Text preview & study summary

CompTIA A+ Core 2 220-1202

A free sample of 5 questions from this quiz, shown in full with answer choices and explanations. No interactivity — everything is visible on this page for study and review.

Want to test your knowledge? Launch the Interactive Exam Simulator

Question 1

A user's browser redirects search results to suspicious sites. The antivirus scan removes several files, but the behavior returns after reboot. The technician finds a scheduled task running a PowerShell command from the user's AppData folder at logon. The workstation has not been disconnected from the network yet.

What should the technician do first?

Answer choices

  • A. Isolate the workstation from the network and preserve relevant evidence before removing persistence mechanisms. (Correct)

  • B. Delete the user's browser profile and clear all cookies while leaving the workstation online.

  • C. Reinstall the browser because browser redirects are always caused by corrupted browser binaries.

  • D. Disable Windows Update because the scheduled task is using PowerShell.

Explanation

The scheduled task indicates persistence. The workstation should be isolated to prevent further communication or spread while preserving evidence needed for analysis. After containment, the technician can remove the scheduled task, malicious files, and browser changes.

Clearing the browser profile may remove symptoms but not persistence. Reinstalling the browser ignores the scheduled task. Disabling Windows Update is unrelated and weakens the system.

Question 2

A legacy accounting application runs successfully when launched by a local administrator but fails for standard users with an error writing to C:\Program Files\AcctApp\config.ini. The vendor says the application cannot be upgraded for six months. The company does not want to give users local administrator rights.

Which remediation best balances compatibility and least privilege?

Answer choices

  • A. Grant standard users local administrator rights only during business hours.

  • B. Change the application shortcut to always run elevated using the administrator's saved password.

  • C. Modify permissions only on the required application configuration path or redirect the write location to a user-writable profile path. (Correct)

  • D. Disable UAC so the application can write to protected directories.

Explanation

The application is failing because it writes to a protected location. The best fix is to narrowly adjust permissions for the required file or path, or redirect configuration writes to an appropriate user-writable location. This preserves least privilege better than granting broad administrative rights.

Giving users local admin rights expands risk. Saving an administrator password in a shortcut is dangerous. Disabling UAC weakens the entire workstation security model.

Question 3

A technician is replacing a user's laptop SSD. The laptop contains regulated customer data and is still under warranty. The user needs their data migrated to the replacement drive, and the failed SSD must be returned to the manufacturer unless company policy prevents it.

Which TWO actions should the technician take?

Answer choices

  • A. Follow company data handling policy to determine whether the failed SSD must be retained, sanitized, or destroyed instead of returned. (Correct)

  • B. Use proper ESD precautions and document the asset, serial numbers, and chain-of-custody steps. (Correct)

  • C. Upload the user's profile to a personal cloud drive temporarily to speed up the migration.

  • D. Leave the old SSD on the user's desk because it is no longer bootable.

  • E. Remove the warranty label so the manufacturer cannot identify the original device.

Explanation

The technician must follow data handling policy for regulated data, especially before returning storage media to a vendor. Proper ESD precautions, asset documentation, serial number tracking, and chain-of-custody support both safety and accountability.

Using a personal cloud drive creates an uncontrolled data exposure. Leaving the SSD on a desk is poor custody. Removing warranty labels is inappropriate and may create support or legal issues.

Question 4

A Windows user can open a shared department folder but cannot save changes to one subfolder. Other users in the same group can save there. The share permissions grant Change access to the group. NTFS permissions on the subfolder show the group has Modify access, but the individual user has an explicit Deny Write entry inherited from an old project folder.

What is the most likely cause?

Answer choices

  • A. Share permissions always override NTFS permissions and are blocking the user.

  • B. The explicit deny permission is taking precedence over allowed group permissions. (Correct)

  • C. The user's workstation firewall is blocking SMB write traffic.

  • D. The folder is formatted as exFAT, so NTFS permissions are unavailable.

Explanation

In Windows permissions, an explicit Deny can override allowed permissions from group membership. The user can access the share but cannot write to the affected subfolder because the deny entry applies specifically to that user.

Share permissions are not the blocker because the group has Change access and other users can write. A firewall issue would affect access more broadly. exFAT does not support NTFS permissions, but the scenario states NTFS permissions are present.

Question 5

A remote employee reports repeated account lockouts every morning. The user recently changed their domain password. The lockouts continue even when the laptop is shut down overnight. Security logs show failed authentication attempts from the user's old smartphone using Exchange ActiveSync.

What should the technician do?

Answer choices

  • A. Reset the user's domain password again because the new password failed to replicate.

  • B. Remove or update the stored corporate credentials on the smartphone and verify no other devices or apps are using the old password. (Correct)

  • C. Disable the user's domain account until the lockout counter expires.

  • D. Clear the Windows credential manager on the laptop because all lockouts originate from Windows cached credentials.

Explanation

The failed attempts are coming from the smartphone using an old stored password. Updating or removing saved credentials on mobile email clients and other connected apps is the correct fix.

Resetting the password again does not stop the phone from retrying. Disabling the account disrupts the user without solving the source. Clearing Windows Credential Manager on the laptop will not address failures from the phone.