Try 90 free CompTIA A+ 220-1202 questions across the exam domains, with explanations, then continue with full IT Mastery practice.
This free full-length CompTIA A+ 220-1202 practice exam includes 90 original IT Mastery questions across the exam domains.
These questions are for self-assessment. They are not official exam questions and do not imply affiliation with the exam sponsor.
Count note: this page uses the full-length practice count maintained in the Mastery exam catalog. Some certification vendors publish total questions, scored questions, duration, or unscored/pretest-item rules differently; always confirm exam-day rules with the sponsor.
Need concept review first? Read the CompTIA A+ 220-1202 Cheat Sheet on Tech Exam Lexicon, then return here for timed mocks and full IT Mastery practice.
Open the matching IT Mastery practice page for timed mocks, topic drills, progress tracking, explanations, and full practice.
Try CompTIA A+ 220-1202 on Web View full CompTIA A+ 220-1202 practice page
| Domain | Weight |
|---|---|
| Operating Systems | 31% |
| Security | 25% |
| Software Troubleshooting | 22% |
| Operational Procedures | 22% |
Use this as one diagnostic run. IT Mastery gives you timed mocks, topic drills, analytics, code-reading practice where relevant, and full practice.
Topic: Operating Systems
A Windows 11 laptop user frequently works while traveling and needs secure access to company resources from hotels, airports, and a smartphone hotspot. Company policy requires using the approved VPN client for remote access and keeping Windows Defender Firewall enabled. Which of the following configuration actions should the technician AVOID when setting up this user’s network connections? (Select TWO.)
Options:
A. Disable Windows Defender Firewall before connecting to the company VPN to prevent possible interference with the tunnel.
B. Connect to a password-protected smartphone hotspot and then establish a session with the company’s approved VPN client.
C. Join the hotel’s WPA2-protected Wi-Fi network and leave the network profile set to Public in Windows.
D. Mark the cellular hotspot connection as a metered network in Windows to reduce background data usage while connected over mobile data.
E. Connect to the airport’s open Wi-Fi network and access company resources without first starting the VPN client.
Correct answers: A and E
Explanation: This scenario focuses on safely configuring Windows 11 networking for a traveling user who must access corporate resources over various networks. The key requirements are: use the approved VPN client for remote access and keep Windows Defender Firewall enabled. Actions that expose data on untrusted networks without a VPN, or that weaken endpoint protection by disabling the firewall, should be avoided.
Good practices include using secured wireless connections (such as WPA2 or a password-protected hotspot), treating public networks as untrusted by using the Public profile in Windows, and enabling the corporate VPN before accessing internal resources. Data-usage settings like metered connections affect bandwidth and cost, not core security, and are acceptable when they do not contradict policy.
Topic: Software Troubleshooting
A user reports that their Bluetooth earbuds, which normally work with their Android phone, suddenly stopped connecting after a recent OS update. The phone still detects the earbuds in the Bluetooth device list, but audio will not play through them. To restore connectivity while minimizing user disruption and avoiding unnecessary loss of settings, what should a technician try first?
Options:
A. Back up the phone and perform a full factory reset of the device
B. Reset all network settings, including Wi-Fi, Bluetooth, and cellular, to factory defaults
C. Forget the earbuds from the Bluetooth list and perform the pairing process again
D. Toggle Bluetooth off and back on, then attempt to reconnect to the existing earbuds entry
Best answer: D
Explanation: When troubleshooting mobile Bluetooth issues, technicians should start with the simplest, least disruptive steps that address basic settings and connections. Because the earbuds still appear in the Bluetooth list, the device discovery and pairing data are likely intact, but the active connection may be stuck or the Bluetooth radio may not be functioning correctly after the OS update.
Toggling Bluetooth off and back on forces the phone to restart the Bluetooth radio and services, which often clears temporary glitches introduced by an update or minor software issue. This approach is fast, easy for the user, and preserves existing pairings and preferences.
More aggressive actions like forgetting the device, resetting network settings, or factory resetting the entire phone can resolve stubborn problems, but they are more disruptive and should be used only after simpler steps fail. Following a least‑disruptive‑first approach aligns with good troubleshooting practice and user satisfaction.
Topic: Software Troubleshooting
Which of the following describes a risky mobile setting because it makes it much easier for malware to be installed on a company smartphone?
Options:
A. Turning on automatic operating system updates
B. Requiring a PIN or biometric lock to unlock the phone
C. Allowing apps to be installed from “unknown sources” or unofficial app stores
D. Connecting only to the organization’s secure Wi‑Fi network
Best answer: C
Explanation: Allowing apps to be installed from “unknown sources” or unofficial app stores disables one of the main protections on mobile devices: the requirement that apps come from a vetted, official store. This setting enables sideloading, where users can install apps from third-party websites or alternative app stores that may not perform any security review.
In corporate or BYOD environments, this is considered a high-risk behavior because it greatly increases the chance of downloading malware, spyware, or other untrusted software. By contrast, using a strong screen lock, keeping the OS updated, and connecting to secure company Wi‑Fi are all examples of security hardening, not risky settings.
Mobile security policies typically forbid sideloading and may also block related risky behaviors like rooting, jailbreaking, or enabling developer options that allow USB debugging, because all of these weaken the protections built into the mobile OS.
Topic: Operating Systems
A remote user with Windows 11 connects a laptop to an external monitor. The image on the monitor looks stretched, and the user also wants the screen to stay on during presentations when plugged in but turn off after a short time on battery. You will adjust resolution, scaling, and power timeouts. Which main Windows Settings area should you open first to address all these needs?
Options:
A. Accessibility
B. Bluetooth & devices
C. System
D. Personalization
Best answer: C
Explanation: The scenario requires adjusting three related but distinct settings: display resolution, display scaling, and how long the screen stays on depending on power source. In Windows 10/11, these controls are grouped primarily under the System category in the Settings app.
Within System, the Display section lets you change the resolution, scale and layout, and configuration for multiple displays, which fixes the stretched external monitor and text size issues. Also under System, the Power & battery (or Power & sleep in some builds) section controls screen and sleep timeouts separately for when the device is on battery or plugged in. Starting from System therefore allows a technician to handle all the specified requirements in one logical place.
Other categories like Bluetooth & devices, Personalization, or Accessibility are useful for related tasks (device pairing, themes, or assistive features) but do not combine all the specific settings the user needs in this case.
Topic: Operating Systems
A technician is tuning a Windows 11 workstation that has a 512GB SSD as drive C: and a 1TB HDD as drive D:. The user reports the system is slowing down and both drives are getting full. The technician wants to free space and improve performance while protecting the SSD. Which of the following actions should the technician NOT perform?
Options:
A. Run Disk Cleanup on both drives to remove temporary files, system cache, and old Windows update files.
B. Use the Optimize Drives tool to run a retrim/optimization on the SSD (C:) if it has not been optimized recently.
C. Schedule a weekly full defragmentation on the SSD (C:) using the Optimize Drives tool to “reorganize” its data blocks.
D. Manually defragment only the HDD (D:) if it shows a high fragmentation percentage in the Optimize Drives tool.
Best answer: C
Explanation: Disk Cleanup and defragmentation are useful maintenance tools in Windows, but they must be used differently on HDDs and SSDs. Traditional defragmentation rearranges files into contiguous blocks, which helps mechanical hard drives because their heads physically move to read data. SSDs, however, have no moving parts and use wear leveling and internal controllers to manage data.
On SSDs, traditional defragmentation provides little to no benefit and can shorten the drive’s life by adding unnecessary write cycles. Instead, SSDs benefit from TRIM (exposed in Windows through the Optimize Drives tool as an “optimize” or “retrim” operation), which tells the SSD which blocks are no longer in use so it can manage them efficiently.
Disk Cleanup is safe for both SSDs and HDDs because it removes unnecessary files (temporary files, cached data, old update files), freeing up space without adding harmful write cycles beyond normal file deletion. For HDDs, traditional defragmentation remains a valid and recommended performance optimization when fragmentation is high.
Topic: Operating Systems
Which TWO of the following statements about common macOS System Settings/Preferences areas are TRUE? (Select TWO.)
Options:
A. Printers & Scanners settings are used to configure VoiceOver, display zoom, and other accessibility features for visually impaired users.
B. Privacy & Security settings are the correct place to change the desktop wallpaper and the screen saver image.
C. The Displays settings allow you to change resolution and scaling and arrange multiple monitors connected to the Mac.
D. Time Machine settings let you choose one or more backup disks and configure automatic backups of your Mac’s data.
E. Network settings are where you enable and configure FileVault full‑disk encryption for the startup drive.
Correct answers: C and D
Explanation: macOS organizes most configuration options into logical areas inside System Settings (or System Preferences on older versions). Each area focuses on a particular aspect of the system, such as displays, networking, or backups.
The Displays area is dedicated to video output configuration, including resolution, scaling, color profiles, and how external monitors are arranged. Time Machine is Apple’s built‑in backup system, with its own settings pane where you choose backup destinations and enable automatic backups.
Network, Printers & Scanners, and Privacy & Security are also important, but they each handle specific tasks: network connectivity, printer configuration, and security/privacy controls, respectively. They are not used for tasks like enabling FileVault from Network, configuring accessibility features from Printers & Scanners, or changing wallpapers from Privacy & Security. Understanding which area controls which function helps you quickly support users and correctly direct them to the right place in macOS.
Topic: Security
A small company recently experienced several ransomware infections and phishing attacks. A junior technician suggests a list of security improvements for the IT manager to review. Which of the following recommendations is NOT appropriate for improving the company’s protection in this situation?
Options:
A. Use a managed detection and response (MDR) service so security professionals can monitor alerts 24/7 and help contain confirmed threats quickly.
B. Completely disable existing antivirus on all endpoints once EDR is installed, because EDR fully replaces the need for antivirus protection.
C. Deploy endpoint detection and response (EDR) agents on all company laptops to monitor behavior and provide detailed alerts and response options.
D. Implement an email security gateway to filter spam, phishing links, and malicious attachments before they reach users’ inboxes.
Best answer: B
Explanation: In a modern security stack, multiple tools work together to protect endpoints and users from malware and phishing. Email security gateways help stop malicious content before it reaches users. Endpoint detection and response (EDR) adds advanced endpoint visibility and response capabilities on top of traditional antivirus. Managed detection and response (MDR) extends this further by having a team of specialists monitor and act on alerts.
Disabling antivirus because EDR is installed removes a critical layer of preventative protection. A secure configuration typically uses both traditional antivirus/anti-malware and EDR together as part of a defense-in-depth strategy.
Topic: Operating Systems
Which TWO of the following statements about Microsoft Windows network profiles, proxy settings, and metered connections are NOT correct? (Select TWO.)
Options:
A. On a metered connection, Windows attempts to reduce data usage by limiting background data and delaying some update downloads.
B. Setting a network to Private in Windows automatically disables the firewall for that network so that file and printer sharing will always work.
C. A Public network profile in Windows is recommended when connecting to untrusted Wi-Fi in places like airports or coffee shops.
D. You can configure Windows to use a manual proxy server or automatically detect a proxy in the Proxy section of Network & Internet settings.
E. Configuring a Wi-Fi network as metered is useful on mobile hotspots or limited data plans to avoid unexpected data charges.
F. Windows requires that all VPN connections use the Public profile; you cannot change the profile type for a VPN adapter.
Correct answers: B and F
Explanation: Windows network profiles, proxy settings, and metered connections are designed to balance security and bandwidth usage based on where and how you connect.
A Public profile is the safest default for untrusted locations like coffee shops or airports because it hides your device from other clients and disables discovery/sharing by default. A Private profile is intended for trusted networks such as home or small office LANs, where you might want file and printer sharing, but the Windows firewall still operates using a different ruleset.
Metered connections help control data usage, which is important on mobile hotspots or limited data plans. When a connection is marked as metered, Windows reduces background data usage and may delay certain types of updates and large downloads.
Proxy settings in Windows allow traffic to be routed through a proxy server, either via automatic detection or a manually specified proxy. These settings are typically configured in the Network & Internet > Proxy section of the Settings app.
The two incorrect statements either exaggerate what a Private profile does (turning the firewall off entirely) or impose a non-existent restriction on VPN profile configuration. Understanding what these features actually do helps you pick the right profile and options for each network scenario.
Topic: Security
A small dental office has a SOHO router with only WPA2 wireless security configured and no additional filtering. The lobby smart TV is connected to the same Wi-Fi as staff PCs. Staff often use the TV to watch YouTube during the day, consuming bandwidth and sometimes reaching questionable sites. The owner wants the TV to access only the clinic’s subscribed digital-signage service and normal OS update servers, without affecting internet access for any other device and without buying extra hardware.
Which configuration change on the SOHO router BEST meets these goals?
Options:
A. Change the Wi-Fi password and only give the new password to staff, leaving the smart TV on the old SSID so it cannot access the network.
B. Disable all outbound HTTP/HTTPS traffic on the router during business hours, then re-enable it after hours for everyone on the network.
C. Install web-filtering software on each staff PC to block streaming and inappropriate sites during office hours.
D. Create a DHCP reservation or static IP for the smart TV, then apply an IP-based firewall/content-filter rule that blocks all outbound traffic from that IP except to the digital-signage service and update servers.
Best answer: D
Explanation: The owner wants to tightly control what the lobby smart TV can reach while keeping normal internet access for other devices and avoiding new hardware purchases. Modern SOHO routers typically support IP-based firewall rules and basic content-filtering. The optimal configuration is to uniquely identify the TV on the network and then apply a rule that limits its outbound traffic to only the required services.
By giving the smart TV a fixed IP address (via a DHCP reservation or static IP) and then applying a firewall/content-filter policy to that IP, you can block all general web access while allowing specific domains or IP ranges used by the digital-signage provider and OS update servers. Other devices, which have different IPs, are not affected by this rule, so their internet access remains unchanged.
This approach directly uses IP filtering and content filtering on the SOHO router, aligning with best practices for controlling device-level access at the network edge without adding complexity or new equipment.
Topic: Operating Systems
Which of the following statements about planning a business‑critical application installation or upgrade is NOT correct?
Options:
A. It is good practice to test the new application version on a non‑production system or small pilot group before deploying it widely.
B. You should verify that a recent backup of the user’s data exists before beginning the installation.
C. You should document the installation steps and any configuration changes so the process can be repeated or rolled back if necessary.
D. To minimize downtime, you should begin the installation immediately without notifying users, so they stay signed in and keep working during the change.
Best answer: D
Explanation: When planning an installation or upgrade of a business‑critical application, a junior support technician should focus on protecting user data, minimizing user impact, and keeping clear records of what was done. This usually involves verifying backups, testing changes in a safe environment, communicating with users, scheduling work for appropriate times, and documenting installation steps and configuration changes.
