CompTIA A+ Core 2 220-1202 (220-1202) — Questions 376450

750 questions total · 10pages · All types, answers revealed

Page 5

Page 6 of 10

Page 7
376
MCQeasy

A customer reports that their Android phone's screen is unresponsive to touch after a drop. They can still hear notifications and see the display. Which built-in tool should you use to test the touchscreen functionality without relying on third-party apps?

A.Safe Mode
B.Developer Options
C.Diagnostics Mode (e.g., *#0*#)
D.Factory Reset
AnswerC

Many Android devices have a hidden diagnostics menu (e.g., *#0*#) that includes touchscreen, display, and sensor tests, ideal for verifying hardware issues.

Why this answer

This question tests knowledge of Android's built-in diagnostic tools. The correct answer is the 'Diagnostics' or 'Test' mode, often accessed via the dialer code or settings, which allows hardware testing without third-party apps. This is a standard feature for verifying touchscreen integrity after physical damage.

377
MCQmedium

A technician is configuring a new Windows 10 kiosk computer that will run a single application for public use. They need to prevent users from accessing the desktop, taskbar, or other system functions. Which Windows security feature should be used?

A.User Account Control (UAC) set to highest level
B.Local Group Policy – Software Restriction Policies
C.Windows Defender Application Guard
D.Assigned Access (Kiosk Mode)
AnswerD

Assigned Access restricts the user to a single app and hides system interfaces.

Why this answer

Assigned Access (Kiosk Mode) is the correct feature because it locks down the Windows 10 device to run only a single Universal Windows Platform (UWP) app or a classic Win32 app in full-screen mode, completely hiding the desktop, taskbar, Start menu, and other system interfaces. This is specifically designed for public-facing kiosk scenarios where users must not be able to exit the application or access any other system functions.

Exam trap

A common misconception is that UAC or Software Restriction Policies can provide a full kiosk lockdown, but these features lack the ability to hide the desktop and taskbar or prevent users from launching other applications via keyboard shortcuts or the Start menu.

How to eliminate wrong answers

Option A is wrong because User Account Control (UAC) set to highest level only prompts for consent or credentials when system-level changes are attempted; it does not restrict access to the desktop, taskbar, or other system functions, nor does it enforce a single-app environment. Option B is wrong because Local Group Policy – Software Restriction Policies can block or allow specific executables but does not prevent users from accessing the desktop, taskbar, or system UI; it is a software execution control, not a kiosk lockdown mechanism. Option C is wrong because Windows Defender Application Guard is a hardware-isolated container for running untrusted applications (typically Microsoft Edge) to protect the host OS from malware; it does not restrict user access to the desktop or taskbar and is not designed for kiosk single-app scenarios.

378
MCQmedium

A customer calls the help desk complaining that their printer no longer works after a technician installed a security update on their computer. The technician checks the documentation and finds no record of the update being installed. What is the most likely cause of the missing documentation?

A.The security update was applied automatically by Windows Update.
B.The printer driver was corrupted by a virus.
C.The technician forgot to save the change log before leaving for the day.
D.The customer accidentally deleted the update history.
AnswerA

Automatic updates often bypass change management documentation unless specifically configured to be logged, which is a common oversight.

Why this answer

The most likely cause is that the security update was applied automatically by Windows Update. In many corporate environments, Windows Update is configured to install critical patches automatically without requiring manual intervention or logging in the technician's change documentation. This explains why the technician found no record of the update, even though it was installed and caused the printer driver to stop functioning.

Exam trap

The trap here is that candidates may focus on the printer driver corruption (Option B) as the direct cause of the printer failure, rather than recognizing that the missing documentation points to an automated update process as the root cause of the undocumented change.

How to eliminate wrong answers

Option B is wrong because a virus corrupting the printer driver would not explain the missing documentation; it would instead cause a different set of symptoms, such as unusual system behavior or security alerts, and the technician would likely find evidence of malware rather than a missing change log. Option C is wrong because the technician forgetting to save the change log is a procedural error, but the question states the technician checked the documentation and found no record of the update being installed—this implies the update was never documented, not that it was documented and then lost. Option D is wrong because the customer accidentally deleting the update history would affect the Windows Update history log, not the technician's change management documentation, which is maintained separately by the IT team.

379
MCQmedium

A technician is updating the documentation for a network printer that was moved to a different floor. The technician updates the asset tag in the inventory system. Which additional documentation should the technician also update to ensure accurate records?

A.The user manual for the printer
B.The network diagram showing device locations and connections
C.The company’s acceptable use policy
D.The printer’s warranty information
AnswerB

The network diagram must reflect the new location and any changes to network ports or cabling.

Why this answer

When a network printer is moved to a different floor, its physical location and network connectivity change. The network diagram is the authoritative document that records device locations, switch ports, IP addresses, and cabling paths. Updating it ensures that troubleshooting, asset tracking, and future moves remain accurate, directly supporting change management and documentation best practices.

Exam trap

CompTIA often tests the distinction between operational documentation (network diagrams, rack layouts, IP address management) and administrative or policy documents (user manuals, warranties, acceptable use policies) to see if candidates understand which records are directly impacted by a physical move.

How to eliminate wrong answers

Option A is wrong because the user manual is a generic reference document that does not change when a device is relocated; it contains operational instructions, not location or connectivity records. Option C is wrong because the acceptable use policy governs how employees may use company resources, not the physical or logical placement of hardware. Option D is wrong because warranty information is tied to the device's serial number and purchase date, not its physical location; moving the printer does not affect warranty terms.

380
MCQmedium

During a security audit, an administrator discovers that several employees have written their domain passwords on sticky notes attached to their monitors. The company policy requires strong passwords and prohibits sharing credentials. Which security principle is being violated?

A.Principle of least privilege
B.Account lockout policy
C.Password confidentiality
D.Multi-factor authentication
AnswerC

Password confidentiality requires that passwords be known only to the authorized user. Writing them on sticky notes compromises this by making them visible to others.

Why this answer

Password confidentiality is the principle that passwords must be kept secret and known only to the authorized user. By writing domain passwords on sticky notes attached to monitors, employees are exposing credentials to anyone with physical access, directly violating this principle. The company policy explicitly prohibits sharing credentials, and this practice undermines the security of the domain authentication system.

Exam trap

CompTIA A+ often tests the distinction between password confidentiality (keeping passwords secret) and other security controls like least privilege or MFA, leading candidates to confuse the principle of not sharing credentials with access restriction or authentication methods.

How to eliminate wrong answers

Option A is wrong because the principle of least privilege restricts user access rights to only what is necessary for their job functions, not how passwords are stored or shared. Option B is wrong because an account lockout policy defines the number of failed login attempts before an account is temporarily disabled, which is unrelated to the physical exposure of passwords. Option D is wrong because multi-factor authentication (MFA) requires two or more verification factors (e.g., password plus token), but the violation here is the failure to keep the password confidential, not the absence of additional authentication layers.

381
MCQmedium

A user wants to share a folder on their Windows 11 PC so that other users on the local network can access files without a password. They have already enabled network discovery and file sharing. Which additional setting must they configure in the Advanced Sharing settings to allow password-less access?

A.Turn on Public folder sharing
B.Turn off password protected sharing
C.Enable 128-bit encryption
D.Set up a homegroup
AnswerB

Disabling password protected sharing allows network users to access shared folders without authentication, meeting the user's requirement.

Why this answer

To allow password-less access to shared folders on a local network, you must disable password protected sharing. When this setting is turned off, Windows 11 does not require users to have a local account and password on the host machine; instead, it grants access based on the 'Everyone' group permissions. This is configured in the 'Advanced sharing settings' under 'All Networks'.

Exam trap

CompTIA often tests the misconception that enabling Public folder sharing or encryption settings will remove the password requirement, when in fact only disabling password protected sharing directly controls authentication for all shared folders.

How to eliminate wrong answers

Option A is wrong because 'Turn on Public folder sharing' only enables access to the specific 'Public' folder, not any arbitrary folder the user wants to share, and it still respects password protected sharing if enabled. Option C is wrong because 'Enable 128-bit encryption' is a security setting for file sharing connections (to enforce encryption), but it does not control whether a password is required; it can be used with or without password protected sharing. Option D is wrong because HomeGroup was removed from Windows 10 (version 1803) and later, including Windows 11; it is no longer a valid feature for sharing files on a local network.

382
MCQmedium

A customer complains that their computer emits a strong chemical smell and is unusually hot. After inspection, you find the power supply is failing and leaking a brown, oily substance. How should you handle the power supply disposal?

A.Place the power supply in a standard trash bag and throw it in the dumpster.
B.Put the power supply in an anti-static bag, seal it, and label it as hazardous e-waste.
C.Clean the power supply with isopropyl alcohol and then recycle it normally.
D.Disassemble the power supply to remove the leaking capacitor and then dispose of the rest.
AnswerB

This is correct because the anti-static bag prevents further leakage, and labeling ensures it is handled appropriately by recycling facilities.

Why this answer

Option B is correct because a failing power supply leaking a brown, oily substance (typically from swollen or ruptured capacitors) is classified as hazardous e-waste due to toxic materials like lead, cadmium, and electrolyte fluids. Placing it in an anti-static bag prevents short circuits during transport, and labeling it as hazardous ensures proper disposal per environmental regulations such as the Resource Conservation and Recovery Act (RCRA) or local e-waste directives.

Exam trap

CompTIA often tests the misconception that cleaning or disassembling e-waste makes it safe for normal disposal, when in fact any leaking or damaged power supply must be treated as hazardous e-waste and never opened by a technician.

How to eliminate wrong answers

Option A is wrong because throwing the power supply in a standard trash bag and dumpster violates environmental regulations; the leaking chemicals can contaminate soil and groundwater, and the power supply contains heavy metals that require special handling. Option C is wrong because cleaning with isopropyl alcohol does not neutralize the toxic electrolyte or render the unit safe for normal recycling; the power supply still contains hazardous components that must be processed through certified e-waste facilities. Option D is wrong because disassembling a leaking, potentially charged power supply poses a high risk of electric shock, chemical exposure, and further leakage; technicians should never open a failing PSU—disposal must be handled as a sealed unit.

383
MCQmedium

A user calls the help desk saying they cannot access a shared folder on the network. They can access other shares on the same server. The technician verifies the user's account is active and the folder exists. What should the technician check next to resolve the access issue?

A.Check if the user's password has expired.
B.Verify the user has been added to the local Administrators group.
C.Review the NTFS permissions on the shared folder.
D.Reboot the file server to clear any cached permissions.
AnswerC

NTFS permissions can deny access to specific users even if share permissions allow it, explaining the isolated issue.

Why this answer

Since the user can access other shares on the same server, the issue is isolated to a specific shared folder. NTFS permissions control access at the folder level independently of share permissions, and a missing or incorrect NTFS entry for the user would block access even if the share permissions are open. The technician should review the NTFS permissions on that folder to ensure the user or their group has at least Read access.

Exam trap

A common trap is to assume that share permissions alone control access, but NTFS permissions are the granular layer that can block a user even when share permissions are permissive and other folders work.

How to eliminate wrong answers

Option A is wrong because the user can access other shares on the same server, so an expired password would block all network access, not just one folder. Option B is wrong because adding a user to the local Administrators group grants excessive privileges and is not required for folder access; it would not resolve a missing NTFS permission entry. Option D is wrong because rebooting the server clears cached permissions only temporarily and does not fix the underlying permission configuration; the issue will recur after the reboot.

384
MCQmedium

After a recent Windows update, a user's printer stopped working. You suspect the update changed the default print spooler service startup type. Which Control Panel tool should you use to verify and correct the service startup type?

A.Device Manager
B.Printers & scanners
C.Administrative Tools > Services
D.System > Advanced system settings
AnswerC

The Services snap-in lists all Windows services, including the Print Spooler, and allows you to change its startup type to Automatic.

Why this answer

The Print Spooler service is a Windows service that manages print jobs sent to the printer. Its startup type (e.g., Automatic, Manual, Disabled) is configured in the Services console, which is accessed via Administrative Tools > Services. Device Manager and Printers & scanners do not provide service startup type settings, and System > Advanced system settings deals with performance and user profiles, not services.

Exam trap

The trap here is that candidates often confuse Device Manager (for driver issues) with the Services console, not realizing that the startup type of a service is managed exclusively through the Services snap-in, not through hardware or printer-specific settings.

How to eliminate wrong answers

Option A is wrong because Device Manager is used to manage hardware drivers and device properties, not Windows service startup types. Option B is wrong because Printers & scanners is for adding, removing, and configuring printer devices, not for changing the spooler service startup type. Option D is wrong because System > Advanced system settings provides access to performance options, user profiles, and startup and recovery settings, not service management.

385
MCQeasy

During a routine security audit, you find that an employee has taped their door lock open to avoid using their badge every time they leave for a break. What is the most immediate security concern with this practice?

A.The employee might lose their badge
B.It violates company badge policy
C.Unauthorized persons can enter without credentials
D.The door lock may break from being forced open
AnswerC

Propping a door open eliminates the need for authentication, creating a direct security breach.

Why this answer

Option C is correct because propping a door lock open bypasses the physical access control system (PACS), allowing anyone—including unauthorized individuals—to enter the secured area without presenting valid credentials (e.g., a proximity card or PIN). This directly defeats the purpose of the access control mechanism, which is to authenticate and log each entry. The most immediate risk is that an attacker or tailgater can gain unrestricted physical access to sensitive assets, systems, or data.

Exam trap

The CompTIA A+ exam often tests the distinction between a policy violation and an actual security vulnerability—candidates may pick Option B because they focus on compliance rather than the immediate operational risk of unauthorized physical access.

