CompTIA 220-1102 A+ Certification Exam: Core 2 Dumps and Practice Test Questions Set 10 Q181-200

Practice Exams:

View All

CompTIA

CompTIA 220-1102 A+ Certification Exam: Core 2 Dumps and Practice Test Questions Set 10 Q181-200

Visit here for our full CompTIA 220-1102 exam dumps and practice test questions.

Question 181

A company wants to monitor all network connections, processes, and disk activity on Windows endpoints in real time to detect performance issues and potential malware. Which tool BEST meets this requirement?

A) Resource Monitor
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Resource Monitor

Explanation:

A) Resource Monitor provides detailed, real-time visibility into CPU, memory, disk, and network activity. Administrators can monitor individual processes, threads, handles, and network connections, correlating resource usage with system activity. CPU metrics include per-thread utilization, helping identify high-demand processes or potential malicious processes consuming excessive CPU. Memory analysis, including private working sets, shared memory, and virtual memory usage, helps detect memory leaks or abnormal allocations often seen in malware. Disk monitoring displays I/O operations, queue lengths, and latency, assisting in troubleshooting bottlenecks. Network monitoring captures per-process connections, sent/received bytes, and port usage, enabling detection of suspicious outbound traffic. Resource Monitor supports filtering, sorting, and logging, which allows targeted analysis and reporting. Integration with Performance Monitor allows capturing historical data for trend analysis, capacity planning, and forensic investigation. Compared to Task Manager, Resource Monitor provides more granular, per-process and per-thread insights, making it suitable for enterprise monitoring of both performance and security events. This makes it ideal for proactively detecting performance issues and potential malware activity.

B) Sticky Keys is an accessibility feature and cannot monitor system resources, disk activity, or network connections. It offers no security or performance monitoring capabilities.

C) Paint is a graphics application and cannot monitor system resources or detect abnormal activity. It provides no diagnostic or monitoring functionality.

D) Windows Calculator performs arithmetic operations and cannot monitor CPU, memory, disk, or network usage. It has no capability to detect performance or security issues.

Resource Monitor is correct because it provides detailed, real-time monitoring and logging of system activity, enabling administrators to detect both performance bottlenecks and potential malicious activity.

Question 182

A company wants to enforce multi-factor authentication (MFA) on Windows endpoints for access to corporate resources from untrusted networks, with adaptive policies based on device compliance and risk, and log all authentication events. Which solution BEST meets this requirement?

A) Conditional Access Policies with MFA integrated into Active Directory
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Conditional Access Policies with MFA integrated into Active Directory

Explanation:

A) Conditional Access Policies provide adaptive authentication controls based on contextual signals such as network location, device compliance, and user risk profile. MFA adds a second layer of authentication, reducing the likelihood of unauthorized access from compromised credentials. Integration with Active Directory allows centralized policy management, automatically enforcing policies across all domain-joined devices. Conditional Access dynamically requires MFA when risk thresholds are exceeded, for example when users access resources from untrusted networks or non-compliant devices. All authentication events, successful or failed, are logged for auditing, compliance, and forensic investigation. Integration with SIEM allows real-time monitoring, correlation, and alerting for suspicious authentication patterns. This solution balances enterprise security with user productivity while ensuring audit readiness and regulatory compliance. Centralized enforcement and adaptive security help prevent unauthorized access without disrupting legitimate user activity.

B) Sticky Keys is an accessibility feature and cannot enforce MFA, adapt policies, or log authentication attempts. It provides no enterprise security functionality.

C) Paint is a graphics application and cannot enforce authentication policies, monitor access attempts, or apply adaptive security. It provides no enterprise-level security capability.

D) Windows Calculator performs arithmetic operations and cannot enforce MFA, log authentication events, or adapt policies based on risk. It provides no security functionality.

Conditional Access Policies with MFA integrated into Active Directory is correct because it provides adaptive, risk-based authentication enforcement, logs all access attempts, and ensures enterprise-wide security and compliance.

Question 183

A company wants to enforce application whitelisting, automatically block unapproved applications and scripts, and maintain logs of allowed and blocked activity for auditing and compliance on Windows endpoints. Which solution BEST meets this requirement?