Starting changes without informing users is unsafe and unprofessional. Users need time to save their work and log off. Good communication reduces surprise downtime and lowers the risk of data loss, support tickets, and rushed troubleshooting during the change window.
Topic: Operating Systems
Which macOS file type is most commonly used to distribute an application as a mountable disk image that the user opens and then drags the app into the Applications folder to install it?
Options:
A. .iso
B. .app
C. .dmg
D. .pkg
Best answer: C
Explanation: On macOS, third‑party applications downloaded from the web are often distributed as disk image files with the .dmg extension. Users double‑click the .dmg file, which mounts as a virtual volume on the desktop or in Finder. The mounted window usually shows the application’s .app bundle and often a shortcut to the Applications folder, instructing the user to drag the .app into Applications. After copying, the user ejects the disk image volume and can delete the original .dmg file.
This drag‑and‑drop workflow is distinct from .pkg installer packages, which launch the Installer wizard and may place files in multiple system locations, and from App Store apps, which are installed directly by the App Store without manually handling image files.
Topic: Operating Systems
Which TWO of the following statements about domain membership support in Windows 10 and Windows 11 desktop editions are NOT correct? (Select TWO.)
Options:
A. All major desktop editions of Windows 10 and Windows 11, including Home, support joining an on-premises Active Directory domain.
B. Windows 11 Home cannot natively join an on-premises Active Directory domain, but it can still join a workgroup.
C. Windows 10 Enterprise and Windows 11 Enterprise can both join on-premises Active Directory domains.
D. Windows 10 Home cannot join an on-premises Active Directory domain; it can only participate in a workgroup.
E. Windows 11 Pro can be joined to an on-premises Active Directory domain as well as to Azure Active Directory.
F. Windows 10 Pro for Workstations is limited to workgroup participation and cannot join an Active Directory domain.
Correct answers: A and F
Explanation: Windows desktop editions differ in their ability to join an on-premises Active Directory (AD) domain. For modern client environments, this is a key distinction between Home and business-oriented editions (Pro, Enterprise, and Pro for Workstations).
Home editions of Windows 10 and Windows 11 are designed for consumers. They can participate in workgroups and share files on a local network but lack the ability to perform a traditional domain join to on-premises AD. They also do not support many enterprise management features that rely on domain membership.
By contrast, Pro, Enterprise, and Pro for Workstations editions are intended for business use. These editions support joining on-premises AD domains and, in many cases, Azure AD as well. This allows centralized management, Group Policy, and single sign-on for domain resources.
In this question, the false statements incorrectly claim that Pro for Workstations cannot join a domain and that all editions, including Home, can join a domain. Recognizing which editions can join AD versus only workgroups is a basic but important Windows administration skill for the A+ exam.
Topic: Operating Systems
Which of the following statements about Windows workgroup and domain-joined computers accessing shared resources is NOT correct?
Options:
A. Domain-joined computers can still use local user accounts to access resources that are not part of the domain, such as a standalone NAS or test PC.
B. In a Windows domain, computers cannot access domain file shares or printers unless the same local user account also exists on the server hosting the resource.
C. A workgroup has no centralized authentication; users generally need matching local usernames and passwords on remote systems to access protected shared folders.
D. Domain-joined computers typically use centrally managed user accounts and Group Policy to control access to shared printers and file servers.
Best answer: B
Explanation: Windows workgroups and domains handle authentication and access to shared resources very differently. A workgroup is peer-to-peer with no central account database, so each system maintains its own local users. A domain uses Active Directory to centrally manage accounts, groups, and policies, allowing users to access domain resources using the same domain credentials across many computers.
In a workgroup, when a user connects to a protected shared folder or printer on another computer, that remote system checks its own local Security Accounts Manager (SAM) database. If there is a local account with the same name and password as the one supplied, access can be granted according to its permissions. There is no central sign-on for all machines.
In a domain, the opposite is true: user accounts live in Active Directory. When a domain-joined computer accesses a domain file server or print server, the server validates the domain credentials against a domain controller. Matching local accounts on the server are not required. However, a domain-joined computer can still use local accounts when dealing with non-domain resources.
The incorrect statement in this question wrongly claims that domain file share and printer access depends on having matching local accounts on the server, which confuses domain behavior with workgroup behavior.
Topic: Operational Procedures
Which action is the BEST example of using active listening to reduce miscommunication during a help-desk call with a user?
Options:
A. Filling every pause with more questions so the user does not have to think
B. Restating the user’s description of the problem in your own words and asking if you understood correctly
C. Immediately suggesting a solution as soon as the problem sounds familiar
D. Speaking slowly and repeating technical terms so the user can learn them
Best answer: B
Explanation: Active listening is a communication technique where you focus fully on the speaker, then confirm your understanding using tools such as open-ended questions, clarifying statements, and restating the issue in your own words. In technical support, this helps avoid miscommunication, especially when users are unsure of terminology or describe symptoms vaguely.
Paraphrasing what the user said (“So what I’m hearing is…”) and asking them to confirm is a classic active listening behavior. It forces you to process their words, shows respect for their perspective, and gives them a chance to correct anything you misunderstood before you begin troubleshooting. This often prevents wasted time on the wrong problem and builds trust with the user.
Topic: Operating Systems
A technician is preparing two Windows installations:
Which of the following actions should the technician AVOID when choosing between GPT and MBR partition styles in this scenario? (Select TWO.)
Options:
A. Reinitialize the 4TB SSD in the UEFI laptop as MBR to keep it compatible with very old BIOS-only systems, accepting the reduced usable capacity.
B. Leave the 500GB HDD in the BIOS-only desktop as MBR to maintain compatibility with the legacy imaging software.
C. Initialize the 4TB SSD in the UEFI laptop as GPT so Windows 11 can use the full disk capacity and modern firmware features.
D. Verify that UEFI with Secure Boot is enabled on the new laptop before installing Windows 11 onto a GPT-initialized SSD.
E. Convert the BIOS-only desktop’s system disk from MBR to GPT before reinstalling Windows, assuming it will continue to boot normally afterward.
Correct answers: A and E
Explanation: GPT and MBR are two different partition styles that affect how a disk is organized and how the system boots.
GPT (GUID Partition Table) is designed for modern systems with UEFI firmware and supports very large disks (well beyond 2TB) and more partitions. It is the recommended option for new Windows 10/11 installations on UEFI hardware.
MBR (Master Boot Record) is the older partition style used by legacy BIOS systems. It has a 2TB maximum for usable disk space and supports fewer primary partitions. Many older operating systems and boot tools only understand MBR.
In this scenario, the UEFI laptop with a 4TB SSD should use GPT to access the full disk capacity and benefit from UEFI features. The older BIOS-only desktop, which must remain compatible with a legacy imaging tool that expects MBR, should stay on MBR. Actions that ignore these constraints (such as forcing MBR on the large UEFI disk or converting a BIOS system disk to GPT) are the ones the technician should avoid.
Topic: Operational Procedures
A help-desk technician supports a small medical clinic that must follow healthcare privacy regulations. A nurse wants to paste an email thread containing patient names, lab results, and insurance numbers into a public generative AI website to “summarize it and write a reply.” Clinic policy states that regulated patient data must not be sent to unapproved third-party services. What should the technician recommend as the BEST response?
Options:
A. Suggest the nurse use their personal account with the AI tool so the clinic is not responsible for any data exposure.
B. Permit the nurse to paste the full message into the AI tool but label the prompt as “confidential – do not store or share.”
C. Allow use of the public AI tool as long as the nurse removes the patient’s name, but keep lab results and insurance numbers in the text.
D. Advise the nurse not to use the public AI tool and instead draft the response using the clinic’s approved email system and templates without sending patient data to external AI services.
Best answer: D
Explanation: Regulated data such as patient health information, insurance details, and other personally identifiable information (PII) must be protected under healthcare privacy and security rules. These rules typically prohibit sending such data to unapproved third-party systems where storage, processing, and access cannot be controlled or audited.
Public generative AI tools are usually external services that may log or reuse prompts to improve their models. Unless an organization has a specific business agreement and approval to use such a service with regulated data, users must not paste sensitive content into these tools. Instead, staff should handle sensitive communications using only approved internal systems, templates, and workflows that comply with policy.
In this scenario, the safest and most compliant action is to avoid using the public AI tool entirely for the email containing patient names, lab results, and insurance numbers, and to create the response using the clinic’s approved tools.
Topic: Operational Procedures
Which statement BEST describes how an organization should handle backup test restores as part of its disaster‑recovery plan?
Options:
A. Rely on backup software “backup successful” messages instead of performing test restores, to avoid unnecessary downtime.
B. Perform test restores on a regular schedule and after major changes to verify that backups can be successfully restored and meet requirements.
C. Only perform test restores after an actual disaster to confirm what data was lost and needs to be recreated manually.
D. Perform a single test restore when the backup system is first installed, then rely on that result unless a failure occurs.
Best answer: B
Explanation: Backup test restores are a critical part of any backup and disaster‑recovery strategy. It is not enough to confirm that backup jobs complete successfully; technicians must also periodically restore sample files, folders, or systems to verify that the data is usable and that recovery time and data loss are within organizational requirements.
Best practice is to schedule test restores on a regular basis (for example, according to policy such as monthly or quarterly) and to repeat them after major changes, such as switching backup software, changing storage hardware, or significantly altering application configurations or data structures. This ensures that when a real incident occurs, the organization already knows that restores work and that they meet required recovery objectives.
Topic: Security
Which of the following is an example of personally identifiable information (PII) that should be protected from unauthorized access on a company workstation?
Options:
A. Copy of a publicly available product brochure
B. List of office printer IP addresses
C. Spreadsheet of monitor asset tags and serial numbers
D. Spreadsheet containing employees’ full names and Social Security numbers
Best answer: D
Explanation: Personally identifiable information (PII) is any data that can be used to identify a specific individual, especially when multiple data elements are combined. Examples include full name, Social Security number, government ID numbers, home address, phone number, or combinations such as full name plus date of birth.
Workstation hardening and data-protection best practices require technicians to recognize PII and ensure it is stored securely—preferably encrypted, with access limited to authorized users only. Failing to protect PII can lead to identity theft, regulatory violations, and serious security incidents.
The only option that clearly contains PII about individuals is the spreadsheet with employees’ full names and Social Security numbers. The other options relate to devices or publicly available information, which are not PII, even though some of them may still be considered internal or sensitive for other reasons.
Topic: Operating Systems
A Windows 10 user reports that after signing in, the system takes several minutes before the desktop becomes responsive. You suspect a nonessential service or startup application added recently is causing the delay and want to temporarily start Windows with only basic services and startup items to test. Which Windows tool should you use NEXT?
Options:
A. Device Manager
B. Services console (services.msc)
C. System Information (msinfo32)
D. System Configuration (msconfig)
Best answer: D
Explanation: In this scenario, the main symptom is a very slow or delayed response after the user signs in to Windows 10. The technician suspects that a nonessential service or startup application added recently is causing the delay. For this type of problem, Windows provides a specific troubleshooting tool: System Configuration (msconfig).
System Configuration allows you to perform a selective startup, where you can disable all non-Microsoft services and most startup items in a controlled way. This lets you quickly test whether the system becomes responsive when only core components load. If the problem disappears in this selective mode, you then re-enable items in groups to isolate the culprit.
Other tools like System Information, Services, and Device Manager are useful for viewing configuration or managing particular components, but they do not provide the same simple, guided way to temporarily reduce startup items for troubleshooting slow startup or post-logon performance issues.
Topic: Operating Systems
A small company uses a cloud-based productivity suite that offers two simple license tiers:
Sales and management staff use desktop apps heavily and rely on team chat and online meetings. Warehouse workers only check email and their calendars from shared PCs.
Currently, all users are assigned Plus licenses, and management wants to reduce subscription costs while still meeting each role’s requirements and confirming that licenses are correctly applied.
Which of the following actions will best meet these goals? (Select TWO.)
Options:
A. Keep all users on Plus licenses but disable team chat and meetings for warehouse workers
B. Run a license assignment and usage report in the cloud admin portal to verify that only sales/management users have Plus and warehouse workers have Core
C. Change all users to Core licenses so everyone is on the same, less expensive tier
D. Remove all cloud productivity licenses from warehouse workers and instruct them to use personal email for work
E. Reassign warehouse workers from Plus licenses to Core licenses in the cloud admin portal
Correct answers: B and E
Explanation: This scenario is about applying the right cloud productivity license tier to each user based on their role and required applications, and then verifying that the assignments are correct. Sales and management users clearly require the full Plus tier because they rely on desktop apps and collaboration tools. Warehouse workers only need email and calendaring, so the lower-cost Core license is sufficient.
A good licensing strategy reduces cost without breaking required workflows. After making changes, technicians should always verify license assignments with the reporting tools in the admin portal to ensure there are no mistakes and that billing reflects the intended configuration.
Topic: Operating Systems
A junior technician is learning how macOS organizes files. You review their notes about common folders. Which statement about these macOS folders is INCORRECT and shows a misunderstanding of how the system should be used?
Options:
A. /Users contains each user’s home folder, where personal documents, desktop files, and downloads are normally stored.
B. Each user’s personal documents and desktop files are normally stored directly in /System for better performance and security.
C. /Applications typically stores applications that are installed for all users on the Mac.
D. /Library and /System hold system-wide resources, frameworks, and settings used by macOS and installed applications.
Best answer: B
Explanation: On macOS, it is important to distinguish between folders that hold applications, user data, and system resources.
Mixing up these roles (for example, placing user documents inside /System) can cause permissions problems, break the OS, and makes troubleshooting much harder. A support technician must understand these high-level purposes to keep systems stable and organized.
Topic: Software Troubleshooting
Which TWO of the following statements about responding to browser-based security problems are NOT correct? (Select TWO.)
Options:
A. If a browser’s homepage and search engine keep redirecting to unknown sites, the quickest fix is to disable the built-in pop-up blocker.
B. Users should click through browser certificate warnings for familiar banking or email sites because these warnings are usually harmless.
C. Unexpected toolbars and frequent redirects often indicate malicious or unwanted extensions that should be removed or disabled.
D. Running a full scan with updated antivirus or antimalware software is an appropriate step when a browser shows excessive ads or opens new tabs by itself.
E. When a user repeatedly sees a certificate warning on an external website, the proper response is to stop browsing to that site and report the issue to IT.
F. Resetting the browser to its default settings can help remove persistent hijacks when simply changing the homepage does not work.
Correct answers: A and B
Explanation: Browser-based security issues such as pop-ups, redirects, certificate warnings, and degraded performance are often caused by adware, malicious extensions, or misconfigured/compromised sites. Safe troubleshooting focuses on removing unwanted extensions, scanning for malware, resetting the browser when needed, and treating certificate warnings seriously rather than bypassing them.
