220-1202 CompTIA A+ Core 2 (2026 Exam Update) Questions and Answers

The correct answer is C. SSH (Secure Shell), because SSH is the standard method for secure, command-line-based remote management of network devices, including switches, routers, and firewalls. Network switches typically do not provide graphical interfaces, and administrators interact with them using a command-line interface (CLI).

According to the Quentin Docter – CompTIA A+ Complete Study Guide, SSH is widely used to securely access and manage network infrastructure devices. It encrypts all communication between the technician’s system and the remote device, protecting credentials and command output from interception.

The Travis Everett & Andrew Hutz – CompTIA A+ All-in-One Exam Guide explains that SSH allows administrators to execute commands remotely and capture text-based output, which can easily be copied and shared for documentation or escalation. This makes it ideal for fulfilling requests that involve running commands and returning results.

The Mike Meyers / Mark Soper Lab Manual clarifies that RDP and VNC are graphical desktop-sharing tools typically used for managing workstations or servers, not network switches. WinRM is used for Windows system management, not network hardware.

Because the task involves secure CLI access to a network switch, SSH is the correct and expected tool, making C the correct answer.

After containment and remediation, one of the final steps in incident response is user education. Since the root cause was a phishing attack, it is essential to educate users about identifying phishing attempts, safe browsing practices, and how to handle suspicious communications. This improves overall security posture and helps prevent future incidents.

A. Installing additional tools may be helpful but is a long-term step.

C. Flashing router firmware is not warranted unless the network hardware is known to be compromised.

D. Suggesting more advanced tools might be excessive given that the EDR successfully contained the incident.

The correct answer is C. net use, which is the Windows command-line utility used to display, create, and remove mapped network drives and SMB (Server Message Block) connections. When working remotely through command-line interfaces, technicians often rely on net use to quickly verify which network shares are currently connected.

The Quentin Docter – CompTIA A+ Complete Study Guide explains that SMB is the protocol Windows uses for file and printer sharing, and mapped drives are maintained through SMB sessions. The net use command lists all active connections, including the drive letter, remote UNC path, and connection status.

The Travis Everett & Andrew Hutz – All-in-One Exam Guide highlights that net use is especially valuable for remote troubleshooting because it does not require a graphical interface. This makes it ideal when administering multiple systems via command prompt or remote shell.

The Mike Meyers / Mark Soper Lab Manual clarifies that systeminfo displays OS and hardware details, hostname only shows the system name, and nslookup is used for DNS queries. None of those commands provide information about mapped SMB shares.

Since the task is to verify existing SMB mappings, net use is the only command that directly fulfills this requirement, making C the correct answer.

To display a file’s contents in Linux, the standard command is cat. Quentin Docter states: “Sometime you just need to view the contents of a file. To view the contents of a file, use the cat command,” and shows an example cat /etc/hosts displaying the file output. He also lists essential Linux commands and explicitly defines cat as: “Displays the contents of a file.”

The other options do not meet the requirement: chmod changes file permissions, ls lists directory contents (or file names), and sudo runs a command with elevated privileges—none directly display a file’s contents by themselves. A+ also expects you to know that cat can do more than display; it can concatenate files and redirect output, but for this question the key function is simply viewing a file.

Therefore, the correct command is cat (B).

A cable run under a carpet is vulnerable to compression, bending, and repeated physical stress from foot traffic, which can damage the cable jacket, distort the twists, loosen terminations, or partially break conductors—often showing up as intermittent connectivity. Quentin Docter notes that on a wired network, “other wired issues can include bad or poorly connected cables,” and you should check cabling and connections as a cause of intermittent problems. Putting a cable where people walk on it increases the chance it becomes “bad” over time or develops poor connections, producing the intermittent symptoms described in the answer option.

From a safety/professional practice perspective, Mike Meyers emphasizes that unmanaged cables are “dangerous tripping hazards” and that in business environments cables should be “carefully tucked away… or placed under cable runners,” using “proper cable management.” While that supports hazard reduction, the best reason in this question’s choices focuses on network reliability: repeated walking over the cable can cause intermittent issues. So the correct answer is D.

1st CLI Resolution

copy " C:\Program Files\Testing\msvcp100.dll " " User-PC02\C$\Windows\System32 " /v /y

2nd CLI Resolution

regsvr32 msvcp100.dll

Why These Are the Correct Choices (Exam Logic)

Why the COPY command is first

The error explicitly states MSVCP100.dll is missing

Other users can run the app → the DLL exists on another system

The fastest, least disruptive fix (preferred by CompTIA) is to:

Copy the known-good DLL into C:\Windows\System32

The /v switch verifies the copy, and /y suppresses prompts — both are enterprise-safe defaults

This restores the missing runtime dependency immediately.