A) AppLocker with Group Policy integration
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) AppLocker with Group Policy integration

Explanation:

A) AppLocker enables administrators to create rules controlling the execution of executables, scripts, Windows Installer files, and packaged apps. Rules can be based on publisher, file path, or cryptographic hash. Integration with Group Policy ensures automatic enforcement across all domain-joined endpoints. AppLocker logs all allowed and blocked executions, providing detailed audit trails for compliance reporting and forensic investigations. Application whitelisting mitigates risks from malware, ransomware, and unauthorized software. Granular rule collections allow administrators to control execution for different application types. Centralized management reduces administrative overhead and ensures consistent enforcement across the enterprise. Logging provides actionable data for security investigations and compliance audits, enabling proactive threat mitigation and regulatory adherence. AppLocker is an essential tool for controlling enterprise application usage while maintaining security and compliance standards.

B) Sticky Keys is an accessibility feature and cannot block unapproved software, enforce whitelists, or generate logs. It provides no enterprise-level security or auditing capability.

C) Paint is a graphics application and cannot restrict application execution or monitor processes. It provides no security or compliance functionality.

D) Windows Calculator performs arithmetic operations and cannot enforce execution policies, block applications, or log activity. It provides no protection against unauthorized software.

AppLocker with Group Policy integration is correct because it enforces application whitelisting, centrally deploys rules, logs execution attempts, and ensures enterprise-wide security and compliance.

Question 184

A company wants to centrally collect Windows endpoint logs, encrypt them in transit, filter relevant events, and forward them to a SIEM for real-time correlation, alerting, and compliance reporting. Which solution BEST meets this requirement?

A) Windows Event Forwarding (WEF) with SIEM integration
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Windows Event Forwarding (WEF) with SIEM integration

Explanation:

A) Windows Event Forwarding enables centralized collection of security, system, and application logs from multiple endpoints. Logs can be encrypted using HTTPS or Kerberos for secure transmission. Administrators can define subscriptions to forward only relevant events, such as failed logins or privilege escalation attempts, reducing noise and focusing on actionable security events. Integration with SIEM platforms enables real-time correlation, alerting, and compliance reporting. WEF scales to enterprise environments with thousands of endpoints while maintaining detailed audit trails for forensic investigation and regulatory compliance. Centralized log collection allows rapid anomaly detection, operational monitoring, and enterprise-wide visibility. Secure transmission, event filtering, SIEM integration, and detailed logging provide a comprehensive monitoring solution for enterprise security and regulatory compliance. This approach ensures timely detection of security incidents, maintains audit logs, and supports regulatory requirements.

B) Sticky Keys is an accessibility feature and cannot collect, encrypt, forward, or filter logs. It provides no monitoring or compliance functionality.

C) Paint is a graphics application and cannot capture, transmit, filter, or forward logs. It provides no enterprise monitoring or auditing capabilities.

D) Windows Calculator performs arithmetic operations and cannot forward logs, encrypt them, or generate alerts. It provides no monitoring or security functionality.

Windows Event Forwarding with SIEM integration is correct because it securely collects logs, filters relevant events, enables real-time alerting, and ensures enterprise-wide auditing and compliance readiness.

Question 185

A company wants to prevent malware propagation through removable USB storage, allow only authorized devices, enforce policies centrally, and log all blocked attempts for auditing and compliance. Which solution BEST meets this requirement?

A) Group Policy Device Installation Restrictions
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Group Policy Device Installation Restrictions

Explanation:

A) Group Policy Device Installation Restrictions allows administrators to define which removable devices are authorized on Windows endpoints. Unauthorized devices are automatically blocked, preventing malware, ransomware, and unauthorized data exfiltration. Centralized enforcement through Active Directory ensures consistent application across all domain-joined endpoints. Detailed logs capture all blocked attempts, supporting forensic investigation, auditing, and regulatory compliance. Policies can be defined based on hardware ID, vendor ID, or device type, providing granular control over removable storage. Automatic enforcement ensures enterprise-wide protection while maintaining operational efficiency. Logging and visibility into blocked attempts reduce attack surfaces, enforce regulatory compliance, and protect sensitive data from malicious or unauthorized devices.

B) Sticky Keys is an accessibility feature and cannot block USB devices, enforce policies, or log attempts. It provides no enterprise-level security or compliance capability.

C) Paint is a graphics application and cannot manage removable devices, prevent malware propagation, or provide audit logs. It provides no security or compliance functionality.

D) Windows Calculator performs arithmetic operations and cannot enforce policies, block devices, or log activity. It provides no protection against malware or regulatory enforcement.

Group Policy Device Installation Restrictions is correct because it automatically blocks unauthorized removable devices, centrally enforces policies, logs all attempts, and ensures enterprise-wide protection and regulatory compliance.

Question 186

A company wants to centrally enforce Windows Defender Antivirus policies, ensure real-time protection, schedule scans, and maintain detailed logs for compliance reporting. Which solution BEST meets this requirement?

