CompTIA A+ Core 2 220-1202 (220-1202) — Questions 526600

750 questions total · 10pages · All types, answers revealed

Page 7

Page 8 of 10

Page 9
526
MCQhard

A technician is tasked with securing a legacy web application that only supports HTTP, not HTTPS. The application is critical for internal operations but must be accessible remotely. What is the best way to secure the traffic without modifying the application?

A.Install a self-signed SSL certificate on the server.
B.Use a VPN to access the internal network.
C.Enable HTTP Strict Transport Security (HSTS) on the server.
D.Configure the browser to use a proxy server.
AnswerB

A VPN encrypts all traffic between the remote user and the network, securing the legacy HTTP traffic without changing the app.

Why this answer

Option B is correct because a VPN creates an encrypted tunnel between the remote user and the internal network, securing all HTTP traffic without any modification to the legacy application. Since the application only supports HTTP, it cannot serve HTTPS natively, and a VPN provides transport-layer encryption (e.g., IPsec or TLS-based VPN) that protects data in transit over untrusted networks.

Exam trap

A common misconception is that installing a certificate or enabling a security header can magically convert an HTTP-only application to HTTPS, when in fact the application must natively support TLS termination to use those features.

How to eliminate wrong answers

Option A is wrong because installing a self-signed SSL certificate on the server does not enable HTTPS; the application itself must support HTTPS to use the certificate, and a legacy HTTP-only application cannot serve HTTPS without code changes. Option C is wrong because HSTS is an HTTP response header that enforces HTTPS connections from browsers, but it requires the server to already support HTTPS, which this legacy application does not. Option D is wrong because configuring the browser to use a proxy server only redirects traffic through an intermediary; it does not encrypt the traffic between the client and the proxy, leaving the HTTP data exposed on the network.

527
MCQmedium

A company uses a private cloud for its development environment. A developer complains that they cannot deploy a new application because the cloud management portal shows a 'resource quota exceeded' error. The technician checks the cluster and finds that CPU and memory usage are below 50%. What is the most likely cause of the error?

A.The hypervisor is in maintenance mode
B.The storage pool is full
C.The developer's resource allocation quota has been reached
D.The virtual switch is not configured for the developer's VLAN
AnswerC

Quotas limit how many resources a user can consume, regardless of total available capacity. The error indicates the developer hit their personal limit.

Why this answer

The error 'resource quota exceeded' in a cloud management portal is a quota-based restriction, not a physical capacity issue. Since CPU and memory usage are below 50%, the cluster has available resources, but the developer's individual or project-level allocation quota has been reached. This is a common multi-tenant cloud control mechanism to prevent any single user from consuming all resources.

Exam trap

The CompTIA A+ exam often tests the distinction between physical resource exhaustion (e.g., full storage, high CPU) and administrative quota limits, trapping candidates who assume low cluster utilization means no quota issue exists.

How to eliminate wrong answers

Option A is wrong because if the hypervisor were in maintenance mode, VMs would be migrated or unable to start, but the error would typically be 'host unavailable' or 'maintenance in progress', not a resource quota exceeded message. Option B is wrong because the error specifically mentions 'resource quota exceeded', not 'storage full'; a full storage pool would cause write failures or provisioning errors, not a quota limit notification. Option D is wrong because a misconfigured virtual switch or VLAN would result in network connectivity issues (e.g., 'network not reachable'), not a resource quota error in the cloud portal.

528
MCQhard

A security analyst discovers that an attacker has been using a compromised VPN account to access the corporate network. The account belongs to a former employee who was terminated two weeks ago. Which of the following should the analyst do immediately to prevent further unauthorized access?

A.Review the VPN logs to determine the extent of the breach
B.Disable the former employee's VPN account
C.Change the VPN server's shared secret
D.Notify the former employee about the security incident
AnswerB

Disabling the account immediately cuts off the attacker's access, containing the breach.

Why this answer

Disabling the former employee's VPN account immediately stops the attacker from using the compromised credentials to access the corporate network. This is the most direct and effective action to prevent further unauthorized access, as the account is the vector being exploited. Other steps like log review or server reconfiguration are important but secondary to cutting off the active attack path.

Exam trap

The trap here is that candidates often choose to review logs first (Option A) to understand the breach, but the correct priority is immediate containment over forensic analysis in an active security incident.

How to eliminate wrong answers

Option A is wrong because reviewing VPN logs is a forensic step that does not stop ongoing unauthorized access; it should be performed after the immediate threat is neutralized. Option C is wrong because changing the VPN server's shared secret (a pre-shared key used for IPsec or L2TP) would not affect an attacker using a valid user account, as the shared secret is a server-level authentication parameter, not tied to individual user credentials. Option D is wrong because notifying the former employee is irrelevant and potentially dangerous; the account was compromised, and the former employee may be the attacker or unaware, but notification does not prevent further access and could tip off the attacker.

529
MCQhard

A technician needs to configure a Windows 10 computer to use a static IP address of 192.168.1.100 with subnet mask 255.255.255.0 and default gateway 192.168.1.1. Which command-line tool and syntax should be used?

A.netsh interface ip set address "Local Area Connection" static 192.168.1.100 255.255.255.0 192.168.1.1 1
B.ipconfig /setaddress 192.168.1.100
C.netstat -r
D.ping 192.168.1.1
AnswerA

Correctly sets a static IP with subnet mask and gateway.

Why this answer

Option A is correct because the `netsh interface ip set address` command is the proper Windows command-line tool to configure a static IP address, subnet mask, and default gateway. The syntax `"Local Area Connection" static 192.168.1.100 255.255.255.0 192.168.1.1 1` specifies the interface name, the static keyword, the IP address, the subnet mask, the default gateway, and the metric (1), which matches the required configuration.

Exam trap

The trap here is that candidates may confuse `ipconfig` (a display-only tool) with a configuration tool, or assume `netstat` or `ping` can set IP addresses, when only `netsh` provides the correct static IP assignment syntax.

How to eliminate wrong answers

Option B is wrong because `ipconfig` is used to display IP configuration, not to set it; there is no `/setaddress` parameter in `ipconfig`. Option C is wrong because `netstat -r` displays the routing table, not configures IP settings. Option D is wrong because `ping 192.168.1.1` tests connectivity to the gateway but does not configure the IP address.

530
MCQmedium

A technician is setting up a remote desktop solution for a small business with five employees who need to access their office PCs from home. The office uses a dynamic public IP address. Which of the following should the technician configure to ensure reliable remote access without requiring users to remember a changing IP?

A.Set up port forwarding on the router
B.Configure a dynamic DNS (DDNS) service
C.Assign each employee a static IP address on the office network
D.Use a VPN with a static IP assigned by the ISP
AnswerB

DDNS automatically updates a domain name with the current public IP, providing a stable address for remote access.

Why this answer

Option B is correct because a dynamic DNS (DDNS) service maps a fixed hostname (e.g., remote.office.com) to the office’s changing public IP address. The technician configures the router or a client to update the DDNS provider automatically whenever the ISP-assigned IP changes, so employees can always connect using the same hostname without tracking the current IP.

Exam trap

The A+ exam often tests the distinction between internal static IPs (which are irrelevant for public access) and external static IPs (which require ISP involvement), leading candidates to mistakenly choose assigning static IPs on the office network as a solution for a dynamic public IP.

How to eliminate wrong answers

Option A is wrong because port forwarding alone does not solve the problem of a changing public IP; it only directs incoming traffic to a specific internal device, but users would still need to know the current IP address. Option C is wrong because assigning static IPs to employees on the office LAN does not affect the public IP address that remote users connect to; the public IP remains dynamic and still changes. Option D is wrong because a VPN with a static IP assigned by the ISP would require the business to purchase a static IP from the ISP, which is not mentioned in the scenario and is an additional cost; the question asks for a solution that works with the existing dynamic IP.

531
MCQmedium

After deploying a group policy update, several users report that their mapped network drives are missing. You need to force an immediate refresh of group policy settings on a remote workstation without rebooting. Which command should you run?

A.net use
B.gpresult
C.gpupdate /force
D.nslookup
AnswerC

This command forces an immediate policy refresh, applying the new drive mappings without reboot.

Why this answer

The `gpupdate /force` command is correct because it forces an immediate background refresh of all Group Policy settings, including drive maps, on a remote workstation without requiring a reboot. The `/force` switch re-applies all policies, even if they have not changed, which is necessary when users report missing mapped drives after a policy update.

Exam trap

The trap here is that candidates confuse `gpupdate` with `gpresult`, thinking that viewing policy results will also apply the changes, but `gpresult` only displays the current applied policy state without initiating a refresh.

How to eliminate wrong answers

Option A is wrong because `net use` is used to manually connect or disconnect network shares, not to refresh Group Policy settings. Option B is wrong because `gpresult` displays the Resultant Set of Policy (RSoP) for a user or computer, but it does not apply or refresh policies. Option D is wrong because `nslookup` is a DNS query tool used to resolve hostnames to IP addresses, and it has no role in Group Policy processing.

532
MCQmedium

A company deploys a new remote access solution using a VPN concentrator. After setup, users report that they can connect to the VPN but cannot access internal file servers. Other internal resources like email are accessible. Which of the following is the most likely cause?

A.The VPN client is using an incorrect DNS server
B.The file server is not on the same VLAN as the VPN concentrator
C.The VPN concentrator lacks a route to the file server's subnet
D.The users do not have permission to log on locally to the file server
AnswerC

Without a proper route, traffic destined for the file server subnet will not be forwarded correctly, causing access failure.

Why this answer

Option C is correct because the VPN concentrator must have a route to the file server's subnet to forward traffic from VPN clients. Without this route, packets destined for the file server are dropped, while other resources (like email) remain accessible if their subnets are reachable. This is a classic routing issue in remote access VPN deployments.

Exam trap

CompTIA often tests the misconception that VLAN placement or local permissions are the root cause, when the actual issue is a missing route on the VPN concentrator to the specific subnet.

How to eliminate wrong answers

Option A is wrong because an incorrect DNS server would cause name resolution failures for all internal resources, not selectively block file servers while allowing email access. Option B is wrong because VLAN membership is irrelevant for VPN concentrator routing; the concentrator can route to any subnet regardless of VLAN if a route exists. Option D is wrong because local logon permissions are not required for network file access; file server permissions are based on network shares and user credentials, not local logon rights.

533
MCQmedium

A company’s change management policy requires all changes to be approved by the Change Advisory Board (CAB) before implementation. A technician applies an emergency security patch to a critical server without CAB approval because the vulnerability is being actively exploited. What should the technician do after applying the patch?

A.Wait for the next CAB meeting to report the change.
B.Document the change and submit an emergency change request for retroactive approval.
C.Revert the patch and wait for CAB approval.
D.Delete the change log entry to avoid accountability.
AnswerB

This follows the correct procedure for emergency changes: document and seek retroactive approval from the CAB.

Why this answer

Even in emergency changes, documentation and retroactive approval are required. The technician must document the change and notify the CAB as soon as possible to obtain retroactive approval, ensuring compliance with change management policies.

534
MCQhard

A technician is troubleshooting an iPhone that repeatedly prompts for the Apple ID password even after entering it correctly. The device is not connected to any corporate MDM. What is the most likely cause?

A.The device is jailbroken and has a tweak interfering with authentication.
B.The Apple ID password was changed recently and not synced to all services.
C.iCloud Keychain is out of sync and needs to be reset by signing out of iCloud and back in.
D.The device has a hardware fault in the secure enclave.
AnswerC

Keychain sync issues can cause repeated password prompts; signing out and back in refreshes the authentication.

Why this answer

Option C is correct because repeated Apple ID password prompts, even after correct entry, are typically caused by an iCloud Keychain sync conflict. When iCloud Keychain becomes out of sync—often after a password change or device restore—the authentication token chain breaks, forcing the device to re-request the password. Signing out of iCloud and back in resets the local Keychain state and re-establishes a trusted sync relationship with Apple's servers.

Exam trap

CompTIA often tests the misconception that repeated password prompts are always due to a password change or incorrect entry, when in fact iCloud Keychain sync issues are a common cause that requires a sign-out/sign-in cycle to resolve.

How to eliminate wrong answers

Option A is wrong because a jailbroken device with a tweak interfering with authentication would likely cause broader instability or specific app crashes, not a consistent, system-level Apple ID password prompt that persists after correct entry. Option B is wrong because changing the Apple ID password and not syncing to all services would cause authentication failures on services using the old password, not repeated prompts after entering the correct password. Option D is wrong because a hardware fault in the Secure Enclave would manifest as inability to use Touch ID/Face ID or perform cryptographic operations, not as a repeated password prompt that works when entered.

535
MCQeasy

During a software deployment, a technician needs to ensure that a new web application can run in a sandboxed environment to prevent it from accessing other system resources. Which browser feature should be configured?

A.Enable pop-up blocker.
B.Enable private browsing mode.
C.Enable browser sandboxing.
D.Disable JavaScript.
AnswerC

Sandboxing isolates the web application process, preventing it from accessing the system or other tabs, which is exactly what is needed.

Why this answer

Option C is correct because browser sandboxing is a security mechanism that isolates the web application's processes from the rest of the system, preventing it from accessing other system resources such as the file system, registry, or other processes. This is commonly implemented in modern browsers (e.g., Chrome's multi-process architecture with a sandbox layer) to contain potential exploits from a compromised web application.

