CompTIA  220-1102    A+ Certification Exam: Core 2   Dumps and Practice Test Questions Set 1 Q1-20

Visit here for our full CompTIA 220-1102 exam dumps and practice test questions.

Question 1

A user reports that their Windows 10 laptop is running extremely slow after startup, and the Task Manager shows 100% disk usage for several minutes. Which of the following is the MOST likely cause?

A) A failing hard drive
B) A misconfigured BIOS
C) An unplugged power adapter
D) A disconnected network cable

Answer: A) A failing hard drive

Explanation:

A) A failing hard drive can cause extremely high disk usage at startup. When a mechanical drive begins to degrade, the system may struggle to read and write data efficiently, resulting in delays, system freezing, and long load times. Windows often tries to access system files, page files, and background services when booting up. If the drive is encountering read or write errors, it attempts repeated retries, causing prolonged 100% disk usage. This is one of the most common reasons for sustained disk utilization immediately after logging in and can continue for several minutes. Users often notice clicking sounds or slow application launching, and system utilities like SMART monitoring can reveal warnings or bad sectors. This aligns closely with symptoms such as high lag, slow response, and extended boot times.

B) A misconfigured BIOS generally affects system startup prior to Windows loading. Problems like incorrect boot order, disabled drives, incompatible settings, or outdated firmware usually cause inability to boot, restart loops, or POST errors. Once Windows is running, disk usage would not spike because of BIOS settings. While BIOS settings can influence system performance indirectly, they do not typically cause excessive disk usage inside Windows. Common BIOS problems include disabled virtualization, wrong system clock, or misconfigured SATA modes, but these do not result in 100% utilization in Task Manager.

C) An unplugged power adapter would cause the laptop to switch to battery mode, potentially reducing performance if the system uses battery-saving profiles. Even in reduced power mode, however, disk usage would not automatically max out at 100%. Power-saving may throttle CPU speed, lower screen brightness, or disable some background tasks, but disk access patterns remain consistent. Symptoms would include slower processing or dim display rather than high disk access. Thus, it cannot fully explain why disk usage would be overwhelming the system.

D) A disconnected network cable affects internet and network connectivity, not disk performance. When a cable is unplugged, the user may experience inability to reach shared drives, cloud storage, or online resources. It does not place heavy demand on local storage. Windows may log network errors or briefly attempt to reconnect, but it will not cause sustained high disk usage after startup. Disk performance issues require a direct cause related to storage—not networking.

The failing hard drive is the correct explanation because it directly impacts how efficiently Windows can access files and resources. When the drive is degrading, Windows experiences significant delays during read/write operations. This leads to high disk usage and wide performance problems. None of the other situations create persistent 100% disk utilization immediately after startup, making the hard drive failure the most accurate and probable cause.

Question 2

 

A technician wants to configure a Windows computer so that users cannot install unauthorized software. Which of the following features should be enabled?

A) User Account Control
B) System Restore
C) Remote Assistance
D) Disk Cleanup

Answer: A) User Account Control

Explanation:

A) User Account Control helps prevent unauthorized software installations by requiring administrative approval for changes that affect system settings or install programs. When properly configured, standard users cannot proceed with installations, as they lack administrative credentials. This is a primary security feature designed to protect against accidental or malicious modifications. It creates prompts when software attempts elevation, ensuring that only authorized users can approve actions. UAC is a critical tool in enterprise environments where unauthorized software could lead to malware infections or policy violations. By preventing silent installations, it reinforces system integrity and reduces risk.

B) System Restore is a recovery mechanism used to revert a system to a previous state. While valuable for restoring after faulty updates or software issues, it does not prevent unauthorized installations from occurring. It also does not block users from running installers or modifying critical settings. Instead, it is used after problems occur. Its purpose is to “undo” unwanted changes, not prevent them. Therefore, it cannot reliably control user behavior regarding installations.

C) Remote Assistance provides a way for technicians to connect to a user’s system and help troubleshoot. It does not enforce security policies or restrict software installations. While it allows support personnel to guide users, it offers no automatic method of blocking unauthorized activity. It is purely a remote support tool and not a preventative security feature.

