220-1202 CompTIA A+ Core 2 2025 Exam Questions and Answers

The best option is to create a lower-security network exclusively for the console. Many retro or legacy gaming consoles only support older Wi-Fi security standards such as WPA or even WEP, and they cannot connect to modern WPA2 or WPA3 networks. Downgrading the entire primary network would significantly weaken overall security, which is not recommended in any environment.

The Quentin Docter – CompTIA A+ Complete Study Guide explains that legacy devices often lack firmware support for modern encryption standards and should be isolated rather than integrated directly into secure networks. Creating a separate SSID with reduced security limits exposure while still allowing connectivity for the unsupported device.

The Travis Everett & Andrew Hutz – All-in-One Exam Guide emphasizes that lowering security settings on a primary router—even temporarily—introduces unnecessary risk. Switching encryption modes back and forth can also cause configuration instability and expose the network during the downgrade window.

The Mike Meyers / Mark Soper Lab Manual further reinforces the concept of network segmentation as a best practice. By creating a dedicated network for legacy or insecure devices, administrators reduce the attack surface and prevent lateral movement to sensitive systems.

Using a wired Ethernet adapter may not be supported by the console, and adding an older router introduces unmanaged vulnerabilities. Therefore, isolating the console on a separate, lower-security wireless network is the safest and most practical solution.

Comprehensive and Detailed Explanation From Exact Extract:

For persistent printing issues due to spooler service, ensure theprint spooler is started and set to Automatic. This maintains print capability across reboots.

FromMike Meyers' Lab Manual:

“If users lose printing capabilities on reboot, the print spooler service must be configured to start automatically and be confirmed as running.”

Comprehensive and Detailed Explanation From Exact Extract:

UPS batteries are heavy and often located at the bottom of racks to maintain balance. Safe removal requires the use of correct lifting techniques to avoid injury. OSHA and workplace safety standards emphasize ergonomic handling when dealing with heavy equipment.

A. Fire suppression readiness is important for fire safety but not specifically relevant to battery removal.

C. Antistatic bags are for electronic components, not heavy battery modules.

D. A face mask is not generally necessary unless there is a chemical leak, which is not indicated here.

Comprehensive and Detailed Explanation From Exact Extract:

NET Framework versions are often required for applications to run. If an older app requires .NET Framework 3.5, it must be explicitly installed as it is not included by default in newer versions of Windows. The best method to do this safely is through the built-in "Turn Windows features on or off" utility, which downloads and installs it via official Microsoft services.

B. Using third-party repositories is unsafe and not recommended.

C. Installing .NET 4 does not include 3.5; versions are not fully backward compatible.

D. The issue is technical, not a security incident for the SOC team.

The first step the CFO should take is to verify the VPN status. When working remotely, access to internal resources such as databases, file servers, and accounting systems typically requires a secure Virtual Private Network (VPN) connection. Without an active VPN tunnel, the application cannot reach internal database servers, resulting in connection errors.

According to the Quentin Docter – CompTIA A+ Complete Study Guide, database connectivity issues during remote work are most commonly caused by missing or disconnected VPN sessions. Internal applications are often restricted to private IP ranges that are inaccessible over the public internet.

The Travis Everett & Andrew Hutz – All-in-One Exam Guide highlights that VPNs are designed to extend the corporate network securely to remote users. If the VPN is disconnected, authentication to internal services will fail even if the application itself launches correctly.

The Mike Meyers / Mark Soper Lab Manual further explains that restarting the PC or updating the application does not resolve network-path issues. Returning to the office is unnecessary if secure remote access is functioning as designed.

Because the error specifically indicates an inability to connect to a database—and not a corrupted application—the most logical and efficient first troubleshooting step is to confirm that the VPN is connected and authenticated.

Comprehensive and Detailed Explanation From Exact Extract:

BitLocker To Go is a Microsoft encryption feature specifically designed for removable drives such as USB flash drives and external hard drives. It allows users to protect the data on these devices by requiring a password to decrypt the contents, thereby preventing unauthorized access in the event the device is lost or stolen.

