CompTIA 220-1102 A+ Certification Exam: Core 2 Dumps and Practice Test Questions Set 7 Q121-140

Visit here for our full CompTIA 220-1102 exam dumps and practice test questions.

Question 121

A company wants to enforce centralized management of Windows firewall rules across all endpoints, including blocking unapproved inbound and outbound traffic, logging violations, and ensuring policies are automatically applied to all domain-joined devices. Which solution BEST fulfills this requirement?

A) Group Policy Windows Firewall with Advanced Security
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Group Policy Windows Firewall with Advanced Security

Explanation:

A) Group Policy Windows Firewall with Advanced Security allows administrators to centrally configure firewall rules for all domain-joined Windows endpoints. Administrators can define inbound and outbound rules based on application, port, protocol, IP address, or user context, ensuring granular control over network traffic. Rules are automatically applied via Group Policy, providing consistency and reducing administrative errors. Logging capabilities capture blocked and allowed traffic, supporting auditing, compliance reporting, and forensic investigation. Integration with Active Directory ensures that policies propagate to all relevant devices, maintaining enterprise-wide enforcement. Advanced Security provides additional configuration options, including connection security rules (IPsec), rule scoping, and profile-based enforcement (domain, private, public networks). Centralized management enables rapid response to threats, minimizes attack surfaces, and ensures compliance with regulatory requirements. By combining automated rule deployment, detailed logging, and centralized control, organizations achieve both operational security and enterprise-wide compliance.

B) Sticky Keys is an accessibility feature and cannot enforce firewall rules, block traffic, or generate logs. It provides no enterprise security functionality.

C) Paint is a graphics application and cannot manage network traffic, enforce rules, or log firewall events. It provides no security or compliance capabilities.

D) Windows Calculator performs arithmetic operations and cannot configure or enforce firewall rules, nor log network traffic. It provides no enterprise security functionality.

Group Policy Windows Firewall with Advanced Security is correct because it centrally enforces traffic rules, logs network events, and ensures enterprise-wide protection and compliance.

Question 122

A company wants to enforce automatic encryption of all removable drives on Windows endpoints, store encryption keys securely, and allow centralized recovery of encrypted drives if users forget credentials. Which solution BEST meets these requirements?

A) BitLocker To Go with Active Directory recovery key integration
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) BitLocker To Go with Active Directory recovery key integration

Explanation

A) BitLocker To Go provides full-volume encryption for removable drives such as USB sticks or external hard drives. TPM integration is not required for removable drives, but keys can be protected by passwords or smart cards. Active Directory integration allows storage of recovery keys centrally, enabling administrators to unlock drives if users forget their passwords. This ensures data remains secure while maintaining business continuity. Policies can be deployed via Group Policy to automatically encrypt new removable drives as they are inserted, preventing unencrypted data transfer. Logging captures encryption and recovery activity for auditing and compliance purposes. By enforcing encryption automatically, organizations mitigate risks associated with lost or stolen removable storage, prevent unauthorized access to sensitive data, and maintain enterprise-wide compliance with security standards. BitLocker To Go ensures data confidentiality without relying on user action, providing both security and operational efficiency.

B) Sticky Keys is an accessibility feature and cannot encrypt removable drives, store recovery keys, or enforce policies. It provides no data protection or compliance capability.

C) Paint is a graphics application and cannot manage encryption, keys, or recovery. It provides no enterprise-level security or compliance functionality.

D) Windows Calculator performs arithmetic operations and cannot encrypt removable drives, manage recovery keys, or enforce policies. It provides no data security capabilities.

BitLocker To Go with Active Directory recovery key integration is correct because it automatically encrypts removable storage, provides secure key management, enables centralized recovery, and ensures compliance and enterprise-wide data protection.

Question 123

A company wants to prevent execution of unapproved scripts and PowerShell commands on Windows endpoints while maintaining logs of blocked and allowed activity for auditing and compliance. Which solution BEST fulfills this requirement?

A) PowerShell Constrained Language Mode with AppLocker or Group Policy execution restrictions
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) PowerShell Constrained Language Mode with AppLocker or Group Policy execution restrictions

Explanation:

A) PowerShell Constrained Language Mode restricts which commands and scripts can be executed by users, limiting the ability to invoke sensitive or potentially malicious operations. When combined with AppLocker or Group Policy execution restrictions, administrators can whitelist approved scripts and block unauthorized ones. All execution attempts, whether allowed or denied, can be logged for auditing, compliance, and forensic investigation. Centralized enforcement via Group Policy ensures that these restrictions are applied consistently across all domain-joined endpoints. By restricting unapproved PowerShell activity and logging attempts, organizations reduce the risk of malware execution, insider threats, and accidental misconfigurations. Detailed logging provides a record of attempted activity, supporting compliance with regulatory frameworks and internal security policies. This solution allows organizations to maintain operational control while enforcing security policies across all endpoints.

