronic components; it also violates environmental responsibility even without a formal policy. Option B is wrong because storing items indefinitely in a closet is not a sustainable solution and can lead to safety hazards, space issues, and potential regulatory non-compliance if the items contain hazardous materials. Option D is wrong because selling e-waste online to a recycler without management approval and without vetting the recycler's compliance with environmental regulations could expose the company to liability and data security risks, as NICs may retain network configuration data.

350
MCQmedium

A user reports that their cloud-synced files are not appearing on their laptop after a recent OS reinstall. The technician verifies that the cloud storage account is active and the internet connection works. Which of the following is the most likely reason for the missing files?

A.The cloud storage provider has deleted the files due to inactivity
B.The user's account is not licensed for the cloud service
C.The local sync client is configured for selective sync and not downloading all folders
D.The laptop's hard drive is full
AnswerC

After a reinstall, the sync client defaults to selective sync settings, which may exclude some folders from downloading to the laptop.

Why this answer

Cloud storage clients use a local cache to sync files. After an OS reinstall, the client must re-download files from the cloud, but if selective sync is enabled, only certain folders are synced. The user may need to adjust sync settings to restore all files.

This tests understanding of cloud storage synchronization behavior.

351
MCQmedium

A company's IT policy requires that all wireless connections use certificate-based authentication to prevent unauthorized access. The network is currently using WPA2-PSK. Which configuration change is necessary to meet this policy?

A.Enable MAC address filtering on the access point.
B.Upgrade to WPA3-Personal.
C.Switch to WPA2-Enterprise and configure a RADIUS server.
D.Change the encryption from AES to TKIP.
AnswerC

WPA2-Enterprise supports 802.1X authentication, which can use certificates issued by a RADIUS server, meeting the policy requirement.

Why this answer

Option C is correct because the policy requires certificate-based authentication, which is a feature of WPA2-Enterprise (802.1X). WPA2-Enterprise uses a RADIUS server to validate certificates and authenticate users individually, replacing the pre-shared key (PSK) model. This meets the requirement for certificate-based authentication to prevent unauthorized access.

Exam trap

Cisco often tests the distinction between Personal and Enterprise modes, where candidates mistakenly think upgrading to WPA3-Personal (Option B) adds certificate support, but only the Enterprise mode with a RADIUS server enables certificate-based authentication.

How to eliminate wrong answers

Option A is wrong because MAC address filtering is not a form of authentication and can be easily spoofed; it does not use certificates. Option B is wrong because WPA3-Personal still uses a shared passphrase (SAE handshake), not certificate-based authentication; it is the Personal mode, not Enterprise. Option D is wrong because changing encryption from AES to TKIP would weaken security and does not introduce certificate-based authentication; TKIP is deprecated and not compatible with 802.1X in this context.

352
MCQmedium

A retail store wants to protect its point-of-sale (POS) terminals from unauthorized physical access during off-hours. The terminals are in an open area with no lockable cabinets. Which control should be prioritized?

A.Install a privacy screen on each POS terminal.
B.Use tamper-evident seals on the terminal casings.
C.Require a smart card to power on the terminal.
D.Enable a screensaver with a password.
AnswerB

Seals show if the terminal has been opened, alerting staff to potential tampering.

Why this answer

Tamper-evident seals provide a visible indicator if a device has been opened, deterring unauthorized physical access to internal components. This question tests understanding of physical security for unattended devices.

353
MCQmedium

During a security audit, you discover that a user's browser has multiple pop-up windows appearing, even when no websites are open. The user denies installing any software. Which tool should you use to identify and remove the underlying cause?

A.Reset the browser settings to default
B.Run a full scan with Windows Defender or another anti-malware tool
C.Disable JavaScript in the browser
D.Clear the browser cache and cookies
AnswerB

Anti-malware tools can detect and remove adware and PUPs that cause pop-ups.

Why this answer

Pop-ups appearing without a browser suggest adware or a potentially unwanted program (PUP) running as a background process. Using Windows Defender or an anti-malware scanner is the correct approach. This tests understanding of adware behavior and removal tools.

354
MCQmedium

A technician is tasked with replacing a failed power supply in a desktop computer. The old power supply is labeled with a RoHS compliance mark. How should the technician handle the old unit?

A.Place it in the regular trash because RoHS means it's non-hazardous.
B.Return it to the manufacturer for recycling or dispose of it through a certified e-waste recycler.
C.Sell it as scrap metal.
D.Store it indefinitely in case it is needed later.
AnswerB

Many manufacturers offer take-back programs. If not, using a certified e-waste recycler ensures compliance with environmental regulations.