How to eliminate wrong answers

Option A is wrong because losing a badge is a secondary concern that can be mitigated by deactivating the lost badge, whereas the open door creates an immediate, ongoing vulnerability. Option B is wrong because while violating badge policy is a compliance issue, the core security concern is the operational bypass of access control, not the policy violation itself. Option D is wrong because the door lock breaking from being forced open is a mechanical maintenance issue, not an immediate security threat—the primary risk is unauthorized entry, not equipment damage.

386
MCQhard

A company laptop was stolen, and the IT department needs to ensure that the data on the device cannot be accessed. The laptop had BitLocker enabled, but the drive was unlocked when stolen. What additional security measure could have prevented data access in this scenario?

A.Enable Windows Defender Firewall
B.Configure BitLocker with a startup PIN
C.Use a strong user password
D.Enable System Restore
AnswerB

A startup PIN requires authentication before the OS loads, protecting data even if the device is powered on.

Why this answer

BitLocker with a startup PIN requires the user to enter a PIN before the OS loads, even if the drive was previously unlocked. Since the laptop was stolen while unlocked, the PIN would have prevented the drive from being decrypted after a reboot or power loss, protecting the data from unauthorized access.

Exam trap

CompTIA often tests the misconception that a strong user password or firewall is sufficient to protect data on a stolen device, but the key point is that BitLocker's pre-boot authentication (like a startup PIN) is the only measure that protects data when the drive is unlocked at the time of theft.

How to eliminate wrong answers

Option A is wrong because Windows Defender Firewall controls network traffic and does not encrypt or protect data at rest on the drive; it cannot prevent access to data if the drive is physically stolen. Option C is wrong because a strong user password protects the user account at the OS level, but if the drive is already unlocked (as in this scenario), the password does not encrypt the data—an attacker could bypass the login screen by booting from external media or accessing the drive directly. Option D is wrong because System Restore creates restore points for system files and settings, not encryption; it has no mechanism to prevent data access from a stolen, unlocked drive.

387
MCQeasy

A user reports receiving an email that appears to be from their CEO, urgently requesting that they purchase $500 in gift cards and reply with the codes. The email address looks slightly off (e.g., ceo@cornpany.com instead of ceo@company.com). What type of social engineering attack is this?

A.Spear phishing
B.Vishing
C.Whaling
D.Tailgating
AnswerC

Whaling is a phishing attack that targets senior executives (or impersonates them) to steal sensitive data or money. The email impersonating the CEO is a textbook example.

Why this answer

Whaling is a targeted social engineering attack aimed at senior executives (the 'big fish') like the CEO. The email impersonates the CEO to trick the recipient into performing a financial action, and the slightly spoofed domain (cornpany.com vs company.com) is a classic indicator of a whaling attempt, as it exploits the authority of a high-level executive to bypass normal security checks.

Exam trap

CompTIA A+ often tests the distinction between spear phishing (targeted at any individual) and whaling (specifically targeting executives or high-value targets), so the trap here is confusing the broad category of spear phishing with the more specific whaling attack due to the personalized nature of the email.

How to eliminate wrong answers

Option A is wrong because spear phishing targets specific individuals or groups but does not specifically focus on high-ranking executives; the attack here is directed at a subordinate impersonating the CEO, making it whaling. Option B is wrong because vishing (voice phishing) uses phone calls or voice messages, not email, to deceive victims. Option D is wrong because tailgating is a physical security attack where an unauthorized person follows an authorized person into a restricted area, which has no relation to email-based social engineering.

388
MCQeasy

A user reports that their Windows 10 desktop is running very slowly, especially when opening multiple applications. They have 8 GB of RAM and a traditional hard drive. Task Manager shows that memory usage is consistently at 90% or higher. Which component is most likely the bottleneck and what is the best upgrade?

A.The CPU is the bottleneck; upgrade to a faster processor.
B.The hard drive is the bottleneck; upgrade to an SSD.
C.The RAM is the bottleneck; add more RAM.
D.The graphics card is the bottleneck; upgrade to a dedicated GPU.
AnswerC

High memory usage indicates the system needs more RAM; adding more will allow more applications to run without using slow virtual memory.

Why this answer

High memory usage (90%+) with 8 GB of RAM indicates that the system is running out of physical memory, causing it to use the hard drive as virtual memory, which is very slow. The best upgrade is to add more RAM to reduce reliance on the slow hard drive paging.

389
MCQmedium

A small business is deploying Windows 11 to 20 new workstations. During the setup, you need to ensure that each computer receives a unique computer name and joins the domain automatically. Which Windows deployment tool should you use to automate this process?

A.Windows System Image Manager (Windows SIM)
B.Windows Deployment Services (WDS)
C.Microsoft Deployment Toolkit (MDT)
D.Sysprep
AnswerB

WDS allows for network-based deployment of Windows images and can automate computer naming and domain join via answer files, making it the correct choice.

Why this answer

Windows Deployment Services (WDS) is the correct tool because it is designed to deploy Windows operating systems over a network using Preboot Execution Environment (PXE) boot. It can be configured with answer files to automatically assign unique computer names (via naming policies or a prestaged computer accounts in Active Directory) and join the domain without manual intervention, making it ideal for deploying 20 workstations simultaneously.

Exam trap

The trap here is that candidates often confuse MDT as a standalone deployment tool, but MDT requires a deployment mechanism like WDS or bootable media to initiate the network boot, whereas WDS directly handles PXE boot and can automate domain join and naming without MDT.

How to eliminate wrong answers

Option A is wrong because Windows System Image Manager (Windows SIM) is used to create and manage unattended answer files (Unattend.xml), not to perform network-based deployments or automate domain join and naming during deployment. Option C is wrong because Microsoft Deployment Toolkit (MDT) is a deployment solution that can automate domain join and naming, but it is not a deployment tool itself; it relies on WDS or other media for network boot and is typically used for more complex task sequences, not for simple automated domain join and naming. Option D is wrong because Sysprep is a system preparation tool used to generalize a Windows image (remove unique identifiers like SID and computer name) so it can be imaged to multiple computers; it does not automate domain join or assign unique names during deployment.

390
MCQmedium

During a Windows 10 deployment, you need to ensure that a specific Group Policy setting is applied to a computer before any user logs on. Which policy processing mode should you configure?

A.Loopback processing mode
B.Computer Configuration
C.User Configuration
D.Administrative Templates
AnswerB

Policies under Computer Configuration are applied during system startup, before any user logs in. This ensures the setting is in effect for all users and at the login screen.

Why this answer

Computer Configuration policies in Group Policy apply to the computer itself and take effect at boot, before user logon. User Configuration policies apply only after a user logs on. To ensure a setting is applied before any user logs on, it must be placed under Computer Configuration.

391
MCQmedium

A technician needs to write a script that runs a specific command only if a Windows service is running. If the service is stopped, the script should start it first. Which scripting method is most appropriate?

A.Use a for loop to iterate over all services.
B.Use an if-else statement to check the service status.
C.Use a switch statement with multiple conditions.
D.Use a try-catch block to handle errors if the command fails.
AnswerB

An if-else statement can evaluate the service state and execute different commands accordingly.

Why this answer

The correct answer is B because an if-else statement is the most appropriate scripting method to check the status of a specific Windows service and conditionally execute a command or start the service. In PowerShell, you can use `Get-Service` to retrieve the service status and then an if-else block to evaluate whether the `Status` property equals 'Running'. This provides clear, linear logic that directly matches the requirement without unnecessary complexity.

Exam trap

CompTIA often tests the distinction between conditional logic (if-else) and error handling (try-catch), leading candidates to mistakenly choose try-catch because they think it can 'handle' a stopped service, but it cannot evaluate the service state before the command runs.

How to eliminate wrong answers

Option A is wrong because a for loop that iterates over all services is inefficient and unnecessary; the requirement is to check only one specific service, not all services. Option C is wrong because a switch statement is designed for multiple discrete value matches, not for a simple binary check of a service status (running vs. stopped), and it would overcomplicate the logic. Option D is wrong because a try-catch block handles runtime errors (e.g., service not found or access denied) but does not provide conditional logic to check the service status before deciding whether to start it.

392
MCQmedium

A technician is configuring a new Windows 10 workstation for a user who is visually impaired. The user needs the screen magnifier to start automatically when they log in, and they want high-contrast themes. Which Control Panel tool should the technician use to enable these accessibility features?

A.System > Advanced system settings
B.Ease of Access Center
C.Personalization
D.Display
AnswerB

The Ease of Access Center includes options for Magnifier, Narrator, on-screen keyboard, and high-contrast settings.

Why this answer

The Ease of Access Center in Windows 10 is the dedicated Control Panel tool for configuring accessibility features, including Magnifier and high-contrast themes. It provides settings to enable Magnifier to start automatically at login and to apply high-contrast themes system-wide, directly addressing the user's needs.

Exam trap

CompTIA often tests the distinction between the Ease of Access Center and the Personalization or Display settings, trapping candidates who assume high-contrast themes are only in Personalization or that Magnifier auto-start is a Display setting.

How to eliminate wrong answers

Option A is wrong because System > Advanced system settings is used for performance options, user profiles, and startup and recovery settings, not for accessibility features like Magnifier or high-contrast themes. Option C is wrong because Personalization allows changing themes and colors, but it does not provide the option to set Magnifier to start automatically at login; high-contrast themes can be applied there, but the automatic startup of Magnifier is exclusive to the Ease of Access Center. Option D is wrong because Display settings manage screen resolution, orientation, and multiple displays, but do not include accessibility features such as Magnifier auto-start or high-contrast theme configuration.

393
MCQeasy

A small business wants to reduce its environmental footprint by properly managing old computer equipment. They ask which components must be handled separately due to hazardous materials. What should you identify?

A.LCD monitors
B.CRT monitors
C.Keyboard and mouse
D.Ethernet cables
AnswerB

This is correct because CRT monitors contain leaded glass and other hazardous materials that require special handling to prevent environmental contamination.

Why this answer

CRT monitors contain leaded glass in the cathode ray tube and significant amounts of lead in the solder and phosphor coating, making them hazardous electronic waste that must be handled separately under regulations like the EPA's RCRA and the EU's WEEE Directive. Unlike LCDs, which may contain mercury in backlights but are often managed differently, CRTs require specialized recycling to prevent lead leaching into groundwater.

Exam trap

CompTIA often tests the distinction between CRT and LCD monitors, trapping candidates who assume all monitors are equally hazardous, when in fact CRTs are uniquely regulated due to lead content while LCDs are generally treated as standard e-waste unless mercury backlights are present.

How to eliminate wrong answers

Option A is wrong because LCD monitors may contain small amounts of mercury in cold-cathode fluorescent lamp (CCFL) backlights, but they are not universally classified as requiring separate hazardous handling in the same way as CRTs; many jurisdictions allow them in general e-waste streams if mercury is removed. Option C is wrong because keyboards and mice are typically non-hazardous electronic waste composed of plastic and low-voltage circuitry, with no regulated hazardous materials like lead, mercury, or cadmium. Option D is wrong because Ethernet cables are copper or fiber optic cabling with no hazardous materials; they are recyclable as standard e-waste or scrap metal.

394
MCQmedium

A technician is troubleshooting a web server that is not serving pages from /var/www/html. The directory permissions are drwxr-x--- and the web server runs as user 'www-data'. The directory is owned by root:www-data. Which command will allow the web server to read the directory and its contents?

A.chmod g+rx /var/www/html
B.chmod o+rx /var/www/html
C.chown www-data:www-data /var/www/html
D.usermod -aG www-data www-data
AnswerD

This adds the user www-data to the group www-data, ensuring the group permissions apply, which is the correct approach.

Why this answer

Option D is correct because the web server runs as user 'www-data', and the directory /var/www/html has permissions drwxr-x--- (owner root, group www-data). This means the group has read and execute permissions, but the user 'www-data' is not in the group 'www-data' by default. The command 'usermod -aG www-data www-data' adds the user 'www-data' to the group 'www-data', granting group-level read and execute access to the directory and its contents, allowing the web server to serve pages.

Exam trap

The trap here is that candidates assume changing file permissions (chmod) or ownership (chown) is the only solution, overlooking the fact that the user 'www-data' is not a member of the group 'www-data', which is a common Linux group membership issue tested in the 220-1202 exam.

How to eliminate wrong answers

Option A is wrong because 'chmod g+rx /var/www/html' would add read and execute permissions for the group, but the group already has those permissions (drwxr-x--- shows group has r-x). This command does not address the issue that the user 'www-data' is not a member of the group 'www-data'. Option B is wrong because 'chmod o+rx /var/www/html' would add read and execute permissions for others, which could be a security risk and is unnecessary; the correct approach is to add the user to the group, not open permissions to all.

Option C is wrong because 'chown www-data:www-data /var/www/html' would change ownership to user 'www-data' and group 'www-data', but the web server runs as user 'www-data', so the user already has no group membership issue; however, changing ownership might break other processes expecting root ownership, and it does not solve the group membership problem—the user still needs to be in the group to leverage group permissions.

395
MCQeasy

A user reports that their virtual desktop in a VDI environment is extremely slow during peak hours. The technician checks the host server and sees that memory utilization is at 95% and CPU is at 80%. Which of the following is the most likely cause of the performance issue?

A.The virtual switch is misconfigured
B.The host has insufficient memory for the number of VMs
C.The guest OS needs a driver update
D.The virtual hard disks are not thin-provisioned
AnswerB

With memory at 95%, the host is overcommitted, forcing the hypervisor to use disk swap, which drastically reduces performance. This is the most direct cause.