D) Disk Cleanup removes temporary files, system caches, and unnecessary data to free storage space. It does not provide security configurations and cannot control whether software is installed. Even if storage becomes limited, users can still install software. This tool is purely for maintenance and performance optimization, not for preventing system modifications.

User Account Control is the correct selection because it directly enforces restrictions around program installations. It is a preventative security measure that stops unauthorized programs from executing elevated operations. The other options serve unrelated purposes—recovery, remote support, and storage maintenance—and therefore do not block software installation attempts. UAC alone provides the intended security outcome.

Question 3

 A technician notices that a user repeatedly falls for phishing emails. Which of the following is the BEST preventive measure?

A) Security awareness training
B) Installing a faster CPU
C) Replacing the user’s laptop
D) Increasing screen resolution

Answer: A) Security awareness training

Explanation:

A) Security awareness training addresses the root cause of phishing vulnerability: user behavior. Many successful cyberattacks occur because users unknowingly click malicious links or disclose personal data. Training helps users identify suspicious messages, verify sender identity, recognize fraudulent websites, and avoid social engineering traps. This can drastically reduce incidents by teaching recognition and caution. Effective training includes simulations, examples, regular refreshers, and clear reporting protocols. It is widely considered the strongest defense strategy against phishing threats, as it targets human error rather than hardware or software limitations.

B) Installing a faster CPU has no connection to phishing prevention. CPU performance affects processing speed, multitasking, and computational tasks. Phishing is a social engineering attack based on deception, not system performance. Upgrading hardware will not stop users from clicking malicious links or providing sensitive data.

C) Replacing the user’s laptop also does nothing to address phishing behavior. Whether the user has a new or old device, phishing succeeds by manipulating individuals. The operating system and hardware are irrelevant to a user’s susceptibility to fraudulent communication. Without behavioral change, the user remains at risk regardless of the system used.

D) Increasing screen resolution improves display clarity but has no effect on identifying phishing scams. Visual resolution enhancement does not change user judgment, email examination skills, or understanding of threats. It provides no protection from deceptive messages.

Security awareness training is the correct choice because it directly reduces the human vulnerabilities that phishing attacks exploit. Hardware and display changes cannot influence user decision-making or prevent social engineering tactics, making training the only meaningful preventive solution.

Question 4

A technician needs to access a Windows system’s advanced troubleshooting tools because it will not boot normally. Which method should the technician use?

A) Interrupt the boot process three times
B) Run Disk Cleanup
C) Open Task Manager
D) Update GPU drivers

Answer: A) Interrupt the boot process three times

Explanation:

A) Interrupting the boot process forces Windows to launch the Recovery Environment. This provides access to advanced troubleshooting such as Startup Repair, Safe Mode, Command Prompt, and System Restore. Repeated interruption signals to Windows that normal startup is failing. This method is commonly used when the system cannot reach the login screen. It reliably triggers recovery tools without requiring access to the OS. Once inside the recovery menu, the technician can perform diagnostics or repair steps needed to restore functionality.

B) Disk Cleanup cannot be used when the system fails to boot. It requires Windows to operate normally. Even if accessible, cleaning temporary files is unrelated to boot failures. Disk Cleanup does not fix corrupted system files, driver issues, or bootloader problems. It is intended for freeing storage and improving performance, not for resolving pre-boot errors.

C) Task Manager is only available once Windows has loaded to the desktop or at least reached the login screen. A system that will not boot cannot use Task Manager. Additionally, Task Manager is not designed for repairing boot issues. Its scope is process monitoring and application termination, not recovery operations.

D) Updating GPU drivers has no relevance to a system that cannot boot. Driver updates require an active, functioning operating system. Furthermore, GPU drivers do not generally prevent Windows from booting unless severely corrupted, and even then, recovery tools—not driver updates—are needed to resolve the issue. You cannot access driver update features from a non-booting environment.

Interrupting the boot process is correct because it directly triggers the recovery environment, granting access to tools specifically designed to address startup failures. None of the other actions can be performed without a functioning OS, nor do they provide pre-boot recovery access.

Question 5

 A system administrator wants to ensure that employees cannot run applications downloaded from unknown sources unless the administrator approves them. What Windows feature should be configured?