B) Sticky Keys is an accessibility feature and cannot restrict script execution, enforce policies, or generate audit logs. It provides no security or compliance functionality.

C) Paint is a graphics application and cannot enforce PowerShell restrictions, block commands, or generate execution logs. It provides no enterprise-level security or auditing capability.

D) Windows Calculator performs arithmetic operations and cannot restrict scripts, enforce execution policies, or log activity. It offers no protection against unauthorized script execution.

PowerShell Constrained Language Mode with AppLocker or Group Policy execution restrictions is correct because it limits unapproved script execution, enforces enterprise policies centrally, logs all activity for compliance, and mitigates the risk of malware or unauthorized automation.

Question 124

A company wants to monitor Windows endpoints for suspicious or abnormal user activity, including failed logins, privilege escalations, and unexpected application launches. Logs must be forwarded securely to a SIEM for correlation, alerting, and auditing. Which solution BEST meets this requirement?

A) Windows Event Forwarding (WEF) with SIEM integration
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Windows Event Forwarding (WEF) with SIEM integration

Explanation:

A) Windows Event Forwarding (WEF) allows endpoint logs, including security, system, and application events, to be transmitted securely to a centralized collector or SIEM. Encryption ensures log integrity and confidentiality during transit. Administrators can configure WEF subscriptions to forward only relevant events such as failed logins, privilege escalation attempts, and suspicious application launches, reducing noise while focusing on actionable data. Centralized collection enables real-time correlation, alerting, and reporting, facilitating rapid detection and response to security incidents. Detailed logging supports forensic investigations, compliance reporting, and internal audits. WEF scales to large enterprise environments and integrates seamlessly with SIEM platforms for advanced analytics. This solution provides visibility into abnormal or malicious user activity while maintaining centralized control, secure transmission, and compliance readiness.

B) Sticky Keys is an accessibility feature and cannot capture logs, forward events, or provide monitoring for suspicious activity. It provides no enterprise security functionality.

C) Paint is a graphics program and cannot log events, analyze user activity, or integrate with SIEM. It provides no security monitoring or compliance capability.

D) Windows Calculator performs arithmetic operations and cannot collect or transmit logs, provide alerts, or detect abnormal activity. It provides no enterprise-level monitoring functionality.

Windows Event Forwarding with SIEM integration is correct because it securely collects and transmits logs, filters relevant events, supports real-time alerting, and provides centralized visibility and auditing for suspicious user activity.

Question 125

A company wants to prevent malware propagation via removable storage, allow only authorized USB devices, centrally enforce policies, and log all blocked attempts for compliance purposes. Which solution BEST meets this requirement?

A) Group Policy Device Installation Restrictions
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Group Policy Device Installation Restrictions

Explanation:

A) Group Policy Device Installation Restrictions allows administrators to define which removable devices are approved on Windows endpoints. Unauthorized devices are automatically blocked, preventing malware, ransomware, and unauthorized data transfer. Centralized management via Active Directory ensures that policies are consistently enforced across all domain-joined devices. Detailed logging captures all blocked attempts, providing audit trails for compliance reporting, forensic investigations, and regulatory audits. Policies can target devices by hardware ID, vendor ID, or device type, offering granular control over removable media. This solution balances operational needs by allowing approved devices while mitigating risks from untrusted storage. Automatic enforcement, centralized management, and comprehensive logging make this solution effective for enterprise malware prevention and compliance. By restricting unauthorized removable devices and maintaining visibility into all attempted access, organizations reduce attack surfaces and ensure enterprise-wide security and regulatory compliance.

B) Sticky Keys is an accessibility tool and cannot restrict USB devices, block malware, or generate logs. It provides no enterprise-level security or compliance functionality.

C) Paint is a graphics application and cannot enforce device restrictions, prevent malware propagation, or provide auditing. It provides no security functionality.

D) Windows Calculator performs arithmetic operations and cannot manage removable storage, enforce policies, or log events. It offers no protection or compliance capabilities.

Group Policy Device Installation Restrictions is correct because it automatically blocks unauthorized devices, enforces centralized policies, logs all attempts, and ensures enterprise-wide protection against malware and regulatory compliance violations.

Question 126

A company wants to centrally enforce disk encryption on all Windows endpoints, ensure that encryption keys are stored securely in hardware, and enable recovery of encrypted drives in case of lost credentials. Which solution BEST meets this requirement?