Exam trap

CompTIA often tests the distinction between privacy features (like private browsing) and security features (like sandboxing), leading candidates to confuse 'preventing local storage of data' with 'preventing system resource access.'

How to eliminate wrong answers

Option A is wrong because enabling a pop-up blocker only prevents unwanted pop-up windows from appearing; it does not restrict the web application's access to system resources or provide any sandboxing. Option B is wrong because private browsing mode (e.g., Incognito in Chrome) only prevents the browser from storing local history, cookies, and form data; it does not isolate the application from the underlying operating system or other system resources. Option D is wrong because disabling JavaScript would break most modern web applications, but it does not create a sandboxed environment; it merely removes a scripting capability, leaving other attack vectors (e.g., HTML, CSS, or plugin exploits) uncontained.

536
MCQmedium

During a network upgrade, a technician needs to run new Ethernet cables through a drop ceiling. What is the most important safety precaution to take?

A.Wear a hard hat to protect against head injuries.
B.Use a non-contact voltage tester to check for live wires.
C.Ensure the area is well-ventilated.
D.Wear anti-static gloves to prevent ESD.
AnswerB

This is the most important precaution. Before running cables, the technician should verify that no live electrical wires are in the path to avoid electrocution.

Why this answer

The most important safety precaution when running cables through a drop ceiling is to use a non-contact voltage tester to check for live wires. Drop ceilings often conceal electrical wiring, and accidentally cutting or damaging a live wire can cause electrocution, fire, or equipment damage. A non-contact voltage tester allows the technician to detect the presence of AC voltage without making physical contact, ensuring the area is safe before handling cables.

Exam trap

CompTIA often tests the distinction between general safety equipment (like hard hats) and task-specific electrical safety tools, so the trap here is that candidates may choose a hard hat as a 'common sense' safety item, overlooking the more critical step of verifying that no live electrical wires are present in the drop ceiling.

How to eliminate wrong answers

Option A is wrong because while a hard hat provides head protection against accidental bumps or falling objects, it is not the most critical precaution when working near electrical hazards in a drop ceiling; the primary risk is electrical shock, not head injury. Option C is wrong because ventilation is not a primary concern when running Ethernet cables through a drop ceiling; the main hazards are electrical and physical, not airborne contaminants or lack of oxygen. Option D is wrong because anti-static gloves are used to prevent electrostatic discharge (ESD) damage to sensitive electronic components, but they do not protect against the immediate life-threatening risk of contact with live electrical wires in a drop ceiling environment.

537
MCQmedium

A user reports that their Windows 10 PC is infected with malware that prevents the Task Manager from opening. You need to terminate a suspicious process from the command line. Which command should you use to forcefully end a process by its name?

A.tasklist /v
B.taskkill /IM malware.exe /F
C.shutdown /r /t 0
D.regedit /e backup.reg
AnswerB

Correct. taskkill /IM terminates the process by image name, and /F forces it to stop.

Why this answer

Option B is correct because the `taskkill` command with the `/IM` (image name) parameter targets a process by its executable name, and the `/F` flag forcefully terminates it. This is the appropriate tool when Task Manager is disabled by malware, as it directly ends the process from the command line without relying on GUI interaction.

Exam trap

The trap here is that candidates may confuse `tasklist` (which only lists processes) with `taskkill` (which terminates them), or mistakenly think `shutdown` or `regedit` can end a single process, leading them to choose a non-terminating command.

How to eliminate wrong answers

Option A is wrong because `tasklist /v` only lists running processes with verbose details (e.g., session name, status) but does not terminate any process. Option C is wrong because `shutdown /r /t 0` initiates an immediate system restart, which does not terminate a specific process; it shuts down the entire OS. Option D is wrong because `regedit /e backup.reg` exports the entire registry to a file; it does not interact with running processes and is used for backup, not process termination.

538
MCQhard

A network administrator is configuring a new wireless network for a hospital that requires the highest level of security for patient data. The network must support 802.1X authentication with smart cards. Which combination of security protocols and authentication methods should be used?

A.WPA2-PSK with PEAP-MSCHAPv2.
B.WPA3-Personal with SAE.
C.WPA2-Enterprise with EAP-TLS.
D.WPA3-Enterprise with EAP-TTLS.
AnswerC

WPA2-Enterprise supports 802.1X, and EAP-TLS uses certificates for mutual authentication, compatible with smart cards.

Why this answer

Option C is correct because WPA2-Enterprise with EAP-TLS provides the highest level of security for a hospital network requiring 802.1X authentication with smart cards. EAP-TLS uses mutual authentication via digital certificates (which can be stored on smart cards), eliminating the risk of credential theft or man-in-the-middle attacks. WPA2-Enterprise is the appropriate underlying encryption framework for this scenario, as it supports the required 802.1X/EAP integration.

Exam trap

The trap here is that candidates often assume WPA3 is always more secure than WPA2, but for enterprise 802.1X with smart cards, WPA2-Enterprise with EAP-TLS is the correct and fully supported combination, while WPA3-Enterprise with EAP-TTLS does not enforce client certificate authentication.

How to eliminate wrong answers

Option A is wrong because WPA2-PSK uses a pre-shared key, which does not support 802.1X authentication or smart cards; PEAP-MSCHAPv2 relies on passwords, not certificates, and is vulnerable to brute-force attacks. Option B is wrong because WPA3-Personal with SAE is designed for password-based authentication in home/small office networks, not for 802.1X enterprise authentication with smart cards. Option D is wrong because while WPA3-Enterprise supports 802.1X, EAP-TTLS typically uses a server-side certificate only and tunnels password-based inner methods (e.g., MSCHAPv2), which does not meet the requirement for smart card (certificate-based) authentication; EAP-TLS is the standard for client certificate authentication.

539
MCQeasy

A user calls the help desk because their workstation is running very slowly and they notice unusual network activity. You suspect ransomware. What should you do first to contain the threat?

A.Run a full antivirus scan on the affected workstation.
B.Disconnect the workstation from the network immediately.
C.Back up all files to an external drive before taking action.
D.Restart the computer and boot into Safe Mode.
AnswerB

Disconnecting the network cable or disabling the wireless adapter stops the ransomware from spreading and communicating externally, containing the incident.

Why this answer

Disconnecting the workstation from the network immediately is the correct first step because ransomware often uses network propagation mechanisms (e.g., SMB, RDP) to encrypt shared drives and spread to other systems. By isolating the machine at the physical or logical layer, you prevent lateral movement and further encryption of network resources, which is the primary containment priority in a suspected ransomware incident.

Exam trap

CompTIA A+ emphasizes that containment (isolation) must precede remediation (scanning, backup, or boot changes) in incident response. The trap here is that candidates mistakenly choose a reactive remediation step like running a scan or backing up files, which can worsen the spread or data loss.

How to eliminate wrong answers

Option A is wrong because running a full antivirus scan on an actively infected system can trigger the ransomware to accelerate encryption or delete files, and it does nothing to stop network propagation. Option C is wrong because backing up files to an external drive risks copying encrypted or infected data, and the act of connecting an external drive could allow the ransomware to encrypt that drive as well. Option D is wrong because restarting the computer and booting into Safe Mode does not disconnect the network interface; the ransomware may still have persistence mechanisms (e.g., scheduled tasks, services) that activate on boot, and the system remains a vector for lateral movement.

540
MCQmedium

A technician is configuring a company-issued Android tablet for a kiosk mode in a retail store. The tablet must only run the store's inventory app and prevent users from accessing other apps or settings. Which built-in Android feature should the technician use?

A.Guest Mode
B.Screen Pinning
C.Developer Options > Force GPU Rendering
D.Do Not Disturb
AnswerB

Screen Pinning locks the device to one app and requires a PIN to unpin, providing the exact kiosk functionality needed.

Why this answer

Screen Pinning is the correct built-in Android feature for kiosk mode because it allows the technician to lock the tablet to a single app (the inventory app) and block access to the home screen, recent apps, notifications, and system settings. When enabled, the user cannot exit the app without entering a PIN or password, which satisfies the requirement of preventing access to other apps or settings.

Exam trap

CompTIA A+ often tests the distinction between user-level restrictions (like Guest Mode) and system-level app locking (Screen Pinning), leading candidates to choose Guest Mode because they confuse limited user access with single-app lockdown.

How to eliminate wrong answers

Option A is wrong because Guest Mode creates a separate user profile with limited access but still allows the user to switch profiles or access other apps within the guest session, so it does not lock the device to a single app. Option C is wrong because Developer Options > Force GPU Rendering is a debugging tool that forces apps to use GPU for 2D drawing, which can improve performance but does not restrict app access or prevent users from leaving the inventory app. Option D is wrong because Do Not Disturb only silences notifications and calls; it does not restrict app usage or prevent the user from navigating to other apps or settings.

541
MCQeasy

A technician is tasked with disposing of several old UPS batteries from a server room. What is the most environmentally responsible method?

A.Place them in the regular dumpster for pickup.
B.Take them to a local battery recycling center.
C.Burn them in an incinerator to recover energy.
D.Store them indefinitely in a sealed container.
AnswerB

This is correct because recycling centers safely extract lead and acid for reuse, minimizing environmental harm.

Why this answer

Option B is correct because UPS batteries contain hazardous materials such as lead and sulfuric acid, which must be handled through specialized recycling processes to prevent environmental contamination. Local battery recycling centers are equipped to safely extract and reuse these materials, complying with regulations like the Resource Conservation and Recovery Act (RCRA) in the U.S.

Exam trap

CompTIA often tests the misconception that 'recycling' is optional or that 'storing indefinitely' is a safe alternative, when in fact proper disposal through certified recycling centers is legally required for hazardous waste like UPS batteries.

How to eliminate wrong answers

Option A is wrong because placing UPS batteries in a regular dumpster violates environmental regulations (e.g., RCRA) and can lead to soil and water contamination from leaked lead and acid. Option C is wrong because burning UPS batteries in an incinerator releases toxic fumes, including lead oxide and sulfur dioxide, and does not safely recover energy due to the hazardous nature of the materials. Option D is wrong because storing batteries indefinitely in a sealed container is not a disposal method and risks eventual leakage, corrosion, and non-compliance with waste management laws.

542
MCQmedium

A technician is configuring a new wireless network for a school. The network must support hundreds of student devices simultaneously and provide strong security. The school wants to use a single SSID with individual logins for students. Which security protocol should the technician choose?

A.WPA2-PSK with a long passphrase.
B.WPA2-Enterprise with 802.1X and RADIUS.
C.WPA3-Enterprise with 192-bit encryption.
D.WPA3-Personal with SAE.
AnswerC

Correct. WPA3-Enterprise provides individual authentication via 802.1X and uses 192-bit encryption, meeting the school's needs for security and scalability.

Why this answer

WPA3-Enterprise with 192-bit encryption is the correct choice because it provides the strongest security for a large-scale deployment with individual logins. It uses 802.1X authentication with a RADIUS server, supporting unique credentials for each student, and mandates 192-bit minimum-strength security suite (CNSA Suite) for encryption, offering enhanced protection against brute-force and dictionary attacks compared to WPA2-Enterprise.

Exam trap

CompTIA A+ emphasizes the distinction between 'Enterprise' and 'Personal' modes. The trap here is that candidates see 'WPA2-Enterprise with 802.1X and RADIUS' and assume it is sufficient for high-security individual logins, overlooking that WPA3-Enterprise with 192-bit encryption is the only option that combines individual authentication with the strongest mandated encryption suite.

How to eliminate wrong answers

Option A is wrong because WPA2-PSK uses a pre-shared key that is shared among all users, making it impossible to provide individual logins and vulnerable to passphrase cracking if the key is compromised. Option B is wrong because while WPA2-Enterprise with 802.1X and RADIUS supports individual logins, it relies on older encryption (CCMP/AES) and is susceptible to KRACK attacks and dictionary attacks on weak EAP methods; it does not mandate the 192-bit security suite required for the highest security. Option D is wrong because WPA3-Personal with SAE (Simultaneous Authentication of Equals) provides strong password-based authentication but still uses a single shared password for the SSID, not individual logins for each student.

543
MCQeasy

A user reports that their Android phone automatically switches from Wi-Fi to cellular data when the Wi-Fi signal is weak, even though they want to stay on Wi-Fi. Which setting should you configure to prevent this behavior?

A.Turn off Bluetooth
B.Disable 'Mobile data always active' in Developer Options
C.Enable Airplane Mode
D.Disable 'Switch to mobile data' in Wi-Fi settings
AnswerD

This setting directly controls the automatic transition to cellular data when Wi-Fi is weak, so disabling it keeps the device on Wi-Fi.

Why this answer

The 'Switch to mobile data' or 'Smart Network Switch' option in Android Wi-Fi settings automatically transitions to cellular when Wi-Fi is weak. Disabling this keeps the device connected to Wi-Fi, addressing the user's complaint. This is a common mobile OS feature for network management.

544
MCQeasy

A technician is setting up a wireless network for a home office. The client is concerned about neighbors accessing their internet. The technician enables WPA2-PSK with a strong passphrase. Which additional step should the technician take to ensure the network is as secure as possible?

A.Enable WPS for easy device pairing.
B.Disable SSID broadcast.
C.Disable WPS on the router.
D.Enable MAC address filtering.
AnswerC

WPS is a common attack vector; disabling it forces attackers to crack the passphrase directly.