A is correct because BitLocker To Go is directly tied to password-protecting removable media.

B and C are unrelated to BitLocker To Go; Secure Boot and VPN encryption are entirely different security layers.

D applies to BitLocker (not BitLocker To Go) and full disk encryption on internal drives using TPM.

Comprehensive and Detailed Explanation From Exact Extract:

Whalingis a form of phishing that targets high-profile individuals or involves pretending to be them (e.g., CEOs) to trick lower-level employees into transferring funds or sensitive data.

FromQuentin Docter – CompTIA A+ Study Guide:

“Whaling is a phishing tactic targeting executives or masquerading as one. The attacker crafts emails that exploit authority and urgency to manipulate recipients.”

Comprehensive and Detailed Explanation From Exact Extract:

Facial recognition is a biometric authentication method that ties access to a unique physical feature of the user. Unlike passcodes or pattern locks—which can be easily shared—facial recognition provides a more secure and non-transferable form of access. It also enhances user convenience and is widely supported by modern smartphones.

A. Pattern locks can still be shared and are less secure.

C. Device encryption protects data but does not prevent screen access if a passcode is shared.

D. Multifactor authentication typically applies to app or account access, not basic phone unlocking.

Comprehensive and Detailed Explanation From Exact Extract:

FAT32cannot support files larger than 4GB.NTFSsupports large file sizes and is compatible across Windows systems, making it the correct choice for transferring a 4.57GB file.

FromAll-in-One Exam Guide:

“NTFS is the preferred file system for large file transfers within Windows. FAT32 has a 4GB file size limit, which makes it unsuitable for modern use cases involving large files.”

Comprehensive and Detailed Explanation From Exact Extract:

The scenario involves an application that should retrieve data from a local database server but is failing to do so. This likely indicates a problem in communication between the application and the database server (such as a network issue, port misconfiguration, or service unavailability). The correct troubleshooting approach involves testing the network/service connectivity between the client and the database.

Let’s examine the options:

A. ipconfig:This command displays IP configuration details for Windows systems, such as IP address, subnet mask, and default gateway. While useful for diagnosing general network issues, it does not test service connectivity or the availability of a specific application port/service.

B. nslookup:Used to query DNS servers to resolve domain names to IP addresses. However, since the question references a local server (likely accessed via IP or static hostname), DNS is probably not involved. Also, it does not test application/service availability.

C. netstat:Displays active TCP connections, listening ports, and routing tables. It helps determine whether the local system is listening for or maintaining any network connections, but it does not initiate a connection to test availability. It’s diagnostic but not interactive for service testing.

D. curl:This is the most appropriate tool for this scenario. curl is used to test connectivity to services over protocols like HTTP, HTTPS, FTP, and more. If the application retrieves data via a web interface or API (common in database-driven applications), curl can be used to test if the application can successfully reach and retrieve data from the server. It provides immediate, testable feedback on whether the server and service are available and responsive.

Example usage:

curlhttp://localhost:8080/api/data

This command would test whether a local server's application programming interface (API) is available and responding on port 8080.

CompTIA A+ 220-1102 Reference Points:

Objective 2.4: Given a scenario, use appropriate tools to troubleshoot and support Windows OS issues.

Objective 3.3: Use appropriate tools to troubleshoot and resolve issues.

The CompTIA A+ Core 2 study guide references curl as a useful command-line utility for testing connectivity and troubleshooting application access to services.

===========================

Comprehensive and Detailed Explanation From Exact Extract:

Outdated images and website data often result from cached files in the browser. The Internet Options panel in Windows (specifically under the General tab) allows users to clear browsing history, including cached images and files, which forces the browser to load the most current versions of web content.

