Sorry, you are out of time.
CompaTIA A+ Core 2 Practice Exam 3
Take your exam preparation to the next level with fully simulated online practice tests designed to replicate the real exam experience. These exams feature realistic questions, timed conditions, and detailed explanations to help you assess your knowledge, identify weak areas, and build confidence before test day.
1. A company’s helpdesk receives multiple reports from users that their computers are displaying strange error messages, files are missing, and some applications are failing to launch. Upon investigation, the IT technician discovers that all the affected systems are connected to the same shared network drive. The technician suspects that a virus is spreading through the network. What should the technician do first to contain the spread of the virus and prevent further damage?
Correct Answer: B. Disconnecting the affected systems from the network immediately (B) is the most critical step to prevent the virus from spreading to other machines and shared resources. Since the virus is suspected to be spreading through a shared network drive, isolating the infected computers will help contain the infection and prevent other systems from getting compromised. Option (A), running a full system scan using the antivirus software on one of the infected systems, might identify and remove the virus on a single machine, but it does not address the root cause of the spread and could allow the virus to continue spreading in the meantime. Option (C), performing a system restore, can revert the system to a previous working state, but if the virus has infected the shared network drive, it will likely re-infect the system once it is reconnected to the network. Option (D), disabling the antivirus software, would leave the system even more vulnerable and could lead to further complications. Therefore, the correct response is to immediately disconnect the affected systems from the network to contain the spread of the virus.
2. A technology startup has implemented electronic door locks with keypads to secure its server room. Each authorized employee has a unique PIN code for access. Recently, the security team noticed that multiple unauthorized attempts were made using different PIN combinations on the keypad, but no alerts were generated until the 10th failed attempt. What is the most effective security configuration change to reduce the risk of brute-force attacks on the door lock system, and why?
Correct Answer: A. The most effective security change is to configure the door lock to trigger an alarm after three consecutive failed attempts (A). This setting will provide immediate notification to security personnel in case of a potential brute-force attack and prevent further attempts without detection. Option B suggests a daily PIN reset policy, which is impractical and would not prevent brute-force attempts. Option C focuses on activating a lockout timer after each failed attempt, which would slow down an attacker but would not provide immediate alerts for monitoring. Option D incorrectly suggests switching to proximity card readers, which might reduce brute-force attacks on keypads but introduces other vulnerabilities such as card cloning. Therefore, option A is the most effective and practical security configuration change.
3. A user reports that their computer is running slowly, and strange icons have appeared on the desktop for applications they did not install. The technician suspects a possible malware infection and runs a full scan using an anti-malware tool. The tool identifies several potentially unwanted programs (PUPs) and a high-severity malware called “Rootkit.Agent.” However, the anti-malware tool is unable to remove the rootkit. Which of the following should the technician do next to effectively remove the rootkit from the system?
Correct Answer: A. Disabling System Restore, booting from a clean external media, and using a dedicated rootkit removal tool (A) is the best approach for effectively eliminating a rootkit. Rootkits are sophisticated malware that embed themselves deep within the operating system, often hiding their presence and protecting their processes. Booting from an external media (e.g., a bootable USB drive) ensures that the rootkit cannot interfere with the removal process, as it is not active when the system is scanned outside of its native environment. Disabling System Restore is crucial because rootkits can modify restore points, making it possible for them to be reinstalled after restoration. Option (B), running the anti-malware tool in Safe Mode, may work for certain types of malware, but advanced rootkits can still evade detection even in Safe Mode. Option (C), manually deleting rootkit files, is risky because rootkits disguise their components, making it nearly impossible to manually identify and remove all of them without breaking the system. Option (D), performing a system restore, could be ineffective since rootkits are known to compromise restore points. Thus, the most effective solution is to boot from an external, clean environment and use a specialized rootkit removal tool.
4. A user has reported that their Windows computer is experiencing issues after a recent update. The IT department suspects that the update may have changed the operating system version or build number, causing compatibility problems with certain drivers. To verify whether the system version has changed, the technician needs to compare the current build number with the previous one recorded before the update. Which command should the technician use to quickly verify the current version and build number of Windows?
Correct Answer: A. The winver command provides a graphical pop-up displaying the current version and build number of Windows. Option A is correct because it allows the technician to quickly see if the update has modified the version or build, which could be causing compatibility issues. Option B (bcdedit) is used to view and modify boot configuration data but does not display version or build information. Option C (sfc /scannow) scans for system file corruption but does not provide version details. Option D (chkdsk) checks the integrity of the file system and hard drive but does not provide information on the Windows version or build. Therefore, winver is the best command to verify if the version has changed after an update.
5. A senior IT support engineer is conducting a training session for a group of new technicians on handling customer interactions. During a role-play scenario, one of the trainees describes a network issue to the mock customer by saying, “Your NIC is probably getting DHCP lease issues, and we may need to check the switch port settings.” The senior engineer stops the trainee and asks him to rephrase the statement without using jargon or acronyms. Which of the following is the most appropriate way to convey the same message in non-technical language?
The correct answer is (B) because it simplifies the message by avoiding complex acronyms like “DHCP” and “NIC” while breaking down the technical details into a straightforward explanation that is more relatable to a non-technical audience. Using phrases such as “network card in your computer” and “device it’s plugged into” helps the customer visualize the components without needing advanced knowledge. Option (A) is incorrect because it still contains terms like “NIC” and “DHCP,” making it unsuitable for customers unfamiliar with networking terminology. Option (C) is incorrect because it continues to use jargon such as “DHCP lease,” “IP conflicts,” and “NIC configuration,” which would overwhelm a non-technical person. Option (D) is incorrect because mentioning “network loop” and “DHCP server” introduces additional technical terms that could further confuse a customer rather than clarify the issue.
6. A technician is troubleshooting a desktop system for an executive at a healthcare firm. During the process, the technician sees multiple open files containing sensitive patient information on the desktop. The executive is not present, and the technician was instructed to only diagnose hardware-related issues. How should the technician proceed while maintaining professionalism and respecting the confidentiality of the data?
The correct answer is (A) because closing the files without reviewing the contents minimizes the risk of accidental data exposure and protects the confidentiality of the patient information. Notifying the executive about securing sensitive files encourages better data-handling practices without compromising privacy. This approach respects both the technician’s scope of work and the executive’s confidentiality obligations. Option (B) is incorrect because opening files that are not directly related to the issue is a violation of privacy, even if done with good intentions. Option (C) is incorrect because making unauthorized copies of sensitive files, even for safekeeping, constitutes a serious breach of confidentiality and could result in disciplinary actions. Option (D) is incorrect because leaving sensitive files open risks further unauthorized access and shows a lack of concern for data security, which is unacceptable in professional environments.
7. A corporate user is concerned that Windows 10 is collecting too much data on their activities, such as the files they open and the websites they visit. The user wants to prevent Windows from collecting this data while still allowing legitimate system and app functionality. What setting should the technician adjust to meet this request?
The correct answer is (A). By navigating to "Privacy" > "Activity history" and disabling this feature, the technician can prevent Windows from tracking the user’s activity, such as opened files and visited websites, while allowing normal system and app functionality to continue. Clearing the existing data ensures that no past activity is stored. (B) is incorrect because turning off "Diagnostics & feedback" affects system-level data collection for troubleshooting and performance improvements but does not address the user’s concern about activity history. (C) is incorrect because enabling "Speech recognition" focuses on voice-based interactions and does not reduce data collection related to text-based activities. (D) is incorrect because disabling "Sync settings" only affects data shared across devices, not the local tracking of activities on the current device.
8. An employee reports to the IT department that they cannot locate their company-issued smartphone, which contains sensitive corporate information. Fortunately, a locator application had been installed and configured on the device prior to its loss. After accessing the locator app from a desktop, the IT technician notices that the phone is moving along a route consistent with public transportation. To prevent data theft while attempting to recover the device, which of the following should the IT technician do first?
Correct Answer: A. Remotely locking the device and displaying a contact message (A) is the best initial step in this scenario. Locking the device prevents unauthorized access to sensitive data while displaying a message allows for a potential honest finder to return the device. This action minimizes the risk of data exposure without immediately erasing important data, which might be necessary to track or recover the phone. Using the locator app to track and follow the device’s movements (B) is not recommended, as it can be risky and may lead to confrontations. Triggering a remote wipe (C) should be reserved as a last resort if recovery efforts fail or if the phone’s movements suggest it is being stolen, as it permanently deletes all data, making recovery less useful. Enabling the alarm feature (D) could alert a thief or cause the phone to be discarded, making recovery even more difficult. Therefore, option A provides the most balanced response by securing the device while maintaining the possibility of safe recovery.
9. A system administrator wants to automate a backup process by copying important files from a specific directory on their macOS machine to an external drive. The administrator prefers using Terminal to write a script for the task. Which command in Terminal would be the most appropriate for copying files from one directory to another, ensuring that all file attributes and permissions are preserved?
