CompTIA 220-1102 A+ Certification Exam: Core 2 Dumps and Practice Test Questions Set 6 Q 101-120

Visit here for our full CompTIA 220-1102 exam dumps and practice test questions.

Question 101

A company requires that all Windows endpoints enforce the use of strong passwords, account lockout policies, and multi-factor authentication (MFA) for all administrative accounts. Policies must be applied centrally and generate logs for auditing and compliance. Which solution BEST meets these requirements?

A) Group Policy with Password, Account Lockout, and MFA enforcement
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Group Policy with Password, Account Lockout, and MFA enforcement

Explanation:

A) Group Policy in Windows provides centralized management of security settings across all domain-joined devices. By configuring password policies, administrators can enforce complexity requirements, minimum length, and expiration intervals, reducing the risk of weak credentials being exploited. Account lockout policies prevent brute-force attacks by locking accounts after a configurable number of failed login attempts, helping to mitigate unauthorized access attempts. Integration with multi-factor authentication ensures that even if a password is compromised, access cannot be gained without an additional authentication factor such as a mobile app or hardware token. These policies are applied consistently across all domain-joined endpoints, reducing configuration errors and ensuring enterprise-wide compliance. Audit logs generated by Group Policy capture authentication events, password changes, and account lockouts, providing evidence for regulatory compliance, forensic investigations, and internal reviews. Centralized policy management also allows administrators to modify settings in a single location, automatically propagating changes across all systems, ensuring operational efficiency and adherence to security standards. By combining strong password enforcement, account lockouts, MFA, and centralized logging, Group Policy ensures that administrative accounts are protected against compromise and that all relevant activity is auditable.

B) Sticky Keys is an accessibility feature designed to assist users with keyboard limitations. It cannot enforce password policies, account lockouts, or MFA, and provides no auditing or compliance capabilities.

C) Paint is a graphics application with no capability to manage authentication, enforce security policies, or log access attempts. It offers no enterprise-level security functionality.

D) Windows Calculator performs arithmetic operations and cannot implement password policies, account lockouts, MFA, or auditing. It provides no control over authentication or compliance.

Group Policy with Password, Account Lockout, and MFA enforcement is correct because it enables centralized enforcement of strong authentication measures, mitigates security risks, and provides auditable logs for compliance, ensuring enterprise-wide protection of administrative accounts.

Question 102

A security administrator wants to centrally enforce application whitelisting on all Windows endpoints. Only approved applications should run, and unauthorized executions must be blocked and logged. Policies must apply automatically across the enterprise. Which solution BEST fulfills this requirement?

A) AppLocker with Group Policy integration
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) AppLocker with Group Policy integration

Explanation:

A) AppLocker allows administrators to create rules that define which applications, scripts, and installers are allowed to execute on Windows endpoints. Rules can be based on publisher, path, or cryptographic hash, ensuring granular control over software execution. Integration with Group Policy ensures that these rules are enforced automatically across all domain-joined devices, maintaining consistency and reducing the risk of unauthorized software running. AppLocker supports audit logging, capturing every attempt to run blocked applications, providing data for compliance reporting, forensic investigations, and security monitoring. By allowing only approved applications, AppLocker reduces the risk of malware execution, insider threats, and software policy violations. It supports multiple rule collections for executables, scripts, Windows Installer files, and packaged applications, enabling comprehensive enterprise-wide application control. Centralized management simplifies policy updates, deployment, and monitoring, ensuring that security enforcement is both effective and operationally efficient.

B) Sticky Keys is an accessibility tool and cannot enforce application control, block unauthorized software, or generate audit logs. It provides no security enforcement.

C) Paint is a graphics program and cannot manage software execution policies or provide auditing. It has no role in enterprise application control.

D) Windows Calculator performs arithmetic operations and cannot enforce execution rules or log unauthorized attempts. It provides no software restriction capabilities.

AppLocker with Group Policy integration is correct because it enables centralized application whitelisting, blocks unauthorized execution, logs all attempts, and ensures enterprise-wide enforcement, supporting security, compliance, and operational consistency.

Question 103

A company wants to centrally monitor CPU, memory, disk, and network utilization on all Windows endpoints. Administrators must identify resource-intensive processes, correlate usage with network connections, and generate reports for performance tuning and forensic analysis. Which tool BEST meets this requirement?

A) Resource Monitor
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Resource Monitor

Explanation:

A) Resource Monitor provides detailed, real-time monitoring of system resource usage including CPU, memory, disk I/O, and network activity. Administrators can identify processes consuming excessive resources, view associated services and threads, and track memory allocation and disk activity. Network monitoring allows correlation of resource utilization with active TCP connections, listening ports, and bandwidth, facilitating detection of unusual activity, malware, or misconfigured applications. Resource Monitor allows filtering of processes and resources, enabling targeted analysis for troubleshooting or forensic investigations. Unlike Task Manager, it offers more granular visibility, including disk queue lengths, process handles, and I/O activity per process, essential for enterprise-level performance monitoring. Integration with Performance Monitor enables historical trend tracking and reporting, supporting capacity planning and proactive performance management. This tool provides the visibility needed to maintain system stability, detect anomalies, and conduct detailed forensic or performance investigations.