A. Administrative Tools is used for advanced system management, not browser settings.

B. Windows Defender Firewall controls network traffic and security rules, not caching.

D. Ease of Access provides accessibility features for users with disabilities — unrelated to web browsing issues.

Comprehensive and Detailed Explanation From Exact Extract:

3G networks generally do not provide the bandwidth required for seamless HD video streaming. With only two signal bars and a 3G connection, the mobile device likely cannot maintain the necessary data throughput, resulting in timeouts or buffering failures. This is a classic symptom of insufficient network speed or signal strength.

A. Lack of Wi-Fi may contribute, but the root cause is the low mobile bandwidth, not the Wi-Fi state.

B. A website subscription lapse would return an account error, not a timeout.

D. Full device storage can affect downloads but not streaming from the internet.

Comprehensive and Detailed Explanation From Exact Extract:

Thepowercfg commandis a built-in utility for controlling power settings including hibernation. It can be used in scripts and does not require domain access.

FromQUENTIN DOCTER - COMPTIA A+ COMPLETE study GUIDE:

“The powercfg command provides granular control of power settings, useful for scripting and configuring systems without Group Policy access.”

The correct answer is A. DLP (Data Loss Prevention), because DLP solutions are specifically designed to detect, monitor, and prevent unauthorized transmission of sensitive data outside an organization. Information exfiltration occurs when confidential data is improperly transferred, leaked, or stolen, either intentionally or accidentally.

According to the Quentin Docter – CompTIA A+ Complete Study Guide, DLP technologies enforce policies that restrict how data can be shared via email, cloud services, removable media, or network transfers. DLP systems can block, quarantine, or alert administrators when sensitive data patterns—such as credit card numbers or personal identifiers—are detected leaving the organization.

The Travis Everett & Andrew Hutz – All-in-One Exam Guide explains that DLP focuses on data protection, not user authentication or device management. While IAM controls access to resources and MDM manages mobile devices, neither directly prevents data from being exfiltrated once access is granted.

The Mike Meyers / Mark Soper Lab Manual reinforces that SAML is an authentication framework and does not monitor data movement.

Because the question specifically addresses information exfiltration, the security control designed to prevent it is Data Loss Prevention, making A the correct answer.

The correct answer is C. Setting up image deployment for PXE, because PXE (Preboot Execution Environment) allows operating system installations and upgrades to be performed over the network without using removable storage. Since all removable media is disabled for security reasons, PXE-based deployment preserves existing security controls while enabling centralized OS upgrades.

According to the Quentin Docter – CompTIA A+ Complete Study Guide, PXE is commonly used in enterprise environments to deploy or upgrade operating systems at scale. PXE works by booting client machines from a network interface and pulling installation images from a secured deployment server.

The Travis Everett & Andrew Hutz – CompTIA A+ All-in-One Exam Guide explains that PXE is especially valuable when USB drives and external media are restricted. It ensures consistency, reduces human error, and maintains compliance with organizational security policies.

The Mike Meyers / Mark Soper Lab Manual reinforces that copying ISO files locally still requires write access and may violate security baselines. External drives are explicitly prohibited, and hardware tokens are authentication tools—not deployment mechanisms.

Because PXE enables secure, centralized, removable-media-free OS upgrades, it is the most appropriate solution, making C the correct answer.

The most likely cause of repeated application installation failures on a work-issued laptop is an incorrectly configured Access Control List (ACL). In corporate environments, security policies are designed to limit what standard users can install in order to reduce malware risk, maintain compliance, and ensure system stability. These restrictions are enforced through NTFS permissions, ACLs, and Group Policy settings.

According to the Quentin Docter – CompTIA A+ Complete Study Guide, ACLs define which users or groups have permission to read, write, modify, or execute files and directories. If a user does not have sufficient permissions to write to protected locations such as C:\Program Files, system folders, or specific registry keys, software installers will fail—even if the installer itself is legitimate and intact.

