Sorry, you are out of time.
CompaTIA A+ Core 2 Practice Exam 2
Closely simulated practice test questions for the Certified Ethical Hacker (CEH) certification exam. While these are not real questions of the actual exam, they significantly increase your readiness level and preparedness for the exam. By the time you can comfortably score up to 70% on this test, you will be ready to take and pass the actual exam.
1. An organization is upgrading its accounting software, which only runs on 64-bit operating systems, to take advantage of modern hardware and improve performance. The accounting team’s workstations are currently running a 32-bit version of Windows 10 and have 8 GB of RAM. The IT department is responsible for upgrading the workstations to ensure compatibility with the new software. What should be the IT department’s primary action to support the installation of the new 64-bit accounting software?
Correct Answer: B. The IT department’s primary action should be to install a 64-bit version of Windows 10 on the workstations (B). A 32-bit version of Windows cannot run 64-bit applications, regardless of the hardware. The workstations already have 8 GB of RAM, which is adequate for basic 64-bit operations, but without a 64-bit operating system, the new accounting software cannot be installed or run. Option A, while increasing RAM may improve overall performance, does not address the core compatibility issue between the software and the OS. Option C is incorrect because most modern processors are already 64-bit capable, and the issue lies with the OS, not the hardware. Option D is also incorrect because there is no 64-bit compatibility mode in a 32-bit operating system. Therefore, upgrading the OS to a 64-bit version is the correct solution (B).
2. An IT support team is working on building a comprehensive knowledge base to reduce the number of support tickets submitted for common technical issues. A technician has been assigned to document a recurring problem with slow Wi-Fi performance in one of the company’s remote offices. The technician identifies that the issue is due to high channel interference from nearby wireless networks. What is the most appropriate way to document this in a knowledge base article to ensure that the information is helpful to both end-users and support staff?
Option (D) is correct because creating a step-by-step guide that includes detailed instructions on verifying signal strength, changing Wi-Fi channels, and documenting the configuration changes makes the article practical and actionable for both users and support staff. This approach provides a clear process for identifying and resolving the issue, making it easy to follow and effective in addressing the specific problem of channel interference. Option (A) is incorrect because while explaining the concept is informative, it may be too technical and overwhelming for end-users and lacks actionable steps for immediate resolution. Option (B) is incorrect because instructing users to contact IT without providing self-help options undermines the purpose of the knowledge base, which is to empower users to resolve issues independently. Option (C) is incorrect because a broad troubleshooting framework without focusing on the specific cause and solution would make it harder for users to find relevant information quickly, reducing the effectiveness of the knowledge base.
3. An IT technician is helping a macOS user who reports that a graphics-heavy application frequently freezes, and when this happens, it locks the entire system. The user cannot access the Apple menu to close the app normally. What should the technician recommend as a first troubleshooting step to close the unresponsive app without restarting the system?
Correct Answer: A. The first troubleshooting step is to use the Force Quit option by pressing Command + Option + Escape (A). This shortcut brings up a menu listing all open applications, allowing the user to force quit the unresponsive app without needing to restart the system. Option B is incorrect because rebooting the system would close all applications, potentially causing data loss. Option C is not directly related to solving the immediate issue of closing the frozen application. Option D, while a viable solution, is more advanced and unnecessary for a standard user, as the Force Quit menu provides a simpler, more user-friendly method.
4. An IT administrator at a legal firm is responsible for securing workstations that handle confidential client information. The administrator noticed that several employees use external DVDs to review case files, but occasionally, AutoPlay windows pop up unexpectedly, offering options to open or run the media. The administrator is concerned that employees might unintentionally execute malicious software embedded in these media through AutoPlay. To prevent this, the administrator needs to disable AutoPlay for all media types while allowing employees to manually access and open files on the media as needed. What is the best configuration to implement this solution?
The correct answer is A. Using Group Policy to disable AutoPlay for all drives ensures that no AutoPlay windows will pop up, eliminating the risk of accidental execution of malicious software. This setting applies to all media types, such as DVDs, USB drives, and external hard drives, providing comprehensive protection across the organization. (A) Disabling AutoPlay through Group Policy also ensures a consistent configuration across all workstations. (B) Option (B) only disables AutoRun for USB devices, leaving DVDs vulnerable. (C) Option (C) relies on antivirus software, which may not catch all malicious files and does not stop the AutoPlay pop-ups from appearing. (D) Option (D) sets the AutoPlay action to “Take no action,” which suppresses some pop-ups but does not prevent the risk of AutoPlay still executing in certain scenarios, making it less reliable. Thus, disabling AutoPlay through Group Policy is the most effective solution to secure the workstations while allowing users to manually access the files.
5. An IT team is preparing to consolidate multiple departmental file servers into a single, centralized server to improve data management. During the planning phase, the change-management board asks for an impact assessment to understand how this consolidation will affect each department’s file access and permissions. What should be included in the impact section of the change request to address these concerns?
Option C is correct because an impact assessment should focus on how the consolidation will change file access patterns and potentially disrupt department workflows. Understanding how file access times may increase or decrease and what workflows might be interrupted allows stakeholders to plan accordingly and prepare for any necessary adjustments. Option A is incorrect because while new folder structures and permissions are important for configuration, they do not describe how workflows and access will be impacted. Option B is incorrect because listing server inventories and applications does not provide insight into the operational impact of the change. Option D is also incorrect because a project plan details the implementation process but does not analyze the effects on end-users. Therefore, providing a detailed impact assessment (C) is the most appropriate approach to address concerns related to file access and workflow disruptions.
6. An employee is returning from lunch and swipes their access card to enter a secured area of the office. As they open the door, another individual carrying several boxes asks the employee to hold the door open, stating that they work for the shipping department and need to deliver these packages to the finance team. The employee, not wanting to be rude, holds the door open, allowing the individual to enter the secured area. Later, security footage reveals that the individual was an outsider with no authorization. What type of attack did the employee unknowingly facilitate?
The correct answer is (B) Tailgating. Tailgating occurs when an unauthorized individual follows an authenticated employee into a secure area without using their own credentials, typically taking advantage of the employee’s courtesy. In this scenario, the outsider asked the employee to hold the door, and the employee, assuming good intent, allowed them to enter without verifying their identity or credentials, which characterizes tailgating. Option (A) Piggybacking is similar but involves the attacker obtaining explicit permission from the victim to gain entry, which is not the case here. The individual simply took advantage of the employee’s politeness without asking for direct permission. Option (C) Pretexting involves creating a false scenario to trick the victim into revealing information, which doesn’t match the physical intrusion described. Option (D) Impersonation involves pretending to be someone else to deceive the victim, which was used as part of the tailgating, but the main security breach occurred due to physical entry without authentication. Thus, the most accurate term for this situation is (B) Tailgating.
7. A support technician is assisting a client who complains that their newly installed monitor occasionally flickers. The technician checks the display settings and finds no issues, and during the time on-site, the monitor does not flicker. The technician responds by saying, “I can’t see the problem right now, so there’s probably nothing wrong with it.” The client insists that the flickering is an intermittent issue that occurs randomly. What would be a better approach for the technician to show that the issue is not being dismissed?
The correct answer is (A) because setting up a monitoring tool shows that the technician is taking proactive steps to identify the root cause, even if the issue is not immediately visible. This approach respects the client’s experience and ensures that their concerns are being investigated thoroughly. Option (B) is incorrect because suggesting that the client is imagining the issue is dismissive and undermines the technician’s credibility. Option (C) is incorrect because replacing the monitor without confirming the problem may resolve the symptom temporarily, but it does not address the underlying cause, and may be perceived as avoiding the troubleshooting process. Option (D) is incorrect because telling the client to contact support again without attempting to investigate further minimizes the issue and suggests the technician is unwilling to put in the effort to resolve it, leading to customer dissatisfaction.
8. A graphic design team is using a third-party file transfer software to share large project files between remote offices. The team has noticed that certain transfers are failing unexpectedly, especially when transferring very large files. The administrator checks the software’s logs and sees repeated entries for “Connection Timeout” errors. After confirming that the network connection is stable, the administrator suspects that the issue is related to the file transfer settings. What should the administrator modify in the software configuration to resolve the issue?
Correct Answer: A. Increasing the timeout value (A) is the correct solution because it allows the software more time to complete the transfer, preventing interruptions that occur when large files take longer than expected to transmit. Enabling resume support (B) is beneficial if a transfer is interrupted but does not address the root cause of the timeouts. Switching from active to passive mode (C) is typically used for firewall issues but is not relevant to timeout settings. Lowering the maximum file size limit (D) might reduce the number of timeouts but would be impractical for the graphic design team, as it would force them to split files manually, adding unnecessary complexity.
9. A financial institution has contracted a third-party vendor to handle the disposal of its decommissioned servers, which contain sensitive client information. As part of the agreement, the vendor is required to provide certification of destruction for each asset. During a routine audit, the IT security team notices that the vendor’s certificates list the serial numbers but do not include timestamps or method of destruction. What is the best action the IT team should take to ensure compliance and accountability?