Why REGSVR32 is second

After copying a DLL, Windows may not recognize or properly load it

regsvr32 registers the DLL with the operating system

This ensures:

The Testing application can properly call the runtime library

The fix persists after reboot

Ticket #8675310

Issue: Limited network connectivity

Resolution: Refresh DHCP

Verify/Resolve: ipconfig /renew

For the Low priority ticket #8675310 (“A small yellow triangle appeared in the taskbar. I am no longer able to access network resources.”), the Windows yellow triangle on the network icon is the classic indicator of limited connectivity (often caused by a bad/expired DHCP lease, APIPA address, missing default gateway, or DNS info not being assigned).

Correct PBQ Selections (Ticket #8675310)

Issue

Limited network connectivity

Why (CompTIA logic):

That yellow warning triangle means the NIC is connected at Layer 2 (link is up), but the system likely doesn’t have valid Layer 3 config (IP/gateway/DNS), so it can’t reach network resources.

Resolution

Refresh DHCP

Why this is the most efficient fix:

When a Windows PC can’t access network resources and shows “limited connectivity,” the fastest, lowest-risk fix is to renew DHCP so the PC can pull:

a valid IP address

default gateway

DNS servers

This directly resolves the most common root cause behind that icon.

Verify / Resolve

ipconfig /renew

Why this is the correct verification/remediation command:

ipconfig /renew is the direct command to request a fresh DHCP lease. After renewal, the user should regain access to network resources if DHCP was the issue.

What this fixes (what you’d expect to see)

Before the fix, the attachment (Output.txt) in these PBQs typically shows symptoms like:

169.254.x.x (APIPA) → DHCP failed

Missing/blank Default Gateway

DNS not present or incorrect

After ipconfig /renew, you should see a normal private IP (like 192.168.x.x / 10.x.x.x / 172.16-31.x.x) and a valid gateway/DNS.

The completed configuration:

1. Wireless AP (LAN side)

1. LAN IP: 192.168.10.1

2. Encryption: WPA2 PSK

2. Router (port-forward rule)

1. Allow TCP Any 3389

This forwards inbound RDP traffic (TCP/3389) from the Internet to the Windows PC, enabling Remote Desktop access.

3. Firewall (screened subnet side)

1. LAN IP: 10.100.0.1

4. Device placement

1. PC: place behind the router (where the port-forward rule points).

2. Game console: place on the Wireless AP (so it can use chat and extra services over WPA2 PSK).

3. Firewall: place in front of the screened subnet (with its 10.100.0.1 IP facing that subnet).

The Windows PC is placed in the screened subnet (behind the firewall) for enhanced security. Remote access to this PC requires port forwarding of TCP port 3389 (RDP), which is correctly configured through the router.

The Game Console is placed on the Wireless AP LAN, using WPA2 PSK for a secure wireless connection. Game consoles typically use peer-to-peer chat and online services that require open access without firewall restrictions, which is why the console is not placed behind the firewall.

CompTIA A+ 220-1102 Reference Points:

Objective 3.4: Given a scenario, implement best practices associated with data and device security.

Objective 2.4: Given a scenario, use appropriate tools to support and configure network settings.

Study Guide Reference: CompTIA A+ Core 2 guides recommend using screened subnets (a type of DMZ) for systems needing controlled external access, such as remote desktops, while placing gaming and media devices on less restricted networks for full functionality.

A VPN is the best choice because it is designed to provide secure remote access to an internal network over the Internet by creating an encrypted tunnel. Once the VPN is established, the remote user’s device effectively becomes part of the corporate network and can use the appropriate tools for each server type (for example, SSH to Linux and RDP to Windows) without exposing those management services directly to the public Internet. Quentin Docter explains that a VPN “extends your company’s internal network across the Internet,” creating a private connection through “encryption and encapsulation,” and that the host becomes part of the internal network (often receiving an internal IP). The All-in-One guide reinforces this by describing VPNs as an encrypted tunnel over the open Internet.

By comparison, RDP is “used exclusively with Microsoft operating systems,” so it doesn’t meet the Linux requirement. FTP is for file transfers, not full secure remote access, and RMM is primarily for centralized IT monitoring/management rather than a general user remote-access method.

Host 2, Host 3, Host 4 , Host 5 ,Host 6, Host 7, Host 8 , Media Server - Stop All unwanted and malicious service (Persistance.j1zpxn Installer Service) from all the listed host and Media servers

Refer screenshot below on the required service started/stopped on host2, same service to be started and stopped across all host servers.

A screenshot of a computer AI-

A screenshot of a computer AI-

Maintaining integrity in a forensic investigation means ensuring evidence remains in its original, untampered state and that you can prove who handled it, when, and what was done to it. That is exactly what chain of custody provides. Mike Meyers’ Lab Manual defines chain of custody as an “end-to-end process” that establishes “a continuous accounting of where the evidence is at all times, who has possessed it, what activities were performed on it, and the details of its storage, use, and transfer.” It explicitly states this process “helps to ensure the integrity of evidence and minimizes the possibility that it has been altered or tampered with,” and it contributes to the admissibility and value of evidence in court.