Why this answer

The RoHS (Restriction of Hazardous Substances) compliance mark indicates the power supply was manufactured without certain hazardous materials, but it does not make the unit non-hazardous for disposal. Electronic waste (e-waste) like power supplies still contains materials such as lead solder, capacitors, and other components that require proper handling. The correct procedure is to return it to the manufacturer for recycling or dispose of it through a certified e-waste recycler to comply with environmental regulations and avoid legal penalties.

Exam trap

The trap here is that candidates mistakenly believe RoHS compliance means the device is completely non-hazardous and can be thrown in regular trash, ignoring that e-waste disposal laws apply regardless of RoHS status.

How to eliminate wrong answers

Option A is wrong because RoHS compliance only restricts the use of specific hazardous substances in manufacturing; it does not render the unit non-hazardous for disposal, and placing it in regular trash violates e-waste regulations. Option C is wrong because selling a failed power supply as scrap metal is not a standard disposal method and may expose the technician to liability if the unit contains hazardous components that are not properly handled. Option D is wrong because storing a failed power supply indefinitely is impractical, takes up space, and does not comply with environmental policies that require proper recycling or disposal of e-waste.

355
MCQhard

A company's security policy requires that all Windows 10 workstations automatically lock the screen after 5 minutes of inactivity. However, users in the sales department often leave their desks for extended periods. A technician configures the 'Interactive logon: Machine inactivity limit' policy to 300 seconds. Despite this, the screensaver does not activate. What is the most likely reason?

A.The 'Screen saver timeout' policy is set to a longer duration
B.The 'Password protect the screensaver' setting is disabled
C.The screensaver is not enabled or configured on the workstations
D.The 'Turn off the display' power setting is set to 'Never'
AnswerC

The 'Machine inactivity limit' policy locks the workstation but does not automatically start a screensaver; the screensaver must be enabled separately via Group Policy or local settings.

Why this answer

This question tests understanding of the relationship between the 'Interactive logon: Machine inactivity limit' policy and screensaver settings. The policy locks the workstation after the specified idle time, but it does not automatically enable the screensaver. The screensaver must be separately configured and enabled, or the lock screen will appear without a screensaver.

356
MCQmedium

During a hardware upgrade, a technician spills a small amount of liquid from a leaking CMOS battery on the workbench. What is the first step the technician should take?

A.Wipe it up with a paper towel and continue working.
B.Ignore it and let it evaporate.
C.Use a neutralizing agent or absorbent material recommended for alkaline spills, and dispose of the waste as hazardous.
D.Pour water on the spill to dilute it.
AnswerC

Proper spill response involves neutralizing or absorbing the spill and disposing of the waste according to hazardous material guidelines. This protects the technician and the environment.

Why this answer

A CMOS battery contains alkaline chemicals that can damage equipment and harm skin or eyes. The correct first step is to use a neutralizing agent or absorbent material specifically designed for alkaline spills, then dispose of the waste as hazardous material, following proper environmental safety protocols. This prevents chemical burns, equipment damage, and environmental contamination.

Exam trap

CompTIA often tests the misconception that any liquid spill can be simply wiped up or ignored, but the trap here is that CMOS battery leaks are chemically hazardous and require specific neutralization and hazardous waste disposal procedures, not generic cleanup.

How to eliminate wrong answers

Option A is wrong because wiping alkaline liquid with a paper towel can spread the corrosive material, increase skin contact risk, and does not neutralize the chemical hazard. Option B is wrong because allowing the liquid to evaporate leaves corrosive residue that can damage surfaces and release harmful fumes, and it ignores the immediate safety risk. Option D is wrong because pouring water on an alkaline spill can cause a exothermic reaction, splashing, and spread the corrosive liquid, making the hazard worse.

357
MCQhard

A technician discovers that a Windows 10 workstation has been infected with a fileless malware that resides in memory. Traditional antivirus scans have not detected it. Which approach should the technician use to remove this type of malware?

A.Run a full antivirus scan in normal mode.
B.Use the Windows Malicious Software Removal Tool (MSRT) in Safe Mode.
C.Boot from a rescue disk and perform an offline scan.
D.Restore the system from a backup taken before the infection.
AnswerC

Booting from a rescue disk (e.g., Windows Defender Offline) runs the scan outside the infected Windows environment, allowing detection of fileless malware that resides only in memory or registry.

