Try 10 focused CompTIA A+ 220-1202 questions on Security, with explanations, then continue with IT Mastery.
Open the matching IT Mastery practice page for timed mocks, topic drills, progress tracking, explanations, and full practice.
Try CompTIA A+ 220-1202 on Web View full CompTIA A+ 220-1202 practice page
| Field | Detail |
|---|---|
| Exam route | CompTIA A+ 220-1202 |
| Topic area | Security |
| Blueprint weight | 25% |
| Page purpose | Focused sample questions before returning to mixed practice |
Use this page to isolate Security for CompTIA A+ 220-1202. Work through the 10 questions first, then review the explanations and return to mixed practice in IT Mastery.
| Pass | What to do | What to record |
|---|---|---|
| First attempt | Answer without checking the explanation first. | The fact, rule, calculation, or judgment point that controlled your answer. |
| Review | Read the explanation even when you were correct. | Why the best answer is stronger than the closest distractor. |
| Repair | Repeat only missed or uncertain items after a short break. | The pattern behind misses, not the answer letter. |
| Transfer | Return to mixed practice once the topic feels stable. | Whether the same skill holds up when the topic is no longer obvious. |
Blueprint context: 25% of the practice outline. A focused topic score can overstate readiness if you recognize the pattern too quickly, so use it as repair work before timed mixed sets.
These questions are original IT Mastery practice items aligned to this topic area. They are designed for self-assessment and are not official exam questions.
Topic: Security
Which of the following statements about common application-layer threats is NOT correct?
Options:
A. Cross-site scripting (XSS) often involves injecting malicious script into a web page so it runs in visitors’ browsers and can steal cookies or impersonate users.
B. SQL injection involves sending specially crafted input to a web application so it runs unintended commands against its backend database.
C. Supply chain or software pipeline attacks usually require the victim to expose their database directly to the internet so attackers can bypass the application and run SQL commands.
D. Business email compromise (BEC) typically uses fake or hijacked business email accounts to socially engineer employees into sending money or sensitive data, often without using any malware at all.
Best answer: C
Explanation: Application-layer threats target the software and workflows that sit on top of the network stack, such as web applications, email systems, and update pipelines. A junior technician mainly needs to recognize the basic ideas and examples of each.
SQL injection is when an attacker sends specially crafted input into a web form or URL so the application builds and runs harmful database queries. Cross-site scripting involves injecting script (often JavaScript) that runs in other users’ browsers, potentially stealing cookies or performing actions as those users. Business email compromise uses convincing emails from real or spoofed business accounts to trick staff into sending money or sensitive information.
Supply chain or software pipeline attacks are different: instead of directly attacking the victim’s database, the attacker compromises software components, update servers, build pipelines, or third-party providers so that when the victim installs or updates software, it already contains malicious changes. Exposing a database directly to the internet is insecure, but it is not what defines a supply chain attack, which is why that statement is the one that is not correct.
Topic: Security
Which of the following BEST describes a potentially unwanted program (PUP) or adware rather than more destructive malware?
Options:
A. Malicious code that encrypts all user documents and demands payment to restore access
B. A free app that silently installs a browser toolbar and starts showing extra pop-up ads but does not encrypt or delete files
C. Hidden software that records every keystroke and secretly sends login credentials to an attacker
D. A self-replicating program that automatically spreads across the network using unpatched vulnerabilities
Best answer: B
Explanation: Potentially unwanted programs (PUPs) and adware are usually bundled with other downloads or installed when users click through installers too quickly. They typically change the browser experience by adding toolbars, search engines, or extensions and show excessive pop-up ads or redirects.
Unlike more destructive malware such as ransomware, worms, or keyloggers, PUPs/adware usually do not encrypt or delete data or aggressively spread across systems. Their main impact is annoyance, reduced performance, privacy concerns from tracking, and a cluttered browser interface, not direct data destruction.
Topic: Security
Which of the following statements about data destruction and disposal is NOT correct?
Options:
A. Paper documents that contain personally identifiable information (PII) should be cross-cut shredded instead of being thrown directly into regular trash bins.
B. When reusing drives internally that previously stored confidential but not top-secret data, using a vendor-approved secure erase or data-overwriting tool is typically an appropriate sanitization method.
C. Performing a quick format on a hard drive is generally sufficient to permanently destroy confidential data before recycling the drive.
D. Physically shredding or pulverizing storage media is an appropriate disposal method for drives that held highly sensitive data and will not be reused.