The All-in-One Exam Guide provides the same explanation and ties chain of custody to accountability for “data integrity… and data preservation,” documenting possession and activities performed on evidence from collection through transfer. Acceptable use policy is a rules document, compliance requirements define obligations, and an after-action report summarizes events afterward—none of these directly preserve and prove evidence integrity throughout handling like chain of custody does.

First Chat Response:When the user mentions setting up a new router, the best initial response to maintain a helpful and professional tone is:

> Select reply: " I am happy to assist you today. "

Second Chat Response:When the user states that they need to set up basic security settings:

> Select reply: " Is this the first router in your office? "

Third Chat Response:After learning it ' s a replacement router and the user is logged into the router ' s web page:

> Select reply: " The first thing you need to do is change the default password. "

Fourth Chat Response:For the response about password settings:

> Select reply: " Create a new password with an uppercase, a lowercase, and a special character. "

Fifth Chat Response:When the router prompts to reboot:

> Select reply: " Yes, reboot please. "

Study Guide Reference: The CompTIA A+ Core 2 guide highlights the importance of changing default credentials and using strong password policies, particularly in SOHO environments where routers are often targeted.

Issue: Limited network connectivity

Resolution: Refresh DHCP

Verify/Resolve: ipconfig

Issue (drop-down)

Limited network connectivity

Why this matches:

“Internet Down” most commonly indicates the workstation has lost valid Layer 3 connectivity (bad/expired DHCP lease, APIPA address, wrong gateway, etc.). In CompTIA A+ terms, this aligns best with limited connectivity symptoms (can’t reach internet resources).

Resolution (drop-down)

Refresh DHCP

Why this is the most efficient fix:

If the client has:

an expired lease

an APIPA address (169.254.x.x) because DHCP failed

an incorrect IP/gateway from a bad lease

…then the fastest first remediation is to renew DHCP to obtain a correct IP address, default gateway, and DNS servers. This is a standard CompTIA A+ troubleshooting action (quick, low-risk, high-success).

Verify/Resolve (drop-down)

ipconfig

Why this is the correct verification tool:

ipconfig is the primary Windows CLI tool to:

check current IP settings (ipconfig /all)

release/renew DHCP (ipconfig /release and ipconfig /renew)

confirm you received a valid IP + gateway + DNS, which is required for internet access.

What you would do (mapped to those choices)

Using ipconfig to complete “Refresh DHCP” and confirm the fix:

Check current addressing

ipconfig /all

Look for:

Valid IPv4 (not 169.254.x.x)

Valid Default Gateway

DNS servers present

Refresh the DHCP lease

ipconfig /release

ipconfig /renew

Verify outcome

Run ipconfig again to confirm:

You now have a correct IP for the network

Default gateway is populated

If the gateway/DNS populate correctly, internet access typically returns.

The issue described—“domain cannot be found” despite the ability to ping the server and access the internet—indicates aDNS resolution problem, not a network connectivity issue. The workstation is currently usingpublic DNS servers (8.8.8.8 and 1.1.1.1)whichcannot resolve internal domain names, such as the ones used in Active Directory environments. To resolve this, the technician needs tochange the DNS settings to point to the internal DNS server, which in most domain setups is thedomain controller itself (likely 192.168.1.10 in this case).

Here’s the breakdown of the incorrect options:

B. Assign a static IP address: The IP is already assigned and functioning; the device can ping and reach the network and internet.

C. Configure a subnet mask: The subnet mask is appropriate for the network range (Class C /24).

D. Update the default gateway: The gateway is valid and allows internet access; this is not the issue.

CompTIA A+ 220-1102 Core 2 Objective Reference:

Objective 1.8 – Given a scenario, use features and tools of the operating system.

Under this objective, candidates must know how to troubleshoot OS-based network configurations, includingproper DNS settings in domain environments.

—

Domain join capability is a key Windows edition differentiator. In Quentin Docter’s Windows editions comparison, Home explicitly “lacks support for… joining to a domain,” while Pro “can join a Windows server domain.” This applies across Windows 10/11 edition families: Home is positioned for consumers and does not include domain-join features, whereas Pro includes the business feature set.

The All-in-One guide states the same concept: “Windows Home systems cannot become part of a domain; to do that, you’ll need something like Windows Pro.” The Mike Meyers Lab Manual reinforces that Pro is the baseline edition for domain membership in business environments.

Given the answer choices, Windows 11 Pro is the correct selection for joining a domain.

The correct answer is D. Enabling HTTPS-Only Mode, because HTTPS ensures that all communication between the browser and websites is encrypted using TLS (Transport Layer Security). This protects sensitive information such as usernames, passwords, and payment details from interception.

According to the Quentin Docter – CompTIA A+ Complete Study Guide, HTTPS encrypts data in transit, preventing attackers from eavesdropping or modifying communications. HTTPS-only modes in modern browsers block or warn users when a site does not support secure connections.

