CompTIA 220-1202 A+ Certification Exam: Core 2  Dumps and Practice Test Questions Set 1 Q1-20

Visit here for our full CompTIA 220-1202 exam dumps and practice test questions.

Q1. A user reports that their Windows 10 computer takes unusually long to start, and sometimes the desktop loads without icons for several minutes. The technician opens Task Manager and notices that several programs with high startup impact are enabled, along with an unfamiliar application launching at startup. Which of the following is the best next step to improve startup performance while maintaining system stability?

A) Disable all startup items
B) Disable only the unwanted or unnecessary startup applications
C) Uninstall all startup applications
D) Perform a full Windows reset

Answer: B) Disable only the unwanted or unnecessary startup applications

Explanation:

 When troubleshooting slow startup performance in Windows 10 or Windows 11, the most effective and safe strategy is to selectively disable unnecessary or suspicious startup programs. This preserves essential system components while removing performance bottlenecks. In this scenario, the technician observes several high-impact startup items and an unfamiliar program loading on boot. Startup programs directly influence boot-up time, memory usage, CPU utilization, and boot stability. By disabling only unneeded items, the technician reduces load without removing important services such as security tools, drivers, or vendor utilities that might be required for optimal hardware operation.

Option B is correct because selective disabling allows the technician to isolate the problematic application without introducing new issues. Selective startup tuning is part of normal optimization and is recommended by CompTIA A+ as a safe practice that balances performance and stability. It prevents unnecessary programs from consuming CPU cycles during the boot process and ensures that only required services run automatically. This method also avoids removing essential software such as antivirus programs, driver services, and system utilities. Techs commonly use Task Manager’s Startup tab, Autoruns, or MSConfig for this purpose.

Option A is incorrect because disabling all startup items is unsafe and overly aggressive. Some drivers, security apps, and hardware utilities must load at startup to ensure proper functioning. For example, GPU control panels, touchpad utilities, antivirus real-time protection, and system tray processes provide required elements of the operating system’s environment. Disabling everything may improve boot speed temporarily but can introduce new problems such as missing device functions, disabled protections, or misconfigured services.

Option C is incorrect because uninstalling all startup applications is even more extreme than disabling them. Some startup applications are part of legitimate system operations or corporate requirements. Removing them removes functionality, may violate organization policy, and risks losing applications that the user depends on daily. Furthermore, uninstalling everything would take far more time than necessary and does not represent targeted troubleshooting. Selective disabling is always preferred before uninstalling software.

Option D is incorrect because performing a full Windows reset should only be used when other troubleshooting methods fail. A reset is a last resort because it removes installed applications, changes system settings, and requires significant time for data backup and reconfiguration. A technician would not jump directly to a Windows reset for slow startup, especially when the cause is clearly related to unnecessary programs loading during boot.

In the correct approach is to disable only the unwanted or suspicious startup items while preserving required applications. This improves performance, reduces boot delays, and maintains overall system health with minimal risk. Startup optimization is a core skill of the CompTIA 220-1202 exam because it ties directly to troubleshooting performance issues, understanding system utilities, and applying proper support methodologies.

Q2. A user receives frequent pop-ups while browsing, and the browser homepage keeps changing even after being manually corrected. The system also shows a new toolbar installed without the user’s knowledge. Which of the following is the most appropriate first action?

A) Reset the browser to default settings
B) Run a full antimalware scan
C) Disable browser extensions manually
D) Reinstall the web browser

Answer: B) Run a full antimalware scan

Explanation:

Frequent pop-ups, unauthorized homepage changes, and unexpected toolbars are classic symptoms of adware or potentially unwanted programs (PUPs). These often install through bundled downloads or malicious sites. The presence of persistent changes that reoccur even after manual correction indicates an underlying malicious process or scheduled task that continuously reinstalls the unwanted components. For this reason, a full antimalware scan must be the first step because manually resetting settings will not stop the malware from reasserting control.

Option B is correct because scanning with reputable antimalware tools identifies and removes adware, browser hijackers, malicious extensions, and background processes responsible for unauthorized browser manipulation. A full scan is essential because infections often modify registry entries, scheduled tasks, and configuration files, requiring automated cleanup. CompTIA A+ emphasizes using security tools before making manual system changes, especially in malware-related scenarios.

Option A is incorrect because resetting the browser does not remove malware that reinstalls settings. The reset may undo the homepage change temporarily, but if malicious processes persist, the problem will return. Browser reset is useful later, after the infection is removed.

Option C is incorrect because manually disabling extensions ignores the deeper issue: a malware component will likely reinstall them. PUPs often use persistence mechanisms such as registry run keys, scheduled tasks, or injected processes. Disabling extensions treats only the visible symptom, not the root cause.

Option D is incorrect because reinstalling the browser alone will not remove underlying malware. The infection may attach to system-level processes, meaning a new installation of the browser will become compromised again.

