CompTIA 220-1102 A+ Certification Exam: Core 2 Dumps and Practice Test Questions Set 9 Q161-180

Visit here for our full CompTIA 220-1102 exam dumps and practice test questions.

Question 161

A company wants to enforce centralized patch management on all Windows endpoints, ensuring that security updates, feature updates, and application updates are applied automatically, with reporting on compliance status. Which solution BEST meets this requirement?

A) Windows Server Update Services (WSUS) with Group Policy integration
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Windows Server Update Services (WSUS) with Group Policy integration

Explanation:

A) WSUS allows centralized deployment of Windows updates, including critical security patches, feature updates, and application updates. Integration with Group Policy ensures that all domain-joined endpoints receive updates according to a scheduled policy, minimizing security vulnerabilities caused by outdated software. Administrators can approve or decline updates based on testing and business requirements, and detailed reporting provides visibility into which systems are compliant and which require remediation. This capability ensures consistent enforcement across all endpoints and helps maintain enterprise security and compliance with regulatory standards. WSUS supports automated notifications and remediation workflows, which reduces administrative overhead. Centralized management allows administrators to coordinate large-scale patch deployment, track compliance metrics, and audit update status for internal and external regulatory purposes. By providing granular control over which updates are installed, when, and on which endpoints, WSUS ensures that all devices remain secure and compliant while minimizing downtime or disruption to business operations.

B) Sticky Keys is an accessibility feature designed to assist users with physical disabilities. It cannot manage updates, enforce patch policies, or report compliance. It provides no enterprise-level security or patch management functionality.

C) Paint is a graphics application and cannot deploy or manage software updates, enforce compliance, or generate reports. It offers no administrative or security functionality.

D) Windows Calculator performs arithmetic operations and cannot manage or enforce updates, nor can it report on compliance status. It provides no security or patch management capabilities.

WSUS with Group Policy integration is correct because it allows centralized control of update deployment, automates patch management, provides compliance reporting, and ensures enterprise-wide security and regulatory adherence.

Question 162

A company wants to enforce multi-factor authentication (MFA) for Windows endpoints accessing corporate resources from untrusted networks. Policies must adapt based on device compliance and risk, and all authentication attempts must be logged. Which solution BEST meets this requirement?

A) Conditional Access Policies with MFA integrated into Active Directory
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Conditional Access Policies with MFA integrated into Active Directory

Explanation:

A) Conditional Access Policies enforce authentication requirements based on contextual factors such as network location, device health, and user risk profile. MFA provides an additional layer of security, reducing the likelihood of unauthorized access using stolen credentials. Integration with Active Directory enables centralized management and automatic application of policies across all domain-joined endpoints. Conditional Access Policies are adaptive, requiring MFA dynamically when risk thresholds are exceeded, such as when a user logs in from an untrusted network or non-compliant device. Logging captures all authentication attempts, both successful and failed, supporting auditing, compliance reporting, and forensic investigation. Integration with SIEM platforms allows real-time monitoring of unusual authentication patterns, enabling rapid incident response. This approach balances security with operational efficiency, providing enterprise-wide protection for sensitive resources while meeting regulatory compliance requirements.

B) Sticky Keys is an accessibility feature and cannot enforce MFA, monitor authentication, or integrate with directory services. It provides no enterprise security capability.

C) Paint is a graphics application and cannot enforce authentication policies, log access events, or adapt security based on risk. It provides no compliance or enterprise-level security functionality.

D) Windows Calculator performs arithmetic operations and cannot manage authentication policies, enforce MFA, or collect audit logs. It provides no enterprise-level security functionality.

Conditional Access Policies with MFA integrated into Active Directory is correct because it centrally enforces risk-based authentication, adapts to device compliance and user risk, logs all activity, and ensures enterprise-wide security and compliance.

Question 163

A company wants to enforce application whitelisting on Windows endpoints, automatically block unapproved applications and scripts, and log all execution attempts for auditing and compliance. Which solution BEST meets this requirement?

A) AppLocker with Group Policy integration
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) AppLocker with Group Policy integration

Explanation:

A) AppLocker enables administrators to define rules that control execution of applications, scripts, and installers. Rules can be based on publisher signatures, file paths, or cryptographic hashes. Integration with Group Policy ensures automatic deployment and consistent enforcement across all domain-joined endpoints. AppLocker generates logs of all allowed and blocked execution attempts, supporting auditing, compliance reporting, and forensic investigations. Application whitelisting mitigates the risk of malware, ransomware, and unauthorized software installations, enhancing enterprise security. Multiple rule collections allow granular control over executables, scripts, Windows Installer files, and packaged applications. Centralized management reduces administrative overhead and ensures that security policies are consistently applied across the enterprise. This combination of execution restriction, centralized deployment, and detailed logging supports regulatory compliance, operational security, and proactive threat mitigation.