Why this answer

WPA2-PSK with a strong passphrase already provides robust encryption, but WPS (Wi-Fi Protected Setup) introduces a significant vulnerability. WPS allows devices to connect via an 8-digit PIN, which can be brute-forced in a matter of hours using tools like Reaver, exposing the network to unauthorized access. Disabling WPS eliminates this attack vector, making the network as secure as possible.

Exam trap

CompTIA often tests the misconception that hiding the SSID or using MAC filtering provides meaningful security, when in reality the WPS vulnerability is a far more critical and exploitable flaw that must be addressed first.

How to eliminate wrong answers

Option A is wrong because enabling WPS, even for convenience, creates a backdoor that bypasses the strong WPA2-PSK passphrase; the WPS PIN can be brute-forced offline, compromising the network. Option B is wrong because disabling SSID broadcast only hides the network name from casual scans, but it does not prevent determined attackers from discovering it using packet sniffers (e.g., Wireshark) or tools like Kismet, and it can actually cause connectivity issues for legitimate clients. Option D is wrong because MAC address filtering is a weak security measure; MAC addresses can be easily spoofed using tools like SMAC or by modifying the network adapter settings, so it provides no real protection against a skilled attacker.

545
MCQhard

A user complains that their virtual machine, which was working fine yesterday, now displays a 'Blue Screen of Death' (BSOD) on startup. The VM is running Windows 10 and is stored on a shared network drive. The host machine is a Windows Server with plenty of resources. What is the most likely cause of this issue?

A.The host machine ran out of memory while the VM was running.
B.The virtual hard disk file became corrupted due to a network error during the last write operation.
C.The VM's guest additions need to be updated.
D.The hypervisor version is incompatible with the VM configuration.
AnswerB

Network storage is vulnerable to corruption if the connection drops during a write, leading to a BSOD on boot.

Why this answer

The most likely cause is corruption of the virtual hard disk (VHD/VHDX) file due to a network error during the last write operation. When a VM is stored on a shared network drive, any interruption in the network connection (e.g., transient packet loss, SMB session timeout) during a write can leave the disk file in an inconsistent state, leading to a BSOD on the next boot as Windows encounters critical file system errors.

Exam trap

CompTIA often tests the misconception that a BSOD is always a driver or memory issue, but in a virtualized environment with network storage, the root cause is frequently file corruption from network instability rather than guest OS software problems.

How to eliminate wrong answers

Option A is wrong because if the host machine ran out of memory while the VM was running, the VM would typically crash or be paused by the hypervisor (e.g., Hyper-V would trigger a 'critical error' state), not cause a BSOD on the next startup; the BSOD is a guest OS issue, not a host resource exhaustion symptom. Option C is wrong because outdated Guest Additions (or Integration Services) can cause performance or driver issues, but they do not prevent the VM from booting or cause a BSOD on startup; the VM would still start, albeit with reduced functionality. Option D is wrong because the hypervisor version incompatibility would prevent the VM from starting at all (e.g., a configuration version mismatch error), not cause a BSOD after the VM has already booted successfully in the past.

546
MCQhard

A healthcare clinic is disposing of 50 hard drives that contained protected health information (PHI). The compliance officer insists on a method that meets HIPAA requirements and provides a certificate of destruction. Which approach should be taken?

A.Overwrite the drives with zeros and reuse them in non-patient areas.
B.Use a degausser and then recycle the drives as scrap metal.
C.Hire a certified e-waste recycler to physically shred the drives and provide a certificate of destruction.
D.Perform a cryptographic erase if the drives support it.
AnswerC

A certified recycler will shred the drives and issue a certificate, meeting HIPAA requirements and providing audit-proof documentation.

Why this answer

Option C is correct because HIPAA requires that PHI on electronic media be rendered permanently unreadable and unrecoverable, and physical destruction (e.g., shredding) is the only method that guarantees this for hard drives. A certified e-waste recycler provides a certificate of destruction, which serves as the required documentation of compliance. Overwriting, degaussing, or cryptographic erase may not be sufficient or verifiable for all drives, especially if they are being disposed of rather than reused.

Exam trap

The A+ exam often tests the misconception that degaussing or cryptographic erase is sufficient for HIPAA disposal, but the key requirement for a certificate of destruction and the need for physical destruction when drives are not being reused makes shredding the only correct answer.

How to eliminate wrong answers

Option A is wrong because overwriting with zeros does not meet HIPAA requirements for disposal of drives containing PHI; it is a sanitization method for reuse, not destruction, and does not provide a certificate of destruction. Option B is wrong because degaussing destroys the magnetic media but does not physically destroy the drive, and many recyclers will not accept degaussed drives as scrap metal without additional processing; more importantly, degaussing alone does not produce a certificate of destruction from a certified recycler. Option D is wrong because cryptographic erase only renders data inaccessible by destroying the encryption key, but the encrypted data remains on the drive and could potentially be recovered if the key is compromised or if the drive is later analyzed; it does not meet the physical destruction requirement for disposal and does not provide a certificate of destruction.

547
MCQeasy

A small business wants to migrate its on-premises file server to a cloud service to reduce hardware maintenance costs. The data must be accessible from any device with an internet connection and should support real-time collaboration. Which cloud service model best meets these requirements?

A.Infrastructure as a Service (IaaS)
B.Platform as a Service (PaaS)
C.Software as a Service (SaaS)
D.Desktop as a Service (DaaS)
AnswerC

SaaS delivers fully managed applications like cloud file storage and collaboration suites, meeting the need for accessibility and real-time collaboration without hardware management.

Why this answer

SaaS (Software as a Service) is the correct choice because it provides a ready-to-use file-sharing and collaboration application (e.g., Microsoft 365 SharePoint, Google Workspace Drive) that is accessed via a web browser or client over the internet. This eliminates the need to manage underlying hardware or platform, directly meeting the requirements for device-agnostic access and real-time collaboration without any infrastructure overhead.

Exam trap

CompTIA often tests the misconception that IaaS is the best choice for any migration away from on-premises hardware, but the trap here is that IaaS still requires the customer to manage the operating system and application stack, whereas SaaS provides a fully managed, collaboration-ready solution that directly meets the access and real-time editing requirements.

How to eliminate wrong answers

Option A is wrong because IaaS (Infrastructure as a Service) provides only virtualized compute, storage, and networking resources (e.g., Amazon EC2, Azure VMs), requiring the business to still deploy, configure, and manage the file server operating system and collaboration software, which does not reduce hardware maintenance costs to the degree needed. Option B is wrong because PaaS (Platform as a Service) offers a runtime environment for custom application development (e.g., AWS Elastic Beanstalk, Google App Engine), not a ready-to-use file server with built-in real-time collaboration features; the business would still need to build or integrate collaboration logic. Option D is wrong because DaaS (Desktop as a Service) delivers virtual desktops (e.g., Windows 365, Amazon WorkSpaces) that require users to connect to a full desktop environment, not a simple file-sharing service, and it does not inherently provide the real-time collaboration capabilities of a SaaS file-sharing application.

548
MCQmedium

A user reports that their Windows 11 computer is infected with ransomware. Files are encrypted and a ransom note is displayed. The user has a backup from two days ago stored on an external drive that was disconnected after the backup. What is the best course of action to recover the data?

A.Pay the ransom to get the decryption key.
B.Disconnect the computer from the network and restore files from the external backup.
C.Run a full antivirus scan to remove the ransomware and then restore files.
D.Use System Restore to revert the system to a previous state.
AnswerB

Disconnecting prevents the ransomware from spreading or communicating, and restoring from an unaffected backup is the best way to recover data without paying.

Why this answer

Since the backup was stored on a disconnected external drive, it is likely not encrypted by the ransomware. The best action is to disconnect the infected computer from the network to prevent further spread, then restore the files from the clean backup.

549
MCQeasy

A company policy requires that all sensitive data stored on laptops must be unreadable if the device is lost or stolen. A technician is tasked with implementing a solution that works transparently for users. Which approach should they take?

A.Enable BitLocker drive encryption on each laptop.
B.Set a BIOS password on each laptop.
C.Implement a folder-level password policy using EFS.
D.Configure a screensaver password with a 1-minute timeout.
AnswerA

BitLocker provides full disk encryption that protects data at rest and works transparently after unlock.

Why this answer

BitLocker drive encryption provides full-disk encryption that operates transparently to the user, automatically encrypting all data on the system drive. If the laptop is lost or stolen, the data remains unreadable without the decryption key, satisfying the policy requirement without requiring user intervention.

Exam trap

CompTIA often tests the distinction between access control (passwords, screen locks) and data-at-rest encryption; the trap here is confusing a screen lock or BIOS password with actual encryption, which does not protect data if the drive is physically removed.

How to eliminate wrong answers

Option B is wrong because a BIOS password only prevents unauthorized booting of the system, but does not encrypt the data on the drive; an attacker could remove the hard drive and access the data directly. Option C is wrong because EFS (Encrypting File System) encrypts individual files or folders, not the entire drive, and it does not work transparently for all users—it requires user-specific certificates and can leave system files or temporary data unencrypted. Option D is wrong because a screensaver password only locks the screen after inactivity, but does not encrypt any data; an attacker could boot from a live USB or remove the drive to read the data.

550
MCQeasy

A user reports that their system is running very slowly, and they see frequent pop-up ads even when no browser is open. They also notice that their default search engine has changed without their permission. Which type of malware is most likely causing these symptoms?

A.Virus
B.Adware
C.Ransomware
D.Rootkit
AnswerB

Adware is known for displaying unwanted advertisements and modifying browser settings, matching the user's symptoms.

Why this answer

Adware is designed to display unwanted advertisements and can modify browser settings, causing pop-ups and search engine hijacking. Unlike a virus or worm, adware does not typically replicate itself or require a host file to spread. The symptoms described—pop-ups outside the browser and unauthorized search engine changes—are classic signs of adware infection.

551
MCQeasy

During a desktop computer deployment, a technician needs to dispose of several used toner cartridges. What is the most environmentally responsible method?

A.Throw them in the regular trash since they are mostly plastic.
B.Recycle them through a certified e-waste recycler or manufacturer take-back program.
C.Burn them in an incinerator to generate energy.
D.Sell them to a scrap metal dealer.
AnswerB

This ensures proper handling of hazardous materials and allows the cartridge to be remanufactured or recycled. It is the recommended method by environmental agencies.

Why this answer

Option B is correct because toner cartridges contain plastic, metal, and residual toner powder, which are hazardous to the environment if landfilled. Certified e-waste recyclers or manufacturer take-back programs ensure proper disassembly, material recovery, and safe disposal of toxic components, complying with regulations like the EPA's Resource Conservation and Recovery Act (RCRA). This method minimizes environmental harm and supports circular economy principles.

Exam trap

The trap here is that candidates assume 'mostly plastic' means safe for regular trash, ignoring that toner powder is a hazardous substance regulated by environmental agencies.

How to eliminate wrong answers

Option A is wrong because throwing toner cartridges in regular trash violates environmental regulations (e.g., RCRA) as residual toner is classified as hazardous waste, and plastics do not biodegrade in landfills. Option C is wrong because burning toner cartridges in an incinerator releases toxic fumes, including dioxins and heavy metals from the toner powder, and is not a standard energy-recovery method for e-waste. Option D is wrong because toner cartridges are not primarily scrap metal; they contain plastic, foam, and toner, making them unsuitable for scrap metal recycling, and a scrap metal dealer would reject them or improperly dispose of non-metal components.

552
MCQeasy

A customer complains that after a recent Windows update, their default web browser keeps resetting to Microsoft Edge. They want to set Google Chrome as the default. Where in the Settings app would you configure this?

A.Apps > Apps & features
B.Personalization > Start
C.Apps > Default apps
D.Update & Security > Windows Update
AnswerC

The Default apps page lets you set defaults for web browser, email, music player, and more.

Why this answer

Option C is correct because the 'Default apps' page under Apps in the Settings app is the specific location where you can change the default web browser from Microsoft Edge to Google Chrome. This setting controls which application handles protocols like HTTP and HTTPS, and it allows you to set Chrome as the default by selecting it from the list of installed browsers.

Exam trap

CompTIA often tests the misconception that 'Apps & features' is the correct location for setting defaults, but candidates must remember that default app configuration is a separate, dedicated section under 'Default apps' within the Apps category.

How to eliminate wrong answers

Option A is wrong because 'Apps & features' is used to manage installed applications (uninstall, modify, or move them) but does not provide any option to set default applications or file associations. Option B is wrong because 'Personalization > Start' controls the appearance and behavior of the Start menu, such as which folders appear and whether to show recently added apps, and has nothing to do with default browser settings. Option D is wrong because 'Update & Security > Windows Update' is solely for managing Windows updates, including checking for, installing, and configuring update settings, and does not include any functionality for configuring default apps.

553
MCQhard

A technician needs to create a new user 'jdoe' with a home directory and set the password in one command. Which command accomplishes this?

A.useradd -m jdoe && passwd jdoe
B.adduser jdoe
C.useradd jdoe && passwd jdoe
D.usermod -m jdoe
AnswerA

This correctly creates the user with a home directory and then prompts to set the password.

Why this answer

Option A is correct because `useradd -m jdoe` creates the user 'jdoe' with a home directory (the `-m` flag ensures the /home/jdoe directory is created), and `&&` chains the `passwd jdoe` command to run only if the user creation succeeds, allowing the password to be set interactively in a single command line. This meets the requirement of creating the user with a home directory and setting the password in one command.