Thus, a full antimalware scan is the strongest and most appropriate first step, followed by cleaning residual settings, resetting the browser, removing extensions, and confirming system integrity.

Q3. A technician needs to configure a Windows 10 system so that only approved programs can run, especially in a shared computer environment used by multiple employees. Which feature best supports this requirement?

A) Windows Defender Firewall
B) User Account Control
C) AppLocker
D) Local Group Policy Object editor

Answer: C) AppLocker

Explanation:

 AppLocker is specifically designed to restrict which applications may execute by creating allow and deny rules. It is ideal for environments where administrators need to tightly control the software ecosystem. AppLocker can restrict applications based on file attributes, publisher signatures, file paths, or hashes. This makes it particularly effective in preventing unauthorized software installation, malware execution, and user misuse on shared devices.

Option C is correct because AppLocker provides flexible, granular application whitelisting. It ensures that only approved applications run, exactly matching the requirement from the scenario. Windows Firewall and User Account Control do not enforce application execution control at this level. Local Group Policy is a tool for configuring policies but does not, by itself, provide the execution restrictions AppLocker provides.

Option A is incorrect because Windows Defender Firewall filters network traffic, not local application execution. Although firewall rules can block an application from using the network, they do not prevent it from running.

Option B is incorrect because User Account Control limits changes requiring administrative approval but does not prevent a standard user from launching any executable already present on the system.

Option D is incorrect because Local Group Policy Object editor is a management tool for setting policies, but the enforcement mechanism needed is AppLocker itself.

Therefore, AppLocker is the correct choice for controlling which applications users can run.

Q4. A user working remotely reports that their VPN connects successfully, but they cannot access internal company resources. The technician pings the user’s internal IP assigned by the VPN and receives replies, but internal server pings fail. Which of the following is the most likely cause?

A) DNS misconfiguration
B) Incorrect VPN password
C) ISP outage
D) Expired user certificate

Answer: A) DNS misconfiguration

Explanation:

When a VPN connection is established and the user receives an internal IP address, network-level connectivity to the VPN gateway is confirmed. If the technician can ping the VPN-assigned IP but not internal servers, the issue usually lies in name resolution or routing. DNS misconfiguration is the most likely cause because internal hostnames depend on internal DNS servers provided through the VPN. If DNS is incorrect, the user cannot resolve internal resource names even though the VPN connection itself is active.

Option A is correct because DNS misconfiguration explains why the VPN appears functional while internal names cannot resolve. Users often interpret DNS failures as connectivity failures because they cannot load internal sites or map network drives.

Option B is incorrect because incorrect credentials would prevent connection entirely. Since the VPN connects and assigns an IP, the password is clearly valid.

Option C is incorrect because an ISP outage would prevent the VPN from connecting at all. A functioning VPN session means the ISP connection works.

Option D is incorrect because an expired certificate would block VPN authentication. If the VPN establishes correctly, certificates (if used) are not expired.

Thus, DNS misconfiguration most accurately explains the symptoms.

Q5. A technician is preparing to dispose of several company desktops that previously stored confidential financial documents. The drives must be sanitized so no data can be recovered. Which method provides the most secure outcome?

A) Quick format
B) Standard delete commands
C) Physical destruction
D) Recycle Bin emptying

 Answer: C) Physical destruction

Explanation:

When drives contain sensitive or regulated data such as financial or personal records, the most secure data sanitization method is physical destruction. CompTIA A+ emphasizes that physical destruction ensures the data cannot be recovered even with advanced forensic methods. Methods include shredding, drilling, degaussing (on magnetic drives), or crushing. Physical destruction is the gold standard for final disposal because it removes all possibility of data retrieval.

Option C is correct because it permanently destroys the media itself. Even if data remnants survived logical wipe attempts, breaking the platter or memory chips makes recovery impossible.

Option A is incorrect because a quick format merely clears file tables; the underlying data remains recoverable with forensic tools.

Option B is incorrect because delete commands only remove references to data, not the data itself. Recovery tools easily restore deleted files.

Option D is incorrect because emptying the Recycle Bin merely clears user-level deleted items. It does not erase data at the storage level.

For highly sensitive data, physical destruction is the most reliable choice and is widely required by organizational security policies.

Q6. A user reports that their Windows 11 system shows frequent errors stating that the system is running out of memory, even though Task Manager indicates only moderate RAM usage. The technician notices that multiple applications freeze, and the system displays warnings about virtual memory. Upon checking system settings, the technician finds that the paging file size was manually set to a very low value. Which of the following is the most appropriate corrective action?

A) Delete the paging file entirely
B) Increase the paging file to system-managed size
C) Reduce installed RAM to match the paging file
D) Disable memory-intensive applications

Answer: B) Increase the paging file to system-managed size

Explanation:

When a Windows system displays out-of-memory warnings despite moderate RAM usage, the most common cause is an improperly configured paging file. Virtual memory extends RAM by using space on the storage drive, allowing applications to exceed physical memory limits. If the paging file is too small, the system cannot offload data that is not actively in use, causing freezes, errors, and warnings even when RAM is not fully consumed. Windows normally manages the paging file automatically, dynamically adjusting its size to match system demands. However, if a user or application manually restricts paging file size, memory-related performance problems occur.