Correct Answer: D. The correct command is rsync -a (D). The rsync command with the -a option (archive mode) ensures that files are copied while preserving all file attributes, such as permissions, timestamps, and symbolic links, making it ideal for backup tasks. Option A (cp -R) recursively copies directories but does not preserve all file attributes, making it less suitable for a thorough backup. Option B (mv) moves files instead of copying them, so it wouldn’t leave the original files in place. Option C (scp) is used for copying files over a network using SSH, which isn’t necessary when working locally on a macOS system with an external drive.
10. A startup has developed a new mobile application that includes code snippets from multiple open-source projects. One of the included libraries is licensed under the Affero General Public License (AGPL), which has strict requirements for source code disclosure, even for applications running on web servers. If the startup wants to monetize the application while keeping the core codebase closed-source, which of the following strategies should be used to ensure compliance?
The correct answer is (A) because the AGPL license extends the requirement to disclose source code to applications that use the licensed software over a network, meaning that the startup would need to make the entire application’s source code publicly available. To maintain a closed-source model, the AGPL library must be replaced with one under a more permissive license, such as BSD, MIT, or Apache. Answer (B) is incorrect because using the AGPL library even in a limited context like testing does not exempt the startup from the AGPL’s requirements if the software is eventually used in production. Answer (C) is incorrect because distributing the application without modifying the AGPL library still triggers the disclosure requirement. Answer (D) is incorrect because while a commercial license could be negotiated, it would still depend on the authors’ willingness, which may not align with the startup’s timeline or budget. Proactively choosing a compatible license is the most effective way to ensure compliance.
11. A user reports that their Windows 10 system is unstable after installing new software, with frequent crashes during normal operation. The IT technician needs to diagnose whether the problem is caused by third-party services or drivers. Using System Configuration (msconfig.exe), what is the best troubleshooting method to help isolate the issue while allowing the system to boot normally?
Correct Answer: A. The best troubleshooting method is to use the "Selective startup" option and disable all non-Microsoft services (A). This allows the system to boot with only essential Microsoft services, helping to determine whether third-party services or drivers are causing the crashes. Enabling "Safe boot" with networking (B) would start the system in a minimal state but would disable many standard services and drivers, making it less effective for testing normal system operation. Enabling "Normal startup" (C) would load all services and drivers, which would not help isolate the issue. "Load basic devices only" (D) is not an available option under the Boot tab; instead, minimal boot configurations are managed through Safe Mode settings.
12. A senior manager at an insurance company receives an email that appears to be from the company’s CEO, instructing them to download a new financial report from a provided link. The email has the CEO’s official signature, email address, and corporate logo, making it look authentic. However, the link redirects the manager to a fake login page, which captures the manager’s credentials when they attempt to log in. After entering the credentials, the page displays an error message, and the manager realizes something is wrong. What type of threat best describes this attack?
The correct answer is (B) Spoofing. Spoofing involves an attacker masquerading as a legitimate entity by manipulating email headers, IP addresses, or other identifiers to trick the victim into believing the message is from a trusted source. In this scenario, the attacker crafted an email that appeared to be from the CEO by using the CEO’s name, email address, and corporate branding, making the email look authentic. When the manager clicked the link and entered credentials into the fake page, the attacker captured them. Although Option (A) Phishing could also describe this attack, the primary method used was spoofing the CEO’s identity to trick the recipient. Option (C) Shoulder Surfing involves visually observing someone’s screen or keyboard, which is not applicable here since the attack was digital. Option (D) Denial of Service (DoS) involves disrupting services through traffic overload, which is unrelated. Therefore, the most accurate classification is (B) Spoofing.
13. A macOS user relies on Spotlight to quickly access applications, files, and perform web searches. However, the user notices that Spotlight is returning a large number of irrelevant results from email and calendar entries, making it difficult to find the information they need. How can the user customize Spotlight to reduce irrelevant results and focus on the categories they use most frequently?
Correct Answer: A. The best approach is to open System Preferences > Spotlight and deselect the categories for “Mail & Messages” and “Calendars & Reminders” (A). This allows the user to customize which categories are included in Spotlight searches, helping to reduce irrelevant results. Option B is incorrect because Spotlight does not allow the user to prioritize specific categories for indexing, and manually adjusting the indexing order does not affect search relevancy. Option C is incorrect because using Terminal to edit macOS configuration files is unnecessary when the desired changes can be made easily through the Spotlight preferences. Option D is incorrect because the "Privacy" tab is used to exclude entire drives or directories from indexing, not specific categories like email or calendars.
14. A user is traveling and connects their Windows 10 laptop to a public Wi-Fi network with limited bandwidth. To avoid exceeding their data allowance, the user configures the Wi-Fi connection as a metered network. The user later complains that they are unable to install a critical security update for Windows while connected to this network. The IT department confirms that the update is available but has not been downloaded. What is the most likely explanation for this behavior?
Correct Answer: A. The most likely cause of the issue is that Windows is preventing the automatic download of large updates because the Wi-Fi connection is set as a metered network (A). On metered networks, Windows restricts large downloads, including system updates, to avoid excessive data usage. This is why the critical security update has not been downloaded. Public Wi-Fi restrictions (B) would typically block all Windows Update traffic, but the issue here is specific to metered network settings. The Windows Update settings (C) might allow for manual updates, but the main issue is the limitation imposed by the metered connection. Firewall settings (D) would block updates entirely, not just restrict automatic downloads.
15. An IT support specialist is asked to help a user who is experiencing echo and feedback during video conference meetings when using a third-party video-conferencing tool. The issue occurs regardless of whether the user is wearing a headset or using the built-in speakers and microphone. The support specialist has verified that there are no other audio devices connected, and the audio drivers are up-to-date. What is the most appropriate setting change to eliminate the echo and feedback?
Correct Answer: A. Enabling the “Echo Cancellation” option (A) is the correct solution, as this feature is specifically designed to prevent echo and feedback by suppressing repeated sounds that loop through the speakers and microphone. Lowering the input volume for the microphone (B) might reduce sensitivity but would not eliminate the underlying feedback issue. Switching to “High Fidelity” mode (C) is intended for better sound quality, but it does not address echo or feedback. Using an external USB microphone (D) could help in some cases, but since the issue occurs even with different devices, enabling echo cancellation is the most direct and effective solution.
16. A user receives a certificate warning stating, “The certificate has expired” when trying to access a third-party vendor’s site that the company uses regularly. The user is concerned because they have never encountered this issue before, and the site handles sensitive financial data. Upon inspection, the certificate details show an expiration date that has already passed. Which of the following actions should the user take to maintain security?
The correct answer is (C) because notifying the vendor about the expired certificate ensures that the issue is addressed by the site owner, maintaining the security of sensitive financial data. Avoiding the site until the certificate is updated is the safest option. Updating the system’s date and time settings (A) would bypass the warning but is a security risk, as it undermines certificate validation. Accepting the expired certificate (B) would expose the user to potential security threats if the certificate is compromised. Adding an exception (D) would similarly allow access, but it does not address the fact that the site is using an expired certificate, which could indicate negligence or a potential security breach.
17. A desktop support technician needs to write a script that remotely restarts multiple workstations after software updates are deployed. The script must ensure that any unsaved work is saved automatically before restarting. However, after running the script, several users report losing unsaved documents. Which of the following should the technician implement in the script to prevent data loss and ensure a smooth restart?
Correct Answer: D. The issue is that the script does not save unsaved work before restarting, leading to data loss. Using a script that sends the Save command (D) ensures that open applications save their data before the restart is triggered, preventing loss of unsaved documents. Option (A) is incorrect because taskkill /f forcefully closes applications, which could result in unsaved data being lost. Option (B) is incorrect because using msg only notifies users to manually save their work but does not automate the process, which defeats the purpose of automation. Option (C) is incorrect because the shutdown /r /f command with a delay does not handle saving unsaved work, and forcefully restarting can still cause data loss if users do not act in time.
18. An engineering firm has recently started providing laptops to its employees for remote work. Due to the nature of the work, these devices contain highly sensitive proprietary designs and project data. The firm is concerned about the potential theft or loss of these devices while employees are traveling. As a security measure, the IT manager wants to ensure that these laptops are physically protected when left unattended in public spaces, such as coffee shops or client sites. What is the most effective method to prevent unauthorized removal of the laptops?
The correct answer is A. A cable lock physically secures the laptop to a fixed object, such as a table or desk, making it difficult for someone to quickly grab and walk away with the device. This method is particularly useful in public or semi-public spaces where employees may be working remotely, as it prevents casual theft. (A) Option (B) enables BitLocker encryption, which protects the data if the laptop is stolen, but does not prevent the device itself from being taken. (B) Option (C) restricts access to BIOS settings but does not address physical security and will not stop a thief from stealing the hardware. (C) Option (D) implements GPS tracking, which can help recover a stolen laptop, but does not physically prevent theft in the first place. Thus, using a cable lock is the most effective and practical solution for securing the hardware in the given scenario.
19. A technician is called to disassemble an aging laser printer to replace a broken fuser unit. While removing the outer casing, the technician notices a large amount of toner dust scattered inside the printer. Concerned that disturbing the toner could release harmful particles into the air, what personal safety equipment should the technician use before proceeding?