B) Sticky Keys is an accessibility feature and cannot enforce application whitelisting, block unapproved software, or generate logs. It provides no enterprise-level security or auditing capability.

C) Paint is a graphics application and cannot restrict application execution or provide logging for auditing purposes. It offers no security or compliance functionality.

D) Windows Calculator performs arithmetic operations and cannot enforce execution policies or log activity. It provides no protection against unapproved applications or scripts.

AppLocker with Group Policy integration is correct because it enforces application whitelisting, centrally deploys rules, logs execution activity, and ensures enterprise-wide security and regulatory compliance.

Question 164

A company wants to centrally collect all Windows endpoint logs, encrypt them during transmission, filter relevant events, and forward them to a SIEM for real-time correlation, alerting, and compliance reporting. Which solution BEST meets this requirement?

A) Windows Event Forwarding (WEF) with SIEM integration
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Windows Event Forwarding (WEF) with SIEM integration

Explanation:

A) Windows Event Forwarding (WEF) enables centralized collection of event logs, including security, system, and application events. Logs can be encrypted using HTTPS or Kerberos to ensure data confidentiality and integrity. Administrators can configure subscriptions to forward only relevant events, reducing noise while maintaining visibility into actionable incidents such as failed logins, privilege escalations, or critical application errors. Integration with a SIEM enables real-time correlation, alerting, and compliance reporting. WEF scales to enterprise environments, supporting thousands of endpoints, while maintaining detailed audit trails for forensic investigation and regulatory compliance. Centralized log collection ensures rapid detection of anomalies, operational monitoring, and enterprise-wide visibility. Secure transmission, filtering, SIEM integration, and logging together provide comprehensive monitoring, operational awareness, and compliance readiness.

B) Sticky Keys is an accessibility feature and cannot collect, encrypt, or forward logs to a SIEM. It provides no monitoring, auditing, or compliance capability.

C) Paint is a graphics application and cannot capture, transmit, filter, or forward logs. It provides no centralized monitoring or audit functionality.

D) Windows Calculator performs arithmetic operations and cannot forward logs, encrypt them, or generate alerts. It provides no enterprise-level monitoring or compliance functionality.

Windows Event Forwarding with SIEM integration is correct because it securely collects logs, filters relevant events, supports real-time alerting, and ensures enterprise-wide auditing and compliance readiness.

Question 165

A company wants to prevent malware propagation through removable USB storage while allowing only authorized devices. Enforcement must be automatic, centrally managed, and all blocked attempts logged for auditing and compliance. Which solution BEST meets this requirement?

A) Group Policy Device Installation Restrictions
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Group Policy Device Installation Restrictions

Explanation:

A) Group Policy Device Installation Restrictions allows administrators to define which removable devices are authorized on Windows endpoints. Unauthorized devices are automatically blocked, mitigating malware, ransomware, and unauthorized data exfiltration. Centralized enforcement via Active Directory ensures consistent application of policies across all domain-joined devices. Detailed logging captures all blocked attempts, supporting forensic investigation, compliance reporting, and regulatory audits. Policies can be defined by hardware ID, vendor ID, or device type, providing granular control over removable storage. Automatic enforcement ensures enterprise-wide protection while maintaining operational efficiency. Visibility into blocked attempts reduces attack surfaces, enforces regulatory compliance, and protects sensitive data from malicious or unauthorized devices.

B) Sticky Keys is an accessibility feature and cannot block USB devices, prevent malware propagation, or generate logs. It provides no enterprise-level security or compliance functionality.

C) Paint is a graphics application and cannot enforce removable device restrictions, block malware, or provide auditing capabilities. It provides no security or compliance functionality.

D) Windows Calculator performs arithmetic operations and cannot manage removable devices, enforce policies, or log attempts. It provides no protection against malware or compliance enforcement.

Group Policy Device Installation Restrictions is correct because it automatically blocks unauthorized removable devices, centrally enforces policies, logs all attempts, and ensures enterprise-wide protection and regulatory compliance.

Question 166

A company wants to implement centralized endpoint monitoring of CPU, memory, disk, and network utilization to detect resource bottlenecks and potential malware activity. Which tool BEST meets this requirement?