Why this answer

Fileless malware resides entirely in memory (RAM) and does not write persistent files to disk, so traditional antivirus scans that rely on file signatures cannot detect it. Booting from a rescue disk (e.g., a bootable USB or CD with an offline scanner) loads a clean operating system that bypasses the infected Windows environment, allowing the scanner to inspect memory and terminate the malware without the malware being able to hide or protect itself. This offline approach ensures the malware's process cannot interfere with the scan, making it the correct remediation method.

Exam trap

The trap here is that candidates often assume Safe Mode or a signature-based removal tool like MSRT can handle all malware types, but fileless malware specifically evades these by not writing to disk and by running within trusted system processes.

How to eliminate wrong answers

Option A is wrong because running a full antivirus scan in normal mode still operates within the compromised Windows environment, where the fileless malware can actively hide its processes or memory artifacts from the scanner. Option B is wrong because the Windows Malicious Software Removal Tool (MSRT) is a signature-based tool that targets persistent malware on disk, not memory-resident fileless threats, and Safe Mode does not prevent the malware from running if it loads via a legitimate service or driver. Option D is wrong because restoring from a backup taken before the infection would remove the malware only if the backup predates the infection, but this approach is reactive and may not be feasible if no clean backup exists; it also does not address the immediate need to remove the active memory-resident malware without data loss.

358
MCQeasy

A customer reports that their computer shuts down unexpectedly after a few minutes of use. The system feels hot to the touch, and the fan is running loudly. What is the most appropriate first step for a technician to take to ensure safety while diagnosing the issue?

A.Immediately open the case and touch the CPU heatsink to check temperature.
B.Unplug the computer, let it cool for 30 minutes, then inspect for dust or fan failure.
C.Spray compressed air into the vents while the system is running to clear dust.
D.Replace the power supply unit immediately to fix the overheating.
AnswerB

Unplugging ensures no power is supplied, and letting it cool prevents burns; inspection can then be done safely.

Why this answer

This question tests knowledge of electrical safety and proper handling of overheated equipment. The correct answer is to unplug the computer to prevent electrical shock or fire, then allow it to cool before inspecting internal components. Attempting to open a hot system or ignoring the heat can lead to injury or further damage.

359
MCQmedium

A customer complains that their computer is running slowly and they keep seeing pop-ups offering free antivirus software. They admit they clicked 'OK' on one pop-up. Which type of social engineering attack has likely occurred?

A.Phishing
B.Baiting
C.Pretexting
D.Shoulder surfing
AnswerB

Baiting uses an enticing offer (free antivirus) to trick the user into executing malware, often via pop-ups or physical media.

Why this answer

The correct answer is Baiting. In this scenario, the user clicked 'OK' on a pop-up offering free antivirus software, which is a classic baiting attack. Baiting lures victims with a false promise (e.g., free software) to trick them into executing malware or revealing credentials.

Unlike phishing, which typically uses deceptive emails or websites to steal sensitive information, baiting relies on the allure of a free item or service to trigger a malicious download.

Exam trap

CompTIA often tests the distinction between phishing and baiting by presenting a scenario where a user is tricked by a free offer or physical media (like a USB drive), leading candidates to mistakenly choose phishing because both involve deception, but baiting specifically relies on the promise of a reward or free item.

How to eliminate wrong answers

Option A (Phishing) is wrong because phishing usually involves fraudulent emails or websites that impersonate legitimate entities to steal credentials or financial data, not pop-ups offering free software. Option C (Pretexting) is wrong because pretexting involves fabricating a scenario or identity to gain trust and extract information, not offering a free download. Option D (Shoulder surfing) is wrong because shoulder surfing is the direct observation of a user's screen or keyboard to capture sensitive data, such as passwords, and does not involve pop-ups or downloads.

360
MCQhard

During a security incident response, you discover that a user's browser has a rogue extension that exfiltrates data to a remote server. The extension was installed after the user clicked a fake update prompt on a website. What vulnerability was exploited?

A.A zero-day vulnerability in the browser.
B.An insecure direct object reference (IDOR) vulnerability.
C.Social engineering.
D.A cross-site request forgery (CSRF) attack.
AnswerC

The user was manipulated into installing the extension by a deceptive prompt, which is a classic social engineering technique.

Why this answer

The correct answer is C because the attack exploited the user's trust and lack of caution, not a technical flaw in the browser or web application. The user was tricked into installing a rogue extension by clicking a fake update prompt, which is a classic social engineering technique that manipulates human psychology rather than exploiting code vulnerabilities.

Exam trap

The A+ exam often tests the distinction between technical exploits and human-factor attacks, and the trap here is that candidates may assume any browser-related compromise must involve a technical vulnerability like a zero-day, overlooking that social engineering bypasses technical controls entirely.