Correct Answer: A. The technician should wear an air filtration mask specifically rated for fine particulate filtration (A) because toner dust is extremely fine and can easily become airborne, posing a respiratory hazard if inhaled. An anti-static wrist strap (B) is used for ESD protection, which is not the primary concern here. Rubber gloves (C) only protect the skin and would not address the inhalation risk posed by the toner dust. Covering components with a damp cloth (D) is not a safe practice in an electronic environment and can lead to other issues, such as moisture damage. Wearing a mask that is properly rated for fine particulates is the best safety measure to prevent inhalation of toner dust.
20. A technician is troubleshooting a Windows 10 PC that is randomly rebooting due to suspected hardware or driver issues. The technician wants to configure the system to prevent it from automatically restarting upon a system failure, in order to analyze the error messages displayed during a crash. Which action should the technician take in the "System" Control Panel to change this setting?
The correct answer is (B) Open "System," click "Advanced system settings," navigate to the "Startup and Recovery" settings, and uncheck "Automatically restart." This will prevent the system from rebooting automatically upon a failure, allowing the technician to view the blue screen error message and analyze the cause of the crash. This setting is essential for troubleshooting issues related to hardware or drivers because it prevents the system from bypassing important error information. Option (A) is incorrect because disabling automatic restarts in "Device Manager" is not applicable for this kind of system failure; the restart option in "Device Manager" applies only to individual device issues, not system-wide crashes. Option (C) is incorrect because disabling restore points in "System Protection" does not affect how the system responds to crashes, and restore points are generally beneficial for system recovery. Option (D) is also incorrect because adjusting power settings affects how the system handles power management, not system crashes or failures.
21. A company has recently upgraded to a domain environment, and an IT technician has configured a file server that is shared across multiple departments. After joining all computers to the domain, the marketing department reports that they cannot access the shared drive on the file server, but the accounting department can access it without any issues. The marketing department can ping the file server and can access other domain resources without issues. What is the most likely cause of the problem?
Correct Answer: B. In a domain environment, access to shared resources such as file servers is managed through security groups and Active Directory. The most likely cause of the issue is that the file server's permissions have been set to allow access only to the accounting department's security group, preventing users in the marketing department from accessing the shared drive (B). This is common in organizations where different departments have access to different resources based on security policies. While placing computers in the correct Organizational Unit (OU) (A) can affect group policies and management, it would not directly control file server access unless specific policies were applied, making (A) less likely. If the drive mapping was incorrect (C), the marketing department users would not see the drive at all, but in this scenario, they are attempting to access it. Finally, SMBv1 (D) is an outdated protocol, and most modern environments disable it by default for security reasons. However, the file server and the marketing department would both need SMBv1 to be enabled, which is less likely in a domain that was recently upgraded.
22. An e-commerce company recently experienced a security incident where several employees received phishing emails that appeared to come from the CEO. These emails contained links to fake login pages designed to capture employee credentials. Although none of the employees clicked on the links, the incident raised concerns about the effectiveness of the company’s email security measures. What should the IT security team implement to mitigate the risk of phishing emails and prevent similar attacks in the future?
Correct Answer: A. The most effective solution is to enable Domain-based Message Authentication, Reporting, and Conformance (DMARC) (A). DMARC, along with SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail), helps prevent attackers from sending spoofed emails that appear to come from the organization’s domain. This would reduce the risk of employees receiving phishing emails that seem to be from internal sources, like the CEO. Option B suggests blocking emails containing links and attachments, which would disrupt legitimate communication. Option C, using a password manager, is useful but does not prevent the phishing email from reaching employees. Option D, deleting emails based on content, risks blocking legitimate messages and would not effectively address phishing. Therefore, enabling DMARC (A) is the best solution for mitigating this risk.
23. A company has deployed a custom-built inventory management application on several Windows 10 machines used by the inventory team. However, after a recent update to the application, team members report that they are unable to connect to the central database server, and the application shows a connection timeout error. Upon investigation, the IT administrator finds that Windows Firewall is blocking the updated version of the application, which now uses a new executable name. What is the most appropriate action to resolve the issue and restore connectivity while ensuring the firewall security is maintained?
Correct Answer: B. The correct solution is to add the new executable to the Windows Firewall "Allowed apps and features" list (B). When an application is updated and the executable changes, the firewall may block it because it treats the new executable as a different program. By adding the new executable to the allowed list, the firewall will permit the updated application to communicate with the database server without compromising the security of other applications. Disabling the firewall temporarily (A) might confirm that the firewall is the issue, but it is not a long-term solution and exposes the system to potential threats. Creating a new inbound rule for the old executable file (C) is ineffective because the application uses a new executable, making this rule redundant. Setting the firewall to "Allow all connections" (D) is highly insecure as it bypasses all security controls, leaving the system vulnerable to malicious connections. Therefore, option (B) is the most appropriate and secure solution.
24. A user regularly prints documents from their macOS device to a home office printer using Wi-Fi. Recently, print jobs have been taking much longer to start, and some jobs fail without any error messages. The user checks the Printers & Scanners settings and sees that the printer is still listed as “Idle,” but the print queue shows several jobs as “Pending.” What is the most appropriate troubleshooting step the user should take to resolve this issue?
Correct Answer: A. The most appropriate step is to delete the pending print jobs and restart the printer (A). This clears the printer’s memory and removes any jobs that might be stuck or corrupt, which could be causing the delays or failures. Restarting the printer ensures that it resets and is ready to receive new print jobs. Option B is less likely to resolve the issue because the printer is already connected to the network, as indicated by its “Idle” status. Option C is not as effective because simply pausing and resuming the printer will not necessarily fix the underlying problem if there are corrupt jobs in the queue. Option D is unnecessary at this stage because the printer is still recognized by the system and is listed as “Idle,” meaning driver issues are less likely to be the cause.
25. A marketing firm uses specialized software that was developed for macOS. The firm is expanding and needs to install the software on new workstations, but the company has decided to switch to Windows 11 for the new devices due to hardware availability. The marketing team needs access to the macOS-only software on these Windows machines. What would be the most practical solution to ensure the software can run on the Windows 11 workstations?
Correct Answer: A. The most practical solution is to install a virtual machine with macOS on the Windows 11 workstations (A). This allows the specialized macOS-only software to run within a macOS environment while still using Windows hardware. Virtual machines provide an effective method for running software designed for one operating system on another, especially when no native Windows version of the application exists. Option B is incorrect because Windows compatibility features, such as the troubleshooter, are for running older Windows applications, not macOS software. Option C is impractical because recompiling the software for a different operating system would require access to the source code and significant development work, which is not feasible for most end-users. Option D is also incorrect, as there is no reliable Windows-to-macOS compatibility layer that would allow the macOS application to run natively on Windows. Therefore, using a virtual machine is the most practical solution (A).
26. A graphic designer’s Windows 11 workstation crashes each time they attempt to launch Adobe Photoshop, displaying a “The application could not start correctly (0xc000007b)” error. The technician confirms that all other applications work fine. Checking the system’s Application Event Log shows entries indicating missing .dll files associated with Adobe’s components. What should the technician do first to resolve this issue?
The correct answer is B). The “0xc000007b” error often occurs due to missing or mismatched Visual C++ Redistributable packages, which are critical for many high-end applications like Photoshop. Updating these packages (B) is the best first step, as it addresses the compatibility issue without needing to reinstall the entire application. Uninstalling and reinstalling Photoshop (A) would not resolve the underlying missing dependency problem if the Redistributable packages are still incorrect. Manually reinstalling .dll files (C) is risky and could lead to further instability if not done correctly. Running sfc /scannow (D) repairs system files but won’t fix missing third-party dependencies. Thus, updating the Visual C++ Redistributables (B) is the most appropriate solution.
27. A user needs to troubleshoot a Windows 10 system by accessing configuration files that are hidden by default. However, the user also expresses concern about accidentally modifying protected system files while they work. How should you guide the user to view hidden files in "File Explorer Options" while ensuring they don't inadvertently change critical system files?
The correct answer is (A) Open "File Explorer Options," go to the "View" tab, select "Show hidden files, folders, and drives," and leave "Hide protected operating system files" checked. This allows the user to view hidden files while still keeping protected system files hidden, reducing the risk of accidental modification to critical files. This approach balances the need to view certain hidden files with the need to protect system integrity. Option (B) is incorrect because unchecking "Hide protected operating system files" exposes important system files, which increases the risk of accidental changes. Option (C) is incorrect because there is no "Protected file view mode" in File Explorer Options. Option (D) is incorrect because enabling search for hidden files without displaying them does not address the need for the user to actually view hidden files within File Explorer.
28. A company’s main data center is connected to multiple power sources, but recent fluctuations in the grid have resulted in occasional spikes and dips in power, causing equipment malfunctions and downtime. The network administrator is considering adding surge suppressors to critical server racks to mitigate the impact of these fluctuations. Which of the following criteria should the administrator use when selecting surge suppressors for this high-density data center environment?