A) Group Policy for Windows Defender Antivirus
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Group Policy for Windows Defender Antivirus

Explanation:

A) Group Policy for Windows Defender Antivirus allows administrators to centrally configure and enforce antivirus policies on all domain-joined endpoints. Real-time protection can be enabled to monitor active processes and block malicious activity automatically. Administrators can schedule scans, specify exclusions, configure cloud-delivered protection, and define action preferences for detected threats. Detailed event logging ensures all malware detections, blocked files, and scan results are recorded, supporting regulatory compliance, auditing, and forensic investigations. Integration with Security Center and SIEM platforms allows centralized monitoring, alerting, and reporting of security events. Centralized management reduces administrative overhead and ensures uniform enforcement of antivirus policies across the enterprise. These capabilities help mitigate malware risks, improve endpoint security posture, and maintain compliance with internal and external regulatory requirements.

B) Sticky Keys is an accessibility feature and cannot enforce antivirus policies, monitor threats, or generate logs. It provides no enterprise-level security capability.

C) Paint is a graphics application and cannot monitor or block malware, schedule scans, or maintain logs. It provides no security or compliance functionality.

D) Windows Calculator performs arithmetic operations and cannot enforce antivirus policies, detect malware, or generate logs. It provides no protection or compliance functionality.

Group Policy for Windows Defender Antivirus is correct because it enforces antivirus policies centrally, maintains detailed logs, supports real-time protection, and ensures enterprise-wide compliance and security.

Question 187

A company wants to monitor Windows endpoints for unusual login activity, failed logins, and privilege escalations, and forward these events to a SIEM for real-time alerting and correlation. Which solution BEST meets this requirement?

A) Windows Event Forwarding (WEF) with SIEM integration
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Windows Event Forwarding (WEF) with SIEM integration

Explanation:

A) Windows Event Forwarding allows centralized collection of Windows logs, including security events such as failed logins, account lockouts, and privilege escalation attempts. Events can be encrypted in transit using HTTPS or Kerberos. Administrators can configure subscriptions to forward only relevant events, reducing noise while ensuring actionable data is collected. Integration with a SIEM enables real-time correlation and alerting, providing operational visibility and enhancing incident response capabilities. Centralized log collection supports forensic investigation and regulatory compliance by maintaining a complete audit trail of security-related events. WEF scales to enterprise environments, supporting thousands of endpoints while maintaining detailed logs. Filtering and encryption provide security and reduce unnecessary traffic, while SIEM integration allows automated threat detection and reporting. By collecting and analyzing authentication events centrally, organizations can detect anomalies quickly, respond to potential breaches, and demonstrate compliance with security policies and regulations.

B) Sticky Keys is an accessibility feature and cannot collect, forward, or analyze login events. It provides no security monitoring or compliance functionality.

C) Paint is a graphics application and cannot monitor login activity, forward logs, or detect anomalies. It provides no enterprise-level security capability.

D) Windows Calculator performs arithmetic operations and cannot collect, forward, or analyze security events. It provides no monitoring or alerting functionality.

Windows Event Forwarding with SIEM integration is correct because it securely collects relevant security events, forwards them to a SIEM for real-time alerting, and ensures enterprise-wide auditing and compliance readiness.

Question 188

A company wants to enforce full-disk encryption on all endpoints, centrally manage recovery keys, and ensure compliance reporting for lost or stolen devices. Which solution BEST meets this requirement?

A) BitLocker with Active Directory recovery key integration
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) BitLocker with Active Directory recovery key integration

Explanation:

A) BitLocker provides full-disk encryption, protecting data at rest on endpoints. Centralized recovery key storage in Active Directory ensures that administrators can recover encrypted drives if users forget passwords or recovery keys are lost. Policies can enforce automatic encryption on all drives, ensuring enterprise-wide compliance. Detailed logging of encryption and recovery events supports auditing, compliance reporting, and forensic investigation. Centralized management reduces administrative burden and ensures consistent enforcement across all endpoints. BitLocker mitigates risks from lost or stolen devices by preventing unauthorized access to sensitive data while maintaining operational recovery options for legitimate users. Integration with Active Directory allows administrators to track encryption status, enforce mandatory encryption policies, and retrieve recovery keys securely without compromising security. Reporting capabilities enable organizations to demonstrate compliance with regulatory frameworks such as HIPAA, GDPR, and PCI-DSS.