How to eliminate wrong answers

Option A is wrong because a zero-day vulnerability is an unknown, unpatched flaw in software code that allows an attacker to compromise a system without user interaction; here, the browser itself was not exploited—the user willingly installed the extension. Option B is wrong because an insecure direct object reference (IDOR) vulnerability involves exposing a direct reference to an internal object (like a file or database record) without proper access control, which is unrelated to tricking a user into installing a malicious extension. Option D is wrong because a cross-site request forgery (CSRF) attack forces an authenticated user to execute unwanted actions on a web application where they are logged in, typically via a crafted link or form; this scenario involves no forged requests—the user actively clicked a fake prompt.

361
MCQhard

A technician is configuring power settings for a server room that houses critical equipment. The UPS battery backup needs to be tested monthly. What is the most environmentally sound way to conduct the test?

A.Unplug the server from the UPS to simulate a power failure.
B.Use the UPS management software to run a self-test that checks battery health without full discharge.
C.Disconnect the UPS from mains power and let the battery drain completely.
D.Replace the UPS battery every month to avoid testing.
AnswerB

A software self-test is efficient, uses minimal power, and verifies battery condition without full discharge.

Why this answer

Option B is correct because using UPS management software to run a self-test checks battery health without a full discharge, which conserves battery cycle life and avoids unnecessary waste. This method typically performs a brief impedance or load test that verifies the battery's ability to hold a charge without stressing it, aligning with environmental best practices by reducing battery replacement frequency and energy consumption.

Exam trap

CompTIA often tests the misconception that a full discharge is the only way to verify battery health, but the environmentally sound approach is to use a software-based self-test that avoids unnecessary battery wear and waste.

How to eliminate wrong answers

Option A is wrong because unplugging the server from the UPS simulates a power failure but does not test the battery's ability to provide backup power; it only tests the UPS's transfer to battery mode, which can cause unnecessary wear on the battery and risk data loss if the server shuts down improperly. Option C is wrong because disconnecting the UPS from mains power and letting the battery drain completely subjects the battery to a deep discharge cycle, which significantly reduces its lifespan and is not environmentally sound due to increased waste and energy loss. Option D is wrong because replacing the UPS battery every month is wasteful, costly, and environmentally harmful, as batteries contain hazardous materials and should only be replaced when their capacity degrades below acceptable thresholds.

362
MCQhard

A technician is called to a warehouse where a forklift accidentally struck a rack containing several desktop PCs. The rack is leaning, and one PC has fallen and is sparking. What is the technician's first priority for safety?

A.Quickly unplug the sparking PC to prevent a fire.
B.Evacuate the area and report the incident to the safety officer or call 911.
C.Use a fire extinguisher on the sparking PC to prevent ignition.
D.Stabilize the rack with a nearby pallet to prevent further collapse.
AnswerB

Safety of personnel is paramount; the technician should not enter a hazardous zone. Professional responders will secure the area.

Why this answer

The immediate priority when a PC is sparking and a rack is unstable is life safety. Evacuating the area and reporting the incident (to a safety officer or by calling 911) ensures no one is exposed to potential electrical fire, arc flash, or structural collapse. Attempting to unplug or extinguish the sparking PC while the rack is leaning could result in electrocution, burns, or being struck by falling equipment.

Exam trap

CompTIA often tests the principle that life safety (evacuation and reporting) always takes precedence over equipment preservation or firefighting, tempting candidates to choose a hands-on action like unplugging or extinguishing the sparking PC.

How to eliminate wrong answers

Option A is wrong because attempting to unplug a sparking PC while the rack is unstable puts the technician at risk of electric shock or arc flash, and the spark may indicate a live short that could ignite flammable materials. Option C is wrong because using a fire extinguisher on a sparking PC before evacuating and assessing the situation wastes critical time and may not address the underlying electrical hazard; the spark could be from a capacitor or power supply that could reignite. Option D is wrong because stabilizing the rack with a pallet is a secondary action that should only be performed after the area is safe and the immediate electrical hazard is controlled; it does not address the sparking PC or the risk of fire.

363
MCQmedium

A user reports that their Windows 10 laptop shows a blue screen with an error message about 'Driver IRQL not less or equal' after connecting a new external hard drive. They need to use the drive for work. Which security setting should you check to ensure driver installation is not blocked?