B) Sticky Keys is an accessibility feature and cannot monitor system resources, identify processes, or correlate usage with network connections. It provides no administrative or forensic capability.

C) Paint is a graphics application and cannot provide visibility into CPU, memory, disk, or network usage. It cannot support troubleshooting, performance tuning, or forensic analysis.

D) Windows Calculator performs arithmetic operations and cannot monitor system resources, detect resource-intensive processes, or correlate network activity. It provides no enterprise monitoring functionality.

Resource Monitor is correct because it provides comprehensive, real-time visibility into system and network resource usage, process-level insights, and supports performance monitoring and forensic investigation.

Question 104

A security administrator wants all Windows event logs, including security, system, and application events, forwarded to a centralized SIEM for real-time alerting, correlation, and compliance reporting. Logs must be encrypted in transit and allow filtering of relevant events. Which solution BEST achieves this?

A) Windows Event Forwarding (WEF)
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Windows Event Forwarding (WEF)

Explanation:

A) Windows Event Forwarding enables secure transmission of event logs from multiple Windows endpoints to a centralized collector. WEF supports encryption using HTTPS or Kerberos, ensuring log integrity and preventing tampering during transit. Administrators can configure subscriptions to forward only relevant event types, such as security failures, critical system errors, or application warnings, reducing data noise while focusing on actionable information. Centralized collection integrates seamlessly with SIEM solutions for real-time analysis, correlation, alerting, and compliance reporting. WEF scales efficiently for large enterprises with thousands of endpoints, providing a consolidated view of system and security events. Logs forwarded via WEF maintain detailed audit trails, supporting forensic investigation, regulatory compliance, and internal security reviews. By combining encryption, filtering, and SIEM integration, WEF provides a comprehensive solution for centralized log management, real-time threat detection, and enterprise-wide monitoring.

B) Sticky Keys is an accessibility feature and cannot forward logs, filter events, or integrate with centralized monitoring. It provides no enterprise security capability.

C) Paint is a graphics application and cannot capture, forward, or filter event logs. It provides no centralized monitoring or compliance functionality.

D) Windows Calculator performs arithmetic operations and cannot manage or forward logs, provide encryption, or integrate with SIEM. It provides no security monitoring capability.

Windows Event Forwarding is correct because it securely forwards relevant logs to a centralized SIEM, supports filtering, enables real-time alerting, and ensures compliance and forensic readiness across all Windows endpoints.

Question 105

A company wants to prevent malware from spreading via removable storage while allowing only approved USB devices. Enforcement must be automatic, centrally managed, and all blocked attempts logged for auditing and compliance. Which solution BEST meets this requirement?

A) Group Policy Device Installation Restrictions
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Group Policy Device Installation Restrictions

Explanation:

A) Group Policy Device Installation Restrictions allows administrators to define which removable devices are authorized on Windows endpoints. Unauthorized devices are automatically blocked, preventing malware propagation, ransomware infections, and data exfiltration. Integration with Active Directory ensures centralized deployment of these policies across all domain-joined devices, eliminating the need for manual configuration. Logs of blocked attempts provide audit trails for compliance reporting, forensic investigations, and internal reviews. Policies can target devices by hardware ID, vendor ID, or device type, enabling granular control over approved media. This approach allows operational flexibility, permitting trusted USB devices while mitigating risks associated with external storage. Centralized enforcement combined with detailed logging ensures enterprise-wide security, protects against malware spread, and satisfies regulatory requirements. This proactive control of removable storage is critical for organizations concerned with data protection, regulatory compliance, and malware containment.

B) Sticky Keys is an accessibility tool and cannot control removable devices, block malware, or provide logging. It provides no enterprise security functionality.

C) Paint is a graphics application and cannot enforce device restrictions, manage policy, or generate logs. It provides no security control.

D) Windows Calculator performs arithmetic operations and cannot enforce device access policies, block unauthorized storage, or log activity. It provides no protection against malware or compliance enforcement.

Group Policy Device Installation Restrictions is correct because it enforces approved device usage, automatically blocks unauthorized storage, centrally manages policies, and provides audit trails to prevent malware propagation and ensure enterprise-wide security and compliance.

Question 106

A company wants to enforce that all Windows endpoints automatically update operating system patches, notify administrators of failed updates, and ensure compliance reporting across the enterprise. Which solution BEST achieves this requirement?