Exam trap

The trap here is that candidates assume `useradd` always creates a home directory or that `adduser` is the standard command, leading them to pick Option B or C without considering the `-m` flag.

How to eliminate wrong answers

Option B is wrong because `adduser` is a Perl script (not a standard Linux command on all distributions) that may create a home directory by default but does not set the password in the same command; it typically prompts for password separately, and on some systems it may not be available. Option C is wrong because `useradd jdoe` without the `-m` flag does not create a home directory by default (the home directory is only created if the system's default settings or the `-m` flag are used), so it fails the requirement to create a home directory. Option D is wrong because `usermod -m jdoe` modifies an existing user's home directory (moving its contents) and does not create a new user or set a password, making it entirely inappropriate for creating a new user.

554
MCQeasy

A company policy requires that all USB flash drives be encrypted before use. A technician needs to configure a new drive for a manager who will store confidential client data. Which built-in Windows tool should the technician use?

A.EFS (Encrypting File System)
B.BitLocker To Go
C.Windows Defender Firewall
D.Device Manager
AnswerB

BitLocker To Go is specifically for encrypting removable drives, providing full-disk encryption with password or smart card authentication.

Why this answer

BitLocker To Go is the correct built-in Windows tool for encrypting removable drives like USB flash drives. It provides full-disk encryption specifically designed for portable storage, ensuring that the confidential client data on the drive is protected if the drive is lost or stolen.

Exam trap

CompTIA often tests the distinction between EFS (file-level encryption) and BitLocker (full-disk encryption), and the trap here is that candidates may confuse EFS with BitLocker To Go because both involve encryption, but EFS cannot encrypt entire removable drives for portable use.

How to eliminate wrong answers

Option A is wrong because EFS (Encrypting File System) encrypts individual files and folders on NTFS volumes, not entire removable drives, and it does not support encrypting USB flash drives for use on other systems without additional configuration. Option C is wrong because Windows Defender Firewall is a network security tool that filters incoming and outgoing traffic based on rules; it does not provide any data-at-rest encryption for storage devices. Option D is wrong because Device Manager is used to manage hardware drivers and device settings, not to perform encryption or security configurations on storage media.

555
MCQmedium

A technician is troubleshooting a Windows 10 system that fails to boot with a 'Bootmgr is missing' error. They need to repair the boot configuration data (BCD) from the Windows Recovery Environment. Which command should they use?

A.bootrec /fixmbr
B.bootrec /fixboot
C.bootrec /rebuildbcd
D.sfc /scannow
AnswerC

This command rebuilds the BCD store, directly fixing the 'Bootmgr is missing' error.

Why this answer

The 'Bootmgr is missing' error indicates that the Boot Configuration Data (BCD) store is corrupted or missing. The `bootrec /rebuildbcd` command scans all disks for Windows installations and allows you to rebuild the BCD store from scratch, which directly resolves this issue. In contrast, `bootrec /fixmbr` and `bootrec /fixboot` repair the master boot record and boot sector, respectively, but do not rebuild the BCD store.

Exam trap

The trap here is that candidates often confuse `bootrec /fixboot` with repairing the boot configuration data, but `fixboot` only repairs the boot sector, not the BCD store, which is the actual cause of the 'Bootmgr is missing' error.

How to eliminate wrong answers

Option A is wrong because `bootrec /fixmbr` rewrites the master boot record (MBR) to the system partition, which addresses boot sector corruption but does not repair the BCD store. Option B is wrong because `bootrec /fixboot` writes a new boot sector to the system partition, which fixes boot sector issues but does not rebuild the BCD store. Option D is wrong because `sfc /scannow` checks and repairs system file integrity, but it does not operate on the BCD store or boot configuration data.

556
MCQmedium

During a security incident investigation, a technician finds that an attacker called the help desk, pretended to be a new employee who forgot their password, and successfully reset it. The attacker knew the employee's name and department. Which social engineering technique was used?

A.Phishing
B.Pretexting
C.Tailgating
D.Shoulder surfing
AnswerB

Pretexting is the correct term, as the attacker created a false identity and scenario to gain the help desk's trust.

Why this answer

Pretexting is a social engineering technique where the attacker fabricates a scenario (pretext) to manipulate a target into performing an action. In this case, the attacker called the help desk, assumed the identity of a new employee, and used the known details (name and department) to create a believable story, convincing the help desk to reset the password. This relies on psychological manipulation rather than technical exploitation.

Exam trap

CompTIA often tests the distinction between pretexting and phishing by emphasizing that pretexting involves direct impersonation and a fabricated scenario (often via phone or in person), while phishing relies on electronic communication like email or text messages.

How to eliminate wrong answers

Option A (Phishing) is wrong because phishing involves sending deceptive emails or messages that trick users into revealing sensitive information or clicking malicious links, not directly calling and impersonating someone to reset a password. Option C (Tailgating) is wrong because tailgating is a physical security breach where an unauthorized person follows an authorized individual into a restricted area without proper authentication, not a phone-based impersonation. Option D (Shoulder surfing) is wrong because shoulder surfing involves directly observing someone's screen or keyboard to steal information like passwords, not fabricating a story over the phone.

557
MCQmedium

During a security audit, a technician notices that an unauthorized person is standing just behind an employee at the secure door, waiting for the employee to badge in so they can enter without badging themselves. What type of social engineering attack is being attempted?

A.Pretexting
B.Baiting
C.Tailgating
D.Phishing
AnswerC

Tailgating is when an unauthorized person gains access by closely following an authorized person through a secure entry point. This is exactly what is described.

Why this answer

Tailgating (also known as piggybacking) is a physical social engineering attack where an unauthorized person follows an authorized individual into a secured area without using their own credentials. In this scenario, the attacker waits for the employee to badge in and then slips through the door before it closes, bypassing the access control system. This exploits the trust or politeness of the employee and the physical security gap between the door closing and the authentication check.

Exam trap

CompTIA often tests the distinction between tailgating and pretexting, where candidates mistakenly choose pretexting because they think the attacker is 'pretending' to be authorized, but the key difference is that tailgating requires no verbal deception—just physical proximity and timing.

How to eliminate wrong answers

Option A is wrong because pretexting involves fabricating a false identity or scenario to trick a victim into divulging information or performing an action, not physically following someone through a door. Option B is wrong because baiting relies on offering something enticing (e.g., a free USB drive or download) to lure the victim into a trap, not exploiting physical proximity at a secure door. Option D is wrong because phishing is a digital attack using deceptive emails, messages, or websites to steal credentials or install malware, not a physical entry technique.

558
MCQeasy

A technician is writing a batch script to automate the installation of a software package on multiple Windows workstations. The script needs to check if the software is already installed before attempting installation. Which scripting construct should the technician use?

A.A for loop
B.An if statement
C.A variable
D.A while loop
AnswerB

Correct. An if statement evaluates a condition (e.g., 'if exist C:\Program Files\Software\app.exe') and conditionally runs the installation command.

Why this answer

This tests knowledge of conditional logic in scripting. An 'if' statement allows the script to check a condition (e.g., existence of a registry key or file) and execute code only if the condition is true or false. Loops are for repetition, and variables store data, not control flow.

559
MCQeasy

A user reports that their virtual machine, which is used for testing software, suddenly lost network connectivity. The host machine is connected to the internet and can browse websites. The VM is configured with a bridged network adapter. What is the most likely cause of this issue?

A.The host's firewall is blocking the VM's network traffic.
B.The VM's DHCP lease has expired and it failed to obtain a new IP address.
C.The virtual switch on the host has been disabled.
D.The VM's operating system is corrupted.
AnswerB

Bridged networking relies on DHCP; an expired lease without renewal causes loss of network access.

Why this answer

In a bridged network configuration, the VM obtains its IP address directly from the same DHCP server as the host (e.g., the home router). If the DHCP lease expires and the VM fails to renew it (due to a network hiccup, DHCP server overload, or misconfigured lease time), the VM will lose its IP address and network connectivity, while the host remains unaffected because it maintains its own active lease. This is the most common cause of isolated VM connectivity loss in a bridged setup.

Exam trap

CompTIA A+ exams often test the misconception that a bridged adapter shares the host's IP address; candidates incorrectly assume the VM inherits the host's connectivity, but in reality, the VM must obtain its own IP via DHCP, and a lease expiration can cause a silent disconnect while the host remains online.

How to eliminate wrong answers

Option A is wrong because a host firewall typically filters traffic based on IP addresses or ports, but since the VM uses a bridged adapter, it appears as a separate device on the network; the host firewall does not inherently block the VM's traffic unless explicitly configured to do so, and the question states the host is connected and browsing, making a host firewall block unlikely. Option C is wrong because if the virtual switch on the host were disabled, the host itself would likely lose network connectivity or the VM would not even start, but the host is working fine; the virtual switch is a software component that remains active as long as the hypervisor is running. Option D is wrong because a corrupted OS would typically cause boot failures, crashes, or application errors, not a sudden, isolated loss of network connectivity while the VM remains running; network stack corruption is possible but far less common than a DHCP lease issue.

560
MCQmedium

A help desk technician receives a complaint that a user’s custom software application stopped working after a Windows update was installed automatically overnight. The technician checks the system and finds the update is not in the approved change log. What should the technician do next?

A.Reinstall the custom application immediately
B.Roll back the Windows update and document the incident
C.Leave the update in place and submit a new change request for the application
D.Disable Windows Update on the workstation permanently
AnswerB

Rolling back the update restores the previous working state, and documentation helps prevent future unauthorized updates.

Why this answer

Option B is correct because the update was installed without authorization (not in the approved change log), violating change management policy. The technician should immediately roll back the update to restore application functionality and then document the incident to ensure proper change control procedures are followed. This aligns with the CompTIA A+ change management process: identify the unauthorized change, reverse it, and report it.

Exam trap

The trap here is that candidates may think restoring functionality (Option A) or preventing future updates (Option D) is the priority, but CompTIA emphasizes that following change management documentation and incident reporting is the correct first step, not just fixing the symptom.

How to eliminate wrong answers

Option A is wrong because reinstalling the custom application does not address the root cause (the unauthorized Windows update) and may waste time if the update breaks the application again. Option C is wrong because leaving an unauthorized update in place bypasses change management controls and could cause further instability; a new change request should be submitted before, not after, the change is applied. Option D is wrong because permanently disabling Windows Update leaves the system vulnerable to security patches and is an overreaction; the proper response is to manage updates through an approved change process, not disable the service entirely.

561
MCQhard

A technician is investigating a privilege escalation vulnerability. They need to list all files in /usr/bin that have the SUID or SGID bit set and are owned by root. Which single command will achieve this?

A.find /usr/bin -user root -perm -6000
B.find /usr/bin -user root -perm 4000 -o -perm 2000
C.ls -la /usr/bin | grep '^...s'
D.find /usr/bin -user root -perm /6000
AnswerD

This correctly uses the / prefix to match files with either SUID or SGID bit set, and filters by owner root.

Why this answer

Option D is correct because the `find` command with `-perm /6000` matches files where either the SUID (4000) or SGID (2000) bit is set, combined with `-user root` to restrict results to files owned by root. The `/` prefix in the permission mask tells `find` to match any of the specified bits, making it the precise single command for this task.

Exam trap

CompTIA often tests the distinction between `-perm -mode` (all bits must match) and `-perm /mode` (any bit can match), and candidates frequently confuse the minus sign with the forward slash, leading them to pick Option A.

How to eliminate wrong answers

Option A is wrong because `-perm -6000` uses a minus sign, which requires all bits in 6000 (both SUID and SGID) to be set simultaneously, not just one of them; this would miss files with only SUID or only SGID. Option B is wrong because it uses `-o` (OR) without grouping parentheses, causing the `-user root` condition to apply only to the first expression, so it would list files with SGID set regardless of owner. Option C is wrong because `ls -la | grep '^...s'` only matches files with SUID set (the 's' in the owner execute position) and misses files with only SGID set (where the 's' appears in the group execute position), plus it relies on parsing `ls` output which is fragile and not recommended for scripting.

562
MCQhard

A technician needs to deploy a custom Windows 10 image to 50 identical workstations. The image must include specific drivers, applications, and settings. Which tool should the technician use to create and manage the deployment image?

A.System Preparation Tool (Sysprep)
B.Deployment Image Servicing and Management (DISM)
C.Windows Preinstallation Environment (Windows PE)
D.Windows Assessment and Deployment Kit (Windows ADK)
AnswerA

Sysprep generalizes the Windows installation by removing system-specific data, making the image ready for deployment on multiple computers.

Why this answer

System Preparation Tool (Sysprep) is used to generalize a Windows installation so it can be imaged and deployed to multiple computers. DISM is used to capture and apply images, but Sysprep is required to prepare the OS for imaging. Windows PE is a minimal OS for deployment tasks, not for creating the image.

Windows ADK includes deployment tools but Sysprep is the specific tool for image preparation.

563
MCQmedium

A technician is troubleshooting a PowerShell script that collects system information and writes it to a log file. The script runs without errors but the log file is empty. The script uses Out-File to write data. What is the most likely issue?

A.The script is not running with administrative privileges.
B.The Out-File cmdlet is misspelled.
C.The command before Out-File does not produce any output.
D.The log file path contains a forward slash instead of a backslash.
AnswerC

If the command returns nothing, Out-File writes an empty file.

Why this answer

If a PowerShell command does not produce output, piping it to Out-File will result in an empty file. The issue is that the command used does not generate any output.