A) BitLocker with TPM and Active Directory recovery key integration
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) BitLocker with TPM and Active Directory recovery key integration

Explanation:

A) BitLocker provides full-volume encryption for system and data drives, protecting sensitive information from unauthorized access even if the device is lost or stolen. TPM (Trusted Platform Module) integration ensures that encryption keys are stored securely in hardware, preventing extraction of keys by attackers. Additional authentication mechanisms such as PINs, passwords, or startup keys provide layered security. Integration with Active Directory enables centralized recovery key storage, allowing administrators to unlock drives if users forget their credentials. Policies can be deployed via Group Policy to enforce automatic encryption across all domain-joined devices, ensuring consistent security across the enterprise. Logging captures encryption and recovery activities, supporting compliance reporting, audits, and forensic investigations. BitLocker with TPM and Active Directory integration ensures enterprise-wide data protection, operational continuity, and regulatory compliance by combining strong encryption, secure key storage, and centralized management.

B) Sticky Keys is an accessibility tool and cannot encrypt disks, store keys, or enforce encryption policies. It provides no data security or compliance functionality.

C) Paint is a graphics application and cannot manage encryption, recovery keys, or enforce security policies. It provides no enterprise-level data protection.

D) Windows Calculator performs arithmetic operations and cannot encrypt drives, manage keys, or enforce security policies. It provides no protection for sensitive data.

BitLocker with TPM and Active Directory recovery key integration is correct because it ensures full-disk encryption, secures keys in hardware, enables centralized recovery, and enforces enterprise-wide compliance and protection of sensitive data.

Question 127

A company wants to monitor PowerShell activity on Windows endpoints, including executed commands, loaded modules, and scripts. Logs must be forwarded securely to a SIEM for real-time correlation, alerting, and compliance. Which solution BEST meets these requirements?

A) PowerShell Script Block Logging and Module Logging with Event Forwarding
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) PowerShell Script Block Logging and Module Logging with Event Forwarding

Explanation:

A) PowerShell Script Block Logging captures the full content of executed scripts, including dynamically generated or inline commands. Module Logging records all commands executed within specific PowerShell modules. Event Forwarding securely transmits these logs to a centralized SIEM, enabling real-time monitoring, correlation, and alerting. Centralized collection ensures that all enterprise endpoints are monitored consistently, providing visibility into administrative or potentially malicious activity. Logging includes user context, execution time, script paths, and module information, supporting forensic investigation, compliance reporting, and detection of unauthorized automation. By combining Script Block Logging, Module Logging, and Event Forwarding, administrators can detect suspicious or unauthorized activity, enforce security policies, and maintain compliance across the organization. This approach provides comprehensive monitoring, enhances threat detection, and supports audit readiness.

B) Sticky Keys is an accessibility feature and cannot monitor PowerShell commands, log script activity, or forward events to a SIEM. It provides no security monitoring capability.

C) Paint is a graphics program and cannot track PowerShell activity, generate logs, or integrate with a SIEM. It provides no investigative or auditing functionality.

D) Windows Calculator performs arithmetic operations and cannot capture scripts, commands, or modules, nor forward logs for analysis. It provides no enterprise-level monitoring or compliance capability.

PowerShell Script Block Logging and Module Logging with Event Forwarding is correct because it provides detailed visibility into PowerShell activity, securely forwards logs to a SIEM, supports real-time alerting, and ensures enterprise-wide auditing and compliance.

Question 128

A company wants to prevent execution of unapproved applications and scripts on Windows endpoints while maintaining audit logs of blocked and allowed activity for compliance. Which solution BEST meets this requirement?

A) AppLocker with Group Policy integration
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) AppLocker with Group Policy integration

Explanation:

A) AppLocker allows administrators to define rules that control execution of applications, scripts, and installers based on publisher, file path, or cryptographic hash. Integration with Group Policy ensures rules are automatically enforced across all domain-joined devices, providing consistency and enterprise-wide coverage. AppLocker logs all execution attempts, whether allowed or blocked, providing a complete audit trail for compliance reporting and forensic analysis. By restricting unapproved applications and scripts, AppLocker mitigates malware execution, insider threats, and policy violations. Multiple rule collections enable granular control over executables, scripts, Windows Installer files, and packaged applications. Centralized policy deployment reduces manual configuration and ensures consistent enforcement across the organization. This combination of centralized management, automatic enforcement, and detailed logging supports both operational security and regulatory compliance.

B) Sticky Keys is an accessibility feature and cannot enforce application restrictions, block execution, or generate audit logs. It provides no security or compliance capability.

C) Paint is a graphics application and cannot manage execution policies, enforce whitelists, or generate logs. It provides no enterprise-level security functionality.

D) Windows Calculator performs arithmetic operations and cannot restrict application execution or maintain logs. It offers no compliance or security enforcement.

AppLocker with Group Policy integration is correct because it enforces execution rules centrally, blocks unauthorized applications, logs all activity for auditing, and ensures enterprise-wide compliance.

Question 129

A company wants to ensure centralized logging of all Windows endpoint events, including security, system, and application logs. Logs must be encrypted in transit, filtered for relevant events, and forwarded to a SIEM for real-time alerting and compliance reporting. Which solution BEST meets this requirement?