Correct Answer: A. The primary concern here is the lack of detailed information in the destruction certificates, which are essential for compliance and audit purposes. To ensure accountability, the IT team should request that the vendor update the certificates to include timestamps and detailed destruction methods (A), as this provides a clearer audit trail and confirms that the assets were destroyed according to policy. Option (B) is incorrect because performing an independent audit, while thorough, does not address the immediate issue of inadequate documentation, and audits are typically conducted periodically rather than on each disposal. Option (C) is an overreaction, as switching vendors without attempting to resolve the issue could cause unnecessary disruption. Option (D) does not resolve the main problem, as additional security reports still do not confirm the exact destruction details of each specific asset.
10. A small business owner is setting up a web server in their office and wants external users to be able to access the server using a consistent IP address. The business uses a SOHO router for its Internet connection, which currently uses dynamic IP addressing from the Internet Service Provider (ISP). The owner is concerned that if the external IP address changes, clients will not be able to reliably connect to the server. What is the best configuration to implement to ensure the web server is always reachable?
Option A is correct because a static WAN IP address will remain constant, allowing external users to reliably connect to the web server without the risk of the IP address changing. This ensures that the web server’s address is permanently mapped to a known IP address, simplifying external access and DNS management. Option B is incorrect because while Dynamic DNS (DDNS) can track changing IP addresses, it introduces complexity and potential delays when the IP changes, making it less reliable for a business-critical web server. Option C is incorrect because setting a static IP on the web server itself and configuring port forwarding only works for internal devices; it does not address the issue of the WAN IP address changing. Option D is incorrect because enabling DHCP on the router’s WAN interface would not prevent the ISP from assigning a new external IP address, defeating the purpose of ensuring a consistent WAN IP. Therefore, obtaining and configuring a static WAN IP from the ISP (A) is the most effective solution for reliable external connectivity.
11. An educational institution has a computer lab with several high-end laptops that are frequently used for student projects. Recently, some laptops were stolen despite the building being secured after hours. The security team suspects that the laptops were physically removed during the day when the lab was open to students and staff. To prevent such incidents in the future, what is the most appropriate security measure that should be implemented for the laptops to prevent unauthorized removal?
Correct Answer: A. The best solution to prevent the unauthorized removal of laptops is to install cable locks on each device (A). Cable locks physically secure the equipment to the desks, making it significantly harder to remove them without triggering suspicion. This method is effective during open hours when people have legitimate access to the room. Option B is incorrect because while monitoring entrance and exit logs may help identify who accessed the lab, it does not directly prevent the removal of equipment. Option C suggests using motion detectors, but these would generate false positives in a high-traffic environment like a lab. Option D focuses on controlling access to the lab itself, which is already a secured area, but does not address theft occurring within the room. Therefore, option A is the most practical and effective solution for this scenario.
12. A macOS user relies on iCloud for backing up photos and syncing them across devices. The user recently ran out of iCloud storage, and their Mac now displays a warning that new photos will no longer sync to iCloud. What is the most practical and immediate solution the user can implement to continue syncing photos without losing any existing data?
Correct Answer: B. The most practical solution is to purchase additional iCloud storage (B), which ensures that the user can continue syncing all their photos without having to delete any existing data or disable iCloud Photos. This approach is ideal for users who rely on iCloud for automatic backups and syncing across devices. Option A is impractical because disabling iCloud Photos will stop syncing across devices, and manual backups do not offer the same level of convenience. Option C, while possible, may result in the permanent loss of older photos if they are deleted from iCloud, which may not be desirable. Option D is incorrect because resetting the iCloud account does not affect the storage limit or solve the storage issue.
13. A corporate employee reports that every time they click on a link in their email or in any document, they are redirected to a different, unrelated site that promotes various online products. The IT security team confirms that this behavior is not isolated to a specific browser and occurs across all browsers installed on the machine. A scan of the system shows no malware infections, but the Hosts file has several suspicious entries pointing legitimate websites to different IP addresses. Which of the following should the team do to resolve the issue?
The correct answer is (A) because modifying or resetting the Hosts file will eliminate the unwanted redirections by removing the malicious entries that are redirecting traffic to undesired IP addresses. Resetting its permissions ensures that no unauthorized changes can be made to the Hosts file again. Reinstalling the browsers (B) would not resolve the issue if the Hosts file is compromised, as the behavior affects all browsers. Configuring a firewall (C) may block the suspicious IP addresses temporarily but does not fix the core issue in the Hosts file. Adding legitimate sites to a safe browsing list (D) is ineffective, as the redirections are due to the system-level changes in the Hosts file, not browser settings.
14. An IT department has deployed Windows 11 laptops equipped with built-in infrared cameras for facial recognition. This feature is used by senior executives to provide a fast and secure login experience. Recently, some executives have reported that the facial recognition feature fails to authenticate them in low-light environments, such as dimly lit conference rooms or when working outdoors in the evening. To ensure a consistent experience while maintaining security, what should the IT administrator do?
Correct Answer: D. The best solution is to enable the "Improve Recognition" option in Windows Hello and re-enroll the executives in a well-lit environment (D). This feature allows the camera to capture more facial data, including features under various lighting conditions, which helps the facial recognition system adapt to different environments and increase its accuracy. Adjusting the camera sensitivity settings (A) is not a configurable option in Windows Hello and would not address the issue of poor recognition in low-light environments. Instructing users to switch to PIN or password (B) is not ideal because it removes the convenience and speed of facial recognition, which is why the feature was implemented in the first place. Setting up a secondary login option and requiring a lighting accessory (C) is impractical and would be inconvenient for users. Therefore, option (D) provides the best solution to improve the facial recognition accuracy without compromising security or usability.
15. A user is trying to connect to a corporate file server from their home using a remote access tool over the internet. However, the remote connection keeps failing, and after some investigation, you discover that the user’s Windows Defender Firewall may be blocking the remote access tool. How should you configure Windows Defender Firewall to allow the remote access tool to function correctly without compromising system security?
The correct answer is (B) Use the "Advanced settings" option in Windows Defender Firewall to create a new inbound rule, allowing the specific port used by the remote access tool. By creating a custom inbound rule for the specific port, you can allow the traffic needed for the remote access tool while maintaining the security of the firewall. This method provides granular control, ensuring that only the required traffic is allowed without disabling other important security features. Option (A) is incorrect because disabling the firewall for public networks is a security risk, as it exposes the system to threats from the internet. Option (C) is incorrect because restoring the firewall to its default settings would remove any useful rules and would not address the specific issue. Option (D) is incorrect because disabling Windows Defender Firewall entirely leaves the system vulnerable, and third-party antivirus software does not provide the same level of network traffic filtering as a firewall.
16. A system administrator notices that a particular service on a Windows 10 machine is consuming excessive system resources. The service is critical for the system to operate, but performance needs to be optimized. Upon inspecting Task Manager under the Services tab, what is the most appropriate step to troubleshoot and resolve the performance issue without disabling the service?
Correct Answer: D. Restarting the service from the Services tab (D) can help reset its resource usage and is a practical first step in resolving performance issues. This allows the system to clear any temporary glitches or memory leaks the service might be experiencing, without disrupting other system functions or requiring complex reconfigurations. Increasing the service’s priority (A) may lead to further performance degradation as it could cause other processes to receive less CPU time, making the situation worse. Changing the startup type to Manual (B) would prevent the service from starting automatically, which is not a valid solution since the service is critical. Adjusting dependencies (C) might help in some cases, but Task Manager does not provide detailed control over dependency relationships, and adjusting related services could introduce instability, making it an incorrect choice for immediate troubleshooting.
17. During a remote support session, a technician is trying to guide an anxious user through a complex troubleshooting process. The user frequently interrupts, expressing concerns like “Are you sure this will work?” and “I’m worried we’re going to break something.” Which response would best demonstrate a positive attitude while ensuring the user remains calm and confident throughout the troubleshooting process?
The correct answer is (A) because it acknowledges the user’s concerns while confidently reassuring them that the technician has the necessary experience to handle the situation, creating a supportive environment. Using phrases like “we’ll get through it together” helps build rapport and instill confidence. Option (B) is incorrect because it dismisses the user’s concerns and conveys frustration, which can increase the user’s anxiety and damage the professional relationship. Option (C) is incorrect as it introduces unnecessary doubt and suggests a lack of confidence in the outcome, which could further stress the user. Option (D) is incorrect because it lacks assurance and creates uncertainty, making the user more apprehensive rather than calming their fears.
18. A user reports that a messaging app on their iPhone is intermittently sending messages to unknown contacts without their input. The app was installed through the App Store, and there are no indications of a jailbreak or unauthorized access to the device. Upon review, you notice that the app has background refresh enabled and access to the user’s contact list. What should be the next step to identify the root cause of the unexpected behavior?
Correct Answer: C. Checking the app’s version history and security advisories (C) is the best step because it allows you to determine if the app is affected by a known vulnerability or if a recent update introduced malicious behavior. This approach enables you to understand whether the unexpected behavior is due to a legitimate bug or a security issue. Option (A) would limit the app’s functionality, but it does not address why the app is behaving this way. Option (B) is too drastic and should only be considered if malicious behavior is confirmed. Option (D) would stop the behavior temporarily, but without a clear understanding of the root cause, it would not resolve the issue. Therefore, reviewing the app’s version and advisories (C) is the most targeted way to identify the problem and decide on a proper resolution.