Ignoring certificate warnings or disabling protective features like pop-up blockers does not address root causes and exposes users and organizations to additional risk. A support technician should guide users to preserve security while resolving the symptoms.
Topic: Operational Procedures
Which TWO statements describe good practices when completing a change request form for a planned IT change? (Select TWO.)
Options:
A. List the specific systems, applications, or locations that will be affected so reviewers can judge impact and risk.
B. Combine as many unrelated changes as possible into a single request so they can be approved and implemented faster.
C. Describe the purpose and scope of the change in clear, concise language that non-technical reviewers can understand.
D. Omit scheduling and impact details from the form since the operations team will figure those out later.
E. Use detailed internal acronyms and low-level configuration commands to show technical depth in the description field.
Correct answers: A and C
Explanation: A change request form is used to document what change is being proposed, why it is needed, and what it will affect. For the process to work, the description must be detailed enough for reviewers to understand scope, risk, and impact, but still concise and easy to read. Good forms identify the purpose, scope, type of change, and affected systems, and use clear language that both technical and non-technical stakeholders can follow.
Two key elements of a strong change request are a clear explanation of purpose and scope, and a list of the specific systems and locations affected. Together, these pieces of information allow managers and technical reviewers to decide whether to approve the change, when to schedule it, and what testing or communication is required. Overloading the form with unrelated changes or unnecessary technical jargon makes it harder to review and increases the risk of mistakes.
Topic: Operating Systems
A junior technician must upgrade a line-of-business inventory application on a Windows 11 PC that several users share throughout the day. Company policy requires that user data be preserved, downtime be kept as short as possible, and users be informed before changes. Which of the following plans is the MOST appropriate way to perform this installation?
Options:
A. Create a full image backup of the PC during the workday, power it off to prevent changes, and perform the upgrade the next morning without notifying users.
B. Run the installer immediately during business hours, relying on the installer to preserve all data, and tell users to save work only if they lose access.
C. Schedule the upgrade after business hours, back up the application’s data files to a network location, notify users of the planned outage, then run the installer and verify the app using a test login.
D. Install the new version on a test PC in the lab without touching production data, and if it works, immediately upgrade the shared PC during business hours without a separate backup.
Best answer: C
Explanation: For a line-of-business application on a shared workstation, a junior technician should follow basic change-management practices: back up important data, schedule the work to reduce user impact, clearly communicate any downtime, and perform a quick functional test after the install.
The best approach is to perform the upgrade during a low-usage period (such as after hours), back up the application’s data files so they can be restored if the upgrade fails, notify affected users of the planned outage, and verify the application works with a simple test (like logging in or opening a sample record) before the system is returned to service.
Topic: Operational Procedures
A junior technician has written a PowerShell script to clean up temporary files and old log files on all company Windows 10/11 laptops. The IT manager’s primary concern is to reduce the risk to production systems and ensure there is a clear rollback plan if something goes wrong.
Which approach should the technician take before deploying the script to all users?
Options:
A. Run the script on a single IT staff member’s production laptop; if no issues are noticed after a day, deploy to all remaining systems with no additional preparation.
B. First run the script in an isolated test environment that mirrors production, validate the results, then document a backup and rollback plan before scheduling a production deployment window.
C. Share the script with department managers and let them decide when to run it on their teams’ laptops, instructing them to contact IT if any important files are removed.
D. Deploy the script to all laptops after business hours without prior testing, and ask users to report any problems the next morning.
Best answer: B
Explanation: Before deploying scripts, especially those that modify or delete files, best practice is to test in a controlled, non-production (sandbox) environment that closely mirrors production. This allows you to safely observe behavior, confirm the script only affects intended targets, and tune logging or safety checks.
In addition, scripting and change-management best practices require planning how to back out changes if something goes wrong. That typically means having backups (for example, file backups or system restore points), a defined rollback procedure, and a scheduled deployment window so the impact is controlled and observable.
Combining sandbox testing with a clear rollback plan directly reduces operational risk: you are less likely to break production systems, and if an issue occurs, you have a documented way to restore normal operation quickly.
Topic: Security
Which of the following statements about physical security controls is NOT correct?
Options:
A. Bollards are primarily used to stop vehicles from approaching or ramming a building entrance.
B. Motion sensors can trigger alarms or lights when movement is detected in a protected area after hours.
C. Security cameras mainly act as a physical barrier that prevents intruders from entering secure areas.
D. An access control vestibule (mantrap) helps ensure only one person at a time can enter a secure area using proper authentication.
Best answer: C
Explanation: Physical security controls protect people, equipment, and data by preventing or detecting unauthorized access to a facility. Different controls have different roles: some are barriers that physically block movement, while others are detection or monitoring tools that alert security staff or record activity.
Security cameras are often misunderstood. While they can deter criminals and provide evidence, they do not physically block someone from entering an area. Real physical barriers are things like walls, doors, locks, bollards, and fences.
In this question, the incorrect statement is the one that describes cameras as a physical barrier, which confuses their purpose with that of true physical barriers.
Topic: Operating Systems
When an application’s system requirements say “64-bit operating system required,” what does this mean for installing the application?
Options:
A. The application will use no more than 64GB of RAM, regardless of the operating system.
B. The application needs a CPU clock speed of at least 64GHz to run correctly.
C. The application can only be installed on a 64-bit operating system and will not run on a 32-bit operating system.
D. The application requires Windows 10 or newer, but it can be either 32-bit or 64-bit.
Best answer: C
Explanation: A requirement that an application needs a 64-bit operating system means the program is compiled to run only on a 64-bit OS architecture. You cannot install or run that application on a 32-bit operating system because the underlying instruction set and memory model are different.
The closest confusion is between 64-bit and other numeric values like GHz or GB. Those numbers refer to CPU speed or memory capacity, while 64-bit refers to the type of instruction set and memory addressing the operating system and CPU support. When checking system requirements, you must verify that the OS is 64-bit before attempting to install a 64-bit-only application.
Topic: Software Troubleshooting
A user reports frequent “low memory” warnings and that several USB devices randomly disconnect. A technician opens Task Manager to check RAM usage and Device Manager to look for USB controller errors before making any changes. This approach primarily demonstrates which troubleshooting principle?
Options:
A. Document findings, actions taken, and outcomes
B. Establish a theory of probable cause based only on user reports
C. Identify the problem by gathering information with appropriate system tools
D. Verify full system functionality and implement preventive measures
Best answer: C
Explanation: CompTIA’s standard troubleshooting methodology starts with identifying the problem, which includes gathering information from the user and from the system itself using appropriate tools.
In this scenario, the technician responds to low memory warnings and USB disconnects by opening Task Manager to see which processes are using RAM and Device Manager to check for USB controller errors or conflicts. This is classic problem identification: collecting objective data about system resources and hardware status before guessing at a cause or attempting repairs.
Only after this information is collected should the technician move on to establishing a theory of probable cause, testing that theory, implementing a fix, verifying functionality, and documenting the work performed.
Topic: Security
A company with about 300 employees is redesigning its wireless network. Management wants each user to authenticate to the corporate Wi‑Fi with their own Active Directory account so access can be revoked centrally, and they also want administrator logins to the wireless controllers to be validated and logged on a central server instead of using local device accounts.
Which of the following solutions should the administrator implement to meet these requirements? (Select TWO.)
Options:
A. Configure a captive portal that uses a local user database on each access point for Wi‑Fi logins
B. Use WPA2‑Personal with a long, complex pre‑shared key that is changed every 90 days
C. Configure the corporate SSID for WPA2/WPA3‑Enterprise using 802.1X with a RADIUS server integrated with Active Directory
D. Deploy a TACACS+ server and point all wireless controllers’ admin logins to it for centralized authentication and logging
E. Enable MAC address filtering on the access points and maintain a list of allowed client MAC addresses
Correct answers: C and D
Explanation: In an enterprise wireless environment, centralized authentication allows IT to manage user and administrator access from a single point, typically through an AAA (authentication, authorization, and accounting) server tied to a directory such as Active Directory.
For wireless client access, WPA2‑Enterprise or WPA3‑Enterprise with 802.1X uses a RADIUS server to authenticate each connection. Each user signs in with their individual account, and disabling that account in the directory immediately revokes their Wi‑Fi access.
For administrative access to network devices such as wireless controllers, TACACS+ is commonly used to centralize admin authentication, authorization levels, and command logging. Controllers send admin login requests to the TACACS+ server, which validates credentials and can log all changes.
Shared keys, MAC filtering, and local user databases are more appropriate for very small or unmanaged environments and do not provide the centralized user and admin control required in this scenario.
Topic: Software Troubleshooting
A help-desk technician is drafting mobile security guidelines for employees who use their own smartphones (BYOD) to access corporate email and cloud storage. Which of the following user actions should the technician AVOID recommending? (Select TWO.)
Options:
A. Enabling a screen lock that uses a strong PIN, password, or biometric authentication
B. Installing apps only from the official Apple App Store or Google Play Store
C. Jailbreaking or rooting the device to install additional customization tools
D. Enabling installation of apps from “unknown sources” to load a game from a third-party app store
E. Keeping the mobile OS and applications updated with the latest security patches
Correct answers: C and D
Explanation: In a corporate or BYOD environment, mobile security guidelines should reduce the risk of malware infections and unauthorized access to company data. Practices like sideloading apps from untrusted sources and rooting or jailbreaking devices bypass built-in security protections and conflict with standard corporate security policies.
Encouraging users to stay within official app stores, keep their OS and apps updated, and enable strong screen locks all strengthen the device’s security posture. These measures work together to minimize vulnerabilities and protect sensitive corporate information stored or accessed on personal smartphones.
Topic: Operating Systems
A small IT consulting firm is advising different clients on which workstation OS to deploy. Which of the following recommendations is NOT appropriate based on typical operating system use cases?
Select the single INCORRECT recommendation.
Options:
A. A video production studio standardizes on macOS systems for editors who use professional media tools like Final Cut Pro and Adobe Premiere Pro.
B. An accounting department deploys Windows 10/11 desktops to run a Windows-only accounting suite and integrate with Microsoft 365 services.
C. A school district equips student labs with Chrome OS devices so students can access browser-based learning platforms and Google Workspace.
D. A home user who is not very technical and relies on high-end Windows-only games and full desktop Microsoft Office is switched to a Linux desktop for daily use.
Best answer: D
Explanation: This question tests understanding of typical workstation operating system roles and which environments they best serve.
Windows is dominant in business and home environments, especially when proprietary Windows-only applications or Microsoft 365 desktop apps are required. macOS is commonly used in creative and professional environments, particularly for media production and design. Chrome OS is popular in education and light-duty scenarios where most work happens in a web browser and cloud services.
Linux desktop distributions can be an excellent choice for technical users, developers, and environments that rely on open-source tools or want strong customization. However, Linux often lacks native support for some mainstream commercial applications, especially Windows-only games and full desktop Microsoft Office. For non-technical home users who rely on these specific applications, Linux can create usability and compatibility issues, making it a poor recommendation in that context.
Topic: Operational Procedures
Which TWO of the following statements about using scripts in IT support are NOT correct? (Select TWO.)
Options:
A. Logon or startup scripts can be used to apply standard configuration settings and run basic system checks automatically.
B. Support technicians can use scripts to collect hardware and software inventory data from workstations for troubleshooting.
C. Short scripts can automate repetitive tasks like mapping network drives or installing a set of standard applications.
D. Because scripts save time, it is usually not necessary to test them in a lab or on a single workstation before wide deployment.
E. Running scripts that change system settings directly from email attachments is a convenient and recommended way to distribute tools to users.
Correct answers: D and E
Explanation: Scripts are small programs used to automate repetitive tasks, enforce standard configurations, and collect information across many systems. In an IT support role, scripts can greatly reduce manual work by automatically mapping network drives, installing standard applications, performing backups, gathering inventory data, and initiating updates.
However, scripts can also cause widespread issues if they are not handled carefully. Best practice is to create, review, and test scripts in a controlled environment before deploying them more broadly. Scripts should only be run from trusted locations and through approved distribution methods, never directly from unverified email attachments or downloads, because attackers often use scripts to deliver malware or make unauthorized changes.
Topic: Software Troubleshooting
A user reports that their Windows 11 laptop becomes very slow and unresponsive for several minutes right after signing in. You open Task Manager and notice the CPU is near 100% and dozens of non‑essential applications are listed as Enabled under Startup. Which of the following is the BEST next step to improve performance?
Options:
A. Perform a full Windows reset and remove all apps and files
B. Disable non‑essential applications from starting automatically using the Startup tab in Task Manager
C. Increase the size of the paging file to at least twice the installed RAM
D. Run chkdsk /f on the system drive to repair disk errors
Best answer: B
Explanation: In this scenario, the user’s system slows down immediately after sign‑in, and Task Manager reveals very high CPU usage along with many non‑essential startup applications enabled. This pattern strongly suggests that the system is overloaded by applications that all launch automatically at logon.
The most efficient, low‑risk fix is to reduce the number of programs that start automatically. Windows 10/11 lets you manage these directly from the Startup tab in Task Manager. Disabling unneeded items prevents them from running at login, which reduces CPU usage and speeds up the time it takes for the desktop to become responsive, without requiring reinstallations or advanced diagnostics.
Other tools like chkdsk or a full reset are useful for different types of problems (disk corruption, unfixable OS issues), but they do not match the clear evidence shown here: a CPU spike due to many startup apps.
Topic: Security
Which of the following statements about WPA2 and WPA3 wireless security standards is NOT correct?
Options:
A. When both the access point and client devices support it, WPA3 is generally preferred over WPA2 because it offers stronger wireless security features.
B. WPA3 is designed with backward compatibility in mind; many modern routers offer a mixed WPA2/WPA3 mode so older WPA2-only clients can still connect.
C. Because WPA3 mainly changes marketing names and not cryptographic strength, it provides roughly the same protection as WPA2 against password-cracking attacks.
D. WPA3-Personal makes it much harder for attackers to perform offline password-guessing attacks than WPA2-Personal’s pre-shared key approach.
Best answer: C
Explanation: WPA3 is the newer Wi‑Fi security standard and is designed to address several weaknesses in WPA2, particularly around password‑guessing and protecting traffic on public networks. WPA3-Personal changes how keys are negotiated in a way that makes it harder for attackers to capture traffic and then try large numbers of passwords offline. WPA3 also strengthens management frame protection and, in some implementations, improves security for open networks.
Because of these improvements, WPA3 is not just a marketing change; it represents a real increase in wireless security. At the same time, many routers support a mixed WPA2/WPA3 mode so older devices can still connect, which helps with compatibility during migration. When both the access point and clients support it, WPA3 should be chosen over WPA2 for stronger protection.
