CompTIA A+ Core 2 220-1202 (220-1202) — Questions 601675

750 questions total · 10pages · All types, answers revealed

Page 8

Page 9 of 10

Page 10
601
MCQhard

A company deploys a custom app via MDM to Android devices. Users report that the app crashes immediately upon launch. The app works fine on the developer's test device. What is the most likely cause?

A.The MDM profile is corrupt and needs to be re-pushed.
B.The app requires a specific Android API level that is not present on the deployed devices.
C.The devices have insufficient storage space.
D.The app is not signed with the correct enterprise certificate.
AnswerB

If the app targets a higher API level than the device's OS, it will crash on launch due to missing system features.

Why this answer

The most likely cause is that the app requires a specific Android API level (e.g., a minimum SDK version) that is not present on the deployed devices. Since the app works on the developer's test device (which likely has a newer or matching API level), but crashes on the target devices, this indicates a compatibility mismatch. MDM deployment does not alter the device's API level, so the app's manifest-defined requirements are not met, leading to an immediate crash on launch.

Exam trap

The CompTIA A+ exam often tests the distinction between installation-time failures (certificate, storage) and runtime failures (API level, missing libraries). The trap here is that candidates may incorrectly attribute a crash to MDM profile corruption or certificate issues, when the actual root cause is an API level mismatch that only manifests at launch.

How to eliminate wrong answers

Option A is wrong because a corrupt MDM profile would typically cause deployment failures (e.g., app not installing or configuration not applying), not a crash upon launch of an already-installed app. Option C is wrong because insufficient storage space would prevent installation or cause a different error (e.g., 'insufficient storage' message), not an immediate crash after the app is already installed and launched. Option D is wrong because an incorrect enterprise certificate would prevent the app from installing at all (due to signature verification failure), not cause a crash after successful installation and launch.

602
MCQmedium

A user reports that their MacBook Pro running macOS Monterey frequently displays a message saying 'Your system has run out of application memory.' They have 16 GB of RAM and are only using Safari and Mail. Which macOS tool should you use to investigate the cause?

A.System Information
B.Terminal with 'vm_stat' command
C.Activity Monitor
D.Console
AnswerC

Activity Monitor's Memory tab displays memory pressure and per-process usage, allowing you to diagnose memory issues.

Why this answer

Activity Monitor is the correct tool because it provides real-time, graphical monitoring of memory pressure, process-specific memory usage, and the 'Memory' tab's 'Memory Pressure' graph directly indicates whether the system is under memory strain. Since the user has 16 GB of RAM and is only using Safari and Mail, the 'out of application memory' error typically indicates a memory leak or excessive memory consumption by a specific process, which Activity Monitor can pinpoint by sorting processes by memory usage.

Exam trap

The A+ exam often tests the distinction between diagnostic tools by making candidates confuse a static information tool (System Information) or a log viewer (Console) with a real-time performance monitor (Activity Monitor), especially when the symptom is a dynamic resource exhaustion issue.

How to eliminate wrong answers

Option A is wrong because System Information provides a static hardware and software inventory (e.g., RAM type, serial numbers) but does not show real-time memory usage or process-level memory consumption, so it cannot diagnose the cause of a memory pressure event. Option B is wrong because while 'vm_stat' in Terminal shows virtual memory statistics (e.g., page-ins, page-outs), it does not provide a user-friendly, process-level view of memory usage or the 'Memory Pressure' graph, making it less practical for quickly identifying the offending application. Option D is wrong because Console displays system logs and diagnostic messages, which can show kernel panics or app crashes, but it does not offer a live, graphical overview of memory usage or process memory footprints, so it is not the primary tool for investigating memory pressure.

603
MCQhard

A technician is tasked with creating a PowerShell script that will parse a CSV file containing user information and create local user accounts on a Windows 10 machine. The CSV has columns: 'Username', 'FullName', 'Password'. The script must skip any row where the 'Username' is empty. Which control structure should the technician use to handle this requirement?

A.A 'for' loop with a counter to skip empty rows
B.A 'switch' statement to match usernames
C.An 'if' statement to test whether the Username property is not empty
D.A 'try/catch' block to handle errors when creating the account
AnswerC

An if statement can check the condition and skip processing if the username is empty.

Why this answer

Option C is correct because the requirement is to conditionally skip rows based on a property value. An 'if' statement in PowerShell allows you to test whether the 'Username' property is empty or null using a condition like `if ($_.Username -ne '')` and then skip the row with `continue` or simply not process it. This is the most direct and efficient control structure for a simple boolean check on each row.

Exam trap

CompTIA often tests the distinction between control structures used for conditional logic versus iteration or error handling, and the trap here is that candidates may overcomplicate the solution by choosing a loop or switch when a simple conditional check is the most appropriate and efficient choice.

How to eliminate wrong answers

Option A is wrong because a 'for' loop with a counter is unnecessary; it would require manual index tracking and does not inherently skip empty rows without an additional conditional check, making it less efficient and more error-prone than a direct property test. Option B is wrong because a 'switch' statement is designed to match a single value against multiple patterns, not to test whether a property is empty or not; it would be overcomplicated and not the idiomatic choice for a simple null/empty check. Option D is wrong because a 'try/catch' block is used for exception handling during runtime errors (e.g., account creation failure), not for skipping rows based on data validation before processing.

604
MCQeasy

A user reports that their Windows 10 PC is running slowly and they suspect too many programs start automatically. Which tool in the Settings app would you use to disable unnecessary startup programs?

A.System > About
B.Devices > Bluetooth & other devices
C.Update & Security > Troubleshoot
D.Apps > Startup
AnswerD

The Startup page lists all startup programs with toggles to enable or disable them.

Why this answer

Option D is correct because the Apps > Startup page in the Windows 10 Settings app provides a list of all startup programs with toggle switches to enable or disable them. This directly addresses the user's issue of too many programs launching automatically, which can slow down boot time and overall performance. The tool shows the impact of each startup item (e.g., 'High', 'Medium', 'Low') to help prioritize which to disable.

Exam trap

The trap here is that candidates often confuse the Apps > Startup page with the Task Manager's Startup tab (accessible via Ctrl+Shift+Esc), but the question specifically asks for a tool 'in the Settings app,' making Apps > Startup the correct choice.

How to eliminate wrong answers

Option A is wrong because System > About displays basic device specifications (e.g., processor, RAM, Windows edition) and does not manage startup programs. Option B is wrong because Devices > Bluetooth & other devices is used to pair and manage Bluetooth peripherals, not to control startup applications. Option C is wrong because Update & Security > Troubleshoot runs automated diagnostic tools for system issues like internet connectivity or audio, but it cannot disable startup programs.

605
MCQeasy

A technician is installing a new power supply in a desktop computer. After connecting all cables, the computer will not power on. What is the most likely safety-related oversight?

A.The power supply is not compatible with the motherboard.
B.The power cord is not securely plugged into the power supply.
C.The voltage selector switch on the power supply is set to the wrong voltage.
D.The power supply fan is blocked by debris.
AnswerC

This is correct. The voltage selector switch must match the outlet voltage. An incorrect setting can prevent power-up and damage the power supply.

Why this answer

The voltage selector switch on the power supply must match the local mains voltage (typically 115V in North America or 230V in Europe). If set to 230V while plugged into a 115V outlet, the power supply will receive insufficient voltage to start, causing the computer to appear completely dead. This is a common safety-related oversight because the switch is often overlooked during installation.

Exam trap

CompTIA often tests the voltage selector switch as a safety-related oversight because candidates mistakenly focus on physical connection issues (like a loose power cord) or component compatibility, overlooking the critical step of matching the power supply to the local mains voltage.

How to eliminate wrong answers

Option A is wrong because power supply compatibility with the motherboard is determined by the form factor (e.g., ATX) and connector types, not by the ability to power on; an incompatible power supply would still typically power on but might not fit or provide correct voltages. Option B is wrong because if the power cord were not securely plugged in, the computer would not power on, but this is a physical connection issue, not a safety-related oversight—the question specifically asks for a safety-related oversight. Option D is wrong because a blocked fan would cause overheating after the system is powered on, not prevent the computer from powering on entirely; the power supply would still start and spin the fan briefly before thermal protection might kick in.

606
MCQeasy

During a security audit, a technician discovers that a company's wireless network uses WEP encryption. The network has been in place for 10 years and still uses the original router. What is the most immediate security risk?

A.The router may not support modern encryption protocols.
B.WEP keys can be easily cracked using tools like Aircrack-ng.
C.The router's firmware is likely outdated and vulnerable to exploits.
D.WEP does not support WPA2-PSK, so clients must use a different protocol.
AnswerB

WEP's weak RC4 encryption allows attackers to capture packets and derive the key quickly.

Why this answer

WEP encryption is fundamentally flawed because it uses the RC4 cipher with a weak initialization vector (IV) that is transmitted in plaintext. Tools like Aircrack-ng can capture enough IVs (typically 20,000–40,000) to derive the WEP key within minutes, regardless of key length. This makes the network trivially vulnerable to unauthorized access and data decryption, which is the most immediate and exploitable risk.

Exam trap

CompTIA often tests the distinction between a hardware limitation (e.g., outdated firmware or lack of protocol support) and a protocol-level cryptographic weakness, where candidates may incorrectly choose a less direct risk instead of the immediate, proven exploitability of WEP.

How to eliminate wrong answers

Option A is wrong because while the router may not support modern protocols, that is a limitation of the hardware, not an immediate security risk—the immediate risk is that WEP itself is broken. Option C is wrong because outdated firmware is a potential vulnerability, but it is not as immediate or certain as the guaranteed cryptographic weakness of WEP, which can be exploited without any firmware bugs. Option D is wrong because WEP does not need to support WPA2-PSK; clients can connect using WEP, and the issue is that WEP is insecure, not that it lacks compatibility with a different protocol.

607
MCQmedium

A user reports that their Windows 10 laptop is running very slowly after a recent software installation. You suspect a driver conflict. You need to boot the system with a minimal set of drivers and services to troubleshoot, but you must not use Safe Mode because the user needs network access for remote support. Which boot configuration should you set using the System Configuration tool?

A.Set the boot to 'Safe boot' with 'Network' selected under Boot options.
B.Under the General tab, select 'Diagnostic startup'.
C.Under the General tab, select 'Selective startup' and uncheck 'Load system services'.
D.Under the Boot tab, check 'No GUI boot' and set the timeout to 0.
AnswerB

Diagnostic startup loads only basic devices and services, and it does not disable networking entirely, allowing remote support.

Why this answer

In the System Configuration tool (msconfig), the Diagnostic startup option under the General tab loads only basic devices and services, which includes essential drivers and network services. This allows minimal boot for troubleshooting while retaining network access for remote support. Selective startup with 'Load system services' unchecked would disable all services, including networking, thus preventing remote access.

Safe Mode with Networking is a boot option but is not a setting within msconfig; the question explicitly requires using the System Configuration tool.

608
MCQmedium

A company's Android devices are failing to connect to the corporate email server after a security policy update. The devices show 'Authentication failed' for the email app. What is the most likely cause?

A.The devices need a factory reset to clear cached credentials.
B.The email app's server settings (IMAP/POP/SMTP) are no longer correct.
C.The SIM cards are deactivated.
D.The devices are infected with malware that blocks email.
AnswerB

Security policy updates often change server addresses or require SSL/TLS; incorrect settings cause authentication failure.

Why this answer

After a security policy update, authentication failures often stem from outdated or incorrect server settings. The most common change is an updated server address or port. The technician should verify the incoming/outgoing server settings in the email app.

609
MCQeasy

A user reports that after a recent Windows update, their laptop takes significantly longer to boot and they see a message about 'Preparing Automatic Repair' before the login screen appears. You need to access the advanced startup options to disable automatic restart on system failure. Which tool or feature should you use to boot into the Windows Recovery Environment (WinRE) from a running system?

A.Boot from a Windows installation USB and select 'Repair your computer'.
B.Press F8 repeatedly during boot to access advanced boot options.
C.Hold the Shift key while clicking Restart from the Start menu power options.
D.Open the System Configuration tool (msconfig) and set the boot to 'Safe Mode' under the Boot tab.
AnswerC

This is the standard built-in method to boot directly into WinRE without external media.

Why this answer

Option C is correct because holding the Shift key while clicking Restart forces the system to boot directly into the Windows Recovery Environment (WinRE) without needing installation media. This method leverages the built-in boot configuration data (BCD) to load the recovery tools, including the option to disable automatic restart on system failure under advanced startup settings.

Exam trap

The trap here is that candidates may confuse the deprecated F8 method (Option B) with the modern Shift+Restart method, or assume that msconfig (Option D) can directly launch WinRE, when in fact it only configures Safe Mode boot options.

How to eliminate wrong answers

Option A is wrong because booting from a Windows installation USB and selecting 'Repair your computer' is a valid way to access WinRE, but it requires external media and is not the most direct method from a running system; the question specifies 'from a running system,' making this an unnecessary extra step. Option B is wrong because pressing F8 during boot to access advanced boot options was deprecated in Windows 8 and later; modern Windows systems use a fast startup process that makes F8 unreliable, and it does not reliably lead to WinRE. Option D is wrong because opening the System Configuration tool (msconfig) and setting the boot to 'Safe Mode' under the Boot tab only configures the system to boot into Safe Mode on the next restart, not into WinRE, and it does not provide access to the advanced startup options needed to disable automatic restart on system failure.

610
MCQhard

A server administrator notices that an unauthorized user has been accessing sensitive data by exploiting a vulnerability in a web application. The application was recently updated. What is the most likely cause of this security incident?