564
MCQhard

A user reports that their Windows 11 laptop's search bar is not returning results for local files, though web searches work. You suspect the indexing service is not running or the index is corrupted. Which tool should you use to rebuild the search index?

A.Services.msc
B.Indexing Options in Control Panel
C.Task Manager
D.Windows Settings > Privacy & security > Searching Windows
AnswerB

Indexing Options provides an 'Advanced' button with a 'Rebuild' option to recreate the search index from scratch.

Why this answer

The Indexing Options control panel (accessible via Control Panel or by searching 'indexing options') provides a direct interface to manage the Windows Search index, including the ability to rebuild it. Rebuilding the index is the appropriate fix when the index is corrupted or not functioning, as it forces Windows to re-scan all indexed locations and create a fresh index database, resolving issues where local file searches fail but web searches (which do not rely on the local index) still work.

Exam trap

The trap here is that candidates confuse the 'Searching Windows' settings in the modern Windows Settings app (which controls privacy and cloud search options) with the legacy Indexing Options control panel that actually contains the rebuild function.

How to eliminate wrong answers

Option A is wrong because Services.msc allows you to start, stop, or restart the Windows Search service, but it does not provide a direct option to rebuild the search index; rebuilding requires the Indexing Options interface. Option C is wrong because Task Manager is used to manage running processes, monitor performance, and start/stop applications, but it has no capability to manage or rebuild the search index. Option D is wrong because Windows Settings > Privacy & security > Searching Windows controls privacy-related search settings (e.g., whether to include cloud content or history), but it does not include a rebuild option for the local search index; the rebuild function is exclusively in the legacy Indexing Options control panel.

565
MCQeasy

A customer calls saying their home Wi-Fi network suddenly stopped working after they changed the router's security mode from WPA2-PSK to WPA2-Enterprise. All their devices previously connected fine. What is the most likely cause of the problem?

A.The router's firmware is outdated.
B.The devices do not support the new encryption cipher.
C.The router is now requiring a username and password from a RADIUS server, which the home network lacks.
D.The SSID was changed during the configuration.
AnswerC

WPA2-Enterprise relies on 802.1X authentication with a RADIUS server; home networks typically do not have this infrastructure, so devices cannot authenticate.

Why this answer

WPA2-Enterprise uses 802.1X authentication, which requires a RADIUS server to validate credentials (username and password). Home routers typically lack a built-in RADIUS server, so after changing to WPA2-Enterprise, the router cannot authenticate any client, causing all devices to fail to connect. The previous WPA2-PSK mode used a simple pre-shared key, which worked without any external server.

Exam trap

In the CompTIA A+ exam, it's important to distinguish between WPA2-PSK (pre-shared key, no server) and WPA2-Enterprise (requires a RADIUS/AAA server). The trap here is that candidates may assume all WPA2 modes work identically or blame encryption cipher support instead of the missing authentication infrastructure.

How to eliminate wrong answers

Option A is wrong because an outdated firmware would not cause a sudden failure immediately after changing the security mode; the issue is directly tied to the authentication method change, not firmware version. Option B is wrong because WPA2-Enterprise can use the same encryption ciphers (AES/CCMP) as WPA2-PSK; device support for the cipher is not the problem—the problem is the missing authentication server. Option D is wrong because the SSID was not changed according to the question; the customer only changed the security mode, and an SSID change would cause devices to not see the network, not fail authentication.

566
MCQmedium

A technician receives a ticket from a user who says their email is 'broken.' Upon investigation, the technician finds that the user's mailbox is full. The user is known for being confrontational. Which response best demonstrates professionalism?

A."Your mailbox is full. Delete some emails and empty your trash. Let me know if that fixes it."
B."This is a common issue when people don't manage their inbox. Please clean it up."
C."I'll increase your mailbox quota so you don't have to delete anything."
D."Your email isn't broken; you just have too many messages."
AnswerA

This is direct, clear, and gives a specific action. It does not blame the user and remains professional.

Why this answer

Option A is correct because it directly addresses the root cause (full mailbox) with a clear, actionable solution (delete emails and empty trash) while maintaining a neutral, professional tone. The technician avoids blaming the user or escalating the situation, which is critical when dealing with a confrontational user. This response focuses on resolving the issue without unnecessary commentary, aligning with CompTIA's emphasis on professionalism and effective communication.

Exam trap

CompTIA often tests the trap of choosing a technically expedient solution (like increasing quota) over a professional communication approach, leading candidates to overlook the importance of de-escalating a confrontational user by providing a clear, non-judgmental resolution.

How to eliminate wrong answers

Option B is wrong because it includes a judgmental phrase ('people don't manage their inbox') that can be perceived as condescending, which may provoke a confrontational user and violates professional communication standards. Option C is wrong because increasing the mailbox quota without addressing the underlying storage issue is a temporary workaround that could lead to future problems (e.g., exceeding server limits or violating organizational email retention policies), and it fails to educate the user on proper mailbox management. Option D is wrong because it dismisses the user's concern by stating 'your email isn't broken,' which invalidates their experience and can escalate tension; the technician should acknowledge the issue while explaining the cause professionally.

567
MCQhard

A company's cloud-based CRM application is experiencing intermittent outages. The IT team suspects a distributed denial-of-service (DDoS) attack. Which cloud characteristic is most directly impacted by such an attack?

A.On-demand self-service
B.Broad network access
C.Availability
D.Resource pooling
AnswerC

Availability ensures that cloud services are accessible when needed. A DDoS attack specifically aims to deny availability by overwhelming the service.

Why this answer

A DDoS attack floods the CRM application with malicious traffic, overwhelming its resources and causing service disruption. This directly impacts the cloud characteristic of availability, which ensures that services remain accessible to authorized users when needed. In cloud computing, availability is often measured by uptime percentages and is critical for business continuity.

Exam trap

CompTIA A+ often tests the distinction between availability and other cloud characteristics, and the trap here is that candidates confuse 'broad network access' (which involves network connectivity) with 'availability' (which is about service uptime and accessibility), leading them to incorrectly select Option B.

How to eliminate wrong answers

Option A is wrong because on-demand self-service refers to a user's ability to provision computing resources automatically without human interaction, which is not directly affected by a DDoS attack. Option B is wrong because broad network access describes the ability to access cloud services over standard network protocols (e.g., HTTP/HTTPS) from various devices, and while the attack uses the network, it does not directly impact this characteristic. Option D is wrong because resource pooling involves the provider's ability to serve multiple customers from shared physical resources using multi-tenancy, which is a cost-efficiency model, not a measure of service accessibility.

568
MCQeasy

A small business owner reports that after upgrading their wireless router to a newer model, several older laptops running Windows 7 can no longer connect to the Wi-Fi network. The new router is configured to use WPA3. What is the most likely reason for the connection failures?

A.The laptops have outdated wireless drivers that do not support WPA3.
B.The router's firewall is blocking the older laptops' MAC addresses.
C.The laptops are using an incompatible encryption cipher like TKIP.
D.The router's SSID is hidden, and the laptops cannot discover it.
AnswerA

Correct. Older Windows 7 laptops typically lack WPA3 support in both drivers and OS, making them unable to authenticate with a WPA3-only network.

Why this answer

WPA3 is a newer security protocol that requires both the router and the client device to support it. Older laptops running Windows 7 typically have wireless network adapters and drivers that were designed before WPA3 was standardized (2018), so they only support WPA2 or earlier protocols. Without updated drivers that include WPA3 support, these laptops cannot authenticate with the router, causing the connection failures.

Exam trap

Cisco often tests the misconception that encryption ciphers (like TKIP) are the primary cause of incompatibility, when in fact the core issue is the security protocol version (WPA3 vs. WPA2) and the driver's lack of support for the new authentication handshake.

How to eliminate wrong answers

Option B is wrong because MAC address filtering is a separate feature from security protocol support; if the router's firewall were blocking MAC addresses, the laptops would not even see the network or would be explicitly denied, but the issue is specifically about authentication after the upgrade to WPA3. Option C is wrong because TKIP is an encryption cipher used with WPA and WPA2, not WPA3; WPA3 uses AES-CCMP or GCMP-256, and while older laptops might use TKIP with WPA2, the core incompatibility here is the protocol version itself, not the cipher. Option D is wrong because a hidden SSID does not prevent a client from connecting if the SSID is manually entered; the problem is the authentication handshake failure due to WPA3 incompatibility, not network discovery.

569
MCQhard

After a failed Windows Update, a Windows 10 system repeatedly attempts to install the update and fails. You need to stop the Windows Update service and delete the temporary update files from the command line. Which two commands, in order, should you use? (Select the first command from the options.)

A.net stop wuauserv
B.sfc /scannow
C.dism /online /cleanup-image /restorehealth
D.taskkill /IM svchost.exe /F
AnswerA

Correct. net stop wuauserv stops the Windows Update service, allowing deletion of its temporary files.

Why this answer

The correct first command is 'net stop wuauserv' because it stops the Windows Update service (wuauserv), which prevents the system from continuing to attempt the failed update installation. After stopping the service, you can then delete the temporary update files from the SoftwareDistribution folder using commands like 'del /f /s /q %systemroot%\SoftwareDistribution\*' or 'rmdir /s /q %systemroot%\SoftwareDistribution'. This two-step process is the standard method to clear a stuck update state.

Exam trap

CompTIA often tests the misconception that 'taskkill /IM svchost.exe /F' is a valid way to stop the Windows Update service, but this command kills all svchost instances indiscriminately, which can crash other critical services and is not the proper method for safely stopping a specific service.

How to eliminate wrong answers

Option B is wrong because 'sfc /scannow' scans and repairs protected system files, but it does not stop the Windows Update service or delete temporary update files; it addresses file corruption, not update stuck states. Option C is wrong because 'dism /online /cleanup-image /restorehealth' repairs the Windows system image and component store corruption, but it does not stop the update service or remove the temporary update files that cause repeated failed attempts. Option D is wrong because 'taskkill /IM svchost.exe /F' forcefully terminates all svchost.exe processes, which would crash critical system services including the Windows Update service, but it is a brute-force method that can destabilize the system and does not safely stop the service or clean up the temporary files.

570
MCQhard

A user reports that their computer is infected with a virus that has encrypted all their personal files and left a text file with instructions to pay a ransom. The technician has verified the infection is ransomware. The company has a backup policy. What is the best course of action to recover the data?

A.Pay the ransom and hope the decryption key is provided.
B.Use a ransomware decryption tool from a reputable source.
C.Restore the files from a recent backup after removing the malware.
D.Reinstall the operating system and hope the files become accessible.
AnswerC

Restoring from backup is the most reliable way to recover data without paying the ransom.

Why this answer

Option C is correct because the company has a backup policy, meaning a recent, clean backup should exist. Restoring from backup after removing the ransomware ensures data recovery without paying criminals or relying on unreliable decryption tools. This aligns with best practices for ransomware incidents: isolate, remove, then restore from verified backups.

Exam trap

CompTIA often tests the misconception that paying the ransom or using a decryption tool is a viable recovery method, when the correct answer is always to restore from a known-good backup after malware removal.

How to eliminate wrong answers

Option A is wrong because paying the ransom does not guarantee the decryption key will be provided; attackers often take the money and disappear, and paying funds further criminal activity. Option B is wrong because ransomware decryption tools from reputable sources are only effective for specific, known ransomware variants; the infection could use a unique or custom encryption algorithm, making such tools useless. Option D is wrong because reinstalling the operating system only wipes the system drive; it does not decrypt or recover the encrypted personal files, which remain encrypted on the storage media.

571
MCQmedium

A technician is troubleshooting a VM that fails to boot with the error 'Operating system not found'. The VM was working yesterday. The technician checks the virtual machine settings and sees that the virtual hard disk is attached to the IDE controller. What should the technician do first?

A.Reattach the virtual hard disk to the SCSI controller
B.Check the VM's boot order in the BIOS and ensure the virtual hard disk is first
C.Increase the VM's memory allocation
D.Restore the VM from a recent snapshot
AnswerB

The boot order may have been changed accidentally, causing the VM to try booting from another device that has no OS.

Why this answer

The error 'Operating system not found' indicates that the VM is attempting to boot from a device that does not contain a bootable operating system. Since the VM was working yesterday, the most likely cause is that the boot order in the VM's BIOS has been changed or reset, causing it to try booting from a non-bootable device (e.g., network or CD-ROM) before the virtual hard disk. Checking and correcting the boot order in the BIOS to prioritize the virtual hard disk is the logical first step before making configuration changes.

Exam trap

The trap here is that candidates assume the IDE controller is the problem and immediately try to change it to SCSI, but the error is actually caused by the boot order, not the storage controller type.

How to eliminate wrong answers

Option A is wrong because reattaching the virtual hard disk to the SCSI controller is unnecessary; the IDE controller is fully capable of booting a VM, and the error is not caused by the controller type. Option C is wrong because increasing memory allocation addresses performance or out-of-memory issues, not boot failures related to missing operating system detection. Option D is wrong because restoring from a snapshot should be a last resort after simpler checks like boot order, as snapshots can cause data loss and the issue may be a simple configuration change.

572
MCQmedium

A user on a Windows 10 Pro workstation complains that they cannot change their desktop background or theme, and several personalization settings are grayed out. The computer is not joined to a domain. Which Group Policy or local policy setting is most likely causing this restriction?