A.Check if Secure Boot is enabled in UEFI.
B.Verify that User Account Control is set to 'Notify me only when apps try to make changes.'
C.Disable Driver Signature Enforcement temporarily.
D.Run Windows Update to find a signed driver.
AnswerC

This allows unsigned drivers to load, which can resolve the blue screen if the driver is the cause.

Why this answer

The 'Driver IRQL not less or equal' blue screen error typically indicates a faulty or unsigned driver. Disabling Driver Signature Enforcement (Option C) allows the installation of an unsigned driver, which is often necessary for older or third-party hardware like an external hard drive. This directly addresses the driver installation being blocked by Windows' driver signature requirements.

Exam trap

CompTIA A+ often tests the confusion between Secure Boot and Driver Signature Enforcement, as both involve driver integrity but operate at different stages (boot-time vs. runtime) and serve distinct purposes.

How to eliminate wrong answers

Option A is wrong because Secure Boot ensures that only trusted bootloaders and drivers are loaded during startup, but it does not block the installation of a driver after the OS is running; the error occurs post-boot. Option B is wrong because User Account Control (UAC) controls administrative consent for software changes, not driver signature enforcement; UAC prompts for elevation but does not block unsigned drivers specifically. Option D is wrong because running Windows Update to find a signed driver assumes a signed driver exists for the device, but the user needs to use the drive immediately, and the error indicates the current driver is problematic; this is a long-term fix, not a direct solution to the installation block.

364
MCQmedium

A technician is troubleshooting a Windows 10 PC that was infected with a rootkit. After booting from a rescue disk and running a scan, the rootkit is removed, but the system is still unstable. What should the technician do next to ensure the system is fully remediated?

A.Reinstall the operating system from scratch.
B.Run the System File Checker (SFC) tool to repair corrupted files.
C.Disable System Restore and delete all restore points.
D.Perform a disk cleanup to remove temporary files.
AnswerB

SFC scans and repairs protected system files that may have been damaged by the rootkit, addressing the instability without a full reinstall.

Why this answer

After removing a rootkit, the system may have corrupted system files that cause instability. Running the System File Checker (SFC) tool with the 'sfc /scannow' command scans protected system files and replaces corrupted versions with cached copies from the Windows side-by-side store, directly addressing file integrity issues left by the rootkit.

Exam trap

The trap here is that candidates may choose to reinstall the OS (Option A) because they assume any rootkit infection requires a full wipe, but the question specifies the rootkit is already removed and the remaining issue is instability from file corruption, making SFC the targeted remediation step.

How to eliminate wrong answers

Option A is wrong because reinstalling the OS from scratch is an overly drastic step that is unnecessary when the rootkit has already been removed and the issue is limited to file corruption; it would also waste time and user data. Option C is wrong because disabling System Restore and deleting restore points removes potentially useful recovery snapshots but does not repair the corrupted system files causing instability. Option D is wrong because disk cleanup only removes temporary files and frees disk space, which has no effect on corrupted system files or system stability.

365
MCQmedium

A technician is troubleshooting a Windows 10 PC that fails to boot with a 'Bootmgr is missing' error. They need to repair the boot configuration. Which administrative tool should be used from the Windows Recovery Environment (WinRE)?

A.System Restore to revert to a previous restore point.
B.Command Prompt to run bootrec /rebuildbcd.
C.Device Manager to update the disk driver.
D.Local Security Policy to adjust boot options.
AnswerB

Correct. The bootrec command can rebuild the Boot Configuration Data (BCD) and fix the missing bootmgr error.

Why this answer

The Command Prompt in WinRE allows running bootrec.exe and bcdedit.exe to repair the boot configuration. System Restore and Startup Repair are also in WinRE but do not directly rebuild the BCD. The other options are not available in WinRE.

366
MCQeasy

A user reports that their web browser frequently redirects to an unfamiliar search engine and displays pop-up ads even when no tabs are open. What is the most likely cause of this behavior?

A.The browser needs to be updated to the latest version.
B.The user has accidentally enabled a malicious browser extension.
C.The internet connection is unstable and causing DNS errors.
D.The browser cache is full and needs to be cleared.
AnswerB

A malicious extension can hijack browser settings, redirect searches, and inject ads. This is a common vector for browser hijackers.

Why this answer

The described behavior—unwanted redirects to an unfamiliar search engine and pop-up ads appearing even with no tabs open—is a classic symptom of adware or a malicious browser extension. Such extensions hijack browser settings, inject ads, and redirect search queries without the user's consent. Unlike a simple update or cache issue, this requires a malicious add-on that has been granted permissions to modify web content and navigation.