The Travis Everett & Andrew Hutz – All-in-One Exam Guide emphasizes that HTTPS is essential for protecting authentication credentials and financial information, especially on public or untrusted networks. Enforcing HTTPS-only connections ensures users cannot accidentally submit data over unencrypted HTTP.

The Mike Meyers / Mark Soper Lab Manual clarifies that disabling cookies or JavaScript may break website functionality but does not guarantee encryption. Pop-up blockers address nuisance behavior, not data security.

Because the objective is to encrypt browser communications and protect sensitive data, enabling HTTPS-Only Mode is the most effective and direct solution, making D the correct answer.

Persistent pop-ups urging antivirus updates are likelyscareware or adware. The correct approach is toverify existing antivirus settings, run a trusted security scan, and avoid interacting with unknown pop-ups.

FromQuentin Docter – CompTIA A+ Complete Study Guide:

“Users should verify antivirus status using trusted tools before responding to alerts. Fake updates are common vectors for malware.”

Facial recognition is a biometric authentication method that ties access to a unique physical feature of the user. Unlike passcodes or pattern locks—which can be easily shared—facial recognition provides a more secure and non-transferable form of access. It also enhances user convenience and is widely supported by modern smartphones.

A. Pattern locks can still be shared and are less secure.

C. Device encryption protects data but does not prevent screen access if a passcode is shared.

D. Multifactor authentication typically applies to app or account access, not basic phone unlocking.

The correct answer is C because the representative should first verify what the warranty covers and then handle the customer professionally by reviewing available repair or replacement options. Liquid damage is commonly treated differently from normal product defects. The Mike Meyers/Mark Soper material explains that liquid contact indicators are often used so a carrier or manufacturer can determine whether water damage is covered or refused under warranty. The All-in-One Exam Guide also states that technicians should offer repair or replacement options as needed and allow the customer to decide among valid options. CompTIA’s Core 2 objectives include setting expectations, communicating status, offering repair/replacement options, and providing proper documentation. Therefore, automatically replacing the laptop is not appropriate, but immediately declining or escalating to legal/manufacturer support is premature unless the warranty or store policy requires it.

BitLocker To Go is a Microsoft encryption feature specifically designed for removable drives such as USB flash drives and external hard drives. It allows users to protect the data on these devices by requiring a password to decrypt the contents, thereby preventing unauthorized access in the event the device is lost or stolen.

A is correct because BitLocker To Go is directly tied to password-protecting removable media.

B and C are unrelated to BitLocker To Go; Secure Boot and VPN encryption are entirely different security layers.

D applies to BitLocker (not BitLocker To Go) and full disk encryption on internal drives using TPM.

This scenario is phishing delivered through a QR code (scan an image to reach a portal), which is best described as quishing . Quentin Docter defines phishing as a social engineering method where the attacker makes a message look legitimate and convinces the user to click a link to “correct” an account problem; after the click, the victim is taken to a site controlled by the attacker and asked for credentials. A QR code in a message is simply an alternate way to deliver that same malicious “link” without showing the URL clearly.

The Mike Meyers Lab Manual distinguishes related social engineering types: vishing is done by phone calls, and whaling targets high-level executives. Smishing is phishing delivered via SMS text messages, but the prompt specifically centers on scanning an image (QR-style workflow), not a text-message attack vector.

Docter also notes QR codes are commonly used in authentication workflows (for example, adding accounts to authenticator apps), which is why attackers mimic this behavior to make the scam seem normal. Therefore, QR-based phishing is best labeled quishing .

Aclean installensures all malware is eliminated by completely wiping and reinstalling the OS. System restore or repair may leave traces.

FromQUENTIN DOCTER - COMPTIA A+ COMPLETE study GUIDE:

“If malware cannot be completely removed, perform a clean installation of the operating system. This ensures no remnants remain on the machine.”

A “central log-in” means users can authenticate using a centralized account database rather than separate local accounts on each PC—this is a core feature of a Windows domain . Mike Meyers explains that a Windows domain makes it easy for anyone with a domain account to log on to any computer in the domain with a single account , a process called “single sign-on (SSO),” and that users do not need a separate local account stored on every computer. The All-in-One guide reinforces the same: in a domain, the domain controller stores domain accounts and “a user logging on to any computer on the domain may use their one domain account to log on to the entire network.”

Active Directory is the directory service commonly used to implement domains, but the question asks what is required for centralized logon on the workstation side— the computer must be joined to the domain (domain membership). Workgroups use only local accounts, and Local Group Policy Editor manages policies locally, not centralized authentication.

The correct answer is C. The default gateway is not set, and this is clearly indicated by the ipconfig output showing the Default Gateway: 0.0.0.0. In TCP/IP networking, the default gateway is the router address that allows a workstation to communicate with networks outside its local subnet, including the internet. Without a valid default gateway, a device can only communicate with other devices on the same local network.