The Travis Everett & Andrew Hutz – CompTIA A+ All-in-One Exam Guide explains that many organizations intentionally restrict installation privileges to administrators only. This prevents users from installing unauthorized or potentially harmful software. When ACLs are misconfigured or intentionally restrictive, installation attempts may fail repeatedly without clearly stating that permissions are the root cause.

The Mike Meyers / Mark Soper Lab Manual further clarifies that issues like a full browser cache or slow internet speeds typically affect downloads, not the execution of installers. An unformatted hard drive would prevent the operating system from functioning at all, making it irrelevant in this scenario.

Therefore, the repeated installation failure on a work laptop is best explained by incorrectly configured ACLs, making C the correct answer.

Comprehensive and Detailed Explanation From Exact Extract:

Linux is an open-source operating system that is freely available and does not require traditional licensing fees. It is highly versatile and scalable, making it suitable for both workstations and servers. Many enterprise environments use Linux to reduce software costs and benefit from robust server features.

B. Windows requires per-device or per-user licensing for both workstation and server editions.

C. macOS is proprietary and limited to Apple hardware with licensing restrictions.

D. Chrome OS is designed for lightweight devices and lacks server functionality.

Comprehensive and Detailed Explanation From Exact Extract:

Windows 11 features a“Do Not Disturb”mode under Notification settings, which is designed to suppress interruptions during tasks like videoconferencing.

FromQuentin Docter – CompTIA A+ Complete Study Guide:

“Windows 11 introduces Do Not Disturb and Focus Assist under notification settings, enabling users to mute alerts during presentations or calls.”

The correct answer is C. Listen to the customer’s concerns and acknowledge their frustrations, because effective communication and empathy are critical components of professional help desk interactions—especially when customers are upset.

According to the Quentin Docter – CompTIA A+ Complete Study Guide, technicians should always demonstrate active listening, empathy, and professionalism. Acknowledging a user’s frustration helps de-escalate tense situations and builds trust.

The Travis Everett & Andrew Hutz – All-in-One Exam Guide emphasizes that users who feel unheard are less cooperative and more dissatisfied. Before troubleshooting or escalation, technicians should validate the customer’s experience and reassure them that the issue will be addressed.

The Mike Meyers / Mark Soper Lab Manual reinforces that blaming previous technicians or immediately escalating without communication can worsen the situation. Asking technical questions too early may come across as dismissive.

Because the goal is to communicate professionally and effectively, the technician should first listen and acknowledge the user’s frustration, making C the correct answer.

Comprehensive and Detailed Explanation From Exact Extract:

ApplicationsandLibraryare core system directories in macOS. TheApplicationsfolder contains installed applications. TheLibraryfolder contains support files, preferences, and other system-related files.

From theQuentin Docter – CompTIA A+ Complete Study Guide:

“macOS organizes system and user files into several key folders. Among them, Applications and Library are standard system folders where apps and related files are stored.”

Comprehensive and Detailed Explanation From Exact Extract:

In secure or isolated network segments, DHCP may be disabled to reduce the risk of unauthorized device connections or to maintain strict IP assignment control. In such cases, the help desk technician must manually configure IP settings (including IP address, subnet mask, gateway, and DNS servers). This ensures the workstation communicates properly within that segment.

A. DNS server restriction is unrelated to manual IP configuration.

B. Allow lists refer to traffic access, but manual IP assignment is due to lack of DHCP, not allow lists.

D. NAC servers control access but don't replace the need for IP addressing.

The correct answer is C. DDoS (Distributed Denial-of-Service), because the attack involves thousands of compromised machines, commonly referred to as a botnet, generating fraudulent traffic against an online service. Although the activity includes fake purchases, the scale and distributed nature indicate an attempt to overwhelm or disrupt the service.

According to the Quentin Docter – CompTIA A+ Complete Study Guide, DDoS attacks use multiple systems to flood a target with traffic, exhausting server resources and preventing legitimate users from accessing the service. These attacks often involve compromised devices controlled remotely.

