Text preview & study summary
CompTIA A+ Core 2 220-1202
A free sample of 5 questions from this quiz, shown in full with answer choices and explanations. No interactivity — everything is visible on this page for study and review.
Want to test your knowledge? Launch the Interactive Exam Simulator
Question 1
A user's browser redirects search results to suspicious sites. The antivirus scan removes several files, but the behavior returns after reboot. The technician finds a scheduled task running a PowerShell command from the user's AppData folder at logon. The workstation has not been disconnected from the network yet.
What should the technician do first?
Explanation
The scheduled task indicates persistence. The workstation should be isolated to prevent further communication or spread while preserving evidence needed for analysis. After containment, the technician can remove the scheduled task, malicious files, and browser changes.
Clearing the browser profile may remove symptoms but not persistence. Reinstalling the browser ignores the scheduled task. Disabling Windows Update is unrelated and weakens the system.
Question 2
A legacy accounting application runs successfully when launched by a local administrator but fails for standard users with an error writing to C:\Program Files\AcctApp\config.ini. The vendor says the application cannot be upgraded for six months. The company does not want to give users local administrator rights.
Which remediation best balances compatibility and least privilege?
Explanation
The application is failing because it writes to a protected location. The best fix is to narrowly adjust permissions for the required file or path, or redirect configuration writes to an appropriate user-writable location. This preserves least privilege better than granting broad administrative rights.
Giving users local admin rights expands risk. Saving an administrator password in a shortcut is dangerous. Disabling UAC weakens the entire workstation security model.
Question 3
A technician is replacing a user's laptop SSD. The laptop contains regulated customer data and is still under warranty. The user needs their data migrated to the replacement drive, and the failed SSD must be returned to the manufacturer unless company policy prevents it.
Which TWO actions should the technician take?
Explanation
The technician must follow data handling policy for regulated data, especially before returning storage media to a vendor. Proper ESD precautions, asset documentation, serial number tracking, and chain-of-custody support both safety and accountability.
Using a personal cloud drive creates an uncontrolled data exposure. Leaving the SSD on a desk is poor custody. Removing warranty labels is inappropriate and may create support or legal issues.
Question 4
A Windows user can open a shared department folder but cannot save changes to one subfolder. Other users in the same group can save there. The share permissions grant Change access to the group. NTFS permissions on the subfolder show the group has Modify access, but the individual user has an explicit Deny Write entry inherited from an old project folder.
What is the most likely cause?
Explanation
In Windows permissions, an explicit Deny can override allowed permissions from group membership. The user can access the share but cannot write to the affected subfolder because the deny entry applies specifically to that user.
Share permissions are not the blocker because the group has Change access and other users can write. A firewall issue would affect access more broadly. exFAT does not support NTFS permissions, but the scenario states NTFS permissions are present.
Question 5
A remote employee reports repeated account lockouts every morning. The user recently changed their domain password. The lockouts continue even when the laptop is shut down overnight. Security logs show failed authentication attempts from the user's old smartphone using Exchange ActiveSync.
What should the technician do?
Explanation
The failed attempts are coming from the smartphone using an old stored password. Updating or removing saved credentials on mobile email clients and other connected apps is the correct fix.
Resetting the password again does not stop the phone from retrying. Disabling the account disrupts the user without solving the source. Clearing Windows Credential Manager on the laptop will not address failures from the phone.