A) AppLocker
B) Task Scheduler
C) Disk Defragmenter
D) Bluetooth settings

Answer: A) AppLocker

Explanation:

A) AppLocker allows administrators to define rules that control which applications, scripts, installers, and packaged apps users may run. It enforces whitelisting, meaning only approved software is allowed. It can block unsigned or unknown applications, restrict execution based on publisher, file hash, or path, and ensure users cannot run unauthorized or potentially malicious software. This feature is commonly used in enterprise environments to enforce strict application control policies. It prevents accidental installation of harmful software and supports compliance and security policies.

B) Task Scheduler automates tasks such as backups, updates, or launching programs at set times. It cannot block unauthorized applications nor enforce restrictions. While powerful for automation, it plays no role in security or application whitelisting.

C) Disk Defragmenter manages file organization on the disk to improve speed. It has no security or application control capabilities. It cannot restrict software execution or determine the trustworthiness of applications.

D) Bluetooth settings control wireless pairing and device communication. These settings do not restrict application execution. Bluetooth configuration relates to hardware connectivity, not application security.

AppLocker is correct because it directly enforces which programs may or may not run on a system. It ensures only administrator-approved applications execute, addressing the problem precisely. The other tools deal with automation, storage maintenance, or hardware connectivity and do not provide application control.

Question 6

 A technician is configuring a Windows 11 computer for a user who should not be able to modify system-wide settings, install software, or change security policies. Which type of account should the technician assign?

A) Standard account
B) Administrator account
C) Power user account
D) Guest account

Answer: A) Standard account

Explanation:

A) A standard account is designed to limit user privileges so that system-wide settings cannot be modified and software cannot be installed without elevated approval. This makes it the appropriate level for regular employees or individuals who should not have administrative capabilities. Standard accounts can use applications and change personal settings but cannot modify anything that affects the entire system or its security posture. This contributes to better security, prevents accidental misconfigurations, and restricts malware installation that requires elevated permissions.

B) An administrator account grants full privileges to change system settings, install software, modify security configurations, manage other user accounts, and adjust system files. Assigning this level would allow the user unrestricted access, defeating the purpose of limiting what they can do. Administrator rights enable tasks that can inadvertently disrupt system stability or expose the system to risk. It is meant for IT personnel, not end users.

C) A power user account historically existed in older versions of Windows such as Windows XP, but modern versions have deprecated these distinctions. Even where it existed, the category sat between standard and administrator but still granted elevated control over system elements including installing certain software and modifying configurations. This no longer exists as a functional category in Windows 10 and 11, and even if it did, it would not satisfy the requirement for restricting system modifications.

D) A guest account allows minimal functionality and is intended for temporary use. It does not provide a personalized user profile nor the ability to save many settings long term. While it restricts system modifications, it is not suited for daily work. Additionally, many Windows versions disable or remove guest accounts due to security concerns. Guest accounts lack needed capabilities for a regular user.

The standard profile is correct because it provides enough functionality for everyday tasks while preventing unauthorized system changes. The other options either grant too much power or too little functionality. The administrator level is excessive; the deprecated power user category doesn’t meet the requirements; the guest profile is not appropriate for regular use. The standard profile strikes the proper balance for user productivity and system safety.

Question 7

 A company wants employees to authenticate using a PIN, fingerprint, or facial recognition instead of passwords when signing into Windows 10. Which feature should be configured?

A) Windows Hello
B) BitLocker
C) Credential Manager
D) Task Scheduler

Answer: A) Windows Hello

Explanation:

A) Windows Hello enables biometric and PIN-based authentication systems in Windows 10 and 11. It supports facial recognition, fingerprint login, and PIN entry, offering stronger security than passwords because the credentials are stored securely and are device-specific. Biometric authentication improves usability while reducing password-related risks. It helps organizations enforce modern authentication standards and protect devices against unauthorized access. Configuring Windows Hello requires compatible hardware and administrator configuration, making it the correct method for allowing users to sign in without traditional passwords.

B) BitLocker encrypts entire drives to protect data at rest. It does not provide authentication methods for signing in; instead, it protects storage media and prevents unauthorized access if the device is stolen. It may work with authentication frameworks, but it is not itself a login method.

C) Credential Manager stores user credentials like website logins, mapped network drive passwords, or application passwords. It cannot replace password authentication for Windows sign-in. Instead, it stores and manages existing credentials rather than enabling new authentication methods.

D) Task Scheduler automates system tasks such as scripts, backups, or scheduled application launches. It has no relationship with authentication methods or biometric login systems. It cannot enforce login changes or authentication policies.

Windows Hello is correct because it provides exactly the authentication methods described: fingerprint, facial recognition, and PIN login. The other tools serve different functions entirely and cannot alter how users sign in to Windows.

Question 8

 A technician suspects that a Windows system is infected with malware. Which of the following should the technician do FIRST?

A) Isolate the system from the network
B) Format the hard drive
C) Install all pending Windows updates
D) Delete temporary files

Answer: A) Isolate the system from the network

Explanation:

A) The first step when malware infection is suspected is to isolate the system from the network. This prevents the threat from spreading to other systems, stops the malware from communicating with external command-and-control servers, and prevents data exfiltration. Isolation is a containment measure, ensuring that the infection remains limited. Once the system is disconnected, a technician can proceed with diagnostics, removal procedures, and deeper analysis. This is a foundational principle of incident response: contain first, remediate second.

B) Formatting the hard drive is an extreme, last-resort action. It erases all data and applications entirely. While it does remove malware, it is not appropriate as a first step. Important data would be lost, no analysis could be done, and the damage assessment would be incomplete. It should only be considered when all other remediation attempts fail.

C) Installing Windows updates during an infection may worsen the situation. Malware could interfere with updates, corrupt system files, or exploit the process. Updates do not remove malware, and attempting them before containment can allow malware to spread or persist. Updates should only be applied later, after complete cleaning.

D) Deleting temporary files does not eliminate malware. While temporary files may sometimes store malicious scripts, deleting them does not address deeper infections or active processes. It is a cleanup procedure, not a containment or remediation step.

Isolation is the correct first step because it prevents harm to other systems and limits the malware’s capabilities. All other actions are either remediation steps to be taken later or actions that do not address the immediate threat. Containment always precedes eradication.

Question 9

 A Windows user reports that applications often freeze and the system displays “Low Memory” warnings. The technician checks and finds that multiple large programs are running simultaneously and consuming excessive RAM. What is the BEST solution?

A) Increase the system’s physical memory
B) Replace the keyboard
C) Adjust monitor brightness
D) Change wallpaper resolution

Answer: A) Increase the system’s physical memory

Explanation:

A) Upgrading physical memory directly resolves low-RAM issues by allowing more applications to run concurrently without performance degradation. When RAM runs low, Windows resorts to paging, writing memory contents to disk, which slows the system dramatically. Increasing the memory prevents constant paging, eliminates freeze-ups, and supports heavier workloads. This is the most effective and permanent solution for users who regularly run large or numerous applications.

B) Replacing the keyboard does not affect system performance or memory usage. Peripheral components unrelated to system memory cannot resolve low-memory warnings.

C) Adjusting the monitor’s brightness only affects display comfort and power usage. It does not influence memory capacity or application behavior. System freezes caused by insufficient RAM cannot be addressed by display settings.

D) Changing wallpaper resolution affects aesthetic appearance only. It has negligible impact on memory consumption and cannot solve problems involving heavy RAM usage by applications.

Increasing the physical memory is correct because it directly addresses the cause: insufficient RAM for the user’s workload. The other choices have no relationship to system memory or performance and cannot resolve application freeze-ups caused by low resources.

Question 10

A technician wants to ensure that users receive critical security patches automatically on their Windows 10 machines. Which feature should be enabled?

A) Windows Update
B) File Explorer
C) Disk Management
D) Notepad

Answer: A) Windows Update

Explanation:

A) Windows Update is designed to automatically download and install security patches, feature updates, and bug fixes. Enabling it ensures systems remain protected against vulnerabilities, malware exploits, and stability issues. Security patches are crucial to maintaining system integrity, and Windows Update provides automated mechanisms for retrieving them from Microsoft servers. Administrators can configure policies to enforce update installation times, defer feature updates, or manage reboots.

B) File Explorer allows users to navigate files and folders but has no function related to updates or patch management. It cannot ensure systems receive security improvements or manage update schedules.

C) Disk Management helps configure disk partitions, volumes, and storage devices. It has no role in obtaining or installing updates. Patch management does not involve manipulating disk partitions or storage structures.

D) Notepad is a basic text editor. It cannot manage system updates, enforce patching, or interact with Windows security infrastructure. It is purely an editing tool.

Windows Update is correct because it directly performs the task described: delivering and installing security patches. The other items are general system tools unrelated to update handling.

Question 11

An enterprise administrator is deploying Windows 11 to hundreds of laptops using a fully automated installation process. The image must include customized applications, preconfigured user settings, security policies, and must automatically join the domain after installation. Which technology BEST accomplishes this?

A) Sysprep with an unattended answer file
B) Windows Recovery Environment
C) Task Manager
D) Event Viewer

Answer: A) Sysprep with an unattended answer file

Explanation

A) Sysprep with an unattended answer file is specifically designed to prepare large-scale deployments where a fully automated, repeatable installation is necessary. Sysprep generalizes the installation, removes unique system identifiers, and prepares the operating system to deploy across many devices. The unattended answer file defines settings such as domain join automation, default user configuration, application installation parameters, and policy enforcement. This approach avoids manual interaction during installation, ensures consistency across every deployed machine, and dramatically increases deployment efficiency. It is a professional-grade solution used in enterprise imaging environments.

B) Windows Recovery Environment is used for repair operations, troubleshooting startup issues, recovering from system failures, and restoring system images. It is not designed to automate mass deployment, embed customized settings, or join devices to a domain during installation. It serves a recovery role, not a deployment one, and therefore does not meet the requirements for automated enterprise rollouts.

C) Task Manager is a monitoring and management tool used primarily to view running processes, measure system performance, and terminate unresponsive applications. It cannot create automated deployments, configure operating system installations, embed custom applications, or manage domain joins. Its functionality is limited to runtime process management, not OS provisioning.

D) Event Viewer provides a logging interface for system and application events. While essential for auditing and troubleshooting, it cannot automate installations, configure images, embed applications, or support domain enrollment during OS deployment. It is a diagnostic tool, not a deployment automation solution.

Sysprep and an unattended answer file are correct because they enable complete automation of installation, integrate configuration settings, and ensure each deployed machine meets organizational requirements without manual input. Other listed items serve maintenance, monitoring, or recovery roles and cannot perform enterprise-level OS deployment tasks.

Question 12

A security analyst needs to implement a solution that prevents unauthorized applications from running on Windows systems unless they are explicitly approved. The organization wants to tightly control software execution to reduce malware risk. Which Windows feature should be enabled?

A) AppLocker
B) Disk Defragmenter
C) System Restore
D) File History

Answer: A) AppLocker

Explanation:

A) AppLocker provides granular application control by defining which executable files, scripts, packaged apps, and installers are permitted to run on a Windows system. Administrators can whitelist trusted applications and block all others. This approach significantly limits attack surfaces because malicious software cannot execute unless explicitly authorized. AppLocker rules can be centrally managed through group policies, making them ideal for enterprise-wide enforcement. It also supports rule creation based on publisher, path, or file hash, providing fine-tuned flexibility.

B) Disk Defragmenter optimizes hard drive performance by reorganizing file placement. It has no security enforcement capabilities and cannot control program execution. It improves performance on certain drive types but offers no protection against unauthorized applications or malware.

C) System Restore creates restore points to revert system configurations to
previous states. While useful for recovering from misconfigurations or malware infections, it does not prevent unauthorized software from running. System Restore deals with recovery, not prevention.

D) File History creates user data backups to protect against accidental deletion or modification. This tool safeguards user files but cannot restrict application execution or enforce security rules. It does nothing to reduce the chance of malware launching.

AppLocker is the correct choice because it directly enforces application control policies, preventing unauthorized programs from running. It is a proactive security measure designed for enterprise-level software compliance. The other features provide performance improvements or recovery options but do not restrict software execution.

Question 13

 A technician is troubleshooting a Windows 10 system that is crashing frequently. The system creates memory dump files, and the administrator wants to analyze these dumps to identify the driver causing the failure. Which tool is BEST suited for this purpose?

A) WinDbg
B) MSConfig
C) Windows Defender Firewall
D) DirectX Diagnostic Tool

Answer: A) WinDbg

Explanation:

A) WinDbg is a powerful debugging tool included in the Windows Debugging Tools suite. It is designed specifically to analyze crash dump files, identify problematic drivers, inspect kernel-level processes, interpret stop codes, and diagnose advanced system failures. It can load memory dumps, allow step-by-step inspection, and display detailed driver call stacks. Security researchers, system engineers, and advanced technicians rely on WinDbg for deep diagnostic work. It is the industry-standard tool for analyzing Blue Screen of Death (BSOD) crash dumps.

B) MSConfig is useful for managing startup processes, selecting diagnostic boot modes, and identifying conflicts that arise during startup. However, it cannot analyze memory dumps, interpret kernel crashes, or identify faulty drivers using crash data. It is a configuration utility, not a debugging tool.

C) Windows Defender Firewall controls network traffic by enforcing inbound and outbound rules. It has no functionality to inspect memory dump files or troubleshoot system crashes. Its purpose is security, not diagnostic analysis of crashes.

D) The DirectX Diagnostic Tool gathers information about graphics, display drivers, sound components, and DirectX functionality. It can help identify issues with graphics drivers but cannot analyze system-wide crash dump files. It does not load memory dumps or identify causes of BSOD events unrelated to DirectX.

WinDbg is correct because it directly analyzes memory dumps and pinpoints failing drivers. The other tools have unrelated functions and cannot inspect or interpret crash data.

Question 14

A company uses mobile device management (MDM) to secure smartphones. The IT department wants to ensure that if a device is lost, corporate emails, documents, and internal application data can be wiped without affecting the employee’s personal photos, contacts, or apps. Which feature fulfills this requirement?

A) Remote selective wipe
B) Full factory reset
C) Jailbreaking
D) Screen rotation lock

Answer: A) Remote selective wipe

Explanation:

A) A remote selective wipe allows administrators to remove only corporate data, applications, and configurations deployed through the MDM while leaving personal content untouched. This feature is critical in Bring Your Own Device (BYOD) environments where employees use personal devices for corporate work. Selective wipe preserves privacy, avoids personal data loss, and maintains compliance with legal requirements. It also enables IT to protect sensitive corporate information if the device is compromised or lost, while minimizing employee disruption.

B) A full factory reset erases all data, including personal photos, messages, and applications. While effective for removing corporate information, it violates the requirement of preserving personal data. It is too destructive for scenarios where only corporate content needs removal.

C) Jailbreaking removes manufacturer restrictions and security controls, allowing unauthorized modifications. It compromises device security and violates corporate policy. It cannot selectively remove employer data, nor is it an administrative function used in MDM systems.

D) Screen rotation lock affects display orientation only. It has no relationship to security, BYOD policies, or remote wiping capabilities. It cannot remove data or protect corporate information.

Remote selective wipe is correct because it achieves the exact goal: secure removal of corporate data while preserving personal content. The other actions either erase too much data or have no security relevance.

Question 15

 A systems administrator needs to run a PowerShell script remotely across dozens of Windows servers. The script requires administrative privileges and must run without requiring the administrator to manually log in to each system. Which feature should be enabled?

A) PowerShell Remoting
B) Local Disk Cleanup
C) Windows Mobility Center
D) Character Map

Answer: A) PowerShell Remoting

Explanation:

A) PowerShell Remoting enables administrators to execute commands and scripts on remote machines using secure channels such as WinRM. It allows centralized automation across multiple servers, eliminating the need to log in locally to each device. It supports administrative elevation, parallel execution, and remote session creation. PowerShell Remoting is essential for managing large server environments efficiently and securely. It is widely used in enterprise automation, configuration management, and remote scripting.

B) Local Disk Cleanup removes temporary files and unnecessary system data. It has no functionality for executing scripts remotely, managing servers, or enabling administrative automation.

C) Windows Mobility Center provides shortcuts to power settings, display brightness, and presentation mode. It is intended for laptops and has no connection to remote scripting or automation. It cannot run scripts or provide remote access capabilities.

D) Character Map shows a gallery of characters and symbols. It is a user convenience tool and has no role in administrative tasks, remote management, or scripting.

PowerShell Remoting is correct because it provides secure remote script execution across many systems, fulfilling the requirement for automated, large-scale administrative control. The other tools lack any remote or scripting functionality.

Question 16

 A cybersecurity team needs to configure Windows systems so that all scripts executed across the network must be cryptographically signed by the organization. Unsigned scripts should be blocked from running, even if executed by an administrator. Which configuration should the team implement?

A) Set PowerShell execution policy to AllSigned
B) Enable System Restore
C) Configure BitLocker
D) Disable Windows Search

Answer: A) Set PowerShell execution policy to AllSigned

Explanation:

A) Setting the execution policy to AllSigned enforces a strict regime in which every script must be validated through a trusted digital signature before execution. This introduces a strong cryptographic safeguard because scripts lacking signatures are prevented from launching, making it extremely difficult for attackers to execute malicious or altered code. This method also ensures that administrators cannot accidentally or unknowingly run harmful scripts. By requiring signatures, the environment can trace the origin and integrity of every script, preserving security compliance and reducing attack surfaces associated with remote execution or administrative automation workflows. For enterprise environments that rely heavily on scripting, this protection is essential.

B) Enabling System Restore has no influence on script execution. System Restore saves system state snapshots that can be used to roll back problematic changes but provides no cryptographic validation, no restriction of script operations, and no enforcement of execution integrity. System Restore is a recovery feature, not a security control or execution policy tool.

C) Configuring BitLocker encrypts storage devices to protect data if the hardware is lost or stolen. Although critical for preventing data breaches, it does not influence script execution in memory or control which scripts users are allowed to run. BitLocker does not provide scripting restrictions or signature validation and therefore does not satisfy the requirement for execution control.

D) Disabling Windows Search affects indexing and file lookup performance but has no connection to script execution. It does not add restrictions, enforce signatures, or influence PowerShell behavior. It is a performance preference rather than a security mechanism.

The correct choice is setting the execution policy to AllSigned because it applies cryptographic verification and blocks unauthorized script execution. The other items either handle recovery, encryption, or indexing and cannot enforce script integrity or signature requirements.

Question 17

A systems administrator needs to perform a detailed audit of all changes made to security settings, group memberships, and access control lists on multiple Windows servers. The audit must show exactly which user made each change and when it occurred. Which feature should be enabled to meet this requirement?

A) Advanced Security Auditing
B) Performance Monitor
C) Disk Cleanup
D) Windows Ink Workspace

Answer: A) Advanced Security Auditing

Explanation:

A) Advanced Security Auditing provides granular tracking of changes to sensitive security objects, including group membership modifications, ACL alterations, privilege assignments, authentication events, and policy modifications. When properly configured, the system logs detailed entries recording the identity of the user who performed the action, the time of the action, and the exact nature of the modification. This level of forensic detail is essential for compliance, security investigations, and incident response. Enterprises use these logs to detect improper privilege escalation, monitor administrative actions, and maintain accountability across large environments.

B) Performance Monitor tracks CPU usage, memory consumption, I/O activity, and system performance counters. It is extremely useful for diagnosing performance issues and resource bottlenecks but cannot track changes to security settings, permissions, or administrative actions. It provides metrics, not security audit records.

C) Disk Cleanup removes temporary files to free storage space. While useful for optimizing disk capacity, it has no connection to auditing, security, group membership tracking, or ACL monitoring. It is a maintenance tool, not a security or logging solution.

D) Windows Ink Workspace provides stylus-related features such as drawing and note tools. It is irrelevant to logging, security auditing, or tracking administrative events.

Advanced Security Auditing is correct because it captures detailed, timestamped records of all security-related changes. The other features serve performance monitoring, cleanup, or user productivity roles and do not provide the logging capability required.

Question 18

A company enforces strict data-loss prevention controls. Employees must not be able to copy sensitive files to USB drives unless the security team explicitly approves the device. The company wants to control this centrally across all endpoints. Which technology provides the BEST solution?

A) Device Control through Group Policy
B) Windows Media Player
C) Sticky Keys
D) Disk Defragmenter

Answer: A) Device Control through Group Policy

Explanation:

A) Device Control implemented through Group Policy allows administrators to enforce rules governing which USB devices are permitted or blocked. It can restrict removable storage by hardware ID, vendor ID, or class. This system provides centralized, scalable enforcement over hundreds or thousands of endpoints. When configured properly, only authorized devices function, and all unauthorized ones are denied access. This is essential for preventing data leaks, enforcing compliance, and safeguarding sensitive information from being copied to unapproved hardware. It integrates seamlessly into enterprise Windows domains and does not require third-party tools.

B) Windows Media Player is a multimedia playback application. It does not manage USB permissions, block storage devices, or enforce security policies. It cannot restrict file copying or manage device authorization.

C) Sticky Keys is an accessibility feature designed to assist users with mobility challenges. It has no security capabilities, no device management functionality, and no relation to data-loss prevention strategies.

D) Disk Defragmenter reorganizes file locations on traditional hard drives to improve performance. It cannot restrict file copying, enforce corporate security policy, or control USB device authorization.

Device Control via Group Policy is correct because it directly enforces rules restricting removable storage usage. None of the other items relate to DLP or device authorization controls.

Question 19

 A Windows server is being used to host critical business applications. Administrators need a way to view which processes are making specific network connections, including local and remote ports, protocols, and associated executables. They also need to monitor which processes are consuming network bandwidth. Which built-in tool should be used?

A) Resource Monitor
B) WordPad
C) Snipping Tool
D) Disk Management

Answer: A) Resource Monitor

Explanation:

A) Resource Monitor provides detailed visibility into network activities at the process level. It displays which executables initiate connections, what ports they use, their remote addresses, and the amount of bandwidth each consumes. It also allows filtering and targeted monitoring of suspicious or performance-heavy processes. This makes it ideal for diagnosing application communication problems, investigating unexpected traffic, and ensuring critical applications have the network access they require. Its comprehensive real-time dashboards make it one of the best tools for network process monitoring within Windows.

B) WordPad is a text editor. It cannot view network ports, processes, bandwidth usage, or any system-level resource metrics. It is used solely for document creation and editing.

C) Snipping Tool captures screenshots and has no relationship to network diagnostics, process monitoring, or bandwidth analysis. It does not inspect executables or track traffic.

D) Disk Management handles drive partitioning and storage configuration. It cannot display network connections, monitor traffic, or analyze process-level resource consumption.

Resource Monitor is correct because it displays real-time network utilization mapped to specific processes. The other utilities have no network monitoring functionality.

Question 20

A large enterprise wants to automate software deployment, enforce security configurations, apply patches, and generate compliance reports for thousands of Windows clients across multiple geographic locations. The solution must integrate seamlessly with Active Directory and support centralized management. Which technology BEST meets this requirement?

A) Microsoft Endpoint Configuration Manager (SCCM)
B) Paint
C) Calculator
D) Narrator

Answer: A) Microsoft Endpoint Configuration Manager (SCCM)

Explanation

A) Microsoft Endpoint Configuration Manager (formerly SCCM) is designed specifically for enterprise-class management of Windows clients. It can deploy software packages, enforce configuration baselines, patch systems, manage application updates, inventory hardware, deploy operating systems, and enforce compliance rules across thousands of endpoints. It integrates with Active Directory for authentication, device targeting, and group association. It provides scalable, centralized management suitable for globally distributed environments, making it the industry standard for enterprise endpoint control.

B) Paint is a simple graphics editor that serves no administrative, management, or deployment purpose. It cannot perform software deployment, patch management, or compliance reporting.

C) Calculator performs math functions and has no system management, deployment, or security configuration capabilities. It cannot integrate with enterprise policy frameworks.

D) Narrator is an accessibility tool that reads on-screen text aloud. It is not part of enterprise operations, cannot deploy software, and does not manage compliance.

SCCM is correct because it provides full-scale enterprise automation, deployment, and policy enforcement capabilities. The other items are basic user utilities with no administrative value.