Exam trap

CompTIA often tests the misconception that browser issues are always caused by outdated software or cache problems, when in fact malicious extensions are a common source of persistent adware behavior that updates and cache clearing cannot fix.

How to eliminate wrong answers

Option A is wrong because updating the browser version patches security vulnerabilities but does not remove already-installed malicious extensions or undo their configuration changes. Option C is wrong because unstable internet connections or DNS errors cause timeouts or failure to load pages, not persistent redirects to a specific unfamiliar search engine or pop-up ads when no tabs are open. Option D is wrong because a full browser cache may slow performance or cause stale content to display, but it cannot generate pop-up ads or redirects to an unknown search engine; those actions require active code execution, not cached data.

367
MCQhard

A change advisory board (CAB) approves a network switch replacement, but the technician discovers during implementation that the new switch requires a different firmware version than documented. The change plan does not include a rollback for this scenario. What is the best course of action?

A.Proceed with the firmware update and document the change afterward.
B.Stop the implementation and contact the CAB for a revised change plan.
C.Use the old switch firmware on the new switch to match the documentation.
D.Implement the switch and create a separate change request for the firmware.
AnswerB

Halting and consulting the CAB ensures the change is properly authorized and the plan is updated to include the firmware change and rollback.

Why this answer

When an undocumented deviation occurs during a change, the technician should halt the implementation and contact the CAB for guidance. Proceeding without approval risks network instability, and the CAB can provide a revised plan or approve the firmware change.

368
MCQeasy

During a security audit, you find that a user's browser has an outdated version of Adobe Flash Player installed. What is the primary security risk associated with this finding?

A.The browser will run slower and may crash frequently.
B.The user will be unable to view some web content.
C.Attackers can exploit known vulnerabilities in the plugin to install malware.
D.The browser will automatically disable the plugin.
AnswerC

Outdated plugins have unpatched security holes that attackers frequently target to compromise systems.

Why this answer

Outdated Adobe Flash Player versions contain publicly known vulnerabilities (CVEs) that attackers can exploit via drive-by downloads or malicious advertisements. Exploiting these flaws allows arbitrary code execution, enabling malware installation without user interaction. This is the primary security risk because unpatched plugins are a common entry point for ransomware, spyware, and botnets.

Exam trap

CompTIA often tests the distinction between operational issues (performance, compatibility) and actual security vulnerabilities, trapping candidates who confuse 'annoying' with 'dangerous'.

How to eliminate wrong answers

Option A is wrong because performance issues like slower browsing or crashes are operational annoyances, not the primary security risk; outdated Flash may cause instability, but the core concern is exploitation. Option B is wrong because inability to view content is a compatibility issue, not a security risk; while some sites may require newer Flash, the audit focuses on vulnerabilities, not functionality. Option D is wrong because modern browsers (e.g., Chrome, Edge) may block or disable outdated Flash by default, but this is a mitigation, not the risk itself; the risk exists before the browser takes action.

369
MCQhard

A technician needs to deploy a custom configuration profile to 50 macOS devices in a lab. The profile must restrict access to System Settings and disable iCloud. Which tool is most appropriate for this task?

A.Terminal with 'profiles' command
B.Apple Configurator
C.System Preferences > Profiles
D.Remote Desktop
AnswerB

Apple Configurator allows creating and exporting configuration profiles (.mobileconfig) for macOS and iOS devices.

Why this answer

Apple Configurator is the correct tool because it is designed for bulk deployment and management of configuration profiles on macOS and iOS devices. It allows a technician to create a single profile that restricts System Settings and disables iCloud, then apply it to multiple devices simultaneously via USB or network, making it ideal for lab environments with 50 machines.

Exam trap

A common pitfall in the A+ exam is thinking that the 'profiles' command in Terminal is sufficient for bulk deployment, but candidates overlook that it requires per-device execution and lacks the centralized management capabilities of Apple Configurator.

How to eliminate wrong answers

Option A is wrong because the 'profiles' command in Terminal is used for installing, removing, or managing configuration profiles on a single device, not for deploying to multiple devices in bulk without additional scripting or MDM infrastructure. Option C is wrong because System Preferences > Profiles is a user interface for viewing or manually installing profiles on a single Mac, not a tool for deploying profiles to multiple devices. Option D is wrong because Remote Desktop is primarily for remote control, screen sharing, and software distribution, but it lacks native support for creating or deploying configuration profiles; it would require manual profile installation on each device.

370
MCQeasy

A customer reports that their laptop battery drains quickly and the device gets very hot. They want to know the safest way to dispose of the old battery after replacement. What should you advise?