The correct answer is (A) because surge suppressors with EMI/RFI (Electromagnetic Interference/Radio Frequency Interference) filtering and high joule ratings are ideal for protecting critical equipment in high-density data centers. EMI/RFI filtering prevents interference from affecting network equipment performance, and high joule ratings ensure long-term protection against frequent power spikes. Option (B) is incorrect because low joule ratings are not suitable for protecting critical servers, and a long power cord would not reduce power interference. Option (C) is incorrect because basic power strips do not offer surge suppression and only provide overload protection, which would not address power anomalies like spikes or dips. Option (D) is incorrect because accommodating non-critical peripherals would not contribute to protecting the main server racks and could increase the risk of overloading the surge suppressor, leading to potential equipment damage.
29. A user attempts to boot their Windows 10 desktop and is greeted with a “No OS Found” message on the screen. The technician checks the BIOS and sees that the hard drive is detected but not set as the primary boot device. The technician changes the boot order to prioritize the hard drive, but the same error message persists. What should the technician do next to restore the system?
The correct answer is A). The “No OS Found” message, despite the drive being visible in BIOS, typically indicates an issue with the Boot Configuration Data (BCD) rather than a physical disk failure. Running the bootrec /rebuildbcd command (A) from a Windows Recovery USB will rebuild the BCD, allowing the system to properly recognize and boot into the OS. Running chkdsk (B) is useful for fixing disk errors but is less likely to resolve a missing or corrupted bootloader. Replacing the hard drive (C) is unnecessary if the issue is limited to the boot configuration. Resetting the BIOS (D) may undo changes, but since the boot order was already verified, it would not address the missing BCD. Thus, bootrec /rebuildbcd (A) is the most appropriate step to restore the OS boot functionality.
30. An IT manager at a manufacturing company is upgrading the organization’s wireless security from WEP to a more secure option due to a recent penetration test that exposed vulnerabilities in the existing network. The company’s budget constraints require using existing hardware that is incompatible with WPA2 or WPA3. The IT manager decides to implement WPA with TKIP encryption to provide a balance between security and compatibility. Shortly after deployment, the manager receives multiple reports of unstable wireless connections and slow speeds across the network. What is the most likely cause of these performance issues?
Correct Answer: C. TKIP (Temporal Key Integrity Protocol) was designed as a quick fix to address WEP vulnerabilities, but it has performance limitations due to its increased overhead compared to AES (Advanced Encryption Standard) used in WPA2. The additional encryption calculations and increased packet size can lead to reduced network throughput and frequent disconnections, especially on networks with high traffic or when using older hardware (Option C). Option A is incorrect because TKIP was specifically developed to be compatible with older hardware, which is why it is used when WPA2 is not an option. Option B is also incorrect as WPA with TKIP does not require unique pre-shared keys for each client; the instability is due to encryption overhead rather than authentication complexity. Finally, Option D is incorrect because while TKIP does use less secure key management compared to AES, the issue with dropped connections is not due to weak keys but rather the protocol’s high processing demands (A-D).
31. A technician is preparing a new SSD for installation in a Windows 10 desktop. The user requests that the SSD be formatted with a file system optimized for performance and modern features, including support for large volumes, advanced error correction, and drive health monitoring. The user also needs to ensure that the file system is fully supported by Windows for a system drive. Which file system should the technician choose for formatting the SSD?
The correct answer is B. NTFS is the most appropriate file system for a system drive in Windows 10. It is optimized for performance, supports large volumes, advanced features like file permissions, encryption, compression, and has built-in support for error correction and drive health monitoring. It is also fully supported for boot drives in Windows. FAT32 (A) is outdated and does not support large file sizes or modern features. exFAT (C) is more suited for external drives and lacks some of the advanced features needed for a system drive. ReFS (D) is designed for data integrity and resilience but is not fully supported for boot drives in most versions of Windows 10, making it unsuitable for this use case. Therefore, NTFS (B) is the best choice for an SSD in a Windows 10 system.
32. A company has implemented a new security policy that requires separate user profiles for administrative and regular user activities on all corporate-owned devices. This policy aims to prevent administrative credentials from being exposed during day-to-day tasks such as browsing the web or accessing email. An IT manager notices that some administrators are still using their admin profiles for routine activities, which increases the risk of privilege escalation attacks. To enforce compliance with the policy and protect the network, what action should the IT manager take?
Correct Answer: A. Using a Group Policy Object (GPO) to restrict administrative profile access to specific administrative tools (A) is the best solution because it enforces the policy by preventing administrators from using their elevated privileges for routine tasks. This configuration ensures that admin accounts can only be used for necessary administrative functions, reducing the risk of exposing high-level credentials to malware or phishing attacks during non-administrative activities. Implementing a network access control (NAC) system (B) to monitor activity is a reactive approach and does not prevent improper use of the profiles. Requiring multi-factor authentication (MFA) (C) is a good security practice but does not address the issue of misusing admin profiles for day-to-day activities. Creating a single high-privilege profile for each administrator (D) contradicts the purpose of the policy by centralizing all privileges in one profile, which increases the risk if those credentials are compromised. Therefore, option A provides the most effective preventive control to enforce compliance with the security policy.
33. A help desk technician is working on a ticket involving a company-wide email outage that is preventing all employees from sending and receiving emails. After spending 30 minutes troubleshooting, the technician determines that the issue is likely related to the email server but does not have the administrative rights or access to confirm this. The technician attempts to contact the on-call server administrator but receives no response. Given the widespread impact of the issue and the inability to resolve it without administrative access, what is the most appropriate escalation action?
Option (B) is correct because escalating to the IT manager is appropriate when a critical service outage affects the entire organization and no immediate technical personnel with the required access rights are available. This ensures that the issue is given top priority and the appropriate resources are allocated to resolve it quickly. Additionally, notifying affected users prevents confusion and keeps the organization informed. Option (A) is incorrect because escalating to Tier 2 without verifying that they have the necessary access or expertise may lead to further delays. Option (C) is incorrect as placing the ticket on hold would unnecessarily prolong the outage and increase its business impact. Option (D) is incorrect because there is no evidence to suggest a security breach; escalating to the security team would divert attention from the root cause and delay resolution of the technical issue.
34. A macOS user installed a paid application through the App Store, but they now need to uninstall it due to compatibility issues with other software. After moving the application to the Trash, the user notices that the App Store still shows the app as "Installed," preventing them from reinstalling it. What is the most appropriate next step for the user to ensure that the application is fully uninstalled and the App Store reflects its status accurately?
Correct Answer: A. The most appropriate solution is to log out and back into the App Store, which will refresh the application list and update the "Installed" status for the uninstalled app (A). This will trigger the App Store to verify the actual installation state of the application on the macOS device. Option B is incorrect because, while a third-party uninstaller may remove residual files, it will not affect the App Store’s recognition of the application's installation status. Option C is incorrect because using the “Storage Management” tool focuses on disk space and file management but does not directly interface with the App Store’s installation records. Option D is incorrect as clearing the App Store cache will not necessarily force the application to update its status as uninstalled; logging in and out is a simpler and more reliable approach to reset the installation state.
35. A mid-sized company recently expanded its operations and acquired a smaller organization with a separate Active Directory (AD) domain. The IT manager wants to merge the new company’s domain into the existing corporate domain to centralize authentication and streamline user management. However, employees in the newly acquired organization are still able to log in to the old domain, which creates confusion and security risks. What is the best approach for the IT manager to integrate the two domains into a single, unified AD structure?
Correct Answer: B. The best approach is to migrate all users, computers, and groups from the acquired domain to the corporate domain using Active Directory Migration Tool (ADMT) and decommission the old domain (B). This method consolidates both domains into a single, unified structure, simplifying user management and reducing security risks. Option A, creating a trust relationship, allows cross-domain access but does not merge the domains, leaving the old domain operational and potentially confusing for users. Option C suggests using the same GPOs, which does not address the core issue of merging the domains. Option D, setting up a new child domain, maintains separation but does not achieve the goal of centralizing authentication. Thus, option B is the most effective solution.
36. A small business network administrator wants to ensure that critical devices such as servers, printers, and network storage always receive the same IP address from the DHCP server. The administrator is concerned that if the IP addresses change, it will cause issues with devices relying on static IP configurations for communication. To achieve this, the administrator decides to use DHCP reservations. What information is needed to configure DHCP reservations properly?
Option A is correct because configuring DHCP reservations requires the MAC address of each device and the IP address that should be reserved for it. The MAC address acts as a unique identifier for the device, allowing the DHCP server to assign the same IP address every time the device connects to the network. This ensures that critical devices always have consistent IP addresses, preventing connectivity issues. Option B is incorrect because the device hostname and default gateway do not play a role in DHCP reservation configuration; the hostname is not used by the DHCP server for IP assignments, and the gateway is a separate network configuration. Option C is incorrect because while the subnet mask and IP range define the scope of DHCP addresses, they are not specific to individual reservations. Option D is incorrect because while IP and DNS server addresses are part of general DHCP configuration, they are not tied to reserving a specific IP for a particular device. Therefore, using the MAC address and desired IP address (A) is the correct approach to implement DHCP reservations.