A) Windows Event Forwarding (WEF) with SIEM integration
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Windows Event Forwarding (WEF) with SIEM integration

Explanation:

A) Windows Event Forwarding allows centralized collection of event logs from multiple endpoints. WEF supports encryption via HTTPS or Kerberos, ensuring log integrity and confidentiality during transmission. Administrators can configure subscriptions to forward only relevant events, such as failed logins, privilege escalations, or critical application errors, reducing data noise. Centralized collection enables integration with SIEM platforms for real-time correlation, alerting, and compliance reporting. WEF scales to enterprise environments with thousands of devices while maintaining audit trails for forensic investigation and regulatory compliance. This approach provides complete visibility into system, security, and application activity across all endpoints. By combining secure transmission, filtering, SIEM integration, and detailed logging, WEF ensures enterprise-wide monitoring, rapid detection of anomalies, and compliance readiness.

B) Sticky Keys is an accessibility feature and cannot forward logs, filter events, or integrate with SIEM. It provides no security monitoring or compliance functionality.

C) Paint is a graphics program and cannot capture, transmit, or filter logs. It provides no centralized monitoring or auditing capability.

D) Windows Calculator performs arithmetic operations and cannot manage logs, provide encryption, or integrate with SIEM. It offers no enterprise-level monitoring or compliance capability.

Windows Event Forwarding with SIEM integration is correct because it securely forwards relevant logs, supports filtering, enables real-time alerting, and provides centralized visibility for auditing and compliance.

Question 130

A company wants to prevent malware propagation via removable USB devices while allowing only authorized devices. Enforcement must be automatic, centrally managed, and all blocked attempts logged for auditing and regulatory compliance. Which solution BEST meets this requirement?

A) Group Policy Device Installation Restrictions
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Group Policy Device Installation Restrictions

Explanation:

A) Group Policy Device Installation Restrictions allows administrators to define which removable devices are approved on Windows endpoints. Unauthorized devices are automatically blocked, preventing malware, ransomware, and unauthorized data exfiltration. Centralized enforcement via Active Directory ensures that policies are consistently applied across all domain-joined devices. Detailed logs capture all blocked device attempts, supporting forensic investigations, compliance reporting, and regulatory audits. Policies can be defined by hardware ID, vendor ID, or device type, enabling granular control over removable storage. This solution balances operational flexibility by allowing approved devices while mitigating risks from untrusted media. Automatic enforcement, centralized management, and comprehensive logging ensure enterprise-wide protection against malware propagation. By maintaining visibility into all blocked attempts, organizations reduce attack surfaces, enforce regulatory compliance, and protect sensitive data.

B) Sticky Keys is an accessibility feature and cannot restrict USB devices, block malware, or generate logs. It provides no enterprise-level security or compliance functionality.

C) Paint is a graphics application and cannot enforce device restrictions, prevent malware propagation, or provide audit trails. It provides no security or compliance capability.

D) Windows Calculator performs arithmetic operations and cannot manage removable storage, enforce policies, or log activity. It offers no enterprise-level malware protection or regulatory compliance support.

Group Policy Device Installation Restrictions is correct because it blocks unauthorized removable devices, centrally enforces policies, logs all attempts, and ensures enterprise-wide protection and compliance.

Question 131

A company wants to enforce real-time monitoring of Windows endpoints to detect high CPU, memory, disk, or network usage. Administrators must be able to identify resource-intensive processes, correlate network connections, and generate reports for troubleshooting and forensic investigation. Which tool BEST meets these requirements?

A) Resource Monitor
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Resource Monitor

Explanation:

A) Resource Monitor is a built-in Windows tool providing detailed, real-time monitoring of system resources, including CPU, memory, disk I/O, and network activity. It allows administrators to identify resource-intensive processes, view associated threads, services, and handles, and correlate CPU or memory usage with network activity. Network monitoring features include analysis of TCP connections, listening ports, bandwidth utilization, and process-to-network correlations, which are critical for detecting anomalies or suspicious activity. Filtering capabilities allow targeted analysis for troubleshooting specific applications or services. Resource Monitor integrates with Performance Monitor for historical data, trend analysis, capacity planning, and predictive resource management. Compared to Task Manager, Resource Monitor provides deeper insights, including disk queue lengths, I/O operations per process, memory allocation, and thread-level details. This granularity enables administrators to identify root causes of performance issues, detect potentially malicious processes, and maintain operational stability. Detailed reporting can be generated for forensic investigations, enabling administrators to document incidents and create audit trails.

B) Sticky Keys is an accessibility feature and cannot monitor system resources, analyze processes, correlate network activity, or generate reports. It provides no enterprise-level monitoring or investigative capabilities.

C) Paint is a graphics application and cannot track CPU, memory, disk, or network usage, nor correlate these metrics with processes. It provides no forensic or troubleshooting functionality.

D) Windows Calculator performs arithmetic operations and cannot monitor system resources or network activity. It provides no enterprise monitoring, reporting, or forensic capabilities.