A) Resource Monitor
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Resource Monitor

Explanation:

A) Resource Monitor is a built-in Windows tool providing detailed, real-time visibility into CPU, memory, disk, and network usage. Administrators can monitor processes, threads, and handles, correlating CPU spikes with network activity or disk I/O. This allows detection of abnormal behaviors such as malware communicating externally or resource-intensive processes affecting endpoint performance. Resource Monitor includes filtering and sorting options for specific processes, ports, or disk activity. Disk metrics, such as queue lengths and I/O latency, help identify bottlenecks. Memory statistics, including private bytes, working sets, and virtual memory usage, provide insight into process behavior. Integration with Performance Monitor allows historical tracking for trend analysis, capacity planning, and forensic investigation. Compared with Task Manager, Resource Monitor offers granular, per-thread, and per-process analysis, making it suitable for enterprise monitoring of both performance and security threats. Real-time monitoring, combined with detailed logging and reporting, enables proactive identification and mitigation of performance issues and potential malicious activity across endpoints.

B) Sticky Keys is an accessibility feature for users with physical disabilities. It provides no monitoring of CPU, memory, disk, or network usage and offers no security capabilities.

C) Paint is a graphics application and cannot monitor system resources, network connections, or disk I/O. It provides no enterprise-level monitoring or security functionality.

D) Windows Calculator performs arithmetic operations and cannot monitor resource utilization or detect abnormal behavior. It offers no diagnostic, performance, or security capability.

Resource Monitor is correct because it provides detailed, real-time analysis of system resources, enabling administrators to identify performance bottlenecks and detect potential malware activity proactively.

Question 167

A company wants to enforce multi-factor authentication (MFA) on all Windows endpoints accessing corporate resources from untrusted networks, with adaptive policies based on device compliance and user risk. All authentication attempts must be logged. Which solution BEST meets this requirement?

A) Conditional Access Policies with MFA integrated into Active Directory
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Conditional Access Policies with MFA integrated into Active Directory

Explanation:

A) Conditional Access Policies provide adaptive authentication requirements based on contextual factors like network location, device health, and user risk. MFA adds a second layer of security, mitigating unauthorized access due to stolen credentials. Integration with Active Directory allows centralized policy management and automatic application to all domain-joined devices. Conditional Access can dynamically require MFA when risk levels are elevated, such as when logging in from an untrusted network or a non-compliant device. Detailed logging of authentication attempts, including successes and failures, supports auditing, regulatory compliance, and forensic investigation. Real-time SIEM integration can alert administrators of unusual patterns, such as repeated failed logins or logins from unfamiliar locations. This approach ensures security without sacrificing user productivity, balancing strong protection for enterprise resources with operational efficiency. Centralized management and adaptive enforcement enable rapid response to security threats while maintaining audit readiness.

B) Sticky Keys is an accessibility feature and cannot enforce MFA, monitor authentication, or integrate with directory services. It provides no enterprise security functionality.

C) Paint is a graphics application and cannot enforce authentication policies, log attempts, or apply adaptive security measures. It provides no enterprise-level security or compliance functionality.

D) Windows Calculator performs arithmetic operations and cannot manage authentication policies, enforce MFA, or collect audit logs. It provides no enterprise security capability.

Conditional Access Policies with MFA integrated into Active Directory is correct because it centrally enforces adaptive, risk-based authentication, logs all activity for auditing, and provides enterprise-wide protection and regulatory compliance.

Question 168

A company wants to enforce application whitelisting on Windows endpoints, automatically block unapproved software and scripts, and maintain logs of allowed and blocked activity for auditing and compliance. Which solution BEST meets this requirement?

A) AppLocker with Group Policy integration
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) AppLocker with Group Policy integration

Explanation:

A) AppLocker enables administrators to define rules controlling the execution of applications, scripts, and installers. Rules can be based on publisher signatures, file paths, or cryptographic hashes. Integration with Group Policy ensures automatic enforcement and consistent deployment across all domain-joined endpoints. AppLocker logs all allowed and blocked execution attempts, providing detailed information for auditing, compliance reporting, and forensic investigation. Application whitelisting reduces the risk of malware, ransomware, and unauthorized software installation. Multiple rule collections allow granular control over executables, scripts, Windows Installer files, and packaged applications. Centralized deployment reduces administrative effort and ensures consistent enforcement of security policies across the enterprise. This approach supports regulatory compliance, proactive threat mitigation, and operational security by preventing unauthorized applications from running while capturing detailed logs for auditing purposes.

B) Sticky Keys is an accessibility feature and cannot enforce application whitelisting, block unapproved software, or generate logs. It provides no enterprise-level security or auditing capability.

C) Paint is a graphics application and cannot restrict application execution, monitor processes, or provide logs for auditing. It offers no security or compliance functionality.