Why this answer

The host's memory utilization at 95% indicates severe memory overcommitment, which forces the hypervisor to use excessive swapping or ballooning to reclaim memory from VMs. This directly causes extreme slowness for all virtual desktops, especially during peak hours when demand is highest. CPU at 80% is high but not as critical as memory exhaustion, which is the primary bottleneck in VDI environments.

Exam trap

CompTIA often tests the distinction between memory exhaustion (which causes swapping and severe slowdowns) versus high CPU usage (which causes processing delays but is less impactful on VDI responsiveness), leading candidates to incorrectly focus on CPU as the primary bottleneck.

How to eliminate wrong answers

Option A is wrong because a misconfigured virtual switch would cause network connectivity issues (e.g., dropped packets, inability to reach resources), not generalized slowness across all VMs due to high memory pressure. Option C is wrong because a guest OS driver update might improve device performance or fix specific hardware compatibility issues, but it would not resolve host-level memory exhaustion affecting all VMs simultaneously. Option D is wrong because thin provisioning affects storage space utilization and can lead to performance issues if the datastore runs out of space, but it does not directly cause high host memory utilization or CPU usage; the reported metrics point to memory, not storage.

396
MCQmedium

A user reports that after a recent Windows update, they can no longer install a legacy application that requires write access to the Program Files folder. The user is a local administrator. What Windows security setting is most likely blocking the installation?

A.BitLocker Drive Encryption
B.User Account Control (UAC)
C.Windows Defender Firewall
D.Group Policy Software Restrictions
AnswerB

UAC protects system integrity by prompting for elevated permissions, even for administrators, when changes affect protected areas like Program Files.

Why this answer

User Account Control (UAC) is the Windows security feature that prompts for consent or credentials before allowing actions that require administrative privileges, even for local administrators. By default, UAC virtualizes write attempts to protected system locations like Program Files, redirecting them to a per-user virtual store, which can cause legacy applications that expect direct write access to fail. Disabling UAC or running the installer with explicit administrative rights (e.g., right-click 'Run as administrator') typically resolves the issue.

Exam trap

CompTIA often tests the misconception that local administrators always run with full administrative privileges, but UAC's default behavior means even admins operate with a filtered token until they explicitly elevate, causing legacy installers to fail when they attempt to write to protected folders like Program Files.

How to eliminate wrong answers

Option A is wrong because BitLocker Drive Encryption provides full-disk encryption to protect data at rest and does not block write access to the Program Files folder; it operates at the disk level, not the file system permission level. Option C is wrong because Windows Defender Firewall controls network traffic based on rules and does not restrict local file system write operations. Option D is wrong because Group Policy Software Restrictions can block installation of specific software based on path, hash, or certificate rules, but the scenario describes a generic inability to write to Program Files after an update, which is a classic symptom of UAC virtualization behavior, not a targeted restriction policy.

397
MCQeasy

A user on iOS 17 complains that their iPhone's battery drains quickly and the phone gets warm during normal use. They have not installed any new apps recently. Which built-in tool should you use first to identify the cause?

A.Settings > General > iPhone Storage
B.Settings > Battery > Battery Health
C.Settings > Privacy > Analytics & Improvements
D.Settings > Display & Brightness
AnswerB

Battery Health provides information on maximum capacity and whether the battery is degraded, which directly addresses the user's symptoms.

Why this answer

The user reports rapid battery drain and heat during normal use, which often indicates a battery health issue or an app misusing power. Settings > Battery > Battery Health (Option B) provides the maximum capacity percentage and peak performance capability, directly revealing if the battery is degraded or if the iPhone is throttling performance to prevent shutdowns. This is the first diagnostic step because it isolates hardware degradation from software causes without requiring additional tools.

Exam trap

CompTIA often tests the misconception that battery drain is always caused by apps or screen brightness, leading candidates to choose Display & Brightness or iPhone Storage, when the first diagnostic step should be checking the battery's physical health and capacity.

How to eliminate wrong answers

Option A is wrong because Settings > General > iPhone Storage manages storage space, not battery performance or thermal behavior, and would not identify a battery health issue. Option C is wrong because Settings > Privacy > Analytics & Improvements contains diagnostic logs for developers and Apple, not a user-facing tool for immediate battery drain troubleshooting. Option D is wrong because Settings > Display & Brightness controls screen brightness, auto-lock, and True Tone, which affect battery life indirectly but do not diagnose the root cause of unexpected drain or overheating.

398
MCQhard

A technician is dealing with a zero-day malware infection that has evaded all signature-based antivirus scans. The malware is polymorphic, changing its code each time it infects a new system. Which approach is most likely to detect and remove this type of malware?

A.Update the antivirus to the latest signature definitions and run a full scan.
B.Use a bootable antivirus rescue disk to scan the system before the OS loads.
C.Employ a heuristic-based or behavior-based malware removal tool.
D.Reinstall the operating system from a known-good backup.
AnswerC

Heuristic tools analyze behavior and code patterns, allowing them to detect polymorphic malware that changes its signature.

Why this answer

Heuristic and behavior-based detection tools analyze the actions and code patterns of malware rather than relying on static signatures. Since polymorphic malware changes its code with each infection, signature-based detection fails, but behavioral analysis can identify malicious activity such as registry modifications, process injection, or network anomalies. This approach is effective against zero-day threats because it detects anomalies without needing prior knowledge of the specific malware variant.

Exam trap

CompTIA often tests the misconception that bootable rescue disks or signature updates can overcome polymorphic or zero-day malware, when in reality only behavior-based or heuristic methods can detect such threats.

How to eliminate wrong answers

Option A is wrong because updating antivirus signatures only adds known malware hashes or patterns, which cannot match the constantly changing code of polymorphic malware; signature-based detection is inherently ineffective against zero-day threats. Option B is wrong because a bootable rescue disk still relies on the same signature database or heuristic engine of the installed antivirus; if the malware evades signature scans, booting from a rescue disk does not change the detection methodology. Option D is wrong because reinstalling the OS from a backup is a recovery measure, not a detection or removal technique; it does not identify or remove the malware and may reintroduce the infection if the backup is compromised.

399
MCQeasy

A user reports that their corporate email app on an Android device is not syncing. They can browse the internet and use other apps normally. The account was working yesterday. What should you check first?

A.Perform a factory reset of the device.
B.Verify the account username and password in the email app.
C.Replace the device's SIM card.
D.Reinstall the operating system.
AnswerB

Incorrect credentials or a recent password change can prevent syncing; verifying them is the quickest and most common fix.

Why this answer

Option B is correct because the most common cause of a previously working email account suddenly failing to sync is an authentication issue, such as a changed password or expired credentials. Since other internet services work, the network connectivity is fine, so the problem is isolated to the email app's authentication. Verifying the username and password in the app's account settings is the quickest, least disruptive first step before escalating to more drastic measures.

Exam trap

The trap here is that candidates may assume a network or hardware issue (SIM card) because the email 'isn't syncing,' but the question explicitly states other apps work, isolating the problem to the email app's configuration or authentication.

How to eliminate wrong answers

Option A is wrong because performing a factory reset is a destructive, last-resort step that would erase all user data and settings, and it is not justified when the issue is isolated to a single app and the device otherwise functions normally. Option C is wrong because replacing the SIM card would only affect cellular network authentication and provisioning, not the email app's credentials or connectivity over Wi-Fi or mobile data; since other apps work, the SIM is not the cause. Option D is wrong because reinstalling the operating system is an extreme measure that would wipe the entire device and is completely unnecessary for a single app's sync failure that likely stems from a simple credential mismatch.

400
MCQmedium

A user's iPad will not rotate the screen when turned sideways, even though the rotation lock is off in the Control Center. The screen remains in portrait mode. What should you check next?

A.Check if the app has its own orientation lock setting.
B.Check the physical mute/orientation lock switch on the side of the iPad.
C.Perform a hard reset of the iPad.
D.Update the iPadOS to the latest version.
AnswerB

On some iPad models, the side switch can be set to lock rotation; if it's engaged, it overrides the Control Center setting.

Why this answer

The correct answer is B because many iPad models (particularly older ones like iPad 2 through iPad 4, and some iPad mini models) include a physical switch on the side edge that can be configured to act as a mute/orientation lock toggle. Even if the software rotation lock in Control Center is off, this hardware switch can independently lock the screen orientation, overriding the software setting. Checking this physical switch is the logical next step before attempting more invasive troubleshooting.

Exam trap

CompTIA often tests the distinction between software-based and hardware-based controls, and the trap here is that candidates assume the Control Center rotation lock is the only mechanism for locking orientation, overlooking the independent physical switch that can override it.

How to eliminate wrong answers

Option A is wrong because while some apps (e.g., video players) have their own orientation lock settings, the question states the screen remains in portrait mode system-wide, not just within a single app, so an app-specific lock would not affect the entire iPad interface. Option C is wrong because performing a hard reset (force restart) is a generic troubleshooting step that would not resolve a hardware switch being engaged; it would only temporarily clear memory and restart processes, not change the physical switch state. Option D is wrong because updating iPadOS addresses software bugs and compatibility issues, but a physical orientation lock switch is a hardware-level control that operates independently of the OS version; an update would not disengage a physical switch.

401
MCQmedium

A user receives an email that appears to be from their bank, asking them to click a link and verify their account information due to 'suspicious activity.' The email address looks legitimate, but the link points to a different domain. What type of attack is this?

A.Spear phishing
B.Phishing
C.Whaling
D.Vishing
AnswerB

Phishing is a broad term for fraudulent emails attempting to obtain sensitive data by posing as a legitimate entity, matching the scenario exactly.

Why this answer

This is a classic phishing attack because the email uses social engineering to trick the user into clicking a link that leads to a fraudulent domain, even though the sender's address appears legitimate. Phishing is a broad category of social engineering where attackers impersonate a trusted entity to steal credentials or sensitive information, and the mismatched link is the key indicator.

Exam trap

CompTIA A+ often tests the distinction between generic phishing and targeted variants like spear phishing or whaling, and the trap here is that candidates see a legitimate-looking sender address and assume it's spear phishing, missing the broad, unsolicited nature of the attack.

How to eliminate wrong answers

Option A is wrong because spear phishing targets a specific individual or organization with personalized details, whereas this scenario describes a generic email sent to any user. Option C is wrong because whaling targets high-profile executives or senior management, not a general user. Option D is wrong because vishing (voice phishing) uses phone calls or voicemail, not email, to deceive victims.

402
MCQmedium

A user reports that their Windows 10 PC fails to boot and displays a 'Boot Configuration Data is missing' error. You need to repair the boot configuration using the Windows Recovery Environment. Which administrative tool should you run from the command prompt in the recovery environment?

A.sfc /scannow
B.bootrec /rebuildbcd
C.DISM /Online /Cleanup-Image /RestoreHealth
D.chkdsk /f
AnswerB

Bootrec with the /rebuildbcd switch scans for Windows installations and rebuilds the BCD store, fixing boot errors.

Why this answer

The 'Boot Configuration Data is missing' error indicates that the BCD store, which contains boot-time configuration parameters, is corrupted or missing. The `bootrec /rebuildbcd` command scans all disks for Windows installations and allows you to rebuild the BCD store from scratch, directly addressing the missing or corrupt boot configuration data.

Exam trap

Cisco often tests the distinction between file-level repair tools (sfc, DISM) and boot-level repair tools (bootrec), so the trap here is that candidates confuse 'system file corruption' with 'boot configuration corruption' and choose sfc or DISM instead of the correct bootrec command.

How to eliminate wrong answers

Option A is wrong because `sfc /scannow` (System File Checker) scans and repairs protected system files, but it does not rebuild the Boot Configuration Data store, which is a separate boot-critical component. Option C is wrong because `DISM /Online /Cleanup-Image /RestoreHealth` repairs the Windows system image and component store corruption, but it requires the OS to be online and cannot be used from the Windows Recovery Environment command prompt to fix a missing BCD. Option D is wrong because `chkdsk /f` checks the file system for logical and physical errors on the disk, but it does not create or repair the boot configuration data store.

403
MCQhard

After resolving a user's issue, the user says, "Thank you, you're a lifesaver!" and offers the technician a $50 gift card as a token of appreciation. Company policy strictly prohibits accepting gifts over $20. How should the technician respond?

A."I appreciate that, but our policy doesn't allow me to accept gifts over $20. Thank you for the thought, though."
B."Thank you! That's very kind. I'll accept it, but please don't tell anyone."
C."I can't accept this. Please don't offer gifts to IT staff."
D."You can give it to my manager if you want, but I can't take it directly."
AnswerA

This politely declines while explaining the policy, showing integrity and respect for company rules.

Why this answer

Option A is correct because it politely declines the gift while citing the specific company policy limit of $20, which aligns with professional conduct and ethical guidelines. This response maintains trust and integrity without offending the user, as required by the CompTIA A+ 220-1202 exam objectives on professionalism and communication.

Exam trap

CompTIA often tests the candidate's ability to balance professionalism with customer appreciation, trapping those who choose a response that either violates policy (B, D) or damages the relationship (C) instead of a polite, policy-compliant refusal (A).

How to eliminate wrong answers

Option B is wrong because accepting the gift and asking the user to keep it secret violates company policy and ethical standards, potentially leading to disciplinary action or loss of trust. Option C is wrong because it is overly abrupt and dismissive, failing to acknowledge the user's gratitude and potentially damaging the customer relationship; a polite refusal is more appropriate. Option D is wrong because redirecting the gift to a manager still involves accepting a prohibited item indirectly, which does not comply with the policy and could be seen as an attempt to circumvent the rules.