Topic: Operating Systems
A small office recently changed its router and IP addressing scheme. One Windows 11 desktop can no longer access network resources, while other PCs work normally. In the adapter’s IPv4 properties, you see a manually entered IP address, subnet mask, gateway, and DNS server. The office standard is to use DHCP for all clients so changes like this don’t break connectivity. To follow this standard and reduce future network issues for this PC, what should you do?
Options:
A. Set the adapter to obtain an IP address and DNS server address automatically
B. Disable IPv6 on the adapter so the PC only uses IPv4 for network communication
C. Leave the static IP address and gateway but change only the DNS settings to obtain DNS server address automatically
D. Leave the static IP configuration but manually update the IP address, subnet mask, and gateway to match the new router
Best answer: A
Explanation: In this scenario, the desktop was previously configured with static IPv4 settings, while the office standard is to use DHCP for all clients. When the router and IP scheme changed, DHCP clients automatically received new settings, but the statically configured PC did not, breaking its connectivity.
On a Windows client, enabling “Obtain an IP address automatically” and “Obtain DNS server address automatically” tells the system to use DHCP for both IP configuration and DNS. This ensures the PC will automatically adapt to future changes in the network’s IP addressing and DNS infrastructure, reducing ongoing support issues.
Manually maintaining static IP information on normal user workstations is error‑prone and goes against the company’s standard in this case. DHCP centralizes configuration and reduces the likelihood that future network changes will require desk‑side visits or manual reconfiguration of each client.
Topic: Software Troubleshooting
Which of the following statements about mobile devices with developer options enabled or rooted/jailbroken status is NOT correct?
Options:
A. Allowing app installation from unknown sources or unofficial app stores makes it easier for malware to bypass normal app‑store security checks.
B. Rooting or jailbreaking a device generally improves its security by giving the user more control and is recommended for corporate BYOD devices.
C. Organizations often block or restrict access to corporate resources from devices that are rooted or jailbroken because they are harder to secure and verify.
D. Enabling developer options such as USB debugging can create additional risk if a lost or unlocked device is connected to an untrusted computer.
Best answer: B
Explanation: Rooting, jailbreaking, enabling developer options, and allowing apps from unknown sources all weaken the built‑in security model of mobile operating systems. These changes are strongly discouraged in corporate and BYOD environments because they bypass vendor protections, make it harder for IT to enforce security policies, and increase the risk of malware or data theft.
The incorrect statement is the one claiming that rooting or jailbreaking “generally improves” security and is recommended for corporate BYOD devices. In reality, the opposite is true: most organizations explicitly forbid rooted or jailbroken devices from accessing corporate data or services.
Topic: Operational Procedures
Which of the following statements about handling a difficult customer is NOT correct for a professional IT support technician?
Options:
A. If the customer is clearly at fault, you should point this out bluntly so they understand the problem is their mistake.
B. You should avoid judgmental language and instead describe issues in factual, non-personal terms.
C. You should avoid arguing with the customer and instead focus on listening and clarifying the problem.
D. You should stay calm and use a polite, neutral tone even if the customer is frustrated or blaming you.
Best answer: A
Explanation: Professional IT support requires strong communication skills, especially with difficult customers. The goal is to resolve the issue while maintaining a respectful, calm interaction. Technicians should avoid arguing, blaming, or using judgmental language. Instead, they should listen actively, speak politely, and describe problems and solutions in neutral, factual terms.
The incorrect statement is the one that recommends bluntly telling the customer that the issue is their fault. Even when user error is involved, the technician should explain what happened in a respectful way and guide the customer to a solution without assigning blame.
Topic: Software Troubleshooting
A Windows 11 PC in a small office repeatedly fails to download Windows Updates unless the user temporarily disables their third-party Internet security suite. The administrator has been telling users to turn the suite off during Patch Tuesday. Company policy requires this suite to remain installed for web-filtering compliance, but management wants updates to install reliably without weakening protection. Which action should the technician take to best meet these goals?
Options:
A. Change Windows Active Hours so updates install overnight when users are not working, but leave the security suite configuration unchanged.
B. Disable Windows Defender Firewall to avoid conflicts and continue having users manually turn off the third-party suite each month to install updates.
C. Configure the third-party suite to allow Windows Update traffic (for example, add firewall/inspection exceptions for Windows Update services) and ensure Windows automatic updates remain enabled.
D. Uninstall the third-party Internet security suite and rely on Microsoft Defender Antivirus and Windows Defender Firewall for all protection.
Best answer: C
Explanation: The scenario describes Windows Updates failing unless the user disables a third-party Internet security suite. This clearly indicates that the suite’s firewall or web inspection features are blocking Windows Update traffic. The current workaround—telling users to turn the suite off during Patch Tuesday—is insecure and unreliable.
To optimize the situation, the technician must both preserve security (keep the required suite active) and restore reliable, mostly automatic updates. The best approach is to adjust the third-party suite’s configuration so that it trusts or allows Windows Update services, while leaving Windows automatic updates enabled. This resolves the conflict at its source and removes the need for users to weaken security manually.
Other choices either do not fix the underlying block, violate policy, or reduce security, so they fail to meet all stated goals of improved security and reliability.
Topic: Software Troubleshooting
A remote user reports that their Windows 11 laptop has become very slow, the fan runs constantly, and the browser keeps opening new tabs with random ads even when no one is touching the keyboard. The user admits recently installing a “free system optimizer” from an unknown website. The technician already ran a standard antivirus quick scan, which reported no issues, but the browser redirects and pop-ups continue. Which of the following actions will best address this issue? (Select TWO.)
Options:
A. Disconnect the laptop from the network and any shared resources immediately
B. Boot into a trusted offline environment (such as a Microsoft Defender Offline or other reputable rescue media) and run a full malware scan
C. Reset the browser settings to default and delete the suspicious “free system optimizer” installer file
D. Run Disk Cleanup and remove temporary files to improve overall performance
E. Schedule regular weekly quick scans with the existing antivirus and wait to see if the problem resolves
Correct answers: A and B
Explanation: The scenario shows classic signs of a persistent malware infection: severe slowdowns, constant browser pop-ups and redirects, and a recent installation of untrusted software. A basic antivirus quick scan has already been run and did not resolve the symptoms, which suggests the infection may be more sophisticated or actively interfering with normal scans.
In this situation, the technician should treat the system as infected, protect the rest of the environment, and escalate to more thorough malware-removal methods. That means isolating the device from the network to prevent spread or data exfiltration and using advanced tools such as an offline or bootable rescue scanner that runs outside the compromised OS.
Simple performance tuning or cosmetic browser fixes do not adequately address the risk of active malware and could leave the user and network exposed.
Topic: Software Troubleshooting
A user reports that their personal Android phone, enrolled in the company’s MDM, started showing full‑screen ads after installing a free flashlight app. To “fix” it, the user force‑stopped the app and disabled its notifications, but the app is still installed and has access to contacts, camera, and location. Company policy forbids rooting phones and factory resets unless absolutely necessary and requires minimizing data loss. Which action is the BEST way to improve security in this situation?
Options:
A. Leave the app installed but clear its cache and data to remove any stored malicious content
B. Disable Android’s app permission prompts so the flashlight app can no longer request additional access
C. Perform a full factory reset of the phone to guarantee that any malware is removed, even if it means losing local data
D. Uninstall the flashlight app from the Android Settings menu, then review other apps’ permissions and revoke any unnecessary access
Best answer: D
Explanation: The scenario describes a suspicious flashlight app that is likely adware or potentially malicious, with broad permissions to contacts, camera, and location. The user has only force‑stopped the app and disabled notifications, which does not actually remove the app or its permissions. The organization wants to improve security, avoid rooting, and minimize data loss.
On modern Android devices, the correct approach is to remove the suspicious app using the built‑in uninstall process in Settings, not by rooting the phone or using third‑party removal tools. After removal, reviewing and tightening app permissions for other installed apps further reduces risk by following the principle of least privilege, all while leaving the user’s personal data intact.
This question targets the ability to choose a safe, policy‑compliant way to remove a suspicious mobile app and revoke unnecessary permissions, instead of taking overly destructive or insecure actions.
Topic: Security
A small medical office has a single Windows 11 PC at the front desk. Currently, everyone signs in using the same local account called Reception that is a member of the Administrators group. The account has a simple 4‑character password, and Windows is configured to auto‑sign in to this account at startup, so the password is rarely entered.
Management wants to:
Which action should the technician take to BEST meet these goals?
Options:
A. Keep using the shared Reception administrator account but require a complex 12‑character password and disable auto‑sign‑in.
B. Create a single standard local account called Reception for all front‑desk users, set a complex password, and enable auto‑sign‑in to maintain convenience.
C. Create a unique standard local account for each receptionist with strong passwords, enable Windows Hello PIN or biometrics for each, and keep a separate local administrator account only for IT.
D. Enable the built‑in Guest account for front‑desk users, remove all passwords to speed up access, and rely on Microsoft Defender Antivirus for protection.
Best answer: C
Explanation: The scenario focuses on improving Windows local account security by applying least privilege, individual accountability, and secure but convenient logon methods.
Running all users under a shared administrator account is risky: it violates least privilege and makes it impossible to track which person made specific changes. To optimize this environment, the technician should separate identities, reduce privileges, and enable modern logon options that keep daily use efficient.
The best answer is to create individual standard user accounts for each receptionist with strong passwords, and then enable Windows Hello options (PIN or biometrics) for quick sign‑in. A separate local administrator account should be reserved for IT or limited administrative use. This configuration meets all stated goals: it reduces the chance of harmful system changes, supports per‑user audit trails, and keeps logon convenient.
Topic: Operational Procedures
Which TWO statements about Microsoft Remote Desktop Protocol (RDP) are correct? (Select TWO.)
Options:
A. RDP sessions never require user authentication because they always reuse the existing local console session.
B. By default, RDP listens on TCP port 3389, so internet-facing access should be restricted with a firewall or VPN.
C. RDP lets a remote user view and control the full graphical desktop of a Windows computer as if sitting in front of it.
D. RDP is primarily used to provide secure command-line access to Linux servers instead of SSH.
E. RDP is a text-only protocol similar to SSH and does not support graphical interfaces.
Correct answers: B and C
Explanation: Remote Desktop Protocol (RDP) is Microsoft’s built-in technology for remotely controlling the full graphical desktop of a Windows system. A remote user sees the remote machine’s screen and can interact with it using keyboard and mouse as if physically present.
By default, RDP listens on TCP port 3389. Because attackers frequently scan for exposed RDP services, best practice is to restrict access using host firewalls, VPNs, strong authentication, and, where possible, Network Level Authentication (NLA). Other tools like SSH are typically used for text-only shell access, especially on Linux/Unix systems.
Topic: Operational Procedures
A small accounting office has six desktop PCs and a NAS connected to basic power strips. Recently, short power outages and brownouts have caused unexpected reboots and users losing unsaved work. The manager wants a cost‑effective change that both protects equipment from surges and gives users a few minutes to save files during outages. Which of the following changes would BEST meet this goal?
Options:
A. Replace all existing power strips with basic surge protectors that do not provide battery backup.
B. Purchase a large standby generator for the building but continue using the same unprotected power strips for all equipment.
C. Plug all devices directly into wall outlets and rely on the operating system’s auto‑save features to prevent data loss.
D. Install one uninterruptible power supply (UPS) with surge suppression for the NAS and network switch, and place the desktop PCs on smaller UPS units so users can save work and shut down safely during an outage.
Best answer: D
Explanation: Power problems such as surges, brownouts, and blackouts can both damage equipment and cause sudden reboots that lead to data loss. A surge suppressor alone only helps with voltage spikes and does not keep systems running when power sags or fails entirely.
An uninterruptible power supply (UPS) is designed to address all of these issues at the device level. It conditions incoming power, provides surge suppression, and includes a battery that keeps equipment running for a short period during an outage. In a small office, giving users even a few minutes of runtime is usually enough to save documents and perform a controlled shutdown.
For a cost‑conscious environment with a handful of desktops and a NAS, combining a UPS for shared infrastructure (NAS, switch, router) with smaller UPS units for the desktops provides targeted protection without resorting to expensive whole‑building solutions.
Topic: Operational Procedures
A help-desk technician must troubleshoot a remote employee’s Windows 11 laptop. Company policy requires technicians to authenticate with their own support account, obtain explicit user consent before taking control, and ensure the user can see all actions performed. Which method is the most appropriate way to connect?
Options:
A. Have the user install a free third-party screen-sharing app they found online and send the technician an access code for unattended access
B. Ask the user to temporarily disable User Account Control (UAC) so they can run all tools themselves while the technician gives instructions over the phone
C. Use the company-approved remote support tool that sends the user a consent prompt and then lets the technician log in with a support account
D. Ask the user for their Windows username and password, then connect via VPN and Remote Desktop using those credentials
Best answer: C
Explanation: Remote access in a corporate environment must balance usability with security and policy compliance. Organizations typically require technicians to use company-approved remote support tools, authenticate with their own accounts, and obtain explicit user consent before controlling a system. This ensures actions are auditable, least-privilege is maintained, and users are aware of who is accessing their devices.
The best option is to use the enterprise remote support solution that presents a consent prompt to the user and requires the technician to sign in with their assigned support account. This satisfies the requirements for technician authentication, user consent, and full user visibility into the session.
By contrast, asking for passwords, using unapproved tools, or disabling security features like UAC all conflict with common security and operational policies, even if they might seem faster or more convenient in the moment.
Topic: Software Troubleshooting
A user with a Windows 11 desktop reports that after adding a new secondary hard drive, the PC now shows a “No bootable device” message on startup. The user needs the system working again as quickly as possible without risking data loss or reinstalling Windows. Which action should the technician try first to best meet this priority?
Options:
A. Enter the UEFI/BIOS setup and verify that the original system drive is first in the boot order
B. Boot from Windows installation media and perform a full reset that removes everything
C. Open the case, remove the new hard drive, and reseat all power and SATA cables
D. Immediately replace the original drive and start a clean installation of Windows 11
Best answer: A
Explanation: The error message “No bootable device” or “No OS found” often appears when the system firmware (UEFI/BIOS) is not pointing to a valid boot device, even though the operating system and data are still intact on the disk.
In this scenario, the problem began immediately after adding a secondary hard drive. On many systems, adding or reordering drives can cause the firmware to change which disk it attempts to boot from first. If the firmware now tries to boot from the new, empty drive, it will show a “No bootable device” error.
Because the user needs the PC working again quickly and wants to avoid any risk to their data, the best first action is to check and correct the boot order in UEFI/BIOS. This step is fast, does not modify data on the disks, and directly targets the most likely cause attached to the recent change.
More invasive steps—like reinstalling Windows, performing a destructive reset, or pulling hardware back out—should come later, only if basic configuration checks do not resolve the issue.