According to the Quentin Docter – CompTIA A+ Complete Study Guide, a missing or incorrect default gateway is one of the most common causes of a system being unable to access external resources. The guide explains that when a destination IP address is outside the local subnet, the workstation forwards the traffic to the default gateway. If no gateway is defined, the traffic has nowhere to go and is dropped.

The Travis Everett & Andrew Hutz – CompTIA A+ All-in-One Exam Guide reinforces that an IP address such as 10.203.10.22 with a subnet mask of 255.255.255.0 is valid for internal communication. The DNS suffix comptia.org is also not responsible for routing failures. DNS resolves names to IP addresses, but routing still requires a gateway.

The Mike Meyers / Mark Soper Lab Manual further clarifies that a subnet mask error would prevent even local communication, which is not indicated here. Because only external websites are unreachable, the absence of a default gateway is the definitive root cause.

When defaults are too permissive across multiple Windows workstations, the most efficient and scalable fix is to enforce a standardized security baseline using Group Policy. The All-in-One guide explains that Windows provides extensive “security features” such as requiring complex passwords, limiting logon times, and controlling whether users can install applications—“and the list goes on to thousands of security features.” It states that “To configure these features, you use group policies,” and that you configure them using the Group Policy Editor (gpedit.msc).

This directly matches the scenario: repeated unauthorized attempts suggest the need to tighten multiple security settings consistently. While enabling account lockout policies (D) is one good control, the question is broader—“default security settings may be too permissive”—so the best action is to implement the overall appropriate group policy that can include lockout, password complexity, auditing, and other controls together. Updates and password resets are useful, but they don’t systematically correct permissive baseline settings across systems. Therefore, implementing an appropriate group policy is the best answer.

The best first step is to leverage existing documentation: check whether the issue was previously recorded and resolved, and reuse that known fix (or confirm conditions). Mike Meyers explains ticketing systems capture key information needed to resolve issues, including “ problem description ,” “ progress notes ,” and “ problem resolution ,” and stresses that “ Clear, concise writing is critical ” because you “won’t be the only tech responding to every ticket.” That is exactly why you review prior tickets first—so you can quickly see what was done previously and apply it consistently.

The All-in-One guide reinforces the same ticketing-system concept and lists the same essential elements (description, notes, resolution) used to streamline troubleshooting and escalation. Consulting the prior technician (A) may be impossible (the employee is gone) and slower than checking documented history. Opening a new case (D) is important, but the question asks what to do first —review the prior occurrence details, then document your current case using what you find.

Badge readers are electronic access control systems that require authorized users to scan a badge (e.g., RFID or magnetic strip cards) to gain access to restricted physical locations. These systems typically log all access attempts—successful or denied—providing both detection and recording of access events.

A. Bollards are physical barriers to prevent vehicle access.

B. Video surveillance can record access visually but does not track identity unless integrated with access control systems.

D. A fence restricts access but doesn ' t detect or record who entered.

Adding ten high-end graphics/animation desktops can dramatically increase the electrical load on the room’s existing circuits. High-performance CPUs and GPUs draw substantially more wattage than typical office PCs, and that wattage translates into higher current (amperage) on the circuit. Mike Meyers’ Lab Manual explains the relationship V × A = W and warns that wiring and circuits have amperage ratings; pushing too much current can overheat wiring and trigger safety devices. It also explains that circuit breakers are rated for a specified amperage and will open (trip) when overloaded to prevent overheating and damage. Therefore, before deployment, the technician should calculate expected power draw per system and ensure the desktops are distributed across sufficient circuits (or that electrical upgrades are made) to avoid repeated breaker trips, overheating risks, and downtime. While temperature and humidity matter for environmental control, the question is specifically about introducing multiple power-hungry workstations, making circuit power consumption the most critical planning factor for safe, stable operation. This aligns with A+ operational/environmental concepts around proper power handling and avoiding overload conditions.

Multifactor authentication (MFA) is considered one of the most effective security measures for cloud environments. It requires users to verify their identity using two or more factors (e.g., password + phone app code), making it significantly harder for external attackers to gain access, even if the primary password is compromised.

B. Encryption is important for data protection but doesn’t prevent unauthorized logins.

C. Backups protect against data loss but don’t stop breaches.

D. Strong passwords are helpful but can still be phished or cracked — MFA adds a critical extra layer.

A low-level format (also referred to as a zero-fill or full format) writes over every sector on a storage device, effectively destroying the existing data and making recovery nearly impossible. Unlike degaussing, which renders the drive unusable, a low-level format maintains the integrity of the device, allowing it to be repurposed or reused.