404
MCQmedium

A security incident occurred where an attacker modified a PowerShell script on a file server to include malicious commands. The script is executed daily by a scheduled task. Which scripting security best practice could have prevented this attack?

A.Store the script in a hidden folder
B.Set the script file to read-only
C.Use a digital signature to sign the script and enforce execution policy
D.Compile the script into an executable
AnswerC

Signing ensures integrity; if the script is modified, the signature becomes invalid and execution is blocked.

Why this answer

Option C is correct because enforcing an execution policy that requires scripts to be digitally signed ensures that only scripts signed by a trusted publisher can run. If the attacker modified the script, the digital signature would become invalid, and the execution policy would block the script from running, preventing the malicious commands from executing.

Exam trap

The trap here is that candidates often choose 'Set the script file to read-only' because they think file permissions alone are sufficient, but CompTIA tests that integrity verification (via digital signatures) is the only way to detect unauthorized modifications in a script that is executed automatically.

How to eliminate wrong answers

Option A is wrong because storing the script in a hidden folder does not prevent modification; hidden folders are easily revealed via File Explorer settings or command-line tools like `dir /a`. Option B is wrong because setting the script file to read-only can be bypassed by an attacker with sufficient privileges (e.g., taking ownership or modifying permissions), and it does not verify the script's integrity. Option D is wrong because compiling a PowerShell script into an executable does not prevent modification; the executable can still be decompiled or replaced, and it does not enforce integrity checks like a digital signature.

405
MCQhard

A technician receives an email from what appears to be the company's CEO, asking for a list of all employee passwords for a 'security audit'. The email address is correct, but the tone and request are unusual. The technician suspects a social engineering attack. What is the best course of action?

A.Reply to the email asking for more details to confirm the request.
B.Forward the email to the security team and do not respond.
C.Provide the list as requested, since the CEO has authority.
D.Call the CEO immediately to verify the request.
AnswerB

The correct action is to report the suspicious email to the security team for investigation and not engage with the potential attacker. This follows proper incident response protocols.

Why this answer

Option B is correct because forwarding the email to the security team ensures that the incident is handled by the appropriate personnel who can investigate the potential phishing or social engineering attack without engaging the attacker. Responding to the email, even for confirmation, could validate the technician's email address as active and potentially expose the organization to further attacks. The security team can analyze headers, links, and attachments using tools like email security gateways or SIEM systems to determine the legitimacy of the request.

Exam trap

CompTIA often tests the misconception that verifying with the CEO by phone is the best immediate action, but the correct priority is to report to the security team first to ensure proper incident response and evidence preservation.

How to eliminate wrong answers

Option A is wrong because replying to the email, even for clarification, confirms to the attacker that the email address is monitored and may trigger follow-up social engineering attempts; it also risks accidental disclosure of sensitive information. Option C is wrong because providing passwords violates security policy and best practices; no legitimate security audit would request plaintext passwords, as they should be hashed and never transmitted. Option D is wrong because while calling the CEO is a good verification step, it delays immediate reporting to the security team, who should be notified first to preserve evidence and coordinate a response; the technician should not act on the request until the security team confirms it is legitimate.

406
MCQhard

A network administrator is investigating a security incident where an attacker captured the 4-way handshake of a WPA2-PSK network and successfully cracked the passphrase. Which protocol change would most effectively prevent this type of attack in the future?

A.Switch to WPA2-Enterprise with 802.1X and a RADIUS server.
B.Increase the WPA2-PSK passphrase length to 63 characters.
C.Upgrade to WPA3-SAE.
D.Enable MAC address filtering on the access point.
AnswerC

Correct. WPA3-SAE uses SAE, which eliminates the possibility of offline dictionary attacks by design, making handshake capture useless.

Why this answer

WPA3-SAE (Simultaneous Authentication of Equals) replaces the WPA2-PSK 4-way handshake with a protocol that uses a Diffie-Hellman key exchange, making it resistant to offline dictionary attacks. Even if an attacker captures the SAE handshake, they cannot crack the passphrase offline because the key exchange provides forward secrecy and prevents brute-force attempts without interacting with the network.

Exam trap

Cisco often tests the misconception that simply strengthening WPA2-PSK (e.g., longer passphrase) or adding MAC filtering is sufficient, when the core vulnerability is the offline-crackable 4-way handshake itself, which only WPA3-SAE fundamentally addresses.

How to eliminate wrong answers

Option A is wrong because switching to WPA2-Enterprise with 802.1X and a RADIUS server still uses the same 4-way handshake for key derivation; the handshake can still be captured and, if the RADIUS server uses a weak password or certificate, offline attacks remain possible. Option B is wrong because increasing the WPA2-PSK passphrase length to 63 characters only makes cracking harder but does not change the fundamental vulnerability: the 4-way handshake can still be captured and subjected to offline dictionary or brute-force attacks given enough time and resources. Option D is wrong because MAC address filtering is a trivial security measure that can be easily bypassed by spoofing an allowed MAC address; it does not prevent handshake capture or cracking of the passphrase.

407
MCQmedium

A technician is configuring a new Windows 10 workstation for a user who requires access to files stored on an encrypted USB drive. The drive uses BitLocker To Go. What must the technician do to ensure the user can access the drive on this computer?

A.Enable BitLocker on the workstation's internal drive
B.Provide the user with the drive's password or recovery key
C.Format the USB drive to NTFS
D.Install the BitLocker Drive Encryption feature from Control Panel
AnswerB

The user must enter the password or recovery key to unlock the drive; this is the standard method for BitLocker To Go access.

Why this answer

BitLocker To Go encrypts removable drives with a password or recovery key. To access the drive on a new Windows 10 workstation, the technician must provide the user with the drive's password or recovery key, as the drive is already encrypted and requires authentication at mount time. No additional configuration is needed on the workstation beyond entering the correct credentials.

Exam trap

The trap here is that candidates may think additional software or feature installation is required, but BitLocker To Go is a built-in capability of Windows 10 Pro/Enterprise that only needs the correct authentication credential to unlock the drive.

How to eliminate wrong answers

Option A is wrong because enabling BitLocker on the workstation's internal drive is unrelated to accessing an already-encrypted BitLocker To Go USB drive; the internal drive encryption does not affect removable drive access. Option C is wrong because formatting the USB drive to NTFS would erase all data and remove the existing BitLocker encryption, which is counterproductive since the user needs to access existing encrypted files. Option D is wrong because the BitLocker Drive Encryption feature is already included in Windows 10 Pro and Enterprise editions; it does not need to be installed separately, and the technician only needs to provide the password or recovery key.

408
MCQhard

A system administrator needs to change the group ownership of a directory /srv/data and all its contents to 'datagroup'. Which command will accomplish this recursively?

A.chgrp -R datagroup /srv/data
B.chown datagroup: /srv/data
C.chmod -R g+rw /srv/data
D.groupmod -R datagroup /srv/data
AnswerA

chgrp with -R recursively changes the group ownership of the directory and all its contents.

Why this answer

The correct command is `chgrp -R datagroup /srv/data`. The `-R` (or `--recursive`) flag tells `chgrp` to operate on the directory and all its contents, changing the group ownership to 'datagroup'. This directly fulfills the requirement to change group ownership recursively.

Exam trap

The trap here is that candidates often confuse `chgrp` with `chown` or `chmod`, mistakenly thinking that `chown datagroup:` or `chmod -R g+rw` will change group ownership, when in fact they change user ownership or permissions, respectively.

How to eliminate wrong answers

Option B is wrong because `chown datagroup: /srv/data` changes the user owner to 'datagroup' (with an empty group field), not the group ownership, and it does not operate recursively. Option C is wrong because `chmod -R g+rw /srv/data` modifies file permissions (adding read and write for the group), not group ownership. Option D is wrong because `groupmod` is used to modify the properties of a group (e.g., its name or GID) in the system's group database, not to change ownership of files or directories, and it does not accept a `-R` flag for recursion.

409
MCQmedium

A technician is tasked with securing a shared office printer that stores sensitive documents on its hard drive. The printer is in an open area. Which physical security measure should be prioritized to protect the data on the printer?

A.Enable secure print release with a PIN
B.Encrypt the printer's hard drive
C.Place the printer in a locked room
D.Use a cable lock on the printer
AnswerC

Physical access control prevents unauthorized individuals from tampering with or stealing the printer's hard drive.

Why this answer

Option C is correct because the most effective physical security measure to protect sensitive data on a printer's hard drive in an open area is to control physical access to the device itself. Placing the printer in a locked room prevents unauthorized individuals from physically removing the hard drive or accessing the printer's internal components, which is the primary threat in an open area. While encryption and secure release are important, they do not mitigate the risk of physical theft or tampering with the storage medium.

Exam trap

CompTIA often tests the principle that physical security controls must address the most direct threat vector; the trap here is that candidates confuse data-at-rest protections (encryption) with physical access controls, failing to recognize that encryption does not prevent physical theft or tampering with the storage medium.

How to eliminate wrong answers

Option A is wrong because enabling secure print release with a PIN only controls the release of print jobs, not the data already stored on the printer's hard drive; an attacker could still physically steal the drive and extract data offline. Option B is wrong because encrypting the printer's hard drive protects data at rest but does not prevent physical theft of the drive or the printer itself; encryption is a complementary control, not a substitute for physical access control. Option D is wrong because using a cable lock on the printer only prevents the printer from being easily carried away, but it does not prevent an attacker from opening the printer's casing and removing the hard drive or accessing the data directly.

410
MCQmedium

A user calls the help desk because their MacBook Pro running macOS Sonoma suddenly shows a folder with a flashing question mark when booting. They were not performing any system updates. Which macOS tool or feature should you use to attempt to repair the startup volume?

A.Boot to Recovery mode and run Disk Utility First Aid
B.Use the Terminal command 'sudo fsck -fy' at boot
C.Reinstall macOS from Internet Recovery
D.Enable Target Disk Mode on the Mac
AnswerA

This is the standard method to check and repair the startup disk's file system structure, which can resolve the missing boot volume issue.

Why this answer

A flashing question mark folder at boot on a Mac indicates that the startup volume is not found or is corrupt. Booting to Recovery mode (by holding Command-R at startup) and running Disk Utility First Aid allows you to verify and repair the volume's directory structure and file system, which is the appropriate first step to resolve this issue without reinstalling macOS.

Exam trap

CompTIA often tests the misconception that 'fsck' is the modern repair tool for macOS, but candidates must know that Disk Utility First Aid is the correct GUI tool for APFS volumes, and the deprecated 'fsck -fy' command is no longer the standard approach.

How to eliminate wrong answers

Option B is wrong because 'sudo fsck -fy' is a legacy Unix command for checking file systems, but on modern macOS with APFS, Disk Utility First Aid is the recommended tool; additionally, you cannot run 'sudo' in single-user mode without proper syntax, and the correct command would be '/sbin/fsck -fy' in single-user mode, which is deprecated. Option C is wrong because reinstalling macOS from Internet Recovery is a more drastic step that should only be attempted after Disk Utility First Aid fails to repair the volume, as it erases the current system and user data. Option D is wrong because Target Disk Mode makes the Mac act as an external drive for another computer, which does not repair the startup volume; it only provides access to the drive for data transfer or diagnostics from another Mac.

411
MCQmedium

A security incident response team needs to identify all files on a system that have the SUID bit set, as these may pose a security risk. Which command should they use?

A.find / -type f -perm 0777
B.find / -type f -perm 4000
C.find / -type f -perm -4000
D.find / -type f -perm /4000
AnswerC

This finds any file with the SUID bit set, regardless of other permission bits, which is the correct approach.

Why this answer

Option C is correct because the `-perm -4000` syntax in the `find` command matches files that have the SUID bit set (the 4000 octal permission), regardless of other permission bits. The leading dash (`-`) means 'at least these bits must be set,' so it correctly identifies all files where the SUID bit is enabled, which is a common security concern as it allows execution with the file owner's privileges.

Exam trap

This question tests the distinction between exact permission matching (`-perm 4000`), 'at least' matching (`-perm -4000`), and 'any of these bits' matching (`-perm /4000`), trapping candidates who confuse the dash prefix with the slash prefix or assume exact matching is sufficient.

How to eliminate wrong answers

Option A is wrong because `-perm 0777` matches files with exact permissions of 0777 (all read, write, execute for owner, group, and others), not files with the SUID bit set. Option B is wrong because `-perm 4000` matches files with exactly the permission 4000 (only the SUID bit, no other permissions), which is unrealistic and would miss files that have the SUID bit combined with other permissions like 4755. Option D is wrong because `-perm /4000` uses the `/` prefix, which in GNU find matches files where any of the specified bits are set (logical OR), but this is not the standard POSIX syntax and may not be available on all systems; the correct POSIX-compliant syntax for matching the SUID bit is `-perm -4000`.

412
MCQhard

A user complains that their Windows 10 computer is running slowly and they see frequent pop-ups from an unknown program. After running a full antivirus scan, nothing is detected. Which Windows security feature should you use to investigate and remove potentially unwanted software?

A.Windows Defender Firewall
B.Windows Defender Offline Scan
C.System Restore
D.User Account Control (UAC)
AnswerB

This runs outside of Windows to catch deeply hidden malware that standard scans cannot detect.

Why this answer

Windows Defender Offline Scan boots from a trusted environment to detect and remove persistent malware that standard scans miss. It is ideal for rootkits or stubborn infections that hide from a live OS.