A.The 'Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands' policy.
B.The 'Prohibit access to Control Panel and PC settings' policy.
C.The 'Prevent changing desktop background' policy.
D.The 'Turn off all Windows Spotlight features' policy.
AnswerC

This policy specifically disables the ability to change the desktop background and related personalization options.

Why this answer

The Local Group Policy Editor (gpedit.msc) can enforce user restrictions. The specific policy 'Prevent changing desktop background' under User Configuration > Administrative Templates > Control Panel > Personalization would cause this symptom. The other options are either not specific to personalization or affect different settings.

573
MCQmedium

A technician is troubleshooting a Windows 11 computer that fails to boot with a 'Bootmgr is missing' error. They have a Windows installation USB. Which tool from the Windows Recovery Environment should they use to repair the boot configuration data (BCD)?

A.System File Checker (sfc /scannow)
B.Bootrec (bootrec /rebuildbcd)
C.DISM (DISM /Online /Cleanup-Image /RestoreHealth)
D.Diskpart (diskpart /s script.txt)
AnswerB

Bootrec is specifically designed to repair boot-related issues, including rebuilding the BCD store.

Why this answer

The 'Bootmgr is missing' error indicates that the Boot Configuration Data (BCD) store is corrupted or missing. The `bootrec /rebuildbcd` command scans all disks for Windows installations and rebuilds the BCD store from scratch, directly addressing the missing or corrupted boot configuration. This is the correct tool in the Windows Recovery Environment for repairing BCD issues.

Exam trap

The trap here is that candidates confuse `bootrec /rebuildbcd` with `sfc /scannow` or `DISM`, thinking any 'repair' tool can fix boot issues, but only `bootrec` specifically targets the BCD store required for the boot manager to locate the Windows loader.

How to eliminate wrong answers

Option A is wrong because System File Checker (sfc /scannow) repairs corrupted system files, not the boot configuration data (BCD) store; it operates on protected system files like DLLs and executables, not boot manager metadata. Option C is wrong because DISM /Online /Cleanup-Image /RestoreHealth repairs the Windows image (component store) for servicing issues, such as corruption in the system files used by Windows Update, and does not interact with the BCD store or boot sector. Option D is wrong because Diskpart is a disk partitioning tool used to manage volumes and partitions (e.g., create, delete, format), not to repair boot configuration data; running a script with `diskpart /s script.txt` would execute partition commands, not fix the BCD.

574
MCQeasy

After installing a new application, a user's Windows 10 system fails to boot and displays a 'Bootmgr is missing' error. Which command-line tool should you use from the Windows Recovery Environment to repair the boot configuration?

A.diskpart
B.bootrec
C.sfc /scannow
D.chkdsk /f
AnswerB

Correct. bootrec with /fixboot or /rebuildbcd repairs the boot configuration data (BCD) and fixes boot manager issues.

Why this answer

The 'Bootmgr is missing' error indicates that the Boot Manager (bootmgr) is corrupted or the Boot Configuration Data (BCD) is damaged. The bootrec command, specifically with the /FixBoot, /FixMbr, and /RebuildBcd switches, is designed to repair the boot configuration and restore the boot manager from the Windows Recovery Environment.

Exam trap

CompTIA often tests the distinction between file system repair (chkdsk) and boot configuration repair (bootrec), leading candidates to mistakenly choose chkdsk when the error is clearly a boot manager issue.

How to eliminate wrong answers

Option A is wrong because diskpart is a disk partitioning tool used to manage volumes and partitions, not to repair boot configuration files. Option C is wrong because sfc /scannow scans and repairs protected system files, but it cannot fix boot manager or BCD issues when the system cannot boot. Option D is wrong because chkdsk /f checks and repairs file system integrity on a volume, but it does not address boot configuration corruption.

575
MCQeasy

During a security audit at a law firm, the IT manager wants to ensure that all wireless communication is encrypted with the strongest available standard that is also compatible with their mix of Windows 10 laptops and iOS tablets. Which security protocol should you recommend?

A.WEP
B.WPA2-TKIP
C.WPA3-Personal
D.WPA2-Enterprise
AnswerC

WPA3-Personal provides the strongest security for a small office environment without a RADIUS server, and is backward compatible with WPA2 devices.

Why this answer

WPA3-Personal is the strongest available wireless encryption standard and is backward-compatible with WPA2 devices, making it suitable for a mixed environment of Windows 10 laptops and iOS tablets. It introduces Simultaneous Authentication of Equals (SAE) to replace the Pre-Shared Key (PSK) exchange, providing robust protection against offline dictionary attacks. Both Windows 10 and iOS fully support WPA3, ensuring compatibility without sacrificing security.

Exam trap

CompTIA often tests the misconception that WPA2-Enterprise is always stronger than WPA3-Personal, but the question specifies 'strongest available standard' and 'compatible with a mix of Windows 10 laptops and iOS tablets,' which points to WPA3-Personal as the correct choice because it offers superior encryption without requiring enterprise infrastructure.

How to eliminate wrong answers

Option A is wrong because WEP (Wired Equivalent Privacy) uses a static RC4 encryption key that can be cracked in minutes with readily available tools, offering no real security. Option B is wrong because WPA2-TKIP (Temporal Key Integrity Protocol) is a legacy mode that is deprecated and vulnerable to attacks like MIC key recovery; it is not the strongest available standard. Option D is wrong because WPA2-Enterprise, while secure, requires a RADIUS authentication server and is not necessary for a law firm's mixed client environment where WPA3-Personal provides stronger encryption with simpler deployment.

576
MCQhard

A user on a Mac running macOS Big Sur needs to share a folder on their local network with a Windows colleague. The user wants the folder to appear as a network drive on the Windows machine without installing additional software. Which macOS feature should they enable and configure?

A.Screen Sharing in System Settings > Sharing.
B.File Sharing in System Settings > Sharing, and ensure SMB is enabled.
C.Internet Sharing in System Settings > Sharing.
D.Remote Login in System Settings > Sharing.
AnswerB

File Sharing with SMB is the standard way to share folders with Windows clients. The user must also add the specific folder to the Shared Folders list and set appropriate permissions.

Why this answer

Option B is correct because File Sharing in macOS Big Sur includes the ability to enable SMB (Server Message Block) sharing, which is the native file-sharing protocol used by Windows. By turning on File Sharing and checking the SMB option, the Mac acts as an SMB server, allowing the Windows colleague to map the shared folder as a network drive without any additional software.

Exam trap

Cisco often tests the misconception that Screen Sharing or Remote Login can be used for file sharing, but the trap here is that only File Sharing with SMB enabled provides the cross-platform network drive functionality required for Windows clients.

How to eliminate wrong answers

Option A is wrong because Screen Sharing enables remote desktop access (VNC protocol), not file sharing, and would not allow the folder to appear as a network drive on Windows. Option C is wrong because Internet Sharing allows the Mac to share its internet connection with other devices (e.g., via NAT or bridging), not to share files as a network drive. Option D is wrong because Remote Login enables SSH access for command-line connections, not SMB-based file sharing, and Windows cannot natively mount a folder via SSH as a network drive.

577
MCQhard

A technician is reviewing the change management log and finds that a previous change to the email server was marked as 'completed' but the email service has been intermittent since then. The technician suspects the change was not fully tested. Which step in the change management process was most likely skipped?

A.The change request was not submitted
B.The change was not approved by the CAB
C.A post-implementation review was not conducted
D.The rollback plan was not documented
AnswerC

A post-implementation review would have caught the intermittent issue and prevented the change from being marked as completed.

Why this answer

Option C is correct because a post-implementation review (PIR) is the step where the change is verified to have met its objectives without causing adverse effects. Since the email service became intermittent after the change was marked 'completed', the lack of a PIR means the change was not validated in production, allowing the underlying issue to go undetected. In the CompTIA change management process, the PIR ensures that the change has been fully tested and that any residual problems are identified and addressed before the change is closed.

Exam trap

CompTIA often tests the distinction between the approval step and the validation step, trapping candidates who assume that a completed change must have been approved, when the real issue is the failure to verify the change's success through a post-implementation review.

How to eliminate wrong answers

Option A is wrong because the change was logged in the change management log as 'completed', which implies a change request was submitted and processed; the issue is not the absence of a request but the lack of validation after implementation. Option B is wrong because CAB approval is typically required for high-risk or significant changes, but the email server change was already approved and implemented; the skipped step is the verification of success, not the approval itself. Option D is wrong because while a rollback plan is important for reverting a failed change, the problem here is that the change was not fully tested and its impact was not assessed post-implementation; a documented rollback plan would not have prevented the intermittent service if the root cause was not identified during testing.

578
MCQeasy

An iOS user complains that their iPhone will not connect to a known Wi-Fi network, but other devices on the same network work fine. Which iOS-specific troubleshooting step should you perform first to resolve this issue without erasing any personal data?

A.Reset All Settings from the General > Reset menu.
B.Erase All Content and Settings to start fresh.
C.Use the 'Reset Network Settings' option in Settings > General > Reset.
D.Restore the iPhone from an iCloud backup.
AnswerC

This option clears Wi-Fi passwords, cellular settings, and VPN configurations, often fixing connectivity problems without affecting user data.

Why this answer

The correct step is to use the 'Reset Network Settings' option in iOS, which clears saved Wi-Fi networks, VPN configurations, and other network-related settings without affecting personal data like photos or contacts. This often resolves stubborn Wi-Fi connection issues. A full factory reset or iCloud restore would be excessive and data-destructive.

579
MCQeasy

A technician receives a call from someone claiming to be from the company's IT security team, asking for the administrator password to 'run a critical update.' The caller's voice sounds stressed and they mention a data breach. What should the technician do?

A.Provide the password immediately to prevent a data breach.
B.Ask for a callback number and verify it against the company directory.
C.Ignore the call because IT never calls about updates.
D.Change the password and give them the new one.
AnswerB

Verifying the caller's identity through official channels is the standard security procedure to prevent credential theft.

Why this answer

Option B is correct because it follows the principle of verifying identity through a trusted channel before disclosing sensitive information. The technician should ask for a callback number and cross-reference it against the company directory to ensure the caller is legitimate, as social engineering attacks often use urgency and impersonation to bypass security protocols.

Exam trap

This question tests the candidate's ability to resist urgency and authority-based social engineering by presenting a scenario where the caller seems legitimate and the threat appears imminent, leading candidates to prioritize speed over verification.

How to eliminate wrong answers

Option A is wrong because providing the password immediately without verification would violate security policies and could lead to a data breach by enabling an attacker. Option C is wrong because IT security teams may legitimately call about updates, especially during a breach, so ignoring the call could delay a critical response. Option D is wrong because changing the password and giving the new one still discloses credentials to an unverified caller, which does not mitigate the social engineering risk.

580
MCQeasy

A customer is returning a leased laptop that contains sensitive client data. The lease agreement requires that the data be irrecoverably destroyed, but the laptop must remain functional for the next lessee. Which method should you use?

A.Perform a quick format of the hard drive.
B.Use a degausser to demagnetize the drive.
C.Run a secure erase utility that overwrites all sectors with zeros.
D.Physically shred the hard drive.
AnswerC

Secure erase overwrites every sector, making data unrecoverable while leaving the drive intact and usable for the next lessee.

Why this answer

Option C is correct because a secure erase utility that overwrites all sectors with zeros (e.g., using ATA Secure Erase or a tool like DBAN) renders the data irrecoverable by standard forensic methods while leaving the drive functional for the next lessee. This satisfies the lease agreement's requirement for data destruction without damaging the hardware. Quick formats only remove file system pointers, leaving data recoverable, while degaussing or physical destruction would render the laptop non-functional.

Exam trap

On the CompTIA A+ exam, candidates often confuse a quick format with a secure erase, assuming it removes data when it only removes the index. The key distinction is that a secure overwrite (e.g., zero-fill) preserves hardware functionality while making data irrecoverable.

How to eliminate wrong answers

Option A is wrong because a quick format only clears the file system metadata (e.g., MFT or FAT) and does not overwrite the actual data sectors, leaving all client data recoverable with simple file recovery tools. Option B is wrong because a degausser uses a strong magnetic field to demagnetize the platters, which destroys the drive's ability to store data permanently, making the laptop non-functional for the next lessee. Option D is wrong because physically shredding the hard drive destroys the hardware entirely, which violates the requirement that the laptop remain functional for the next lessee.

581
MCQeasy

A user reports that they cannot connect to the company's internal file server from home using the provided VPN client. They can access the internet without issues. Which of the following is the most likely cause of this problem?

A.The user's home router is blocking VPN traffic on port 443.
B.The VPN client is configured for split tunneling, and the file server's IP range is not in the allowed routes.
C.The file server is powered off or experiencing a hardware failure.
D.The user's VPN client software is outdated and needs to be reinstalled.
AnswerB

Split tunneling routes only specific traffic through the VPN. If the file server's subnet is omitted, the user cannot reach it, even though the VPN is connected.

Why this answer

Split tunneling allows the VPN client to route only specific traffic (e.g., corporate subnets) through the encrypted tunnel, while all other traffic goes directly to the internet. If the file server's IP range is not included in the allowed routes, traffic to that server will bypass the VPN and be sent unencrypted to the user's local gateway, which cannot reach the internal server. This matches the symptom: internet works, but the file server is unreachable.

Exam trap

The trap here is that candidates often assume any remote access issue is due to firewall blocking or server failure, overlooking the specific split tunneling misconfiguration that allows internet but blocks internal resources.

How to eliminate wrong answers

Option A is wrong because port 443 is typically used for HTTPS or SSL/TLS-based VPNs (e.g., OpenVPN, SSTP), and if the home router were blocking it, the VPN client would fail to establish any connection at all, not just fail to reach the file server. Option C is wrong because a powered-off or failed file server would affect all users, not just a remote VPN user, and the user can access the internet, indicating the VPN tunnel itself is up. Option D is wrong because outdated VPN client software would typically cause connection failures or authentication errors, not a selective inability to reach a specific internal resource while internet access works.

582
MCQeasy

A user reports that their Windows 10 PC shows a 'Low Disk Space' warning on the C: drive. You need to free up space by removing temporary files, system cache, and previous Windows installations. Which tool provides a guided cleanup for these items?

A.Disk Management
B.Defragment and Optimize Drives
C.Disk Cleanup
D.Storage Spaces
AnswerC

Disk Cleanup scans for and removes temporary files, system cache, and previous Windows installations to free up disk space.

Why this answer

Disk Cleanup (cleanmgr.exe) is the built-in Windows tool specifically designed to free disk space by removing temporary files, system cache, and previous Windows installations. It provides a guided, checkbox-driven interface that lets users select categories such as 'Temporary Internet Files', 'Delivery Optimization Files', and 'Windows Update Cleanup' (which includes previous Windows installations). This makes it the correct choice for the described scenario.

Exam trap

The A+ exam often tests the distinction between tools that manage disk space (Disk Cleanup) versus tools that manage disk structure (Disk Management) or performance (Defragment), so the trap is that candidates may confuse 'freeing up space' with 'optimizing' or 'managing' the drive.

How to eliminate wrong answers

Option A is wrong because Disk Management is used for partitioning, formatting, and managing drive letters, not for cleaning temporary files or system caches. Option B is wrong because Defragment and Optimize Drives (dfrgui.exe) reorganizes file fragments on a drive to improve performance but does not remove any files or free up space. Option D is wrong because Storage Spaces is a storage virtualization feature that pools physical drives into logical storage pools, and it does not provide a cleanup interface for temporary files or previous Windows installations.

583
MCQmedium

A technician is troubleshooting a remote user's inability to connect to the office network via VPN. The user can ping the VPN server's public IP address but the VPN connection fails after entering credentials. The VPN logs show an authentication error. What should the technician check next?

A.Verify that the VPN server's firewall is allowing UDP port 500 and 4500.
B.Check if the user's account is locked out or if the password has expired.
C.Reinstall the VPN client software on the user's computer.
D.Configure the VPN to use a different encryption protocol.
AnswerB

An authentication error directly indicates a problem with the user's credentials. Locked accounts or expired passwords are common causes.

Why this answer

The VPN logs show an authentication error, which indicates the failure occurs during the credential validation phase, not during network connectivity. Since the user can ping the VPN server's public IP, Layer 3 connectivity is intact, and the issue is likely with the user's account status. Checking if the account is locked out or the password has expired directly addresses the authentication failure.

Exam trap

CompTIA often tests the distinction between connectivity issues (Layer 3 reachability) and authentication issues (Layer 7 credential validation), leading candidates to incorrectly focus on firewall ports or client software when the logs clearly point to an authentication failure.

How to eliminate wrong answers

Option A is wrong because UDP ports 500 and 4500 are used for IPsec IKE traffic, and the user can already ping the VPN server, so firewall rules are not the immediate cause of an authentication error. Option C is wrong because reinstalling the VPN client software would not resolve an authentication error that occurs after credentials are entered; the client is functioning enough to reach the server. Option D is wrong because changing the encryption protocol would not fix an authentication error; it would only alter how data is secured after authentication succeeds.

584
MCQeasy

A small office wants to restrict access to the server room to only authorized IT staff. They need a solution that does not require keys or cards that can be lost. Which physical security control should they implement?

A.Keyed lock
B.Proximity card reader
C.Biometric lock
D.Cipher lock
AnswerC

Biometric locks use fingerprints or other unique traits, so no keys or cards are needed, meeting the requirement perfectly.

Why this answer

Biometric locks use unique physical characteristics like fingerprints, eliminating the need for keys or cards that can be lost or stolen. This question tests knowledge of access control methods that combine security with convenience.

585
MCQeasy

A user reports that their laptop was stolen from their desk overnight. The security team reviews badge logs and finds no after-hours access to the floor. What physical security control should be implemented to prevent this from recurring?

A.Install a biometric fingerprint reader on the laptop.
B.Require a smart card to log in to the laptop.
C.Use a cable lock to secure the laptop to the desk.
D.Enable full-disk encryption on the laptop.
AnswerC

A cable lock physically attaches the laptop to a stationary object, deterring theft.

Why this answer

Option C is correct because a cable lock physically secures the laptop to a fixed object like a desk, directly preventing theft by requiring physical force or tool removal. Since the breach occurred overnight with no after-hours access, the threat was unauthorized physical removal, not logical access. A cable lock is the only control that addresses the physical theft vector by tethering the device to an immovable anchor.

Exam trap

CompTIA often tests the distinction between physical security controls (preventing theft/damage) and logical/data security controls (preventing unauthorized access or data loss), leading candidates to choose encryption or authentication options when the scenario clearly describes physical removal.

How to eliminate wrong answers

Option A is wrong because a biometric fingerprint reader authenticates the user at login, but does not prevent the laptop from being physically taken from the desk; it only controls logical access after power-on. Option B is wrong because requiring a smart card to log in controls authentication, not physical theft; the laptop can still be stolen regardless of login requirements. Option D is wrong because full-disk encryption protects data confidentiality if the laptop is stolen, but does not prevent the theft itself; it is a data protection control, not a physical security control.

586
MCQmedium

A technician is configuring a new Windows 10 workstation for a remote employee. The employee will use the laptop to access company resources via VPN. Which security setting should be configured to ensure the VPN connection is always used when accessing the internet?

A.Enable split tunneling to improve performance.
B.Disable split tunneling to force all traffic through the VPN.
C.Configure the VPN to use PPTP protocol.
D.Set the VPN to connect only when accessing internal websites.
AnswerB

Disabling split tunneling ensures all internet traffic goes through the corporate VPN, maintaining security policies.

Why this answer

Disabling split tunneling ensures that all network traffic, including internet-bound traffic, is routed through the VPN tunnel. This forces the VPN connection to be always used when accessing the internet, which is essential for enforcing security policies and ensuring that company resources are protected even when the remote employee accesses external websites.

Exam trap

CompTIA often tests the misconception that enabling split tunneling improves security by reducing VPN load, when in fact it creates a security risk by allowing non-VPN traffic to bypass corporate security controls.

How to eliminate wrong answers

Option A is wrong because enabling split tunneling would allow internet-bound traffic to bypass the VPN, directly contradicting the requirement to always use the VPN for internet access. Option C is wrong because PPTP is an outdated and insecure protocol; the question asks about a security setting to force traffic through the VPN, not about the protocol choice. Option D is wrong because setting the VPN to connect only when accessing internal websites would not force all internet traffic through the VPN; it would only trigger the VPN for internal resource requests, leaving other internet traffic unprotected.

587
MCQmedium

A user receives an email from what appears to be their bank, asking them to click a link and verify their account due to suspicious activity. The email contains several spelling errors and the link points to an unfamiliar domain. What type of attack is this?

A.Spear phishing
B.Phishing
C.Whaling
D.Vishing
AnswerB

Phishing involves mass emails that appear from trusted sources to steal credentials, matching this scenario.

Why this answer

This is a classic phishing attack because the email is a mass, unsolicited message that impersonates a trusted entity (the bank) and uses social engineering to trick the recipient into clicking a malicious link. The presence of spelling errors and an unfamiliar domain are hallmark indicators of a generic phishing attempt, not a targeted attack. Phishing typically relies on volume and deception rather than personalized reconnaissance.

Exam trap

The CompTIA A+ exam often tests the distinction between generic phishing and spear phishing by including a scenario with obvious errors and no personalization, tricking candidates into overthinking and selecting 'spear phishing' because they misidentify the bank context as targeted.

How to eliminate wrong answers

Option A is wrong because spear phishing is a highly targeted attack that uses personalized information (e.g., the recipient's name, job title, or specific account details) to increase credibility, whereas this email lacks any such personalization and contains generic errors. Option C is wrong because whaling is a specific form of spear phishing that targets high-profile executives or individuals with authority, not a general user receiving a mass email. Option D is wrong because vishing (voice phishing) is conducted over voice calls or VoIP, not via email with a clickable link.

588
MCQeasy

A small business owner wants to deploy a custom inventory app to five company-owned iPads. The app is not available on the App Store. Which method should you use to install it?

A.Use Apple Configurator to install the app directly.
B.Download the app from a third-party website and open it in Safari.
C.Email the app file to each user and have them install it.
D.Enable sideloading in Settings and install via iTunes.
AnswerA

Apple Configurator allows supervised devices to install custom in-house apps signed with an enterprise certificate.

Why this answer

Apple Configurator allows IT administrators to install enterprise or custom in-house apps directly onto supervised iOS devices without requiring the App Store. Since the app is not available on the App Store and the iPads are company-owned, Apple Configurator provides a supported, secure method for direct installation using a Mac.

Exam trap

CompTIA often tests the misconception that iOS supports general sideloading or direct file installation like Android, when in reality iOS strictly controls app installation through the App Store, enterprise distribution, or supervised device management tools like Apple Configurator.

How to eliminate wrong answers

Option B is wrong because downloading an app from a third-party website and opening it in Safari is not a supported installation method on iOS; iOS does not allow direct installation from arbitrary websites without enterprise distribution certificates or jailbreaking. Option C is wrong because emailing an app file (.ipa) to users does not work on iOS; the operating system blocks installation of apps from email attachments due to security restrictions. Option D is wrong because iOS does not have a general 'sideloading' toggle in Settings; sideloading via iTunes is limited to free Apple Developer accounts with a 7-day expiry and requires the app to be signed, making it impractical for permanent deployment to five company-owned iPads.

589
MCQmedium

A technician is troubleshooting a DNS resolution issue on a Windows 10 workstation. The user can ping an IP address but not a domain name. Which command should be used to clear the local DNS cache?

A.nslookup example.com
B.ipconfig /flushdns
C.netstat -r
D.ping -a 192.168.1.1
AnswerB

Correct. ipconfig /flushdns clears the DNS resolver cache, forcing the system to query DNS servers fresh.

Why this answer

The `ipconfig /flushdns` command clears the local DNS resolver cache on a Windows 10 workstation. When a user can ping an IP address but not a domain name, it often indicates a stale or corrupted DNS cache entry. Flushing the cache forces the system to query the DNS server for fresh resolution, resolving the issue.

Exam trap

The trap here is that candidates confuse `nslookup` (which queries the DNS server) with a cache-clearing command, not realizing that `nslookup` does not affect the local cache and may return a correct result even when the cache is corrupted.

How to eliminate wrong answers

Option A is wrong because `nslookup example.com` queries an external DNS server directly, bypassing the local cache, and does not clear the cache. Option C is wrong because `netstat -r` displays the IP routing table, not DNS cache information. Option D is wrong because `ping -a 192.168.1.1` performs a reverse DNS lookup to resolve an IP address to a hostname, but it does not clear the DNS cache.

590
MCQeasy

A user calls the help desk, frustrated because their computer is running slowly after installing a new antivirus program. The technician suspects the antivirus is causing high CPU usage. Which of the following is the MOST appropriate initial response?

A.Tell the user to uninstall the antivirus immediately.
B.Explain that antivirus programs always slow down computers and there's nothing to be done.
C.Apologize for the frustration and ask the user to describe when the slowness started.
D.Immediately remote into the computer to check CPU usage.
AnswerC

This shows empathy and gathers critical information to diagnose the problem effectively.

Why this answer

Option C is correct because it follows the CompTIA A+ troubleshooting methodology by first gathering information and showing empathy. The technician needs to confirm the timeline of the slowness relative to the antivirus installation, as other factors (e.g., a Windows update, disk I/O bottleneck, or malware) could be the root cause. Jumping to conclusions without verifying the symptom onset violates the 'identify the problem' step and risks misdiagnosis.

Exam trap

CompTIA often tests the candidate's ability to prioritize the troubleshooting methodology over technical action—the trap here is that many candidates choose Option D because they think immediate remote access is efficient, but the exam emphasizes gathering information and showing empathy as the first step.

How to eliminate wrong answers

Option A is wrong because uninstalling the antivirus immediately removes security protection without confirming it is the cause, and the slowness could stem from a different issue like a pending update or driver conflict. Option B is wrong because it dismisses the user's frustration and is factually incorrect—modern antivirus programs can be tuned (e.g., excluding scheduled scans during peak usage, adjusting real-time protection settings) to minimize performance impact. Option D is wrong because remotely accessing the computer without first explaining the action and obtaining consent violates professional conduct and the user's privacy; the technician should first ask questions to narrow down the problem before taking invasive steps.

591
MCQeasy

A customer reports that their computer is running slowly and they see pop-up ads even when no browser is open. They suspect malware. Which of the following should you perform first to remediate this issue?

A.Run a full antivirus scan
B.Disconnect the computer from the network
C.Reboot the computer in Safe Mode
D.Restore from a recent backup
AnswerB

Disconnecting stops active malware from communicating or spreading, making it the priority first step.