A. Deleting partitions does not fully erase data; it only removes references in the partition table.

B. EFS (Encrypting File System) encrypts files but does not securely wipe them.

D. Degaussing destroys the magnetic structure of a drive, making it inoperable and not reusable.

The correct answers are D. Use PIN authentication and F. Enable screen timeout, because both controls directly protect a mobile device from unauthorized physical access. Physical access controls are designed to prevent someone from using a device if it is lost, stolen, or left unattended.

According to the Quentin Docter – CompTIA A+ Complete Study Guide, mobile device security begins with lock-screen controls, such as PINs, passwords, biometrics, and automatic locking mechanisms. A PIN authentication requirement ensures that even if an attacker physically possesses the device, they cannot access its contents without the correct credentials.

The guide further explains that screen timeout (automatic locking after inactivity) is a critical security feature. Without it, a device left unattended—even briefly—could be accessed by unauthorized individuals. Enabling a short timeout greatly reduces this risk.

The Travis Everett & Andrew Hutz – All-in-One Exam Guide reinforces that VPNs and antivirus software protect data in transit and against malware, not physical access. Likewise, disabling hotspots and enabling location services are management or tracking features, not access prevention mechanisms.

The Mike Meyers / Mark Soper Lab Manual emphasizes that physical security controls focus on preventing interaction with the device itself, making PIN authentication and automatic screen locking the most effective measures.

Therefore, D and F are the correct answers.

The correct answer is D. Hide extensions, because Windows File Explorer hides known file extensions by default, which can cause confusion when renaming files. When extensions are hidden, a user may unknowingly change only the visible filename and not the actual file extension.

The Quentin Docter – CompTIA A+ Complete Study Guide explains that Windows uses file extensions to determine file type associations. If file extensions are hidden, renaming a file from Document.txt to Document.xml may actually result in Document.xml.txt, even though only Document.xml is displayed.

The Travis Everett & Andrew Hutz – All-in-One Exam Guide states that to properly change a file’s extension, users must enable “File name extensions” in File Explorer. This allows the user to see and modify the true extension, ensuring the operating system recognizes the correct file type.

The Mike Meyers / Mark Soper Lab Manual reinforces that options such as indexing, personalization, or formatting do not affect how Windows interprets file types. Only visibility of file extensions allows accurate renaming.

Therefore, disabling the “Hide extensions for known file types” setting is required to correctly change the file type, making D the correct answer.

The correct answer is A. DLP (Data Loss Prevention), because DLP solutions are specifically designed to detect, monitor, and prevent unauthorized transmission of sensitive data outside an organization. Information exfiltration occurs when confidential data is improperly transferred, leaked, or stolen, either intentionally or accidentally.

According to the Quentin Docter – CompTIA A+ Complete Study Guide, DLP technologies enforce policies that restrict how data can be shared via email, cloud services, removable media, or network transfers. DLP systems can block, quarantine, or alert administrators when sensitive data patterns—such as credit card numbers or personal identifiers—are detected leaving the organization.

The Travis Everett & Andrew Hutz – All-in-One Exam Guide explains that DLP focuses on data protection, not user authentication or device management. While IAM controls access to resources and MDM manages mobile devices, neither directly prevents data from being exfiltrated once access is granted.

The Mike Meyers / Mark Soper Lab Manual reinforces that SAML is an authentication framework and does not monitor data movement.

Because the question specifically addresses information exfiltration, the security control designed to prevent it is Data Loss Prevention, making A the correct answer.

The scenario involves an application that should retrieve data from a local database server but is failing to do so. This likely indicates a problem in communication between the application and the database server (such as a network issue, port misconfiguration, or service unavailability). The correct troubleshooting approach involves testing the network/service connectivity between the client and the database.

Let’s examine the options:

A. ipconfig:This command displays IP configuration details for Windows systems, such as IP address, subnet mask, and default gateway. While useful for diagnosing general network issues, it does not test service connectivity or the availability of a specific application port/service.

B. nslookup:Used to query DNS servers to resolve domain names to IP addresses. However, since the question references a local server (likely accessed via IP or static hostname), DNS is probably not involved. Also, it does not test application/service availability.

C. netstat:Displays active TCP connections, listening ports, and routing tables. It helps determine whether the local system is listening for or maintaining any network connections, but it does not initiate a connection to test availability. It’s diagnostic but not interactive for service testing.

D. curl:This is the most appropriate tool for this scenario. curl is used to test connectivity to services over protocols like HTTP, HTTPS, FTP, and more. If the application retrieves data via a web interface or API (common in database-driven applications), curl can be used to test if the application can successfully reach and retrieve data from the server. It provides immediate, testable feedback on whether the server and service are available and responsive.

Example usage:

curlhttp://localhost:8080/api/data

This command would test whether a local server ' s application programming interface (API) is available and responding on port 8080.

CompTIA A+ 220-1102 Reference Points:

Objective 2.4: Given a scenario, use appropriate tools to troubleshoot and support Windows OS issues.

Objective 3.3: Use appropriate tools to troubleshoot and resolve issues.