The Travis Everett & Andrew Hutz – All-in-One Exam Guide explains that DDoS attacks can take many forms, including HTTP request floods and application-layer attacks that mimic legitimate user actions, such as fake transactions.

The Mike Meyers / Mark Soper Lab Manual clarifies that brute-force attacks focus on credential guessing, spoofing involves identity falsification, and SQL injection targets database queries. None of those specifically require thousands of compromised machines.

Because the defining characteristics here are scale, distribution, and coordinated malicious activity, the correct classification is a DDoS attack, making C the correct answer.

Ticket #8675310

Issue: Limited network connectivity

Resolution: Refresh DHCP

Verify/Resolve: ipconfig /renew

For the Low priority ticket #8675310 (“A small yellow triangle appeared in the taskbar. I am no longer able to access network resources.”), the Windows yellow triangle on the network icon is the classic indicator of limited connectivity (often caused by a bad/expired DHCP lease, APIPA address, missing default gateway, or DNS info not being assigned).

Correct PBQ Selections (Ticket #8675310)

Issue

Limited network connectivity

Why (CompTIA logic):

That yellow warning triangle means the NIC is connected at Layer 2 (link is up), but the system likely doesn’t have valid Layer 3 config (IP/gateway/DNS), so it can’t reach network resources.

Resolution

Refresh DHCP

Why this is the most efficient fix:

When a Windows PC can’t access network resources and shows “limited connectivity,” the fastest, lowest-risk fix is to renew DHCP so the PC can pull:

a valid IP address

default gateway

DNS servers

This directly resolves the most common root cause behind that icon.

Verify / Resolve

ipconfig /renew

Why this is the correct verification/remediation command:

ipconfig /renew is the direct command to request a fresh DHCP lease. After renewal, the user should regain access to network resources if DHCP was the issue.

What this fixes (what you’d expect to see)

Before the fix, the attachment (Output.txt) in these PBQs typically shows symptoms like:

169.254.x.x (APIPA) → DHCP failed

Missing/blank Default Gateway

DNS not present or incorrect

After ipconfig /renew, you should see a normal private IP (like 192.168.x.x / 10.x.x.x / 172.16-31.x.x) and a valid gateway/DNS.

First Chat Response:When the user mentions setting up a new router, the best initial response to maintain a helpful and professional tone is:

>Select reply:"I am happy to assist you today."

Second Chat Response:When the user states that they need to set up basic security settings:

>Select reply:"Is this the first router in your office?"

Third Chat Response:After learning it's a replacement router and the user is logged into the router's web page:

>Select reply:"The first thing you need to do is change the default password."

Fourth Chat Response:For the response about password settings:

>Select reply:"Create a new password with an uppercase, a lowercase, and a special character."

Fifth Chat Response:When the router prompts to reboot:

>Select reply:"Yes, reboot please."

Study Guide Reference: The CompTIA A+ Core 2 guide highlights the importance of changing default credentials and using strong password policies, particularly in SOHO environments where routers are often targeted.

Inbox mail 1 -Account Locked- Phishing - Report email to Information Security

Inbox mail 2 -Share your feedback - Legitimate - Perform no additional actions

Inbox mail 3 –Employee orientation - Legitimate - Perform no additional actions

Inbox mail 4 –Security Update – Spam - Report email to Information Security

Inbox mail 5 –Interview - Legitimate - Perform no additional actions

—

Host 2, Host 3, Host 4 , Host 5 ,Host 6, Host 7, Host 8 , Media Server - Stop All unwanted and malicious service (Persistance.j1zpxn Installer Service) from all the listed host and Media servers

Refer screenshot below on the required service started/stopped on host2, same service to be started and stopped across all host servers.

A screenshot of a computer AI-generated content may be incorrect.

A screenshot of a computer AI-generated content may be incorrect.