D) Windows Calculator performs arithmetic operations and cannot enforce execution policies, block applications, or log activity. It provides no protection against unapproved applications or scripts.

AppLocker with Group Policy integration is correct because it enforces application whitelisting, centrally deploys rules, logs execution attempts, and ensures enterprise-wide security and compliance.

Question 169

A company wants to centrally collect Windows endpoint logs, encrypt them during transit, filter relevant events, and forward them to a SIEM for real-time correlation, alerting, and compliance reporting. Which solution BEST meets this requirement?

A) Windows Event Forwarding (WEF) with SIEM integration
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Windows Event Forwarding (WEF) with SIEM integration

Explanation:

A) Windows Event Forwarding (WEF) allows centralized collection of security, system, and application logs from multiple Windows endpoints. Logs can be encrypted using HTTPS or Kerberos to ensure confidentiality and integrity. Administrators can define subscriptions to forward only relevant events, reducing noise while maintaining visibility into actionable incidents such as failed logins, privilege escalations, or critical application errors. Integration with a SIEM enables real-time correlation, alerting, and compliance reporting. WEF supports enterprise-scale environments with thousands of endpoints while maintaining detailed audit trails for forensic investigation and regulatory compliance. Centralized log collection allows rapid detection of anomalies, operational monitoring, and enterprise-wide visibility. Secure transmission, event filtering, SIEM integration, and logging together provide comprehensive monitoring, operational awareness, and compliance readiness across the organization.

B) Sticky Keys is an accessibility feature and cannot collect, encrypt, filter, or forward logs to a SIEM. It provides no monitoring, auditing, or compliance functionality.

C) Paint is a graphics application and cannot capture, transmit, filter, or forward logs. It provides no enterprise-level monitoring or auditing capability.

D) Windows Calculator performs arithmetic operations and cannot forward logs, encrypt them, or generate alerts. It provides no monitoring, auditing, or compliance functionality.

Windows Event Forwarding with SIEM integration is correct because it securely collects logs, filters relevant events, supports real-time alerting, and ensures enterprise-wide auditing and compliance readiness.

Question 170

A company wants to prevent malware propagation through removable USB storage, allow only authorized devices, centrally enforce policies, and log all blocked attempts for auditing and compliance. Which solution BEST meets this requirement?

A) Group Policy Device Installation Restrictions
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Group Policy Device Installation Restrictions

Explanation

A) Group Policy Device Installation Restrictions allows administrators to define which removable devices are authorized on Windows endpoints. Unauthorized devices are automatically blocked, preventing malware, ransomware, and unauthorized data exfiltration. Centralized enforcement through Active Directory ensures consistent policy application across all domain-joined devices. Detailed logging captures all blocked attempts, supporting forensic investigation, compliance reporting, and regulatory audits. Policies can be defined based on hardware ID, vendor ID, or device type, providing granular control over removable storage. Automatic enforcement ensures enterprise-wide protection while maintaining operational efficiency. Visibility into blocked attempts helps reduce attack surfaces, enforce regulatory compliance, and protect sensitive data from malicious or unauthorized devices.

B) Sticky Keys is an accessibility feature and cannot block USB devices, prevent malware propagation, or log attempts. It provides no enterprise-level security or compliance functionality.

C) Paint is a graphics application and cannot enforce removable device restrictions, prevent malware, or provide audit logs. It provides no security or compliance capability.

D) Windows Calculator performs arithmetic operations and cannot manage removable devices, enforce policies, or log activity. It provides no protection against malware or compliance enforcement.

Group Policy Device Installation Restrictions is correct because it automatically blocks unauthorized removable devices, centrally enforces policies, logs all attempts, and ensures enterprise-wide protection and regulatory compliance.

 Question 171

A company wants to centrally manage Windows firewall rules, control inbound and outbound traffic, block unauthorized applications, and log all events for auditing. Which solution BEST meets this requirement?

A) Group Policy Windows Firewall with Advanced Security
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Group Policy Windows Firewall with Advanced Security

Explanation:

A) Group Policy Windows Firewall with Advanced Security allows administrators to centrally define firewall rules for inbound and outbound traffic across all domain-joined endpoints. Rules can be based on ports, protocols, IP addresses, or applications. Integration with Active Directory ensures consistent application of policies enterprise-wide. Event logging captures allowed and blocked traffic, providing a detailed audit trail for compliance and forensic investigation. Connection security rules enable IPsec encryption between endpoints, and profile-specific enforcement allows different rules for domain, private, and public networks. This centralized management reduces administrative overhead, prevents misconfigurations, and ensures consistent enforcement of security policies. The firewall can block unapproved applications and network traffic proactively, mitigating malware propagation, unauthorized access, and insider threats. Detailed logging also supports regulatory compliance by documenting policy enforcement and network activity for auditors.

B) Sticky Keys is an accessibility feature designed to assist users with physical disabilities. It cannot enforce firewall rules, control traffic, block applications, or provide logging. It has no security or auditing functionality.

C) Paint is a graphics program and cannot manage firewall rules, block traffic, or generate logs. It provides no enterprise-level security capabilities.

D) Windows Calculator performs arithmetic operations and cannot enforce firewall policies, block applications, or log network events. It provides no security or compliance functionality.

Group Policy Windows Firewall with Advanced Security is correct because it centrally enforces firewall rules, blocks unauthorized applications, logs all network activity, and ensures enterprise-wide security and compliance.

Question 172

A company wants to enforce automatic encryption of all removable drives, centrally manage recovery keys, and allow recovery if a user forgets a password. Which solution BEST meets this requirement?

A) BitLocker To Go with Active Directory recovery key integration
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) BitLocker To Go with Active Directory recovery key integration

Explanation:

A) BitLocker To Go provides full-volume encryption for removable storage, including USB drives and external hard drives. Recovery keys can be securely stored in Active Directory, enabling centralized recovery if a user forgets a password. Policies can enforce automatic encryption when removable drives are connected to endpoints, ensuring consistent enterprise-wide protection. Logging of encryption and recovery events allows auditing, compliance reporting, and forensic investigation. Centralized management reduces administrative burden and ensures that sensitive data on removable storage remains encrypted and recoverable when necessary. BitLocker To Go mitigates the risk of data loss due to stolen or lost devices while maintaining compliance with data protection regulations. Integration with Active Directory allows administrators to track encryption status, enforce mandatory encryption policies, and centrally recover encrypted drives without compromising security.

B) Sticky Keys is an accessibility feature and cannot encrypt drives, store recovery keys, or enforce policies. It provides no enterprise-level data protection.

C) Paint is a graphics application and cannot manage encryption, recovery keys, or enforce policies. It provides no security or compliance capability.

D) Windows Calculator performs arithmetic operations and cannot encrypt drives, manage recovery keys, or enforce policies. It provides no data protection functionality.

BitLocker To Go with Active Directory recovery key integration is correct because it automatically encrypts removable drives, centrally manages recovery keys, enables recovery, and ensures enterprise-wide compliance and data security.

Question 173

A company wants to prevent execution of unapproved scripts and PowerShell commands, while logging all allowed and blocked activity for auditing. Which solution BEST meets this requirement?

A) PowerShell Constrained Language Mode with AppLocker or Group Policy execution restrictions
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) PowerShell Constrained Language Mode with AppLocker or Group Policy execution restrictions

Explanation:

A) PowerShell Constrained Language Mode restricts which commands and scripts users can execute, limiting potential malicious activity. Combined with AppLocker or Group Policy execution restrictions, administrators can whitelist approved scripts while blocking all others. All execution attempts, allowed or blocked, are logged for auditing, compliance, and forensic analysis. Centralized policy enforcement ensures uniform protection across all domain-joined endpoints. By limiting unapproved PowerShell activity, the organization mitigates the risk of malware execution, insider threats, or accidental misconfigurations. Detailed logs allow correlation of activity with security events, enabling proactive detection of abnormal or suspicious behavior. This solution provides granular control, centralized enforcement, and comprehensive logging, which together ensure both operational security and regulatory compliance.

B) Sticky Keys is an accessibility tool and cannot restrict scripts, enforce execution policies, or log activity. It provides no security or compliance functionality.

C) Paint is a graphics application and cannot enforce PowerShell restrictions, monitor scripts, or generate logs. It offers no auditing or security capability.

D) Windows Calculator performs arithmetic operations and cannot restrict scripts, enforce policies, or log activity. It provides no protection against unauthorized code execution.

PowerShell Constrained Language Mode with AppLocker or Group Policy execution restrictions is correct because it blocks unapproved scripts, logs activity, enforces centralized policies, and supports auditing and compliance.

Question 174

A company wants to centrally collect Windows endpoint logs, encrypt them during transmission, filter relevant events, and forward them to a SIEM for real-time correlation and alerting. Which solution BEST meets this requirement?

A) Windows Event Forwarding (WEF) with SIEM integration
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Windows Event Forwarding (WEF) with SIEM integration

Explanation:

A) Windows Event Forwarding allows centralized collection of logs, including security, system, and application events. Logs can be encrypted in transit using HTTPS or Kerberos. Subscriptions can be configured to forward only relevant events, such as failed logins or privilege escalations, reducing unnecessary noise. Integration with a SIEM allows real-time correlation, alerting, and compliance reporting. WEF supports enterprise environments with thousands of endpoints, providing a centralized, scalable solution for log collection and monitoring. Detailed audit trails enable forensic investigation, incident response, and regulatory compliance. Centralized log collection ensures anomalies are detected promptly, providing enterprise-wide operational visibility and security awareness. Combined with secure transmission, filtering, SIEM integration, and logging, WEF provides a comprehensive monitoring solution for operational and regulatory needs.

B) Sticky Keys is an accessibility feature and cannot collect, encrypt, or forward logs to a SIEM. It provides no monitoring or auditing functionality.

C) Paint is a graphics application and cannot capture, transmit, filter, or forward logs. It provides no enterprise monitoring or compliance functionality.

D) Windows Calculator performs arithmetic operations and cannot forward logs, encrypt them, or generate alerts. It provides no monitoring, auditing, or compliance functionality.

Windows Event Forwarding with SIEM integration is correct because it securely collects logs, filters events, supports real-time alerting, and ensures enterprise-wide auditing and compliance readiness.

Question 175

A company wants to prevent malware propagation through removable USB storage, allow only authorized devices, centrally enforce policies, and log all blocked attempts for auditing and compliance. Which solution BEST meets this requirement?

A) Group Policy Device Installation Restrictions
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Group Policy Device Installation Restrictions

Explanation:

A) Group Policy Device Installation Restrictions allows administrators to define which removable devices are authorized. Unauthorized devices are automatically blocked, preventing malware, ransomware, and data exfiltration. Centralized enforcement via Active Directory ensures consistent policy application across all domain-joined endpoints. Detailed logging captures all blocked attempts, supporting auditing, regulatory compliance, and forensic investigation. Policies can be configured by hardware ID, vendor ID, or device type for granular control over removable storage. Automatic enforcement ensures enterprise-wide protection while maintaining operational efficiency. Visibility into blocked attempts helps reduce attack surfaces, enforce compliance, and safeguard sensitive data from malicious or unauthorized devices.

B) Sticky Keys is an accessibility feature and cannot block USB devices, enforce policies, or generate logs. It provides no enterprise-level security or compliance functionality.

C) Paint is a graphics application and cannot manage removable devices, prevent malware propagation, or log attempts. It provides no security or compliance capability.

D) Windows Calculator performs arithmetic operations and cannot enforce policies, block devices, or log activity. It provides no protection against malware or compliance enforcement.

Group Policy Device Installation Restrictions is correct because it automatically blocks unauthorized devices, centrally enforces policies, logs all attempts, and ensures enterprise-wide protection and regulatory compliance.

Question 176

A company wants to monitor Windows endpoints in real time for CPU, memory, disk, and network utilization to detect abnormal activity, troubleshoot performance issues, and generate reports. Which tool BEST meets this requirement?

A) Resource Monitor
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Resource Monitor

Explanation:

A) Resource Monitor is a built-in Windows utility that provides detailed, real-time monitoring of CPU, memory, disk, and network utilization on endpoints. It allows administrators to identify processes consuming excessive resources, detect bottlenecks, and correlate activity across system components. CPU monitoring includes per-thread utilization, process priority, and handle usage, enabling the detection of resource-intensive or suspicious processes. Memory metrics include private working set, shared memory, and virtual memory allocation, which help identify potential memory leaks or malicious memory manipulation. Disk monitoring provides insights into I/O operations, queue length, and read/write latency, allowing troubleshooting of performance degradation or unusual disk activity. Network monitoring tracks active connections, sent/received bytes, and network utilization per process, which helps identify potential malware exfiltration or abnormal network behavior. Resource Monitor can integrate with Performance Monitor to capture historical data for trend analysis, capacity planning, and forensic investigations. Detailed filtering, sorting, and logging capabilities allow targeted investigation and documentation for compliance. Compared to Task Manager, Resource Monitor offers granular, process-level, and thread-level insights, making it ideal for enterprise-level monitoring of both performance and security events.

B) Sticky Keys is an accessibility feature to assist users with limited mobility. It provides no monitoring of system resources, network activity, or disk I/O, and offers no security or performance analysis capability.

C) Paint is a graphics application and cannot monitor CPU, memory, disk, or network utilization. It offers no diagnostic, troubleshooting, or enterprise-level monitoring functionality.

D) Windows Calculator performs arithmetic operations and cannot monitor system resources, detect abnormal activity, or generate reports. It provides no monitoring or security capability.

Resource Monitor is correct because it provides comprehensive, real-time visibility into all critical system resources, enabling administrators to detect performance issues, troubleshoot problems, and identify potential malicious activity.

Question 177

A company wants to enforce multi-factor authentication (MFA) on Windows endpoints when accessing corporate resources from untrusted networks, with adaptive policies based on device compliance and user risk, and all authentication attempts logged. Which solution BEST meets this requirement?

A) Conditional Access Policies with MFA integrated into Active Directory
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Conditional Access Policies with MFA integrated into Active Directory

Explanation:

A) Conditional Access Policies enforce authentication requirements based on contextual conditions such as network location, device health, and user risk score. MFA adds a second factor, reducing the likelihood of unauthorized access using compromised credentials. Integration with Active Directory allows centralized management and consistent application across all domain-joined endpoints. Conditional Access is adaptive: MFA is dynamically required if a user logs in from an untrusted network, an unmanaged device, or when risk signals indicate unusual activity. All authentication attempts, including successful and failed logins, are logged for auditing, compliance, and forensic investigation. Integration with SIEM platforms enables real-time monitoring and alerts for suspicious authentication patterns. This solution balances strong security with operational efficiency, ensuring enterprise-wide protection of resources while maintaining audit readiness and regulatory compliance.

B) Sticky Keys is an accessibility feature and cannot enforce MFA, log authentication attempts, or adapt policies based on risk. It provides no enterprise security capability.

C) Paint is a graphics application and cannot enforce authentication, monitor logins, or apply adaptive security policies. It offers no enterprise-level security functionality.

D) Windows Calculator performs arithmetic operations and cannot enforce MFA, monitor authentication, or log access attempts. It provides no security or compliance functionality.

Conditional Access Policies with MFA integrated into Active Directory is correct because it centrally enforces adaptive, risk-based authentication, logs all activity for auditing, and provides enterprise-wide protection and regulatory compliance.

Question 178

A company wants to enforce application whitelisting on Windows endpoints, automatically block unapproved software and scripts, and maintain logs of all allowed and blocked activity for auditing and compliance. Which solution BEST meets this requirement?

A) AppLocker with Group Policy integration
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) AppLocker with Group Policy integration

Explanation:

A) AppLocker allows administrators to define rules controlling execution of applications, scripts, installers, and packaged apps. Rules can be based on publisher, file path, or cryptographic hash. Integration with Group Policy ensures automatic deployment across all domain-joined endpoints. AppLocker logs all allowed and blocked execution attempts, providing detailed auditing for compliance and forensic investigation. Whitelisting mitigates malware, ransomware, and unauthorized software installation risks. Multiple rule collections allow granular control over different types of applications, enabling precise enforcement. Centralized deployment reduces administrative burden and ensures consistent application of security policies. Combined with detailed logging, AppLocker provides enterprise-wide application control, supports regulatory compliance, and strengthens operational security by preventing unapproved code execution.

B) Sticky Keys is an accessibility tool and cannot enforce application whitelisting, block software, or generate logs. It provides no enterprise-level security or compliance functionality.

C) Paint is a graphics application and cannot restrict application execution, monitor processes, or provide auditing logs. It offers no security or compliance capabilities.

D) Windows Calculator performs arithmetic operations and cannot enforce execution policies, block applications, or log activity. It provides no protection against unauthorized applications or scripts.

AppLocker with Group Policy integration is correct because it enforces whitelisting, centrally manages application execution rules, logs activity for auditing, and ensures enterprise-wide compliance and security.

Question 179

A company wants to centrally collect Windows endpoint logs, encrypt them in transit, filter relevant events, and forward them to a SIEM for real-time alerting, correlation, and compliance reporting. Which solution BEST meets this requirement?

A) Windows Event Forwarding (WEF) with SIEM integration
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Windows Event Forwarding (WEF) with SIEM integration

Explanation:

A) Windows Event Forwarding enables centralized collection of security, system, and application logs from multiple endpoints. Logs can be encrypted using HTTPS or Kerberos to maintain confidentiality and integrity. Administrators can configure subscriptions to forward only relevant events, such as failed logins or privilege escalation attempts, reducing noise. Integration with SIEM platforms allows real-time correlation, alerting, and compliance reporting. WEF scales to enterprise environments, supporting thousands of endpoints while maintaining detailed audit trails for forensic investigation. Centralized log collection enables rapid detection of anomalies, operational visibility, and enterprise-wide security monitoring. Secure transmission, event filtering, SIEM integration, and logging together provide a robust monitoring and compliance solution. This approach ensures that security incidents are detected in real time, audit logs are maintained, and regulatory compliance requirements are met across all endpoints.