A.Weak password policy
B.Zero-day vulnerability
C.Misconfigured firewall
D.Social engineering attack
AnswerB

A zero-day vulnerability is an unpatched flaw that attackers can exploit, which fits the scenario of a recent update not addressing it.

Why this answer

The correct answer is B because the question states the application was recently updated, which implies the vulnerability was unknown to the vendor at the time of the update. A zero-day vulnerability is a flaw that is exploited before the vendor has released a patch, making it the most likely cause when an update fails to protect against a newly discovered attack vector.

Exam trap

The CompTIA A+ exam often tests the distinction between a vulnerability that is exploited before a patch exists (zero-day) and a vulnerability that exists despite an update (e.g., unpatched known vulnerability), so candidates may incorrectly choose a misconfiguration or weak password when the key clue is the recent update failing to prevent the exploit.

How to eliminate wrong answers

Option A is wrong because a weak password policy would typically lead to credential-based attacks (e.g., brute force or password spraying), not exploitation of a web application vulnerability. Option C is wrong because a misconfigured firewall would usually expose network services or allow unauthorized traffic at the network layer, not directly enable exploitation of an application-layer vulnerability in the web app itself. Option D is wrong because a social engineering attack relies on manipulating human behavior (e.g., phishing or pretexting) to gain access, not on exploiting a technical flaw in the application code.

611
MCQmedium

A user calls the help desk because they received a pop-up on their screen claiming their computer is infected with a virus and to call a toll-free number for immediate support. The user did not call the number. What should the technician advise the user to do?

A.Call the number to see if it's legitimate.
B.Ignore the pop-up and continue working.
C.Close the pop-up and run a full antivirus scan.
D.Reboot the computer immediately.
AnswerC

The safest action is to close the pop-up (using Task Manager if necessary) and run a security scan to check for any malware that may have been downloaded.

Why this answer

Option C is correct because the pop-up is a classic tech support scam, a form of social engineering. The user should close the pop-up (e.g., using Task Manager or Alt+F4) and immediately run a full antivirus scan to detect and remove any potential malware that may have triggered the pop-up or been downloaded in the background. This ensures the system is cleaned and prevents further compromise.

Exam trap

The trap here is that candidates may confuse a tech support scam pop-up with a legitimate security warning and think calling the number or rebooting is the correct response, but CompTIA emphasizes that the proper procedure is to never engage with the scam and to run a security scan to ensure the system is clean.

How to eliminate wrong answers

Option A is wrong because calling the toll-free number would connect the user to a malicious actor who would attempt to gain remote access or extract payment, directly falling for the social engineering attack. Option B is wrong because ignoring the pop-up and continuing working leaves the system vulnerable; the pop-up may be a symptom of an active infection or a drive-by download, and ignoring it does not address the underlying threat. Option D is wrong because rebooting the computer immediately may allow persistent malware (e.g., a rootkit or scheduled task) to reinitiate the scam pop-up upon startup, and it does not remove the malicious software.

612
MCQmedium

After installing a new application, a user reports that their default web browser keeps changing to a different one without their consent. Which Windows feature can you use to prevent applications from changing file associations and default programs?

A.Programs and Features
B.Default Programs (Control Panel)
C.Local Group Policy Editor
D.Registry Editor
AnswerC

Group Policy can enforce 'Set a default associations configuration file' to lock file associations and prevent changes by users or apps.

Why this answer

The Local Group Policy Editor (gpedit.msc) allows administrators to configure the 'Set a default associations configuration file' policy under Computer Configuration > Administrative Templates > Windows Components > File Explorer. When enabled, this policy prevents applications from changing file associations and default programs by locking the association file, overriding any user or application changes. This is the correct tool for enforcing system-wide control over default programs in Windows 10/11 Pro, Enterprise, or Education editions.

Exam trap

CompTIA often tests the misconception that Default Programs in Control Panel can lock associations, but it only provides a manual interface for setting them without any enforcement mechanism against application changes.

How to eliminate wrong answers

Option A is wrong because Programs and Features is used to uninstall, change, or repair installed programs, not to prevent applications from changing file associations or default programs. Option B is wrong because Default Programs in Control Panel allows users to manually set file associations and default programs, but it does not prevent other applications from changing them afterward. Option D is wrong because Registry Editor (regedit) can be used to manually modify association keys (e.g., HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations), but it does not provide a built-in mechanism to lock or prevent changes by other applications.

613
MCQmedium

A user reports that they clicked a link in a text message that appeared to be from their bank, warning of suspicious activity. The link led to a realistic-looking login page, but the user realized it was fake after entering their credentials. What type of social engineering attack is this?

A.Vishing
B.Smishing
C.Pharming
D.Pretexting
AnswerB

Smishing is the correct term for SMS-based phishing attacks.

Why this answer

Smishing (SMS phishing) is the correct classification because the attack vector is a text message (SMS) containing a link to a fraudulent website. The user received the message on their mobile device, clicked the link, and entered credentials on a fake login page, which is the hallmark of smishing. Unlike vishing (voice phishing), this attack uses text-based messaging to deliver the malicious link.

Exam trap

The CompTIA A+ exam often tests the distinction between smishing and vishing by focusing on the delivery method (SMS vs. voice), so candidates mistakenly choose vishing when they see 'text message' but focus on the 'warning of suspicious activity' pretext rather than the medium.

How to eliminate wrong answers

Option A (Vishing) is wrong because vishing involves voice calls or voicemail messages that trick victims into revealing information, not text messages with links. Option C (Pharming) is wrong because pharming redirects users from legitimate websites to fraudulent ones via DNS poisoning or local host file manipulation, without requiring the user to click a link in a message. Option D (Pretexting) is wrong because pretexting relies on fabricating a scenario (pretext) to obtain information, typically through direct conversation or impersonation, not via a link in a text message.

614
MCQhard

A company's security policy mandates that all wireless traffic must be encrypted using a protocol that is resistant to KRACK attacks. The current network uses WPA2-PSK with AES. Which of the following upgrades should be implemented to meet this requirement?

A.Change the encryption from AES to TKIP.
B.Enable WPA2-Enterprise with 802.1X.
C.Upgrade to WPA3-Personal.
D.Implement MAC address filtering.
AnswerC

WPA3 uses SAE, which is resistant to KRACK attacks because it uses a different handshake process that prevents key reinstallation.

Why this answer

WPA3-Personal replaces the Pre-Shared Key (PSK) handshake with Simultaneous Authentication of Equals (SAE), which is resistant to offline dictionary attacks and the KRACK vulnerability that exploits the 4-way handshake in WPA2. Since the policy requires encryption resistant to KRACK attacks, upgrading to WPA3-Personal directly addresses this requirement.

Exam trap

Cisco often tests the misconception that changing authentication methods (e.g., from PSK to 802.1X) fixes protocol-level vulnerabilities like KRACK, when in fact the underlying handshake protocol (WPA2) remains the same and still vulnerable.

How to eliminate wrong answers

Option A is wrong because TKIP is an older, less secure encryption protocol that is also vulnerable to KRACK attacks and is deprecated in favor of AES. Option B is wrong because WPA2-Enterprise with 802.1X still uses the same WPA2 4-way handshake, which is susceptible to KRACK attacks; it changes authentication but not the underlying handshake vulnerability. Option D is wrong because MAC address filtering is a basic access control mechanism that does not encrypt traffic and provides no protection against KRACK or any encryption-based attack.

615
MCQmedium

A user reports that their Windows 11 laptop can see the office Wi-Fi network but fails to connect, displaying 'Can't connect to this network'. Other users with the same laptop model connect without issues. The network uses WPA2-PSK with AES. What should you check first?

A.Update the wireless adapter driver.
B.Change the router's security protocol to WPA3.
C.Forget the network on the laptop and reconnect by entering the passphrase again.
D.Disable the firewall on the laptop.
AnswerC

This clears any incorrect saved credentials and allows the user to enter the correct passphrase, resolving authentication mismatches.

Why this answer

A mismatch in the saved passphrase is a common cause of connection failures when the network is visible. The correct answer is to forget the network and re-enter the correct passphrase. This tests troubleshooting skills for wireless authentication issues.

616
MCQhard

A user's browser is infected with a malicious extension that steals credentials. The extension was installed via a drive-by download from a compromised website. After removing the extension, what additional step should you take to ensure the credentials are not compromised?

A.Clear the browser cache and cookies
B.Run a full antivirus scan
C.Reset the browser settings to default
D.Change all passwords that were entered while the extension was active
AnswerD

Since credentials may have been captured, changing passwords is essential to prevent unauthorized access.

Why this answer

Option D is correct because a malicious browser extension that steals credentials has already exfiltrated any passwords entered while it was active. Removing the extension stops further theft, but the compromised credentials remain exposed. Changing all passwords ensures that stolen credentials are invalidated, preventing unauthorized access to accounts.

Exam trap

CompTIA often tests the misconception that removing the malicious component or clearing local data is sufficient, when in fact the attacker already has the stolen credentials and only changing passwords remediates the actual compromise.

How to eliminate wrong answers

Option A is wrong because clearing the browser cache and cookies removes local data like session tokens or stored form entries, but does not address credentials that were already sent to an attacker via the extension. Option B is wrong because running a full antivirus scan targets malware on the system, but the malicious extension has already been removed; the core issue is the theft of credentials, not persistent malware. Option C is wrong because resetting browser settings to default removes configurations and extensions, which is redundant after removal, but does not change passwords that were already compromised.

617
Multi-Selecthard

A security incident occurred when an employee disposed of a hard drive by throwing it in the trash. The hard drive contained unencrypted customer data. Which two practices should have been followed to prevent this environmental and security breach? (Choose two.)

Select 2 answers
A.Degauss the hard drive before disposal.
B.Place the hard drive in a secure shredding bin for e-waste.
C.Perform a quick format of the drive before disposal.
D.Delete the files and empty the Recycle Bin.
AnswersA, B

Degaussing destroys the magnetic data, making it unrecoverable, and is a proper sanitization method.

Why this answer

Option A is correct because degaussing a hard drive uses a strong magnetic field to disrupt the magnetic domains on the platters, rendering the data permanently unrecoverable. This is a NIST SP 800-88 approved method for sanitizing magnetic media and ensures that unencrypted customer data cannot be retrieved after disposal.

Exam trap

CompTIA often tests the misconception that a quick format or file deletion is sufficient for data sanitization, when in reality these actions only remove logical pointers and leave the underlying data fully recoverable.

618
MCQmedium

A small business owner wants to ensure that all company laptops are protected in case of theft. They need a solution that encrypts the entire hard drive and requires a pre-boot PIN. Which security feature should you implement?

A.Enable EFS (Encrypting File System) on the Documents folder.
B.Set a BIOS password.
C.Enable BitLocker with a TPM + startup PIN.
D.Install a third-party antivirus with encryption.
AnswerC

BitLocker with TPM + PIN provides full disk encryption and requires a PIN before Windows loads, meeting the requirement.

Why this answer

BitLocker with a TPM + startup PIN provides full-disk encryption and requires a pre-boot authentication PIN, meeting the requirement to protect the entire hard drive in case of theft. The TPM validates system integrity, and the PIN must be entered before the OS loads, preventing unauthorized access even if the drive is removed.

Exam trap

The trap here is that candidates often confuse EFS with full-disk encryption or assume a BIOS password alone secures data, but only BitLocker with TPM + startup PIN provides the required pre-boot authentication and full-drive encryption.

How to eliminate wrong answers

Option A is wrong because EFS encrypts individual files or folders, not the entire hard drive, and does not require a pre-boot PIN; it operates at the file system level after the OS loads. Option B is wrong because a BIOS password only prevents unauthorized users from changing BIOS settings or booting the system, but it does not encrypt the hard drive, leaving data accessible if the drive is removed. Option D is wrong because third-party antivirus with encryption typically offers file-level or folder-level encryption, not full-disk encryption with pre-boot authentication, and antivirus software focuses on malware detection, not drive encryption.

619
MCQeasy

A customer reports that their office printer is emitting a strong, acrid smell and producing distorted prints. The printer uses a fuser unit that has been in service for five years. What should you recommend as the most environmentally responsible action?

A.Replace the entire printer with a new Energy Star model.
B.Replace only the fuser unit and recycle the old one through a certified e-waste recycler.
C.Continue using the printer until it fails completely.
D.Disassemble the printer and dispose of all parts in the general trash.
AnswerB

The fuser is a replaceable consumable; recycling it properly reduces waste and is environmentally responsible.

Why this answer

Option B is correct because the fuser unit is a consumable component that degrades over time, and replacing only the faulty fuser while recycling the old one through a certified e-waste recycler minimizes electronic waste. This approach addresses the root cause (a worn-out fuser) without discarding the entire printer, which would generate unnecessary e-waste and violate environmental best practices.

Exam trap

CompTIA often tests the misconception that a failing component always requires full device replacement, but the trap here is that candidates overlook the environmental impact of e-waste and fail to recognize that consumable parts like fusers are designed to be replaced individually.

How to eliminate wrong answers

Option A is wrong because replacing the entire printer with a new Energy Star model is unnecessarily wasteful; the printer itself is likely still functional, and only the fuser unit needs replacement. Option C is wrong because continuing to use the printer until it fails completely poses a fire hazard from the overheating fuser and may cause further damage to other components, increasing waste and repair costs. Option D is wrong because disposing of all parts in general trash violates e-waste regulations and environmental guidelines, as printer components contain hazardous materials like lead and mercury that require proper recycling.