B) Sticky Keys is an accessibility feature and cannot encrypt drives, store recovery keys, or enforce compliance policies. It provides no enterprise-level data protection.

C) Paint is a graphics application and cannot encrypt drives, manage recovery keys, or provide compliance reporting. It provides no security functionality.

D) Windows Calculator performs arithmetic operations and cannot encrypt drives, manage recovery keys, or enforce compliance policies. It provides no data protection capability.

BitLocker with Active Directory recovery key integration is correct because it enforces full-disk encryption, centrally manages recovery keys, provides compliance reporting, and ensures enterprise-wide data security.

Question 189

A company wants to prevent execution of unapproved scripts and PowerShell commands, log all execution attempts, and enforce policies across all endpoints for compliance. Which solution BEST meets this requirement?

A) PowerShell Constrained Language Mode with AppLocker or Group Policy execution restrictions
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) PowerShell Constrained Language Mode with AppLocker or Group Policy execution restrictions

Explanation:

A) PowerShell Constrained Language Mode restricts which commands and scripts can be executed, limiting the potential for malicious activity. When combined with AppLocker or Group Policy execution restrictions, administrators can whitelist approved scripts and block unapproved ones. All execution attempts are logged for auditing, compliance, and forensic analysis. Centralized enforcement ensures uniform policy application across all domain-joined endpoints. This approach mitigates the risk of malware execution, insider threats, and accidental misconfigurations. Detailed logs allow correlation of activity with other security events, supporting proactive detection of abnormal or suspicious behavior. By restricting PowerShell execution and maintaining audit trails, organizations meet regulatory compliance requirements and reduce the attack surface. Centralized deployment and monitoring provide enterprise-wide consistency, ensuring all endpoints follow the same security posture.

B) Sticky Keys is an accessibility feature and cannot restrict scripts, enforce execution policies, or generate logs. It provides no security or compliance functionality.

C) Paint is a graphics application and cannot enforce PowerShell restrictions, block scripts, or log activity. It provides no enterprise-level auditing or security capability.

D) Windows Calculator performs arithmetic operations and cannot restrict scripts, enforce policies, or log execution. It provides no protection against unauthorized or malicious code.

PowerShell Constrained Language Mode with AppLocker or Group Policy execution restrictions is correct because it blocks unapproved scripts, logs activity, enforces centralized policies, and ensures auditing and compliance across all endpoints.

Question 190

A) Group Policy Device Installation Restrictions
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Group Policy Device Installation Restrictions

Explanation:

A) Group Policy Device Installation Restrictions allows administrators to specify which removable devices are authorized on Windows endpoints. Unauthorized devices are automatically blocked, preventing malware, ransomware, and unauthorized data exfiltration. Centralized enforcement through Active Directory ensures consistent application across all domain-joined endpoints. Detailed logs capture all blocked attempts, supporting forensic investigation, auditing, and regulatory compliance. Policies can be defined by hardware ID, vendor ID, or device type, providing granular control over removable storage. Automatic enforcement ensures enterprise-wide protection while maintaining operational efficiency. Logging and visibility into blocked attempts help reduce attack surfaces, enforce compliance policies, and protect sensitive data from malicious or unauthorized devices. Centralized management simplifies administration and ensures consistent security across the organization.

B) Sticky Keys is an accessibility feature and cannot block USB devices, enforce policies, or log attempts. It provides no enterprise-level security or compliance functionality.

C) Paint is a graphics application and cannot manage removable devices, prevent malware, or provide audit logs. It provides no security or compliance functionality.

D) Windows Calculator performs arithmetic operations and cannot enforce policies, block devices, or log activity. It provides no protection against malware or regulatory enforcement.

Group Policy Device Installation Restrictions is correct because it blocks unauthorized removable devices, centrally enforces policies, logs all attempts, and ensures enterprise-wide protection and regulatory compliance.

Question 191

A company wants to monitor Windows endpoints for unauthorized software installation, abnormal process activity, and suspicious network connections, and send alerts in real time. Which tool BEST meets this requirement?

A) Windows Defender Advanced Threat Protection (ATP)
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Windows Defender Advanced Threat Protection (ATP)

Explanation

A) Windows Defender ATP is an enterprise security platform designed to provide real-time monitoring, detection, and response for endpoints. It monitors system processes, registry changes, installed software, and network activity to detect anomalies that could indicate malware, ransomware, or unauthorized software installation. ATP uses behavioral analysis, heuristics, and cloud intelligence to identify threats that traditional antivirus solutions may miss. Alerts can be forwarded to security administrators or integrated SIEM platforms for centralized monitoring. ATP also maintains detailed logs of endpoint activity for auditing, forensic investigation, and compliance reporting. Centralized policy management allows consistent application of detection rules across all domain-joined endpoints. ATP can automatically respond to threats, such as isolating endpoints or terminating malicious processes, reducing potential damage. Integration with other Microsoft security services enhances visibility, correlation, and proactive threat mitigation across the enterprise. This solution provides both detection and response capabilities, making it ideal for organizations seeking comprehensive endpoint security monitoring and alerting.