The CompTIA A+ Core 2 study guide references curl as a useful command-line utility for testing connectivity and troubleshooting application access to services.

===========================

The 3-2-1 backup rule is specifically about number of copies, diversity of media, and offsite storage. “2” in 3-2-1 means using two different types of media. The All-in-One guide states the rule plainly: “keep at least three copies of your data on at least two different types of media… and store at least one copy offsite.” Mike Meyers’ Lab Manual repeats the same definition word-for-word, emphasizing two different media types and one off-site copy.

Quentin Docter explains the same method and gives an example: original data plus an on-site backup, plus “a third copy… off site,” such as backing up to the cloud.

Given the options, only D directly satisfies the “two different media” requirement. Option C contradicts the offsite requirement, option B invents a testing interval not defined by 3-2-1, and option A is about backup types rather than the core 3-2-1 rule. Therefore D is correct.

The correct answer is B. Add the user to the local Administrators group, because this provides the necessary permissions to install software on a specific machine without granting excessive privileges across the entire domain. This approach follows the principle of least privilege while still allowing the user to perform required testing tasks.

According to the Quentin Docter – CompTIA A+ Complete Study Guide, local administrator rights allow users to install and configure applications on a single system but do not grant access to domain-wide resources. This makes it an appropriate choice for sandboxed or test environments.

The Travis Everett & Andrew Hutz – All-in-One Exam Guide warns against adding users to the Domain Admins group, as this grants full control over the entire Active Directory environment and poses a significant security risk. Sharing credentials or passwords violates security best practices and audit requirements.

The Mike Meyers / Mark Soper Lab Manual reinforces that granting local administrative access is a common and accepted practice in controlled testing scenarios, especially when systems are isolated from production environments.

Because the goal is to allow software installation without compromising domain security, adding the user to the local Administrators group is the best and safest option, making B the correct answer.

The symptoms point strongly to a bootleg/malicious application from an untrusted source: random pop-ups (high number of ads), increased data usage (high network traffic/data-usage warnings), and abnormal restrictions such as failing OS updates or blocking access to sensitive apps (unexpected application behavior). These are specifically listed as common mobile security symptoms associated with malicious apps and untrusted APK sources. When a device shows multiple signs of compromise and normal remediation options (like

Standard Operating Procedures (SOPs) define the mandatory steps and expectations technicians must follow during support calls. This includes documentation standards such as logging user info, asset details, and issue descriptions in the ticketing system. Implementing SOPs ensures consistency and accountability.

A. SLAs define response/resolution times but not documentation practices.

B. Call categories organize types of issues but don ' t guide technician actions.

D. Knowledge base articles provide solutions to known problems but don ' t ensure proper ticket documentation.

TheDo Not Disturbsetting in Windows Notification settings allows users to suppress all notification banners and sounds during presentations or video calls.

FromTravis Everett – All-in-One Exam Guide:

“Use Windows ‘Do Not Disturb’ to prevent notifications from interrupting full-screen apps like video conferencing.”

The requirement is that vendor users can work only during certain times , which is enforced by setting logon-hour restrictions on the accounts. Quentin Docter explicitly describes this control under “Setting Time Restrictions,” stating: “Configure user accounts so that logins can occur only during times that the user can be expected to be working,” and explains that in Active Directory you can open the user account and click Logon Hours to configure permitted and denied hours. This directly matches option D.

Option C (account expiration) is useful for contractors, and Docter even notes account expiration is “best used on contractor accounts,” but that controls the end date of access, not daily working hours . Alerts (B) would only notify after the fact, and timeout policies (A) are about inactivity/session controls rather than restricting when logons are allowed. Mike Meyers also lists “login time restrictions” as an account management best practice, reinforcing that restricting logon times is a valid security control.

A repeated failure to open Task Manager —a core Windows troubleshooting utility—strongly suggests the system is compromised and critical tools are being interfered with. In malware-response methodology, Quentin Docter emphasizes that the first step is to “identify and verify the malware symptoms” before proceeding to containment and remediation. If Task Manager cannot be launched at all, that behavior itself is a highly suspicious symptom consistent with malicious activity attempting to prevent the administrator from viewing or stopping processes.

Docter also explains that when systems are compromised by a virus or other malware, the threat agent may embed persistent access methods, and in some cases the only way to be sure it’s fully removed is to reinstall the OS—highlighting how deeply malware can integrate and disrupt normal tools.

The other options do not plausibly block Task Manager: a developer application may increase CPU/RAM usage but typically won’t prevent Task Manager from opening; Windows Update set to manual affects patching behavior; and moving the pagefile can affect performance but not usually stop Task Manager from launching.