Resource Monitor is correct because it provides detailed real-time monitoring of CPU, memory, disk, and network usage, supports process-to-network correlation, and allows comprehensive reporting for troubleshooting and forensic investigation.

Question 132

A company wants to enforce multi-factor authentication (MFA) for Windows endpoints accessing sensitive resources from untrusted networks. Policies must be centrally managed, adaptive to user risk and device compliance, and generate audit logs for compliance reporting. Which solution BEST fulfills this requirement?

A) Conditional Access Policies with MFA integrated into Active Directory
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Conditional Access Policies with MFA integrated into Active Directory

Explanation

A) Conditional Access Policies enforce authentication requirements based on contextual conditions, such as network location, device health, or user risk. By requiring MFA for access from untrusted networks, organizations mitigate risks from stolen credentials or compromised accounts. Integration with Active Directory ensures policies are automatically applied to all domain-joined devices, providing centralized management and enforcement. Logging of all access attempts, successful or failed, provides a complete audit trail for compliance reporting, forensic investigation, and internal review. Conditional Access supports adaptive security, adjusting MFA requirements dynamically based on user behavior, device posture, and risk levels, ensuring both security and operational efficiency. This approach reduces human error, ensures consistent enforcement across the enterprise, and provides visibility for regulatory compliance. By combining MFA, adaptive enforcement, centralized management, and audit logging, Conditional Access Policies protect sensitive resources while enabling real-time monitoring of authentication events.

B) Sticky Keys is an accessibility feature and cannot enforce MFA, monitor authentication events, or generate audit logs. It provides no security or compliance functionality.

C) Paint is a graphics application and cannot manage authentication policies, enforce MFA, or provide audit logging. It offers no enterprise security functionality.

D) Windows Calculator performs arithmetic operations and cannot enforce authentication policies or monitor access attempts. It provides no visibility into compliance or security events.

Conditional Access Policies with MFA integrated into Active Directory is correct because it enforces secure access based on risk, adapts dynamically to threats, provides centralized control, and generates audit logs for enterprise-wide compliance.

Question 133

A company wants to detect and prevent malware execution on Windows endpoints using application whitelisting, including monitoring blocked and allowed application execution for auditing and compliance. Which solution BEST meets this requirement?

A) AppLocker with Group Policy integration
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) AppLocker with Group Policy integration

Explanation:

A) AppLocker enables administrators to define rules that control which applications, scripts, and installers can run. Rules can be based on publisher signatures, file paths, or cryptographic hashes, providing granular control over allowed and disallowed software. Integration with Group Policy ensures these rules are automatically applied across all domain-joined devices, maintaining consistency across the enterprise. AppLocker logs all execution attempts, providing a detailed audit trail for compliance reporting, forensic investigation, and regulatory adherence. By enforcing application whitelisting, AppLocker mitigates malware execution, prevents unapproved software installation, and reduces insider threats. Multiple rule collections allow administrators to control executables, scripts, Windows Installer files, and packaged applications separately. Centralized deployment reduces manual effort, ensures enterprise-wide enforcement, and supports regulatory compliance and security policies. This combination of enforcement, logging, and central management ensures operational security, visibility, and compliance readiness across all Windows endpoints.

B) Sticky Keys is an accessibility feature and cannot restrict applications, enforce execution policies, or generate logs. It provides no enterprise-level security or compliance capability.

C) Paint is a graphics application and cannot control execution of software, enforce whitelists, or log events. It provides no enterprise-level security functionality.

D) Windows Calculator performs arithmetic operations and cannot restrict application execution, generate logs, or enforce policies. It provides no compliance or security capability.

AppLocker with Group Policy integration is correct because it centrally enforces application whitelisting, monitors allowed and blocked executions, generates audit logs, and ensures enterprise-wide malware protection and compliance.

Question 134

A company wants all Windows endpoint logs, including security, system, and application events, to be forwarded securely to a centralized SIEM. Logs must be filtered, encrypted during transit, and support real-time correlation, alerting, and auditing. Which solution BEST meets this requirement?

A) Windows Event Forwarding (WEF) with SIEM integration
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Windows Event Forwarding (WEF) with SIEM integration

Explanation:

A) Windows Event Forwarding allows centralized collection of logs from multiple Windows endpoints. Logs can be encrypted using HTTPS or Kerberos to ensure confidentiality and integrity. Administrators can configure subscriptions to forward only relevant events, such as failed logins, privilege escalations, or critical application errors, reducing noise while maintaining visibility into actionable events. Centralized collection enables SIEM integration, allowing real-time correlation, alerting, and compliance reporting. WEF scales to enterprise environments, supporting thousands of devices while providing detailed audit trails for forensic investigations, internal audits, and regulatory compliance. Secure transmission, event filtering, SIEM integration, and detailed logging enable organizations to maintain operational visibility, quickly detect threats, and ensure compliance with internal policies and external regulations. This solution provides a reliable and scalable mechanism for centralized monitoring of enterprise endpoints.