Option B is correct because increasing the paging file to system-managed size restores normal virtual memory behavior. System-managed size allows Windows to determine the minimum and maximum size needed based on application demands and installed memory. This ensures that memory-intensive applications (such as web browsers with many tabs, large spreadsheets, multimedia tools, or development software) can continue running without encountering memory shortages. Additionally, system-managed paging files provide dynamic adaptability, enabling Windows to expand virtual memory when workloads increase and contract it when they decrease.

Option A is incorrect because deleting the paging file entirely would make virtual memory unavailable. Even systems with large amounts of physical RAM benefit from a paging file for stability and system processes. Without one, applications that expect paging support may crash, Windows may become unstable, and the system will be far more likely to display memory errors. Removing the paging file is only appropriate in specialized circumstances such as secure systems requiring no disk-based memory remnants, and even then, only when adequate RAM is available.

Option C is incorrect because reducing installed RAM to match a low paging file is illogical and counterproductive. The issue is not that the system has too much RAM but rather that it lacks virtual memory. Reducing RAM would worsen performance and increase reliance on virtual memory, exacerbating the problem rather than solving it.

Option D is incorrect because disabling memory-intensive applications does not address the root cause. While closing unnecessary programs is a helpful step in general troubleshooting, a misconfigured paging file remains the underlying issue. Applications that should run normally with adequate virtual memory will continue to fail without proper paging file allocation. The correct approach is to fix the system misconfiguration, not restrict user productivity.

In summary, enabling system-managed virtual memory ensures stability, prevents unnecessary freezes, reduces memory-related pop-ups, and restores normal functioning of Windows 10 or 11 systems.

Q7. A technician is troubleshooting a workstation that cannot join a domain. Network connectivity appears normal, and the user can browse the internet. However, the workstation cannot contact the domain controller and displays an error stating that no logon servers are available. IP settings show that DNS is pointing to a public DNS server. Which of the following should the technician change to resolve the issue?

A) Change the default gateway to the domain controller
B) Change DNS to point to the internal domain DNS server
C) Change DHCP lease duration to a longer value
D) Change the subnet mask to a larger value

Answer: B) Change DNS to point to the internal domain DNS server

Explanation:

Domain-joined Windows systems rely heavily on DNS to locate domain controllers and other internal services. When DNS is set to an external or public DNS server, Windows cannot locate the domain controller’s SRV records. Although internet browsing may work correctly, domain-specific operations such as joining the domain, authenticating users, or accessing internal resources will fail. Public DNS servers do not host internal domain information, so the workstation has no means of locating logon servers.

Option B is correct because domain controllers act as internal DNS servers that store the necessary records for client systems. By pointing the workstation’s DNS to the internal DNS server (often the domain controller itself), the workstation can resolve internal hostnames, identify logon services, and successfully join the domain. This is standard practice in Active Directory environments and emphasized heavily in CompTIA A+ and Network+ training.

Option A is incorrect because the default gateway should point to the network router, not the domain controller. The domain controller is rarely the gateway device, and setting it as such may break routing, not fix authentication issues. The problem lies specifically with DNS resolution, not with routing.

Option C is incorrect because DHCP lease duration has no effect on domain join capability. The workstation already has a valid IP address and network connectivity, so the lease duration is not related to the failure to locate logon servers.

Option D is incorrect because the subnet mask is not the cause of the issue. The user already has normal network access and can reach the internet. The core issue is incorrect DNS configuration preventing discovery of domain services.

Thus, pointing DNS to the internal domain DNS server resolves the domain join issue.

Q8. A user complains that after installing an application from an unknown website, the system runs slowly and CPU usage is constantly high. Task Manager shows a suspicious process running under the user’s profile, and attempts to end the task cause it to immediately restart. The technician suspects a malware infection. Which of the following is the best first step?

A) Boot into Safe Mode and run antivirus
B) Reinstall Windows
C) Delete the suspicious executable manually
D) Disable the CPU to force the malware to stop

Answer: A) Boot into Safe Mode and run antivirus

Explanation:

When dealing with persistent malware that restarts itself after termination attempts, the best first step is to isolate the system environment and run malware removal tools in Safe Mode. Safe Mode loads only essential drivers and services, preventing most malware from initiating at boot. This gives antivirus and antimalware tools a better chance to detect and remove malicious files, registry keys, scheduled tasks, and startup processes.

Option A is correct because Safe Mode reduces the number of active processes and often stops malware from running. This allows the technician to run scans using Windows Defender or third-party tools. CompTIA A+ emphasizes that Safe Mode is a key component of effective malware remediation, allowing technicians to eliminate active infections without the interference of the malware itself.