19. A financial services company has recently upgraded its wireless network to WPA2-Enterprise using AES encryption to protect sensitive client data. During a security review, the auditors flagged that one of the access points (APs) is still configured to use WPA with TKIP. The IT manager decides to implement WPA2-AES across all APs to ensure compliance with company security standards. After the change, several devices, including a few laptops used by the accounting department, can no longer connect to the network. What is the most likely reason these devices are unable to connect?
Correct Answer: A. The issue arises because WPA2-Enterprise requires AES encryption, while the devices are still configured to use TKIP. When the access points were switched from WPA to WPA2-AES, devices using TKIP encryption would not be able to connect due to an encryption mismatch (Option A). Option B is incorrect because the devices connected previously under WPA2-Enterprise, which indicates 802.1X compatibility. Option C is incorrect because PSK (Pre-Shared Key) is used for WPA2-Personal, not WPA2-Enterprise. If the devices had been using a PSK, they would not have been able to connect initially. Option D is incorrect because an incorrect network certificate would prevent all connections, not just those resulting from an encryption mismatch (A-D).
20. A tax preparation firm requires its employees to access client tax information, which includes sensitive Personally Identifiable Information (PII) such as Social Security numbers, addresses, and income details. The firm wants to ensure that this data is protected at all times, even if the workstation is compromised. The IT department has been tasked with implementing measures to securely store this data on local machines. What is the most effective method to protect this sensitive PII on each workstation?
The correct answer is A. Using the Encrypting File System (EFS) in Windows ensures that the data is encrypted on disk, making it inaccessible to anyone without the correct decryption key, even if the system is physically compromised or accessed by an unauthorized user. (A) EFS provides strong encryption for files and folders, protecting PII against unauthorized access. (B) Option (B) restricts access using file permissions, which prevents unauthorized users from accessing the data through the operating system but does not protect against data theft if the files are copied or the system is booted into another OS. (C) Option (C) uses a password-protected .zip file, which is not as secure as EFS and can be more easily compromised using brute-force or dictionary attacks. (D) Option (D) suggests using a secure network share, which could be effective but is not always feasible, especially for offline access or when network connectivity is unreliable. Thus, encrypting the folders with EFS is the most comprehensive solution for securing PII on local workstations.
21. During a routine security audit, you discover that several devices in the organization have a file management application installed that is visually identical to a well-known app but has a different package name. This app has been flagged for suspicious activities such as transmitting data to unknown IP addresses and requesting administrative privileges. The official app is available on the Google Play Store, and no users reported manually installing it. What does this indicate, and what should be done next?
Correct Answer: C. This is a clear case of application spoofing (C), as the application is visually similar to a legitimate one but exhibits different behavior, such as a different package name and transmitting data to suspicious IP addresses. The immediate action is to quarantine the affected devices to prevent further potential data leakage and analyze the app in a controlled environment. Option (A) is partially correct in suggesting removal, but without confirming the root cause, immediate removal might trigger unexpected behavior. Option (B) incorrectly assumes the app is legitimate despite multiple red flags. Option (D) is dangerous as it downplays the risk associated with spoofed apps. Thus, quarantining the devices (C) is the best approach to ensure the safety and security of corporate data while conducting a deeper investigation.
22. A Linux user attempts to modify a system configuration file located in /etc/ using a text editor but receives a permission error. The user doesn’t want to switch to the root account but instead wants to make the change using their own user credentials temporarily with root privileges. Which of the following commands would allow the user to achieve this?
Correct Answer: B. The correct command is sudo nano /etc/config.conf (B). Using sudo temporarily elevates the user’s privileges, allowing them to edit the file as root without switching to the root account permanently. This is the most straightforward and appropriate solution for the scenario. Option A, su -c 'nano /etc/config.conf', would allow the command to run as root but requires switching to the root user and entering the root password, which is less efficient. Option C, sudo -i 'nano /etc/config.conf', is incorrect because -i invokes an interactive root shell, which is unnecessary for a simple file edit and adds unnecessary complexity. Option D, su root -c 'nano /etc/config.conf', switches to the root user with the -c flag to run the command but requires the root password, making it more cumbersome than using sudo. Therefore, option B is the best approach for a quick privilege elevation to modify a system file.
23. A system administrator is managing a Windows 10 computer used by multiple employees, and the machine’s disk space is consistently running low. The administrator runs Disk Cleanup (cleanmgr.exe) and notices that the "Windows Update Cleanup" option is available, taking up a considerable amount of space. What is the most appropriate step the administrator should take to free up space without impacting system stability?
Correct Answer: A. The most appropriate action is to select "Windows Update Cleanup" (A). This option removes old Windows Update files that are no longer needed after installing newer updates, freeing up valuable disk space without impacting system stability. Unchecking Windows Update Cleanup and focusing on Temporary Files (B) would free up less space and not address the update files’ storage use. Choosing "Delivery Optimization Files" (C) reduces space used by update downloads shared with other devices but is not as effective as cleaning up old update files. Disabling automatic updates (D) would prevent the system from receiving important security and feature updates, which is not recommended.
24. A helpdesk technician is tasked with creating a .bat script that will automate the cleanup of temporary files from multiple user profiles on a shared computer. The script should navigate through each user's Temp directory and delete only files that have not been modified in the last 30 days. However, after running the .bat file, the technician finds that some files were not deleted, and the script ends abruptly when it encounters directories that are in use. Which of the following should the technician implement in the .bat file to ensure successful completion without terminating prematurely?
Correct Answer: B. The problem occurs because the script is trying to delete files that are currently in use or do not exist, causing an abrupt termination. Using if exist conditions (B) ensures the script only attempts to delete files that are available, avoiding errors that would otherwise halt the script. Option (A) is incorrect because rd /s deletes entire directories, which may include necessary files. Option (C) is partially correct as del /f /s /q can delete read-only files, but it still causes the script to terminate if a file is in use. Option (D) is incorrect because adding echo statements only provides visibility into the script’s execution but does not solve the issue of abrupt terminations.
25. A macOS user needs to scan high-resolution images for a design project. After scanning an image, the user notices that the scanned image appears pixelated and of lower quality than expected. The user checks the scanner’s settings in System Preferences > Printers & Scanners but cannot find options for adjusting the scan resolution. How should the user adjust the scanning settings to achieve higher-quality scans?
Correct Answer: A. The correct step is to use the “Open Scanner” option from the Printers & Scanners preferences and select the highest resolution available before scanning (A). This allows the user to choose a higher DPI (dots per inch), which is necessary for high-quality scans. Option B is unnecessary because reinstalling the driver will not change the resolution settings unless the driver is outdated, and the issue is not caused by a missing driver. Option C is incorrect because the DPI settings can typically be adjusted directly within the scanning interface accessed from System Preferences without needing separate scanning software. Option D is incorrect because the ColorSync Utility is used for color management, not for adjusting the resolution of scanned images.
26. A small business has hired a new employee who will be using a Windows 11 laptop to access company files and resources. The IT administrator needs to configure a user account for the employee on the laptop. Due to company policies, employees are not allowed to access OneDrive or sync settings between devices. Additionally, the employee should be able to use the laptop without needing an internet connection for login. What type of account should the administrator configure on the device?
Correct Answer: C. The most appropriate solution is to create a Local account with standard user privileges (C). This configuration allows the employee to log in to the device without needing an internet connection and avoids integrating OneDrive or other Microsoft services, thereby adhering to company policies. A standard user account is also preferable for security purposes, limiting the user's ability to make system-wide changes. Creating a Microsoft account (A) would automatically enable services such as OneDrive and cloud sync, making it a non-compliant option. Creating a Local account with administrator privileges (B) would grant the employee excessive permissions, which could lead to unintentional or unauthorized changes to the system. Setting a Microsoft account to "Offline Mode" (D) is not a native feature in Windows and does not provide the necessary isolation from Microsoft services. Thus, option (C) best meets the requirements while maintaining security and policy compliance.
27. A user reports that after installing a recent Windows 10 update, their computer is stuck in a continuous reboot loop and fails to boot into the OS. The technician attempts to use Startup Repair, but it fails to resolve the issue. The only available recovery option is Command Prompt through the Advanced Startup Options. What command should the technician execute first to repair the boot configuration and potentially restore normal boot functionality?
The correct answer is A). The bootrec /fixboot command is specifically designed to repair the Boot Configuration Data (BCD) and resolve boot issues like the continuous reboot loop described in this scenario. Using this command first (A) can restore the boot sector and potentially resolve the problem, allowing the OS to boot normally. Option (B), bcdedit /export, creates a backup of the existing BCD but does not resolve current boot issues. The sfc /scannow command (C) checks for and repairs corrupted system files, which is useful if the OS is booting but experiencing functionality problems, not when it’s stuck in a reboot loop. Similarly, chkdsk C: /r (D) is used for checking disk errors, which is unnecessary at this stage since the primary issue is a boot configuration failure, not a disk integrity problem. Therefore, bootrec /fixboot (A) is the correct command to use first in this situation.
28. A user contacts the helpdesk reporting that their browser is frequently redirecting to unwanted websites, and unusual pop-up ads are appearing, even when no browser is open. Additionally, the user noticed that their personal information, such as login credentials and browsing habits, seems to have been compromised. The IT technician suspects the presence of spyware. What should the technician do first to prevent further data leakage and effectively eliminate the spyware?
Correct Answer: C. Disconnecting the network cable and performing a scan using a dedicated anti-spyware tool (C) is the most effective initial step in this scenario because it immediately prevents the spyware from transmitting any more sensitive data over the network. Spyware is specifically designed to collect and transmit user data, so isolating the system is crucial. Using a dedicated anti-spyware tool ensures that the correct utility is being used for detecting and removing spyware, which may not be identified by traditional antivirus software. Option (A), running a full system scan using the built-in antivirus software, might detect some types of malware, but it may not be effective against advanced spyware designed to evade detection by conventional antivirus tools. Option (B), resetting the browser settings and deleting all temporary files, could potentially remove some browser-based spyware, but it does not address system-level spyware that might be monitoring all activity outside the browser. Option (D), manually terminating suspicious processes, can be difficult and risky since advanced spyware often masquerades as legitimate processes, making it challenging to identify. Therefore, disconnecting the system and using a dedicated anti-spyware tool ensures the best chance of removal while protecting the user’s data.
29. A small software development company uses a SOHO router with a built-in firewall to secure its internal network. The network administrator has noticed unusual inbound traffic patterns targeting TCP ports 21, 23, and 3389, which are not being used by any of the company’s services. To prevent potential exploitation, the administrator decides to disable these unused ports on the firewall. What is the primary benefit of disabling unused ports in this scenario?
Option A is correct because disabling unused ports reduces the network’s attack surface by closing potential entry points that could be exploited by attackers. If a service is not in use, keeping the corresponding port open is unnecessary and creates an opportunity for malicious actors to gain access or conduct reconnaissance. By disabling these ports, the administrator limits the potential ways an attacker can attempt to compromise the network. Option B is incorrect because closing ports does not significantly impact network speed or performance; it is a security measure, not a performance enhancement. Option C is incorrect because disabling ports does not involve encrypting traffic; encryption is managed separately through secure protocols. Option D is incorrect because disabling specific ports does not block all traffic; it only prevents communication through the specified ports. Therefore, the primary benefit of disabling unused ports is reducing the attack surface (A).
30. A manufacturing company recently deployed several Internet of Things (IoT) devices, including smart sensors and connected cameras, to monitor equipment and provide real-time analytics on production efficiency. During a security audit, the IT department discovered that these IoT devices were communicating over unencrypted channels and using default factory credentials. There is a concern that attackers could exploit these vulnerabilities to gain access to the network and potentially disrupt operations. What is the most effective first step the IT department should take to secure these devices?
Correct Answer: A. Changing the default credentials and implementing strong, unique passwords for each device (A) is the most effective initial step in securing IoT devices. Default credentials are a well-known vulnerability and are often targeted by attackers to gain unauthorized access. By using strong, unique passwords, the IT department significantly reduces the likelihood of a successful brute-force or dictionary attack. While segmenting IoT devices into a separate VLAN (B) is an important network security practice, it should be done after securing the devices with proper credentials to prevent unauthorized access to the segmented network. Enabling remote management (C) without strong authentication increases the risk of unauthorized access, as attackers could potentially control or reconfigure the devices. Installing third-party antivirus software (D) is not a viable solution for most IoT devices, as they typically have limited processing power and storage, and antivirus software would not address the issue of weak credentials. Therefore, option A is the best first step to securing the devices against unauthorized access.
31. A company’s IT department regularly installs and uninstalls applications on macOS devices for different teams. After a team member uninstalls a large design software suite, they notice that significant disk space has not been reclaimed. Investigation reveals that leftover cache files, preferences, and associated data still reside on the system. What is the best practice for ensuring all files related to the uninstalled application are removed and the disk space is fully recovered?
Correct Answer: D. The best practice for ensuring that all files related to the uninstalled application are removed and disk space is fully recovered is to use a third-party uninstaller (D). These tools are specifically designed to find and remove residual files such as caches, logs, and preferences that remain even after the application itself has been deleted. Option A is incorrect because macOS “Storage Management” can help locate large files but will not directly identify application-specific remnants like hidden caches and preferences. Option B is incorrect because manually searching for files in the cache directories is a time-consuming and error-prone process, and other directories may also contain related files. Option C is incorrect because reinstalling the application does not guarantee that it will include an uninstaller, and this process may reintroduce new files to the system.
32. An organization deploys new external webcams to multiple workstations running Windows 10. A user reports that their webcam is not functioning. Upon investigation in Device Manager (devmgmt.msc), the technician finds that the webcam is listed under "Other devices" with a generic name and a question mark icon. What is the most likely cause of this issue, and what should the technician do to resolve it?
Correct Answer: A. The most likely cause is that the webcam driver is missing or incorrect, and the technician should update the driver from the manufacturer’s website (A). When a device is listed under "Other devices" with a question mark, it indicates that the correct driver is not installed. Downloading the correct driver from the manufacturer’s website ensures compatibility and functionality. Switching the webcam to another USB port (B) would not resolve the driver issue, as the device is recognized but not functioning properly due to the driver. BIOS settings (C) are irrelevant in this case, as external USB webcams do not require BIOS configuration. Assuming the operating system does not support the webcam (D) is incorrect, as Windows 10 supports a wide range of hardware, and the issue is more likely driver-related.
33. A help desk technician receives a call from a user reporting that their company-issued smartphone’s battery is overheating and expanding. The technician advises the user to immediately stop using the device and store it safely until it can be replaced. However, the user has a tendency to keep old hardware as spares, and the technician is concerned the user might improperly store the damaged battery instead of following company procedures for proper disposal. What should the technician do next to ensure proper disposal of the defective battery?
The correct answer is (C) because instructing the user to seal the battery in a non-conductive container and send it to the IT department ensures the damaged battery will be handled according to company safety procedures and subsequently disposed of by certified personnel. This approach reduces the risk of electrical shorts, leakage, or combustion, which can occur with swollen or defective batteries. Option (A) is incorrect because placing a battery in water can cause it to short circuit or increase the risk of leakage. Option (B) is incorrect because storing a defective battery in a locked drawer increases the risk of environmental hazards and does not comply with safe storage practices. Option (D) is incorrect because sending a damaged battery to a landfill via standard mail violates shipping regulations and does not guarantee proper disposal, increasing the risk of fire during transit.
34. A graphic design studio is upgrading its design software, which requires a 64-bit version of Windows and utilizes advanced 3D rendering capabilities. The studio is considering whether to use their existing workstations that run a 32-bit version of Windows 10 with 8 GB of RAM and Intel Core i5 processors. What would be the most significant technical limitation if they attempted to install and run the new 64-bit software on their current system?
Correct Answer: D. The most significant technical limitation in this scenario is that the new 64-bit software cannot be installed on a system running 32-bit Windows (D). A 32-bit operating system cannot support the installation of 64-bit applications, as the architecture is fundamentally different, making this the primary limitation. Option A is incorrect because the Intel Core i5 processor is capable of running 64-bit software; the issue lies in the operating system, not the processor. Option B is partially correct in that a 32-bit version of Windows cannot utilize more than 4 GB of RAM, but this is not the primary issue affecting the installation of 64-bit software. Option C is also incorrect because the current system has 8 GB of RAM, which is sufficient for 64-bit software, though the RAM limit of a 32-bit system would still cause performance issues after upgrading. Therefore, the core issue is the operating system's 32-bit limitation preventing the installation of 64-bit software (D).
35. A small business uses an online payment gateway to process credit card transactions. After a recent data breach, the IT manager discovered that transaction logs stored on the web server included unmasked Primary Account Numbers (PANs) of customers, which violates PCI DSS requirements. What is the best course of action to secure the environment and comply with PCI DSS regulations?
The correct answer is (A) because PCI DSS strictly prohibits storing unmasked PANs in logs. The first step should be to remove any sensitive data from existing logs, followed by implementing logging filters to ensure that sensitive information is excluded from future logs. Running a full audit ensures that no other locations are storing sensitive data improperly. Answer (B) is incorrect because simply archiving the logs without addressing the presence of sensitive data does not resolve the compliance issue and exposes the data to potential unauthorized access. Answer (C) is incorrect because masking some digits of the PAN without removing the full PAN or securing the logs does not meet PCI DSS requirements. Answer (D) is incorrect because deleting all logs and disabling logging features can hinder troubleshooting and monitoring efforts, and merely reconfiguring to log error messages does not prevent unmasked PANs from being stored in the future. Proper remediation involves removing sensitive data, implementing secure logging practices, and verifying compliance.
36. An IT team is deploying a Linux-based archive system for storing large amounts of data that do not change frequently. The primary requirements are stability and backward compatibility with older Linux distributions. Performance is not the main concern, and advanced features like extended attributes are not needed. Which filesystem should the IT team use for this archive system?
Correct Answer: B. The best option for this scenario is ext3 (B) because it provides a stable, backward-compatible filesystem that works well with older Linux distributions. ext3 is designed to be an incremental improvement over ext2 (A) with the addition of journaling, which enhances data integrity. It is well-suited for storing large amounts of data that do not change frequently. Btrfs (C) is a modern filesystem with advanced features like snapshots and subvolumes, but it is not as widely supported on older distributions, and its complexity would be unnecessary in this case. NTFS (D) is a Windows-based filesystem and is not natively supported on Linux without additional drivers, making it a poor choice for a Linux-based system. Therefore, ext3 (B) is the most suitable filesystem for this archive system, as it balances stability, backward compatibility, and simplicity.
37. A user has enabled "Fast Startup" on their Windows 10 desktop to reduce boot time, but they notice that their dual-boot Linux system does not show up in the boot menu after enabling this feature. The user wants to be able to switch between Windows and Linux but still benefit from Fast Startup when using only Windows. How should the user adjust the Power Options to address this issue?
The correct answer is (A) Open "Power Options," click "Choose what the power buttons do," and disable "Turn on fast startup" to ensure the boot menu is always visible. Fast Startup can interfere with dual-boot configurations because it bypasses the full shutdown process, which prevents the boot loader from offering the option to choose another operating system. Disabling Fast Startup will allow the boot menu to show up, providing the option to boot into Linux. Option (B) is incorrect because the "Sleep after" timer affects how quickly the system enters sleep mode, not the dual-boot issue. Option (C) is incorrect because creating a custom power plan or using "High Performance" does not address boot menu visibility. Option (D) is incorrect because enabling Hibernate instead of Fast Startup would not improve boot time and would not resolve the dual-boot visibility issue.
38. A user is organizing a set of files for a project in Windows 10. While renaming files, the user accidentally changes the file extension on several important documents, causing some of them to no longer open with the correct program. The user is not familiar with file extensions and prefers not to deal with them while renaming files. How can you help the user avoid this issue in the future by configuring "File Explorer Options"?
The correct answer is (A) Open "File Explorer Options," go to the "View" tab, and check "Hide extensions for known file types" to prevent file extensions from being edited. By hiding file extensions, the user can rename files without accidentally modifying the extension, which ensures that files remain associated with the correct programs. This is a practical solution for users who do not need to see or edit file extensions regularly. Option (B) is incorrect because restoring default settings will not specifically address the issue of file extensions being visible and modifiable during renaming. Option (C) is incorrect because showing extensions for all file types would make it easier for the user to accidentally modify them while renaming files. Option (D) is incorrect because searching with file extension filters is unrelated to preventing the accidental renaming of file extensions.
39. A user needs to install Linux on an older workstation that has an empty hard drive but a fully functional DVD-ROM drive. The technician prepares a bootable Linux installation DVD and inserts it into the drive. Upon restarting the system, however, the screen stays black and does not boot from the DVD. The technician checks the optical media on another machine, and it boots successfully. What step should the technician take to resolve this issue and proceed with the OS installation?
The correct answer is A. The technician needs to check the BIOS settings and ensure the optical drive is set as the primary boot device because an incorrect boot order is the most likely cause of the system failing to boot from the DVD. Testing the drive with another disc (B) may confirm the drive’s functionality but doesn't address the root problem if the BIOS boot sequence is incorrect. Replacing the hard drive (C) is unnecessary, as the hard drive itself is not relevant to booting from optical media. Disabling legacy USB support (D) is unrelated to optical booting and would not resolve this issue, as it pertains to USB device management. Therefore, A is the most efficient and correct solution.
40. A Linux system administrator notices that a server is running slowly and suspects that a process is consuming too much CPU and memory. They decide to use the top command to monitor the system's performance in real-time and identify the problematic process. Which column in the top output should the administrator focus on to identify the process using the most CPU?
Correct Answer: B. The correct column to focus on is %CPU (B). This column shows the percentage of CPU that each process is using. A high value in this column indicates that the process is consuming significant CPU resources, which may be the cause of the server's slowness. Option A, PID, displays the process ID, which helps identify the process, but does not provide any information about resource usage. Option C, %MEM, shows the percentage of memory a process is using, which can be helpful, but in this case, the focus is on CPU consumption. Option D, TIME+, shows the total CPU time used by the process since it started but does not reflect the current CPU usage percentage. Therefore, %CPU is the most relevant column to monitor when investigating CPU usage.
41. A video editor’s workstation with 16 GB of RAM and a 500 GB SSD is running Windows 10. The technician receives a complaint that the workstation crashes during video rendering, displaying a “Low Disk Space” warning. Task Manager shows that the SSD is at 98% capacity, and the user has several large video projects stored locally. What should the technician do to resolve this issue and ensure stable performance?
The correct answer is A). Adding an external SSD (A) for storing large files and using it as a scratch disk allows the technician to offload the storage burden from the primary drive, freeing up space and improving performance. This approach also prevents crashes caused by low disk space. Increasing the page file size (B) won’t resolve the lack of storage space on the primary SSD and might even exacerbate the issue. Uninstalling unnecessary applications (C) could help temporarily but is not a sustainable solution given the large size of video projects. Upgrading RAM (D) won’t solve a disk space issue, as the problem lies in storage, not memory. Therefore, adding an external SSD (A) is the most appropriate solution to address the low disk space problem.
42. A user is unable to access any network resources, both internal and external, after installing a third-party antivirus application that has its own built-in firewall. The local network connection icon shows “No Internet access” with a yellow warning symbol. The user is connected via Ethernet and can successfully ping the router but cannot reach any other IP addresses. Which of the following should be the next troubleshooting step?
The correct answer is (A) because third-party antivirus software often comes with its own firewall that can override or block legitimate network traffic, leading to connectivity issues. Checking the firewall rules would help identify if the software is blocking network access. Option (B) is incorrect because uninstalling the antivirus is a drastic step and not the most efficient initial solution; understanding the software configuration is preferred. Option (C) is not applicable here since the user can successfully ping the router, which means the IP and DNS settings are not the issue. Option (D) is not recommended because the problem is isolated to the user’s machine, and rebooting the router would disrupt other network users without addressing the root cause.
43. An IT support specialist is using Remote Desktop Protocol (RDP) to assist a user experiencing printer issues on their remote Windows workstation. During the session, the specialist attempts to print a document to the remote printer, but the print job redirects to the printer connected to the local machine instead. The specialist confirms that printer redirection settings are enabled on both sides. Which setting should the specialist configure to ensure that print jobs sent during the RDP session are processed by the remote printer?
Correct Answer: A. Disabling local printer redirection through the group policy ensures that print jobs initiated within the RDP session are directed to the remote printer instead of the local one. This prevents the session from defaulting to local resources. Enabling the “Use default printer only” (B) option is a local RDP client setting that would restrict printing to the client’s default printer, which is not desired in this case. Selecting the “Remote devices” checkbox (C) allows access to USB and other peripherals, but it does not specifically address printer redirection issues. Adding the remote printer to the local machine’s settings (D) is not a viable solution since the goal is to use the remote printer natively within the RDP session, not redirect it to the local environment.
44. A user reports an issue where their desktop computer intermittently freezes while accessing shared files on a network drive. The technician documents the problem in the ticket as, “User unable to access shared network files.” After troubleshooting, the technician discovers that the issue is specifically related to the network drive mapping dropping randomly due to a timeout setting on the server. What would be the most appropriate way to update the problem description to provide clear and concise communication for future reference?
Option (C) is correct because it clearly describes the specific condition under which the issue occurs (intermittent freezing), identifies the cause (drive mapping drop), and provides the exact reason (server timeout). This level of clarity ensures that anyone reviewing the ticket in the future will understand the context and know exactly where to focus their troubleshooting efforts. Option (A) is incorrect because while it mentions intermittent freezing, it does not specify that the issue is related to drive mapping drops, which could lead to misdiagnosis. Option (B) is incorrect because stating “the issue seems to be linked” introduces uncertainty and lacks the precise identification of the root cause. Option (D) is incorrect because it broadly categorizes the issue as a connectivity problem, which could be misleading and would not guide a technician toward the actual server timeout problem.
45. A technician receives a support ticket stating that a user’s computer was recently infected by a malware downloader after they visited an unfamiliar website that offered a free PDF converter. The malware was successfully removed, and the system has been restored. Which of the following is the best method for educating the user to prevent similar incidents in the future?
Correct Answer: A. The best method to educate the user is to advise them to avoid downloading free software from untrusted websites and explain the risks of drive-by downloads, making Option (A) the correct answer. Educating the user about the potential dangers of untrusted sites and the mechanics of how drive-by downloads work is crucial for preventing future infections. Option (B), setting up parental controls, is not appropriate in a professional environment and does not educate the user on safe downloading habits. Option (C) may prevent some unwanted content but does not address the root problem of user behavior and judgment. Option (D) overly restricts functionality and does not educate the user, making it impractical and counterproductive in a professional setting.
46. An IT staff member is called to investigate suspicious activity on an employee’s desktop where software that violates company policy has been installed. During the investigation, the staff member notices that the computer's hard drive contains encrypted files and potentially illegal content. The IT staff member immediately secures the desktop and initiates a chain of custody protocol by completing a chain of custody form. Which of the following would be the most critical information to document at the start of the chain of custody?
The correct answer is (C) because establishing a chain of custody requires accurately recording the time and date of the discovery, the identity of the person who found the potential evidence, its precise location, and how the item was secured. This information forms the foundation of the chain of custody and ensures that evidence integrity is maintained from the start of the investigation. Answer (A) is incorrect because while the name of the reporter may be useful, it is not critical to the chain of custody documentation. Answer (B) is incorrect because documenting the software or file names without securing and accounting for the evidence first can lead to potential loss or contamination of the evidence. Answer (D) is incorrect because while suspect usernames and file metadata may be relevant, these details are secondary to ensuring the evidence’s physical security and tracking its handling. Proper chain of custody documentation ensures that every step of evidence handling is accounted for, thus preserving its admissibility in legal or internal investigations.
47. A user is working remotely and connects to the corporate VPN using their Windows 10 machine. They are able to access internal corporate resources but notice that all internet browsing is significantly slower than normal. The IT department confirms that the corporate network is not experiencing any bandwidth issues. Other users on the VPN do not report this problem. The user has verified that their home internet speed is normal when disconnected from the VPN. What is the most likely cause of this issue?
Correct Answer: A. The most likely cause of the slow internet browsing is that the VPN client is routing all traffic, including internet traffic, through the corporate network (A). This is a common VPN configuration known as "full tunneling," where all traffic passes through the VPN, which can cause slowdowns for non-corporate resources like internet browsing. Since other users are not reporting the issue and the user’s home internet speed is normal when disconnected from the VPN, this configuration is likely the cause. ISP throttling (B) is possible but less likely, especially since the user’s internet speed is fine when disconnected from the VPN. An incorrect encryption protocol (C) could affect performance but would likely affect all users similarly. A misconfigured network adapter (D) would cause broader issues, not just slow internet browsing when connected to the VPN.
48. A user is upgrading their personal laptop from Windows 10 Home to Windows 11. The user has a large number of custom application settings, desktop shortcuts, and browser preferences they want to retain. However, they are concerned about potential data loss during the upgrade. What is the most effective way for the user to ensure their files and preferences are preserved during the upgrade?
The correct answer is A. Using File History allows the user to back up their personal files, including important folders like Documents, Music, Pictures, and Desktop, to an external drive. This ensures that even if the upgrade process encounters an issue, the user's files are safely backed up and can be restored. While the upgrade process (B) is generally reliable for retaining settings and preferences, creating a backup provides an additional safety net in case of failure. Manually exporting bookmarks and settings (C) would cover only a subset of the user’s data and preferences, leaving other important files unprotected. Windows Backup and Restore (D) is more complex and not necessary for this scenario, as File History is sufficient for backing up user data. Therefore, using File History (A) is the most effective and straightforward method.
49. A technology firm has deployed fingerprint scanners for access to its secure data center. Recently, some employees reported frequent access denials even though they were using the correct finger for authentication. Upon further investigation, the IT security team found that the issue was more common during the winter months. What is the most likely cause of these access failures, and what is the best solution to ensure reliable access?
Correct Answer: B. The most likely cause of access failures is that cold weather causes skin dryness and minor changes in fingerprint patterns (B), making it difficult for the scanner to recognize the prints accurately. Using moisturizing solutions or applying special coatings to the scanners can help improve contact and minimize recognition errors. Option A is incorrect because the scanner’s sensors are not typically affected by ambient temperatures, and adding heaters would not address skin dryness. Option C incorrectly focuses on recalibration, which would not solve the underlying issue of skin condition changes. Option D, while possible, would result in a consistent issue whenever gloves are worn, rather than the sporadic failures described. Thus, B is the most appropriate and detailed solution for the problem.
50. A technician has updated Group Policy settings on a domain controller to enforce stricter password requirements. To verify that the changes are applied immediately on a user’s workstation, the technician asks the user to run the gpupdate command. However, after running the command, the user is prompted to log off before the changes take effect. What likely caused this prompt, and what could the technician have advised the user to do differently?
Correct Answer: A. Password policies, when changed via Group Policy, often require a logoff to fully apply to the user session. Option A is correct because running gpupdate /force forces the reapplication of all policies, including password policies, which typically prompts for a logoff to take effect. Option B (gpupdate /sync) would only force synchronous processing during login or startup, but in this case, the user is already logged in. Option C is incorrect because password policies typically do not require a system restart—only a logoff is necessary. Option D suggests that password policies always require a logoff, which is true when using certain commands, but the focus here is on how the gpupdate /force command prompts the logoff. Therefore, the correct explanation is option A.
51. A technician is asked to troubleshoot a computer that has been experiencing frequent file corruption and slow boot times. The technician suspects that the issue may be related to the integrity of the file system on the computer's hard drive. The technician attempts to run chkdsk, but the drive is currently in use. What is the best course of action to ensure that chkdsk runs properly and repairs any detected issues?
Correct Answer: B. When a drive is in use, chkdsk cannot repair errors on that drive unless it is dismounted or the system is restarted. Option B is correct because using the chkdsk /r command followed by a system restart ensures that the drive check occurs during the boot process, before the operating system fully loads, allowing for full file system and bad sector recovery. Option A (chkdsk /f) only fixes file system errors, but since the drive is in use, it will prompt for a restart or refuse to run immediately. Option C (chkdsk /x) forces a dismount, but this could disrupt system stability if files are currently in use, and it does not perform a complete check for bad sectors. Option D (chkdsk /f /r) combines file system repair and bad sector recovery, but it cannot be run while logged in and the drive is in use; a restart would still be required. Therefore, option B provides the most practical and effective solution.
52. An IT technician is using a script to remap network drives on several workstations after a server migration. The script should first remove any existing mappings and then connect to the new server paths. During testing, the technician finds that although the old mappings are removed, some workstations fail to connect to the new paths, and users are left without access to their shared folders. Which of the following should the technician implement in the script to ensure successful remapping for all users?
Correct Answer: D. The issue is likely due to network services not being fully initialized on some workstations when the script runs, resulting in failed connections. Implementing a loop to retry the mapping commands (D) ensures that even if the initial attempt fails, the script will continue to try until the connection is established, providing reliable remapping. Option (A) is incorrect because using the /persistent:yes switch only ensures that the mappings are retained after a reboot but does not address failed initial mappings. Option (B) is incorrect because listing the server paths does not resolve the connection issue. Option (C) is partially correct as adding a delay can help, but it does not guarantee that the connection will succeed if network services remain unstable, making a retry loop the better solution.
53. An investment firm uses hard tokens as a second factor for remote access to its internal network. Each employee is issued a unique token that generates a time-sensitive code, which must be entered along with their username and password. Recently, an employee reported losing their hard token while traveling. What is the most appropriate immediate action that the IT team should take to prevent unauthorized access, and what should be done to issue a new token?
Correct Answer: A. The best immediate action is to disable the lost token in the authentication system and issue a temporary replacement token (A). This ensures that the lost token cannot be used for unauthorized access, while still allowing the employee to maintain access to the internal network with minimal disruption. Option B, restricting access and using email-based authentication, is not a secure alternative because email is not as strong as a hard token for multifactor authentication. Option C, revoking the user’s credentials entirely, would disrupt productivity and is unnecessary if the issue is only with the lost token. Option D suggests using single sign-on (SSO), which could weaken security by removing the need for a second factor. Therefore, A is the most appropriate response.
54. An IT administrator has deployed a Group Policy Object (GPO) to enforce password complexity requirements across the organization. However, several employees in the Marketing department report that they are still able to set passwords that do not meet the required complexity, such as using only lowercase letters. Upon reviewing the GPO settings, the administrator confirms that the policy is correctly configured and linked to the appropriate Organizational Units (OUs). What is the most likely cause of the issue, and how should the administrator resolve it?
Correct Answer: C. The most likely issue is that the password complexity policy is defined in the Default Domain Policy (C), which has a higher precedence over other GPOs. In Active Directory, the Default Domain Policy is applied to all domain users and takes precedence for password settings unless specifically overridden. Therefore, the administrator should modify the Default Domain Policy to include the new complexity requirements. Option A, a permissions issue, would prevent the GPO from applying entirely, not just for specific settings. Option B suggests a higher-priority GPO, but password settings are typically defined at the domain level, not OU-specific. Option D incorrectly attributes the issue to local administrator rights, which do not override domain-level password policies. Thus, modifying the Default Domain Policy (C) is the most effective solution.
55. A remote sales manager complains that their Windows 11 laptop takes an unusually long time to load the user profile after login, displaying a “Preparing Windows” message for several minutes. The issue began after the company recently moved their roaming profiles to a new file server. Other users who access the same server report no issues. Upon checking the network settings, the technician finds that the user’s DNS server is set to an external DNS provider instead of the company’s internal DNS server. What should the technician do to resolve this issue?
The correct answer is A). Slow profile loading can be caused by the system’s inability to properly locate the roaming profile path if the DNS configuration is incorrect. Since the user’s DNS server is set to an external provider instead of the internal DNS, changing the DNS server to the company’s internal DNS (A) will enable proper resolution of internal network resources, including the roaming profile server, resolving the slow profile load issue. Deleting and recreating the user’s profile (B) might temporarily fix the issue but does not address the root cause, which is a DNS misconfiguration. Using gpupdate /force (C) refreshes policy settings but won’t fix the network resolution issue. Reconfiguring the profile path (D) is unnecessary if DNS is correctly set. Thus, changing the DNS to the internal server (A) is the correct solution.
56. A system administrator is working on a Linux server and needs to create a new directory, move some files into it, and then verify that the files were moved correctly. Which sequence of terminal commands should the administrator execute to achieve this?
Correct Answer: A. The correct sequence of commands is mkdir /newdir; mv /file1 /file2 /newdir; ls /newdir (A). This sequence first creates the new directory with mkdir, moves the files file1 and file2 to the new directory using mv, and then lists the contents of the new directory using ls to verify that the files were moved successfully. Option B uses the touch command, which is used to create a new file, not a directory. Option C unnecessarily uses both cp (copy) and rm (remove) to duplicate and delete the files, instead of simply moving them. Option D incorrectly uses rmdir, which deletes directories, making it an invalid option. Therefore, option A is the correct set of commands to complete the task efficiently.
57. A technician needs to create multiple subdirectories within "C:UsersAdminDocuments" for storing project files. However, one of the subdirectories contains a space in its name ("Project Files"). The technician attempts to create the directory structure using the md command but receives an error. What modification should the technician make to ensure the command works correctly?
Correct Answer: B. The md command can handle directory names with spaces, but the name must be enclosed in quotes to avoid errors. Option B is correct because using quotes around the directory name ensures that the command interpreter treats "Project Files" as a single directory name, rather than two separate commands or arguments. Option A suggests using a hyphen instead of a space, but this changes the name of the directory and would not meet the requirements, making it incorrect. Option C incorrectly suggests using a forward slash, which is not applicable for directory names in Windows; forward slashes are used for command switches, so this would lead to an error. Option D suggests separating the creation into multiple commands, but that is unnecessary when the correct use of quotes resolves the issue. Therefore, option B provides the correct solution to the problem.
58. A department supervisor requests a review of the assigned users for all desktop computers in their team to ensure that devices are correctly allocated. During the review, a technician finds that some devices are still assigned to employees who left the company several months ago, while other devices have no assigned user listed. The supervisor wants to reallocate these desktops to new hires who recently joined the team. What is the most efficient and effective way for the technician to update the assigned users and ensure proper asset tracking?
Option (A) is correct because unassigning the devices from departed employees and reassigning them to the new hires ensures that the asset management system accurately reflects the current ownership and avoids duplicate records. This approach maintains data integrity and prevents confusion during future audits or when troubleshooting issues related to assigned devices. Option (B) is incorrect because creating new entries and deleting old records disrupts historical tracking and makes it difficult to trace past ownership. Option (C) is incorrect because leaving old assignments creates confusion and could lead to incorrect asset reporting. Option (D) is incorrect because marking devices as “Inactive” when they are still in use leads to inaccurate status information and would complicate tracking the real-time allocation of assets.
59. An IT administrator has deployed a new help desk ticketing system for internal use, which includes a pop-up feature for real-time chat support. However, multiple users report that they are unable to see the chat window when accessing the system through their browsers. The administrator suspects that the pop-up blocker is preventing the window from displaying. How should the administrator configure the browser to resolve this issue while minimizing security risks?
Correct Answer: B. The correct action is to add the specific URL of the ticketing system to the pop-up blocker’s exception list (B). This allows the necessary pop-ups to display while maintaining the pop-up blocker’s protection for all other sites. Option (A) is incorrect because disabling the pop-up blocker entirely can expose the users to unwanted or malicious pop-ups across all sites. Option (C) is not practical, as it requires repetitive user action and increases the chance of users accidentally leaving the pop-up blocker off, compromising security. Option (D) is not a viable solution because most modern browsers have built-in pop-up blockers, and switching browsers does not address the root cause. Thus, (B) is the optimal approach, balancing security with functionality by permitting pop-ups only for the trusted ticketing system.
60. A junior technician is tasked with preparing several high-end graphics cards for shipment to an offsite location. Each card is currently secured in its original anti-static bag. The technician intends to wrap the bags in bubble wrap for extra protection and then place them in a standard cardboard box with foam padding. When the senior technician reviews the packing process, what suggestion should they make to ensure the graphics cards are stored and shipped correctly?
Correct Answer: B. The senior technician should recommend using an anti-static foam insert within the box instead of standard foam padding (B) because it prevents static buildup during transit and provides proper cushioning. Placing a desiccant packet in each bag (A) might help prevent moisture damage but does not address the static risk during handling and shipment. Removing the graphics cards from the anti-static bags and wrapping them directly in bubble wrap (C) is incorrect because bubble wrap can generate static electricity, increasing the risk of ESD damage. Taping the bags closed (D) would only secure the bags but would not prevent static buildup from interacting with standard foam or other non-ESD-safe materials in the box, making (B) the correct option.
61. An employee working remotely connects to a public Wi-Fi network at a local café to access the company’s internal email system. The employee logs in using their credentials, unaware that an attacker is intercepting and altering the data packets exchanged between the employee’s device and the email server. The attacker secretly reads the employee’s emails and captures the login credentials, gaining unauthorized access to the employee’s account. The employee later notices several emails in their sent folder that they did not compose. What type of attack has occurred in this scenario?
The correct answer is (C) On-Path Attack. An on-path attack (previously known as Man-in-the-Middle) occurs when an attacker positions themselves between two parties communicating over a network to intercept, modify, or eavesdrop on their traffic. In this scenario, the attacker intercepted the data packets between the employee’s device and the email server, allowing them to secretly capture login credentials and read emails. This classic on-path attack enabled the attacker to gain unauthorized access without the employee’s knowledge. Option (A) Phishing involves tricking users through deceptive emails, which does not apply here as the attack occurred through network interception. Option (B) Spoofing involves pretending to be someone else to deceive the victim, which is not directly applicable as the attacker did not impersonate another identity. Option (D) Denial of Service (DoS) involves overwhelming a server or network to disrupt service, which is unrelated to this scenario. Therefore, the most appropriate answer is (C) On-Path Attack.
62. A user complains that their desktop computer is being bombarded with numerous pop-up ads and strange outgoing network traffic alerts. The technician suspects that the system may be infected with malware that is trying to communicate with an external server. The technician reviews the system’s software firewall logs and notices repeated outgoing connection attempts from a suspicious executable file. The firewall has been automatically blocking these attempts, but the user still sees abnormal activity. What should the technician do next to prevent further damage?
Correct Answer: D. Quarantining the file using anti-malware software and investigating its origin (D) is the best approach because it allows the technician to isolate the potentially malicious file without deleting it immediately. This action ensures that the malware cannot execute further while enabling detailed analysis. The anti-malware software will flag it and provide information on its origin, making it easier to identify the nature of the malware and understand the full extent of the infection. Option (A), creating a custom firewall rule to block outbound traffic from the executable, is a temporary measure and does not address the root cause. The malware could change its behavior or use a different process to initiate communication. Option (B), disabling the firewall, is highly dangerous as it would allow the malware to connect freely to external servers, leading to data exfiltration or further infection. Option (C), manually deleting the file, could cause additional issues if the file is part of a larger malware package with persistence mechanisms. Without identifying all components, simply deleting it may leave remnants that could reinstall the malware. Therefore, quarantining and investigating the file using anti-malware software is the safest and most comprehensive step.
63. A business executive reports that their iPhone fails to connect to the car’s Bluetooth system after a recent iOS update. The car’s Bluetooth system is fully functional, and other phones connect without issues. The executive relies on this connection for hands-free calling and navigation. The technician has already deleted the existing pairing profile from both the iPhone and the car, but the problem remains. Which of the following should the technician investigate next?
Correct Answer: A. After an iOS update, changes in Bluetooth profiles and security protocols can cause compatibility issues with older devices. Verifying that the car’s Bluetooth system supports the latest iOS profiles (A) is the most logical step, as profile mismatches are a common cause of connection failures after OS updates. Option (B) "Restore the iPhone" is too drastic and may not resolve compatibility issues. Option (C) "Check if the car’s firmware needs an update" is a valid step but should come after confirming profile compatibility. Option (D) "Reboot the car’s infotainment system" is a basic troubleshooting step already ruled out by deleting and re-pairing profiles. Therefore, option (A) is the most appropriate action in this scenario.
64. An IT manager at a company wants to ensure that employees' systems are optimized for multiple monitors during presentations and meetings. The manager requests a system configuration that automatically adjusts screen orientation and projection mode when an external display is connected. Which setting should the technician configure to meet this requirement?
The correct answer is (C). Adjusting the "Project" settings under "System" to default to "Duplicate" mode ensures that when an external monitor is connected, the system will automatically mirror the primary display, which is ideal for presentations. This configuration allows the user to easily share their screen without manual adjustments each time an external display is connected. (A) is incorrect because enabling "Tablet mode" is designed for touch-enabled devices and would not address multi-monitor configurations. (B) is incorrect because configuring custom scaling and layout helps with the resolution and display size but does not address projection modes. (D) is incorrect because configuring "Power & sleep" settings only prevents the system from going to sleep during presentations but does not automate display adjustments when an external monitor is connected.
65. An organization has a legal obligation to retain and restore its clients’ data accurately in case of legal inquiries. To ensure compliance, the IT manager has been asked to implement a backup testing frequency that guarantees the ability to restore data within specific time frames for compliance audits. The current schedule involves performing daily incremental backups and a full backup every Sunday. However, the firm has no formal testing policy in place. What testing frequency should the IT manager implement to provide maximum assurance of compliance without impacting daily operations?
The correct answer is (C) because conducting a monthly full restoration test ensures that the entire backup set can be fully restored, verifying that both full and incremental backups are functioning correctly. The weekly differential restoration test on a subset of data allows the organization to identify any potential data corruption or incomplete backups more frequently without disrupting daily operations. Option (A) is incorrect because weekly full restorations would be too resource-intensive and could impact regular business activities. Option (B) is incorrect because quarterly testing might not be sufficient for compliance, and weekly checksum validations only verify data integrity without testing the restoration process. Option (D) is incorrect because annual full restore tests are inadequate for a compliance-driven environment, and daily verification of the most recent incremental does not provide assurance for the complete backup set. Thus, combining monthly full restoration tests with weekly differential subset tests (C) is the most practical and compliance-focused approach.
66. An organization is setting up Linux-based workstations for its network administrators to manage critical servers and networking equipment. These administrators need a Linux distribution that is known for its high stability and security, particularly for tasks involving network and server management. Additionally, they prefer a distribution that has long-term support, allowing them to maintain consistent environments for extended periods. Which Linux distribution should the organization choose for its administrators?
Correct Answer: B. Red Hat Enterprise Linux (RHEL) (B) is the best choice for this organization because it offers a high level of stability, security, and long-term support, which is critical for managing servers and networking environments. RHEL is specifically designed for enterprise environments, providing robust tools for network and server management, making it ideal for system administrators. Debian (A) is stable and secure but is more often used in general-purpose environments and does not offer the same level of enterprise support as RHEL. Kali Linux (C) is a security-focused distribution designed for penetration testing and ethical hacking, making it unsuitable for general server and network management. Gentoo (D) is highly customizable and efficient, but its complexity and steep learning curve make it less practical for administrators who need to focus on managing systems rather than configuring the OS. Therefore, RHEL (B) is the most suitable distribution for a secure, stable, and long-term-supported workstation in this scenario.
67. An organization recently purchased 50 new tablets for the sales team, which will be used to access the company’s CRM software remotely. During a routine audit, the IT department notices that many of these devices are still running older versions of the operating system because the sales staff often skip OS update prompts. This poses a security risk, as critical patches and new security features are not being installed. Which of the following actions should the IT department take to enforce timely OS updates and ensure all devices are secured against known vulnerabilities?
Correct Answer: A. Configuring the tablets to automatically install OS updates outside of working hours (A) is the best solution because it ensures that all devices are kept up-to-date without interrupting the productivity of the sales team. This approach minimizes the risk of missing critical security patches and addresses the issue of users neglecting manual updates. Sending reminders (B) is not effective because users may still ignore them, leading to delayed updates and continued exposure to vulnerabilities. Enabling a screen lock until users manually approve updates (C) would disrupt normal workflows, causing frustration and potential delays in critical sales operations. Disabling access to the CRM application (D) would also negatively impact productivity and may result in users attempting to bypass the restriction rather than updating the OS. Therefore, option A provides a seamless solution that balances security and usability, ensuring timely updates without user intervention.
68. A legal firm is configuring laptops for its attorneys to handle sensitive client data. Each attorney's device is often carried between the office, courtroom, and various client sites, increasing the risk of theft or loss. The IT manager wants to ensure that even if a laptop is stolen, the data stored on it cannot be accessed without proper credentials. What security measure should be implemented on each device to ensure data-at-rest protection, while still allowing efficient access for authorized users?
The correct answer is A. Full Disk Encryption (FDE) encrypts the entire contents of a hard drive, ensuring that all data stored on the device is encrypted and inaccessible without proper decryption keys. When combined with a TPM, the encryption keys are securely stored and tied to the specific hardware, making it extremely difficult for an attacker to access data even if the hard drive is removed. This ensures strong protection for data-at-rest, which is crucial for devices frequently moved between locations. (A) BIOS passwords and disabling USB ports (B) only add a layer of protection against unauthorized booting or data exfiltration but do not encrypt the stored data, meaning the data can still be accessed if the drive is removed. Configuring a local administrator account with a strong password (C) protects user access but does not prevent physical data extraction if the drive is compromised. Setting up a Windows Firewall (D) is essential for network security but does not provide data-at-rest encryption. Therefore, only FDE with TPM meets the scenario's requirements.
69. A company has decided to standardize all employee laptops to use a specific desktop style that is optimized for productivity. They want the layout to feature multiple virtual desktops, a customizable taskbar, and the ability to snap windows to different portions of the screen. After implementing Windows 10 Enterprise on all systems, an employee asks how to switch between their multiple desktops. What should the IT department instruct the employee to use?
Correct Answer: B. Windows 10 includes a built-in feature called "Task View," which allows users to create and manage multiple virtual desktops. The "Windows + Tab" keyboard shortcut opens the Task View interface, enabling users to switch between virtual desktops and manage open applications (Option B). "Alt + Tab" (Option A) allows users to switch between open applications but does not display virtual desktops. Installing third-party software (Option C) is unnecessary since Windows 10 natively supports virtual desktops. Configuring desktop shortcuts for each virtual desktop (Option D) is incorrect because Windows does not require shortcuts to switch between desktops; this is managed directly through Task View.
70. A startup company deploys several new servers in its data center without installing antivirus software or enabling a host-based firewall. Within a few days, the IT team notices unusual outbound traffic from one of the servers, and an internal investigation reveals that malware has infected the server. The malware is using the compromised server to send out spam emails to external recipients. The IT team determines that the malware was introduced through a malicious file that was inadvertently downloaded by a user on the server. What primary vulnerability contributed to the system being compromised?
The correct answer is (C) Unprotected Systems. Unprotected systems are those lacking basic security measures such as antivirus software or firewalls, making them vulnerable to malware infections and other attacks. In this scenario, the startup did not install antivirus software or enable firewalls on their servers, leaving them exposed to malware introduced through a downloaded file. With no antivirus to detect the malicious software or firewall to block suspicious traffic, the malware was able to operate freely and use the server to send spam emails. Option (A) Unpatched Systems involves missing critical software updates, which is not the issue here as the focus is on missing security software. Option (B) Weak Passwords refer to easily guessable credentials, which did not contribute to this incident. Option (D) Privilege Escalation involves gaining higher privileges than originally allowed, which is unrelated to the initial infection. Therefore, the most fitting answer is (C) Unprotected Systems.
71. An organization has recently transitioned from a workgroup setup to a domain environment. The IT administrator has set up mapped drives for users to access shared folders on a central file server. Some users report that they can access the mapped drive during the day, but after logging off and logging back in, they are prompted for their credentials again. The administrator confirms that the users are logging in with their domain accounts and that the mapped drives are visible but prompting for credentials. What is the most likely cause of the problem?
Correct Answer: B. In a domain environment, drive mapping for shared resources can be managed centrally using Group Policy. The most likely cause of the issue is that the "Drive Mapping" policy has not been properly applied via Group Policy (B), which would cause the mapped drives to prompt for credentials instead of automatically connecting using the logged-in domain account. While permission issues (A) could cause access problems, the fact that the users can access the mapped drive during the day rules this out. If the users were connecting with local accounts instead of their domain accounts (C), they would likely have broader access issues, and not just intermittent prompts. Network discovery (D) is unrelated to credential prompts in this scenario, as it primarily affects visibility and browsing of shared resources rather than authentication.
72. A technician is performing a clean install of Linux on a laptop that has Windows 10 installed. The laptop’s hard drive has multiple partitions, including one for the Windows OS and one for personal files. During the installation process, the technician is asked to select a disk and partition for the new OS. What should the technician do to ensure a proper clean installation of Linux while maintaining the data stored on the personal files partition?
The correct answer is B. To perform a clean installation of Linux while preserving the user’s personal files, the technician should format only the Windows partition and install Linux on it. This ensures that the personal files partition remains untouched. Deleting all partitions (A) would result in the loss of the personal files, which contradicts the goal of preserving data. Installing Linux alongside Windows (C) is not a clean installation, as it would create a dual-boot environment and not fully replace Windows. Merging the personal files partition with the Windows partition (D) is unnecessary and risky, as it could result in data loss and reduce the flexibility of managing the drive’s space. Therefore, formatting only the Windows partition (B) is the correct approach to perform a clean install of Linux while preserving the personal files partition.
Your score is
Restart Exam