B) Sticky Keys is an accessibility feature and cannot forward logs, filter events, or integrate with a SIEM. It provides no security monitoring capability.

C) Paint is a graphics application and cannot capture, transmit, or filter logs. It provides no centralized monitoring or auditing functionality.

D) Windows Calculator performs arithmetic operations and cannot forward logs, provide encryption, or support real-time correlation. It provides no enterprise-level monitoring or compliance capability.

Windows Event Forwarding with SIEM integration is correct because it securely collects and transmits logs, filters events, supports real-time correlation and alerting, and ensures enterprise-wide visibility and audit readiness.

Question 135

A company wants to prevent malware propagation through removable USB storage while allowing only authorized devices. Enforcement must be automatic, centrally managed, and provide detailed logs for auditing and compliance purposes. Which solution BEST meets this requirement?

A) Group Policy Device Installation Restrictions
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Group Policy Device Installation Restrictions

Explanation

A) Group Policy Device Installation Restrictions allows administrators to define which removable devices are approved on Windows endpoints. Unauthorized devices are automatically blocked, preventing malware, ransomware, and unauthorized data exfiltration. Centralized enforcement via Active Directory ensures consistent application of policies across all domain-joined devices. Detailed logging captures all blocked attempts, providing audit trails for compliance reporting, regulatory audits, and forensic investigations. Policies can be targeted based on hardware ID, vendor ID, or device type, allowing granular control over removable storage. This solution ensures that only trusted removable devices can be used while mitigating risks from untrusted media. Automatic enforcement, centralized policy management, and comprehensive logging provide enterprise-wide protection and compliance. By monitoring blocked attempts, administrators gain visibility into attempted unauthorized access and can maintain security posture and regulatory compliance.

B) Sticky Keys is an accessibility feature and cannot restrict USB devices, block malware, or generate logs. It provides no enterprise security functionality.

C) Paint is a graphics application and cannot enforce removable storage restrictions, prevent malware propagation, or provide auditing. It provides no security or compliance functionality.

D) Windows Calculator performs arithmetic operations and cannot manage removable storage, enforce policies, or log events. It offers no enterprise-level malware protection or regulatory compliance support.

Group Policy Device Installation Restrictions is correct because it automatically blocks unauthorized removable devices, centrally enforces policies, logs all attempts, and ensures enterprise-wide protection and regulatory compliance.

Question 136

A company wants to enforce centralized monitoring and control of all Windows endpoint software installations, automatically detect unapproved applications, generate compliance reports, and allow automated remediation. Which solution BEST fulfills this requirement?

A) Microsoft Endpoint Configuration Manager (SCCM) Inventory and Compliance
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Microsoft Endpoint Configuration Manager (SCCM) Inventory and Compliance

Explanation:

A) Microsoft Endpoint Configuration Manager (SCCM) is designed for enterprise-scale endpoint management. It provides detailed inventory of installed software, hardware configurations, and system status across all domain-joined devices. Administrators can define approved applications and detect any unauthorized installations, which helps prevent security breaches and policy violations. SCCM can generate compliance reports automatically, giving administrators insight into which devices meet policy standards and which require remediation. Automated remediation can include uninstalling unapproved software, notifying users, or enforcing compliance rules without manual intervention. SCCM integrates with Active Directory for centralized policy application and ensures consistency across all endpoints. This combination of automated detection, centralized reporting, and remediation supports operational efficiency, regulatory compliance, and enterprise security by ensuring software inventory and compliance are always up-to-date.

B) Sticky Keys is an accessibility feature that cannot inventory software, enforce compliance, or generate reports. It provides no enterprise-level management or security capability.

C) Paint is a graphics program and cannot perform inventory management, detect unauthorized applications, or generate compliance reports. It provides no monitoring or remediation functionality.

D) Windows Calculator performs arithmetic operations and cannot monitor installed software, enforce policies, or generate reports. It provides no enterprise security or compliance functionality.

SCCM Inventory and Compliance is correct because it provides centralized visibility into installed software, automatically detects unauthorized applications, generates reports, and enables automated remediation across all endpoints, supporting enterprise-wide compliance and security.

Question 137

A company wants to enforce encryption on all Windows endpoints, store encryption keys in hardware, and allow recovery through centralized management while ensuring automated policy enforcement. Which solution BEST meets these requirements?