Topic: Security
Which TWO of the following user-education statements about avoiding future malware infections are NOT correct? (Select TWO.)
Options:
A. If your browser or antivirus shows a warning about a suspicious file or website, you should stop immediately and contact IT or the help desk before continuing.
B. You should only download software or mobile apps from trusted sources such as official app stores or your organization’s approved software portal.
C. You should be cautious about clicking links in email, text messages, or social media posts and instead go to important sites by typing the known address directly into the browser.
D. Delaying operating system and application updates for several months is safer because it lowers the chance of a bad patch and does not significantly affect security.
E. After malware removal, it is safe to open any attachment from people in your contacts list, even if you were not expecting the file, because people you know would not send malicious content.
Correct answers: D and E
Explanation: After malware removal, technicians should educate users on specific behaviors that help prevent reinfection. Users must understand that modern attacks often abuse trust: they can come from spoofed or compromised contacts, convincing fake websites, and malicious downloads that appear legitimate. Security awareness focuses on verifying sources, heeding security warnings, keeping systems patched, and using only trusted download locations. Encouraging users to stop and ask IT when something looks suspicious is a key control that greatly reduces risk in small offices and enterprise environments alike.
Topic: Software Troubleshooting
A company has a standard procedure for recurring Windows 10/11 update failures: technicians must first confirm that Microsoft Defender Antivirus and the endpoint firewall are enabled, review their logs for blocked update traffic, and run a full malware scan before manually resetting Windows Update components. Which underlying principle does this policy BEST illustrate?
Options:
A. Change management
B. Defense in depth
C. Safety: putting security first during troubleshooting
D. Least privilege
Best answer: C
Explanation: The scenario describes a Windows 10/11 troubleshooting procedure for failed updates that explicitly prioritizes checking security tools and running malware scans before making deeper system changes.
This approach embodies a safety / security‑first principle: before you reset update components, disable protections, or manually install patches, you ensure the device is still protected and not already compromised. This reduces the chance that troubleshooting makes the situation worse, such as by turning off defenses while malware is present or bypassing the protections that are blocking malicious traffic.
In the context of update failures, Windows 10/11 issues are often related to security software conflicts or malware interference. A policy that starts with verifying Defender and firewall status, reviewing security logs, and scanning for malware is designed to protect the system and its data while you troubleshoot, which is the essence of safety‑oriented troubleshooting.
Topic: Operating Systems
A small clinic with a metered, slow internet connection has successfully downloaded a 4GB practice‑management application installer to one Windows 11 PC overnight. The technician now needs to install the same application on nine other PCs without causing more large internet downloads. Which installation method is the BEST next step?
Options:
A. Copy the downloaded installer to a USB flash drive and run it locally on each of the remaining PCs
B. Have each user download the 4GB installer directly from the vendor’s website on their own PC
C. Upload the installer to a cloud file share and have each PC mount it remotely as an ISO over the internet
D. Capture an image of the first PC’s entire system drive and deploy that image to all other PCs
Best answer: A
Explanation: This scenario is about choosing the most appropriate application distribution method when internet bandwidth is limited. The installer has already been successfully downloaded once, so the technician should reuse that local copy rather than downloading it again for every PC.
Using a USB flash drive (or similar removable media) to copy the installer to each workstation is an example of physical media distribution. The file moves over fast local connections instead of the slow, metered WAN link, meeting the requirement to avoid additional large internet transfers.
Enterprise imaging or repeated online downloads would introduce unnecessary risk, overhead, or bandwidth use and do not match the simple small‑office requirement in the scenario.
Topic: Security
A company operates a high-security research lab. Personal smartphones are not allowed past the lobby, and management is worried that employees could share door codes or simple badges to let unauthorized coworkers into the lab. They want two-factor physical access to the lab door using a “something you have” factor plus a “something you are” factor, and they must be able to revoke access quickly if a credential is lost.
Which of the following security measures should the company implement to best meet these requirements? (Select TWO.)
Options:
A. Install a smart card badge reader that requires each employee to present an individual access card at the lab entrance
B. Deploy a mobile app that stores digital keys on employees’ personal smartphones and unlocks the lab over NFC
C. Set up a PIN-based keypad and give all lab staff the same code to enter
D. Issue Bluetooth key fobs that automatically unlock the lab door when they are within a short range
E. Add a fingerprint scanner at the lab door and link it to each employee’s identity record
Correct answers: A and E
Explanation: The scenario calls for two-factor physical access control to a high-security lab, specifically combining a “something you have” factor with a “something you are” factor. The company also wants to prevent employees from easily sharing credentials and needs the ability to quickly revoke access if a credential is lost.
Smart cards are common physical access tokens that can be individually issued, tracked, and disabled. Biometrics, such as fingerprints, verify the unique physical characteristics of an individual and are difficult to share. Together, these meet both the two-factor requirement and the concerns about credential sharing and revocation, while respecting the policy that personal smartphones are not allowed in the secure area.
Methods like shared PIN codes, simple proximity fobs, or mobile digital keys may be valid physical access technologies in other contexts, but they either fail the two-factor requirement, are too easy to share, or violate the smartphone restriction described in the scenario.
Topic: Operational Procedures
Which script file extension is most commonly associated with shell scripts run in a Linux or macOS terminal (for example, by the Bash shell)?
Options:
A. .vbs
B. .sh
C. .ps1
D. .bat
Best answer: B
Explanation: The question tests recognition of common script file extensions and the typical environments in which they run. In Unix-like systems such as Linux and macOS, command-line shell scripts are usually saved with the .sh extension and executed by shells like Bash, Zsh, or Dash. While the shebang line and file permissions ultimately control execution, .sh is the widely recognized convention for shell scripts.
Other extensions listed are primarily associated with Windows environments and different scripting hosts, not with the Bash shell in a Linux or macOS terminal.
Topic: Security
In Windows 10/11, which statement BEST describes the primary role of Microsoft Defender Antivirus?
Options:
A. It installs operating system and feature updates from Microsoft.
B. It blocks unauthorized network traffic to and from the computer.
C. It scans files and programs for malware and helps remove detected threats.
D. It encrypts the entire system drive to protect data if the device is lost or stolen.
Best answer: C
Explanation: Microsoft Defender Antivirus is the built-in antimalware component of Windows 10/11. Its primary purpose is to provide real-time and scheduled scanning to detect, quarantine, and remove malware such as viruses, ransomware, and spyware.
Many core Windows security features live under the same Windows Security interface, which can be confusing. However, antivirus, firewall, encryption, and update management are separate tools with different roles, even if they all contribute to the overall security posture of the system.
Topic: Software Troubleshooting
A user’s Windows 11 laptop has not installed any quality or security updates for the past month. Windows Update repeatedly shows “Download error” for multiple KBs. The user recently clicked a web pop-up and installed a “SuperSafe Free Antivirus” program; since then, Microsoft Defender Antivirus reports that it is turned off, and the user is seeing frequent fake security pop-ups in the browser. You suspect that unauthorized security software or malware is interfering with Windows Update. Which of the following actions will BEST address this issue? (Select TWO.)
Options:
A. Use “Reset this PC” (keep my files) to immediately reinstall Windows 11 and then re-run Windows Update
B. Run the Windows Update troubleshooter from the Settings app, then immediately retry the failed updates
C. Manually download the failed KB updates from the Microsoft Update Catalog and install them one by one
D. Temporarily disable Windows Defender Firewall to see if updates will download successfully
E. Uninstall the “SuperSafe Free Antivirus” application and verify that Microsoft Defender Antivirus is re-enabled and updated
F. Run a full malware scan (preferably offline) using a trusted, up-to-date antimalware tool before retrying Windows Update
Correct answers: E and F
Explanation: The scenario includes several red flags that point to malware or rogue security software interfering with Windows Update: a “free” antivirus installed from a pop-up, Microsoft Defender Antivirus being disabled, and frequent fake security pop-ups in the browser. These are classic signs of scareware or potentially unwanted programs (PUPs) that can interfere with updates and system security.
The priority is to restore a trusted security baseline and remove anything malicious. That means removing unauthorized or suspicious security software and running a thorough malware scan using a known-good, up-to-date antimalware tool (such as Microsoft Defender Antivirus or an approved corporate solution, ideally using an offline or boot-time scan). Once the system is clean and Defender is enabled, you can retry Windows Update with a much higher chance of success.
Tools like the Windows Update troubleshooter or manual KB downloads aim to fix configuration or delivery issues, not malicious interference. Disabling the firewall weakens security and does not address the root cause. A full OS reset is possible but should come only after normal malware-removal steps have been attempted and documented, not as the first response.
Topic: Software Troubleshooting
A user’s Android phone started showing full-screen pop-up ads after they tapped a link in a text message and installed a “free cleaner” app from an unknown website. You remove the app and run a malware scan. The user asks how to avoid this in the future while still installing new apps. Which guidance is MOST appropriate to reduce this type of security risk?
Options:
A. Install a third-party task killer app so any suspicious apps can be forced to close when they misbehave
B. Connect only to trusted Wi-Fi networks, because the ads were most likely caused by an insecure wireless connection
C. Only install apps from the official app store and review requested permissions carefully before installing or updating them
D. Turn off automatic OS and app updates so the phone’s behavior doesn’t suddenly change after updates
Best answer: C
Explanation: In the scenario, the root cause of the pop-up ads is that the user installed an app from an unknown website after clicking a link in a text message. This is classic unsafe sideloading behavior. After removing the malicious app, the technician should focus on educating the user so they avoid similar mistakes.
The strongest, most directly relevant advice is to limit app installs to the official store (such as Google Play Store) and to carefully review app permissions before installing and when updating. Official stores perform some vetting, and permissions review helps users spot apps that ask for unnecessary access, both of which significantly reduce the chance of installing malware while still allowing normal app usage.
Other ideas like task killers, turning off updates, or focusing on Wi-Fi security either don’t address the main cause or actually weaken security, so they are not the best guidance in this context.
Topic: Security
A help-desk technician is creating a short guide on safe software downloads for users who install tools through a modern web browser. The goal is to prefer trusted download sources and verify file integrity when possible.
Which of the following actions should the technician AVOID including in the guide? (Select TWO.)
Options:
A. Configure the browser to prompt before opening executable downloads so users must explicitly choose to run installers after they have been saved.
B. Download installers only from the software vendor’s official website or a trusted app/extension store and avoid third-party mirror sites when possible.
C. Turn off the browser’s safe browsing or download reputation checks so users are not interrupted by warnings when downloading installers from unfamiliar websites.
D. Compare the SHA-256 or similar hash of a downloaded installer against the value published on the vendor’s HTTPS site before running the file.
E. Install software offered through pop-up advertisements that claim to optimize performance, without confirming the publisher or checking any hash values.
F. Enable the browser’s built-in safe browsing or download protection feature so that files from known malicious or suspicious sites are blocked or clearly warned about.
Correct answers: C and E
Explanation: This scenario focuses on configuring browser download behaviors so users prefer trusted sources and verify file integrity using hashes where possible. A secure configuration keeps built-in protections enabled, steers users toward official vendor sites or trusted stores, and encourages hash verification before running executables.
Unsafe practices include disabling security features that warn about or block malicious downloads and encouraging installation of software from untrusted pop-up ads without any verification. These actions undermine the entire goal of controlled, integrity-checked downloads and significantly increase malware risk.
By contrast, enabling safe browsing, using official download channels, requiring prompts before running executables, and comparing hashes to vendor-published values all reduce the odds of installing tampered or malicious software.
Topic: Security
A technician is configuring a new Windows 11 desktop for the HR department that will store payroll and other sensitive employee data. The PC is in an open office where it may be left unattended. Company policy requires secure logon and least privilege for all local accounts.
Which TWO of the following configuration choices should the technician AVOID? (Select TWO.)
Options:
A. Set the screen to lock and require credentials after 5 minutes of inactivity.
B. Create a separate standard user account for each HR staff member and reserve the local Administrator account for IT tasks only.
C. Configure Windows to automatically sign in at startup to a shared local account so staff can use the PC without entering credentials.
D. Enable Windows Hello with a complex PIN and fingerprint sign-in backed by the device’s TPM.
E. Add each HR user account to the local Administrators group so they can install any software they need without contacting IT.
Correct answers: C and E
Explanation: This scenario focuses on configuring Windows 11 accounts and logon options in a way that protects sensitive HR data while following least privilege and secure logon practices.
Least privilege means users should have only the minimum rights they need to perform their jobs. For day-to-day tasks like email, documents, and line-of-business apps, standard user rights are usually sufficient. Administrator rights should be reserved for IT or tightly controlled accounts.
Secure logon practices require that each user uniquely authenticates to the system and that a locked or powered-on workstation cannot be used without valid credentials. Tools like Windows Hello PINs and biometrics, alongside lock-screen timeouts, help enforce this while keeping sign-in convenient.
In this context, allowing automatic sign-in to a shared account or elevating all users to local administrators clearly undermines both least privilege and secure logon, especially on a system located in an open office with sensitive HR data.
Topic: Operational Procedures
Which of the following statements about using asset management tools and records is NOT correct?
Options:
A. Asset tags or unique IDs help identify individual devices and can be linked to inventory or CMDB records for easier tracking.
B. A configuration management database (CMDB) usually stores details about configuration items, including hardware, software, relationships, and owners, not just serial numbers.
C. Using barcode or QR-code labels on laptops and other hardware can speed up audits and reduce typing errors during inventory updates.
D. Once an initial inventory spreadsheet is created, there is usually no need to update asset records when devices are reassigned, because user changes are tracked only in HR systems.
Best answer: D
Explanation: Asset management best practices require accurate, up‑to‑date records that link physical devices to logical information such as assigned user, location, and configuration details. Inventory lists and CMDBs are tools that store this information, while asset tags or IDs provide a unique way to connect the physical hardware to its record.
A key point is that these records must be maintained over time. When devices are reassigned, moved, or decommissioned, the inventory or CMDB needs to be updated so technicians can quickly locate equipment, see who is using it, and support audits, security investigations, and lifecycle planning.
Topic: Operational Procedures
Which TWO of the following are typically included in a Safety Data Sheet (SDS) for materials such as printer toner or batteries? (Select TWO.)
Options:
A. Network configuration settings required to connect the device to Wi-Fi
B. Emergency first-aid and exposure response information
C. Recommended personal protective equipment (PPE) and safe handling procedures
D. Retail pricing and warranty terms for the product
E. Step-by-step instructions for updating the device’s firmware
Correct answers: B and C
Explanation: A Safety Data Sheet (SDS) is a standardized document that provides detailed safety information about a chemical or hazardous material, such as printer toner, cleaning solutions, or certain types of batteries. It is intended for workers and emergency responders so they can store, handle, use, and dispose of the material safely, and react properly in case of an exposure or spill.