B) Sticky Keys is an accessibility feature and cannot monitor software installations, process activity, or network connections. It provides no security or alerting capability.

C) Paint is a graphics application and cannot monitor endpoints, detect anomalies, or generate alerts. It provides no security or auditing functionality.

D) Windows Calculator performs arithmetic operations and cannot monitor system activity, detect malware, or provide alerts. It provides no enterprise-level security capability.

Windows Defender ATP is correct because it provides real-time monitoring of endpoint activity, detects suspicious behavior, integrates with SIEMs, generates alerts, and maintains audit logs for compliance and forensic purposes.

Question 192

A company wants to enforce multi-factor authentication (MFA) for all users accessing corporate resources, with adaptive policies based on device compliance and user risk, and ensure that all authentication events are logged. Which solution BEST meets this requirement?

A) Conditional Access Policies with MFA integrated into Active Directory
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Conditional Access Policies with MFA integrated into Active Directory

Explanation:

A) Conditional Access Policies provide adaptive access control by enforcing authentication requirements based on contextual factors such as network location, device compliance, and risk profile. MFA provides an additional authentication layer to protect against unauthorized access using compromised credentials. Integration with Active Directory allows centralized management and automatic policy enforcement across all domain-joined devices. Adaptive enforcement ensures MFA is required only when risk conditions are met, such as logging in from an untrusted network or using a non-compliant device. All authentication events, both successful and failed, are logged for auditing, compliance, and forensic investigation. SIEM integration allows real-time monitoring, correlation, and alerting on suspicious authentication patterns. This approach ensures enterprise-wide protection without significantly impacting legitimate user productivity, balancing security and operational efficiency. Centralized enforcement, logging, and risk-based authentication make it ideal for enterprise compliance and proactive threat mitigation.

B) Sticky Keys is an accessibility feature and cannot enforce MFA, log authentication attempts, or apply adaptive policies. It provides no security functionality.

C) Paint is a graphics application and cannot enforce authentication policies, log access attempts, or provide adaptive security. It provides no enterprise-level security capability.

D) Windows Calculator performs arithmetic operations and cannot enforce MFA, monitor authentication, or log events. It provides no security functionality.

Conditional Access Policies with MFA integrated into Active Directory is correct because it provides centralized, adaptive, risk-based authentication enforcement, logs all events, and ensures enterprise-wide security and compliance.

Question 193

A company wants to prevent execution of unapproved applications and scripts, maintain logs of allowed and blocked activity, and enforce policies across all endpoints for compliance. Which solution BEST meets this requirement?

A) AppLocker with Group Policy integration
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) AppLocker with Group Policy integration

Explanation:

A) AppLocker allows administrators to create rules controlling the execution of executables, scripts, Windows Installer files, and packaged applications. Rules can be defined using publisher signatures, file paths, or cryptographic hashes. Integration with Group Policy ensures consistent enforcement across all domain-joined endpoints. AppLocker logs all allowed and blocked activity, providing a detailed audit trail for compliance, regulatory reporting, and forensic investigation. Application whitelisting reduces risk from malware, ransomware, and unauthorized software installation. Administrators can create granular rule collections for different types of applications, ensuring precise enforcement while maintaining operational efficiency. Centralized management reduces administrative overhead and ensures enterprise-wide consistency. Logging and reporting allow detection of policy violations, proactive threat mitigation, and regulatory compliance. This approach ensures only approved applications run on endpoints while providing visibility and control over all execution activity.

B) Sticky Keys is an accessibility feature and cannot block applications, enforce execution policies, or maintain logs. It provides no enterprise-level security or auditing functionality.

C) Paint is a graphics application and cannot restrict software execution or monitor processes. It provides no security or compliance functionality.

D) Windows Calculator performs arithmetic operations and cannot enforce execution policies, block software, or log activity. It provides no protection against unauthorized applications.

AppLocker with Group Policy integration is correct because it enforces whitelisting, blocks unapproved applications, logs execution activity, and ensures enterprise-wide compliance and security.