A) BitLocker with TPM and Active Directory recovery key integration
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) BitLocker with TPM and Active Directory recovery key integration

Explanation:

A) BitLocker provides full-disk encryption for both system and data drives, protecting sensitive information from unauthorized access. TPM integration ensures encryption keys are securely stored in hardware, preventing extraction even if the drive is removed. Additional authentication methods, such as PINs or USB keys, provide layered security. Centralized recovery through Active Directory allows administrators to unlock encrypted drives in case of forgotten credentials, ensuring business continuity. Policies can be deployed via Group Policy to automatically enforce encryption across all domain-joined endpoints, guaranteeing enterprise-wide compliance. Logging tracks encryption and recovery activities for audit and regulatory purposes. This solution combines strong encryption, hardware-based key security, centralized management, and automated enforcement, making it ideal for protecting sensitive enterprise data while maintaining operational efficiency and regulatory compliance.

B) Sticky Keys is an accessibility feature and cannot encrypt drives, store keys, or manage recovery. It provides no data protection or compliance functionality.

C) Paint is a graphics application and cannot perform encryption, key management, or policy enforcement. It provides no enterprise-level security capability.

D) Windows Calculator performs arithmetic operations and cannot encrypt drives, manage keys, or enforce policies. It provides no protection for sensitive data.

BitLocker with TPM and Active Directory recovery key integration is correct because it automatically encrypts drives, secures keys in hardware, allows centralized recovery, and enforces enterprise-wide policies to protect sensitive data.

Question 138

A company wants to monitor PowerShell activity on Windows endpoints, including executed commands, loaded modules, and scripts, and forward logs securely to a SIEM for real-time correlation, alerting, and compliance. Which solution BEST meets these requirements?

A) PowerShell Script Block Logging and Module Logging with Event Forwarding
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) PowerShell Script Block Logging and Module Logging with Event Forwarding

Explanation:

A) PowerShell Script Block Logging captures full content of all executed scripts, including inline and dynamically generated code. Module Logging records commands executed in specific PowerShell modules. Event Forwarding securely transmits logs to a centralized SIEM, enabling real-time monitoring, correlation, and alerting. Centralized collection ensures consistent monitoring across all endpoints and provides visibility into administrative or potentially malicious activity. Logs include user context, execution timestamps, script paths, and module information, which supports forensic investigations, compliance auditing, and detection of unauthorized automation. By combining Script Block Logging, Module Logging, and Event Forwarding, organizations can enforce monitoring policies, detect suspicious behavior, and maintain regulatory compliance while reducing risk of malware or insider threats.

B) Sticky Keys is an accessibility tool and cannot monitor PowerShell commands, log activity, or forward logs to a SIEM. It provides no security or compliance capability.

C) Paint is a graphics program and cannot track PowerShell activity, generate logs, or integrate with a SIEM. It provides no enterprise-level monitoring capability.

D) Windows Calculator performs arithmetic operations and cannot capture scripts, commands, or modules, nor forward logs for analysis. It provides no security or compliance functionality.

PowerShell Script Block Logging and Module Logging with Event Forwarding is correct because it provides detailed monitoring of PowerShell activity, forwards logs securely, supports real-time alerting, and maintains enterprise-wide auditing and compliance.

Question 139

A company wants to prevent execution of unapproved applications and scripts while maintaining logs of allowed and blocked activity for auditing and compliance. Which solution BEST fulfills this requirement?

A) AppLocker with Group Policy integration
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) AppLocker with Group Policy integration

Explanation:

A) AppLocker allows administrators to define rules that control execution of applications, scripts, and installers. Rules can be based on publisher, file path, or cryptographic hash. Integration with Group Policy ensures rules are automatically applied to all domain-joined endpoints, maintaining enterprise-wide consistency. AppLocker logs all execution attempts, whether allowed or blocked, supporting compliance auditing and forensic investigations. By restricting unapproved applications and scripts, AppLocker mitigates malware execution, insider threats, and policy violations. Rule collections can be applied separately to executables, scripts, Windows Installer files, and packaged applications, providing granular control. Centralized deployment reduces administrative effort and ensures consistent enforcement across the organization, supporting both operational security and regulatory compliance.

B) Sticky Keys is an accessibility feature and cannot enforce execution policies, restrict software, or generate logs. It provides no enterprise-level security or compliance capability.

C) Paint is a graphics application and cannot control software execution, enforce policies, or log activity. It provides no security or auditing capability.

D) Windows Calculator performs arithmetic operations and cannot restrict applications, generate logs, or enforce policies. It provides no compliance or security functionality.

AppLocker with Group Policy integration is correct because it enforces software restrictions centrally, logs allowed and blocked activity, and ensures enterprise-wide security and compliance.

Question 140

A company wants to prevent malware propagation via removable USB devices while allowing only authorized devices. Policies must be automatic, centrally managed, and provide detailed logs for auditing and compliance. Which solution BEST meets this requirement?

A) Group Policy Device Installation Restrictions
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Group Policy Device Installation Restrictions

Explanation:

A) Group Policy Device Installation Restrictions is a Windows feature that allows enterprise administrators to control which removable devices, such as USB storage drives, external hard drives, and other peripheral devices, can be installed and accessed on endpoint systems. By configuring this feature, organizations can enforce strict device usage policies that automatically block unauthorized devices while permitting only those that have been explicitly approved. This approach is particularly critical in mitigating risks associated with malware, ransomware, and unauthorized data exfiltration, which are common threats introduced through removable media.