The correct answer is D. The computer operating system is Home edition . Windows Home editions are intended for consumer and basic home use and do not support joining a traditional Windows domain. The All-in-One Exam Guide clearly states that Windows Home systems cannot become part of a domain and that a system needs Windows Pro or a higher edition for domain membership. The Mike Meyers/Mark Soper material also shows that Windows Home cannot use a Windows domain, while Windows Pro can, and explains that Windows 10 Pro is the most basic edition that supports joining a Windows domain. This same edition limitation applies to Windows 11 in the A+ exam context. Updating Windows, changing network settings, or restarting for Group Policy will not enable domain joining on Home edition. The correct fix would be upgrading to Windows Pro or another domain-capable edition.

The scenario strongly suggests the device has been compromised by malware delivered through a social-engineering message (an “unexpected overdue invoice” attachment). After the attempt, the phone shows system-wide performance issues affecting the browser and other apps, and a restart does not fix it—this matches common mobile malware symptoms such as sluggish response time and abnormal behavior that persists across reboots. When symptoms persist beyond a soft reset, the most reliable remediation is to return the device to a known-good state by performing a factory reset (wipe). Quentin Docter explains that a factory reset is much more effective and will remove malware along with applications, and that when a security symptom indicates malware, the device should be factory reset and then protected with antimalware before reinstalling apps.The All-in-One guide similarly teaches an escalation path: stop/uninstall suspect apps, and if these steps don’t resolve the behavior, use a factory reset to cleanse the device.【turn27file4†L9-L14】 Mike Meyers’ Lab Manual also lists factory resets among the key tools for resolving persistent mobile app security issues.

PXE (Preboot Execution Environment) allows workstations to boot over the network and download an OS image from a server. It is ideal for automating mass deployments using baseline images across many machines without the need for physical media.

A. An ISO is a disk image file but requires mounting or physical media.

B. Secure Boot is a security feature, not a method of deploying OS images.

C. USB requires manual installation and is not suitable for automated deployment at scale.

The correct answer is C. exFAT . macOS can read and write several file systems, but among the listed choices, exFAT is the best answer because it is designed for broad compatibility and is commonly used on removable storage shared between Windows and macOS. The Sybex practice-test explanation states that macOS can only read NTFS partitions but can both read and write to exFAT partitions. The All-in-One Exam Guide also explains that macOS can read and write FAT32 and exFAT, while it only reads NTFS. NTFS is the standard modern Windows file system but is not writable by macOS without extra tools. ReFS is a Microsoft file system used for specific Windows storage scenarios, and XFS is a Linux/UNIX-style file system. Therefore, when a macOS system must write data to a volume from the listed options, exFAT is the correct choice.

Once a malware incident has been confirmed, the immediate next step is to contain the threat. Quarantining infected systems prevents the malware from spreading to other devices and isolates the malicious code for further analysis or remediation.

B. Educating end users is important but occurs later in the incident response process.

C. Disabling System Restore is part of cleanup, not containment.

D. Updating and scanning should occur after the system is quarantined to prevent further infection or spread.

To verify integrity, you must confirm the file you downloaded matches the vendor’s original file and hasn’t been altered in transit or replaced by malware. Quentin Docter explains the best preventive measure is to create a Secure Hash Algorithm (SHA) hash of the executable and store it separately; before running the installer, “run the hashing against the install and check its signature. If the signature matches, then the installer has not been tampered with.” The All-in-One Exam Guide reinforces that verifying installers “always involves one or more cryptographic techniques such as hashing and/or code signing,” and defines a checksum/hash as a cryptographic “digital fingerprint” you can recompute after downloading to confirm the fingerprints match. Mike Meyers’ Lab Manual states the same action step: if you manually download an installer, “verify its code signature or use hashing to confirm the installer you downloaded matches the checksums published by the vendor.”

Private browsing and Secure DNS do not validate file integrity, and trusted plug-ins are unrelated. Hence, Hashing (C) is correct.

The most likely reason a legacy tablet cannot run the latest version of an app is that the tablet’s operating system is end-of-life (EOL) or otherwise too old to meet the app’s supported OS/version requirements. Quentin Docter explains that an OS life cycle ends when it is no longer supported, and that an OS at end-of-life will no longer receive updates (including feature updates), making it increasingly incompatible with modern software that expects newer OS frameworks and APIs. The All-in-One guide reinforces this by noting that apps may fail to launch or install when they are not compatible with the device’s OS version (or related vendor customizations).

While insufficient storage can also prevent an update, that typically produces an “update failed/not enough space” condition rather than a consistent inability to use the latest version due to platform support; Mike Meyers’ Lab Manual specifically calls out free space as a common cause of update failures. MDM restrictions and malware are possible but are less “most likely” for a personal legacy tablet.

The ext4 (Fourth Extended Filesystem) is the most widely used default filesystem in modern Linux distributions. It is designed for high performance, scalability, and reliability, and is supported by all mainstream Linux kernels.

A. exFAT is used for cross-platform external drives, not native Linux systems.

B. APFS is Apple ' s proprietary filesystem for macOS and iOS.

D. NTFS is the default filesystem for Windows, not Linux.