Question 194

A company wants to collect Windows endpoint logs centrally, encrypt them in transit, filter relevant events, and forward them to a SIEM for real-time alerting, correlation, and compliance reporting. Which solution BEST meets this requirement?

A) Windows Event Forwarding (WEF) with SIEM integration
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Windows Event Forwarding (WEF) with SIEM integration

Explanation:

A) Windows Event Forwarding allows administrators to centrally collect security, system, and application logs from multiple endpoints. Logs can be encrypted using HTTPS or Kerberos to ensure confidentiality and integrity. Subscriptions can be configured to forward only relevant events, such as failed logins, privilege escalation attempts, or critical system alerts, reducing noise and focusing on actionable security events. Integration with SIEM platforms enables real-time correlation, alerting, and compliance reporting. WEF scales to enterprise environments with thousands of endpoints, providing a centralized, secure, and scalable solution for log collection and monitoring. Centralized log collection allows rapid detection of anomalies, operational monitoring, and enterprise-wide security visibility. Detailed audit trails enable forensic investigation, regulatory compliance, and incident response. Secure transmission, filtering, SIEM integration, and logging provide comprehensive monitoring and compliance capabilities across the enterprise.

B) Sticky Keys is an accessibility feature and cannot collect, encrypt, forward, or filter logs. It provides no monitoring, alerting, or compliance functionality.

C) Paint is a graphics application and cannot capture, transmit, filter, or forward logs. It provides no centralized monitoring or compliance capability.

D) Windows Calculator performs arithmetic operations and cannot forward logs, encrypt them, or generate alerts. It provides no monitoring or security functionality.

Windows Event Forwarding with SIEM integration is correct because it securely collects logs, filters events, enables real-time alerting, and ensures enterprise-wide auditing and compliance readiness.

Question 195

A company wants to prevent malware propagation through removable USB storage, allow only authorized devices, centrally enforce policies, and log all blocked attempts for auditing and compliance. Which solution BEST meets this requirement?

A) Group Policy Device Installation Restrictions
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Group Policy Device Installation Restrictions

Explanation:

A) Group Policy Device Installation Restrictions enables administrators to specify which removable devices are authorized on Windows endpoints. Unauthorized devices are automatically blocked, preventing malware, ransomware, and unauthorized data exfiltration. Centralized enforcement via Active Directory ensures consistent application across all domain-joined devices. Detailed logs capture all blocked attempts, supporting auditing, forensic investigation, and regulatory compliance. Policies can be defined based on hardware ID, vendor ID, or device type, allowing granular control over removable storage. Automatic enforcement ensures enterprise-wide protection while maintaining operational efficiency. Logging and visibility into blocked attempts help reduce attack surfaces, enforce compliance, and protect sensitive data from malicious or unauthorized devices. Centralized management simplifies administration and ensures consistent security posture across the organization.

B) Sticky Keys is an accessibility feature and cannot block USB devices, enforce policies, or log attempts. It provides no enterprise-level security or compliance functionality.

C) Paint is a graphics application and cannot manage removable devices, block malware, or provide audit logs. It provides no security or compliance functionality.

D) Windows Calculator performs arithmetic operations and cannot enforce policies, block devices, or log activity. It provides no protection against malware or regulatory enforcement.

Question 196

A company wants to enforce centralized endpoint antivirus policies, ensure real-time protection, schedule scans, and maintain detailed logs for auditing and compliance. Which solution BEST meets this requirement?

A) Group Policy for Windows Defender Antivirus
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Group Policy for Windows Defender Antivirus

Explanation:

A) Group Policy for Windows Defender Antivirus allows centralized management of antivirus settings across all domain-joined endpoints. Administrators can enable real-time protection to monitor active processes and automatically block malicious activity. Scheduled scans can be configured to run during off-peak hours to reduce system impact while maintaining security. Policies can define exclusions, configure cloud-delivered protection, and specify actions for detected threats, ensuring consistent enforcement. Detailed logging captures all malware detections, blocked files, scan results, and security events, supporting regulatory compliance, auditing, and forensic investigation. Integration with Security Center and SIEM platforms allows centralized monitoring, alerting, and reporting. Centralized management reduces administrative overhead and ensures uniform antivirus protection across the enterprise. By enforcing policies through Group Policy, organizations maintain operational efficiency, minimize the risk of infection, and meet compliance requirements.

B) Sticky Keys is an accessibility feature and cannot enforce antivirus policies, monitor malware, schedule scans, or generate logs. It provides no enterprise-level security capability.