Option B is incorrect because reinstalling Windows, while effective, is a last resort. It requires backup of data, reinstallation of applications, reconfiguration of settings, and significant time. Effective troubleshooting requires attempting less disruptive solutions before choosing a full reinstall.

Option C is incorrect because deleting the suspicious executable rarely resolves malware infections. Modern malware uses persistence techniques such as registry run keys, scheduled tasks, service creation, and file replication. Simply deleting one file will not remove all components, and the malware will regenerate itself.

Option D is incorrect and nonsensical. Disabling the CPU is impossible without shutting off the entire system, and doing so would not remove or identify malware. This option does not reflect any valid troubleshooting practice.

Thus, Safe Mode followed by a full malware scan is the correct first step.

Q9. A user stores important work documents on a network share. They report that they can open the share but receive an Access Denied message when attempting to modify or save files. The technician confirms that the user has Modify permissions set on the NTFS level but only Read permissions on the share level. Which of the following is the correct fix?

A) Increase NTFS permissions to Full Control
B) Increase share permissions to allow Modify
C) Disable NTFS permissions entirely
D) Reformat the shared drive

Answer: B) Increase share permissions to allow Modify

Explanation:

Windows uses a combination of NTFS permissions and share permissions to determine the final effective permissions for a network resource. When both NTFS and share permissions exist, the most restrictive permission applies. In this scenario, the user has Modify permissions from NTFS but Read permissions on the share. Because share permissions are more restrictive, the user is blocked from writing to the share.

Option B is correct because increasing the share permissions to Modify aligns the share-level permissions with the user’s intended access. With both NTFS and share permissions granting Modify, the user will be able to save and edit files. CompTIA A+ emphasizes understanding how effective permissions work and the interaction between NTFS and share permissions.

Option A is incorrect because increasing NTFS permissions to Full Control does not overcome the restrictive share permissions. The effective permission is still the most restrictive.

Option C is incorrect because NTFS permissions cannot be disabled on an NTFS volume. NTFS permissions are integral to the file system and necessary for security and access control.

Option D is incorrect because reformatting the drive is unnecessary and destructive. The issue is purely with permissions configuration.

Thus, modifying share permissions is the correct solution.

Q10. A company implements a new security policy requiring that all users have strong passwords that expire every 60 days. The technician must configure this policy across all Windows computers in the domain. Which tool or feature should be used to enforce this policy centrally?

A) Local Security Policy
B) Group Policy Management Console
C) Task Scheduler
D) Event Viewer

Answer: B) Group Policy Management Console

Explanation:

Password complexity, expiration, lockout policies, and other security settings must be enforced centrally in an Active Directory environment. Group Policy Management Console (GPMC) allows administrators to configure domain-wide policies from a central server. Using GPMC, the technician can set password length, complexity, history, and expiration requirements that automatically apply to all domain users.

Option B is correct because Group Policy is the standard method for applying security settings across a domain. It ensures consistency, compliance, and ease of management. CompTIA A+ emphasizes understanding Group Policy as the backbone of centralized Windows administration.

Option A is incorrect because Local Security Policy applies only to a single machine. Using it on each computer would require manual configuration, defeating the purpose of centralized management.

Option C is incorrect because Task Scheduler handles scheduled tasks, not password policy enforcement.

Option D is incorrect because Event Viewer is used for monitoring logs, not applying policies.

Group Policy Management Console is the correct tool for enforcing organization-wide password policies.

Q11. A user reports that their Windows 10 laptop frequently disconnects from the company Wi-Fi network. The technician discovers that the laptop connects normally but drops shortly after going to sleep or when the screen turns off. Device Manager shows that the wireless network adapter has power management enabled with the option “Allow the computer to turn off this device to save power” checked. Which of the following is the best solution to prevent these recurring disconnections?

A) Disable the Wi-Fi adapter entirely
B) Uninstall and reinstall all network drivers
C) Disable power management for the wireless adapter
D) Change the SSID to a hidden network

Answer: C) Disable power management for the wireless adapter

 Explanation:

Windows devices are engineered to conserve battery power, especially laptops, by limiting power consumption of nonessential hardware. Wireless adapters are among the components that Windows may power down during sleep, display-off states, or other low-activity periods. When the option “Allow the computer to turn off this device to save power” is enabled, the system may shut down the Wi-Fi adapter aggressively, causing sudden drops from the network, failed reconnections, or long delays when waking the device. These symptoms match the user’s report exactly. Disabling power management ensures that the Wi-Fi adapter remains active, maintains its network link, and does not arbitrarily power down, thereby preventing recurring disconnections.

Option C is correct because disabling power management on the adapter prevents Windows from shutting it off. Many business environments require continuous network connectivity for synchronization, cloud authentication, VPN persistence, or remote desktop stability. The CompTIA 220-1202 exam emphasizes understanding power management settings in Device Manager and their impact on connectivity. When power management becomes overly aggressive, network drops are common. Disabling this option keeps the adapter available even during low-power states, ensuring consistent performance.