A.Throw the battery in the regular trash bin.
B.Take the battery to a certified e-waste recycling center.
C.Burn the battery in an open area to neutralize it.
D.Store the battery in a metal container until it stops holding a charge.
AnswerB

This is correct because certified recyclers properly handle hazardous materials, reducing environmental impact and complying with regulations.

Why this answer

Option B is correct because lithium-ion and lithium-polymer batteries contain hazardous materials that can leak and cause environmental damage if disposed of improperly. Certified e-waste recycling centers have the specialized equipment and processes to safely extract and recycle these materials, preventing toxic exposure and complying with environmental regulations like the Resource Conservation and Recovery Act (RCRA).

Exam trap

CompTIA often tests the misconception that storing a battery in a metal container or waiting until it fully discharges makes it safe for regular disposal, but the chemical hazard remains regardless of charge state.

How to eliminate wrong answers

Option A is wrong because throwing the battery in regular trash violates hazardous waste disposal laws and can lead to fires in landfills or recycling facilities due to lithium's reactivity with moisture and other materials. Option C is wrong because burning a lithium-ion battery can cause a violent thermal runaway reaction, releasing toxic fumes and potentially causing an explosion. Option D is wrong because storing a battery in a metal container does not neutralize the chemical hazard; it only contains the risk temporarily, and the battery remains dangerous until properly recycled.

371
MCQeasy

A technician is configuring a new Windows 11 workstation for a user who frequently downloads free software. To reduce the risk of malware infections from bundled applications, which security setting should be enabled?

A.Enable Windows Defender Application Guard.
B.Set User Account Control to always notify.
C.Turn on Windows Firewall with advanced logging.
D.Enable BitLocker drive encryption.
AnswerB

UAC prompts before any software installation, allowing the user to reject unwanted bundled programs.

Why this answer

User Account Control (UAC) set to 'Always notify' is the correct choice because it prompts the user for consent or credentials whenever an application (including bundled installers) attempts to make system-level changes. This gives the user a chance to review and block unauthorized installations, directly reducing the risk of malware from bundled freeware. The other options address different security concerns: Application Guard isolates browser sessions, Firewall controls network traffic, and BitLocker encrypts data at rest.

Exam trap

CompTIA A+ exams often test the distinction between malware prevention (UAC prompts) and other security features like isolation (Application Guard) or encryption (BitLocker), leading candidates to choose a more advanced-sounding option that does not address the specific threat of bundled software installations.

How to eliminate wrong answers

Option A is wrong because Windows Defender Application Guard is designed to isolate untrusted web browsing sessions in a Hyper-V container, not to block bundled software installations or prompt user consent during local application setup. Option C is wrong because Windows Firewall with advanced logging only records network traffic events for analysis; it does not prevent or alert on software installation attempts. Option D is wrong because BitLocker drive encryption protects data confidentiality if the device is lost or stolen, but it does not prevent malware from being installed or executed on the system.

372
MCQeasy

A customer reports that their computer is running very slowly after they installed a new screensaver. The technician suspects the screensaver may be consuming excessive resources. Which of the following is the most professional way to address this?

A.Tell the customer that the screensaver is likely the problem and they should uninstall it.
B.Explain that you will check the system resources to identify the cause of the slowness.
C.Blame the screensaver and suggest the customer stop using decorative software.
D.Ignore the screensaver and run a full virus scan.
AnswerB

This shows a collaborative approach and uses professional language to set expectations.

Why this answer

Option B is correct because it demonstrates a professional, systematic troubleshooting approach. Instead of prematurely blaming the screensaver, the technician will use Task Manager (or Resource Monitor) to verify if the screensaver process is consuming excessive CPU, memory, or disk resources. This aligns with CompTIA's troubleshooting methodology: identify the problem by gathering data before forming a conclusion.

Exam trap

CompTIA often tests the candidate's ability to choose a professional, evidence-based response over a quick-fix or blame-oriented answer, trapping those who assume the reported change is definitely the root cause without verification.

How to eliminate wrong answers

Option A is wrong because it jumps to a conclusion without verifying the cause, which is unprofessional and could lead to unnecessary software removal if the slowness is due to another issue like a background update or malware. Option C is wrong because it blames the screensaver without evidence, which damages customer trust and violates professional communication standards. Option D is wrong because ignoring the reported change (the screensaver) and running a full virus scan is inefficient; it wastes time and may miss the actual cause if the screensaver is indeed the problem.

373
MCQmedium

A technician needs to search for any file in /etc that contains the string 'Password' (case-insensitive). Which command should be used?