1st CLI Resolution

copy "C:\Program Files\Testing\msvcp100.dll" "User-PC02\C$\Windows\System32" /v /y

2nd CLI Resolution

regsvr32 msvcp100.dll

Why These Are the Correct Choices (Exam Logic)

Why the COPY command is first

The error explicitly states MSVCP100.dll is missing

Other users can run the app → the DLL exists on another system

The fastest, least disruptive fix (preferred by CompTIA) is to:

Copy the known-good DLL into C:\Windows\System32

The /v switch verifies the copy, and /y suppresses prompts — both are enterprise-safe defaults

This restores the missing runtime dependency immediately.

Why REGSVR32 is second

After copying a DLL, Windows may not recognize or properly load it

regsvr32 registers the DLL with the operating system

This ensures:

The Testing application can properly call the runtime library

The fix persists after reboot

Issue: Limited network connectivity

Resolution: Refresh DHCP

Verify/Resolve: ipconfig

Issue (drop-down)

Limited network connectivity

Why this matches:

“Internet Down” most commonly indicates the workstation has lost valid Layer 3 connectivity (bad/expired DHCP lease, APIPA address, wrong gateway, etc.). In CompTIA A+ terms, this aligns best with limited connectivity symptoms (can’t reach internet resources).

Resolution (drop-down)

Refresh DHCP

Why this is the most efficient fix:

If the client has:

an expired lease

an APIPA address (169.254.x.x) because DHCP failed

an incorrect IP/gateway from a bad lease

…then the fastest first remediation is to renew DHCP to obtain a correct IP address, default gateway, and DNS servers. This is a standard CompTIA A+ troubleshooting action (quick, low-risk, high-success).

Verify/Resolve (drop-down)

ipconfig

Why this is the correct verification tool:

ipconfig is the primary Windows CLI tool to:

check current IP settings (ipconfig /all)

release/renew DHCP (ipconfig /release and ipconfig /renew)

confirm you received a valid IP + gateway + DNS, which is required for internet access.

What you would do (mapped to those choices)

Using ipconfig to complete “Refresh DHCP” and confirm the fix:

Check current addressing

ipconfig /all

Look for:

Valid IPv4 (not 169.254.x.x)

Valid Default Gateway

DNS servers present

Refresh the DHCP lease

ipconfig /release

ipconfig /renew

Verify outcome

Run ipconfig again to confirm:

You now have a correct IP for the network

Default gateway is populated

If the gateway/DNS populate correctly, internet access typically returns.

The completed configuration:

1. Wireless AP (LAN side)

1. LAN IP: 192.168.10.1

2. Encryption: WPA2 PSK

2. Router (port-forward rule)

1. Allow TCP Any 3389

This forwards inbound RDP traffic (TCP/3389) from the Internet to the Windows PC, enabling Remote Desktop access.

3. Firewall (screened subnet side)

1. LAN IP: 10.100.0.1

4. Device placement

1. PC: place behind the router (where the port-forward rule points).

2. Game console: place on the Wireless AP (so it can use chat and extra services over WPA2 PSK).

3. Firewall: place in front of the screened subnet (with its 10.100.0.1 IP facing that subnet).

The Windows PC is placed in the screened subnet (behind the firewall) for enhanced security. Remote access to this PC requires port forwarding of TCP port 3389 (RDP), which is correctly configured through the router.

The Game Console is placed on the Wireless AP LAN, using WPA2 PSK for a secure wireless connection. Game consoles typically use peer-to-peer chat and online services that require open access without firewall restrictions, which is why the console is not placed behind the firewall.

CompTIA A+ 220-1102 Reference Points:

Objective 3.4: Given a scenario, implement best practices associated with data and device security.

Objective 2.4: Given a scenario, use appropriate tools to support and configure network settings.

Study Guide Reference: CompTIA A+ Core 2 guides recommend using screened subnets (a type of DMZ) for systems needing controlled external access, such as remote desktops, while placing gaming and media devices on less restricted networks for full functionality.