Option A is incorrect because disabling the Wi-Fi adapter entirely would prevent the user from connecting to the network at all. This does not solve the issue, as the user needs continuous wireless functionality. This option represents a misunderstanding of the problem and would worsen the situation.

Option B is incorrect because uninstalling and reinstalling drivers does not address the underlying power management configuration. Driver corruption typically causes failures to detect networks, unstable connections, or complete inability to connect. However, in this case, the adapter connects normally but disconnects during power-saving states, indicating that drivers are functioning correctly. Reinstallation would not prevent Windows from powering down the adapter.

Option D is incorrect because hiding the SSID has nothing to do with power management or recurring disconnections. Hidden networks do not improve stability or prevent the adapter from shutting off. SSID visibility affects how devices discover networks, not how they stay connected once joined. Changing to a hidden SSID would have no impact on the root cause.

Thus, disabling power management in Device Manager is the proper corrective action. This preserves network connectivity across sleep transitions, prevents disconnections, and aligns with standard troubleshooting steps for intermittent Wi-Fi drops.

Q12. A user’s Windows profile becomes corrupted, causing errors when logging in such as a temporary profile being loaded instead of the user’s normal one. The technician determines that the user’s data is intact in the old profile folder but the registry entries associated with the profile are damaged. Which of the following is the best solution to return the user to a stable working environment while preserving their data

A) Delete all user data and create a new blank profile
B) Create a new user account and copy the old profile data to it
C) Reinstall Windows completely
D) Convert the account into a local guest account

Answer: B) Create a new user account and copy the old profile data to it

 Explanation:

User profile corruption is a well-known issue in Windows systems, typically caused by improper shutdowns, disk errors, failed updates, or registry corruption. When a corrupted profile loads as a temporary profile, users lose access to their regular desktop environment, documents, and customized settings. However, the underlying files usually remain intact in the old profile folder under C:\Users. The most reliable fix is to create a fresh user profile and manually migrate the user’s data into the new profile. This method avoids registry issues, eliminates corruption, and restores normal functionality while preserving documents, desktop files, application data, and user preferences.

Option B is correct because creating a new account generates a new registry profile with no corruption. Afterward, copying data such as Documents, Desktop, Pictures, and application support files from the old profile ensures continuity for the user. This approach is widely recommended in CompTIA A+ because it avoids unnecessary system-wide changes, is relatively fast, and targets the root cause: corrupted registry entries that Windows uses to load profiles. The new profile will be clean and error-free, and migrating data preserves the user’s environment.

Option A is incorrect because deleting user data is unnecessary and counterproductive. The scenario explicitly states that the user’s data is intact. There is no reason to remove it, and doing so would result in data loss, violating best practices. Creating a blank profile without transferring data would disrupt productivity and cause serious complications.

Option C is incorrect because reinstalling Windows is far too drastic for a corrupted user profile. This measure should be reserved for catastrophic system corruption or malware infection. Reinstallation requires significant downtime, application reinstalls, data backups, and system reconfiguration. In this case, the problem is isolated to a single user profile, not the core operating system.

Option D is incorrect because converting the profile to a guest account would remove privileges, prevent access to applications, and alter system behavior significantly. It does nothing to repair corruption. Guest accounts are highly restricted and are not intended for regular use. This option introduces more problems without solving the primary issue.

Therefore, the best practice is to create a new user account and migrate the old profile’s data, restoring full functionality without data loss.

Q13. A user on a shared workstation complains that installed software has disappeared, documents are missing, and their customized desktop layout resets every time they log off. The technician observes that the system is configured with a mandatory profile applied through Group Policy. Which of the following best explains the user’s issue?
A) Roaming profiles overwrite local profiles with server data
B) Mandatory profiles reset all user changes upon logoff
C) Local profiles are corrupted and need to be rebuilt
D) Temporary profiles are used when the system lacks memory

 Answer: B) Mandatory profiles reset all user changes upon logoff

 Explanation:

Mandatory profiles are used in controlled environments such as schools, training centers, libraries, and certain corporate settings where administrators need predictable user environments. These profiles load a predefined desktop and do not save any changes users make. When the user logs off, Windows discards modifications to files, settings, and application configurations. This ensures a clean environment for the next user and prevents unauthorized personalization or software installation.

Option B is correct because mandatory profiles are specifically designed to prevent changes from persisting. This matches the symptoms: missing documents, lost desktop customizations, and software disappearing. The behavior is intentional. Mandatory profiles load from a central template stored on a server. When users log off, any modifications are deleted, ensuring consistency and security.

Option A is incorrect because roaming profiles synchronize changes between the workstation and the server, preserving user data and settings. Roaming profiles do not reset environments; they replicate them across multiple machines. Roaming profiles behave opposite to what the scenario describes.

Option C is incorrect because profile corruption usually causes errors, inability to load, loading of temporary profiles, or missing settings—yet the scenario clearly describes a controlled environment where the system intentionally resets changes. This is by design, not corruption.