413
MCQmedium

A security incident is reported where a user accidentally deleted a critical script in /usr/local/bin. The script was owned by root and had permissions 755. Which command will restore the script from a backup located in /backup?

A.mv /backup/script.sh /usr/local/bin/
B.cp /backup/script.sh /usr/local/bin/
C.cp -p /backup/script.sh /usr/local/bin/
D.rsync -a /backup/script.sh /usr/local/bin/
AnswerC

The -p flag preserves the original file's permissions, timestamps, and ownership if run as root.

Why this answer

Option C is correct because the `cp -p` command preserves the original file's ownership (root) and permissions (755) when restoring the script from /backup to /usr/local/bin. Since the script was owned by root and had specific permissions, using `-p` ensures these attributes are retained, which is critical for a system script in /usr/local/bin. Without `-p`, the restored file would inherit the user's default umask and ownership, breaking the intended security context.

Exam trap

The trap here is that candidates often choose `cp` without `-p` (Option B) because they assume a simple copy is sufficient, overlooking that file ownership and permissions are not preserved by default, which is a common oversight in Linux file restoration scenarios tested on the A+ exam.

How to eliminate wrong answers

Option A is wrong because `mv` moves the file from /backup to /usr/local/bin, which removes the backup copy entirely, leaving no fallback if the restore fails or is incorrect. Option B is wrong because `cp` without the `-p` flag does not preserve the original file's ownership (root) and permissions (755); the restored script would be owned by the user running the command and have permissions based on the current umask, potentially breaking system functionality. Option D is wrong because `rsync -a` (archive mode) preserves permissions, ownership, and timestamps, but it is designed for synchronizing directories and may introduce unnecessary overhead or unintended behavior (e.g., deleting files in the destination if used with `--delete`), and it is not the standard simple restore command for a single file in this context.

414
MCQhard

A Windows 11 workstation is infected with ransomware that encrypted user files. The IT security team wants to prevent future infections by restricting which processes can modify files in user profile folders. Which Windows security feature can enforce such restrictions without third-party software?

A.NTFS permissions set to 'Read-only' for all users.
B.AppLocker with a deny rule for unknown executables.
C.Controlled Folder Access
D.BitLocker with TPM protection
AnswerC

This feature specifically protects folders from unauthorized apps, including ransomware.

Why this answer

Controlled Folder Access (CFA) is a Windows Defender Exploit Guard feature that restricts which applications can modify files in protected folders, such as user profile directories. By default, CFA blocks untrusted or unknown processes from writing to or encrypting files in these folders, directly preventing ransomware from encrypting user data without requiring third-party software.

Exam trap

The trap here is that candidates confuse AppLocker's application control with file-level write restrictions, assuming that blocking unknown executables from running is equivalent to preventing file modification, but AppLocker does not control file system operations after execution.

How to eliminate wrong answers

Option A is wrong because setting NTFS permissions to 'Read-only' for all users would prevent legitimate user applications (like Microsoft Word or Notepad) from saving files, breaking normal workflow, and it does not selectively block only malicious processes. Option B is wrong because AppLocker controls which executables can run, not which processes can modify files; it can block unknown executables from launching, but it does not restrict file write operations by already-running trusted processes. Option D is wrong because BitLocker with TPM protection provides full-disk encryption to protect data at rest from offline attacks, but it does not enforce runtime restrictions on which processes can modify files after the system is booted.

415
MCQmedium

A security incident occurs when an unauthorized user gains access to a server because a technician left a default password unchanged after a system rebuild. The rebuild was documented, but the password change was not. What documentation failure does this highlight?

A.The change log did not include a rollback plan.
B.The change log did not list the specific configuration changes made.
C.The change request was not approved by the change advisory board.
D.The technician did not perform a post-implementation review.
AnswerB

The rebuild documentation should have included all configuration changes, such as password updates, to ensure security and accountability.

Why this answer

Option B is correct because the documentation failure is that the change log did not list the specific configuration changes made. In this scenario, the system rebuild was documented, but the critical detail of changing the default password was omitted. Proper change management requires that every configuration change, including password updates, be explicitly recorded in the change log to ensure accountability and traceability.

Without this record, the security incident occurred due to an undocumented deviation from security best practices.

Exam trap

CompTIA often tests the distinction between a change log's requirement to list specific changes versus broader change management processes like approval or review, leading candidates to confuse a documentation failure with a procedural one.

How to eliminate wrong answers

Option A is wrong because a rollback plan is not the primary issue here; the failure is the omission of the password change from the documentation, not the absence of a procedure to revert changes. Option C is wrong because the question does not indicate that the change request lacked approval from the change advisory board (CAB); the issue is the incomplete documentation of the change itself. Option D is wrong because a post-implementation review (PIR) would occur after the change is completed, but the core failure is that the password change was never recorded in the change log, which is a documentation failure that precedes any review.

416
MCQhard

A user reports that their Windows 10 PC is infected with malware that keeps reinstalling after removal. You need to boot into a minimal environment to run antivirus scans without malware interference. Which advanced startup option should you use?

A.Enable Boot Logging
B.Safe Mode
C.Last Known Good Configuration
D.Debugging Mode
AnswerB

Safe Mode loads only minimal drivers and services, preventing malware from starting, making it ideal for scanning.

Why this answer

Safe Mode (B) loads Windows with a minimal set of drivers and services, preventing malware that runs as a startup program or service from loading. This allows antivirus software to scan and remove the infection without interference, addressing the scenario where malware reinstalls after removal in a normal boot.

Exam trap

CompTIA A+ candidates often mistakenly think that Last Known Good Configuration (C) can remove malware, but it only reverts driver/registry changes and does not clean infections that persist across boots. Safe Mode is the correct choice for malware removal.

How to eliminate wrong answers

Option A is wrong because Enable Boot Logging creates a log of drivers loaded during boot (ntbtlog.txt) but does not restrict malware from loading, so it does not provide a minimal environment for antivirus scans. Option C is wrong because Last Known Good Configuration reverts to the last successful registry and driver configuration after a failed boot, but it does not prevent malware from loading if the malware was present in that configuration; it is designed for driver or configuration issues, not persistent malware. Option D is wrong because Debugging Mode enables kernel debugging over serial or IEEE 1394 for advanced troubleshooting, but it loads all normal drivers and services, allowing malware to run and interfere with scans.

417
MCQhard

A company’s change management policy states that all changes must be reviewed by the CAB. An urgent security vulnerability is discovered that requires an immediate patch to a critical database server. The CAB is not available for 24 hours. What is the best course of action?

A.Wait for the CAB to meet and approve the change
B.Apply the patch immediately and document it as an emergency change
C.Apply the patch but do not document it to avoid policy violation
D.Disconnect the server from the network until the CAB meets
AnswerB

Emergency changes allow for immediate action with retrospective approval, balancing security and process.

Why this answer

Option B is correct because the change management policy includes an emergency change process for urgent security vulnerabilities. Applying the patch immediately and documenting it as an emergency change aligns with ITIL best practices and the company's policy, ensuring the vulnerability is mitigated without delay while maintaining compliance through post-implementation review.

Exam trap

CompTIA often tests the misconception that all changes must wait for CAB approval, ignoring the emergency change process explicitly defined in ITIL and many corporate policies.

How to eliminate wrong answers

Option A is wrong because waiting 24 hours for the CAB leaves the critical database server exposed to the security vulnerability, which could lead to data breach or system compromise. Option C is wrong because applying the patch without documentation violates the change management policy and creates an audit trail gap, potentially leading to compliance issues and inability to track changes. Option D is wrong because disconnecting the server from the network disrupts business operations and does not resolve the vulnerability; the patch must still be applied, and the server remains vulnerable when reconnected.

418
MCQhard

A security audit reveals that a user's Windows 10 workstation has remote desktop enabled, which violates company policy. You need to disable Remote Desktop and ensure it cannot be easily re-enabled by the user. Which Control Panel tool should you use?

A.System > Remote Desktop
B.Windows Defender Firewall
C.User Accounts > Manage another account
D.Administrative Tools > Services
AnswerA

The System applet includes a Remote Desktop tab where you can disable remote connections.

Why this answer

The correct answer is A because the Remote Desktop setting is managed through System Properties > Remote tab, which can be accessed via Control Panel > System > Remote Desktop. Disabling it here prevents the user from easily re-enabling it through the Settings app, as the Control Panel path requires administrative privileges to modify, whereas the Settings app may allow a standard user to toggle it. This directly addresses the audit finding by enforcing the policy at the system level.

Exam trap

The trap here is that candidates often choose Windows Defender Firewall, thinking blocking port 3389 is sufficient, but the CompTIA A+ exam tests the distinction between disabling the service via Control Panel versus blocking the network traffic, where the former is the proper policy enforcement method.

How to eliminate wrong answers

Option B is wrong because Windows Defender Firewall controls inbound/outbound network traffic rules, not the Remote Desktop service itself; disabling it would block RDP traffic but leave the service enabled, allowing a user to re-enable it via other methods. Option C is wrong because User Accounts > Manage another account is used to change account types, passwords, or parental controls, and has no direct setting to disable Remote Desktop. Option D is wrong because Administrative Tools > Services allows stopping or disabling the Remote Desktop Services (TermService) service, but a user with standard privileges can restart it or change its startup type, making it an ineffective long-term solution without additional Group Policy restrictions.

419
MCQhard

During a remote troubleshooting session, a technician uses a tool that allows them to view the user's screen and control the mouse and keyboard. The user reports that the session is extremely laggy, with noticeable delay between the technician's actions and the screen update. Which of the following is the most likely cause of this lag?

A.The remote desktop software is using an outdated encryption protocol.
B.The user's computer has insufficient RAM to handle remote desktop sessions.
C.The network connection between the technician and the user has high latency or low bandwidth.
D.The technician's computer is running a different operating system than the user's.
AnswerC

Remote desktop traffic is sensitive to latency. High latency causes noticeable delay between input and screen updates, while low bandwidth causes choppy video.

Why this answer

The lag described is a classic symptom of network latency or insufficient bandwidth, which directly impacts the responsiveness of remote desktop protocols like RDP or VNC. These protocols transmit screen updates and input events in real time; high latency delays the round-trip of packets, while low bandwidth can cause frame drops or compression artifacts, resulting in the noticeable delay between the technician's actions and the screen update.

Exam trap

CompTIA often tests the concept that remote desktop lag is primarily a network issue (latency/bandwidth), not a hardware or OS compatibility problem, and the trap here is that candidates may incorrectly attribute the lag to the user's local hardware (RAM) or encryption overhead instead of recognizing the network as the most likely culprit.

How to eliminate wrong answers

Option A is wrong because outdated encryption protocols (e.g., SSL 3.0 vs. TLS 1.2) affect security, not responsiveness; they may add negligible overhead but are not the primary cause of severe lag. Option B is wrong because insufficient RAM on the user's computer would typically cause local application crashes, swapping, or slow local performance, not a specific delay between remote input and screen updates; remote desktop protocols are more sensitive to CPU and network than to RAM.

Option D is wrong because different operating systems between technician and user are handled transparently by cross-platform remote desktop tools (e.g., RDP client on Windows connecting to Linux via xrdp); the OS mismatch does not inherently introduce lag.

420
MCQmedium

A user reports that their iPhone's battery drains quickly and the phone feels warm. After checking, you find that several apps are using Location Services in the background. What is the most efficient way to manage this without disabling location for all apps?

A.Turn off Location Services entirely in Privacy settings
B.Set each app's location permission to 'While Using the App'
C.Enable Low Power Mode
D.Reset all settings on the iPhone
AnswerB

This prevents apps from accessing location in the background, reducing battery drain while preserving front-end use.

Why this answer

Setting each app's location permission to 'While Using the App' is the most efficient solution because it prevents apps from accessing location services in the background, which is the primary cause of battery drain and heat generation. This granular control allows critical apps (e.g., Maps) to still function when actively used, while stopping unnecessary background location polling that consumes GPS and cellular resources.

Exam trap

CompTIA often tests the distinction between system-wide toggles and per-app granular controls, trapping candidates who choose a global solution (like disabling Location Services entirely) instead of the targeted, efficient fix that addresses the specific symptom of background location usage.

How to eliminate wrong answers

Option A is wrong because turning off Location Services entirely disables location for all apps, including those that need it for core functionality (e.g., navigation, weather), which is an overreaction and not efficient. Option C is wrong because Low Power Mode reduces overall performance and background activity but does not specifically address the root cause of background location services; it may temporarily mask the issue without stopping the location polling that drains the battery. Option D is wrong because resetting all settings is a drastic, time-consuming step that erases personalized configurations (e.g., Wi-Fi passwords, wallpapers) and does not directly target the location permissions causing the drain.

421
MCQmedium

A technician needs to create a virtual machine that will host a legacy application requiring Windows XP. The host runs Windows 11. After creating the VM and installing Windows XP, the technician notices that the mouse cursor is lagging and the screen resolution is stuck at 800x600. What should the technician do to resolve this?

A.Increase the amount of RAM allocated to the VM.
B.Install the guest additions for the VM.
C.Update the host operating system to the latest version.
D.Change the VM's network adapter from NAT to bridged.
AnswerB

Guest additions install drivers that enable higher resolutions and smooth mouse integration.

Why this answer

The mouse lag and limited screen resolution (800x600) indicate that the VM lacks proper integration with the host, which is resolved by installing guest additions. Guest additions provide optimized drivers for video, mouse, and other hardware, enabling smooth cursor movement and higher resolutions. This is a standard step after installing any guest OS in a hypervisor like Hyper-V or VirtualBox.