620
MCQeasy

A user reports that their Windows 10 PC is running slowly and they see many background processes in Task Manager. You need to identify which processes are consuming the most CPU and memory resources without installing any additional software. Which built-in Windows tool should you use?

A.Performance Monitor
B.Resource Monitor
C.Task Manager
D.System Configuration (msconfig)
AnswerC

Task Manager lists all running processes and their CPU/memory usage, allowing you to sort and identify high-consumption processes.

Why this answer

Task Manager (Option C) is the correct built-in tool because it provides a real-time, sortable list of all running processes, displaying their CPU and memory usage directly on the Processes tab. This allows you to quickly identify which processes are consuming the most resources without needing to install additional software, as the user specifically requested.

Exam trap

The trap here is that candidates often confuse Resource Monitor (Option B) as the primary tool for resource monitoring, but the question asks for the tool to 'identify which processes are consuming the most CPU and memory resources' without installing software, and Task Manager is the immediate, built-in solution for that specific task.

How to eliminate wrong answers

Option A is wrong because Performance Monitor is a tool for logging and analyzing performance counters over time, not for viewing real-time per-process CPU and memory usage in a simple list. Option B is wrong because Resource Monitor offers more detailed per-process resource data (including disk and network), but it is not the primary tool for a quick, immediate identification of top resource consumers; Task Manager is the first-line tool for this task. Option D is wrong because System Configuration (msconfig) is used to manage startup programs, boot options, and services, not to monitor current CPU or memory consumption of running processes.

621
MCQhard

A technician is tasked with disposing of a failed SSD that contains encrypted financial records. The SSD is non-functional and cannot be powered on. Which method should the technician use to ensure data is destroyed?

A.Use a degausser on the SSD.
B.Perform a secure erase command via SATA interface.
C.Physically shred the SSD using an industrial shredder.
D.Overwrite the SSD with a data wiping tool on another computer.
AnswerC

Physical destruction ensures the NAND chips are broken into small pieces, making data recovery impossible.

Why this answer

The SSD is non-functional and cannot be powered on, so any software-based method (secure erase, overwriting) is impossible. Physical destruction via an industrial shredder is the only reliable way to ensure the encrypted financial records are unrecoverable from a dead SSD, as it physically breaks the NAND chips beyond repair.

Exam trap

The trap here is that candidates assume a degausser works on all storage devices, but SSDs are not magnetic media and degaussing has no effect on NAND flash memory.

How to eliminate wrong answers

Option A is wrong because degaussers use a strong magnetic field to erase data on magnetic media (HDDs), but SSDs store data electrically in NAND flash cells and are not affected by magnetic fields; degaussing will not destroy the data and may leave the SSD physically intact. Option B is wrong because a secure erase command requires the SSD to be powered on and functional to execute the ATA Secure Erase command via the SATA interface; a non-functional SSD cannot communicate or execute any command. Option D is wrong because overwriting with a data wiping tool requires the SSD to be connected to another computer and powered on to write new data over the existing data; a dead SSD cannot be recognized or written to.

622
MCQeasy

During a software deployment, you need to ensure that a legacy application always runs with administrative privileges, even for standard users. How can you configure this using Windows built-in tools?

A.Set the application's shortcut to 'Run as administrator' in the Compatibility tab
B.Disable User Account Control (UAC) in the Control Panel
C.Add the user to the local Administrators group
D.Use the 'Run as different user' option from the Shift+right-click menu
AnswerA

This setting forces the application to request elevation every time it runs, which works if the user has the necessary credentials.

Why this answer

Option A is correct because the Compatibility tab in a shortcut's properties allows you to set the 'Run as administrator' flag, which embeds a compatibility manifest that prompts for elevation via UAC when the application is launched. This ensures the legacy application always runs with administrative privileges, even for standard users, by triggering a credential prompt for an administrator account.

Exam trap

CompTIA often tests the misconception that disabling UAC or adding users to the Administrators group is the correct way to grant admin rights to a single application, when the targeted 'Run as administrator' shortcut setting is the proper built-in method.

How to eliminate wrong answers

Option B is wrong because disabling UAC globally would remove the elevation prompt, but the application would still run with the user's limited privileges, not administrative rights, and it weakens system security. Option C is wrong because adding a standard user to the local Administrators group grants permanent administrative rights to the entire user account, which is excessive and violates the principle of least privilege; it is not a targeted solution for a single application. Option D is wrong because 'Run as different user' allows running an application under a different user account, but it does not automatically grant administrative privileges; the specified user must already have the necessary rights, and it requires manual intervention each time.

623
MCQmedium

A user calls the help desk complaining that they cannot change their Windows 10 password even though they know the current password. The user is a member of the 'Users' group on a domain-joined computer. What is the most likely cause?

A.The user does not have 'Change Password' permission on their own account.
B.The 'User must change password at next logon' flag is set.
C.The 'Password must meet complexity requirements' policy is preventing the new password from being accepted.
D.The local Security Accounts Manager (SAM) database is corrupted.
AnswerC

If the new password does not meet complexity requirements (e.g., length, character types), the system will reject the change even if the user knows the current password.

Why this answer

Option C is correct because the user is a member of the 'Users' group on a domain-joined computer, which means password changes are subject to the domain's password policy, not local policies. The 'Password must meet complexity requirements' policy is enforced by the domain controller via Group Policy, and if the new password fails to meet those requirements (e.g., insufficient length, lack of uppercase/lowercase/digits/special characters), the change will be rejected even though the user knows the current password. This is the most likely cause given the user can authenticate but cannot set a compliant new password.

Exam trap

CompTIA often tests the misconception that password change failures are due to permission issues (Option A) or local account problems (Option D), when in fact domain-joined computers rely on domain policies that override local settings, making complexity requirements the primary culprit.

How to eliminate wrong answers

Option A is wrong because by default, all users have the 'Change Password' permission on their own Active Directory account; this permission is inherent and cannot be removed without explicit delegation changes, which are rare and not implied. Option B is wrong because the 'User must change password at next logon' flag forces a password change at next logon, but it does not prevent the user from changing their password when they know the current one; in fact, it prompts the change. Option D is wrong because the local SAM database is not used for authentication on a domain-joined computer; authentication is handled by the domain controller, and a corrupted SAM would affect local logon, not domain password changes.

624
MCQmedium

A company is migrating from Workgroup to Domain. After joining a Windows 10 computer to the domain, users report that they can no longer log on using their local user accounts. What setting in Local Security Policy is most likely causing this behavior?

A.The 'Network access: Do not allow anonymous enumeration of SAM accounts' policy
B.The 'Deny log on locally' user rights assignment includes the 'Guests' group
C.The 'Deny log on locally' user rights assignment includes the 'Users' group
D.The 'Interactive logon: Do not display last user name' policy is enabled
AnswerC

If the domain policy adds the 'Users' group to this setting, it will block all local user accounts (which are members of the local Users group) from logging on interactively.

Why this answer

When a Windows 10 computer is joined to a domain, the default Local Security Policy setting for 'Deny log on locally' includes the 'Users' group. This prevents local user accounts (which are members of the local Users group) from logging on interactively, forcing users to use domain accounts instead. The behavior stops after the computer is joined because the policy is applied by default to enforce domain authentication.

Exam trap

The exam often tests the misconception that local user accounts are denied logon due to network-level restrictions (like SAM enumeration) or display settings, rather than the specific user rights assignment that explicitly blocks interactive logon for the local Users group.

How to eliminate wrong answers

Option A is wrong because 'Network access: Do not allow anonymous enumeration of SAM accounts' controls anonymous access to SAM account names, not interactive logon rights for local users. Option B is wrong because the 'Guests' group is already denied logon by default, but local user accounts are not members of Guests; they are members of Users, so this setting does not affect them. Option D is wrong because 'Interactive logon: Do not display last user name' only controls whether the last logged-on username is shown on the login screen, not whether local accounts can log on at all.

625
MCQhard

A technician is called to a user's desk for a 'printer issue.' Upon arrival, the user is on a phone call and waves dismissively at the technician. The technician waits for two minutes, but the user continues their call. What should the technician do?

A.Stand silently until the user finishes the call, even if it takes a long time.
B.Leave a note on the desk saying you were there and will return later, then check back in 15 minutes.
C.Interrupt the call to say you'll come back later.
D.Close the ticket as 'user not available' and move on to the next task.
AnswerB

This respects the user's current activity, documents the visit, and offers a clear follow-up, demonstrating professionalism.

Why this answer

Option B is correct because it demonstrates professional respect for the user's current activity while ensuring the issue is addressed. Leaving a note and returning in 15 minutes maintains a service-level commitment without disrupting the user's call, aligning with CompTIA's best practices for customer communication and time management in a support scenario.

Exam trap

The trap here is that candidates may choose Option D (close the ticket) thinking it is efficient, but CompTIA emphasizes that closing a ticket without user consent or follow-up is unprofessional and violates the core principle of customer service.

How to eliminate wrong answers

Option A is wrong because standing silently for an indefinite period wastes technician time and does not proactively manage the support queue; it fails to balance efficiency with customer service. Option C is wrong because interrupting the user's call is unprofessional and could escalate frustration, violating the principle of respecting the user's current engagement. Option D is wrong because closing the ticket as 'user not available' without attempting to reschedule abandons the support request prematurely, which is poor practice and could lead to unresolved issues and negative user experience.

626
MCQeasy

A customer reports that their Windows 10 laptop is running slowly and they suspect a program is using too much memory. They ask you to check the system's resource usage. Which built-in Windows tool would you use to view real-time memory, CPU, and disk usage?

A.Resource Monitor
B.Task Manager
C.Performance Monitor
D.System Configuration (msconfig)
AnswerB

Task Manager shows real-time CPU, memory, disk, and network usage in the Performance tab, making it the quickest tool for this scenario.

Why this answer

Task Manager provides a real-time overview of system performance, including memory, CPU, and disk usage, making it the ideal tool for diagnosing resource bottlenecks. The Resource Monitor offers more detailed data but is accessed from Task Manager, not directly. Performance Monitor and System Configuration are for advanced logging and startup management, respectively.

627
MCQmedium

A technician is configuring a new employee's workstation. The employee mentions that a 'friendly IT guy' from the help desk called earlier and asked for their username and temporary password to 'pre-setup the account'. The employee provided the information. What should the technician do first?

A.Proceed with the setup as planned, since the employee already provided the info.
B.Reset the employee's password and report the incident to the security team.
C.Call the help desk to verify if they made the call.
D.Tell the employee it was likely a test and to ignore it.
AnswerB

The correct response is to immediately reset the compromised password and report the social engineering attempt to the security team so they can investigate and prevent further attacks.

Why this answer

Option B is correct because the employee has already fallen victim to a social engineering attack (phishing or vishing). The technician must immediately reset the compromised password to prevent unauthorized access and report the incident to the security team so they can investigate and mitigate further risk. This follows the principle of least privilege and incident response best practices for credential compromise.

Exam trap

CompTIA A+ often tests the candidate's ability to prioritize containment over verification or investigation, as many students mistakenly choose to verify the call (Option C) instead of immediately resetting the compromised credentials.

How to eliminate wrong answers

Option A is wrong because proceeding with the setup ignores the clear security breach, allowing the attacker to potentially use the stolen credentials to access the network or sensitive resources. Option C is wrong because calling the help desk wastes critical time and may tip off the attacker if the call was indeed from a malicious actor; the priority is to contain the breach by resetting the password and reporting. Option D is wrong because telling the employee to ignore the incident dismisses a real threat and fails to follow proper security protocols, leaving the account vulnerable.

628
MCQeasy

A user calls the help desk frustrated because their laptop will not connect to the company Wi-Fi. They say they have tried restarting the laptop but it still does not work. The technician suspects the wireless adapter driver may be corrupt. What is the best first step for the technician to take?

A.Remotely reinstall the wireless adapter driver.
B.Ask the user if they see any error messages or if other devices connect to the Wi-Fi.
C.Tell the user to bring the laptop to the IT office for a physical inspection.
D.Escalate the ticket to the network team immediately.
AnswerB

This gathers critical information to narrow down the problem, showing professionalism and effective troubleshooting.

Why this answer

This question tests the concept of active listening and gathering information before jumping to solutions. The correct answer is to ask clarifying questions to understand the issue fully, which ensures the technician does not waste time on incorrect assumptions.

629
MCQeasy

A technician is disposing of a stack of CDs and DVDs that contain backup data from a medical office. The media are labeled with patient information. Which method should the technician use to destroy the data?

A.Use a degausser on each disc.
B.Scratch the surface of each disc with a key.
C.Use a cross-cut shredder that accepts optical discs.
D.Place the discs in a microwave for 10 seconds.
AnswerC

Cross-cut shredding reduces discs to small pieces, ensuring data is physically destroyed and unrecoverable.

Why this answer

Option C is correct because a cross-cut shredder that accepts optical discs physically destroys the media into small pieces, making data recovery impossible. This method is compliant with HIPAA requirements for destroying protected health information (PHI) on CDs and DVDs, as it renders the data irrecoverable through physical destruction.

Exam trap

CompTIA often tests the misconception that degaussing works on all storage media, but the trap here is that optical discs are non-magnetic, so candidates who confuse magnetic media destruction with optical media destruction will incorrectly choose Option A.

How to eliminate wrong answers

Option A is wrong because degaussers use a strong magnetic field to erase data on magnetic media (e.g., hard drives, tapes), but optical discs like CDs and DVDs store data as physical pits and lands on a reflective layer, not magnetically, so a degausser has no effect on them. Option B is wrong because scratching the surface with a key only damages a small portion of the disc; data can still be read from unscratched areas using specialized software, leaving patient information recoverable. Option D is wrong because microwaving discs for 10 seconds may cause physical damage but is unreliable and dangerous—it can create toxic fumes, fire hazards, and may not fully destroy all data layers, especially on dual-layer DVDs, leaving residual data potentially recoverable.

630
MCQhard

An IT manager wants to implement a data destruction policy that meets the U.S. Department of Defense (DoD) 5220.22-M standard for top-secret data. The drives are HDDs and will be reused within the organization. Which method is required?

A.Perform a single overwrite with zeros.
B.Use a degausser and then reformat the drive.
C.Run a three-pass overwrite (zeros, ones, random).
D.Physically destroy the drive with a hammer.
AnswerC

The DoD 5220.22-M standard for top-secret data specifies a three-pass overwrite to ensure data is unrecoverable.

Why this answer

The DoD 5220.22-M standard for top-secret data requires a three-pass overwrite (zeros, ones, and a random character) to ensure that residual magnetic data is unrecoverable. Since the drives are HDDs and will be reused, overwriting is the appropriate method because it sanitizes the media without destroying it. A single overwrite or degaussing would not meet the three-pass requirement, and physical destruction would prevent reuse.

Exam trap

The CompTIA A+ exam often tests the misconception that a single overwrite or degaussing is sufficient for top-secret data, but the DoD 5220.22-M standard explicitly requires three passes for that classification level.

How to eliminate wrong answers

Option A is wrong because a single overwrite with zeros does not meet the DoD 5220.22-M standard, which mandates three passes for top-secret data. Option B is wrong because degaussing renders the drive unusable (it erases the servo tracks), preventing reuse, and the standard requires overwriting, not degaussing, for reusable media. Option D is wrong because physical destruction with a hammer prevents reuse, which contradicts the requirement that the drives will be reused within the organization.

631
MCQmedium

A technician is writing a PowerShell script to check the status of a Windows service on multiple remote computers. The script must output the service name and status for each computer where the service is running. Which cmdlet combination should the technician use to achieve this?

A.Get-Service -ComputerName $computers | Where-Object {$_.Status -eq 'Running'}
B.Invoke-Command -ComputerName $computers -ScriptBlock {Get-Service} | Select-Object Status
C.Get-WmiObject Win32_Service -ComputerName $computers | Where-Object {$_.State -eq 'Running'}
D.Get-Service -Name * -ComputerName $computers | Format-Table -AutoSize
AnswerA

This correctly retrieves services from remote computers and filters for running services.

Why this answer

Option A is correct because Get-Service with the -ComputerName parameter can query multiple remote computers directly, and piping its output to Where-Object with the condition {$_.Status -eq 'Running'} filters only services whose Status property equals 'Running'. This meets the requirement to output the service name and status for each computer where the service is running, as Get-Service returns objects containing both Name and Status properties by default.

Exam trap

CompTIA often tests the distinction between Get-Service and Get-WmiObject Win32_Service, where candidates confuse the property names 'Status' vs 'State' and the correct filtering syntax, leading them to choose option C despite its deprecated status and incorrect property reference.

How to eliminate wrong answers

Option B is wrong because Invoke-Command -ScriptBlock {Get-Service} returns service objects from remote computers, but Select-Object Status only outputs the Status property, omitting the service name required by the task. Option C is wrong because Get-WmiObject Win32_Service uses the State property (not Status) to check if a service is running, and the condition {$_.State -eq 'Running'} is incorrect; the correct property value is 'Running' but the property name is 'State', not 'Status', and the cmdlet is deprecated in favor of Get-CimInstance. Option D is wrong because Format-Table -AutoSize only formats the output for display but does not filter for running services; it would output all services regardless of their status, failing to meet the requirement to check only where the service is running.

632
MCQeasy

A user reports that their Windows 10 laptop shows a 'Your license will expire soon' watermark on the desktop, even though they purchased a retail license key. You need to resolve the activation issue. Which Control Panel applet should you use first?

A.Device Manager
B.System
C.Programs and Features
D.User Accounts
AnswerB

The System applet displays Windows edition, activation status, and allows you to change the product key or activate Windows.

Why this answer

The System applet (Control Panel > System) provides direct access to the Windows activation status and the 'Change product key' option. Since the user already has a retail license key, the first troubleshooting step is to verify the current activation state and re-enter the key via this applet, which triggers a re-activation with Microsoft's licensing servers.

Exam trap

The trap here is that candidates may confuse activation issues with driver or user account problems, leading them to Device Manager or User Accounts, when the correct first step is always to check the System applet for activation status and key entry.

How to eliminate wrong answers

Option A is wrong because Device Manager is used to manage hardware drivers and devices, not software licensing or activation. Option C is wrong because Programs and Features is for uninstalling or modifying installed applications, not for managing Windows activation or product keys. Option D is wrong because User Accounts handles user profile settings, passwords, and credentials, but does not provide any interface for Windows license activation or product key entry.

633
MCQhard

A user's iPhone is experiencing random restarts and app crashes after installing a new configuration profile for email. The technician needs to remove the profile but cannot find it in Settings. What should the technician check?

A.Check Settings > General > VPN & Device Management
B.Reset the iPhone's network settings
C.Use iTunes to restore the iPhone from a backup
D.Disable iCloud Keychain
AnswerA

This is the correct location to view and remove configuration profiles on iOS.

Why this answer

Configuration profiles are managed under Settings > General > VPN & Device Management. When a profile is installed (e.g., for email), it appears in this section, not in the main Settings list. If the profile is missing from the expected location, the technician should check here first to remove it and resolve the random restarts and app crashes.

Exam trap

CompTIA A+ often tests the misconception that configuration profiles are managed like regular app settings or can be removed via network resets or iCloud toggles, when in fact they require the dedicated VPN & Device Management path.

How to eliminate wrong answers

Option B is wrong because resetting network settings clears Wi-Fi passwords and cellular settings but does not remove installed configuration profiles, which are stored separately in the device management area. Option C is wrong because restoring from a backup would reintroduce the problematic profile if it was included in that backup, failing to resolve the issue. Option D is wrong because disabling iCloud Keychain affects password and credit card syncing, not the installation or removal of configuration profiles.

634
MCQmedium

A technician is configuring a wireless network for a new office. The network must support legacy devices that only support WPA-TKIP, but the technician also wants to maximize security for modern devices. Which configuration should the technician use?

A.Enable WPA3-SAE for all devices.
B.Use WPA2-PSK with TKIP encryption.
C.Configure the router for WPA2-PSK with AES and enable WPA-TKIP as a fallback.
D.Set up a separate SSID with WPA-TKIP for legacy devices and another SSID with WPA2-AES for modern devices.
AnswerD

This isolates legacy devices on a less secure network while allowing modern devices to use the stronger encryption.

Why this answer

Option D is correct because it isolates legacy WPA-TKIP devices on a separate SSID, preventing the weaker TKIP encryption from compromising the security of modern devices. Modern devices can then connect to a second SSID using WPA2-AES, which provides strong encryption (CCMP) and is not vulnerable to TKIP-specific attacks like Michael MIC exhaustion. This approach satisfies both requirements without forcing all devices onto a single, less secure configuration.

Exam trap

CompTIA often tests the misconception that a mixed-mode SSID (WPA2 with TKIP fallback) is a safe compromise, when in fact it can force all clients to use weaker encryption or cause performance degradation, making separate SSIDs the correct approach for legacy support without compromising modern security.

How to eliminate wrong answers

Option A is wrong because WPA3-SAE is not backward compatible with WPA-TKIP legacy devices; those devices would be unable to connect at all. Option B is wrong because using WPA2-PSK with TKIP encryption forces all devices to use the weaker TKIP protocol, which is deprecated and vulnerable to attacks, and does not maximize security for modern devices. Option C is wrong because configuring WPA2-PSK with AES and enabling WPA-TKIP as a fallback typically forces the router to support a mixed mode (WPA2/WPA mixed) that allows TKIP connections on the same SSID, which can downgrade security for all clients due to TKIP's known weaknesses and the potential for compatibility issues with 802.11n and higher data rates.

635
MCQeasy

During a routine security audit, you discover that several user accounts on a Windows 10 workstation have local administrator privileges when they should only be standard users. You need to quickly review and modify user account types from the command line. Which built-in tool should you use?

A.lusrmgr.msc (Local Users and Groups MMC)
B.net user
C.net localgroup
D.diskpart
AnswerC

Net localgroup allows you to add or remove users from local groups like Administrators from the command line.

Why this answer

The `net localgroup` command is the correct built-in tool for this task because it allows you to both view and modify group memberships from the command line. Specifically, `net localgroup Administrators` lists current members, and `net localgroup Administrators <username> /delete` removes a user from the local Administrators group, effectively demoting them to a standard user. This directly addresses the need to quickly review and change user account types without a GUI.

Exam trap

The trap here is that candidates often confuse `net user` with `net localgroup`, assuming `net user` can change group membership because it manages user accounts, but `net user` only modifies the user object itself, not its group affiliations.

How to eliminate wrong answers

Option A is wrong because `lusrmgr.msc` (Local Users and Groups MMC) is a graphical management console, not a command-line tool, and the question explicitly requires a command-line solution. Option B is wrong because `net user` manages individual user account properties (like password, account expiry) but cannot directly add or remove a user from a local group like Administrators; it lacks the `/add` or `/delete` group membership switches. Option D is wrong because `diskpart` is a disk partitioning tool used for managing disks, volumes, and partitions, and has no functionality for user account or group management.

636
MCQmedium

A technician is tasked with securely connecting a remote office to the main office over the internet. The remote office has 10 users who need access to the same resources as local users. Which of the following remote access methods provides the most secure and scalable solution?

A.Configure port forwarding on the main office router for each required service
B.Set up a site-to-site VPN between the two offices
C.Use Remote Desktop for each user to connect to a workstation at the main office
D.Implement a client-to-site VPN for each user
AnswerB

A site-to-site VPN provides a secure, encrypted connection between entire networks, allowing seamless access for all users.

Why this answer

A site-to-site VPN (often using IPsec or a secure tunnel protocol) creates an encrypted, always-on connection between the two office routers, allowing all 10 users transparent access to the main office resources as if they were on the same LAN. This method is both secure (encrypting all traffic) and scalable (handling multiple users without per-client configuration), making it the best fit for connecting entire networks over the internet.

Exam trap

CompTIA often tests the distinction between site-to-site and client-to-site VPNs, where candidates mistakenly choose client-to-site VPN (Option D) thinking it is more secure per-user, but the question emphasizes 'scalable' and 'connecting a remote office'—a site-to-site VPN is the correct enterprise solution for network-to-network connectivity.

How to eliminate wrong answers

Option A is wrong because port forwarding exposes specific services directly to the internet, creating a large attack surface and requiring manual configuration for each service, which is neither secure nor scalable for multiple users. Option C is wrong because Remote Desktop Protocol (RDP) provides only per-user, per-session access to individual workstations, which is not designed for network-level resource sharing and introduces significant management overhead for 10 users. Option D is wrong because client-to-site VPN requires each user to install and maintain a VPN client, which adds administrative burden and is less scalable than a site-to-site VPN that centralizes the connection at the network edge.

637
MCQmedium

A technician is tasked with setting up power management on 50 company workstations to reduce energy consumption. Users must be able to save work before the computer sleeps. Which power setting should be configured?

A.Set the computer to hibernate after 15 minutes of inactivity.
B.Set the computer to sleep after 30 minutes of inactivity.
C.Disable all power-saving features to ensure maximum performance.
D.Set the monitor to turn off after 5 minutes but keep the computer on.
AnswerB

Sleep uses less power than full operation and wakes quickly, allowing users to save work before the timer expires.

Why this answer

Option B is correct because setting the computer to sleep after 30 minutes of inactivity allows users to save their work before the system enters a low-power state. Sleep keeps the system state in RAM, enabling a quick resume, while still reducing energy consumption. This balances power savings with user control, as the user can manually trigger sleep after saving work.

Exam trap

The trap here is that candidates confuse hibernate with sleep, thinking hibernate is better for power savings, but they overlook the requirement that users must be able to save work before the computer sleeps—hibernate does not provide a user-friendly save prompt and takes longer to resume, making sleep the correct choice for this scenario.

How to eliminate wrong answers

Option A is wrong because hibernate saves the system state to disk and powers off the computer, which takes longer to resume and may cause users to lose unsaved work if they are not prompted to save before the transition. Option C is wrong because disabling all power-saving features would increase energy consumption, directly contradicting the goal of reducing energy usage. Option D is wrong because turning off the monitor alone does not reduce the computer's power draw significantly; the computer remains fully active, wasting energy and not addressing the requirement to save work before sleep.

638
MCQmedium

An iOS user is concerned about a lost iPhone and wants to ensure that if the device is erased, it cannot be reactivated without their Apple ID and password. Which iOS security feature provides this protection?

A.Find My iPhone location tracking.
B.Activation Lock, enabled by Find My iPhone.
C.iCloud Keychain with two-factor authentication.
D.Lost Mode in the Find My app.
AnswerB

Activation Lock is automatically enabled when Find My iPhone is active, and it requires the owner's Apple ID to erase and reactivate the device, deterring theft.

Why this answer

Activation Lock is an iOS security feature that is automatically enabled when Find My iPhone is turned on. It ties the device to the owner's Apple ID, preventing anyone from reactivating the device after it is erased or restored without entering the correct Apple ID and password. Find My iPhone locates the device, but Activation Lock provides the anti-theft protection. iCloud Keychain is for passwords, and Lost Mode locks the device but does not prevent reactivation after a wipe.

639
MCQeasy

A user reports that their MacBook Pro running macOS Ventura suddenly lost all desktop icons and the menu bar is missing. They can still move the cursor and click on open applications. Which macOS feature or tool should you use to restore the desktop and menu bar?

A.Restart the MacBook by holding the power button.
B.Open Activity Monitor and force quit the WindowServer process.
C.Use Force Quit (Cmd+Option+Esc) and select Finder, then click Relaunch.
D.Run the command 'sudo killall Dock' in Terminal.
AnswerC

This is the correct method to restart the Finder process, which controls the desktop, menu bar, and file system display. It is a standard macOS troubleshooting step.

Why this answer

Option C is correct because the Finder process manages the desktop icons and the menu bar in macOS. When the Finder becomes unresponsive or crashes, relaunching it via Force Quet (Cmd+Option+Esc) restores the desktop environment and menu bar without requiring a full system restart. This is the standard troubleshooting step for a hung Finder that still allows cursor movement and interaction with open applications.

Exam trap

Candidates often confuse the Finder and the Dock, mistakenly choosing 'sudo killall Dock' because they think the Dock is responsible for the desktop and menu bar, when in fact the Finder manages those elements.

How to eliminate wrong answers

Option A is wrong because holding the power button performs a forced shutdown, which is overly aggressive and can cause data loss or file system corruption; a normal restart via Apple menu or keyboard shortcut is preferred, but even that is unnecessary when the Finder can be relaunched. Option B is wrong because force quitting the WindowServer process would terminate the entire windowing system, causing all graphical elements (including open applications) to disappear and requiring a login window restart, which is excessive for a Finder-only issue. Option D is wrong because 'sudo killall Dock' only restarts the Dock process, which manages the application dock and not the desktop icons or menu bar; the desktop and menu bar are controlled by the Finder, not the Dock.

640
MCQhard

A security incident has occurred: an employee's workstation was used to access unauthorized websites. The manager wants to review recent web browsing history and application usage. Which administrative tool can provide a comprehensive timeline of user activity on the Windows 10 system?

A.Performance Monitor to create a trace of user actions.
B.Task Scheduler to view past task executions.
C.Event Viewer to examine Security and Application logs for user activity.
D.Local Users and Groups to check user group memberships.
AnswerC

Correct. Event Viewer logs security events (logons) and application events, which can help reconstruct user activity.

Why this answer

Event Viewer is the correct administrative tool because it consolidates Security logs (e.g., event ID 4624 for logons, 4648 for explicit logon attempts) and Application logs that record user activity such as web browsing and application launches. By filtering these logs, a manager can reconstruct a timeline of user actions on the Windows 10 system, including unauthorized website access.

Exam trap

CompTIA often tests the misconception that Performance Monitor can trace user actions because of its name, but it is strictly a performance data collector, not an activity logger.

How to eliminate wrong answers

Option A is wrong because Performance Monitor is designed to collect performance counters and system resource usage data, not to log user activity or web browsing history; it cannot provide a timeline of user actions. Option B is wrong because Task Scheduler only shows scheduled tasks and their execution history, not arbitrary user-initiated activities like web browsing or application usage. Option D is wrong because Local Users and Groups is used to manage user accounts and group memberships, not to audit or review past user activity.

641
MCQeasy

A customer needs to transfer their user profile, documents, and application settings from an old Windows 7 PC to a new Windows 10 PC. Which Windows tool is specifically designed for this purpose?

A.Windows Easy Transfer
B.File History
C.User State Migration Tool (USMT)
D.Windows Backup and Restore
AnswerC

USMT is the correct tool for migrating user profiles, files, and settings between Windows installations in a domain environment.

Why this answer

The User State Migration Tool (USMT) is a command-line utility designed for IT professionals to automate large-scale user state migrations, including user profiles, documents, and application settings, from one Windows OS to another. It supports migration from Windows 7 to Windows 10 and provides granular control over what is transferred via XML configuration files.

Exam trap

A common mistake is thinking Windows Easy Transfer is still available for Windows 7 to Windows 10 migrations, but it was removed after Windows 8. USMT is the correct enterprise-grade tool for this scenario, as it is included in the Windows Assessment and Deployment Kit (ADK).

How to eliminate wrong answers

Option A is wrong because Windows Easy Transfer was deprecated starting with Windows 8 and is not available for migrating from Windows 7 to Windows 10; it was a consumer tool that did not support cross-version migrations in later OS releases. Option B is wrong because File History is a backup feature that only protects personal files in libraries, not user profiles or application settings, and is not designed for migrating to a new PC. Option D is wrong because Windows Backup and Restore creates system image backups or file backups but does not specifically migrate user profiles and application settings to a new operating system version; it is intended for disaster recovery, not user state transfer.

642
MCQhard

A technician is configuring a hybrid cloud environment where an on-premises application needs to securely access a database hosted in a public cloud. The company requires that all traffic between the two environments be encrypted and not traverse the public internet. Which of the following should the technician implement?

A.Configure a site-to-site VPN over the internet
B.Use a dedicated private connection such as a direct cloud provider connection
C.Set up a remote desktop gateway
D.Deploy a cloud-based load balancer
AnswerB

A dedicated private connection provides a direct, private link between on-premises and the cloud, bypassing the public internet and ensuring encryption.

Why this answer

A dedicated private connection (e.g., cloud provider's direct connect service) provides a private, dedicated network link from on-premises to the cloud, bypassing the public internet entirely. This ensures all traffic is encrypted (when combined with IPsec or TLS at the application layer) and does not traverse the public internet, meeting the security and routing requirements.

Exam trap

The trap here is that candidates often assume a site-to-site VPN (Option A) is sufficient because it provides encryption, but they overlook the explicit requirement that traffic must not traverse the public internet, which a VPN over the internet inherently does.

How to eliminate wrong answers

Option A is wrong because a site-to-site VPN over the internet still routes traffic across the public internet, which violates the requirement that traffic not traverse the public internet. Option C is wrong because a remote desktop gateway is designed for remote desktop access (RDP) to individual machines, not for secure, private connectivity between an on-premises application and a cloud database. Option D is wrong because a cloud-based load balancer distributes incoming traffic across multiple instances but does not provide a private, encrypted connection that bypasses the public internet.

643
MCQmedium

An employee's company-issued Android phone is suddenly displaying pop-up ads even when no browser is open. The employee claims they only downloaded apps from the official Google Play Store. Which of the following is the MOST likely cause?

A.The phone's firmware is outdated.
B.A recently installed app has been granted 'Draw over other apps' permission.
C.The phone's Wi-Fi network is infected with malware.
D.The phone's screen has a hardware defect causing ghost touches.
AnswerB

This permission allows apps to display content on top of other apps, which is a common vector for adware.

Why this answer

The 'Draw over other apps' permission allows an app to display content on top of other applications, including the home screen and lock screen. This is a common technique used by adware and malicious apps to serve persistent pop-up ads even when no browser is open, as the app can draw its own window outside of the normal app lifecycle. Since the employee only downloaded from Google Play, this permission abuse is the most likely cause, as even Play Store apps can be granted this permission by the user during installation or runtime.

Exam trap

CompTIA often tests the distinction between network-level threats (like DNS hijacking) and client-side permission abuse, so the trap here is that candidates may assume pop-up ads always come from browser-based malware or network injection, rather than recognizing the 'Draw over other apps' permission as the specific Android mechanism for persistent on-screen overlays.

How to eliminate wrong answers

Option A is wrong because an outdated firmware (system software) typically causes security vulnerabilities or performance issues, but it does not directly cause pop-up ads to appear; adware behavior is tied to app-level permissions, not firmware version. Option C is wrong because a Wi-Fi network infected with malware would typically intercept or redirect web traffic, not inject pop-up ads into the Android UI layer; pop-ups that appear without a browser open are a client-side overlay issue, not a network-level attack. Option D is wrong because ghost touches from a hardware defect would cause random taps and interactions, not the display of structured pop-up ads with specific content; ghost touches cannot generate ad windows with text and images.

644
MCQhard

A technician needs to configure a Windows 10 kiosk machine that runs a single full-screen application for public use. They want to prevent users from accessing the desktop, taskbar, or any other system functions. Which Settings page should they use to set up this restricted user experience?

A.Settings > Personalization > Start
B.Control Panel > User Accounts > Manage User Accounts
C.Settings > Accounts > Other users > Set up a kiosk
D.Local Group Policy Editor > Computer Configuration > Windows Settings > Security Settings
AnswerC

This is the dedicated kiosk setup that uses Assigned Access to run a single app in full-screen mode with no access to other system features.

Why this answer

Option C is correct because the 'Set up a kiosk' option under Settings > Accounts > Other users is the dedicated Windows 10 feature for configuring an assigned access kiosk. This setting restricts the user to a single full-screen Universal Windows Platform (UWP) app and blocks access to the desktop, taskbar, and other system functions, meeting the exact requirement for a public-facing kiosk.

Exam trap

The trap here is that candidates often confuse the 'Set up a kiosk' feature with Group Policy security settings or user account management, mistakenly thinking that locking down a kiosk requires complex policy edits rather than the simple, built-in Settings wizard.

How to eliminate wrong answers

Option A is wrong because Settings > Personalization > Start only controls Start menu appearance and layout, not the ability to lock down the entire user experience or prevent desktop access. Option B is wrong because Control Panel > User Accounts > Manage User Accounts is used for standard user account management (creating, deleting, changing passwords) and does not provide any kiosk or restricted shell configuration. Option D is wrong because Local Group Policy Editor > Computer Configuration > Windows Settings > Security Settings deals with security policies like password policies, audit policies, and user rights assignments, not the assigned access kiosk mode which is configured via Settings or the 'Set up a kiosk' wizard.

645
MCQhard

A user reports that a script they run daily now fails with 'Text file busy' error. The script is located on an NFS mount. Which command will show if the script is currently being used by another process?

A.fuser /path/to/script
B.ps aux | grep script
C.lsof /path/to/script
D.strace -p $(pgrep script)
AnswerC

lsof lists all open files and the associated processes; it will show if the script is in use.

Why this answer

Option C is correct because `lsof /path/to/script` lists all processes that have the file open, including those holding it for execution. The 'Text file busy' error occurs when a process is executing the script (the text segment is mapped), and `lsof` can detect this by showing the file descriptor or memory mapping for the running process.

Exam trap

The A+ exam often tests the distinction between `lsof` and `fuser`; the trap here is that candidates assume `fuser` is sufficient, but `fuser` may not report processes that have the file mapped for execution (text segment) on NFS mounts, whereas `lsof` reliably shows all open file descriptors and memory mappings.

How to eliminate wrong answers

Option A is wrong because `fuser /path/to/script` shows the PID(s) of processes using the file, but it does not distinguish between a file being open for reading/writing and a file being executed (text segment busy), and it may not reliably detect the 'Text file busy' condition on NFS mounts. Option B is wrong because `ps aux | grep script` only shows processes whose command line contains 'script', but it does not directly confirm that the file itself is open or being executed by another process. Option D is wrong because `strace -p $(pgrep script)` attaches to a process with 'script' in its name and traces its system calls, but it does not show whether the script file is busy; it also requires the script process to be running and named exactly 'script', which may not be the case.

646
MCQhard

A technician is responding to a security incident where an employee's credentials were used to access a server without authorization. The employee claims they did not perform the action. Which of the following should the technician do first to remediate the compromised account?

A.Reset the account password and enable MFA.
B.Disable the account to prevent further access.
C.Review the server logs to determine the extent of the breach.
D.Notify the employee's manager and HR department.
AnswerB

Disabling the account is the first containment step; it stops the attacker from using the credentials while the investigation and remediation proceed.

Why this answer

The immediate step is to disable the compromised account to prevent further unauthorized access. Then the technician should force a password reset and enable multi-factor authentication (MFA) to secure the account. Logging and investigation follow containment.

647
MCQhard

A security analyst notices that an attacker has been sending emails that appear to come from the company's internal email system, asking employees to click a link to update their shared drive password. The link leads to a fake login page. The attacker is using a spoofed internal domain. What specific type of phishing is this?

A.Whaling
B.Spear phishing
C.Vishing
D.Pharming
AnswerB

Spear phishing is the correct term for targeted phishing attacks against specific people or groups.

Why this answer

This is spear phishing because the attacker targets specific employees within the organization using a spoofed internal domain to make the email appear legitimate. Unlike generic phishing, spear phishing is highly targeted and personalized, often leveraging internal context (e.g., 'update your shared drive password') to increase credibility. The use of a spoofed internal domain exploits trust in the company's email infrastructure, often bypassing SPF/DKIM checks if misconfigured.

Exam trap

For CompTIA A+, remember that spear phishing targets specific individuals within an organization, while whaling specifically targets senior executives or high-profile individuals. In this scenario, the attacker is targeting general employees to update their shared drive password, so it is spear phishing, not whaling. Candidates often mistakenly choose whaling when they see a targeted attack, but the key differentiator is the target's role within the organization.

How to eliminate wrong answers

Option A is wrong because whaling targets high-profile executives (e.g., CEO, CFO) with tailored attacks, not general employees updating a shared drive password. Option C is wrong because vishing (voice phishing) uses phone calls or VoIP, not email with a fake login page. Option D is wrong because pharming redirects users from a legitimate website to a fake one by poisoning DNS or local hosts files, not by sending spoofed emails with a link.

648
MCQmedium

During a software deployment, a user reports that a stranger in a delivery uniform asked to use their computer to 'check a shipment status' and then quickly left. Later, the user notices unusual network activity. What should the technician investigate first?

A.Check the user's email for phishing messages.
B.Verify the delivery person's identity with the shipping company.
C.Scan the workstation for malware and review recent system changes.
D.Disable the user's network access permanently.
AnswerC

Given physical access, the attacker may have installed malware or created backdoors; scanning and auditing changes is the correct first step.

Why this answer

The scenario describes a classic social engineering attack where an unauthorized individual gains physical access to a workstation under a pretext. The immediate technical priority is to scan the workstation for malware and review recent system changes because the attacker may have installed a backdoor, keylogger, or remote access trojan (RAT) that explains the unusual network activity. This aligns with incident response best practices: isolate and analyze the affected system first to contain potential data exfiltration or lateral movement.

Exam trap

The CompTIA A+ exam often tests the candidate's ability to prioritize immediate technical containment over administrative or non-technical follow-ups; the trap here is that many candidates choose Option B (verifying identity) because it seems logical for a physical security breach, but the exam expects you to recognize that the workstation is already compromised and must be investigated first.

How to eliminate wrong answers

Option A is wrong because checking the user's email for phishing messages addresses a different attack vector (email-based social engineering), but the incident here involved direct physical access, not a phishing link. Option B is wrong because verifying the delivery person's identity with the shipping company is a non-technical, administrative step that does not address the immediate technical threat of malware or unauthorized system changes already present on the workstation. Option D is wrong because permanently disabling the user's network access is an overreaction and violates the principle of least disruption; a temporary network isolation (e.g., disabling the NIC or blocking the port) is appropriate, but permanent access removal is not a diagnostic or containment step.

649
MCQmedium

A user reports that their Windows 10 computer is infected with a virus that keeps reinstalling itself after removal. What should you do to remediate this persistent infection?

A.Run a system restore to a previous restore point
B.Boot from a rescue disc or USB and run an antivirus scan
C.Disable System Restore and then run an antivirus scan in normal mode
D.Reinstall Windows from the recovery partition
AnswerB

Booting from trusted media bypasses the infected OS, enabling thorough removal without the virus interfering.

Why this answer

A virus that reinstalls itself likely has a rootkit or persistent mechanism. Booting from trusted media and scanning the offline system ensures the malware cannot run, allowing complete removal.

650
MCQmedium

During a routine hardware refresh, a technician finds a box of old USB flash drives that were used to store temporary project files. The drives are to be given to employees for personal use. What is the most practical way to ensure no project data remains?

A.Delete all files and empty the Recycle Bin.
B.Use a diskpart clean all command to overwrite every sector.
C.Microwave the flash drives to destroy the chips.
D.Reformat the drives with a quick format.
AnswerB

The 'clean all' command writes zeros to every sector, making data unrecoverable while preserving the drive's functionality.

Why this answer

Option B is correct because the 'diskpart clean all' command writes zeros or other patterns to every sector of the drive, ensuring that all previously stored data, including temporary project files, is overwritten and cannot be recovered using standard file recovery tools. This is the most practical method for sanitizing USB flash drives before repurposing them for personal use, as it meets the data destruction requirements without physically destroying the media.

Exam trap

CompTIA often tests the misconception that a quick format or file deletion is sufficient for data removal, when in fact these methods leave data recoverable and only the 'clean all' command (or similar overwrite) ensures proper sanitization for repurposed media.

How to eliminate wrong answers

Option A is wrong because simply deleting files and emptying the Recycle Bin only removes the file system pointers, leaving the actual data intact on the flash drive, which can be easily recovered with undelete or forensic tools. Option C is wrong because microwaving flash drives is impractical, dangerous, and may not reliably destroy all data; it can also damage the equipment and pose a fire hazard, making it unsuitable for routine hardware refresh scenarios. Option D is wrong because a quick format only clears the file system metadata (e.g., the master file table) and does not overwrite the underlying data sectors, leaving project data recoverable with specialized software.

651
MCQmedium

A technician is configuring a new Windows 10 workstation for a user who handles sensitive financial data. The company policy mandates that the screen lock after 5 minutes of inactivity and require a password on wake. Which settings should the technician configure?

A.Set the power plan to turn off the display after 5 minutes.
B.Configure the screen saver to start after 5 minutes and check 'On resume, display logon screen.'
C.Enable the 'Require password on wakeup' setting in the power plan only.
D.Set the computer to sleep after 5 minutes and require a password on wake.
AnswerB

This combination locks the workstation after 5 minutes of inactivity and requires the user to log in again, meeting the policy.

Why this answer

The screen saver settings in Windows include an option to 'On resume, display logon screen,' which locks the workstation after the screen saver activates. Setting the screen saver timeout to 5 minutes and enabling the logon screen requirement meets the policy.

652
MCQmedium

A technician is on a support call with a user who has a strong accent and is speaking quickly. The technician is having difficulty understanding the issue. What is the most professional way to handle this?

A.Pretend to understand and hope the issue becomes clear during troubleshooting.
B.Ask the user to speak more slowly and repeat the problem, apologizing for the difficulty.
C.Transfer the call to a different technician who might understand the accent better.
D.Tell the user that their accent is hard to understand and ask them to email the problem instead.
AnswerB

This shows respect and a willingness to understand, which is key to effective communication.

Why this answer

Option B is correct because it demonstrates active listening and professional courtesy by politely asking the user to slow down and repeat the issue. This approach maintains rapport, ensures accurate information gathering, and avoids misdiagnosis that could lead to wasted time or incorrect troubleshooting steps. In a support context, clear communication is essential for identifying the root cause and applying the correct fix.

Exam trap

CompTIA often tests the candidate's ability to prioritize professional communication over technical shortcuts, and the trap here is that candidates may choose Option C (transfer the call) thinking it is efficient, but it actually violates the principle of taking ownership of the customer's issue.

How to eliminate wrong answers

Option A is wrong because pretending to understand risks missing critical details about the problem, leading to ineffective or even harmful troubleshooting steps that could escalate the issue or violate service-level agreements. Option C is wrong because transferring the call without first attempting to clarify the issue is unprofessional and may not resolve the communication barrier; it also wastes time and shifts responsibility unnecessarily. Option D is wrong because telling the user their accent is hard to understand is disrespectful and unprofessional, and asking them to email the problem bypasses real-time interaction, potentially delaying resolution and frustrating the user.

653
MCQmedium

A company is decommissioning a server that contained encrypted customer financial data. The IT manager wants to ensure the data is destroyed without damaging the hard drives, as they will be reused in test environments. Which method should be used?

A.Physically shred the drives.
B.Perform a standard format and reinstall the OS.
C.Issue a cryptographic erase command to the drive's self-encrypting feature.
D.Use a degausser on the drives.
AnswerC

Crypto erase changes the encryption key, rendering all data unreadable. The drive remains usable for testing.

Why this answer

Option C is correct because the server's hard drives are self-encrypting drives (SEDs) that support the TCG Opal or IEEE 1667 standard. Issuing a cryptographic erase command (e.g., via hdparm --security-erase or a vendor tool) instantly invalidates the media encryption key, rendering all data on the drive permanently inaccessible without physically damaging the drive. This meets the requirement of destroying the encrypted customer financial data while preserving the drives for reuse in test environments.

Exam trap

A common misconception tested on the CompTIA A+ exam is that a standard format or OS reinstall is sufficient for secure data destruction. However, encrypted data on SEDs remains recoverable unless the encryption key is specifically invalidated via a cryptographic erase command.

How to eliminate wrong answers

Option A is wrong because physically shredding the drives destroys them, contradicting the requirement to reuse them in test environments. Option B is wrong because a standard format and OS reinstall only overwrites file system metadata and does not securely erase the underlying encrypted data; the original media encryption key remains intact, and data could potentially be recovered from the encrypted sectors. Option D is wrong because using a degausser applies a strong magnetic field that destroys the drive's firmware, servo tracks, and the self-encrypting capability, making the drive permanently unusable and violating the reuse requirement.

654
MCQeasy

A user reports that their browser frequently redirects to a search page they never set, and they see unfamiliar toolbars. After running a malware scan that found nothing, what should the technician do next to resolve the issue?

A.Replace the network cable.
B.Reset the browser settings to default.
C.Update the network adapter driver.
D.Reinstall the operating system.
AnswerB

Resetting the browser removes all add-ons, toolbars, and restores default homepage and search settings, which effectively eliminates browser hijackers.

Why this answer

The symptoms—unwanted redirects and unfamiliar toolbars—are classic signs of browser hijacking, often caused by a malicious extension or a changed proxy configuration. Since a malware scan found nothing, the next logical step is to reset the browser settings to default, which removes all extensions, restores the homepage and search engine, and clears cached data that may be enforcing the redirects. This action directly addresses the most common vector for such behavior without resorting to hardware or OS-level changes.

Exam trap

The trap here is that candidates often jump to reinstalling the OS or scanning for malware again, but CompTIA tests whether you recognize that browser-specific issues are best resolved with browser-level tools before escalating to system-wide repairs.

How to eliminate wrong answers

Option A is wrong because replacing the network cable would only fix physical connectivity issues, not software-based browser hijacking or redirects caused by extensions or proxy settings. Option C is wrong because updating the network adapter driver addresses hardware-level network communication problems, not browser-level configuration or add-on issues. Option D is wrong because reinstalling the operating system is an extreme, time-consuming measure that is unnecessary when the problem is isolated to the browser; resetting browser settings is a far more targeted and efficient first step.

655
MCQhard

A user's MacBook Air running macOS Ventura is experiencing intermittent kernel panics. The crashes seem to occur when the laptop is connected to a specific USB-C hub. Which macOS tool should you use to analyze the crash logs and identify the faulty driver?

A.System Information
B.Console
C.Activity Monitor
D.Terminal with 'sudo dmesg' command
AnswerB

Console allows you to view kernel panic logs and filter them by date and process to identify the problematic driver.

Why this answer

The Console app is the correct tool because it provides a centralized interface for viewing all system logs, including kernel panic reports (stored in /Library/Logs/DiagnosticReports). When a kernel panic occurs, macOS generates a .panic file containing stack traces and loaded kext (kernel extension) information. By examining these logs in Console, you can identify the specific kext or driver (e.g., a USB hub driver) that triggered the panic, especially when the crash is hardware-dependent like this USB-C hub scenario.

Exam trap

CompTIA often tests the misconception that 'dmesg' or 'System Information' can retrieve historical crash logs, when in fact Console is the only tool that provides persistent access to kernel panic reports across reboots.

How to eliminate wrong answers

Option A is wrong because System Information provides a static snapshot of hardware and software configuration (e.g., USB device tree, kext versions) but does not display real-time or historical crash logs; it cannot show the dynamic stack traces needed to pinpoint a faulty driver. Option C is wrong because Activity Monitor shows running processes, CPU/memory usage, and system resource statistics, but it does not capture kernel panic logs or driver-level crash data. Option D is wrong because 'sudo dmesg' displays kernel ring buffer messages from the current boot session only; after a kernel panic and reboot, the dmesg buffer is cleared, so it cannot show the panic log from the previous crash.

656
MCQeasy

A system administrator is deploying a PowerShell script to 100 computers to change the local administrator password. The script must run once per computer and then exit. Which scripting technique ensures the script runs exactly once on each machine?

A.Use a for loop to run the script 100 times
B.Write a registry key after successful execution
C.Use a parameter to pass the computer name
D.Schedule the script to run daily
AnswerB

Correct. The script can check for a registry key at startup; if it exists, the script exits. This ensures it runs only once per machine.

Why this answer

This question covers idempotency and run-once mechanisms. Using a registry key or a marker file to record that the script has executed prevents it from running again on reboot or reapplication. Loops and parameters don't enforce a single execution.

657
MCQmedium

A small business owner wants to ensure that all company laptops have their hard drives encrypted in case of theft. The laptops run Windows 10 Pro. Which technology should the technician enable to meet this requirement?

A.EFS (Encrypting File System)
B.Windows Defender Antivirus
C.BitLocker Drive Encryption
D.TPM (Trusted Platform Module)
AnswerC

BitLocker provides full-disk encryption for Windows 10 Pro and Enterprise, meeting the requirement for data protection on lost or stolen laptops.

Why this answer

BitLocker Drive Encryption (option C) is the correct technology because it provides full-disk encryption for Windows 10 Pro, ensuring that all data on the laptop's hard drive is encrypted at rest. This protects against data exposure if the device is stolen, as the drive cannot be accessed without the decryption key (e.g., a PIN, USB key, or TPM-based authentication). BitLocker is built into Windows 10 Pro and is specifically designed for whole-drive encryption, meeting the requirement for all company laptops.

Exam trap

The trap here is that candidates often confuse EFS (file-level encryption) with full-disk encryption, or they mistakenly think TPM alone provides encryption, when in fact TPM is merely a key storage and attestation component that requires BitLocker to enable drive encryption.

How to eliminate wrong answers

Option A is wrong because EFS (Encrypting File System) encrypts individual files or folders at the file system level, not the entire hard drive, and it does not protect system files or the operating system from offline access after theft. Option B is wrong because Windows Defender Antivirus is a malware protection tool that detects and removes malicious software; it does not provide any encryption or data protection for the hard drive. Option D is wrong because TPM (Trusted Platform Module) is a hardware security chip that can store encryption keys and support BitLocker, but it is not an encryption technology itself—it must be combined with BitLocker to achieve full-disk encryption.

658
MCQeasy

A small business is deploying a new accounting application across five workstations. The IT lead creates a detailed change request that includes the purpose, scope, risk assessment, and rollback plan. Which document should the IT lead update immediately after the deployment is successfully completed?

A.The firewall configuration log
B.The change request form
C.The employee handbook
D.The backup verification checklist
AnswerB

The change request form is the primary document that tracks the lifecycle of a change, including its completion status.

Why this answer

The change request form is the central document that tracks the entire lifecycle of a change, including planning, approval, implementation, and post-implementation review. Once the deployment is successfully completed, the IT lead must update the change request form to mark it as 'Closed' or 'Completed,' documenting the actual outcome, any deviations, and the final status. This ensures an accurate audit trail for compliance and future troubleshooting, as required by ITIL-based change management processes.

Exam trap

CompTIA often tests the misconception that a technical log or checklist (like a backup verification checklist) is the immediate post-deployment update, but the correct answer is always the formal change management document that captures the entire change lifecycle.

How to eliminate wrong answers

Option A is wrong because the firewall configuration log is a security-specific record that would only be updated if firewall rules were modified as part of the deployment; the question describes a standard application installation with no mention of firewall changes. Option C is wrong because the employee handbook is a general HR policy document that outlines company rules and procedures, not a technical record for tracking IT changes or deployments. Option D is wrong because the backup verification checklist is used to confirm that backups were successfully created before or after a change, but it is not the primary document for recording the completion and outcome of a change request.

659
MCQeasy

A user wants to encrypt a USB flash drive so that if it is lost, the data cannot be read on another computer. The USB drive will be used on both Windows 10 and Windows 11 devices. Which Windows feature should be used?

A.EFS (Encrypting File System)
B.BitLocker To Go
C.Windows Defender Encryption
D.Secure Boot
AnswerB

BitLocker To Go is designed for encrypting removable drives and works across Windows 10/11.

Why this answer

BitLocker To Go is the correct choice because it provides full-disk encryption specifically designed for removable drives like USB flash drives. It encrypts the entire drive using AES encryption, and when the drive is inserted into another Windows 10 or Windows 11 computer, the user must enter the password or use a smart card/recovery key to access the data. This ensures that if the drive is lost, the data remains unreadable on any other system.

Exam trap

CompTIA often tests the distinction between EFS and BitLocker To Go, where candidates mistakenly choose EFS because they think file-level encryption is sufficient for removable media, but EFS does not protect data when the drive is moved to another computer because the encryption certificate is not present on the target system.

How to eliminate wrong answers

Option A is wrong because EFS (Encrypting File System) encrypts individual files and folders on NTFS volumes, but it is tied to the user's account and certificate on the local machine; it does not protect data when the drive is moved to another computer, and it is not designed for removable drives. Option C is wrong because Windows Defender Encryption is not a real Windows feature; the correct name is Windows Device Encryption, which is a simplified version of BitLocker for system drives on supported hardware, not for removable USB drives. Option D is wrong because Secure Boot is a UEFI firmware security feature that ensures only trusted bootloaders and drivers are loaded during startup; it does not encrypt data on a USB drive or protect data at rest.

660
MCQeasy

A customer is frustrated because every time they plug in a USB flash drive, Windows automatically opens the folder and plays any media files. They want to stop this behavior but still want the drive to be recognized. Which Control Panel item should you use?

A.File Explorer Options
B.AutoPlay
C.Device Manager
D.Sound
AnswerB

AutoPlay in Control Panel allows you to choose what happens when you connect devices like USB drives, such as 'Open folder to view files' or 'Take no action'.

Why this answer

The AutoPlay settings in Control Panel let you configure default actions for different media types. Disabling or setting 'Take no action' for removable drives stops automatic folder opening and media playback without affecting drive recognition.

661
MCQeasy

A customer reports that their printer is not working after a recent Windows update. The technician suspects a driver issue. Which of the following is the BEST way to handle this situation while maintaining customer satisfaction?

A.Tell the customer that Windows updates often break things and they should avoid updates.
B.Ask the customer to try unplugging the printer and plugging it back in.
C.Say you will research the issue and call them back within an hour with steps.
D.Immediately remote into their computer and start checking settings without explaining.
AnswerC

This shows responsibility and sets a clear expectation, building trust.

Why this answer

Option C is correct because it demonstrates professional communication and sets realistic expectations. The technician acknowledges the issue, commits to researching the specific driver compatibility problem caused by the Windows update, and promises a follow-up within a defined timeframe. This approach maintains customer trust and avoids making promises or taking actions without a clear plan.

Exam trap

The trap here is that candidates may choose Option B (unplug/replug) because it is a common troubleshooting step, but the question specifically tests communication and professionalism, not basic hardware troubleshooting, so the best answer is the one that manages the customer's expectations and demonstrates a planned, researched response.

How to eliminate wrong answers

Option A is wrong because telling the customer to avoid Windows updates is unprofessional, dismissive, and fails to address the actual driver issue; updates are necessary for security and stability. Option B is wrong because asking the customer to unplug and replug the printer is a generic hardware reset step that does not resolve a driver conflict caused by a Windows update; it wastes the customer's time and shows a lack of diagnostic effort. Option D is wrong because immediately remote into the computer without explaining the action violates customer consent and transparency; it can cause confusion or alarm and does not build trust.

662
MCQmedium

A user is unable to install a new printer on their Windows 10 workstation because the 'Print Spooler' service is not running. You need to start the service and ensure it starts automatically on boot. Which tool should you use?

A.Device Manager
B.Services
C.Task Scheduler
D.System Configuration
AnswerB

Services provides the interface to manage all Windows services, including starting and setting startup types.

Why this answer

The Print Spooler is a Windows service that manages print jobs sent to the printer. To start it and set its startup type to Automatic, you must use the Services console (services.msc), which provides direct control over service state and startup configuration. Device Manager manages hardware drivers, not service states.

Exam trap

The trap here is that candidates confuse Device Manager's ability to update or roll back printer drivers with the ability to start the underlying Print Spooler service, which is a service management task, not a device management task.

How to eliminate wrong answers

Option A is wrong because Device Manager is used to manage hardware devices and their drivers, not to start or configure Windows services like the Print Spooler. Option C is wrong because Task Scheduler is designed to schedule automated tasks or scripts at specific times or events, not to manage the runtime state or startup type of a service. Option D is wrong because System Configuration (msconfig) controls boot options, startup programs, and general system startup behavior, but it does not allow you to start a stopped service or change its startup type to Automatic.

663
MCQmedium

A technician needs to install a new hard drive in a computer that is under a strict security policy requiring all drives to be sanitized before disposal. The old drive will be replaced. What is the most secure method to ensure data cannot be recovered from the old drive?

A.Perform a quick format of the drive.
B.Use a degausser to erase the magnetic fields.
C.Run the Windows Disk Cleanup tool.
D.Delete all partitions using Disk Management.
AnswerB

Degaussing destroys the magnetic structure of the platters, making data unrecoverable. This meets strict security requirements.

Why this answer

A degausser generates a powerful magnetic field that physically randomizes the magnetic domains on the platters, effectively destroying all stored data and rendering the drive unusable. This is the only method listed that meets the strict security policy requirement for sanitization, as it prevents any possible data recovery even with advanced forensic tools.

Exam trap

CompTIA often tests the misconception that a quick format or partition deletion is sufficient for data sanitization, when in reality these methods only remove pointers to the data, leaving the raw data recoverable with simple tools.

How to eliminate wrong answers

Option A is wrong because a quick format only rewrites the file system metadata (e.g., the MFT or FAT) and does not erase the actual data on the disk; data remains recoverable with tools like TestDisk or PhotoRec. Option C is wrong because the Windows Disk Cleanup tool only removes temporary files and empties the Recycle Bin; it does not touch user data or system files on the drive. Option D is wrong because deleting partitions using Disk Management only removes the partition table entries, leaving the underlying data intact and fully recoverable until overwritten.

664
MCQmedium

A technician is deploying a new accounting software package across the company. The finance manager requests that the software be installed on their personal laptop, which is not company-managed. Company policy prohibits installing unapproved software on personal devices. How should the technician respond?

A."I'm sorry, but company policy doesn't allow installing this software on personal devices. However, I can help you set up remote access to a company workstation that has it."
B."I can install it, but you'll have to sign a waiver accepting all risks."
C."That's against policy. Please use a company laptop."
D."I'll need to get approval from IT management first. Can you email the request?"
AnswerA

This upholds policy while providing a practical alternative, demonstrating problem-solving and professionalism.

Why this answer

Option A is correct because it upholds the company's security policy by refusing to install unapproved software on a non-managed device, while still providing a practical solution: setting up remote access (e.g., via VPN and Remote Desktop Protocol) to a company workstation that already has the accounting software. This approach ensures compliance with policy and maintains data security by keeping the software within the managed environment.

Exam trap

CompTIA often tests the candidate's ability to balance policy enforcement with customer service, and the trap here is that candidates may choose a technically correct but unhelpful response (like C or D) instead of the one that both follows policy and provides a workable solution.

How to eliminate wrong answers

Option B is wrong because having the user sign a waiver does not negate the company policy; it still results in installing unapproved software on a personal device, which exposes the company to security risks such as data leakage or malware infection, and violates compliance requirements. Option C is wrong because while it correctly states the policy, it simply tells the user to use a company laptop without offering any immediate solution or guidance, which is unhelpful and fails to address the finance manager's need for access. Option D is wrong because it unnecessarily escalates the request to IT management for approval when the policy is already clear—this wastes time and does not resolve the user's need; the technician should know the policy and provide a compliant alternative directly.

665
MCQmedium

A user reports that their iPhone's camera app crashes immediately after opening, but other camera-related apps (like Instagram) work fine. They have already restarted the phone. Which iOS feature should you use to restore camera functionality without losing personal data?

A.Reset All Settings
B.Offload App
C.Erase All Content and Settings
D.Update iOS
AnswerB

Offload App deletes the app but preserves its data, so reinstalling from the App Store restores functionality without losing photos or settings.

Why this answer

The Offload App feature removes the app itself but preserves its documents and data. When you reinstall the app from the App Store, iOS restores the saved data, effectively resetting the app's cached or corrupted state without affecting personal information. This directly addresses the camera app crash caused by a corrupted app cache or configuration, while leaving other camera-related apps (which use the same hardware but separate app data) unaffected.

Exam trap

The trap here is that candidates confuse 'Offload App' with 'Delete App' or assume that a system-wide reset (Reset All Settings) is needed, when in fact the Offload App feature is specifically designed to fix app-specific corruption without data loss.

How to eliminate wrong answers

Option A is wrong because Reset All Settings clears all system preferences (Wi-Fi passwords, Bluetooth pairings, wallpapers, etc.) but does not remove or reset the camera app's own data or cache, so it would not fix a corrupted app-specific crash. Option C is wrong because Erase All Content and Settings wipes the entire device, including all personal data, which is unnecessary and destructive when only the camera app is malfunctioning. Option D is wrong because updating iOS addresses system-level bugs or security vulnerabilities, but the issue is isolated to a single app's corrupted data, not the OS itself; an update would not repair the app's local cache or configuration.

666
MCQmedium

A small business owner wants to ensure that employees cannot install browser extensions or add-ons without administrator approval. Which method should the technician use to enforce this restriction across all company computers?

A.Configure each browser's settings manually on every computer.
B.Use Group Policy to disable extension installation.
C.Install a third-party firewall to block extension downloads.
D.Set the browser to private browsing mode.
AnswerB

Group Policy provides centralized control to block extension installations across all domain-joined computers.

Why this answer

Group Policy (specifically the Administrative Templates for Google Chrome, Microsoft Edge, or Firefox) provides a centralized method to enforce browser settings across all domain-joined computers. By configuring the 'Block external extensions' or 'ExtensionInstallBlockList' policy, the technician can prevent users from installing extensions without administrator approval, ensuring consistent enforcement without manual intervention on each machine.

Exam trap

The trap here is that candidates often think a firewall or manual configuration is sufficient, but the A+ exam tests the understanding that Group Policy is the only centralized, scalable method for enforcing browser restrictions in a domain environment, while firewalls operate at the network layer and cannot intercept browser-internal operations.

How to eliminate wrong answers

Option A is wrong because manually configuring each browser's settings on every computer is not scalable, prone to human error, and does not provide centralized enforcement or auditing. Option C is wrong because a third-party firewall blocks network traffic (e.g., downloads from specific URLs) but cannot control the browser's internal extension installation process, which occurs via the browser's own APIs and registry. Option D is wrong because private browsing mode only prevents local history and cookie storage; it does not restrict extension installation, which remains fully functional in private mode.

667
MCQmedium

A user complains that their laptop battery drains quickly and the device gets very hot. The battery is a lithium-ion type and is three years old. What is the most environmentally responsible recommendation?

A.Replace the entire laptop with a new Energy Star model.
B.Remove the battery and run the laptop only on AC power.
C.Replace the battery with a compatible model and recycle the old battery at a certified e-waste facility.
D.Continue using the laptop until the battery fails completely.
AnswerC

This prolongs the laptop's life and ensures the old battery is disposed of safely.

Why this answer

Option C is correct because it directly addresses the user's complaint (battery degradation causing heat and poor runtime) while ensuring responsible disposal of the hazardous lithium-ion battery. Recycling at a certified e-waste facility prevents toxic materials from entering landfills and allows recovery of valuable metals, aligning with environmental best practices.

Exam trap

The trap here is that candidates may choose Option B (remove battery and run on AC) thinking it solves the heat issue, but they overlook that the old battery still needs proper disposal and that the laptop's heat could stem from other factors like dust or failing thermal paste.

How to eliminate wrong answers

Option A is wrong because replacing the entire laptop when only the battery is faulty is wasteful and unnecessarily increases e-waste, even if the new model is Energy Star rated. Option B is wrong because removing the battery and running solely on AC power does not solve the heat issue (the laptop may still throttle or run hot due to other components) and leaves the old battery unaddressed, which could still pose a fire risk if stored improperly. Option D is wrong because continuing to use a degraded lithium-ion battery risks thermal runaway, swelling, or leakage, and delays responsible recycling, which is environmentally harmful.

668
MCQhard

A technician is investigating a security incident where a user's virtual machine was compromised. The technician suspects that the VM was infected with malware that spread from the host. Which virtualization security best practice would have prevented this?

A.Enable snapshots for all VMs.
B.Use a Type 2 hypervisor for better isolation.
C.Keep the hypervisor and host OS updated with security patches.
D.Assign more virtual CPUs to the VM.
AnswerC

Regular updates patch vulnerabilities that could be exploited for VM escape, preventing malware from spreading between host and VM.

Why this answer

Option C is correct because keeping the hypervisor and host OS updated with security patches is a fundamental virtualization security best practice that prevents malware from exploiting known vulnerabilities in the hypervisor layer. In this scenario, the malware spread from the host to the VM, indicating a hypervisor-level compromise that patching would have mitigated. Regular patching closes the attack vector that allows host-to-VM infection, such as vulnerabilities in the hypervisor's management interface or device emulation code.

Exam trap

CompTIA often tests the misconception that Type 2 hypervisors provide better isolation than Type 1 hypervisors, when in fact Type 1 (bare-metal) hypervisors offer stronger security boundaries because they run directly on hardware without a host OS layer.

How to eliminate wrong answers

Option A is wrong because enabling snapshots for all VMs is a backup and recovery practice, not a security control; snapshots do not prevent malware from spreading from the host to the VM and can even increase storage overhead and performance issues. Option B is wrong because a Type 2 hypervisor (hosted hypervisor) actually provides weaker isolation than a Type 1 hypervisor, as it runs on top of a host OS, increasing the attack surface and making it easier for malware to spread from the host to VMs. Option D is wrong because assigning more virtual CPUs to a VM improves performance but does not provide any security isolation or prevent malware propagation from the host; it has no effect on hypervisor vulnerabilities or host-to-VM attack paths.

669
MCQeasy

During a security audit, you discover that a Windows 10 workstation has the 'Store passwords and credentials using reversible encryption' policy enabled. What is the primary security risk associated with this setting?

A.It increases the time required to log on to the system.
B.It allows users to bypass the password complexity requirement.
C.It stores passwords in a format that can be easily decrypted, making them vulnerable if the database is compromised.
D.It prevents the use of biometric authentication methods.
AnswerC

This is the core risk: reversible encryption allows passwords to be recovered as plaintext, which is a major security vulnerability.

Why this answer

The 'Store passwords using reversible encryption' policy (enabled via the 'Network access: Do not allow storage of passwords and credentials for network authentication' or directly in a Group Policy setting) causes Windows to store passwords in a format that can be decrypted back to plaintext. This directly violates the principle of storing only hashed credentials; if the SAM database or LSASS process memory is compromised, an attacker can recover the original password, enabling lateral movement or privilege escalation.

Exam trap

The trap here is that candidates often confuse 'reversible encryption' with 'password complexity' or 'account lockout' settings, but the core risk is the ability to decrypt stored passwords, not a performance or usability issue.

How to eliminate wrong answers

Option A is wrong because enabling reversible encryption does not affect logon time; it only changes how the password is stored, not the authentication process speed. Option B is wrong because password complexity requirements are enforced independently via the 'Password must meet complexity requirements' policy; reversible encryption does not bypass or weaken those rules. Option D is wrong because biometric authentication (e.g., Windows Hello) relies on a separate credential provider and is not disabled by reversible encryption; the setting only affects password-based credentials stored for network authentication.

670
MCQhard

A company is migrating from Windows 10 to Windows 11 on several workstations. You need to verify that each computer meets the minimum hardware requirements, including TPM 2.0 and Secure Boot capability, before deploying the upgrade. Which built-in tool should you run on each machine to generate a compatibility report?

A.System Information (msinfo32.exe) and manually check the System Summary for TPM and Secure Boot status.
B.Windows 11 PC Health Check app (downloaded from Microsoft).
C.Deployment Imaging and Servicing Management (DISM) with the /Get-CurrentEdition option.
D.System Restore (rstrui.exe) to revert to a previous state if the upgrade fails.
AnswerB

This tool is specifically designed to check Windows 11 compatibility and provides a clear pass/fail report.

Why this answer

The Windows 11 PC Health Check app is the official Microsoft tool designed specifically to verify compatibility with Windows 11, including TPM 2.0 and Secure Boot capability. It generates a detailed compatibility report, making it the correct built-in tool for this pre-upgrade validation task.

Exam trap

The trap here is that candidates may confuse the PC Health Check app with the older Windows 10 Upgrade Assistant or rely on manual checks via msinfo32, but the exam specifically tests knowledge of the dedicated compatibility tool introduced for Windows 11.

How to eliminate wrong answers

Option A is wrong because manually checking System Information (msinfo32.exe) for TPM and Secure Boot status is inefficient and does not generate a compatibility report; it only displays raw hardware data without assessing Windows 11 requirements. Option C is wrong because DISM with /Get-CurrentEdition is used to display the current edition of Windows (e.g., Pro, Enterprise) and is unrelated to hardware compatibility checks. Option D is wrong because System Restore (rstrui.exe) is a recovery tool for reverting system changes, not a compatibility assessment tool.

671
MCQeasy

A user reports that their Windows 10 laptop takes a very long time to boot and shows a 'Preparing Automatic Repair' message before eventually loading the desktop. They mention this started after a power outage. Which Windows tool should you use first to diagnose and attempt to fix the boot issue?

A.System Restore
B.Startup Repair
C.Reset this PC
D.System File Checker (sfc /scannow)
AnswerB

Startup Repair is designed to diagnose and fix boot problems like corrupted BCD or missing system files, making it the correct first step.

Why this answer

Startup Repair (option B) is the correct first tool because the user reports a boot failure with 'Preparing Automatic Repair' after a power outage, which often corrupts critical boot configuration data (BCD) or the Master Boot Record (MBR). Startup Repair is designed to automatically diagnose and fix these specific boot-related issues without affecting user files, making it the most appropriate initial step.

Exam trap

The trap here is that candidates often choose System File Checker (sfc /scannow) because they associate file corruption with boot issues, but sfc requires a running OS and cannot repair boot loader components like the BCD or MBR, which are the actual culprits after a power outage.

How to eliminate wrong answers

Option A is wrong because System Restore reverts system files and settings to a previous restore point, but it requires a working boot environment to launch and does not directly repair boot loader corruption; it is a secondary step after boot is restored. Option C is wrong because Reset this PC is a more drastic recovery option that reinstalls Windows and may remove apps or files, which is excessive when the issue is likely boot configuration corruption that can be fixed with a targeted tool. Option D is wrong because System File Checker (sfc /scannow) scans and repairs protected system files, but it runs from within a working Windows environment and cannot fix boot loader or BCD corruption that prevents the OS from loading.

672
MCQeasy

A user reports that their Windows 10 laptop is running slowly and frequently shows a 'Low Memory' warning. They have 8 GB of RAM and are not running any unusual applications. Which built-in Windows tool should you use to determine if a specific process is leaking memory?

A.Performance Monitor
B.Task Manager
C.Event Viewer
D.System Configuration (msconfig)
AnswerB

Task Manager's Processes tab shows current memory usage for each process, making it ideal for spotting a memory leak.

Why this answer

Task Manager (Option B) is the correct tool because it provides a real-time view of per-process memory usage, including the 'Memory (Active Private Working Set)' column, which can identify a process that is consuming an abnormally increasing amount of RAM over time—indicative of a memory leak. Unlike other tools, Task Manager allows you to quickly sort processes by memory usage and observe growth without needing to configure counters or parse logs.

Exam trap

CompTIA often tests the misconception that Performance Monitor is the only tool for memory leak diagnosis, but Task Manager is the correct first-line tool for quickly identifying a leaking process in a user-reported scenario.

How to eliminate wrong answers

Option A is wrong because Performance Monitor requires you to manually add specific counters (e.g., Process\Private Bytes) and set up data collector sets to track memory usage over time, which is more complex and not the quickest built-in tool for identifying a leaking process on a user's laptop. Option C is wrong because Event Viewer logs system, security, and application events, but it does not display real-time per-process memory consumption or memory leak patterns; it would only show low memory warnings after the fact, not the specific process causing the leak. Option D is wrong because System Configuration (msconfig) is used to manage boot options, startup programs, and services, not to monitor or diagnose active memory usage or leaks.

673
MCQhard

A technician needs to deploy a custom security policy to all Windows 10 workstations in a small office. The policy must restrict access to the Control Panel and prevent users from changing system settings. Which administrative tool should be used to create and apply this policy locally on each machine?

A.Local Security Policy (secpol.msc)
B.User Accounts (netplwiz)
C.Local Group Policy Editor (gpedit.msc)
D.System Configuration (msconfig)
AnswerC

Local Group Policy Editor provides Administrative Templates that include settings to hide or restrict access to Control Panel and system settings.

Why this answer

The Local Group Policy Editor (gpedit.msc) is the correct tool because it provides the administrative templates and policy nodes (e.g., User Configuration > Administrative Templates > Control Panel) needed to restrict access to Control Panel and prevent system setting changes. These settings are written to the local Group Policy Objects (GPOs) stored in %SystemRoot%\System32\GroupPolicy, which Windows applies at user logon. This tool is available on Windows 10 Pro, Enterprise, and Education editions, but not on Windows 10 Home.

Exam trap

A common misconception is that Local Security Policy (secpol.msc) can handle all policy restrictions, but it only covers security-specific settings, not administrative templates for UI restrictions like Control Panel access.

How to eliminate wrong answers

Option A is wrong because Local Security Policy (secpol.msc) only manages security-related policies such as account policies, audit policies, and user rights assignments; it does not include administrative templates for restricting Control Panel access or system settings. Option B is wrong because User Accounts (netplwiz) is used to manage user account properties, passwords, and automatic logon settings, not to deploy custom security policies that restrict Control Panel or system changes. Option D is wrong because System Configuration (msconfig) is a boot and startup configuration tool for troubleshooting (e.g., selective startup, boot options, services), and it cannot create or apply security policies to restrict user access to system settings.

674
MCQeasy

A company wants to secure its server room door so that only authorized personnel can enter. They need a system that can be quickly revoked if an employee leaves and that logs entry attempts. Which physical security control best meets these requirements?

A.A combination lock with a shared code.
B.A biometric fingerprint scanner.
C.An electronic key card system.
D.A physical key and lock system.
AnswerC

Key cards can be individually deactivated and generate logs of each entry attempt.

Why this answer

An electronic key card system meets both requirements: access can be instantly revoked by deactivating the card in the central database, and each entry attempt is logged with a timestamp and card ID. This provides granular, auditable access control without the need to physically change locks or share codes.

Exam trap

CompTIA often tests the distinction between 'revocability' and 'auditability' — the trap here is assuming biometrics are always the best for security, but the question emphasizes quick revocation and logging, where electronic key cards are more practical and cost-effective than biometric systems.

How to eliminate wrong answers

Option A is wrong because a combination lock with a shared code cannot be individually revoked without changing the code for everyone, and it typically does not log entry attempts. Option B is wrong because while a biometric fingerprint scanner can log attempts and be revoked by deleting the user's template, it is less practical for quick revocation in a large organization and can suffer from false rejection or hygiene issues. Option D is wrong because a physical key and lock system requires rekeying or replacing locks to revoke access, and it provides no automated logging of entry attempts.

675
MCQhard

A security incident occurred on a Windows 10 workstation where an unauthorized user gained access. The technician needs to review detailed security events, such as logon attempts and file access, to determine the scope of the breach. Which tool should the technician use to examine these logs?

A.Event Viewer
B.Resource Monitor
C.Performance Monitor
D.Local Security Policy
AnswerA

Event Viewer's Windows Logs > Security section contains detailed records of security-related events, such as logon successes and failures.

Why this answer

Event Viewer is the correct tool because it provides a centralized, detailed log of security-related events, including logon attempts (Event ID 4624 for successful logons, 4625 for failed logons) and file access audits (Event ID 4663). These logs are essential for forensic analysis to determine the scope of a breach on a Windows 10 workstation.

Exam trap

CompTIA often tests the distinction between tools that configure security settings (Local Security Policy) versus tools that review logged events (Event Viewer), leading candidates to confuse policy configuration with log review.

How to eliminate wrong answers

Option B (Resource Monitor) is wrong because it focuses on real-time performance data such as CPU, memory, disk, and network usage, not historical security event logs. Option C (Performance Monitor) is wrong because it tracks system performance counters and creates data collector sets for performance analysis, not security event auditing. Option D (Local Security Policy) is wrong because it is used to configure security settings like password policies and audit policies, not to review existing event logs.

Page 8

Page 9 of 10

Page 10

All pages