Option D is incorrect because temporary profiles occur only when the user’s real profile cannot load. They do not intentionally reset settings across multiple logins as part of a policy. Temporary profiles also generate error messages that are not mentioned here.

Thus, the issue stems from the intentional behavior of mandatory profiles.

Q14. A user reports that their laptop frequently overheats and shuts down during video calls or while using productivity applications. The technician notices that the laptop feels unusually warm even when idle. Task Manager indicates low CPU usage, but the laptop fan runs constantly at high speed. Dust buildup is suspected. Which of the following is the most effective first step to resolve the overheating issue?

A) Replace the motherboard
B) Clean internal fans and cooling vents
C) Increase paging file size
D) Replace the laptop display

Answer: B) Clean internal fans and cooling vents

Explanation:
Thermal management is critical for laptop performance and longevity. Dust accumulation in heatsinks, cooling fins, and fans restricts airflow and prevents heat dissipation. This causes the system to run hotter, spin fans aggressively, and ultimately shut down to protect the CPU and GPU. Users often report symptoms such as unexpected shutdowns, overheating during light tasks, and constant fan noise. Cleaning dust and debris from internal cooling components is the most effective first step.

Option B is correct because removing dust allows air to flow through the system properly. This restores cooling efficiency, reduces thermal throttling, and prevents hardware damage. CompTIA A+ emphasizes the importance of environmental maintenance for thermal stability. Laptops frequently accumulate dust in vents, especially when used on soft surfaces. Cleaning fans, vents, and heatsinks often dramatically reduces operating temperatures.

Option A is incorrect because motherboard replacement is unnecessary unless there is physical damage or electrical failure. Overheating is almost always caused by airflow obstruction or failing cooling systems, not motherboard defects. Replacing the motherboard is an expensive and unwarranted step.

Option C is incorrect because paging file size affects virtual memory, not thermal management. Changing virtual memory cannot influence hardware temperatures or airflow.

Option D is incorrect because the laptop display does not affect CPU temperature or cooling performance. The display has no relationship to thermal shutdowns. Replacing it would waste time and resources.

Thus, cleaning the fans and vents is the correct action to reduce overheating and restore proper operation.

Q15. A technician receives a complaint that a computer displays a “Boot device not found” message. The user states that the system worked normally the day before. Upon inspection, the technician sees that the BIOS no longer detects the primary hard drive. Power cables and SATA cables appear connected. Which of the following is the most likely cause?

A) The operating system needs reinstallation
B) The hard drive has failed
C) The user accidentally changed the desktop resolution
D) The keyboard driver is missing

 Answer: B) The hard drive has failed

 Explanation:

 When the BIOS or UEFI firmware cannot detect a drive, the issue is almost always hardware-related. If SATA cables and power connectors are attached properly, sudden nondetection strongly suggests failure of the drive’s electronics, controller board, or internal mechanics. Hard drives—especially older mechanical ones—can fail without warning due to wear, shock, heat, or power fluctuations. SSDs may fail due to NAND degradation or controller failure. When a drive fails at the hardware level, the BIOS cannot identify it, preventing the system from booting.

Option B is correct because nondetection at the BIOS level indicates drive failure. Operating system issues do not affect BIOS detection. A Windows corruption issue would still allow the BIOS to detect the drive; it would simply result in OS loading errors, not hardware nondetection. The symptom described—drive missing in BIOS—is a textbook sign of drive failure.

Option A is incorrect because reinstalling the operating system is impossible if the BIOS does not detect a boot device. OS problems occur after BIOS detection, not before it. The BIOS not seeing the drive removes the possibility of OS corruption being the cause.

Option C is incorrect because desktop resolution has no bearing on boot processes or drive detection. Resolution settings only affect video display once the OS loads. They cannot cause BIOS to lose visibility of storage devices.

Option D is incorrect because keyboard drivers load only after the OS begins booting. Missing drivers do not affect BIOS-level hardware detection. BIOS uses its own drivers, not Windows drivers.

Thus, the most likely cause is a failed hard drive that must be replaced to restore system functionality.

Q16. A technician receives a work order stating that several users cannot access a shared network folder that they were able to use the previous day. The technician verifies that the network is functioning, the server is online, and the share is visible, but users receive an access denied message. Which of the following is the MOST likely cause?

A) Incorrect NTFS permissions
B) Hardware failure on the server
C) Network cable unplugged
D) Incorrect DNS records

Answer: A) Incorrect NTFS permissions

Explanation:

 Option A: incorrect NTFS permissions, is the most likely cause when users can see a shared folder but cannot access it despite the network being functional and the server being online. When a technician receives a report that users previously had access to a shared location and now suddenly cannot open files or enter the folder, the situation strongly indicates a change in access control. NTFS permissions determine who can read, write, modify, or access files and folders stored on an NTFS-formatted volume. Even if share permissions are appropriately configured, NTFS permissions can override them, making it possible for users to see the folder but still be denied access.