Best answer: C
Explanation: Data destruction methods must match the sensitivity of the information and the organization’s policies. A quick format on a drive only removes file system metadata, not the actual data blocks, so the data can often be recovered with basic forensic tools. For confidential or highly sensitive data, organizations typically require secure erase, overwriting, or physical destruction.
For drives containing highly sensitive information that will not be reused, physical destruction methods such as shredding, pulverizing, or incineration are recommended to prevent any possibility of data recovery. When a drive that held confidential (but not top-secret) data is being reused internally, running a vendor-approved secure erase or multi-pass overwrite tool is usually sufficient and aligns with many organizational policies. Paper documents containing PII should be cross-cut shredded before disposal to prevent dumpster-diving attacks and protect privacy.
Topic: Security
A company creates every user in a central directory and uses those accounts to control login to Windows, cloud apps via SSO, and the VPN. Permissions are granted by putting users into groups. Which security concept does this setup BEST illustrate?
Options:
A. Identity and access management
B. Mobile device management
C. Privileged access management
D. Data loss prevention
Best answer: A
Explanation: The scenario describes a company using a central directory to create user accounts, then using those same identities to log into Windows, cloud apps via single sign-on (SSO), and VPN, with permissions controlled through groups. This is exactly what identity and access management (IAM) is about: managing who users are and what they are allowed to access.
In many environments, IAM is implemented using a directory service (such as Active Directory or a cloud directory), plus technologies like SAML to provide SSO into cloud apps. IAM policies define which groups can access specific resources, while the directory enforces those rules when users authenticate.
Other tools from the same ecosystem play different, more specialized roles. PAM focuses specifically on controlling privileged/admin accounts. MDM controls devices and their configurations. DLP protects sensitive data from being exfiltrated. IAM is the umbrella concept that ties together identities, authentication (including SSO), and authorization to resources.
Topic: Security
Which of the following statements about using BitLocker and Encrypting File System (EFS) to protect data at rest on Windows 10/11 workstations is NOT correct?
Options:
A. EFS can be applied to individual files or folders on an NTFS volume to prevent other local user accounts from reading those files.
B. BitLocker To Go can encrypt removable USB drives so they must be unlocked with a password or smart card on other computers.
C. BitLocker can be used to encrypt the entire operating system drive so that data is protected if a laptop is lost or stolen.
D. EFS can encrypt files and folders on FAT32 or exFAT volumes as long as the drive is local to the computer.
Best answer: D
Explanation: Data-at-rest encryption on Windows workstations is commonly implemented with BitLocker for full-disk or volume encryption and Encrypting File System (EFS) for per-file or per-folder protection on NTFS volumes. A key limitation is that EFS only works on NTFS, while BitLocker and BitLocker To Go handle entire volumes, including some removable media.
The incorrect statement is the one that claims EFS can encrypt files on FAT32 or exFAT volumes. EFS depends on NTFS features and cannot be used on non-NTFS filesystems. If you copy an EFS-encrypted file from NTFS to a FAT32 or exFAT drive, it is automatically decrypted in the process, so it no longer provides encryption on that destination.
In contrast, BitLocker can encrypt whole volumes, including the operating system drive, so data is protected if a laptop is powered off and stolen. EFS can be used on NTFS volumes to protect specific sensitive files or folders from other local users. BitLocker To Go applies similar full-volume encryption concepts to removable media, typically requiring a password or smart card to unlock the drive on other machines.
Topic: Security
Which Windows feature is specifically designed to provide full-disk encryption of a computer’s internal drive so that all data on the volume is protected if the laptop is lost or stolen, regardless of which user is signed in?
Options:
A. Windows Defender Firewall
B. NTFS file permissions
C. Encrypting File System (EFS)
D. BitLocker
Best answer: D
Explanation: BitLocker is Microsoft’s built-in full-disk encryption technology for Windows. When enabled on a drive, it encrypts the entire volume, including system files and free space, so that data remains protected if the device is lost, stolen, or the drive is removed and connected to another system. Decryption requires the correct key material (such as TPM plus PIN or recovery key), not just a Windows user login.
By contrast, EFS works at the file and folder level and is tied to individual user accounts and their certificates. NTFS permissions and Windows Defender Firewall are important security features, but neither provides encryption of data at rest on the disk.
Topic: Security
Which of the following statements about common malware types is NOT correct?
Options:
A. Spyware’s primary purpose is to lock user files and display a ransom note until the user pays the attacker.
B. Keyloggers can capture keystrokes such as usernames, passwords, and credit card numbers entered on a compromised device.