A.grep -r 'Password' /etc
B.grep -ri 'Password' /etc
C.find /etc -name '*Password*'
D.locate Password | grep /etc
AnswerB

The -r flag enables recursive search, and -i makes it case-insensitive, matching all variations.

Why this answer

Option B is correct because the `grep -ri` command performs a recursive (`-r`) case-insensitive (`-i`) search for the string 'Password' across all files under the `/etc` directory. This matches the requirement exactly: case-insensitive search for any file containing the string.

Exam trap

CompTIA often tests the distinction between searching file contents (`grep`) versus searching filenames (`find`, `locate`), and the trap here is that candidates may forget the `-i` flag for case-insensitivity or confuse `grep` with `find`.

How to eliminate wrong answers

Option A is wrong because `grep -r 'Password' /etc` performs a case-sensitive search, which would miss files containing 'password', 'PASSWORD', etc. Option C is wrong because `find /etc -name '*Password*'` searches for filenames containing 'Password', not file contents. Option D is wrong because `locate Password | grep /etc` uses the `locate` database to find files with 'Password' in their path, then filters for `/etc`, but this searches filenames, not file contents, and is case-sensitive by default.

374
MCQhard

A user reports that their Windows 10 computer is infected with ransomware that has encrypted their files. The technician boots into the Windows Recovery Environment and wants to restore the system to a previous restore point. Which command should be used?

A.rstrui.exe
B.vssadmin list shadows
C.wbadmin start recovery
D.bootrec /fixboot
AnswerA

Launches the System Restore utility, allowing restoration to a previous point.

Why this answer

The correct command is `rstrui.exe`, which launches the System Restore utility. In the Windows Recovery Environment (WinRE), this command allows you to revert the system to a previous restore point, effectively undoing the ransomware encryption if a restore point was created before the infection. This is the standard tool for restoring system files and settings without affecting personal files, assuming the restore point predates the attack.

Exam trap

The trap here is that candidates confuse `vssadmin list shadows` (a query command) with an actual restoration command, or they mistakenly think `wbadmin start recovery` is for System Restore points when it is specifically for full server backups.

How to eliminate wrong answers

Option B is wrong because `vssadmin list shadows` only lists existing Volume Shadow Copies (snapshots) but does not perform a restoration; it is a query command, not a recovery action. Option C is wrong because `wbadmin start recovery` is used for restoring from a Windows Server Backup, not for System Restore points, and requires a preconfigured backup set, which is not the scenario here. Option D is wrong because `bootrec /fixboot` repairs the boot sector or boot configuration data (BCD) and has no ability to restore system files or revert to a restore point; it addresses boot failures, not ransomware file encryption.

375
MCQhard

A company is designing a secure entry for a high-security lab. They need to ensure that only one person can enter at a time and that the person must be authenticated before the second door opens. Which physical security control should be used?

A.Turnstile with biometric reader
B.Security guard with logbook
C.Mantrap with smart card and biometric authentication
D.Cipher lock with door alarm
AnswerC

A mantrap uses two doors; the first door locks after entry, and the second door only unlocks after successful authentication, ensuring single-person access.

Why this answer

A mantrap (also called an interlocking door system) is the correct physical security control because it creates a small vestibule with two interlocking doors that prevent more than one person from entering at a time. The requirement for smart card and biometric authentication ensures that the person must be authenticated before the second door opens, providing both identity verification and access control. This design enforces a strict one-person entry sequence and prevents tailgating or piggybacking.

Exam trap

CompTIA A+ often tests the distinction between a turnstile (which only prevents tailgating but does not enforce a two-door interlock with authentication) and a mantrap (which provides a secure vestibule with interlocking doors and mandatory authentication before the second door opens).

How to eliminate wrong answers

Option A is wrong because a turnstile with a biometric reader allows one person to pass at a time but does not create a secure holding area with interlocking doors; it cannot prevent a second person from following closely behind (tailgating) and does not enforce authentication before a second door opens. Option B is wrong because a security guard with a logbook relies on human observation and manual logging, which is prone to error, does not provide automated interlocking door control, and cannot guarantee that only one authenticated person enters at a time. Option D is wrong because a cipher lock with a door alarm provides only a single door with a keypad code and an alarm, lacking the two-door interlock mechanism and the multi-factor authentication (smart card + biometric) required to ensure one-person entry and authentication before the second door opens.

Page 4

Page 5 of 10

Page 6

All pages

CompTIA A+ Core 2 220-1202 220-1202 Questions 301–375 | Page 5/10 | Courseiva