NTFS permissions can change for many reasons, such as accidental administrator modification, group membership changes, or inheritance being disabled. Another common cause is when a system admin alters permissions on the parent directory without realizing those changes cascade down into child folders. Since the technician confirmed the folder is visible and the server is working normally, this eliminates issues with network communication, server availability, or missing shares. Therefore, the issue aligns closely with an NTFS permission misconfiguration. This type of problem can be resolved by verifying user groups, checking the effective permissions tab, and ensuring the appropriate access rules are correctly applied at both the folder and file levels.

Option B: hardware failure on the server, would cause broader, more severe problems than simply restricted access. If there were a hardware failure such as a failed hard drive, memory module, or power supply component, users would likely be unable to see the server at all or the server would be unresponsive. In many cases, a hardware failure results in outages, reboots, or total downtime. Because the scenario specifically states that the server is online, accessible, and displaying the shared folder, a hardware failure is improbable. Hardware issues do not selectively block access for specific users or groups while leaving the system otherwise functional.

Option C: network cable unplugged, would prevent access to the server entirely. If a server network cable were unplugged, the technician would not be able to verify that the server is online from the network. Users would not be able to see the shared folder in the first place, let alone receive an access denied message. An unplugged cable would cause a total loss of network communication, not a permissions-based denial. Even if a user cable were unplugged, the issue would affect only one user, not multiple users simultaneously.

Option D: incorrect DNS records, could cause name resolution failures, but again, this would prevent users from locating the server by hostname. The users would not be able to see the shared folder at all. DNS errors manifest as the server name not being resolvable, leading to network path not found errors, rather than access denied messages. Because the folder is visible, DNS is resolving properly and therefore cannot be the cause of the issue.

Q17. A user reports that their browser homepage has changed, they are seeing multiple unwanted pop-up advertisements, and the system is running noticeably slower. Which of the following is the MOST likely cause of this behavior?

A) Browser hijacker
B) Ransomware
C) Hardware malfunction
D) Incorrect proxy settings

Answer: A) Browser hijacker

Explanation

Option A: browser hijacker, best explains a situation in which a user’s homepage changes without permission, unwanted pop-up ads appear, and the computer performance decreases. Browser hijackers are a common form of potentially unwanted programs or malware designed to redirect users to specific sites, inject advertisements, and modify browser settings such as default search engines, homepages, or toolbars. These changes occur without user consent and are typically introduced via bundled software, phishing emails, or malicious downloads.

Browser hijackers often install additional components that run in the background, causing the system to slow down. They may inject tracking scripts or load multiple processes that consume CPU and memory resources. The presence of persistent pop-ups strongly supports the conclusion that adware-type malware has been installed. The combination of performance degradation plus unauthorized changes to browser configuration aligns directly with browser hijacking. Removing such malware usually involves running reputable antimalware tools, resetting browser settings, and ensuring malicious extensions or startup processes are removed.

Option B: ransomware, is unlikely because ransomware typically encrypts files, locks users out of their systems, and demands payment for decryption. While some ransomware variants may display pop-ups, they are usually explicit ransom notes, not general advertisements. Ransomware also does not typically change browser homepages or cause random ad injections. The symptoms described do not indicate encrypted files or access restrictions, therefore ransomware is not consistent with the scenario.

Option C: hardware malfunction, such as a failing hard drive or overheating CPU, could cause a system slowdown, but it would not result in browser homepage changes or pop-up ads. Hardware issues manifest as crashes, unexpected reboots, loud noises, or BIOS warnings. They do not spontaneously reconfigure browser settings. Pop-up ads are clearly tied to software-based compromises, not physical hardware failures.

Option D: incorrect proxy settings, could cause browsing issues such as failure to reach sites or unexpected routing of traffic, but proxy settings do not produce system-wide pop-up advertisements or homepage modifications. While malicious software can change proxy settings to route traffic through malicious servers, the hallmark symptoms in this scenario—pop-ups, hijacked homepage, slow performance—point much more strongly to a browser hijacker than to a proxy misconfiguration alone.

Q18. A technician is called to assist a user whose laptop is failing to complete the boot process. The system powers on, displays the manufacturer logo, but then shows a message stating “Operating System Not Found.” Which of the following is the MOST likely cause?

A) Misconfigured BIOS boot order
B) Failed GPU
C) Network adapter conflict
D) Printer driver corruption

Answer: A) Misconfigured BIOS boot order

Explanation:

Option A: misconfigured BIOS boot order, is the most likely cause of an “Operating System Not Found” message immediately after the system BIOS screen. This error occurs when the BIOS cannot locate a bootable device containing a valid operating system. If the boot order has been changed—perhaps due to a Windows update, BIOS reset, external device insertion, or accidental modification—the laptop may attempt to boot from a non-existent or unbootable device such as a USB stick, network boot option, or an empty optical drive.