The solution works by leveraging Active Directory and Group Policy Objects (GPOs) to centrally manage and enforce device installation policies across all domain-joined computers. Administrators can create rules based on device class, hardware ID, vendor ID, or product ID, allowing granular control over which devices are allowed and which are blocked. For example, a company might allow only USB drives issued by corporate IT while blocking all personal USB drives. This granular approach ensures operational flexibility without compromising security.

A major advantage of Group Policy Device Installation Restrictions is automation and consistency. Once policies are configured and deployed, they are automatically enforced on all applicable endpoints. Users attempting to connect unauthorized devices will be denied access immediately, reducing the potential for human error and preventing malware from spreading via removable media. Automated enforcement is crucial in large enterprises where manual monitoring of thousands of endpoints would be impractical.

Logging and auditing capabilities are another key benefit. Windows records all attempts to install or access blocked devices in the Event Log, providing detailed information about the device, the user, and the time of the attempt. This logging supports forensic investigation, allowing IT security teams to trace potential security incidents back to specific devices or users. In addition, logs can be used to generate reports for compliance and regulatory auditing, demonstrating adherence to corporate security policies and industry standards such as GDPR, HIPAA, or PCI DSS. The combination of centralized control, automatic enforcement, and detailed logging provides organizations with both preventive and detective security capabilities.

Group Policy Device Installation Restrictions also integrates seamlessly with other Windows security features, such as BitLocker and AppLocker, for a comprehensive endpoint protection strategy. For example, by enforcing encryption on authorized USB drives and whitelisting approved applications, enterprises can ensure that removable media cannot introduce malicious code or compromise sensitive information. The solution aligns with broader security frameworks, such as the principle of least privilege, by limiting access to trusted devices and reducing the attack surface of endpoints.

Administrators can tailor policies to different user groups or organizational units. For instance, employees in highly sensitive departments may be restricted to only encrypted, IT-issued devices, while general staff may have slightly more lenient policies. This flexibility allows enterprises to enforce strong security controls without significantly impeding productivity. Furthermore, Group Policy updates are applied automatically during system startup or user login, ensuring that endpoints are always compliant with the latest device policies.

B) Sticky Keys is an accessibility feature in Windows that allows users to press key combinations sequentially rather than simultaneously. While useful for individuals with certain physical disabilities, Sticky Keys does not provide any security functionality. It cannot restrict USB devices, prevent malware propagation, or log unauthorized access attempts. Sticky Keys offers no enterprise-level security controls or auditing capabilities, making it completely irrelevant for device control policies.

C) Paint is a graphics application included with Windows for creating and editing images. While it serves as a productivity tool, Paint cannot enforce device installation restrictions, block unauthorized USB devices, or provide logging for compliance or security purposes. It provides no mechanism to prevent malware propagation via removable media and therefore does not satisfy enterprise security requirements.

D) Windows Calculator is a utility for performing arithmetic operations. Like Sticky Keys and Paint, Calculator has no functionality related to security, device control, or centralized management. It cannot enforce policies, block unauthorized devices, or generate audit logs. Calculator does not protect endpoints against malware or support regulatory compliance in any way.

By contrast, Group Policy Device Installation Restrictions provides a robust and enterprise-ready solution for preventing malware propagation through removable media. It combines centralized enforcement, automatic blocking, granular policy control, and detailed logging, ensuring that only approved devices can be used while maintaining comprehensive audit trails. The ability to define rules by device type, vendor, or hardware ID allows IT teams to implement strong security measures without overly restricting legitimate operations.

In addition, this solution supports enterprise-wide scalability. Organizations with hundreds or thousands of endpoints can deploy uniform policies across all devices, eliminating gaps that could be exploited by malware. Centralized management reduces administrative overhead, simplifies compliance reporting, and ensures consistent protection across the enterprise. IT teams can monitor adherence to policies, quickly identify attempts to circumvent restrictions, and respond proactively to potential threats.

In summary, Group Policy Device Installation Restrictions is the only solution among the options that:

Automatically enforces device access policies across all Windows endpoints.

Blocks unauthorized removable media, preventing malware propagation and data exfiltration.

Provides granular control based on hardware ID, vendor ID, or device type.

Offers centralized management via Active Directory, ensuring enterprise-wide consistency.

Generates detailed logs for auditing, forensic investigation, and regulatory compliance.

Scales effectively for large enterprise environments while reducing administrative overhead.

Sticky Keys, Paint, and Windows Calculator provide no device control, logging, or security capabilities. Therefore, Group Policy Device Installation Restrictions is the correct choice because it meets all enterprise requirements for security, compliance, and operational control.