Exam trap

The trap here is that candidates often confuse performance issues with resource allocation (RAM) or network settings, overlooking the fundamental requirement for guest additions (or integration services) to enable proper hardware support in the guest OS.

How to eliminate wrong answers

Option A is wrong because increasing RAM addresses performance issues related to memory pressure, not video driver or integration problems; the symptoms described are driver-specific, not memory-related. Option C is wrong because updating the host OS does not affect the guest's video drivers or integration services; the host OS version is irrelevant to the guest's display capabilities. Option D is wrong because changing the network adapter type affects network connectivity, not video output or mouse input; NAT vs. bridged has no impact on screen resolution or cursor lag.

422
MCQeasy

A customer says that when they click a link in an email, it opens a website that looks exactly like their bank's login page, but the URL starts with 'http://' instead of 'https://'. What is the most likely security concern?

A.The website is using an expired SSL certificate.
B.The user's browser is infected with adware.
C.The email contains a phishing link.
D.The user's DNS server has been compromised.
AnswerC

The combination of a lookalike page and HTTP instead of HTTPS is classic phishing, designed to steal login credentials.

Why this answer

The absence of HTTPS and the lookalike page strongly indicate a phishing attempt. Phishing sites often mimic legitimate sites to steal credentials, and the lack of encryption is a red flag. Users should never enter credentials on non-HTTPS pages, especially from email links.

423
MCQhard

An organization uses Windows 10 and wants to prevent users from installing unauthorized software. They have configured Software Restriction Policies via Group Policy. However, a user bypassed the policy by renaming the executable. What additional measure should be taken to enforce the restriction?

A.Enable Windows Defender Real-time Protection
B.Use AppLocker with publisher rules
C.Set User Account Control to Always Notify
D.Enable BitLocker
AnswerB

AppLocker publisher rules validate software by digital signature, making renaming ineffective.

Why this answer

AppLocker with publisher rules is the correct additional measure because Software Restriction Policies (SRP) can be bypassed by renaming executables, as SRP relies on file path or hash rules. AppLocker's publisher rules use digital signatures to identify software, making it immune to filename changes. This provides a more robust enforcement mechanism for preventing unauthorized software installation.

Exam trap

CompTIA often tests the distinction between Software Restriction Policies and AppLocker, where candidates mistakenly think SRP's hash rules are sufficient, but the trap is that renaming bypasses path rules, and hash rules require updates after each software update, whereas AppLocker publisher rules are more resilient.

How to eliminate wrong answers

Option A is wrong because Windows Defender Real-time Protection is an antimalware feature that detects and blocks malicious software, but it does not prevent users from installing or running unauthorized software based on policy rules. Option C is wrong because User Account Control (UAC) set to Always Notify prompts for administrative consent but does not block execution of unauthorized software if the user has administrative rights or bypasses the prompt. Option D is wrong because BitLocker is a full-disk encryption technology that protects data at rest, not a software restriction or execution control mechanism.

424
MCQeasy

A small business owner wants to ensure that only authorized USB storage devices can be used on company laptops running Windows 10 Pro. They have a list of approved device hardware IDs. Which security policy should be configured to enforce this restriction?

A.Enable the 'Removable Storage Access' policy under Windows Components
B.Configure the 'Devices: Restrict CD-ROM access to locally logged-on user only' policy
C.Set the 'Deny all devices' policy under Device Installation Restrictions
D.Configure the 'Allow installation of devices that match any of these device IDs' policy under Device Installation Restrictions
AnswerD

This policy allows specifying approved hardware IDs, effectively blocking all other USB storage devices while permitting the authorized ones.

Why this answer

Option D is correct because the 'Allow installation of devices that match any of these device IDs' policy under Device Installation Restrictions allows an administrator to specify a whitelist of approved hardware IDs. When configured, only USB storage devices whose hardware IDs match the list will be installed, effectively blocking all unauthorized devices. This directly enforces the requirement to restrict USB storage to approved devices only.

Exam trap

CompTIA often tests the distinction between access control policies (like Removable Storage Access) and device installation restriction policies, leading candidates to confuse permission-based controls with hardware-based whitelisting.

How to eliminate wrong answers

Option A is wrong because the 'Removable Storage Access' policy under Windows Components controls read/write permissions for removable media (e.g., deny write access) but does not filter by hardware ID or prevent installation of unauthorized devices. Option B is wrong because the 'Devices: Restrict CD-ROM access to locally logged-on user only' policy is a legacy setting that limits CD-ROM access to the interactive user, not USB storage devices, and does not enforce a hardware ID whitelist. Option C is wrong because the 'Deny all devices' policy under Device Installation Restrictions would block all device installations, including approved USB storage devices, which contradicts the requirement to allow authorized devices.

425
MCQeasy

A small business owner wants to ensure that only authorized users can access their iMac. They need to set up separate accounts for three employees, each with a username and password, and restrict one employee from installing software. Which macOS feature should they use to create and manage these user accounts?

A.System Settings > Users & Groups.
B.Terminal with the 'dscl' command.
C.System Information > Software > Installations.
D.Keychain Access to create user passwords.
AnswerA

This is the correct graphical interface for managing user accounts. From here, you can create new users, set passwords, and change account types to restrict privileges.

Why this answer

Option A is correct because the 'Users & Groups' pane in System Settings (macOS Ventura and later) is the native graphical interface for creating, editing, and managing local user accounts, including setting passwords and controlling administrative privileges. It allows the owner to create separate accounts for each employee and restrict one from installing software by setting that account as a 'Standard' user rather than an 'Administrator'.

Exam trap

The trap here is that candidates may confuse the 'Users & Groups' GUI with the command-line 'dscl' tool, thinking both are equally appropriate for a non-technical business owner, but the exam expects you to recognize that the GUI is the correct and intended method for typical user management scenarios.

How to eliminate wrong answers

Option B is wrong because while the 'dscl' command in Terminal can create and manage user accounts, it is a command-line tool intended for advanced administration and scripting, not the recommended or primary method for a small business owner who needs a straightforward GUI. Option C is wrong because 'System Information > Software > Installations' only displays a list of installed software and their installation dates; it cannot create or manage user accounts. Option D is wrong because Keychain Access is used to store and manage passwords, certificates, and secure notes, not to create user accounts or set account-level restrictions.

426
MCQeasy

A customer complains that their Windows 10 laptop frequently loses network connectivity. You suspect the IP address configuration is incorrect. Which command should you use to release the current IP address and request a new one from the DHCP server?

A.ping 8.8.8.8
B.ipconfig /release
C.nslookup google.com
D.netstat -a
AnswerB

Correct. ipconfig /release releases the current IP lease, and then ipconfig /renew obtains a new one from DHCP.

Why this answer

Option B is correct because the `ipconfig /release` command sends a DHCPRELEASE message to the DHCP server, discarding the current IP address lease. This is followed by `ipconfig /renew` to request a new IP address from the DHCP server, which resolves connectivity issues caused by an incorrect or stale IP configuration.

Exam trap

The trap here is that candidates confuse `ipconfig /release` with `ipconfig /flushdns` or think `ping` can reset network settings, but the question specifically requires a command that releases the current IP address, which only `ipconfig /release` does.

How to eliminate wrong answers

Option A is wrong because `ping 8.8.8.8` tests network connectivity to a remote host but does not release or renew the IP address; it only verifies if the current configuration can reach the internet. Option C is wrong because `nslookup google.com` performs DNS resolution to translate a domain name to an IP address, but it has no effect on the local IP address lease or DHCP process. Option D is wrong because `netstat -a` displays active network connections and listening ports, but it does not interact with DHCP or modify the IP address configuration.

427
MCQmedium

A technician is configuring a new employee's laptop and needs to ensure that only approved applications can run. The company wants to prevent users from installing unauthorized software. Which security control should be implemented?

A.Enable Windows Defender real-time protection.
B.Set the user account as a Standard User.
C.Configure an application whitelist using AppLocker.
D.Disable the Windows Store.
AnswerC

AppLocker enforces a whitelist, allowing only specified applications to run, directly meeting the requirement.

Why this answer

AppLocker is a Windows security feature that allows administrators to create rules that explicitly permit only approved applications to run, effectively blocking all others. This is the correct control for preventing unauthorized software installation because it enforces an application whitelist at the kernel level, overriding user permissions. Standard User accounts or antivirus alone cannot prevent execution of approved-but-unauthorized binaries, making AppLocker the precise solution for this requirement.

Exam trap

CompTIA expects you to recognize that while Standard User accounts limit some installations, AppLocker is the specific control for application whitelisting. The common pitfall is assuming user permissions alone can block all unauthorized software.

How to eliminate wrong answers

Option A is wrong because Windows Defender real-time protection is an antivirus/antimalware solution that detects and blocks malicious software based on signatures and behavior, not a mechanism to restrict execution to only approved applications; it does not prevent a user from running a non-malicious but unauthorized application. Option B is wrong because setting the user account as a Standard User limits system-level changes but does not prevent the user from running any executable they have access to; a standard user can still launch unauthorized applications from their profile or removable media. Option D is wrong because disabling the Windows Store only blocks installation of Store apps, but does not prevent installation or execution of traditional Win32 executables, scripts, or other software from any other source.

428
MCQhard

A technician is asked to install a new accounting application on a user's computer. The user mentions that a coworker told them the software is known to cause conflicts with antivirus programs. What should the technician do?

A.Ignore the user's comment because it is hearsay and proceed with the installation.
B.Research the software's compatibility with the antivirus and test in a sandbox if possible.
C.Disable the antivirus temporarily and install the software.
D.Tell the user that the coworker is mistaken and install the software anyway.
AnswerB

This shows thoroughness and professionalism by validating the concern before proceeding.

Why this answer

Option B is correct because the technician must validate the user's concern through proper research rather than dismissing it. Checking the software's documented compatibility with the specific antivirus program and testing in an isolated sandbox environment prevents potential system instability or security bypasses without risking the production system.

Exam trap

CompTIA often tests the candidate's ability to balance user input with professional verification, trapping those who either dismiss user concerns outright or take risky shortcuts like disabling security software.

How to eliminate wrong answers

Option A is wrong because ignoring the user's comment violates professional due diligence; hearsay can still indicate a real compatibility issue that could cause application crashes or antivirus false positives. Option C is wrong because disabling antivirus temporarily exposes the system to malware during installation and does not resolve the underlying conflict; the software might still malfunction or trigger alerts when antivirus is re-enabled. Option D is wrong because dismissing the coworker's claim without evidence is unprofessional and could lead to a failed installation or system compromise if the conflict is real.

429
MCQeasy

A user reports that their smartphone cannot connect to the office Wi-Fi, but other devices can. The network uses WPA2-Enterprise with PEAP-MSCHAPv2. The technician checks the phone's settings and sees that it is configured for WPA2-PSK. What is the most likely reason for the connection failure?

A.The phone's Wi-Fi antenna is damaged.
B.The phone is using the wrong security protocol.
C.The router's SSID is hidden.
D.The phone's MAC address is filtered.
AnswerB

WPA2-PSK uses a shared key, while WPA2-Enterprise uses 802.1X authentication.

Why this answer

The phone is configured for WPA2-PSK (Pre-Shared Key), but the office network uses WPA2-Enterprise with PEAP-MSCHAPv2. WPA2-Enterprise requires 802.1X authentication with a RADIUS server, using EAP methods like PEAP-MSCHAPv2, while WPA2-PSK uses a single shared passphrase. The mismatch in security protocols prevents the phone from completing the 4-way handshake, causing the connection failure.

Exam trap

CompTIA often tests the distinction between WPA2-PSK and WPA2-Enterprise, trapping candidates who assume all WPA2 configurations are interchangeable or that the issue is a simple connectivity problem like a hidden SSID or MAC filter.

How to eliminate wrong answers

Option A is wrong because a damaged Wi-Fi antenna would prevent connection to any network, not just this specific one, and other devices are connecting successfully. Option C is wrong because a hidden SSID does not affect the security protocol negotiation; the phone would still attempt to connect using the wrong protocol (WPA2-PSK) and fail. Option D is wrong because MAC address filtering would block the phone regardless of the security protocol setting, and the issue is specifically a protocol mismatch, not a MAC-based block.

430
MCQmedium

During a security audit, you discover that a user's workstation has an unauthorized application running. You need to terminate the process immediately from the command line. The process name is 'malware.exe'. Which command should you use?

A.tasklist /FI "IMAGENAME eq malware.exe"
B.taskkill /IM malware.exe /F
C.net stop malware
D.shutdown /r /t 0
AnswerB

Forcefully terminates the specified process.

Why this answer

Option B is correct because the `taskkill` command with the `/IM` (image name) and `/F` (force) flags is the standard Windows CLI method to forcibly terminate a process by its executable name. This directly stops 'malware.exe' without requiring the process ID, making it the appropriate tool for immediate termination during a security incident.

Exam trap

The trap here is that candidates confuse `tasklist` (a listing tool) with `taskkill` (a termination tool), or assume `net stop` can stop any running program, when in fact it only applies to Windows services.

How to eliminate wrong answers

Option A is wrong because `tasklist` only lists running processes and does not terminate them; it is a diagnostic tool, not a termination command. Option C is wrong because `net stop` is used to stop Windows services, not user-mode processes like 'malware.exe'; it would fail unless the malware is registered as a service. Option D is wrong because `shutdown /r /t 0` restarts the entire system, which is an overly disruptive action that does not specifically target the unauthorized process and may allow the malware to persist or re-launch on reboot.