A misconfigured boot order is remarkably common after BIOS updates or when users connect removable drives. In such a case, the technician can resolve the issue by entering BIOS/UEFI settings, ensuring that the internal hard drive or SSD is set as the primary boot device, and saving the updated configuration. If the drive is functional and contains a valid operating system, correcting the boot order will restore normal startup.

Option B: failed GPU, would cause display issues, graphical artifacts, or no video output. A bad GPU does not change BIOS device priorities or prevent the operating system from being found. Since the system displays a clear error message and shows the manufacturer logo, the GPU is functioning well enough to render the display. Therefore, this option does not match the symptoms.

Option C: network adapter conflict, would not cause an “Operating System Not Found” message. Network conflicts can affect connectivity, DHCP addresses, or access to resources, but do not interfere with the system boot process unless PXE boot was incorrectly prioritized. Even then, the BIOS would typically show a PXE boot failure message, not the generic OS not found error. Because network conflicts happen after the OS loads, they cannot be the root cause here.

Option D: printer driver corruption, has no relationship to system boot. Printer drivers operate within the operating system and cannot interfere with BIOS-level device detection. The OS must load before printer drivers can even execute. Thus, printer driver corruption cannot cause this error.

Q19. A user reports that their laptop intermittently disconnects from the corporate Wi-Fi network, but only when moving between conference rooms. The signal appears strong, and other users do not experience the issue. Which of the following is the MOST likely cause?

A) Roaming aggressiveness misconfiguration
B) Incorrect time zone setting
C) Printer spooler service stopped
D) Dead CMOS battery

Answer: A) Roaming aggressiveness misconfiguration

Explanation:

Option A: roaming aggressiveness misconfiguration, is the most likely cause when a laptop loses Wi-Fi connection while transitioning between wireless access point coverage areas. Roaming aggressiveness determines how readily a device decides to disconnect from one access point and connect to another with a stronger signal. If roaming aggressiveness is set too low, the device may cling to a weakening access point instead of switching to a closer one, causing temporary disconnections. If set too high, the laptop may switch too frequently, resulting in instability.

Corporate environments with multiple APs rely on proper roaming behavior to ensure seamless mobility. Because the problem occurs specifically when the user is moving between rooms, the root cause almost certainly relates to AP handoff behavior. Other users do not experience the problem, which points to a configuration issue on this device rather than a network-wide fault. Adjusting the roaming aggressiveness in the wireless adapter properties typically resolves this type of issue.

Option B: incorrect time zone setting, could cause issues with authentication in some environments, especially if time drift affects Kerberos or certificate validation. However, this would cause consistent connection failures, not intermittent drops tied to physical movement between rooms. Time zone discrepancies would not be dependent on walking between APs.

Option C: printer spooler service stopped, has no connection to wireless connectivity. This would simply prevent the user from printing, not from roaming between wireless APs. The symptoms have nothing to do with printing functions.

Option D: dead CMOS battery, can cause BIOS time resets, boot warnings, or lost BIOS settings, but not intermittent wireless drops that occur only while moving. A dead CMOS battery has no relationship to Wi-Fi access point roaming behavior.

Q20. A technician is preparing a workstation for a new employee who will handle sensitive financial data. The organization requires encryption of all data on the system. Which of the following solutions BEST meets this requirement?

A) Full-disk encryption
B) Screensaver password
C) Hidden folders
D) Disabling USB ports

Answer: A) Full-disk encryption

Explanation:

 Option A: full-disk encryption, is the best solution when an organization requires protection of all data on a workstation, especially sensitive financial information. Full-disk encryption (FDE) ensures that all data stored on the drive is protected, including operating system files, temporary files, user data, cached information, and system hibernation files. Even if the device is lost, stolen, or physically accessed by an unauthorized person, the encrypted data remains unreadable without the proper key.

The advantage of FDE is that it encrypts everything automatically without relying on users to manually secure specific files or folders. Solutions like BitLocker for Windows or FileVault for macOS integrate at the system level and enforce encryption before the operating system loads. This prevents offline attacks, bootable USB data extraction, and unauthorized disk mounting on another device. Organizations working with financial data must comply with strict regulations, making full-disk encryption the industry-standard choice. FDE mitigates risks of data theft, protects confidentiality, and satisfies most organizational security policies and compliance requirements.

Option B: screensaver password, only protects the system while it is running and temporarily unattended. It does not encrypt any data, and a malicious actor can bypass it by removing the drive and reading data directly. Screensaver passwords are considered a basic security measure but do not meet requirements for protecting sensitive information at rest.

Option C: hidden folders, provide no real security. Hidden files are merely concealed from casual viewing and can be easily revealed using simple file manager settings. Hidden attributes do not protect files from unauthorized access, nor do they provide encryption or compliance-level protection.

Option D: disabling USB ports, may prevent unauthorized copying of files to removable media, but it does not protect data stored on the workstation. USB port control is useful as an additional security measure but cannot replace encryption. Data could still be accessed if the system is stolen, and disabling USB ports has no connection to regulatory data protection requirements.