Typical SDS sections include hazard identification; composition; first-aid measures; firefighting measures; accidental release measures; handling and storage; exposure controls and PPE; physical and chemical properties; stability and reactivity; toxicological information; and disposal considerations. They do not cover device configuration, pricing, or warranty topics.
Because technicians may need to handle toner, solvents, and batteries, knowing that the SDS is the authoritative source for safe handling, PPE, and emergency response is important for both personal safety and regulatory compliance.
Topic: Operational Procedures
A remote help-desk technician takes a call from a user who sounds frustrated and says, “I’ve called three times this week and this still isn’t fixed. Why can’t anyone there do their job?” The technician sees previous tickets and realizes the user has reported the same issue several times. The technician wants to handle the situation professionally and avoid escalating the user’s anger.
Which of the following actions would BEST demonstrate proper communication and professionalism in this situation? (Select TWO.)
Options:
A. Explain that previous technicians already tried the standard fixes and tell the user they need to be more patient while you repeat the process.
B. Calmly acknowledge the user’s frustration, apologize for the inconvenience, and reassure them that you will take ownership of resolving the issue.
C. Immediately transfer the call to a supervisor so you do not risk saying something unprofessional.
D. Allow the user to fully explain the problem without interrupting, then paraphrase their main concern back to them to confirm understanding.
E. Firmly let the user know their comments are unfair and that you are doing the best you can.
F. Tell the user that if they had followed the instructions correctly the first time, the issue would already be resolved.
Correct answers: B and D
Explanation: In difficult customer interactions, a support technician should stay calm, avoid arguing or blaming, and use professional communication skills to reduce tension while moving toward a solution. Techniques such as empathy, active listening, and taking ownership of the issue help the user feel respected and heard. This often de-escalates frustration and builds enough trust for troubleshooting to continue.
Responses that sound defensive, judgmental, or argumentative tend to escalate the conflict and are not appropriate, even if the customer’s tone is unfair. Instead of focusing on who is at fault, the technician should focus on understanding the problem clearly and explaining the next steps in a respectful way.
Topic: Operational Procedures
A support technician is about to replace a failing laptop for an employee. Before ordering new hardware or parts, the technician checks the asset database for the laptop’s purchase date, current warranty status, and installed software license details. Which IT operations principle does this behavior BEST demonstrate?
Options:
A. Applying the principle of high availability
B. Maintaining accurate documentation and asset records for support decisions
C. Implementing formal change-management approvals
D. Enforcing least privilege on user accounts
Best answer: B
Explanation: The described behavior shows a technician using existing records to make a smarter, policy-aligned decision about how to handle a failing device. By checking the asset database for purchase date, remaining warranty, and software licensing details, the technician can determine whether the device or parts may be covered under warranty and whether any licenses must be re-assigned or re-purchased.
This is directly tied to documentation and asset management best practices. Well-maintained records (asset tags, purchase dates, warranty terms, and license keys) allow support staff to avoid unnecessary costs, stay compliant with software licensing, and choose appropriately between repair and replacement.
Security concepts such as least privilege, or operational concepts like change management and high availability, do not explain the main purpose of this behavior, which is using accurate documentation to inform support decisions before taking action.
Topic: Security
Which statement correctly describes how standard formatting, wiping, and low-level formatting affect data recoverability on a drive?
Options:
A. Low-level formatting leaves data recoverable, but a standard format or wipe permanently destroys the data.
B. A standard format overwrites all data, making it unrecoverable, while wiping and low-level formatting only remove file system references.
C. Standard formatting, wiping, and low-level formatting all make data permanently unrecoverable on modern drives.
D. A secure wipe or low-level format overwrites existing data so it is not normally recoverable, while a standard format usually leaves data recoverable with specialized tools.
Best answer: D
Explanation: Data destruction methods differ mainly in how thoroughly they remove the underlying data.
A standard format (such as a quick format) typically recreates file system structures and marks space as available but does not overwrite every data sector. As a result, much of the previous data can still be recovered using specialized recovery tools.
A secure wipe/erase intentionally overwrites existing data (often one or more times) so that the original contents cannot be read back. When properly completed, normal recovery tools cannot restore the wiped data.
A low-level format operates at the sector level on a drive, recreating the physical or logical sector layout and effectively destroying any data in those sectors. On modern drives this is usually only done at the factory or via specialized utilities, but its effect is similar to a thorough overwrite: data is not normally recoverable afterward.
Therefore, wiping or low-level formatting are appropriate when you must ensure data cannot be recovered, such as before recycling or decommissioning a drive. A simple standard format is usually sufficient only when the drive will be reused in a trusted environment and strong data confidentiality is not required.
Topic: Security
A small dental office recently upgraded its SOHO wireless router. Staff need secure access to internal file shares and cloud apps, while patients should have easy Wi-Fi access to the internet only. The owner wants to avoid giving patients the same password staff use and keep support simple. Which router configuration is BEST?
Options:
A. Create one SSID named “DentalOffice” secured with WPA2/WPA3-Personal (AES) and give the same pre-shared key to both staff and patients.
B. Create two hidden SSIDs, one for staff and one for guests, both secured with WEP so older devices can connect, and rely on obscuring the SSID for extra protection.
C. Create a single hidden SSID with no encryption (open network) but enable client isolation so wireless devices cannot see each other.
D. Create two broadcast SSIDs: “DentalOffice-Staff” using WPA3-Personal (AES) with a strong private passphrase and full LAN access, and “DentalOffice-Guest” as a guest network using WPA2-Personal (AES) with internet-only access and a separate, simpler passphrase for patients.
Best answer: D
Explanation: For a SOHO environment that serves both employees and visitors, you typically want network separation and modern encryption while keeping guest access straightforward. The best practice is to create separate SSIDs for staff and guests, use WPA2 or WPA3 with AES, and put guests on an isolated guest network that only reaches the internet.
Using a single SSID and shared passphrase means guests effectively join the internal network and know the same credentials as staff, which is risky. Open (unencrypted) networks or legacy ciphers like WEP are no longer acceptable, especially where customer data might be present. Hiding the SSID offers little real security and often harms usability.
The ideal answer combines: separate staff and guest SSIDs, WPA2/WPA3-Personal with AES, broadcast SSIDs for ease of use, and guest network isolation so visitors cannot reach internal systems.
Topic: Software Troubleshooting
A user’s Windows 10 laptop was installing updates when the battery died. Now, when the laptop is powered on, it immediately displays “No bootable device found” before Windows loads. In UEFI/BIOS setup, the technician can see the internal SSD listed and healthy.
Which TWO actions should the technician take first to best attempt to restore the system’s ability to boot Windows without unnecessary data loss? (Select TWO.)
Options:
A. Run Windows Memory Diagnostic to check for faulty RAM
B. Reset the user’s Windows password from a local administrator account
C. Boot from Windows recovery or installation media and run Startup Repair
D. Configure the UEFI/BIOS boot order so that the internal SSD (Windows Boot Manager) is the first boot device
E. Replace the SSD and perform a clean installation of Windows 10
F. Restore the user’s files from last night’s backup to a network share
Correct answers: C and D
Explanation: The laptop shows a “No bootable device found” message after an interrupted Windows update, but the internal SSD is visible and appears healthy in UEFI/BIOS. At an entry-level support stage, the technician should first check simple, non-destructive issues like firmware boot order, then use built-in repair tools that can fix corrupted startup files without wiping the system.
If UEFI/BIOS is set to boot from the wrong device (for example, network, USB, or an empty drive), the system will not reach the Windows bootloader even if the SSD is fine. Correcting the boot order to prioritize the internal SSD or Windows Boot Manager often resolves this.
If the boot order is correct but the update interruption corrupted the boot configuration, Windows Startup Repair (launched from recovery or installation media) can automatically detect and fix many common startup and bootloader issues while preserving user data and applications. These two actions align with safe, first-line troubleshooting before considering more invasive solutions like drive replacement or OS reinstallation.
Topic: Operating Systems
Which TWO of the following statements about built-in macOS features are correct? (Select TWO.)
Options:
A. iCloud in macOS is a built-in antivirus engine that scans files in real time for malware and quarantines threats.
B. Mission Control is primarily used to install macOS updates and manage App Store downloads.
C. The Dock can only display currently running applications and cannot be customized to pin favorite apps or folders.
D. Keychain is a built-in password manager that securely stores website passwords, Wi-Fi keys, and certificates for use across macOS apps.
E. Spotlight lets users quickly search for files, apps, and system settings, and can also perform simple calculations and conversions.
Correct answers: D and E
Explanation: macOS includes several built-in tools that improve usability and help technicians support users. Spotlight is a powerful search feature that indexes the system so users can quickly find files, folders, apps, emails, and system preferences. It also performs quick calculations and conversions directly in the search field, which makes it more than just a file finder.
Keychain is macOS’s integrated password and credential manager. It securely stores website logins, Wi-Fi passwords, and certificates, and integrates with Safari and other apps to auto-fill credentials. This reduces password fatigue for users and helps technicians encourage secure, unique passwords without users needing to remember all of them.
Other macOS features mentioned, such as Mission Control, the Dock, and iCloud, have different purposes than those claimed in the incorrect statements. Mission Control manages window and desktop organization, the Dock is a customizable app and folder launcher, and iCloud focuses on syncing and backing up user data across Apple devices, not on antivirus or updates.
Topic: Software Troubleshooting
A user installed a PCIe USB expansion card in a Windows 11 desktop. Now some USB devices randomly disconnect, and you see a yellow warning icon on one USB controller in Device Manager with a message about insufficient resources. The user needs a quick fix without opening the case. Which action should you perform FIRST?
Options:
A. Use Device Manager to uninstall the USB controller with the warning icon, then scan for hardware changes so Windows redetects it
B. Open Task Manager and end background processes that are using high CPU
C. Run Disk Cleanup to free space on the system drive
D. Enter UEFI/BIOS setup and manually change IRQ assignments for USB controllers
Best answer: A
Explanation: The scenario clearly points to a hardware resource or driver issue with a USB controller: USB devices disconnect, and Device Manager shows a yellow warning icon with a resource-related message. On Windows client systems, Device Manager is the primary tool to correct device driver and resource problems at the OS level.
A safe, common first step is to use Device Manager to uninstall the specific device that is in a faulted state and then scan for hardware changes. This causes Windows to rediscover the controller, reload or refresh the driver, and often reassign resources automatically. It meets the user’s requirement for a quick software-based fix without opening the case or changing low-level firmware settings.
Other tools, such as Task Manager and Disk Cleanup, are useful for performance and storage issues but do not address a USB controller flagged with a yellow warning icon, which is specifically a device/driver/resource problem.
Topic: Security
In a company that supports both BYOD and corporate-owned smartphones, which statement about privacy and app control is MOST accurate?
Options:
A. On BYOD phones, the company can view and back up all personal photos and messages, but corporate-owned phones cannot be monitored for privacy reasons.
B. Both BYOD and corporate-owned phones must be treated the same, with identical monitoring and app restrictions to keep security simple.
C. On BYOD phones, the company usually limits management to work data and apps, while corporate-owned phones can be tightly locked down and monitored for business use.
D. Corporate-owned phones cannot have any personal apps installed, while BYOD phones cannot be required to install any management or security software.
Best answer: C
Explanation: BYOD (Bring Your Own Device) means the employee owns the device, so the organization must balance security with personal privacy. MDM profiles on BYOD typically secure corporate email, apps, and data containers, and allow selective wipe of business content only.
Corporate-owned devices are company property, so the organization can enforce stricter policies: limiting which apps are installed, configuring all settings, and monitoring device usage for business purposes within legal and policy boundaries. This difference in ownership drives different expectations for privacy and app control between the two policy types.
Topic: Operating Systems
Which TWO of the following statements about interpreting application system requirements are NOT correct? (Select TWO.)
Options:
A. Having more available RAM than the minimum requirement generally improves application performance and stability.
B. A 64-bit application cannot be installed on a 32-bit edition of Windows, even if the CPU itself supports 64-bit instructions.
C. System requirements that mention a USB security token mean the application will run normally even if the token is never connected.
D. If an application lists 20GB of disk space required, it refers to the total capacity of the drive, not how much free space is available.
E. If software requires a dedicated GPU with 4GB of VRAM, a system that only has integrated graphics does not meet that requirement.
Correct answers: C and D
Explanation: When checking whether a workstation can run a new application, you must interpret the system requirements accurately. Disk space requirements refer to how much free space must be available, not just how large the drive is overall. Likewise, if a requirement lists specific hardware such as a dedicated GPU or a USB security token, the system must actually provide that hardware in order for the application to function as intended. Misreading these details can lead to failed installs, poor performance, or applications that cannot launch.
Understanding OS architecture is also important: a 32-bit Windows installation simply cannot run 64-bit applications, even if the CPU itself is 64-bit capable. On the other hand, meeting or exceeding CPU and RAM minimums usually improves responsiveness and stability, so it is good practice to aim above the bare minimum when possible.
Topic: Operating Systems
A help-desk technician is troubleshooting a Windows 11 workstation where a critical line-of-business application crashes on startup. The software vendor’s knowledge base states that the issue is resolved by adding a specific DWORD value under a registry key using Registry Editor (regedit). There is no equivalent setting in the application’s GUI, and the workstation is used for daily financial processing. Company policy states that Tier 1 technicians should not perform direct registry edits on production systems.
Which of the following actions will best ensure the change is handled safely and in accordance with policy? (Select TWO.)
Options:
A. Create a system restore point or registry backup before any registry changes are made to the workstation.
B. Uninstall and reinstall the application instead of following the vendor’s registry instructions, to avoid using Registry Editor.
C. Use Registry Editor to immediately add the DWORD value as described by the vendor, without any additional steps, to minimize downtime.
D. Run Disk Cleanup and remove temporary files to try to resolve the crash without touching the registry.
E. Document the vendor’s registry instructions and open a change/request ticket to escalate the task to the appropriate Tier 2/desktop engineering team.
Correct answers: A and E
Explanation: Registry Editor (regedit) is sometimes required when a vendor documents a very specific registry change as the only way to enable a fix or hidden setting. However, the Windows registry is critical to system operation, and incorrect edits can cause application failures, profile corruption, or even prevent Windows from booting.
Because of this risk, best practice is to create a backup (such as a system restore point or at least an export of the affected registry key) before making any changes. In many organizations, only higher-tier support or engineering teams are allowed to directly modify the registry on production systems. Tier 1 technicians are expected to gather information, document vendor guidance, and then escalate through proper change-management channels.
In this scenario, the technician must both respect the policy restriction on registry edits and acknowledge that a registry change is the documented fix. The safest, policy-compliant approach is to ensure a backup/restore option exists and to escalate the change to the team authorized to use Registry Editor for such modifications.
Topic: Security
Which TWO of the following statements about physical data destruction methods are NOT correct? (Select TWO.)
Options:
A. Using an industrial shredder that reduces storage devices to very small particles is an appropriate method for destroying highly sensitive media.
B. For low-sensitivity data, simply deleting files and emptying the recycle bin is considered an acceptable form of physical destruction.
C. Incinerating drives in a controlled, certified facility is an effective way to physically destroy highly confidential media while meeting environmental regulations.
D. Degaussing is primarily used to destroy data on magnetic media such as traditional hard disk drives and backup tapes.
E. Drilling a few holes through a solid-state drive (SSD) always guarantees data destruction to high-government-security standards.
Correct answers: B and E
Explanation: This question focuses on distinguishing accurate statements about physical data destruction (drilling, shredding, degaussing, incineration) from common misconceptions. Physical destruction is typically chosen when data is highly sensitive or when media will not be reused.
Degaussing is designed for magnetic media like spinning hard drives and backup tapes. It uses a strong magnetic field to scramble the existing magnetic patterns, making the stored data unreadable. It does not work on non-magnetic media such as SSDs or optical discs.
Industrial shredders and incineration both physically destroy the storage media, making data recovery extremely difficult or impossible. When properly certified, these methods are appropriate for highly sensitive or regulated data.
In contrast, drilling only part of a drive (especially an SSD) does not guarantee that all memory components are destroyed, and logical deletion (like emptying the recycle bin) does not physically affect the media at all. Both of these are unsafe or misleading to treat as equivalent to proper physical destruction methods, especially in environments with compliance or high-security requirements.
Topic: Security
A technician is creating a hardening checklist for new Windows 11 laptops that will be issued to the finance team. The goal is to reduce security risks from default configurations before users receive the systems.
Which of the following actions is NOT an appropriate hardening step for these workstations?
Options:
A. Leave the default local administrator username and password in place so any technician can easily log in to support the laptops.
B. Disable AutoRun/AutoPlay for removable media so USB drives do not automatically execute content.
C. Change the factory-set local administrator password to a unique, complex password on each laptop.
D. Turn off unnecessary file and printer sharing services on laptops that will only access cloud-based resources.
Best answer: A
Explanation: Workstation hardening focuses on reducing the attack surface and closing obvious security gaps before systems are put into production. Common steps include changing default credentials, disabling automatic execution of untrusted content, and turning off services that are not required.
Leaving default administrator credentials in place is extremely risky. Default usernames and passwords are widely documented and are among the first things attackers try when attempting to compromise a system. Good hardening practices require changing these to strong, unique passwords and, where possible, renaming default accounts or using different admin structures.
By contrast, disabling AutoRun/AutoPlay and turning off unneeded sharing services both directly reduce ways malware or attackers could gain access to the workstation. These changes may add small inconveniences but significantly improve security for sensitive users like finance staff.
Topic: Operational Procedures
Which TWO of the following statements about workstation backup and recovery methods are NOT correct? (Select TWO.)
Options:
A. You should avoid testing restores because repeatedly restoring backups can corrupt them or make them unusable.
B. Before performing a major OS upgrade, you should verify that a recent, successful backup of important user data exists.
C. If a user accidentally deletes a single folder, the fastest and safest method is to reimage the entire workstation from the last full backup.
D. Restoring files to an alternate location lets you recover or compare individual files without immediately overwriting the user’s current data.
E. An in-place restore overwrites existing files, so it should only be used when you are confident the backup is good and you want the workstation returned to that exact state.
Correct answers: A and C
Explanation: Backup and recovery strategies for workstations should protect user data while minimizing downtime. When restoring, technicians choose between in-place overwrites and restoring to an alternate location. In-place restores overwrite existing files and are useful when you are certain the backup is good and want the system exactly as it was at backup time. Restoring to an alternate location is safer when you only need certain files or are unsure what changed, because it lets you compare and selectively copy data without risking additional loss.
Good procedures also include verifying that backups exist and are recent before major operations like OS upgrades, and regularly testing restores to ensure backups are usable. Overly heavy-handed recovery methods, like reimaging an entire workstation for a single deleted folder, waste time and can cause unnecessary data loss compared to a focused file-level restore.
Topic: Operating Systems
A remote user cannot reach a new internal web application from a Windows 11 laptop when connected over VPN. The company’s security policy states that built-in protections such as Microsoft Defender Antivirus and Windows Defender Firewall must remain enabled unless the security team approves an exception.
Which of the following actions would NOT be an appropriate way to troubleshoot this issue?
Options:
A. Temporarily turn off Windows Defender Firewall for all network profiles and continue browsing normally, leaving the firewall disabled if the site then loads.
B. Contact the network or security team to confirm whether the internal site is being blocked by a corporate web filter before making local firewall changes.
C. Open the Windows Defender Firewall settings and use “Allow an app through firewall” to verify that the browser is allowed on the active network profile.
D. In the browser’s Internet Options or network settings, verify that the proxy configuration matches the company’s documented VPN proxy settings.
Best answer: A
Explanation: When troubleshooting web connectivity issues on a managed Windows 10/11 device, you should respect security policies and keep protections like Windows Defender Firewall enabled. Appropriate steps include verifying browser and proxy settings, confirming the app is allowed through the firewall on the specific profile, and coordinating with the security team about any central web filtering.
Turning off Windows Defender Firewall entirely, especially across all network profiles and with no plan to re-enable it, is an unsafe anti-pattern. It violates the principle of least privilege and typical corporate security policies, and it exposes the system to unnecessary risk. Instead, a technician should make narrow, documented changes (such as adjusting an allowed app entry) or involve the appropriate team for rule updates.
Topic: Software Troubleshooting
A user reports that many documents in their Documents folder now have random filenames with a .encrypted extension, and a text file on the desktop demands payment to recover the files. Other PCs on the network are not yet affected. Which of the following should the technician do NEXT to best protect data and address the issue?
Options:
A. Have the user change their account password and increase the account lockout threshold.
B. Rename the affected files back to their original extensions and try to open them again.
C. Run Disk Cleanup to remove temporary files and then reboot the computer.
D. Immediately disconnect this computer from the network and follow the organization’s incident response procedure.
Best answer: D
Explanation: The described symptoms—files renamed with a new extension, documents no longer opening, and a payment demand text file—are classic signs of a ransomware infection. When ransomware is suspected, the immediate priority is to contain the threat so it cannot spread to other systems or further encrypt data.
The best next step is to disconnect the affected computer from the network (unplug Ethernet, disable Wi-Fi, remove from VPN) and then follow the organization’s incident response procedure. That procedure will typically include full malware removal, assessing the scope of impact, and restoring data from clean backups if available. Actions like running basic cleanup tools, changing passwords, or renaming files do not address the underlying malware and can delay proper containment and recovery.
Topic: Operating Systems
A small office uses a hosted Exchange service (for example, Microsoft 365) for email, calendar, and contacts. A new employee wants to use Outlook on a Windows 11 laptop and also access the same mailbox, calendar, and contacts on a mobile device. Company policy requires all data to remain in the cloud for centralized backup (no local-only archives). Which of the following is the BEST way to configure Outlook on the laptop?
Options:
A. Have the user access email only through the provider’s webmail portal in a browser instead of configuring Outlook.
B. Configure the account in Outlook as IMAP with manually entered server names and import calendar data using a one-time .ics file.
C. Create a POP3 account in Outlook that downloads mail to a local .pst file and disable the option to leave a copy of messages on the server.
D. Add the account in Outlook using the Microsoft 365/Exchange account type and allow autodiscover to configure the connection.
Best answer: D
Explanation: Hosted Exchange and Microsoft 365 are cloud-based email systems designed to provide a single mailbox with synchronized email, calendar, and contacts across multiple devices. The best practice for Outlook on Windows in such environments is to connect using the native Microsoft 365/Exchange account type, which leverages autodiscover. This automatically configures the correct servers and uses Exchange protocols to keep data synchronized while storing the master copy in the cloud.
Configuring Outlook in this way ensures that the user’s mailbox, calendar, and contacts remain consistent on the laptop, mobile device, and webmail while the organization maintains centralized backups and policies on the cloud service. It also minimizes manual configuration work and reduces the risk of misconfiguration compared to manual POP3 or IMAP setups.
Topic: Operational Procedures
A technician removes a working PCIe network card from a desktop and needs to store it for future use. Which practice is the MOST appropriate way to handle and store the card?
Options:
A. Wrap the card in bubble wrap and place it directly on a metal shelf
B. Place the card on top of a powered-off computer case so it is easy to find later
C. Place the card in an antistatic bag and store it in a labeled box on a shelf
D. Seal the card in a regular plastic kitchen bag and store it in a desk drawer
Best answer: C
Explanation: Sensitive electronic components such as expansion cards should always be protected from electrostatic discharge (ESD) and physical damage when handled or stored. The standard best practice is to place the component in an antistatic (ESD-safe) bag and then store it in a safe, dry location where it will not be crushed, bent, or exposed to contaminants. This reduces the risk of latent or immediate damage that could cause failures when the component is reused.
Antistatic bags are specifically engineered to dissipate static charges and shield components from external static. Ordinary plastic or packing materials can hold or generate static and may actually increase the risk of ESD damage, even if they protect against physical impact.
Topic: Operational Procedures
A company adds an AI feature to its self-service help-desk portal. Users can type a description of their problem in plain language, and the system responds with a short summary of the issue plus a list of the most relevant existing knowledge-base articles and links. Which AI use case does this integration BEST represent?
Options:
A. Predictive hardware failure detection based on sensor data
B. Automated translation of support tickets between languages
C. Automated log file summarization for system administrators
D. AI-assisted knowledge-base search and recommendation
Best answer: D
Explanation: The described portal enhancement lets users enter a problem in natural language and receive a concise summary plus links to relevant knowledge-base (KB) articles. This is a classic example of integrating AI into support workflows to improve self-service.
In this workflow, the AI model parses the text, identifies key concepts and error descriptions, and compares them with existing KB content. It then recommends the closest matches and may generate a short plain-language summary. This reduces time spent searching manually and helps both end users and technicians find existing solutions faster.
This fits the learning objective of recognizing common AI integrations in IT operations, such as AI-assisted knowledge-base search and support portals, log summarization, and other assistant-style features rather than fully autonomous decision-making.
Topic: Operational Procedures
An organization requires users who connect from public Wi-Fi in hotels or cafés to launch the company’s VPN client before accessing internal email or file servers. This requirement is primarily designed to support which security principle?
Options:
A. Protecting the confidentiality of data as it travels over untrusted networks
B. Enforcing least privilege on internal servers and applications
C. Ensuring physical security of laptops and mobile devices
D. Improving system availability by adding redundant network paths
Best answer: A
Explanation: A virtual private network (VPN) creates an encrypted “tunnel” between a remote user’s device and the organization’s private network. When a user connects over an untrusted network such as public Wi-Fi, anyone else on that network could potentially capture unencrypted traffic.
By requiring users to start the VPN before accessing email or internal file shares, the organization ensures that all data sent between the device and the internal network is encrypted. This prevents eavesdroppers on the coffee shop or hotel Wi-Fi from reading usernames, passwords, emails, or file contents, even if they intercept the traffic.
This behavior most directly supports the principle of confidentiality: keeping information hidden from unauthorized parties while it is in transit across an untrusted network. While a VPN can also contribute to integrity and authentication, in this scenario the clearest, primary goal is preventing others from seeing the data being transmitted.
Topic: Security
A small office uses a SOHO router with IP and content filtering to enforce its acceptable use policy. Staff must reach business and banking sites, the company VPN, and cloud apps; guest Wi‑Fi should be limited to general browsing with adult content blocked. Which of the following router configuration changes should the technician AVOID? (Select TWO.)
Options:
A. Create an IP-based allow rule that bypasses all content filtering for one employee’s workstation IP address.
B. Add a content filter rule that blocks banking and financial-services websites for all networks.
C. Enable category-based filtering to block adult content for both staff and guest networks.
D. Create an IP filter that blocks outbound traffic from the guest subnet to the company’s VPN gateway address.
E. Restrict the guest subnet to HTTP/HTTPS and DNS only, and apply search-engine safe-search filtering on the guest network.
Correct answers: A and B
Explanation: SOHO routers commonly support IP filtering (based on IP addresses/subnets) and content filtering (based on domains or categories). These features are used together to enforce acceptable use policies while still allowing required business traffic. A good configuration blocks risky or non-business content, segments guests from internal resources, and avoids broad exceptions that undermine policy.
In this scenario, staff must reach banking sites, the company VPN, and cloud apps. Guest Wi‑Fi should only provide general web access with adult content blocked. The technician should avoid any configuration that either prevents required business access or creates unjustified exceptions that bypass policy or security controls.
Topic: Operating Systems
A user reports they can no longer connect to their Windows 11 office PC using Remote Desktop from another computer on the same LAN. The issue started right after the user enabled Windows Defender Firewall. The PC responds to ping, and Remote Desktop is enabled in System settings. Which is the BEST next step to restore remote access while keeping the firewall enabled?
Options:
A. Enable File and Printer Sharing in Windows Defender Firewall
B. In Windows Defender Firewall, allow the Remote Desktop app through the firewall on the appropriate network profile
C. Turn off Windows Defender Firewall for all network profiles
D. Create an outbound firewall rule allowing TCP port 3389 from the office PC to the client computer
Best answer: B
Explanation: In this scenario, Remote Desktop was working until Windows Defender Firewall was enabled. The PC still responds to ping and Remote Desktop is enabled in the OS, so the most likely root cause is that the firewall is now blocking inbound RDP traffic.
The proper fix at the workstation level is to adjust the local firewall rules so that Remote Desktop traffic is allowed while the firewall remains active. Windows Defender Firewall provides a simple interface to allow specific apps, including Remote Desktop, through the firewall for selected network profiles (such as Private or Domain). This opens the necessary inbound port without disabling the entire firewall.
This question reinforces that you should modify firewall application rules or create targeted port exceptions rather than turning the firewall off entirely when a single application is blocked.
Topic: Operating Systems
An IT admin supports 30 Windows 11 laptops for remote staff. Currently, when Windows becomes unbootable, users ship laptops back so IT can reinstall from a generic USB installer, wiping data and causing days of downtime. All laptops include an OEM recovery partition with “Reset this PC” and repair tools. The company wants to minimize downtime and preserve user files without building new server infrastructure. Which boot method should the admin standardize on to best meet these goals?
Options:
A. Create a second Windows installation on a new partition and have users boot into that OS if the primary one fails.
B. Deploy a PXE server so all laptops can network-boot to a standard corporate image for every repair.
C. Send users a Windows installation USB drive and have them perform a clean OS install when problems occur.
D. Standardize on booting into the OEM recovery partition and using its repair/reset tools that keep user files.
Best answer: D
Explanation: The scenario describes an inefficient and risky baseline: when Windows fails, laptops are shipped back and reinstalled from a generic USB drive, which wipes data and causes long downtime. The organization wants a better approach that both protects user files and reduces downtime, without investing in new server infrastructure.
Modern Windows laptops commonly ship with an OEM recovery partition that contains repair environments and tools such as “Reset this PC” and startup repair. Booting into this recovery environment allows technicians or users to repair the installation or reset the OS while choosing options that keep user data. Because it’s already present on every device, it requires no new servers or complex deployment systems and is well suited to remote users.
Other options like full reimaging via PXE or clean installs from USB focus on standardization but typically destroy locally stored data and require more work and coordination, conflicting with the stated goals. Multiboot configurations add unnecessary complexity and don’t directly fix the broken OS image, so they are also not the best optimization here.
Topic: Operational Procedures
A field technician is sent to an office to replace a faulty power strip and run a new Ethernet cable above a drop ceiling in the network closet. The company posts safety rules on the closet door about using proper access equipment, protecting eyes from debris, and keeping exits clear at all times.
Which TWO of the following actions should the technician AVOID to remain compliant with safety procedures? (Select TWO.)
Options:
A. Stacking cardboard boxes in front of the network closet door during the job
B. Checking the new power strip’s rating and plugging it into a grounded wall outlet
C. Using a rolling office chair as a step stool to reach the ceiling grid
D. Wearing safety glasses and a dust mask while lifting ceiling tiles
E. Using an approved step ladder on a level surface to access the ceiling
Correct answers: A and C
Explanation: Workplace and organizational safety procedures are designed to reduce the risk of injury and ensure compliance with regulations. For IT technicians, this often includes using proper ladders instead of improvised platforms, wearing appropriate personal protective equipment (PPE), and keeping all exits and access routes clear.
In this scenario, the technician is working near the ceiling and around electrical equipment in a network closet. The safest behavior follows posted rules: use an approved ladder, wear PPE when opening ceiling tiles, and ensure doors and walkways are never blocked. Actions that create fall hazards or obstruct exits must be avoided, even if they appear convenient or temporary.
Topic: Security
An organization requires all company-issued smartphones to have both a managed mobile anti-malware app and a web content-filtering app installed through the company’s device management system. Which security principle does this policy MOST clearly demonstrate?
Options:
A. Defense in depth
B. High availability
C. Least privilege
D. Nonrepudiation
Best answer: A
Explanation: The policy requires two distinct, centrally managed mobile security tools on each smartphone: an anti-malware app and a web content-filtering app. These controls address different parts of the attack surface: one scans apps and files for malicious code, while the other restricts access to dangerous or inappropriate web content.
Using multiple, overlapping safeguards on the same endpoint is the essence of defense in depth. If a threat bypasses one control (for example, a user taps a malicious link that the anti-malware app does not detect), the content filter might still block the site. Conversely, if a malicious file somehow gets through the filter, the anti-malware tool may catch it. This layered approach is especially important on mobile devices, which frequently connect to untrusted networks and browse the web.
The other principles listed describe different goals: limiting permissions (least privilege), proving who did what (nonrepudiation), or keeping services up (high availability). None of those directly match the idea of stacking multiple security tools on the same device to create overlapping protection layers.
Topic: Operating Systems
An organization announces that, starting next quarter, company resources (VPN, email, file shares) will be blocked for any Windows devices running a version that Microsoft has marked as end-of-life (EOL). Users must upgrade to a currently supported release to stay connected. Which operating system life-cycle principle does this policy MOST directly reflect?
Options:
A. Enforcing bring-your-own-device (BYOD) so users can choose any device and OS they prefer
B. Using change management to document and approve all upgrades and configuration changes
C. Implementing defense in depth by requiring multiple overlapping security controls
D. Avoiding use of end-of-life operating systems that no longer receive vendor security updates or support
Best answer: D
Explanation: Vendors publish a life-cycle for each operating system version, including dates for mainstream support, extended support, and end-of-life (EOL). After EOL, the OS no longer receives security patches or official vendor support. Continuing to use an EOL OS exposes the organization to unpatched vulnerabilities and compatibility problems.
The described policy blocks corporate access for Windows versions that have reached EOL and requires users to upgrade to a supported release. This is a textbook example of tying OS support decisions to vendor life-cycle status and the availability of security updates. By only allowing supported versions, the organization reduces risk from unpatched systems and improves compatibility with modern applications and security tools.
Topic: Security
Which TWO statements about securing file downloads in a modern web browser are correct? (Select TWO.)
Options:
A. Using MD5 hashes guarantees that a downloaded installer came from the correct vendor, even if the vendor’s site has been compromised.
B. Enabling browser features that block downloads from known malicious sites and warn before running downloaded executables can reduce the risk of installing malware.
C. If a file is downloaded over HTTPS, there is no need to verify its hash because encryption guarantees the file is safe to run.
D. Allowing automatic downloads from any website, without prompts or checks, prevents incomplete files and therefore improves security.
E. Comparing a downloaded file’s SHA-256 hash with the value published on the software vendor’s HTTPS site helps verify that the file was not altered.
Correct answers: B and E
Explanation: Secure browser download practices involve both controlling where files come from and confirming that they have not been tampered with. Modern browsers can use built-in protection lists to block or warn about downloads from sites known to host malware. This reduces the chance that users will install unsafe software.
Even when downloading from a trusted vendor over HTTPS, it is good practice to verify file integrity for important installers. The vendor may publish a cryptographic hash (such as SHA-256) for the file. After downloading, the user calculates the hash locally and compares it to the published value. If they match, it is very likely the file is intact and unmodified. However, hashes alone do not prove who created the file; they just confirm that the file has not changed since the hash was generated.
Relying only on automatic downloads, assuming HTTPS always means “safe,” or misunderstanding what hashes do can all weaken security instead of improving it.
Topic: Operating Systems
A junior technician must install a major update to an accounting application on an employee’s Windows 11 PC. The manager wants user data preserved and downtime kept as low as possible. Which TWO of the following actions should the technician AVOID? (Select TWO.)
Options:
A. Verify that the user’s accounting data is included in a recent backup or export before starting the upgrade
B. Plan the upgrade for a low‑usage time, such as the end of the workday, and document the change in the ticketing system
C. Begin uninstalling the existing accounting software and deleting its local data files before confirming a current backup exists
D. Schedule the installation during the busiest part of the workday without informing the user or their manager
E. After installation, open the application with a test or sample file and ask the user to confirm that their own data and key functions work
Correct answers: C and D
Explanation: When planning an application installation or major upgrade, a support technician must protect user data and reduce disruption to their work. That means confirming backups, scheduling during low‑usage periods, communicating clearly, and thoroughly testing the application after the change.
Deleting or modifying application data before confirming a backup is extremely risky and can lead to irreversible data loss. Similarly, making major changes during peak business hours without warning users creates unnecessary downtime and frustration. In contrast, verifying backups, scheduling the change for a quieter time, documenting it, and validating the application with the user are all examples of good operational practice.
Topic: Software Troubleshooting
Which of the following statements about safe mobile app installation practices is NOT correct?
Options:
A. Before installing or updating an app, you should review the permissions it requests and avoid apps that ask for access they do not seem to need.
B. Periodically uninstalling unused apps helps reduce the attack surface and limits how many apps can access your data and device features.
C. You should prefer installing apps from official app stores (such as Google Play or the Apple App Store) instead of third-party download sites.
D. If a game is listed in the official app store, it is always safe to grant any permissions it requests, because the store fully guarantees the app’s security.
Best answer: D
Explanation: Safe mobile app practices focus on reducing risk from malicious or overly intrusive applications. Even when apps come from official stores like Google Play or the Apple App Store, users should still review permissions, check reviews and developer reputation, and remove apps they no longer use. Official stores significantly reduce but do not eliminate the chance of malware or data-harvesting apps.
The incorrect statement is the one that assumes anything in an official store is always safe and that any requested permissions can be granted without thought. This is misleading because store review processes are imperfect, and some apps may request unnecessary access that could threaten privacy or security.
Topic: Software Troubleshooting
A Windows 10 domain user reports that signing in to their PC takes several minutes, but a local test account signs in quickly. You also notice the PC’s clock is about 10 minutes behind other domain computers. You suspect a roaming/domain profile issue plus time drift. Which of the following actions is NOT an appropriate troubleshooting step for an A+ technician?
Options:
A. Check Event Viewer for User Profile Service and Group Policy warnings or errors during the user’s logon.
B. Verify that the Windows Time service is running and that the PC is synchronizing time with the domain controller or approved NTP source.
C. Delete the user’s domain profile folder under C:\Users and let Windows recreate it at next logon without first backing up any data.
D. Review the size and contents of the user’s roaming profile and encourage moving large files (such as videos) out of profile folders to a shared drive or cloud storage.
Best answer: C
Explanation: Slow logons for a specific domain user, especially when local accounts log on quickly, often point to profile-related issues such as a large roaming profile or problems with profile loading and Group Policy processing. Time drift on a domain-joined PC can also cause logon delays or failures because Kerberos and other authentication mechanisms require clocks to be closely synchronized.
A good technician first investigates non-destructively: check logs, verify time sync, and inspect profile size and contents. If a profile needs to be reset, the technician must back up the user’s data and follow a documented procedure. Deleting a profile folder outright with no backup is an obvious anti-pattern that risks permanent data loss and violates standard operational best practices.
Topic: Security
A company is decommissioning several types of storage media that contain different sensitivity levels of data, from public training documents to highly confidential client and medical records. The security policy requires using appropriate physical destruction methods for each type of media and data sensitivity.
Which TWO actions should the technician AVOID? (Select TWO.)
Options:
A. Send desktop hard drives that only stored public training materials to a reputable recycler that provides documented media shredding services.
B. Place hard drives from an internal finance server that held tax records into a locked container for a certified on-site shredder that reduces drives to small metal and plastic fragments.
C. Drill a single hole through each USB flash drive that stored executive strategy documents and then discard them in regular office trash bins.
D. Degaus old backup tapes that only contain historical marketing material, following the tape vendor’s degaussing guidelines before disposal.
E. Run retired SSDs containing patient medical records through a magnetic degausser and then resell the drives online as used equipment.
Correct answers: C and E
Explanation: Physical data destruction methods must be matched both to the type of storage media (magnetic vs solid-state/flash) and the sensitivity level of the data.
Magnetic degaussing is effective only for magnetic media like traditional hard disk drives and backup tapes; it randomizes the magnetic fields that hold the data. It does not affect solid-state storage such as SSDs and USB flash drives, which store data in non-magnetic memory cells.
For highly sensitive or regulated data, such as medical records or executive strategy documents, organizations typically require complete physical destruction of the media so data cannot be reconstructed. Methods such as certified shredding (to very small particles), pulverizing, or incineration under controlled conditions are appropriate. Minimal damage, like drilling a single hole and discarding devices in regular trash, is insufficient.
Lower-sensitivity data (for example, public marketing or training materials) can be destroyed with less stringent methods as long as the media is rendered unusable and the process is documented, often via certified shredding or degaussing for magnetic tape. Matching the method to both media type and data sensitivity is key to secure destruction.
Topic: Software Troubleshooting
A remote user reports repeated antivirus alerts, unexpected browser redirects, and a CPU constantly at 100% on a Windows 11 laptop. You suspect a significant malware infection that may require advanced tools. Which TWO actions should the technician AVOID? (Select TWO.)
Options:
A. Collect and save the antivirus logs, then follow the organization’s documented malware-removal procedure
B. Download and run a random “PC optimizer” tool recommended by a pop-up message to clean the system
C. Immediately disconnect the laptop from all networks (Wi-Fi and VPN) and notify the security team or supervisor
D. Schedule a full antivirus scan, preferably in Safe Mode, using updated signatures
E. Mark the antivirus detections as allowed so the user can continue working without interruption
Correct answers: B and E
Explanation: The described symptoms—repeated antivirus alerts, browser redirects, and sustained 100% CPU—strongly suggest active malware. In such cases, the technician should escalate to formal malware-removal procedures and, if needed, more advanced tools or a security team, while preserving evidence and containing the threat.
Good actions focus on containment, documentation, and structured remediation, such as disconnecting the device from the network, collecting logs, and running full scans according to policy. Unsafe actions include bypassing security controls (for example, whitelisting unknown threats) and running untrusted tools promoted by pop-ups, which frequently are part of the attack.
The two options to avoid are the ones that reduce protection or introduce additional unverified software, both of which directly conflict with core security principles and proper malware-handling procedures.
Topic: Security
In a corporate wireless network, when is a RADIUS (or similar AAA) server typically used with Wi-Fi access points?
Options:
A. When setting up WPA2-Personal so all users share the same pre-shared key
B. When configuring WPA2-Enterprise so each user signs in to Wi-Fi with their own directory credentials
C. When creating an open guest Wi-Fi network that has no password but shows a terms-of-use web page
D. When enabling simple MAC address filtering to allow or block specific devices
Best answer: B
Explanation: Enterprise authentication methods such as RADIUS and TACACS+ provide centralized authentication, authorization, and accounting (AAA). In a wireless context, they are typically used with WPA2-Enterprise or WPA3-Enterprise and 802.1X so that each user connects to Wi-Fi using their own unique credentials, which are verified against a central server (often tied to a directory like Active Directory).
This is different from consumer-style setups like WPA2-Personal, MAC filtering, or open guest networks, which either rely on shared secrets or minimal/no authentication and therefore do not need a centralized AAA server.
Topic: Operating Systems
A help-desk policy states that when using Task Manager to troubleshoot, technicians must verify unknown processes before ending them and avoid terminating system services unless directed by a senior admin. Which core security principle does this policy BEST support?
Options:
A. Integrity
B. Least privilege
C. Confidentiality
D. Availability
Best answer: D
Explanation: The scenario describes a policy for using Task Manager safely: technicians must check what a process does before ending it and avoid terminating system services unless instructed by a senior admin. The goal is to prevent accidental shutdown of important services that keep Windows responsive and network or business applications available.
This directly maps to the security principle of availability, which focuses on ensuring systems, applications, and data are accessible to authorized users when needed. By preventing critical processes from being terminated, the organization reduces the risk of outages, crashes, or lost connectivity caused by incorrect use of Task Manager.
While confidentiality, integrity, and least privilege are also important, they are not the main concern in this specific policy. The emphasis here is keeping the system and its services up and running while troubleshooting.
Use the CompTIA A+ 220-1202 Practice Test page for the full IT Mastery route, mixed-topic practice, timed mock exams, explanations, and web/mobile app access.
Try CompTIA A+ 220-1202 on Web View CompTIA A+ 220-1202 Practice Test
Read the CompTIA A+ 220-1202 Cheat Sheet on Tech Exam Lexicon for concept review before another timed run.