431
MCQeasy

A user reports that after a recent Windows update, their computer now boots to a blue screen with the error 'INACCESSIBLE_BOOT_DEVICE'. They need to get back to work quickly. Which Windows recovery tool should you use first to attempt a repair?

A.System Restore
B.Reset this PC
C.Startup Repair
D.Command Prompt (chkdsk /f)
AnswerC

Startup Repair is designed to fix boot problems like missing or corrupted system files, driver issues, and disk errors. It is the correct first-line tool for this scenario.

Why this answer

The 'INACCESSIBLE_BOOT_DEVICE' error often indicates a driver or disk configuration issue caused by an update. The Startup Repair tool in the Windows Recovery Environment (WinRE) can automatically diagnose and fix common boot problems like this. It is the safest and fastest initial step before trying more invasive methods.

432
MCQeasy

A small business owner wants to ensure that only authorized users can log into their Windows 10 workstations. They need a tool to create and manage user accounts and set password policies. Which administrative tool should you use?

A.Computer Management
B.Local Users and Groups
C.Group Policy Editor
D.Task Scheduler
AnswerB

Local Users and Groups directly allows you to create and manage user accounts and set password policies on a local machine.

Why this answer

Local Users and Groups (lusrmgr.msc) is the snap-in for managing user accounts, groups, and local security policies on a standalone Windows system. It allows creating, modifying, and deleting users and setting password requirements.

433
MCQmedium

A technician is configuring a shared kiosk computer in a library. The requirement is that users must not be able to download files or install software. Which browser security setting should be configured?

A.Disable JavaScript in the browser.
B.Enable the browser's private browsing mode.
C.Set the browser to block all downloads and prompt for a save location.
D.Clear the browser cache and cookies daily.
AnswerC

Blocking downloads prevents users from saving files, which is essential for a kiosk environment.

Why this answer

Option C is correct because blocking all downloads and prompting for a save location prevents users from saving executable files or malicious content to the kiosk, which directly addresses the requirement to prevent file downloads and software installations. This setting is typically found in the browser's security or privacy settings and overrides any user attempt to download files, ensuring that no files are saved to the local system.

Exam trap

CompTIA often tests the misconception that private browsing mode (Option B) provides security against downloads or installations, when in fact it only addresses local privacy, not file-saving restrictions.

How to eliminate wrong answers

Option A is wrong because disabling JavaScript would break many modern websites and web applications, but it does not prevent users from downloading files or installing software; JavaScript is a scripting language for dynamic content, not a download control mechanism. Option B is wrong because enabling private browsing mode only prevents the browser from storing history, cookies, and temporary files locally; it does not block downloads or software installations, as users can still save files to disk. Option D is wrong because clearing the browser cache and cookies daily is a privacy and performance measure, not a security control to block downloads or installations; it does not restrict the user's ability to save files or run executables.

434
MCQmedium

A user reports that their application crashes with an 'Access Denied' error when trying to write to a specific folder. You have verified the user has Full Control NTFS permissions. Which administrative tool should you use to check for any file encryption or compression that might be blocking the write?

A.Computer Management > Shared Folders to view open files.
B.Local Security Policy to check user rights assignments.
C.File Explorer > right-click folder > Properties > Advanced to view encryption and compression attributes.
D.Registry Editor to modify the folder's security descriptor.
AnswerC

Correct. The Advanced Attributes dialog shows whether the folder is encrypted or compressed, which can cause access issues.

Why this answer

Option C is correct because the 'Access Denied' error despite Full Control NTFS permissions indicates a file-level attribute conflict. File encryption (EFS) or compression attributes are stored in the folder's Advanced Attributes dialog, accessible via File Explorer > Properties > Advanced. These attributes can block write access even when NTFS permissions are permissive, as encryption requires the user's EFS certificate and compression changes the file's physical layout.

Exam trap

The trap here is that candidates assume 'Access Denied' always means insufficient NTFS permissions, so they focus on permission tools (like Shared Folders or Security Policy) instead of checking file attributes like encryption or compression that override permission-based access.

How to eliminate wrong answers

Option A is wrong because Computer Management > Shared Folders > Open Files shows which files are currently locked by network sessions, not encryption or compression attributes; it cannot diagnose attribute-based write blocks. Option B is wrong because Local Security Policy manages user rights assignments (e.g., 'Log on locally', 'Shut down the system'), not file-level encryption or compression settings. Option D is wrong because Registry Editor modifies system-wide security descriptors in the registry, not per-folder encryption or compression attributes; folder attributes are stored in the NTFS master file table (MFT), not the registry.

435
MCQhard

A user wants to configure their Windows 10 PC to automatically install driver updates from Windows Update. Which Settings page would you use to change the driver update behavior?

A.Update & Security > Windows Update > Advanced options
B.System > About
C.Devices > AutoPlay
D.Update & Security > Delivery Optimization
AnswerA

Advanced options contains a toggle for 'Receive updates for other Microsoft products' which includes driver updates.

Why this answer

Option A is correct because the setting to control how Windows 10 handles driver updates from Windows Update is located under Update & Security > Windows Update > Advanced options. Here, you can toggle the 'Update drivers automatically' option, which determines whether Windows Update will automatically download and install driver updates for your hardware.

Exam trap

The trap here is that candidates confuse the 'Delivery Optimization' page (which controls update distribution) with the actual driver update toggle, or mistakenly think driver settings are under 'Devices' or 'System' because those pages deal with hardware information.

How to eliminate wrong answers

Option B is wrong because System > About displays basic device specifications (e.g., processor, RAM, device name) and does not contain any settings for driver update behavior. Option C is wrong because Devices > AutoPlay configures default actions for media (e.g., USB drives, CDs) and has no relation to Windows Update or driver installation policies. Option D is wrong because Update & Security > Delivery Optimization manages peer-to-peer update sharing and bandwidth settings for Windows Update downloads, not the behavior of driver update installation.

436
MCQeasy

A customer is frustrated because every time they plug in a USB flash drive, Windows automatically opens the folder and plays any media files. They want to stop this behavior. Which Control Panel tool should you use to change the default action?

A.File Explorer Options
B.AutoPlay
C.Device Manager
D.Default Programs
AnswerB

AutoPlay settings let you configure what happens when you connect devices like USB drives, including disabling automatic playback.

Why this answer

AutoPlay is the Windows Control Panel tool specifically designed to manage the default behavior when removable media like USB flash drives are connected. By configuring AutoPlay, you can set the system to 'Take no action' instead of automatically opening the folder and playing media files. This directly addresses the customer's frustration by stopping the automatic playback and folder opening.

Exam trap

CompTIA often tests the distinction between AutoPlay (which controls automatic actions upon device insertion) and Default Programs (which controls file type associations), leading candidates to mistakenly choose Default Programs because they confuse 'default action for a device' with 'default program for a file extension'.

How to eliminate wrong answers

Option A is wrong because File Explorer Options (formerly Folder Options) manages folder views, search settings, and file associations for browsing, not the automatic actions triggered by connecting removable media. Option C is wrong because Device Manager is used to manage hardware drivers, update firmware, and troubleshoot device conflicts, not to configure software-level default actions for media insertion. Option D is wrong because Default Programs sets which application opens a specific file type (e.g., .mp3 with VLC), but it does not control the system's automatic response when a device is plugged in, which is the role of AutoPlay.

437
MCQeasy

A customer reports that their workstation is running slowly after a recent group policy update. The change log indicates the update added new security settings. What is the most appropriate documentation step for the technician to take after resolving the issue?

A.Note the resolution in the change log and close the ticket.
B.Delete the change log entry to avoid confusion.
C.Send an email to the user explaining the fix.
D.Create a new change request to revert the group policy.
AnswerA

Updating the change log with the resolution is a key part of documentation, ensuring the change history is complete.

Why this answer

Option A is correct because, after resolving the issue, the technician must document the resolution in the change log to maintain an accurate audit trail of changes and their outcomes. This aligns with change management best practices, ensuring that future technicians can see what was done to fix the problem and avoid repeating the same troubleshooting steps. Closing the ticket after documenting the resolution completes the incident management lifecycle.

Exam trap

The trap here is that candidates may confuse the informal step of notifying the user (Option C) with the formal documentation requirement, or they may think that reverting the policy (Option D) is necessary without first verifying that the issue is fully resolved and documented.

How to eliminate wrong answers

Option B is wrong because deleting the change log entry violates change management policy by destroying the audit trail, making it impossible to track what changes were made and why. Option C is wrong because while notifying the user is courteous, it is not the most appropriate documentation step; the primary documentation requirement is updating the formal change log, not sending an informal email. Option D is wrong because creating a new change request to revert the group policy is premature and unnecessary; the issue has already been resolved, and reverting the policy without analysis could reintroduce security vulnerabilities or break other configurations.

438
MCQmedium

During a corporate device deployment, a technician configures an iPhone for a new employee. The employee later reports that they cannot receive emails on the native Mail app, but can access the webmail interface in Safari. What is the most likely misconfiguration?

A.The email account password was entered incorrectly.
B.The outgoing mail server (SMTP) settings are wrong.
C.The incoming mail server settings are incorrect.
D.The device's date and time are set incorrectly.
AnswerC

Incorrect incoming server settings (e.g., wrong hostname or port) will prevent the app from downloading emails, while webmail uses different settings.

Why this answer

The user can access webmail via Safari but cannot receive emails in the native Mail app. This indicates the email account credentials are valid and the network connection is working, but the incoming mail server (POP3/IMAP) settings are misconfigured. Incorrect incoming server hostname, port, or SSL/TLS settings would prevent the Mail app from downloading new messages while leaving webmail unaffected.

Exam trap

The trap here is that candidates confuse incoming and outgoing mail server roles, assuming any email problem must be SMTP-related, when the symptom of being able to send but not receive points directly to the incoming server settings.

How to eliminate wrong answers

Option A is wrong because if the password were incorrect, the user would also be unable to log in to webmail, which they can access successfully. Option B is wrong because incorrect SMTP settings would prevent sending emails, not receiving them; the issue is specifically about not receiving emails. Option D is wrong because incorrect date and time would typically cause SSL/TLS certificate validation failures affecting both sending and receiving, and would also impact webmail access over HTTPS, which is working.

439
MCQmedium

A technician is configuring a new server rack in a shared office space. Which physical security measure should be applied to prevent unauthorized physical access to the servers?

A.Install a door alarm on the office entrance
B.Use rack-mount locks on each server chassis
C.Enable BitLocker on all server drives
D.Configure a strong BIOS password
AnswerB

Rack-mount locks physically prevent the server from being slid out or tampered with, directly securing the hardware.

Why this answer

Option B is correct because rack-mount locks provide a direct physical barrier that prevents unauthorized individuals from opening the server chassis and accessing internal components, such as hard drives, memory, or cables. In a shared office space, this is the most effective measure to deter tampering, theft, or accidental damage at the rack level.

Exam trap

The trap here is that candidates often confuse logical security controls (like BitLocker or BIOS passwords) with physical security controls, failing to recognize that only a physical barrier like a lock prevents direct hardware access.

How to eliminate wrong answers

Option A is wrong because a door alarm on the office entrance only alerts to unauthorized entry into the room but does not prevent direct physical access to the server chassis once inside; it is a perimeter control, not a server-level control. Option C is wrong because BitLocker is a full-disk encryption technology that protects data at rest if a drive is removed, but it does not prevent physical access to the server itself or its components. Option D is wrong because a BIOS password controls boot-level access and prevents unauthorized changes to firmware settings, but it does not prevent someone from physically opening the chassis, removing drives, or tampering with hardware.

440
MCQmedium

A user reports that they cannot access a shared folder on the network, but other users can. The folder is on a Windows 10 Pro workstation. What should you check first to resolve this issue?

A.Check the Windows Defender Firewall settings
B.Check the NTFS permissions on the folder
C.Check the user’s password expiration status
D.Check the User Account Control settings
AnswerB

NTFS permissions can explicitly deny a user, causing access issues for that individual.

Why this answer

Since other users can access the shared folder, the network share and firewall are functioning correctly. The issue is specific to one user, which points to a permission problem at the file system level. NTFS permissions control user-level access to folders, and a misconfigured or missing ACE (Access Control Entry) for that user would prevent access while allowing others.

Checking NTFS permissions is the logical first step because it directly governs per-user access to the resource.

Exam trap

CompTIA A+ often tests the distinction between share-level permissions and NTFS permissions, trapping candidates who assume a firewall or password issue is the cause when the problem is user-specific and the resource is accessible to others.

How to eliminate wrong answers

Option A is wrong because the Windows Defender Firewall applies to all network traffic to the machine; if it were blocking access, no user would be able to reach the shared folder, contradicting the scenario where other users can access it. Option C is wrong because password expiration affects the ability to log into the domain or local account, not the ability to access a specific shared folder once the user is already authenticated and connected to the network. Option D is wrong because User Account Control (UAC) settings control administrative privilege elevation prompts and do not affect standard network file sharing access for authenticated users.

441
MCQhard

After a security incident, a Windows 10 workstation is suspected of having malware that prevents the Task Manager and Command Prompt from opening. You need to run a system scan. Which tool can you use from the Windows Recovery Environment (WinRE) to perform an offline antivirus scan?

A.System File Checker (sfc /scannow /offbootdir=C:\ /offwindir=C:\Windows)
B.Windows Memory Diagnostic
C.Microsoft Defender Offline Scan
D.Diskpart
AnswerC

This offline scan can be initiated from WinRE and uses up-to-date virus definitions to detect and remove malware without loading the infected Windows installation.