Why this answer

Disconnecting the computer from the network is the first step because it immediately stops the malware from communicating with its command-and-control (C2) server, preventing further data exfiltration, additional payload downloads, or remote control. This containment step is critical before any remediation (like scanning or rebooting) to avoid the malware spreading or causing more damage.

Exam trap

The trap here is that candidates often jump to running an antivirus scan (Option A) as the immediate action, but CompTIA emphasizes containment first to prevent further damage or data loss, especially when active C2 communication is suspected.

How to eliminate wrong answers

Option A is wrong because running a full antivirus scan while the computer is still connected to the network allows active malware to continue communicating with its C2 server, potentially downloading more malicious code or exfiltrating data during the scan. Option C is wrong because rebooting into Safe Mode does not immediately stop network-based threats; the malware may still have network access in Safe Mode with networking, and the reboot itself could trigger destructive payloads. Option D is wrong because restoring from a recent backup should only be performed after confirming the backup is clean and the current infection is contained; doing it first risks reinfecting the system from the backup or missing active malware still on the network.

592
MCQmedium

A user reports that their computer has been acting strangely: files are missing, and the mouse cursor moves on its own, opening programs and typing messages. The technician suspects a remote access Trojan (RAT). What is the most effective immediate action to stop the unauthorized access?

A.Run a full antivirus scan while the user is logged off.
B.Disconnect the Ethernet cable and disable Wi-Fi.
C.Change the user's password and log off.
D.Restore the system to a previous restore point.
AnswerB

Disconnecting the network immediately stops the remote attacker from controlling the computer.

Why this answer

A RAT gives an attacker remote control of the system. The immediate action is to disconnect the computer from the network, which cuts off the attacker's connection. After isolation, the technician can run scans and remove the malware.

Continuing to work while connected risks data theft or further damage.

593
MCQhard

A technician is tasked with decommissioning a server that contains a RAID array of hard drives. The drives are still functional, but the data must be securely erased. What is the most secure method to ensure data cannot be recovered?

A.Perform a quick format of each drive.
B.Overwrite the drives with zeros using a low-level format.
C.Use a degausser to erase the magnetic data on the drives.
D.Physically destroy the drives with a hammer.
AnswerC

Degaussing destroys the magnetic domains, making data unrecoverable. It is the most secure method for magnetic drives.

Why this answer

Option C is correct because degaussing uses a powerful magnetic field to randomize the magnetic domains on the hard drive platters, effectively destroying all stored data at the magnetic level. This method renders the data unrecoverable even with advanced forensic tools, as it disrupts the magnetic orientation that represents the data. For a RAID array of functional drives, degaussing ensures complete data sanitization without requiring physical destruction.

Exam trap

CompTIA often tests the misconception that a quick format or zero-fill is sufficient for secure erasure, but the trap here is that degaussing is the only method that guarantees magnetic destruction of data without relying on the drive's firmware or logical overwrite routines.

How to eliminate wrong answers

Option A is wrong because a quick format only clears the file system metadata (e.g., the partition table and directory structure) and does not overwrite the actual data on the drives, leaving the data recoverable with data recovery software. Option B is wrong because overwriting with zeros using a low-level format is a logical overwrite that may not reach all sectors on modern drives with internal remapping (e.g., G-List sectors), and it is less effective than degaussing for ensuring unrecoverability, especially against advanced recovery techniques. Option D is wrong because physically destroying drives with a hammer is not the most secure method—it can leave platter fragments from which data might be recovered using specialized equipment, and it is less reliable than degaussing for complete magnetic erasure.

594
MCQeasy

A company is implementing a new policy to prevent tailgating at the main entrance. Which physical security control should they deploy?

A.Security cameras
B.Biometric reader
C.Mantrap
D.Badge reader
AnswerC

A mantrap creates a small vestibule with two doors, allowing only one person to pass after authentication, directly preventing tailgating.

Why this answer

A mantrap uses two interlocking doors to ensure only one person can enter at a time, effectively preventing tailgating. This tests understanding of specialized access controls designed to enforce one-person-per-authentication.

595
MCQeasy

A customer reports that their Windows 10 PC is slow and displays pop-up ads even when no browser is open. They suspect malware. After running a full antivirus scan, the symptoms persist. Which step should you take next to remediate the issue?

A.Reinstall the operating system.
B.Run a scan with a dedicated anti-malware tool like Malwarebytes.
C.Disable Windows Defender permanently.
D.Clear the browser cache and cookies.
AnswerB

Adware and PUPs often evade standard antivirus; a dedicated anti-malware tool is designed to detect and remove them.

Why this answer

Option B is correct because standard antivirus software often misses potentially unwanted programs (PUPs) and adware that inject pop-ups into the system. A dedicated anti-malware tool like Malwarebytes uses heuristic analysis and signature databases specifically tuned to detect and remove adware, browser hijackers, and other low-level threats that traditional AV engines may overlook.

Exam trap

CompTIA often tests the distinction between standard antivirus and specialized anti-malware tools, trapping candidates who assume that a full antivirus scan is sufficient to remove all types of malware, especially adware and PUPs.

How to eliminate wrong answers

Option A is wrong because reinstalling the operating system is an extreme, time-consuming step that should only be taken after all other remediation methods have failed, and it does not address the root cause of the infection. Option C is wrong because disabling Windows Defender permanently would remove a critical layer of real-time protection, leaving the system vulnerable to further infections and violating best practices for security. Option D is wrong because clearing browser cache and cookies only removes temporary web data and cannot eliminate adware or malware that is running as a background process or service on the system.

596
MCQmedium

A user reports that their Windows 10 laptop will not boot and displays the error 'Bootmgr is missing'. They have a valid Windows installation USB. Which steps should you take to repair the boot manager?

A.Boot from the USB, go to Troubleshoot > Advanced Options > Command Prompt, and run 'bootrec /rebuildbcd' and 'bootrec /fixmbr'.
B.Boot from the USB and select 'Repair your computer' > 'Startup Repair'.
C.Boot from the USB and run 'sfc /scannow' from the Command Prompt.
D.Boot from the USB and perform a system restore to a previous point.
AnswerA

These bootrec commands are specifically designed to rebuild the BCD and repair the master boot record, fixing the 'Bootmgr is missing' error.

Why this answer

The 'Bootmgr is missing' error indicates that the Boot Manager (bootmgr) is either corrupted or missing, or the BCD (Boot Configuration Data) store is damaged. Booting from a Windows installation USB and using the Command Prompt via Troubleshoot > Advanced Options allows you to run 'bootrec /rebuildbcd' to scan for Windows installations and rebuild the BCD store, and 'bootrec /fixmbr' to repair the Master Boot Record (MBR) on the system partition. This directly addresses the boot manager issue by restoring the boot configuration and ensuring the MBR points to the correct boot sector.

Exam trap

CompTIA often tests the distinction between automated tools like Startup Repair and manual command-line utilities, leading candidates to choose the simpler option (B) without realizing that specific boot manager errors require targeted commands like 'bootrec' to rebuild the BCD and repair the MBR.

How to eliminate wrong answers

Option B is wrong because Startup Repair is a more automated tool that attempts to fix common boot issues, but it may not specifically rebuild the BCD or repair the MBR in all cases, and it often fails when the BCD is severely corrupted or missing. Option C is wrong because 'sfc /scannow' (System File Checker) scans and repairs protected system files, but it does not repair the boot manager, MBR, or BCD store, which are the root cause of the 'Bootmgr is missing' error. Option D is wrong because System Restore reverts system files, settings, and registry to a previous restore point, but it does not repair the boot manager or BCD; if the boot configuration is corrupted, System Restore may not even run successfully without a functional boot loader.

597
MCQeasy

A user reports that their Windows 10 laptop takes an unusually long time to boot and frequently shows a 'Preparing Automatic Repair' screen before finally loading the desktop. Which Windows tool should be used first to diagnose and potentially fix the boot process?

A.Run the System File Checker (SFC) from an elevated Command Prompt.
B.Perform a full system restore from a backup made last month.
C.Use the Disk Cleanup tool to remove temporary files.
D.Reinstall Windows using the 'Reset this PC' option.
AnswerA

SFC scans and repairs corrupted system files, which can resolve boot delays and automatic repair loops.

Why this answer

The 'Preparing Automatic Repair' loop and slow boot often indicate corruption in critical boot files, such as the Boot Configuration Data (BCD) or system files. Running System File Checker (SFC) from an elevated Command Prompt scans and repairs protected system files, addressing the root cause without data loss. This is the first-line diagnostic tool for boot integrity issues before escalating to more destructive methods.

Exam trap

CompTIA often tests the misconception that Disk Cleanup or a full restore is the appropriate first step for boot issues, when in fact SFC is the correct initial diagnostic tool for file corruption without data loss.

How to eliminate wrong answers

Option B is wrong because performing a full system restore from a backup is a reactive, data-loss-prone step that should only be used after less invasive repairs fail; it does not diagnose the specific boot file corruption. Option C is wrong because Disk Cleanup only removes temporary files and does not repair system files or boot configuration, making it irrelevant to boot loops. Option D is wrong because reinstalling Windows via 'Reset this PC' is a last-resort destructive recovery that wipes applications and settings, and is not the first tool to use for boot file corruption.

598
MCQeasy

During a routine security audit, a technician finds that a user's computer has an unknown program running that is sending keystrokes and screenshots to a remote server. The user did not install this program. Which type of malware is this?

A.Rootkit
B.Worm
C.Keylogger
D.Ransomware
AnswerC

A keylogger records keystrokes and often captures screenshots, matching the described behavior.

Why this answer

Option C is correct because the described behavior—capturing keystrokes and screenshots and sending them to a remote server—is the defining characteristic of a keylogger. This type of malware specifically records user input and screen activity to steal sensitive data like passwords and personal information, and it often runs without the user's knowledge or consent.

Exam trap

The trap here is that candidates often confuse a keylogger with a rootkit because both can operate stealthily, but the rootkit's primary function is hiding itself and other malware, not capturing keystrokes or screenshots.

How to eliminate wrong answers

Option A is wrong because a rootkit is designed to hide its presence and other malware from the operating system by modifying kernel-level functions, not to capture keystrokes or screenshots. Option B is wrong because a worm is a self-replicating malware that spreads across networks without user interaction, focusing on propagation rather than data theft via keystroke logging. Option D is wrong because ransomware encrypts files or locks the system to demand a ransom, and it does not typically exfiltrate keystrokes or screenshots to a remote server.

599
MCQhard

A company's login script uses a batch file that calls multiple other scripts. Recently, the script stopped working after a Windows update. The technician discovers that the script uses 'call' to run sub-scripts, but one of the sub-scripts contains an 'exit' command that terminates the entire batch process. How should the technician modify the sub-script to prevent this?

A.Replace 'exit' with 'goto :eof'
B.Change 'exit' to 'exit /b'
C.Remove the 'exit' command entirely
D.Use 'endlocal' before 'exit'
AnswerB

'exit /b' exits the current batch script and returns to the caller, preserving the call chain.

Why this answer

The 'exit' command without parameters terminates the entire command interpreter (cmd.exe), which kills the parent batch file as well. Using 'exit /b' instead exits only the current batch script or subroutine, returning control to the calling script. This preserves the intended flow when sub-scripts are invoked via 'call'.

Exam trap

CompTIA often tests the difference between 'exit' (terminates the entire command shell) and 'exit /b' (exits only the current batch script), leading candidates to mistakenly think 'exit' is always safe in sub-scripts.

How to eliminate wrong answers

Option A is wrong because 'goto :eof' is used to jump to the end of the current batch file, but it does not exit a subroutine that was called; it simply transfers control, which may not stop execution of the sub-script if there are more commands after the label. Option C is wrong because removing the 'exit' command entirely would leave the sub-script to continue executing any subsequent commands, potentially causing unintended behavior or an infinite loop. Option D is wrong because 'endlocal' only ends local variable scope set by 'setlocal'; it does not affect the termination behavior of the 'exit' command and does not prevent the parent batch from being terminated.

600
MCQhard

A technician needs to deploy a software update to 100 computers in a domain. The update requires administrative privileges. The technician wants to run the installer silently without user interaction. Which command-line syntax should be used?

A.msiexec /i update.msi /passive
B.msiexec /i update.msi /quiet /norestart
C.msiexec /i update.msi /qb
D.msiexec /i update.msi /l* log.txt
AnswerB

Installs silently and prevents automatic restart.

Why this answer

Option B is correct because the `/quiet` switch suppresses all user interface and user interaction, which satisfies the requirement for silent installation. The `/norestart` switch prevents an automatic reboot after the installation, which is necessary when deploying to multiple computers without disrupting users. Together, these switches ensure the update runs with administrative privileges in a fully unattended manner.

Exam trap

CompTIA A+ often tests the distinction between /passive (which still shows a progress bar) and /quiet (which is truly silent), leading candidates to choose /passive when the question explicitly requires no user interaction.

How to eliminate wrong answers

Option A is wrong because `/passive` displays a progress bar and only minimizes user interaction, not eliminating it entirely; the installation is not fully silent. Option C is wrong because `/qb` shows a basic progress dialog (a basic UI), which still requires user interaction and does not meet the silent requirement. Option D is wrong because `/l* log.txt` only enables verbose logging to a file; it does not control the installation's user interface or silence it, so the installer would run with its default UI.

Page 7

Page 8 of 10

Page 9

All pages