C) Paint is a graphics application and cannot monitor or block malware, schedule scans, or maintain logs. It provides no security or compliance functionality.

D) Windows Calculator performs arithmetic operations and cannot enforce antivirus policies, detect malware, or generate logs. It provides no protection or compliance functionality.

Group Policy for Windows Defender Antivirus is correct because it centrally enforces antivirus policies, supports real-time protection, maintains detailed logs, and ensures enterprise-wide compliance and security.

Question 197

A company wants to monitor Windows endpoints for unusual login activity, failed logins, and privilege escalations, and forward these events to a SIEM for real-time correlation and alerting. Which solution BEST meets this requirement?

A) Windows Event Forwarding (WEF) with SIEM integration
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Windows Event Forwarding (WEF) with SIEM integration

Explanation:

A) Windows Event Forwarding enables centralized collection of security, system, and application logs, including critical events like failed logins, account lockouts, and privilege escalation attempts. Event subscriptions can filter only relevant data, reducing noise while ensuring actionable events are collected. Logs can be encrypted using HTTPS or Kerberos to maintain security during transmission. Integration with SIEM allows real-time correlation, alerting, and reporting of security events. Centralized log collection ensures enterprise-wide visibility and supports incident response, forensic investigation, and regulatory compliance. WEF scales to thousands of endpoints while maintaining detailed logs for auditing purposes. Administrators can use collected events to detect anomalies, respond proactively, and maintain an accurate audit trail. Secure transmission, filtering, SIEM integration, and logging combine to provide a robust, enterprise-ready monitoring solution. This ensures rapid detection of security incidents, maintains audit records, and supports compliance requirements.

B) Sticky Keys is an accessibility feature and cannot collect, encrypt, forward, or analyze login events. It provides no monitoring or compliance capability.

C) Paint is a graphics application and cannot monitor logins, forward logs, or detect anomalies. It provides no security or enterprise-level monitoring.

D) Windows Calculator performs arithmetic operations and cannot collect, forward, or analyze security events. It provides no monitoring or alerting functionality.

Windows Event Forwarding with SIEM integration is correct because it centrally collects relevant security events, forwards them securely, enables real-time correlation and alerting, and ensures auditing and compliance readiness.

Question 198

A) BitLocker with Active Directory recovery key integration
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) BitLocker with Active Directory recovery key integration

Explanation:

A) BitLocker provides full-disk encryption to protect data at rest on endpoints. Centralized recovery key storage in Active Directory allows administrators to recover encrypted drives if users forget passwords or lose recovery keys. Automatic encryption can be enforced via policy, ensuring all endpoints are compliant. Logging of encryption and recovery events supports auditing, compliance reporting, and forensic investigation. Centralized management reduces administrative burden and ensures uniform policy enforcement. BitLocker prevents unauthorized access to data on lost or stolen devices while allowing secure recovery for legitimate users. Integration with Active Directory enables administrators to track encryption status, enforce mandatory encryption, and securely retrieve recovery keys. Reporting and logging capabilities support compliance with regulatory frameworks such as HIPAA, GDPR, and PCI-DSS. Full-disk encryption ensures enterprise-wide data protection while maintaining operational recovery options.

B) Sticky Keys is an accessibility feature and cannot encrypt drives, store recovery keys, or enforce compliance policies. It provides no enterprise-level data protection.

C) Paint is a graphics application and cannot encrypt drives, manage recovery keys, or generate compliance reports. It provides no security functionality.

D) Windows Calculator performs arithmetic operations and cannot encrypt drives, manage recovery keys, or enforce compliance policies. It provides no data protection capability.

Question 199

A) PowerShell Constrained Language Mode with AppLocker or Group Policy execution restrictions
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) PowerShell Constrained Language Mode with AppLocker or Group Policy execution restrictions

Explanation:

A) PowerShell Constrained Language Mode restricts commands and scripts to a limited set of approved functionality, mitigating potential malicious activity. Combined with AppLocker or Group Policy execution restrictions, administrators can whitelist approved scripts while blocking all others. All execution attempts, whether allowed or blocked, are logged for auditing, compliance, and forensic analysis. Centralized enforcement ensures consistent policy application across all domain-joined endpoints. This solution reduces risk from malware execution, insider threats, and accidental misconfigurations. Logs provide detailed insight into execution activity, allowing correlation with other security events to detect suspicious behavior. Centralized management ensures enterprise-wide enforcement of execution policies. Regulatory compliance is supported through detailed logging, enforcement, and control of script execution. This approach maintains operational efficiency while ensuring security and audit readiness.