B) Sticky Keys is an accessibility feature and cannot collect, encrypt, or forward logs. It provides no monitoring, alerting, or compliance functionality.

C) Paint is a graphics application and cannot capture, transmit, filter, or forward logs. It provides no centralized monitoring or compliance capability.

D) Windows Calculator performs arithmetic operations and cannot forward logs, encrypt data, or generate alerts. It provides no monitoring or security functionality.

Windows Event Forwarding with SIEM integration is correct because it securely collects logs, filters relevant events, supports real-time alerting, and ensures enterprise-wide auditing and compliance readiness.

Question 180

A company wants to prevent malware propagation through removable USB storage, allow only authorized devices, enforce policies centrally, and log all blocked attempts for auditing and compliance. Which solution BEST meets this requirement?

A) Group Policy Device Installation Restrictions
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Group Policy Device Installation Restrictions

Explanation:

A) Group Policy Device Installation Restrictions is a Windows security feature that allows administrators to define and enforce policies controlling which removable devices are authorized for use on corporate endpoints. By specifying allowed device types, vendor IDs, or hardware IDs, organizations can prevent unauthorized USB devices from connecting to domain-joined computers. This capability is critical in mitigating risks associated with malware propagation, ransomware infections, and unauthorized data exfiltration. Many malware families exploit removable media as a vector to spread across an organization’s network, so controlling device access at the endpoint is a crucial component of a comprehensive security strategy.

Centralized enforcement through Active Directory (AD) ensures that policies are applied consistently across all endpoints within the domain. This eliminates the need for manual configuration on each device, reduces administrative overhead, and ensures that security policies are uniformly enforced. By managing policies via Group Policy Objects (GPOs), IT teams can deploy rules to specific organizational units, user groups, or device classes, allowing for tailored security configurations that meet the needs of different departments or roles.

A critical feature of this solution is automatic enforcement. Once a policy is applied, Windows automatically blocks unauthorized devices without requiring user intervention. This reduces the risk of human error and ensures endpoints remain protected in real time. Users attempting to connect unapproved USB drives are immediately denied access, preventing malware introduction and protecting sensitive corporate data.

Logging and auditing are fundamental aspects of Group Policy Device Installation Restrictions. All attempts to connect blocked devices are recorded in the Windows Event Log, providing detailed information about the device, the user, and the time of the attempt. This information is invaluable for forensic investigation, allowing IT security teams to track potential security incidents and understand attack patterns. Additionally, logs can be used to generate reports for regulatory compliance audits, helping organizations demonstrate adherence to industry standards such as HIPAA, PCI DSS, GDPR, and SOX. The ability to monitor device access also supports proactive security measures, allowing IT teams to identify attempts to circumvent policies and strengthen enforcement mechanisms.

The solution also provides granular control over removable storage devices. Administrators can define policies to allow only devices that match specific hardware IDs, vendor IDs, or device types. For example, an organization can permit only encrypted, corporate-issued USB drives while blocking all personal or untrusted devices. This level of control ensures operational flexibility for legitimate workflows while maintaining strict security standards.

B) Sticky Keys is an accessibility feature that enables users to execute key combinations sequentially rather than simultaneously. While helpful for users with certain physical disabilities, it does not provide security, device control, or logging functionality. Sticky Keys cannot prevent malware propagation, enforce device policies, or provide audit trails and is therefore irrelevant in an enterprise security context.

C) Paint is a graphics application used for image creation and editing. While a productivity tool, Paint has no capabilities for controlling USB device access, enforcing policies, or generating logs. It cannot prevent malware propagation via removable storage and does not contribute to regulatory compliance efforts.

D) Windows Calculator is a utility for performing arithmetic operations. Like Sticky Keys and Paint, Calculator has no ability to control device installation, enforce security policies, or provide logging. It offers no protection against malware and cannot support compliance or enterprise security requirements.

In summary, Group Policy Device Installation Restrictions is the only solution among the options that provides:

Automatic blocking of unauthorized removable devices to prevent malware and unauthorized data access.

Centralized enforcement via Active Directory for consistent application across all domain-joined endpoints.

Granular control based on hardware ID, vendor ID, or device type.

Logging of all blocked attempts to support forensic investigation, auditing, and regulatory compliance.

Enterprise-wide protection that enhances security while maintaining operational efficiency.

Sticky Keys, Paint, and Windows Calculator provide no enforcement, logging, or security functionality. Therefore, Group Policy Device Installation Restrictions is the correct choice because it delivers automated, centralized, and auditable protection against unauthorized removable devices and ensures enterprise-wide compliance with security policies.