C. Cryptomining malware secretly uses a victim’s CPU or GPU resources to mine cryptocurrency for the attacker.
D. Ransomware often encrypts user data and then demands a payment, typically in cryptocurrency, to restore access.
Best answer: A
Explanation: The question asks you to identify the one statement that is not correct about common malware types. Modern malware often has overlapping capabilities, but each major category has a typical primary goal or behavior.
Ransomware is known for encrypting data and demanding payment. Cryptomining malware abuses a victim device’s processing power to generate cryptocurrency. Keyloggers focus on recording keystrokes to steal credentials and financial data. Spyware is about secretly collecting data and monitoring user activity, not encrypting files and demanding ransom.
Therefore, the statement that assigns ransomware’s behavior to spyware is the incorrect one.
Topic: Security
Which of the following statements about TKIP and AES Wi‑Fi encryption is NOT correct?
Options:
A. TKIP was introduced as a temporary fix for older hardware and is considered deprecated for new Wi‑Fi deployments.
B. For maximum security on a new SOHO Wi‑Fi router, you should select WPA2 or WPA3 with TKIP rather than AES.
C. AES is the preferred encryption method for modern WPA2/WPA3 personal and enterprise Wi‑Fi networks.
D. Using TKIP instead of AES on a WPA2 network can reduce security and may limit network performance.
Best answer: B
Explanation: Modern Wi‑Fi security standards recommend using WPA2 or WPA3 with AES-based encryption (often shown as AES or CCMP). AES provides stronger encryption and better performance than the older TKIP method. TKIP was designed as a transitional solution to upgrade WEP-era hardware, but it is now considered insecure and should be avoided on new networks.
When configuring a new SOHO router, the most secure and current choice is WPA3‑Personal with AES when available, or WPA2‑Personal with AES if WPA3 is not supported. Selecting TKIP or mixed TKIP/AES modes weakens security and can force clients into legacy compatibility modes.
Topic: Security
Which of the following statements about keeping a modern web browser up to date for security are TRUE? (Select TWO.)
Options:
A. It is safer to download browser update installers from any convenient third-party website instead of using the browser’s own update feature.
B. Using the browser’s built-in update feature (for example, from an About or Help menu) is a safe way to check for and install the latest version.
C. Turning off browser updates permanently reduces the attack surface because the software changes less often.
D. Delaying browser updates for several months improves stability and is generally recommended for better security.
E. Enabling automatic updates helps ensure security fixes are installed quickly without requiring user action.
Correct answers: B and E
Explanation: Keeping a web browser up to date is a key part of reducing exposure to known security vulnerabilities. Modern browsers are frequently patched to fix security issues, so updates should generally be applied promptly. The safest methods use the browser’s built-in update mechanism or official vendor sources, and updates should not be disabled except under very rare, tightly controlled conditions.
Topic: Security
Which TWO statements accurately describe distributed denial-of-service (DDoS) attacks? (Select TWO.)
Options:
A. They are defined by exploiting a single unpatched vulnerability on one server to gain remote code execution.
B. They are often launched from botnets made up of infected devices spread across the Internet.
C. They primarily work by secretly intercepting and altering data between two endpoints without noticeably changing traffic volume.
D. They use large numbers of compromised systems to overwhelm a target with traffic or requests.
E. They require physical access to the victim’s router or switch so the attacker can disconnect users from the network.
Correct answers: B and D
Explanation: A distributed denial-of-service (DDoS) attack is a type of denial-of-service attack where the attack traffic comes from many distributed sources, typically compromised devices controlled by an attacker. The goal is to make a service unavailable by overwhelming its bandwidth, CPU, memory, or other resources with excessive traffic or requests.
To achieve this, attackers often build or rent botnets—networks of malware-infected endpoints such as PCs, servers, or IoT devices. Each bot sends traffic to the victim at the attacker’s command, and the combined load can be enough to disrupt or completely knock services offline.
This is different from other attacks like on-path (man-in-the-middle), which focus on secretly intercepting or modifying traffic, or zero-day exploits, which focus on taking advantage of a specific unknown vulnerability rather than simply flooding resources.
Use the CompTIA A+ 220-1202 Practice Test page for the full IT Mastery route, mixed-topic practice, timed mock exams, explanations, and web/mobile app access.
Try CompTIA A+ 220-1202 on Web View CompTIA A+ 220-1202 Practice Test
Read the CompTIA A+ 220-1202 Cheat Sheet on Tech Exam Lexicon, then return to IT Mastery for timed practice.