Why this answer

Windows Defender Offline (now part of Microsoft Defender Antivirus) can be run from the Windows Recovery Environment to scan for malware without booting the infected OS. This bypasses malware that blocks security tools in the normal Windows environment. It is the appropriate tool for this scenario.

442
MCQmedium

A help desk ticket states that a user cannot write to a shared directory /data/projects. The directory permissions are drwxr-xr-x and the user is in the 'staff' group. The directory's group owner is 'staff'. What is the most likely cause?

A.The user does not have read permission on the directory.
B.The directory lacks group write permission.
C.The user is not the owner of the directory.
D.The sticky bit is set on the directory.
AnswerB

The group has r-x, meaning no write permission; adding group write (chmod g+w) would resolve the issue.

Why this answer

The directory permissions are drwxr-xr-x, which means the owner has read, write, and execute (rwx), the group has read and execute (r-x), and others have read and execute (r-x). Since the user is in the 'staff' group and the directory's group owner is 'staff', the user's effective permissions are the group permissions, which lack write (w). Therefore, the user cannot write to the directory.

Option B correctly identifies that the directory lacks group write permission.

Exam trap

The CompTIA A+ exam often tests the misconception that being a member of the group that owns a directory automatically grants write access, but candidates overlook that the group permissions must explicitly include the write bit (w) for the user to write to the directory.

How to eliminate wrong answers

Option A is wrong because the user has read permission via the group's 'r-x' permissions (the 'r' allows listing contents). Option C is wrong because ownership is not required to write to a directory; group write permission would suffice if present. Option D is wrong because the sticky bit (indicated by a 't' in the execute position) is not set in the displayed permissions (drwxr-xr-x), and even if it were, it restricts deletion of files by non-owners, not the ability to write new files.

443
MCQeasy

A customer reports that their computer is emitting a loud, continuous beep and the monitor shows no display. The technician suspects a hardware issue. What is the most important safety step to take before opening the case?

A.Put on anti-static wrist strap and grounding mat.
B.Unplug the power cord from the wall outlet.
C.Press the power button to discharge residual power.
D.Wear safety goggles to protect eyes from debris.
AnswerB

This is the correct first step to prevent electric shock. It ensures no power is flowing to the components.

Why this answer

The most important safety step before opening a computer case is to unplug the power cord from the wall outlet. This ensures complete disconnection from the AC mains, eliminating the risk of electric shock from exposed internal components, such as the power supply unit (PSU) capacitors, which can hold a dangerous charge even when the system is off. While other steps like wearing an anti-static wrist strap are good practices, they do not address the primary hazard of lethal voltage.

Exam trap

The trap here is that candidates often confuse ESD prevention (anti-static wrist strap) with electrical safety, or they think pressing the power button is a substitute for unplugging the power cord, when in fact the power button discharge step is only safe after the cord is removed.

How to eliminate wrong answers

Option A is wrong because, while an anti-static wrist strap and grounding mat protect against electrostatic discharge (ESD) damage to sensitive components, they do not prevent electric shock from the power supply; the technician could still be electrocuted if the system is plugged in. Option C is wrong because pressing the power button to discharge residual power is a step performed after unplugging the power cord to drain the capacitors, but it is not a safety step that removes the primary AC power hazard; attempting this while the cord is still plugged in can cause arcing or shock. Option D is wrong because safety goggles protect against physical debris like dust or loose screws, but they do not address the immediate electrical safety risk of opening a live system.

444
MCQmedium

A technician is configuring a new Mac mini for a kiosk application. The kiosk should run only a single web browser in full-screen mode, and users should not be able to exit the app or access the desktop. Which macOS feature should be used to enforce this?

A.Enable Guided Access in Accessibility settings
B.Configure a user account with Parental Controls set to allow only the browser app
C.Use the 'Single App Mode' setting in System Settings
D.Set the browser as a Login Item for a standard user
AnswerB

Parental Controls (Screen Time) can limit the user to a single app, and combined with auto-login and the app set as a login item, this approximates kiosk mode.

Why this answer

Option B is correct because macOS Parental Controls (now part of Screen Time) can restrict a standard user account to a single app, such as a web browser. When configured to 'Allow only this app,' the system prevents the user from switching apps, accessing the desktop, or exiting the browser, which is exactly what a kiosk requires.

Exam trap

The trap here is that candidates confuse macOS Parental Controls with iOS Guided Access, or assume a nonexistent 'Single App Mode' setting exists in System Settings, leading them to pick A or C.

How to eliminate wrong answers

Option A is wrong because Guided Access is an iOS/iPadOS feature, not available on macOS; it cannot be used to lock a Mac into a single app. Option C is wrong because 'Single App Mode' is not a setting in macOS System Settings; macOS uses Parental Controls or Managed Apple IDs for this purpose, not a dedicated toggle. Option D is wrong because setting the browser as a Login Item only launches it at login, but does not prevent the user from switching to other apps or accessing the desktop.

445
MCQeasy

A technician is configuring a remote desktop solution for a user who needs to access a Windows 10 Pro workstation from a Linux laptop. Which protocol should the technician ensure is enabled on the Windows machine?

A.VNC
B.RDP
C.SSH
D.Telnet
AnswerB

RDP is built into Windows and can be accessed from Linux using compatible clients.

Why this answer

RDP (Remote Desktop Protocol) is the native protocol used by Windows for remote desktop connections. Windows 10 Pro includes an RDP server that listens on TCP port 3389, allowing clients such as the Microsoft Remote Desktop client on Linux to connect and provide a full graphical desktop experience. The technician must ensure the 'Allow remote connections to this computer' setting is enabled and that the Windows Firewall permits inbound RDP traffic.

Exam trap

CompTIA often tests the distinction between native Windows remote desktop (RDP) and cross-platform or command-line protocols, leading candidates to confuse VNC (which is also graphical but not native to Windows) or SSH (which is secure but not graphical) with the correct answer.

How to eliminate wrong answers

Option A is wrong because VNC (Virtual Network Computing) is a cross-platform remote desktop protocol but is not native to Windows; it requires third-party software on both ends and typically uses RFB (Remote Framebuffer) protocol on port 5900, not the built-in Windows solution. Option C is wrong because SSH (Secure Shell) provides encrypted command-line access and file transfer (using port 22) but does not natively support a full graphical desktop environment on Windows without additional components like X11 forwarding or third-party tools. Option D is wrong because Telnet is an unencrypted, text-only protocol (port 23) that offers no graphical interface and is deprecated due to security vulnerabilities; it is not suitable for remote desktop access.

446
MCQmedium

A user reports that their MacBook Air running macOS Monterey is running slowly and they suspect a startup item is consuming resources. They want to see which applications launch automatically at login and disable unnecessary ones. Which macOS tool should they use?

A.Activity Monitor and sort by CPU usage.
B.System Settings > General > Login Items.
C.Terminal with the 'launchctl list' command.
D.Force Quit Applications window.
AnswerB

This is the correct location to view and manage login items. The user can remove unnecessary applications to speed up the login process and reduce background resource usage.

Why this answer

Option B is correct because macOS Monterey's System Settings (formerly System Preferences) includes a dedicated 'Login Items' pane under General that allows users to view and disable applications that launch automatically at login. This is the intended graphical interface for managing startup items, directly addressing the user's need to identify and disable unnecessary login applications without requiring command-line tools or performance monitors.

Exam trap

CompTIA often tests the distinction between managing login items (System Settings > General > Login Items) and managing background processes (Activity Monitor or launchctl), leading candidates to confuse resource monitoring with startup management.

How to eliminate wrong answers

Option A is wrong because Activity Monitor shows current running processes and CPU usage but does not manage login items; it can help identify resource hogs after they start but cannot disable them from launching at login. Option C is wrong because 'launchctl list' lists launchd jobs (system and user daemons/agents), not the user's login items managed by the Login Items framework; it is a command-line tool for advanced users and does not directly disable login applications. Option D is wrong because the Force Quit Applications window only allows terminating currently running applications, not viewing or disabling startup items.

447
MCQmedium

During a security audit, you find that several employees have been using the same weak password for their domain accounts. Which remediation should you implement first?

A.Disable the user accounts and require a manager to re-enable them
B.Configure a password policy in Group Policy requiring complexity and minimum length
C.Send a company-wide email reminding users to choose strong passwords
D.Install a third-party password manager for all employees
AnswerB

A Group Policy password policy enforces strong passwords domain-wide, preventing future weak passwords.

Why this answer

Option B is correct because the most effective first step to prevent weak passwords is to enforce a strong password policy via Group Policy. This centrally mandates complexity requirements (e.g., uppercase, lowercase, digits, special characters) and a minimum length (typically 8–14 characters), which directly blocks the use of simple, common passwords at the domain level. Unlike awareness campaigns or reactive measures, this technical control proactively enforces security standards across all domain accounts.

Exam trap

CompTIA often tests the distinction between administrative controls (like emails or account disabling) and technical controls (like Group Policy), where candidates mistakenly choose a non-technical, awareness-based option (C) over a policy-enforced technical solution (B).

How to eliminate wrong answers

Option A is wrong because disabling accounts and requiring manager re-enablement is a reactive, disruptive measure that does not address the root cause—employees will likely continue using weak passwords once re-enabled. Option C is wrong because a company-wide email is a non-technical, awareness-only approach that relies on voluntary compliance and does not prevent users from choosing weak passwords; it lacks enforcement. Option D is wrong because installing a third-party password manager, while helpful for password storage and generation, does not enforce a minimum password complexity or length policy on the domain accounts themselves and is a secondary measure, not the first remediation step.

448
MCQhard

A security analyst discovers that a user's workstation has been compromised by a rootkit that hides its processes from Task Manager. The rootkit is not detected by the installed antivirus. Which step is most effective for remediation?

A.Run a full antivirus scan in Safe Mode.
B.Use System Restore to revert to a previous state.
C.Boot from a rescue disk and perform an offline antivirus scan.
D.Reinstall the operating system from the recovery partition.
AnswerC

An offline scan from a rescue disk runs outside the infected OS, preventing the rootkit from hiding and allowing detection.

Why this answer

Option C is correct because a rootkit that hides its processes from Task Manager and evades the installed antivirus operates at a deep level within the operating system, often in kernel mode. Booting from a rescue disk (e.g., a live CD/USB with an offline scanner) loads a clean operating system environment, preventing the rootkit from loading and allowing the antivirus to scan the infected system's files without interference. This offline approach is the most effective remediation step when the rootkit is actively hiding from the installed AV in the normal OS context.

Exam trap

The trap here is that candidates often assume Safe Mode or System Restore can bypass rootkit persistence, but CompTIA tests the understanding that rootkits operate below the OS layer and require a clean, offline environment to be reliably detected and removed.

How to eliminate wrong answers

Option A is wrong because running a full antivirus scan in Safe Mode may still allow some rootkits to load if they hook into kernel drivers that are loaded even in Safe Mode, and the rootkit's evasion techniques can persist, leading to a missed detection. Option B is wrong because System Restore does not remove rootkits; it only reverts system files and registry settings to a previous state, while the rootkit's files and persistence mechanisms (e.g., in boot sectors or kernel drivers) often remain intact and can re-infect the system. Option D is wrong because reinstalling from the recovery partition may not fully remove a rootkit if it has infected the Master Boot Record (MBR) or firmware, as the recovery partition itself could be compromised or the rootkit may persist across a standard reinstall that does not wipe all partitions.

449
MCQmedium

A user needs to connect to a work VPN but cannot find the VPN settings in the network tray. You need to guide them to the correct location to add a VPN connection. Where in Windows Settings would you direct them?

A.Network & Internet > Status
B.Network & Internet > Ethernet
C.Network & Internet > VPN
D.Network & Internet > Proxy
AnswerC

The VPN page allows adding and managing VPN connections.

Why this answer

Option C is correct because the VPN settings in Windows are located under Network & Internet > VPN. This is the dedicated section where users can add, configure, and manage VPN connections, including setting up a new VPN profile with the server address, authentication method, and protocol (e.g., IKEv2, SSTP, or L2TP/IPsec). The network tray only shows existing connections; to add a new VPN, you must navigate to this specific settings page.

Exam trap

The trap here is that candidates may confuse the network tray's quick-access VPN list with the actual settings location, or assume VPN configuration is under Status or Ethernet due to its association with network connectivity, but Windows isolates VPN setup under a dedicated VPN page.

How to eliminate wrong answers

Option A is wrong because Network & Internet > Status displays the current network status, data usage, and network properties, but does not provide options to add or configure VPN connections. Option B is wrong because Network & Internet > Ethernet is used for managing wired Ethernet adapter settings, such as IP configuration and DNS, and has no VPN-related functionality. Option D is wrong because Network & Internet > Proxy is for configuring proxy server settings (e.g., automatic or manual proxy setup), which is unrelated to VPN connection management.

450
MCQmedium

A technician is setting up a new workstation in a cubicle. The user complains of eye strain and glare from the overhead lights. Which environmental adjustment should the technician recommend first?

A.Replace the overhead fluorescent tubes with LED bulbs.
B.Apply a matte screen filter to the monitor.
C.Rotate the monitor 90 degrees so the light hits the side of the screen.
D.Increase the monitor's brightness to overpower the glare.
AnswerC

Positioning the monitor perpendicular to light sources minimizes glare. This is a quick, zero-cost ergonomic adjustment.

Why this answer

Glare from overhead lighting is a common cause of eye strain. The simplest and most effective fix is to reposition the monitor so that the light source is perpendicular to the screen, reducing direct glare.

Page 5

Page 6 of 10

Page 7

All pages

CompTIA A+ Core 2 220-1202 220-1202 Questions 376–450 | Page 6/10 | Courseiva