B) Sticky Keys is an accessibility feature and cannot restrict scripts, enforce execution policies, or log execution attempts. It provides no security functionality.

C) Paint is a graphics application and cannot enforce PowerShell restrictions, block scripts, or generate logs. It provides no enterprise-level auditing or security capabilities.

D) Windows Calculator performs arithmetic operations and cannot restrict scripts, enforce policies, or log execution attempts. It provides no protection against malicious or unapproved code.

PowerShell Constrained Language Mode with AppLocker or Group Policy execution restrictions is correct because it blocks unapproved scripts, logs activity, enforces policies, and ensures auditing and compliance across all endpoints.

Question 200

A) Group Policy Device Installation Restrictions
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Group Policy Device Installation Restrictions

Explanation:

A) Group Policy Device Installation Restrictions is a Windows security feature that allows administrators to define which removable devices, such as USB drives, external hard drives, or other plug-and-play storage devices, are authorized for use on corporate endpoints. By specifying allowed devices, organizations can automatically block unauthorized hardware, mitigating the risk of malware propagation, ransomware infection, and unauthorized data exfiltration. This capability is critical in enterprise environments, as removable media is a common vector for malicious software to infiltrate systems or spread laterally across networks.

The solution leverages Active Directory (AD) and Group Policy Objects (GPOs) to centrally enforce device access policies across all domain-joined endpoints. This centralized approach ensures consistent policy application, reducing the risk of policy misconfigurations and ensuring that all devices comply with corporate security standards. Administrators can define rules based on hardware IDs, vendor IDs, or device types, providing granular control over removable media. This allows organizations to permit only corporate-issued or approved USB drives while blocking personal or untrusted devices, maintaining security without hindering legitimate operations.

Automatic enforcement is a key benefit of this solution. Once policies are deployed, Windows endpoints automatically enforce the restrictions without requiring user intervention. Users attempting to connect unauthorized devices are immediately denied access, preventing malware introduction and protecting sensitive corporate data. This real-time enforcement reduces the attack surface and ensures that endpoints are always protected, even if users attempt to bypass controls.

A critical feature of Group Policy Device Installation Restrictions is detailed logging and auditing. All blocked attempts are recorded in the Windows Event Log, capturing information such as the device details, the user account involved, and the time of the attempt. This logging supports forensic investigation in the event of security incidents, allowing IT teams to track attempts to circumvent policies or identify patterns that could indicate a broader security threat. Additionally, these logs facilitate regulatory compliance by providing evidence that controls are in place and functioning correctly, supporting audits for frameworks such as HIPAA, PCI DSS, SOX, and GDPR.

Group Policy Device Installation Restrictions also allows organizations to scale enterprise-wide. Policies can be applied to multiple organizational units (OUs) or specific groups of users, enabling tailored security configurations for different departments or roles. For example, finance or research departments might have stricter device restrictions, while general administrative staff could have more flexible controls. This flexibility ensures that security policies do not impede business operations while maintaining strong protection against removable media risks.

B) Sticky Keys is an accessibility feature that allows users to execute key combinations sequentially rather than simultaneously. While useful for individuals with certain physical disabilities, it provides no functionality for blocking devices, enforcing security policies, or generating audit logs. It cannot prevent malware propagation and offers no enterprise-level compliance capabilities.

C) Paint is a graphics application used for image creation and editing. While it is a productivity tool, Paint has no capability to manage removable devices, enforce security policies, or log blocked attempts. It cannot prevent malware, nor can it support enterprise compliance requirements.

D) Windows Calculator is a utility for performing arithmetic operations. It provides no mechanisms for controlling device access, enforcing policies, or recording security events. It cannot protect endpoints from malware threats or provide auditing functionality.

In summary, Group Policy Device Installation Restrictions is the only solution among the options that:

Automatically blocks unauthorized removable devices, reducing the risk of malware and unauthorized data transfer.

Provides centralized enforcement through Active Directory, ensuring consistent application across all domain-joined endpoints.

Offers granular control over device access by hardware ID, vendor ID, or device type.

Generates detailed logs of all blocked attempts for forensic investigation, auditing, and regulatory compliance.

Supports enterprise-wide scalability while maintaining operational efficiency and security.

Sticky Keys, Paint, and Windows Calculator do not offer any device management, enforcement, or auditing capabilities. Therefore, Group Policy Device Installation Restrictions is the correct choice because it ensures automated, centralized, and auditable protection against unauthorized removable devices, supporting both enterprise security and regulatory compliance.

Related posts: