CompTIA 220-1102 A+ Certification Exam: Core 2 Dumps and Practice Test Questions Set 4 Q61-80

Visit here for our full CompTIA 220-1102 exam dumps and practice test questions.

Question 61

A company wants to ensure that all Windows laptops automatically encrypt data stored on removable USB drives while enforcing password protection and centralized recovery. Users should not be able to bypass encryption, and recovery keys must be retrievable by IT in case of lost passwords. Which solution BEST meets this requirement?

A) BitLocker To Go with Active Directory recovery
B) Paint
C) WordPad
D) Calculator

Answer: A) BitLocker To Go with Active Directory recovery

Explanation:

A) BitLocker To Go is specifically designed to encrypt removable drives, including USB sticks and external hard drives. When combined with Active Directory recovery, it provides enterprise-grade data protection while maintaining manageability. Users are required to provide a password or smart card to access encrypted media, preventing unauthorized access if the drive is lost or stolen. Active Directory recovery ensures that IT administrators can retrieve recovery keys centrally if a user forgets the password or the device fails to unlock. This centralized recovery mechanism ensures operational continuity without compromising security. BitLocker To Go integrates with enterprise policies through Group Policy, enabling IT to enforce encryption across all devices automatically. This combination ensures that sensitive corporate data on removable drives remains confidential, tamper-proof, and recoverable, meeting both security and operational requirements.

B) Paint is a graphics application and has no functionality for encryption, password enforcement, or recovery key management. It cannot prevent unauthorized access to data or support centralized recovery.

C) WordPad is a text editor and does not provide encryption or security policy enforcement. It cannot manage recovery keys or ensure that removable media is protected according to enterprise standards.

D) Calculator performs arithmetic operations and does not provide encryption or recovery capabilities. It has no role in securing data on removable media.

BitLocker To Go with Active Directory recovery is correct because it enforces encryption and password protection on removable drives, integrates with enterprise recovery solutions, and allows centralized policy management—ensuring security, compliance, and recoverability.

Question 62

A systems administrator needs to monitor CPU, memory, disk, and network usage in real time on a Windows workstation while also identifying which processes are consuming the most resources. The administrator wants a built-in tool that provides detailed process-level insights, including associated services and network ports. Which tool BEST satisfies this requirement?

A) Resource Monitor
B) Sticky Keys
C) Paint
D) Calculator

Answer: A) Resource Monitor

Explanation:

A) Resource Monitor is a built-in Windows utility that provides real-time monitoring of system resources, including CPU, memory, disk, and network usage. It offers granular visibility into which processes consume resources, their associated services, and the network ports and endpoints they use. Administrators can track I/O activity, identify bottlenecks, and detect unusual network behavior indicative of malware or unauthorized processes. Resource Monitor also integrates with Task Manager, providing an enhanced perspective for troubleshooting performance issues. Unlike other monitoring tools that only provide high-level metrics, Resource Monitor allows administrators to drill down into individual process activity, making it invaluable for performance analysis, system optimization, and forensic investigation. It is ideal for enterprise environments where understanding resource consumption at a detailed level is critical for maintaining operational stability.

B) Sticky Keys is an accessibility feature that assists users with keyboard input. It cannot monitor CPU, memory, disk, or network usage, nor can it provide process-level insights or track network activity.

C) Paint is a graphics program and has no monitoring capabilities. It cannot track resource usage, network connections, or process behavior.

D) Calculator performs arithmetic calculations and provides no insight into system performance, process behavior, or network utilization.

Resource Monitor is correct because it allows administrators to monitor system resources in real time, correlate resource usage with specific processes and services, and analyze network activity at the process level. It provides a depth of insight unavailable in basic tools like Task Manager alone.

Question 63

A company wants to centrally enforce software restriction policies to prevent the execution of unauthorized applications and scripts on Windows endpoints. The solution must support whitelisting by publisher, path, or hash and provide audit logging for compliance verification. Which solution BEST fulfills this requirement?

A) AppLocker with Group Policy integration
B) Notepad
C) Windows Calculator
D) Paint

Answer: A) AppLocker with Group Policy integration

Explanation:

A) AppLocker provides enterprise-level application control by enabling administrators to define which applications, scripts, and installers are allowed to execute on Windows systems. Rules can be configured based on digital signatures (publisher rules), file paths, or cryptographic hashes. Integration with Group Policy allows centralized deployment of rules, ensuring that all domain-joined devices comply with software restriction policies. AppLocker supports auditing, logging blocked execution attempts and generating compliance reports, which are critical for regulatory adherence and forensic analysis. By enforcing execution control and recording all violations, AppLocker reduces the risk of malware execution and ensures that only trusted, approved applications run in the enterprise environment. This approach is particularly effective in preventing script-based attacks and unauthorized software installations.

B) Notepad is a text editor and cannot enforce software execution policies, monitor application activity, or log compliance. It provides no administrative or security functionality.

C) Windows Calculator performs arithmetic calculations and cannot control application execution, enforce whitelisting, or generate audit logs. It does not integrate with Group Policy.

D) Paint is a graphics tool and has no ability to restrict application execution, enforce policies, or generate compliance reports. It provides no enterprise software control functionality.

AppLocker with Group Policy integration is correct because it allows centralized enforcement of whitelisting policies, monitors and logs execution attempts, and ensures compliance across all domain-joined endpoints.

Question 64

A Windows administrator wants to investigate a system suspected of being compromised by malware. The administrator needs to identify suspicious scheduled tasks, view task history, triggers, and executable paths without altering system state. Which tool BEST supports this forensic investigation?

A) Task Scheduler
B) WordPad
C) Windows Calculator
D) Paint

Answer: A) Task Scheduler

Explanation:

A) Task Scheduler allows administrators to view all scheduled tasks, including hidden or automatically executed tasks that may be used by malware for persistence. It displays critical information, including task triggers, actions, paths to executables, and task history, enabling identification of tasks created without authorization. By inspecting scheduled tasks without running or modifying them, administrators preserve forensic integrity while performing detailed analysis. Task Scheduler also allows filtering by user or execution context, which is essential when investigating potential compromise. Understanding task triggers and actions provides insight into persistence mechanisms and helps administrators plan effective remediation. It is the preferred tool for analyzing automated execution in a forensic context on Windows systems.

B) WordPad is a text editor and cannot display scheduled tasks, track triggers, or reveal executable paths. It has no functionality for forensic investigation or malware analysis.

C) Windows Calculator performs arithmetic calculations and cannot provide insight into task configurations or system persistence mechanisms. It offers no investigative capabilities.

D) Paint is a graphics application and cannot provide information about scheduled tasks or malware persistence. It does not support forensic analysis.

Task Scheduler is correct because it provides detailed visibility into scheduled tasks, task history, triggers, and associated executables without altering the system state, making it essential for forensic investigations.

Question 65

A security team needs to ensure that all Windows client devices forward event logs securely to a centralized server for analysis, correlation, and real-time alerting. Logs must include security, application, and system events and support filtering for only relevant events. Which technology BEST achieves this?

A) Windows Event Forwarding (WEF)
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Windows Event Forwarding (WEF)

Explanation:

A) Windows Event Forwarding enables domain-joined clients to transmit security, system, and application logs to a centralized collector. WEF supports secure channels, including HTTPS or Kerberos, ensuring logs are not intercepted or altered in transit. Administrators can define subscriptions and filters to collect only relevant event types, reducing noise and focusing analysis on critical events. Centralized logs can be forwarded to SIEM systems for correlation, alerting, and compliance reporting. WEF is scalable, allowing hundreds or thousands of devices to be monitored in real time, providing visibility into potential security incidents and ensuring auditability. This centralized and secure log aggregation is critical for enterprise environments to detect unauthorized activity, perform forensic analysis, and meet regulatory requirements.

B) Sticky Keys is an accessibility feature and cannot forward logs, filter events, or integrate with SIEM tools. It has no functionality for enterprise monitoring or auditing.

C) Paint is a graphics application and cannot collect, forward, or secure event logs. It provides no capability for monitoring or analysis.

D) Windows Calculator performs arithmetic calculations and cannot monitor or forward logs, apply filters, or integrate with centralized logging solutions. It is unrelated to enterprise security monitoring.

Windows Event Forwarding is correct because it allows secure, centralized, filtered collection of event logs, supports integration with SIEM systems, and enables real-time monitoring and compliance reporting across the enterprise.

Question 66

A company wants to ensure that all Windows endpoints enforce strong multi-factor authentication (MFA) when accessing sensitive corporate resources. The solution must integrate with Active Directory, support mobile authenticator apps, and allow centralized management for auditing and enforcement. Which technology BEST fulfills this requirement?

A) Multi-factor Authentication (MFA) with Active Directory integration
B) Paint
C) WordPad
D) Calculator

Answer: A) Multi-factor Authentication (MFA) with Active Directory integration

Explanation:

A) Multi-factor Authentication requires users to provide two or more verification methods before accessing corporate resources. By integrating MFA with Active Directory, administrators can centrally manage enforcement policies, assign authentication methods per user or group, and ensure compliance with enterprise security standards. MFA can use factors such as passwords, hardware tokens, smart cards, or mobile authenticator apps, providing additional security beyond standard password authentication. This reduces the risk of credential compromise, phishing attacks, and unauthorized access. Audit logs are centrally maintained to track successful and failed authentications, enabling forensic review and compliance reporting. MFA also allows for conditional access policies, enforcing stricter authentication requirements when accessing sensitive data or resources from untrusted networks. This centralized and multi-layered approach ensures enterprise security, operational efficiency, and regulatory compliance.

B) Paint is a graphics application and cannot enforce authentication policies, manage user credentials, or provide auditing functionality. It has no role in enterprise security or MFA deployment.

C) WordPad is a text editor and provides no authentication or multi-factor capabilities. It cannot integrate with Active Directory or enforce security policies.

D) Calculator performs arithmetic calculations and cannot manage authentication, track login attempts, or provide centralized policy enforcement.

MFA with Active Directory integration is correct because it enforces strong authentication, supports mobile and hardware tokens, enables centralized policy management, and provides auditable logs for compliance, fully meeting enterprise security requirements.

Question 67

An organization wants to prevent unauthorized software installation and execution on all Windows endpoints while allowing approved applications to run. The solution must provide detailed audit logs for all blocked attempts and integrate with enterprise Group Policy for centralized management. Which technology BEST achieves this goal?

A) AppLocker with Group Policy integration
B) Notepad
C) Windows Calculator
D) Paint

Answer: A) AppLocker with Group Policy integration

Explanation:

A) AppLocker allows administrators to define rules controlling which applications, scripts, and installers are allowed to run. Rules can be created based on digital signatures, file paths, or cryptographic hashes, ensuring only trusted software executes on Windows endpoints. Integration with Group Policy allows centralized deployment and enforcement, enabling consistent application control across all domain-joined devices. AppLocker also supports detailed audit logging, recording all blocked execution attempts. These logs can be forwarded to centralized monitoring solutions or SIEM systems for compliance, reporting, and forensic analysis. By preventing unauthorized execution, AppLocker reduces malware risk, ensures software policy compliance, and maintains operational stability. Enterprises rely on AppLocker for controlled application environments, protecting critical systems from malicious software or unapproved installations.

B) Notepad is a text editor and cannot enforce software execution policies or track blocked attempts. It provides no administrative control or compliance functionality.

C) Windows Calculator performs arithmetic operations and cannot enforce software policies or log execution activity. It does not integrate with Group Policy.

D) Paint is a graphics tool and cannot restrict software execution, enforce rules, or provide audit logs. It offers no enterprise software management functionality.

AppLocker with Group Policy integration is correct because it centrally enforces application whitelisting, blocks unauthorized execution, and provides detailed audit logs, making it essential for enterprise software control and compliance.

Question 68

A systems administrator wants to detect suspicious administrative activity and track changes to critical system files on Windows endpoints. The solution must provide audit logs for forensic investigation, including information about which user performed the actions and when. Which Windows feature BEST supports this requirement?

A) Advanced Security Auditing
B) Sticky Keys
C) Paint
D) Calculator

Answer: A) Advanced Security Auditing

Explanation:

A) Advanced Security Auditing provides detailed monitoring of Windows endpoints for security-relevant events. It can track modifications to files, registry keys, and system settings, as well as administrative actions such as privilege escalation, account changes, and software installation. Each event is recorded in the Windows Security Event Log, capturing essential details like user identity, timestamp, and process information. These logs can be forwarded to a centralized SIEM or auditing system for analysis, correlation, and reporting. Advanced Security Auditing allows organizations to detect suspicious behavior, investigate potential compromises, and maintain compliance with internal security policies and regulatory frameworks. Configuring audit policies through Group Policy ensures consistent enforcement across all domain-joined devices, making it scalable for large enterprise environments.

B) Sticky Keys is an accessibility feature and cannot track system changes, user actions, or administrative activity. It provides no auditing or security functionality.

C) Paint is a graphics application and has no capability to monitor system events or track changes to files or registry settings. It cannot support forensic investigations.

D) Calculator performs arithmetic operations and does not provide auditing, logging, or security monitoring. It cannot detect suspicious administrative activity.

Advanced Security Auditing is correct because it enables detailed monitoring of critical system actions, captures user activity, provides audit logs for forensic review, and supports enterprise compliance requirements.

Question 69

A security administrator wants to ensure that all Windows client devices send their security and application logs to a central server in real time. Logs must be encrypted, filtered for specific events, and compatible with SIEM solutions for alerting and compliance reporting. Which technology BEST accomplishes this goal?

A) Windows Event Forwarding (WEF)
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Windows Event Forwarding (WEF)

Explanation:

A) Windows Event Forwarding allows domain-joined Windows devices to transmit logs securely to a centralized collector server. WEF supports encrypted communication using HTTPS or Kerberos, protecting log integrity during transit. Administrators can define subscriptions and filters to forward only specific events, such as security failures or application errors, reducing noise and focusing on critical data. The central collector can integrate with SIEM solutions for correlation, real-time alerting, and compliance reporting. WEF is highly scalable, supporting large enterprise environments with hundreds or thousands of endpoints. It ensures auditability, improves incident response, and provides visibility into potential security incidents. Centralized log aggregation simplifies forensic analysis, regulatory compliance, and operational monitoring.

B) Sticky Keys is an accessibility feature and cannot forward logs, filter events, or provide SIEM integration. It has no security functionality.

C) Paint is a graphics application and cannot collect, forward, or encrypt event logs. It is unrelated to enterprise log management.

D) Windows Calculator performs arithmetic operations and cannot monitor or transmit event logs. It provides no enterprise security or auditing functionality.

Windows Event Forwarding is correct because it enables secure, centralized, filtered log collection and integration with SIEM tools for real-time monitoring, alerting, and compliance reporting.

Question 70

A company wants to prevent unauthorized execution of PowerShell scripts on Windows endpoints unless the scripts are digitally signed by the organization’s internal certificate authority. Scripts should be blocked by default but allowed if signed and approved. Which configuration BEST achieves this requirement?

A) Set the PowerShell execution policy to AllSigned
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Set the PowerShell execution policy to AllSigned

Explanation:

A) Configuring the PowerShell execution policy to AllSigned ensures that all scripts require a valid digital signature from a trusted source before execution. Unsigned scripts are blocked, preventing unauthorized or malicious scripts from running, even if the user has administrative privileges. By using certificates issued by the organization’s internal certificate authority, administrators can enforce that only approved scripts are executed while maintaining auditability and traceability. This policy helps prevent malware propagation, unauthorized automation, and script-based attacks, which are common vectors for compromise. AllSigned also allows audit logging of blocked scripts, enabling security teams to monitor attempted script execution and detect potential threats. Enforcement via Group Policy ensures consistent application across all domain-joined devices, simplifying management in large enterprise environments.

B) Sticky Keys is an accessibility feature and cannot enforce script execution policies, verify digital signatures, or block unauthorized scripts. It provides no security functionality.

C) Paint is a graphics application and cannot manage PowerShell execution or enforce signing policies. It has no capability to prevent script-based attacks.

D) Windows Calculator performs arithmetic operations and cannot enforce execution policies or verify digital signatures. It provides no protection for scripts or system automation.

Setting the PowerShell execution policy to AllSigned is correct because it blocks unsigned scripts, enforces trusted digital signatures, enables audit logging, and ensures enterprise-wide policy compliance. This configuration is essential for preventing unauthorized script execution and maintaining system integrity.

Question 71

A security administrator wants to enforce that all Windows endpoints use encrypted communication for all remote PowerShell sessions. Administrators must authenticate to the servers using certificates, and all traffic must be protected from eavesdropping or man-in-the-middle attacks. Which configuration BEST achieves this goal?

A) Configure WinRM with HTTPS and certificate-based authentication
B) Paint
C) WordPad
D) Calculator

Answer: A) Configure WinRM with HTTPS and certificate-based authentication

Explanation:

A) Windows Remote Management (WinRM) is the protocol for remote management of Windows devices. Configuring WinRM to use HTTPS ensures that all communication is encrypted using TLS, protecting against eavesdropping and man-in-the-middle attacks. By requiring certificate-based authentication, administrators ensure mutual verification of client and server identities, preventing unauthorized access. This setup also protects credentials during transmission, which is critical in enterprise environments where administrators may manage servers across untrusted networks. HTTPS and certificate authentication together provide both encryption and strong identity verification, satisfying enterprise security requirements for secure remote management. Additionally, this configuration can be centrally deployed and monitored via Group Policy or configuration management tools, ensuring consistent enforcement across all domain-joined devices.

B) Paint is a graphics application and cannot configure remote management, encrypt traffic, or enforce authentication. It is unrelated to remote administration security.

C) WordPad is a text editor and cannot enforce secure communications or certificate-based authentication. It provides no remote management capabilities.

D) Calculator performs arithmetic operations and cannot manage encryption, identity verification, or remote sessions. It has no administrative security functionality.

Configuring WinRM with HTTPS and certificate-based authentication is correct because it encrypts all remote management sessions, ensures mutual authentication, and allows centralized enforcement, making it the enterprise standard for secure remote PowerShell management.

Question 72

A company wants to prevent malware from spreading through removable USB drives while allowing authorized devices to function. The solution must enforce policies centrally and automatically apply to all domain-joined Windows endpoints. Which technology BEST fulfills this requirement?

A) Group Policy Device Installation Restrictions
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Group Policy Device Installation Restrictions

Explanation

A) Group Policy Device Installation Restrictions allow administrators to define which removable devices are authorized for use, based on hardware IDs, device classes, or vendor IDs. Unauthorized devices are blocked automatically, preventing malware propagation via USB drives. This centralized enforcement ensures consistent application across all domain-joined devices, reducing security risks and maintaining compliance. By specifying approved devices, administrators maintain operational continuity while enforcing strict security controls. Policies can be applied automatically at login or system startup, ensuring that endpoints comply with organizational standards without requiring manual intervention. This approach is particularly effective in enterprise environments where removable media are a common attack vector.

B) Sticky Keys is an accessibility feature and cannot manage USB devices, enforce policies, or prevent malware propagation. It provides no security functionality.

C) Paint is a graphics application and cannot restrict devices or enforce security policies. It has no enterprise security role.

D) Windows Calculator performs arithmetic calculations and cannot manage device policies or prevent unauthorized USB usage. It provides no centralized enforcement mechanism.

Group Policy Device Installation Restrictions is correct because it blocks unauthorized removable devices, enforces security policies centrally, and supports automatic application across all domain-joined endpoints, effectively preventing malware spread via USB drives.

Question 73

A Windows administrator needs to ensure that all scripts executed on client devices are digitally signed by the company’s internal certificate authority. Unsigned scripts should be blocked by default, and approved scripts must be auditable. Which configuration BEST meets this requirement?

A) Set the PowerShell execution policy to AllSigned
B) WordPad
C) Paint
D) Windows Calculator

Answer: A) Set the PowerShell execution policy to AllSigned

Explanation:

A) The AllSigned execution policy in PowerShell enforces that all scripts, including those downloaded from the Internet or executed remotely, must be signed by a trusted certificate. Unsigned scripts are automatically blocked, preventing the execution of malicious or unauthorized scripts. By using certificates issued by the organization’s internal certificate authority, administrators can ensure that only approved scripts are executed. Additionally, audit logs record all blocked attempts, enabling forensic review and compliance reporting. This configuration provides both security and operational assurance, preventing malware or unauthorized automation from executing while allowing approved scripts to function. Integration with Group Policy ensures consistent enforcement across all domain-joined devices.

B) WordPad is a text editor and cannot enforce script execution policies, verify digital signatures, or block unsigned scripts. It provides no security functionality.

C) Paint is a graphics application and cannot manage PowerShell execution or enforce signing policies. It does not provide any mechanism to prevent unauthorized scripts.

D) Windows Calculator performs arithmetic operations and cannot enforce script execution policies or validate certificates. It provides no protection for automation or scripting.

Setting the PowerShell execution policy to AllSigned is correct because it ensures that only approved, signed scripts can run, blocks unsigned scripts, enables audit logging, and enforces enterprise-wide compliance for script execution.

Question 74

A company wants to centrally monitor CPU, memory, disk, and network usage on Windows client devices. Administrators must identify processes consuming excessive resources, view associated services, and correlate usage with network connections for troubleshooting performance issues. Which tool BEST meets these requirements?

A) Resource Monitor
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Resource Monitor

Explanation:

A) Resource Monitor is a built-in Windows utility that provides detailed, real-time monitoring of system resources. It displays CPU, memory, disk, and network usage at the process level, showing which processes are consuming resources, their associated services, and network endpoints. Resource Monitor allows administrators to troubleshoot performance issues, identify bottlenecks, and detect suspicious processes that may indicate malware or misconfiguration. It provides visual charts, filtering, and drill-down capabilities for deeper analysis. Unlike basic tools such as Task Manager, Resource Monitor offers detailed insight into system activity, making it suitable for enterprise environments where root cause analysis and performance optimization are essential. It also allows correlation between resource usage and network connections, helping administrators identify abnormal patterns.

B) Sticky Keys is an accessibility feature and cannot monitor system performance, identify processes, or analyze network usage. It provides no troubleshooting capability.

C) Paint is a graphics application and does not provide performance monitoring, process insight, or network correlation. It is unrelated to system administration.

D) Windows Calculator performs arithmetic calculations and cannot monitor system resources, identify processes, or detect performance issues. It provides no administrative or security insight.

Resource Monitor is correct because it provides real-time monitoring of all critical system resources, links processes to services and network connections, and allows detailed troubleshooting and analysis for enterprise performance management.

Question 75

A security administrator wants to enforce software inventory compliance on all Windows endpoints. The solution must automatically track installed applications, identify unauthorized software, and generate centralized reports for auditing and regulatory compliance. Which technology BEST fulfills this requirement?

A) Microsoft Endpoint Configuration Manager (SCCM) Inventory and Compliance
B) Paint
C) Notepad
D) Windows Calculator

Answer: A) Microsoft Endpoint Configuration Manager (SCCM) Inventory and Compliance

Explanation:

A) Microsoft Endpoint Configuration Manager provides enterprise-grade software inventory and compliance management. It automatically collects detailed information about installed applications, hardware, and system configurations from all domain-joined devices. Administrators can define approved software lists, detect noncompliant installations, and generate centralized reports for auditing and regulatory compliance. SCCM supports automated remediation, such as uninstalling unauthorized software or notifying users and administrators. Integration with Group Policy and Active Directory allows consistent enforcement of software policies across the enterprise. By providing detailed reporting, alerting, and automated compliance checks, SCCM ensures that the organization maintains a controlled and secure software environment, reducing security risks, preventing unauthorized applications from running, and satisfying regulatory requirements.

B) Paint is a graphics application and cannot inventory software, enforce compliance, or generate reports. It has no enterprise management capabilities.

C) Notepad is a text editor and cannot track installed applications, enforce software policies, or support auditing. It provides no compliance functionality.

D) Windows Calculator performs arithmetic calculations and cannot monitor or report software inventory. It has no role in enterprise compliance management.

Microsoft Endpoint Configuration Manager is correct because it enables centralized software inventory, enforces compliance policies, generates audit-ready reports, and provides automated remediation. It ensures that only authorized applications are installed and running, meeting enterprise security and regulatory requirements.

Question 76

A security administrator wants to ensure that all Windows client devices only allow traffic through authorized VPN connections and block any direct Internet access. The solution must support automated enforcement, integrate with Active Directory, and provide detailed reporting for compliance audits. Which technology BEST achieves this goal?

A) Always On VPN with network policy enforcement
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Always On VPN with network policy enforcement

Explanation:

A) Always On VPN is a Windows enterprise solution designed to provide seamless, persistent VPN connections for remote users. By integrating with Active Directory, Always On VPN allows administrators to enforce network access policies based on user, device, or security group membership. This centralized policy enforcement ensures that traffic only traverses authorized VPN tunnels, preventing users from bypassing corporate security controls and directly accessing external networks. Always On VPN supports both device tunnels, which establish connectivity before user login, and user tunnels, which apply user-specific access policies, ensuring continuous protection from boot through logoff. Network policy enforcement allows granular control, including the ability to restrict traffic to approved applications and services. Reporting capabilities, combined with integration with enterprise monitoring solutions, provide administrators with detailed visibility into connection status, authentication events, and compliance with network access policies. This approach effectively reduces the risk of data leakage, protects sensitive corporate traffic, and ensures adherence to internal and regulatory security requirements.

B) Sticky Keys is an accessibility feature that assists users with keyboard input. It cannot enforce network access policies, manage VPN connections, or provide audit logging. It is unrelated to network security enforcement.

C) Paint is a graphics application and has no capability to manage VPNs, block unauthorized traffic, or provide compliance reporting. It cannot enforce security policies or monitor connections.

D) Windows Calculator performs arithmetic operations and cannot manage network traffic, enforce VPN policies, or integrate with Active Directory. It has no functionality for enterprise security or traffic control.

Always On VPN with network policy enforcement is correct because it provides automated, persistent VPN connectivity, integrates with Active Directory for policy-based enforcement, blocks unauthorized traffic, and delivers detailed reporting. This ensures enterprise-wide secure communication, prevents bypass of corporate security controls, and supports compliance with audit requirements.

Question 77

A systems administrator wants to detect and prevent unauthorized administrative changes, monitor suspicious activity, and track file modifications on Windows endpoints. Logs should provide detailed user and timestamp information and support centralized aggregation for forensic analysis. Which Windows feature BEST supports this requirement?

A) Advanced Security Auditing
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Advanced Security Auditing

Explanation:

A) Advanced Security Auditing in Windows provides comprehensive monitoring for security-related events, including account changes, privilege escalations, file modifications, and administrative activity. Administrators can configure audit policies through Group Policy to capture granular events, ensuring consistency across all domain-joined devices. Each event log entry includes critical details such as the username, process, timestamp, and target object, enabling thorough forensic analysis. These logs can be securely forwarded to a centralized SIEM solution for correlation, alerting, and reporting. This capability allows security teams to detect suspicious patterns, investigate unauthorized changes, and maintain compliance with internal policies and regulatory standards. Advanced Security Auditing can also track modifications to sensitive files, registry keys, and system configurations, enabling organizations to identify potential breaches or insider threats. By combining local event collection, centralized aggregation, and detailed auditing, administrators maintain visibility into all critical activities, ensuring both security enforcement and operational accountability.

B) Sticky Keys is an accessibility tool designed for users with keyboard challenges. It cannot monitor security events, track file modifications, or provide audit logs. It is unrelated to enterprise security monitoring.

C) Paint is a graphics application and has no ability to monitor administrative activity, file changes, or generate security logs. It provides no enterprise-level auditing capability.

D) Windows Calculator performs arithmetic operations and cannot capture security events, track system modifications, or integrate with SIEM for analysis. It offers no functionality for monitoring or detecting suspicious activity.

Advanced Security Auditing is correct because it provides detailed, centralized visibility into administrative actions, tracks system and file modifications, logs user activity with timestamps, and supports integration with enterprise monitoring solutions for forensic and compliance purposes.

Question 78

A company requires that all removable USB drives be encrypted and password-protected, with recovery keys centrally stored for enterprise recovery. Users should not be able to bypass encryption, and compliance must be enforced automatically. Which technology BEST fulfills this requirement?

A) BitLocker To Go with Active Directory recovery
B) Paint
C) WordPad
D) Windows Calculator

Answer: A) BitLocker To Go with Active Directory recovery

Explanation

A) BitLocker To Go is a Windows feature designed to encrypt removable storage devices, including USB drives and external hard drives. It provides password protection for data access and integrates with Active Directory to store recovery keys centrally, ensuring that IT administrators can recover encrypted drives if users forget passwords. Centralized recovery allows enterprises to maintain operational continuity while enforcing strict data protection policies. Group Policy integration enables automatic enforcement of encryption policies across all domain-joined endpoints, preventing users from bypassing encryption requirements. BitLocker To Go encrypts all data on removable media, protecting against data theft if devices are lost or stolen. Administrators can also configure auditing to track encryption compliance, failed unlock attempts, and recovery key usage. This combination of encryption, centralized recovery, policy enforcement, and reporting ensures the highest level of security for removable data storage.

B) Paint is a graphics program with no encryption, recovery, or policy enforcement capabilities. It cannot secure removable storage or ensure compliance.

C) WordPad is a text editor and provides no encryption or centralized recovery functionality. It cannot prevent unauthorized access to removable media or enforce corporate policies.

D) Windows Calculator performs arithmetic operations and cannot provide encryption, key management, or policy enforcement. It offers no protection for sensitive data.

BitLocker To Go with Active Directory recovery is correct because it enforces encryption, integrates with centralized recovery, automatically applies enterprise policies, prevents bypass, and supports auditing, ensuring comprehensive security and operational compliance for removable devices.

Question 79

A Windows administrator wants to monitor all remote PowerShell sessions, capture executed commands, track administrative actions, and forward logs to a centralized SIEM solution for compliance auditing. Which configuration BEST meets these requirements?

A) Enable PowerShell Script Block Logging and Module Logging with Event Forwarding
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Enable PowerShell Script Block Logging and Module Logging with Event Forwarding

Explanation:

A) PowerShell Script Block Logging captures the full content of executed scripts, including dynamically generated code and inline commands. Module Logging records commands executed within specific modules, providing insight into administrative activity. Event Forwarding ensures that these logs are securely sent to a centralized SIEM system for correlation, alerting, and compliance reporting. Together, these technologies provide complete visibility into remote PowerShell sessions, enabling administrators to detect unauthorized commands, identify malicious activity, and perform forensic investigations. Centralized logging ensures consistency across multiple endpoints, facilitates real-time monitoring, and supports regulatory compliance. This approach also reduces the risk of undetected malicious automation or lateral movement in the enterprise network. By providing both detailed local logs and centralized aggregation, administrators maintain a comprehensive audit trail for all administrative actions executed via PowerShell.

B) Sticky Keys is an accessibility feature and cannot capture script execution, track administrative actions, or forward logs to a SIEM. It provides no security functionality.

C) Paint is a graphics application and does not monitor PowerShell activity, log commands, or provide centralized event forwarding. It cannot support compliance or forensic investigations.

D) Windows Calculator performs arithmetic calculations and cannot monitor or log PowerShell sessions, forward events, or provide centralized audit capability. It provides no enterprise-level monitoring functionality.

Enabling PowerShell Script Block Logging and Module Logging with Event Forwarding is correct because it captures all executed commands, tracks administrative activity, forwards logs securely to a SIEM, and ensures compliance auditing and forensic readiness.

Question 80

A company requires that all Windows endpoints automatically encrypt all disk volumes, including system and data partitions, and provide recovery options via centralized key management. The solution must leverage hardware-based security and prevent unauthorized access even if the physical drive is removed. Which technology BEST fulfills this requirement?

A) BitLocker with TPM integration and Active Directory recovery
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) BitLocker with TPM integration and Active Directory recovery

Explanation:

A) BitLocker is a full-disk encryption solution included with Windows that protects the contents of both system and data partitions. By encrypting the entire disk volume, BitLocker ensures that sensitive data is protected from unauthorized access, even if the physical device or drive is stolen, lost, or removed. One of the key features of BitLocker is its integration with the Trusted Platform Module (TPM), a hardware-based security component embedded in modern computers. The TPM securely stores encryption keys and validates system integrity during startup, ensuring that the keys are only released to authorized devices. This hardware-based protection prevents attackers from accessing encrypted data by simply connecting the drive to another system.

BitLocker also supports multi-factor authentication options for additional security. Administrators can configure startup PINs, passwords, or external USB keys in conjunction with the TPM. These measures add a layer of verification beyond the device itself, making it significantly more difficult for unauthorized users to bypass encryption. In enterprise environments, this feature is particularly important for high-value devices or endpoints that handle sensitive corporate data.

Another critical component is centralized key recovery via Active Directory (AD). When BitLocker is deployed in a domain environment, recovery keys can be automatically backed up to AD, providing IT administrators with the ability to unlock drives in case users forget PINs or credentials, or if a device experiences hardware or software issues. This centralized management not only reduces downtime but also ensures accountability and auditability. Administrators can track which devices are encrypted, manage recovery keys, and maintain compliance with corporate security policies or regulatory requirements.

Group Policy integration enables IT teams to enforce BitLocker policies across all domain-joined devices automatically. Policies can mandate that all drives be encrypted, specify TPM usage, require authentication methods, and define recovery options. This centralized enforcement ensures enterprise-wide compliance, eliminating reliance on end users to configure encryption manually and reducing the risk of unencrypted devices within the organization.

BitLocker also provides reporting and monitoring capabilities. Administrators can check encryption status, confirm compliance, and generate logs for auditing purposes. This visibility is essential for regulatory compliance, internal security audits, and risk management. In environments where confidential data, intellectual property, or regulated information is stored, BitLocker ensures the confidentiality and integrity of data even in the event of physical device compromise.

B) Sticky Keys is an accessibility feature that allows keyboard shortcuts to be executed without holding multiple keys simultaneously. It has no encryption or security functionality and cannot protect disk volumes, manage encryption keys, or enforce enterprise-wide security policies.

C) Paint is a graphics application used for creating and editing images. While useful for productivity, it cannot encrypt drives, store keys, or enforce security policies. Paint provides no mechanism for enterprise-level data protection.

D) Windows Calculator is a utility for performing arithmetic operations. It has no ability to secure disk volumes, implement encryption, or provide centralized recovery management. Calculator cannot prevent unauthorized access to data or support compliance enforcement.

By combining full-disk encryption, hardware-based key protection via TPM, and centralized key management through Active Directory, BitLocker ensures that all corporate endpoints are secure, encrypted, and compliant with organizational policies. It prevents unauthorized access even if drives are physically removed, provides recovery options to maintain operational continuity, and allows IT teams to monitor and enforce encryption enterprise-wide.

In  BitLocker with TPM integration and Active Directory recovery is the only solution among the options that provides:

Automatic encryption of all disk volumes, including system and data partitions.

Hardware-based key protection that prevents unauthorized access even if the drive is removed.

Centralized management and recovery through Active Directory, ensuring enterprise compliance.

Enforcement of policies via Group Policy across all domain-joined devices.

Reporting and auditing capabilities to track encryption status and compliance.

Sticky Keys, Paint, and Windows Calculator do not provide encryption, key management, or centralized control. Therefore, BitLocker is the correct choice, fulfilling all enterprise requirements for disk-level data protection, security, and operational resilience.