37. An employee using a corporate-managed iPhone reports receiving frequent security warnings stating, “Your device is at risk! Click here to install the recommended security app.” The warnings appear as system alerts, and the user cannot dismiss them without closing the current app. The device’s settings show that a configuration profile named “SecurityProfile1” was installed recently, but the employee does not remember installing it. What should be the next step to identify and resolve the issue?
Correct Answer: A. Removing the suspicious “SecurityProfile1” configuration profile (A) is the most effective initial step, as it likely contains settings that allow the fake security warnings to appear as system alerts. Configuration profiles can modify system behavior and security settings, making it crucial to eliminate unauthorized profiles. Option (B) might help, but mobile security apps have limited capability to detect configuration profiles, making manual removal more effective. Option (C) is irrelevant because the issue stems from the profile, not app permissions. Option (D) would temporarily disable third-party apps but would not address the root cause if the profile remains active. Thus, removing the configuration profile (A) is the correct action to restore the device to a secure state.
38. A network administrator is setting up a new DNS server for the local network and wants to test if it correctly resolves domain names. They use the nslookup command on a workstation to query several known websites, but the command always defaults to the old DNS server. What should the administrator do to test the new DNS server directly?
Correct Answer: D. In this case, the administrator needs to query the new DNS server directly rather than relying on the default DNS configuration. Option D is correct because using the -server switch with nslookup allows the administrator to specify which DNS server to query, making it the best option for testing the new DNS server. Option A (nslookup followed by the IP address of the DNS server) is incorrect because it would attempt to resolve the IP address as a domain name, not use it as the DNS server. Option B (nslookup /flushdns) is incorrect because nslookup does not have a /flushdns switch; that switch is used with ipconfig to clear the local DNS cache. Option C (ipconfig /release and ipconfig /renew) resets the network configuration, but it does not allow the administrator to directly query a specific DNS server. Therefore, option D is the correct choice to directly test the new DNS server.
39. A user reports that their backup script, scheduled to run every night at 1 AM using Task Scheduler (taskschd.msc), has not been executing for the past week. Upon checking the Task Scheduler history, you find that the task was triggered but did not complete. The system event log shows that the computer was in sleep mode at the scheduled time. What is the most effective change to ensure the backup runs even if the system is in sleep mode?
Correct Answer: B. The most effective solution is to enable the "Wake the computer to run this task" option in the task’s settings (B). This ensures that the system will wake from sleep mode to execute the scheduled backup, resolving the issue without changing the system’s power-saving features. Adjusting the task’s trigger to a different time (A) might reduce the chance of conflict, but it does not guarantee the system will be awake, making this a less reliable option. Modifying the task to run with "Run only if user is logged on" (C) is unrelated to the issue, as it focuses on user sessions rather than system sleep. Setting the system to never enter sleep mode (D) is not recommended, as it sacrifices energy efficiency and is an extreme solution when simply waking the system for the task would resolve the problem.
40. A senior software developer at a technology company uses the Encrypting File System (EFS) on their Windows 10 Pro workstation to protect source code files from unauthorized access. Recently, the developer’s workstation encountered a hard drive issue, and the IT technician had to replace the drive and reinstall the operating system. After restoring the developer’s files from a backup, the developer reports that they cannot access their EFS-encrypted files, even though they are logged in with the same username and password as before. What should the technician do to resolve this issue?
Correct Answer: B. The correct solution is to import the developer’s EFS certificate and private key from the original system backup (B). EFS relies on a unique encryption key tied to the user’s profile, stored in a certificate. When the operating system is reinstalled, even if the same username and password are used, a new profile and corresponding certificate are created, which cannot decrypt the previously encrypted files. Importing the original EFS certificate and private key will restore access to the encrypted files. Using the Cipher command-line tool (A) would require the correct certificate and key to decrypt the files and would not work without them. Adding the developer’s account to the "Administrators" group (C) does not change the encryption context and will not grant access to EFS-encrypted files. Disabling EFS encryption using the file properties menu (D) is not possible without the correct key, so it is not a viable solution. Therefore, option (B) is the only method that will resolve the issue and restore access to the encrypted files.
41. A field technician is on-site to install a new workstation for a user at a law firm. During the installation, the user becomes upset and claims the previous technician promised a different type of setup, stating, “This isn’t what I was told I would get! Are you trying to cut corners?” The technician knows the current setup is exactly what was specified by the service order. How should the technician respond to de-escalate the situation and maintain professionalism?
The correct answer is (B) because suggesting a review of the service order redirects the focus to understanding the documented requirements, shows a willingness to collaborate, and helps clarify the situation without becoming defensive. This approach maintains a positive and solution-oriented tone, reducing the user’s frustration. Option (A) is incorrect because shifting blame to a colleague can create division and increase the user’s dissatisfaction, as it suggests a lack of accountability. Option (C) is incorrect because redirecting the problem to a manager without attempting to resolve it shows unwillingness to engage, and it may further escalate the issue. Option (D) is incorrect because using language like “you’re being unfair” is argumentative and will likely increase the user’s frustration, damaging the technician’s professional relationship with the user.
42. A remote worker connects their laptop to the corporate network using a VPN. The VPN client assigns a dynamic IP address to the laptop. The worker can access all internal corporate resources without issues but cannot access the local printer on their home network. Upon checking the configuration, the worker notices that their home network is set up to assign dynamic IP addresses via a router. What is the most likely cause of the problem?
Correct Answer: D. The most likely cause of the issue is that the VPN client is routing all traffic through the corporate network (D), which is a common VPN configuration known as "split tunneling" being disabled. This setup directs all network traffic, including local traffic, through the corporate VPN, preventing access to devices on the worker’s home network, such as the local printer. The VPN assigning a static IP (A) is unlikely, as VPN clients typically use dynamic IPs to avoid conflicts. An IP conflict (B) would cause more widespread network issues, not just with accessing the printer. The dynamic IP assigned by the VPN (C) does not need to be compatible with the home network because it is only used for internal corporate communication. The issue is purely related to the traffic routing through the VPN.
43. A Windows 11 laptop user complains that their desktop icons, documents, and application settings are missing after a recent system crash. The technician finds that the user is still logging in with their original username but notices that the profile size is significantly smaller than before. The NTUSER.DAT file in the profile appears corrupted. What should the technician do to restore the user’s profile?
The correct answer is A). Renaming the corrupted profile folder (A) forces Windows to create a new profile when the user logs in. After the new profile is created, the technician can transfer the user’s data from the old profile, preserving documents and other personal files while resolving the corruption. Running sfc /scannow (B) only repairs system files and will not fix corrupted profile-specific files like NTUSER.DAT. Manually recreating the NTUSER.DAT file (C) is not feasible and can lead to further complications. Deleting the profile (D) would permanently remove user data that could be recovered. Therefore, renaming the profile and creating a new one (A) is the safest and most effective way to resolve the issue.
44. A user frequently uses their Windows 10 laptop on the go, often forgetting to manually put the laptop into Sleep or Hibernate before placing it in their bag. As a result, the laptop sometimes stays on, draining the battery or even overheating. The user wants to ensure the laptop automatically goes into a power-saving state when the lid is closed but still wants quick access to their session when they open the lid again. Which "Power Options" setting should the user configure to achieve this?
The correct answer is (C) Open "Power Options," click "Choose what closing the lid does," and select "Sleep" for both "On battery" and "Plugged in." This setting ensures that the laptop enters Sleep mode when the lid is closed, conserving power while allowing for a quick resume of the session when the lid is reopened. Sleep mode consumes very little power and allows the user to quickly access their work upon reopening the lid, which is ideal for frequent travelers. Option (A) is incorrect because Hibernate saves more power but takes longer to resume than Sleep mode, which may not be desirable for a user who wants quick access. Option (B) is incorrect because adjusting the hard disk timer does not affect the behavior when closing the lid. Option (D) is incorrect because enabling hybrid sleep affects how Sleep and Hibernate are combined but does not directly control lid closure behavior.
45. An iPhone user complains that their device reboots randomly throughout the day, even when idle. The technician verifies that the iPhone is running the latest iOS version and has not experienced any physical damage. The battery health is reported as 85%, which is within acceptable range. After disabling background app refresh and checking for rogue apps, the issue persists. Which of the following should the technician investigate next?
Correct Answer: D. When a device experiences random reboots without clear software-related causes, reviewing the device logs for panic or crash reports (D) is crucial to identify potential hardware issues. Panic logs can indicate problems such as CPU or memory faults, which may be causing the random reboots. Option (A) "Test in Safe Mode" would only reveal if a third-party app is the cause, but since the issue persists even after disabling background processes, it’s more likely a hardware problem. Option (B) "Restore the device to factory settings" should be a last resort because it involves data loss and may not resolve a hardware fault. Option (C) "Replace the battery" is premature because the battery is within acceptable health, and voltage irregularities would typically manifest differently. Therefore, checking device logs is the most effective diagnostic step, making option (D) correct.
46. An administrator is setting up a secure web server to host internal applications for a finance department. The server certificate is issued by the organization’s internal Certificate Authority (CA). However, when employees try to access the site using the company’s standard browser, they receive a warning message stating that the certificate is not trusted. The administrator needs to ensure that the browser trusts the certificate while maintaining the integrity of the security settings. Which solution should the administrator implement?
Correct Answer: B. The correct solution is to install the internal CA’s root certificate into the trusted root store of all company browsers (B). This action will establish trust for any certificates issued by the internal CA, allowing the browsers to recognize the server certificate as valid. Option (A) is a poor security practice, as bypassing warnings introduces the risk of accepting malicious certificates unknowingly. Option (C) would eliminate the warning, but using a public CA for internal sites is unnecessary and may expose internal infrastructure details to the public. Option (D) is completely insecure, as disabling HTTPS exposes sensitive data to potential interception. Therefore, (B) is the best approach that maintains security and trust within the internal network.
47. A small business wants to repurpose its old desktop computers for use in a public library. The IT administrator performs a standard format on each hard drive to prepare them for reuse. After completion, an external security auditor warns that standard formatting may not be sufficient for data sanitization. If the company wants to ensure that none of its sensitive data is retrievable, what additional step should the IT administrator take before donating the drives?
Correct Answer: A. Standard formatting only removes the file system structure, marking the space as available, but it does not overwrite the actual data, which can still be recovered using basic recovery tools (A). Using a data wiping tool that performs multiple overwrites ensures that any residual data is completely erased, making it unrecoverable even by advanced forensic methods. Option (B) is incorrect because applying encryption after formatting would not remove the original data; it would only mask it temporarily. Option (C) refers to low-level formatting, which can be effective but is typically not available through standard formatting utilities, making it a less practical solution. Option (D) would only reorganize the drive’s structure but would not eliminate existing data, leaving it vulnerable to recovery.
48. A network administrator is using robocopy to move a large amount of data from D:Data to E:DataBackup. The administrator needs to ensure that the copy process is optimized for large files and that retries are minimized to reduce downtime. The administrator also wants to prevent files from being copied unnecessarily if they already exist in the destination folder. What is the most efficient robocopy command for this scenario?
Correct Answer: B. In this scenario, the administrator needs to optimize the copy process for large files and minimize retries. Option B is correct because the /mt:16 switch allows for multithreaded copying with up to 16 threads, significantly speeding up the transfer of large files. The /r:0 switch minimizes retries by specifying no retries in the case of file access issues, and /xo prevents overwriting files that already exist in the destination folder. Option A (/xo /w:5) includes a retry wait time but does not leverage multithreading, making it less efficient for large data transfers. Option C (/mir) mirrors the directory, which includes deletion of files that no longer exist in the source, which is unnecessary for this task. Option D (/e /r:3) includes retries but does not optimize the process for large files, making it less suitable for this scenario. Therefore, option B is the most efficient command for optimizing the copy process.
49. A Linux administrator is responsible for managing a group of workstations in a company. Some of the workstations are running critical applications that cannot tolerate downtime during business hours. The administrator wants to ensure the latest security patches are applied to the systems but also needs to minimize disruptions. What is the best strategy for the administrator to implement regular updates?
Correct Answer: C. The best approach is to schedule regular updates during non-business hours and notify users in advance (C). This ensures that the systems remain secure while minimizing disruptions to critical applications. Option A, enabling automatic updates, could cause downtime if the system restarts during business hours, which may not be acceptable in this environment. Option B, manually applying updates during downtime, is less efficient and prone to human error, as updates may be delayed or forgotten. Option D, applying patches only when a vulnerability is reported, is a reactive approach that leaves the systems exposed to threats for longer periods. Therefore, option C provides the best balance between security and minimizing downtime.
50. A university IT department is responsible for managing over 100 public workstations used by students and faculty members. The IT manager has noticed an increase in malware infections traced back to USB drives that students use to transfer data between personal and university systems. Upon investigation, it was found that AutoRun was still enabled on many of these workstations, causing malware to automatically execute whenever an infected USB drive was connected. The IT manager wants to configure a policy that prevents AutoRun from launching any executable files from removable drives while allowing users to manually access their files. What is the most effective way to implement this solution?
The correct answer is A. Using Group Policy to disable AutoRun for all drives and prevent the execution of autorun.inf files effectively stops malicious scripts and executables from running automatically when a USB drive is connected. (A) This approach allows users to access their files manually without the risk of malware executing automatically in the background. (B) Option (B) blocks all USB access, which disrupts legitimate use of USB drives and is not practical for an academic environment where students need to transfer files frequently. (C) Option (C) relies on Windows Defender, which may not catch all malicious files and does not prevent AutoRun from executing before a file is scanned. (D) Option (D) disables AutoPlay notifications but does not prevent AutoRun from executing in the background, leaving the system vulnerable. Thus, disabling AutoRun through Group Policy is the best solution to mitigate the risk of malware infections without compromising functionality.
51. An IT administrator creates a PowerShell script to perform intensive data processing on multiple servers. The script opens multiple file handles and connections to remote servers for each data set. After running the script, the administrator notices that some servers become unresponsive or crash due to high resource consumption. Upon review, it is discovered that the script does not properly close file handles or terminate connections after use. Which of the following should the administrator add to the script to prevent system crashes?
Correct Answer: A. The issue is caused by the script failing to release system resources, such as file handles and remote connections, leading to high resource consumption and eventual system crashes. Adding finally blocks (A) ensures that all opened resources are properly closed after execution, even if an error occurs, preventing resource leaks. Option (B) is incorrect because running each operation in a new process can increase resource consumption rather than reduce it. Option (C) is incorrect because skipping large files does not address the root problem of failing to release resources. Option (D) is incorrect because Write-Output only logs information and does not directly manage or release resources.
52. A financial services firm’s security policy strictly prohibits the use of jailbroken iOS devices due to potential security risks. During a routine device compliance check, you identify that an employee’s iPhone has been jailbroken, and several core security services such as sandboxing and secure boot are disabled. The employee claims they jailbroke the device to install a productivity app not available in the App Store. What is the primary security risk posed by this jailbroken device on the corporate network?
Correct Answer: B. The primary security risk of a jailbroken device (B) is the ability to gain elevated privileges, bypassing security controls and accessing sensitive corporate data without proper encryption or authorization. Jailbreaking disables core security features like secure boot and sandboxing, allowing malicious apps or attackers to access files that are normally protected. Option (A) is partially true, but bypassing application whitelisting is a secondary risk compared to direct data access. Option (C) is not fully accurate since password policies are managed at the OS level and jailbreaking does not inherently bypass all authentication mechanisms; remote access is a separate concern. Option (D) is not correct because jailbreaking does not directly impact two-factor authentication settings. Thus, gaining elevated privileges to access sensitive data (B) is the most critical risk to the corporate environment, making it imperative to immediately address the non-compliant device.
53. An IT security administrator for a retail company notices unusual network traffic and determines that an attacker is attempting to exploit a known vulnerability in the company’s web server software. The software vendor had released a security patch for this vulnerability several months earlier, but the IT team failed to apply it due to concerns about potential service disruptions. As a result, the attacker successfully gains unauthorized access to customer records through the unpatched system. What type of vulnerability allowed the attack to occur?
The correct answer is (B) Unpatched Systems. Unpatched systems are those that have not been updated with the latest security patches, leaving known vulnerabilities open for exploitation. In this scenario, the company failed to apply a security patch that addressed a critical vulnerability in the web server software. The attacker took advantage of this oversight, resulting in unauthorized access to customer records. Option (A) Weak Passwords involve easily guessable credentials, which is not applicable since the breach occurred through a software vulnerability. Option (C) Misconfigured Access Controls refers to improper permission settings that allow unauthorized users to access restricted resources, but that is not the root cause in this case. Option (D) Phishing Attack involves tricking users into disclosing sensitive information, which is unrelated to exploiting a software vulnerability. Therefore, the best classification is (B) Unpatched Systems.
54. A Linux administrator needs to change the ownership of all files in the /home/shared/ directory to the user project and group developers. The administrator also needs to ensure that the ownership of any subdirectories and their contents is changed recursively. However, they want to receive a prompt before changing each file, in order to avoid any unintended modifications. What command should the administrator use to meet these requirements?
Correct Answer: C. The correct command is chown -R -i project:developers /home/shared/ (C). The -R flag ensures that ownership is changed recursively for all subdirectories and files within /home/shared/, and the -i flag prompts the administrator before modifying each file, allowing for careful oversight of changes. Option A changes ownership only for the files directly within the /home/shared/ directory but does not apply changes recursively, and there is no prompt. Option B correctly applies the changes recursively but lacks the -i flag for prompting, which risks unintended modifications. Option D uses the -v flag for verbose output but does not prompt the administrator before each change, making it less suitable for scenarios requiring confirmation. Therefore, option C is the best choice as it fulfills all the specified requirements, including recursive changes and user prompts.
55. An organization is using an older external hard drive to back up small, frequently accessed files across multiple operating systems, including Windows, macOS, and Linux. They require a file system that allows seamless reading and writing on all these platforms without the need for additional drivers or software. However, the external drive is unlikely to store files larger than 4 GB. Which file system format would be the best option for this requirement?
Correct Answer: B. FAT32 (B) is the best option for this scenario because it is natively supported across multiple operating systems, including Windows, macOS, and Linux, without requiring additional drivers or software. FAT32 allows for seamless reading and writing on all these platforms, making it ideal for sharing files across systems. NTFS (A) is supported by macOS and Linux in read-only mode by default, which would limit its usability unless additional software is installed. HFS+ (C) is primarily used by macOS and would not be as compatible with Windows or Linux. ext4 (D) is mainly for Linux systems and would require special drivers to be fully compatible with Windows and macOS. While FAT32 has a 4 GB file size limit, the organization's requirement specifies that no files larger than 4 GB will be used, making FAT32 (B) the most practical choice.
56. A healthcare organization has implemented fingerprint authentication on all its Windows 11 workstations used by clinical staff to comply with strict security regulations for accessing patient records. Recently, several staff members have reported issues with the fingerprint scanner not recognizing their fingerprints consistently. The IT administrator needs to ensure that biometric authentication remains functional while maintaining strong security. Upon investigation, the administrator finds that the workstations are often used by different staff members throughout the day, causing the biometric system to struggle with multiple user profiles. What should the administrator do to resolve this issue while ensuring compliance with security regulations?
Correct Answer: C. The correct solution is to enable the "Allow domain users to log on using biometrics" policy and ensure each staff member registers their fingerprint (C). By enabling this policy, the administrator ensures that each user's fingerprint is correctly associated with their domain profile, preventing conflicts that arise when multiple users attempt to log in with fingerprints on the same machine. Each user should have a unique fingerprint profile, ensuring smooth operation and compliance with security requirements. Increasing the number of stored fingerprints per user (A) might help, but it does not address the core issue of user profile conflicts. Switching to PIN-based authentication (B) would eliminate the benefits of biometric security and potentially reduce compliance with healthcare security standards. Removing and re-enrolling fingerprints (D) might solve temporary recognition issues but does not prevent the problem from recurring when multiple profiles are used. Therefore, option (C) is the best long-term solution to address the issue and maintain compliance.
57. An IT administrator is configuring a Windows 10 Pro workstation for an employee who regularly uses several resource-heavy applications such as virtual machines, video editing software, and 3D modeling programs. The workstation needs to run these programs efficiently without compromising system performance. Additionally, the employee occasionally needs to test software in isolated environments without risking the stability of the primary OS. Which of the following Windows 10 Pro features should the administrator enable to best meet these needs?
Correct Answer: C. In this case, Hyper-V (C) is the best feature to enable because it allows the creation and management of virtual machines on the Windows 10 Pro workstation. This is particularly useful for the employee who needs to run isolated environments for testing software without affecting the main OS. ReadyBoost (A) is designed to improve performance on systems with limited RAM, but it is not appropriate for resource-heavy applications, especially on a high-performance machine. Task Manager (B) allows users to monitor and manage running applications but does not provide the necessary isolation or resource allocation required for virtual environments. Windows Sandbox (D) is useful for testing software in a lightweight, disposable environment, but it is not as powerful or flexible as Hyper-V, especially for resource-intensive tasks. Therefore, Hyper-V (C) is the optimal solution for this scenario due to its ability to efficiently manage virtual machines and ensure isolation between environments.
58. A technician is setting up a high-end workstation with multiple monitors and additional peripherals in a client’s home office. After configuring the setup, the technician notices that the lights in the room flicker slightly when the workstation is powered on. Concerned about potential power issues, the technician measures the power draw and finds it approaching the limit for a standard 15-amp circuit. What is the best action to take to ensure proper power handling and avoid overloading the circuit?
Correct Answer: A. The correct approach is to relocate some peripherals to a separate circuit (A) to prevent overloading the existing 15-amp circuit, ensuring that the total power draw is within safe limits. This will prevent the risk of tripping the breaker or causing electrical fires due to circuit overload. Upgrading the power strip (B) does not address the root issue because the power strip itself does not increase the capacity of the circuit. Using a lower-wattage PSU (C) is ineffective as it might not provide sufficient power for the high-end components, potentially leading to system instability or damage. Installing an ESD mat (D) is completely unrelated to power handling and would not address the flickering lights or potential circuit overload. The best practice is to ensure that the circuit is not overloaded by balancing the power load across multiple circuits.
59. A company’s end-user termination checklist includes steps for disabling Active Directory accounts, revoking VPN access, and collecting company-owned hardware. After following the checklist for a recently terminated employee, the IT department discovers that the user’s cloud storage account was not deactivated, leading to the unauthorized download of several sensitive files. What is the most effective way to enhance the checklist to prevent similar incidents in the future?
Option (A) is correct because adding a step to the checklist for deactivating cloud storage and external file-sharing services ensures that all potential data access points are covered during the termination process. This approach addresses the gap in the current procedure and ensures that employees cannot access company data after their termination. Option (B) is incorrect because creating a separate checklist complicates the process and increases the likelihood of steps being overlooked. Option (C) is incorrect because automatically deactivating cloud accounts based on Active Directory status may not cover all third-party services, leading to incomplete access control. Option (D) is incorrect because a reminder to review permissions is not a concrete action step and does not guarantee that the issue will be addressed effectively.
60. A technician is performing a clean installation of Windows 10 on a desktop using a USB drive. The technician inserted the bootable USB, but after rebooting the system, it still boots into the existing operating system. Upon reviewing the boot sequence in the BIOS, the technician notices that the hard drive is prioritized over the USB. What is the most effective action the technician should take to resolve this issue and proceed with the OS installation from the USB?
The correct answer is D. The technician needs to adjust the boot order in the BIOS to ensure the system prioritizes the USB drive over the internal hard drive during the boot process. This is the most straightforward and long-term solution. While using the one-time boot menu (A) could temporarily solve the problem, it would require manual intervention every time the system is rebooted, which is not ideal for an installation process that requires multiple restarts. Temporarily removing the hard drive (B) is an overly complicated and unnecessary step that introduces the risk of hardware issues and adds unnecessary complexity. Rebuilding the bootable USB drive (C) is not relevant here because the issue lies in the boot order, not the USB drive itself. Therefore, changing the boot order in BIOS (D) is the most effective and logical solution to ensure a seamless installation from the USB drive.
61. A technician is troubleshooting a desktop computer that has been infected with malware. The system has a recovery partition, and the user agrees to restore the machine to factory settings. However, after starting the recovery process, the technician notices that the recovery partition is corrupted and cannot be used. What is the next best step for the technician to complete the recovery?
The correct answer is D. If the recovery partition is corrupted, the next best option is to use external recovery media, such as a recovery USB drive, that was created earlier to perform the factory reset. This ensures the system is restored to its factory settings without relying on the corrupted recovery partition. Downloading a new copy of the operating system (A) may work, but it doesn’t provide the full factory reset experience with manufacturer-specific drivers and settings, which the user may want. Attempting to repair the recovery partition (B) using third-party tools is risky, as it may not fully restore the partition to its original state and could result in further data loss. Reformatting and recreating the recovery partition (C) would require access to the original installation media, which is not always readily available, and could be more complicated than using existing external recovery media. Therefore, booting from external recovery media (D) is the most reliable solution.
62. A manufacturing company has recently migrated from a workgroup model to a domain-based network to support its growing IT infrastructure. The IT department wants to implement centralized control over user accounts, enforce password policies, and streamline printer sharing across all devices in the factory. What is the primary benefit of using domain-based networking in this scenario compared to a workgroup?
Correct Answer: C. The key advantage of a domain-based network is the ability for administrators to centrally manage user accounts, enforce security policies (such as password requirements), and control resource access (Option C). This centralization improves security and management efficiency, particularly in large environments. Workgroups do not offer this level of centralized control, which is why domains are preferred in larger organizations. While sharing printers and files (Option A) is possible in both domains and workgroups, it is more easily managed in a domain. Automatic file synchronization between devices (Option B) is not a standard feature of a domain network. Accessing any device without configuration (Option D) is incorrect, as domain users may still require specific permissions or configurations for accessing devices or resources on the network.
63. A financial institution has installed retina scanners at the entrance of its secure vault to ensure only authorized personnel can gain access. However, some employees have reported difficulty in getting the scanners to recognize their eyes consistently, especially during different times of the day. The IT team notices that the recognition failure rate is higher for employees who wear contact lenses or glasses. What is the most appropriate configuration adjustment to improve the accuracy of the retina scanners without compromising security?
Correct Answer: A. The most effective solution is to calibrate the scanners to account for variations in eye reflections caused by contact lenses or glasses (A). Retina scanners can sometimes struggle with detecting the unique patterns in the retina due to changes in reflection from lenses. Adjusting the calibration settings will improve the scanner’s ability to recognize employees consistently without compromising the security of the system. Option B, lowering the sensitivity, would reduce security by allowing partial matches, which can increase the risk of false positives. Option C suggests using an override system, which might resolve access issues but could be misused if not properly controlled. Option D suggests switching to facial recognition, which is a significant change in technology and might not provide the same level of accuracy. Therefore, option A is the most suitable choice.
64. A graphics designer complains that their high-end Windows 10 PC, which typically handles resource-intensive applications smoothly, has recently become extremely slow, especially when launching the Adobe Creative Suite. The Task Manager shows a consistent 90-100% disk usage, despite low CPU and memory utilization. The user has not installed any new software or made configuration changes. What is the most likely cause, and which action should the technician take first to resolve the issue?
The correct answer is A). High disk usage, particularly when other resources like CPU and RAM are not heavily utilized, often points to excessive disk I/O operations caused by background services. Disabling the Windows Search and Superfetch services (A) is a well-known troubleshooting step for resolving high disk usage, as these services are often responsible for continuous read/write operations, especially on SSDs. Disk defragmentation (B) is inappropriate here because SSDs do not benefit from defragmentation and it would not reduce disk I/O. While a malware scan (C) is important in cases of performance issues, the scenario states that no new software or configuration changes were made, and high disk usage alone is not a definitive indicator of malware. Increasing the page file size (D) is irrelevant in this scenario, as memory usage is already low, and increasing the page file would not reduce disk usage. Thus, the best approach is to disable the unnecessary services as outlined in (A).
65. A software license for an accounting application used across multiple departments is due to expire in two weeks. The application is critical for processing financial transactions, and any disruption could significantly impact the company’s operations. However, the technician responsible for license management discovers that the software vendor has changed its licensing structure, and the current version will no longer be supported. What is the most appropriate next step for the technician to ensure continued compliance and functionality?
Option (C) is correct because contacting the vendor to clarify the licensing changes ensures that the technician fully understands the implications and options for transitioning to the new version before the current license expires. This proactive approach helps avoid compliance issues and operational disruptions while allowing time to plan for a smooth transition. Option (A) is incorrect because purchasing a new license without understanding the vendor’s new structure could result in unnecessary costs or purchasing an incompatible version. Option (B) is incorrect because waiting until the software stops working could lead to significant operational disruptions, especially given the application’s critical role in financial transactions. Option (D) is incorrect because using a trial version could lead to compliance issues and is not a reliable solution for business-critical software, especially if the trial has limited features or a short duration.
66. A technician needs to find all files within a folder that were modified in the last seven days for a performance analysis. The folder contains thousands of files, and the technician uses the dir command to begin the process. What is the most appropriate dir command to list only those files that have been recently modified, along with their file sizes?
Correct Answer: D. In this scenario, the technician needs to list files modified within a specific time period and include additional details like file size. Option D is correct because /S searches subdirectories, /T:W sorts the files by their last modified (write) time, and /O:D organizes them in date order. This combination allows the technician to find recently modified files in an ordered manner. Option A (dir /T:W) would show files sorted by their write time but without organizing them by date or including subdirectories, making it less useful in a large directory. Option B (dir /O:D) organizes files by date but does not display the last modified time, which is crucial for this task. Option C (dir /S /T:W) includes subdirectories and sorts by last modified time, but without the /O:D option, the files won’t be displayed in date order, making the search less efficient. Thus, option D provides the correct solution for efficiently identifying recently modified files in a large folder.
67. The Chief Financial Officer (CFO) of a medium-sized company receives an email that appears to be from the company’s CEO, requesting an urgent wire transfer to a new vendor for a high-priority business deal. The email contains details about a recent board meeting, mentions specific financial figures, and is signed off with the CEO’s signature. The email domain seems legitimate, and the message demands immediate action due to a supposed tight deadline. The CFO, believing the request is genuine, authorizes the transfer. A few days later, the company discovers that the funds were sent to a fraudulent account, and the CEO confirms that no such email was sent. What type of attack did the CFO fall victim to?
The correct answer is (B) Whaling. Whaling is a targeted phishing attack directed at high-profile individuals, such as executives, with the intention of tricking them into performing actions such as financial transactions. This type of attack often includes detailed information about the organization or ongoing projects to appear more convincing. In this scenario, the email to the CFO appeared to come from the CEO and contained insider details, making it a whaling attack aimed at leveraging the CFO’s authority to approve wire transfers. Option (A) Phishing is a broader term for deceptive emails targeting general employees and not specifically high-ranking executives. Option (C) Impersonation involves pretending to be someone else in person or through direct communication rather than via email. Option (D) Smishing refers to SMS-based phishing, which is irrelevant here since the attack was conducted through email. Therefore, the attack scenario is most accurately classified as (B) Whaling.
68. A user’s Windows 10 workstation has experienced multiple system crashes due to recent software installations. The user asks the technician to resolve the issue without losing any critical data or settings. The technician successfully uninstalls the problematic software and wants to prevent similar issues in the future. Which of the following should the technician do to prepare the system for safe software testing?
Correct Answer: A. Enabling System Restore and creating a manual restore point before installing new or untested software is the correct approach to prepare for software testing, making Option (A) correct. This ensures that if the new software causes issues, the system can be easily restored to a previous state without losing data or configuration settings. Option (B), disabling System Restore, defeats the purpose of creating restore points and would make recovery more challenging. Option (C), configuring automatic reversion, is not a native feature of System Restore and could lead to unintended consequences. Option (D) involves creating a new user profile, which may help isolate user-specific settings but does not provide a system-wide safeguard like a restore point would.
69. A system administrator is unfamiliar with the options available for the chmod command on a Linux server. The administrator wants to view the manual page that provides detailed information about the chmod command, including its options, usage, and examples. Which of the following commands should the administrator use?
Correct Answer: A. The correct command is man chmod (A). The man command opens the manual pages for the specified command (chmod in this case), providing detailed information on its syntax, options, and usage examples. Option B, help chmod, displays a brief summary of the command but does not provide the depth of information that a manual page offers. Option C, chmod --help, also gives a short description of the available options but lacks the comprehensive detail found in the man pages. Option D, info chmod, shows documentation for the command but is less commonly used and structured differently than the man pages. Therefore, option A is the best choice for viewing the detailed manual page for chmod.
70. A network administrator at a small marketing firm receives multiple complaints from employees about intermittent wireless connectivity issues in the office. After using a Wi-Fi analyzer tool, the administrator discovers that several neighboring offices are using the same wireless channel, causing interference and reduced signal quality. To improve the wireless performance, which of the following configurations should the administrator implement?
Option A is correct because the 2.4 GHz band has only three non-overlapping channels: 1, 6, and 11. Switching the router to one of these channels reduces interference from neighboring networks that are on overlapping channels, improving signal quality and reducing connectivity issues. This manual adjustment ensures that the router operates on a channel with the least interference, providing more stable performance. Option B is incorrect because while automatic channel selection might help, it may not choose the optimal channel consistently, especially in environments with fluctuating interference. Option C is incorrect because channels 12 and 13 are not typically used in 5 GHz networks; they are part of the 2.4 GHz band and not non-overlapping, making this choice ineffective. Option D is incorrect because reducing transmission power minimizes signal coverage and may further degrade network performance, instead of resolving interference. Thus, selecting a non-overlapping channel manually (A) is the best solution to eliminate interference and optimize performance.
71. An online retail company is planning to perform a major update to its web servers to improve the site’s load balancing and scalability. This change will result in a temporary service outage. The IT team has suggested scheduling the update during a time of low traffic. To determine the optimal date and time for the change, the project manager reviews the company’s web analytics data, which shows that the fewest users are active between 3:00 AM and 5:00 AM. What should the manager do to ensure that the chosen time is communicated effectively in the change request?
Option B is correct because it uses concrete data to select a time frame that minimizes disruption and clearly communicates the precise window in the change request. Including a specific date and time window based on analytics data demonstrates that the decision is informed by user activity trends, ensuring minimal impact on the business. Option A is incorrect because aligning with reporting cycles may not necessarily minimize traffic impact, and users could still be affected. Option C is incorrect because using the term “overnight” is vague and can lead to confusion about the exact time, potentially causing unplanned disruptions. Option D is also incorrect because making assumptions based on past patterns without verifying current data can result in scheduling at a time when traffic may be unexpectedly high. Therefore, using precise analytics-based timing (B) and specifying it in the request form is the best way to ensure clarity and proper planning.
72. A company implements a synthetic full backup strategy to maintain their servers with minimal disruption. Every Saturday, a full backup is taken, and incremental backups are captured every night. The synthetic full backups are then created at a secondary storage location to avoid impacting the main production servers. One morning, the company suffers a data loss and needs to restore the latest synthetic backup. However, during the restore, the IT administrator notices that the synthetic backup is incomplete. Which configuration oversight is most likely the cause?
The correct answer is (C) because synthetic backups depend on an initial full backup and subsequent incremental backups to create a consolidated synthetic full backup. If the full backup was never synchronized to the secondary storage location, the synthetic backup would be incomplete, as it would be missing the foundational data set required to integrate the incremental changes. Option (A) is incorrect because if the synthetic backup schedule were misconfigured, the backup process would fail to create or would not complete, but the base full backup would still exist. Option (B) is incorrect because lack of disk space would cause a storage error but would not explain an incomplete backup. Option (D) is incorrect because an issue with individual incremental backups would result in missing changes, not a missing full backup, which would manifest differently. Therefore, ensuring that the full backup is correctly synchronized (C) is crucial for maintaining complete synthetic backups.
Your score is
Restart Exam