A) Windows Update for Business (WUfB) with Group Policy integration
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Windows Update for Business (WUfB) with Group Policy integration

Explanation:

A) Windows Update for Business provides centralized management of Windows update policies for enterprise devices. By integrating with Group Policy, administrators can configure automatic deployment of security updates, feature updates, and critical patches across all domain-joined endpoints. WUfB allows setting maintenance windows, deferral periods, and update approval levels to minimize disruption while maintaining system security. Administrators receive notifications of failed updates, enabling timely remediation and ensuring that no system remains vulnerable to known threats. Reporting capabilities track update compliance, providing evidence for internal audits and regulatory requirements. Centralized management ensures consistency in patch application across the enterprise, mitigating risks associated with delayed or missed updates. By enforcing automatic updates, providing monitoring and alerting, and integrating compliance reporting, WUfB with Group Policy ensures endpoint security and operational stability.

B) Sticky Keys is an accessibility feature and cannot manage updates, enforce patch policies, or provide reporting. It provides no enterprise update management capability.

C) Paint is a graphics application and cannot control operating system updates, report failures, or track compliance. It provides no operational or security management functionality.

D) Windows Calculator performs arithmetic operations and cannot enforce update policies, monitor compliance, or alert administrators to failures. It provides no enterprise patch management capability.

Windows Update for Business with Group Policy integration is correct because it enforces automatic updates, allows centralized monitoring, generates compliance reports, and ensures enterprise-wide security and patch management.

Question 107

A company wants to prevent unauthorized applications from running on Windows endpoints and maintain an audit trail for compliance. The solution must allow rules to be based on publisher signatures, file paths, or cryptographic hashes, and policies must apply automatically across the enterprise. Which solution BEST meets these requirements?

A) AppLocker with Group Policy integration
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) AppLocker with Group Policy integration

Explanation:

A) AppLocker allows administrators to define execution rules that permit or deny applications based on publisher digital signatures, file paths, or cryptographic hashes. Integration with Group Policy ensures these rules are enforced automatically across all domain-joined devices, providing consistency and reducing administrative overhead. AppLocker generates audit logs of attempted executions, including blocked applications, which can be used for compliance reporting and forensic investigations. By enforcing application whitelisting, AppLocker mitigates the risk of malware execution, unauthorized software installation, and insider threats. Multiple rule collections support executables, scripts, Windows Installer files, and packaged applications, allowing comprehensive control of software execution. Centralized management ensures that policy updates propagate automatically, providing enterprise-wide protection without requiring manual configuration. AppLocker’s combination of control, enforcement, and logging supports both operational security and compliance requirements.

B) Sticky Keys is an accessibility feature and cannot enforce application policies, block software, or log execution attempts. It provides no security or compliance functionality.

C) Paint is a graphics application and cannot control software execution, enforce whitelisting, or generate audit logs. It offers no enterprise-level protection.

D) Windows Calculator performs arithmetic operations and cannot enforce execution rules or log attempts. It provides no security or compliance capabilities.

AppLocker with Group Policy integration is correct because it centrally enforces application whitelisting, blocks unauthorized execution, logs all attempts, and ensures enterprise-wide compliance and security.

Question 108

A company wants to monitor CPU, memory, disk, and network usage on Windows endpoints in real time. Administrators must identify resource-intensive processes, correlate usage with network activity, and generate detailed reports for troubleshooting and forensic investigations. Which tool BEST meets these requirements?

A) Resource Monitor
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Resource Monitor

Explanation:

A) Resource Monitor provides real-time, detailed monitoring of system resources including CPU, memory, disk I/O, and network activity. Administrators can identify which processes are consuming excessive resources, view associated services, threads, and handles, and correlate resource usage with network connections. Network monitoring provides visibility into TCP connections, listening ports, and bandwidth utilization, allowing detection of suspicious or anomalous activity. Filtering and grouping capabilities enable targeted troubleshooting and forensic analysis without third-party tools. Resource Monitor supports both immediate investigation and integration with Performance Monitor for historical trend analysis, capacity planning, and predictive resource management. It is more granular than Task Manager, providing visibility into memory allocation, disk queue lengths, I/O operations, and thread activity per process, enabling deep analysis of system performance and security incidents. By providing detailed, process-level insight and correlation with network activity, Resource Monitor is essential for enterprise-level monitoring, troubleshooting, and forensic investigations.

B) Sticky Keys is an accessibility feature and cannot monitor system resources, identify processes, or correlate network activity. It provides no troubleshooting or security functionality.

C) Paint is a graphics application and cannot provide resource monitoring, process correlation, or network analysis. It offers no forensic or operational insight.

D) Windows Calculator performs arithmetic operations and cannot monitor or analyze system or network activity. It provides no enterprise monitoring capabilities.

Resource Monitor is correct because it provides detailed, real-time visibility into system resources, process-level insights, network correlation, and supports both troubleshooting and forensic investigation in an enterprise environment.

Question 109

A company requires that all Windows endpoints forward security, system, and application logs to a centralized SIEM. Logs must be encrypted, filtered for relevant events, and allow real-time correlation and alerting for compliance and security monitoring. Which solution BEST achieves this requirement?

A) Windows Event Forwarding (WEF)
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Windows Event Forwarding (WEF)

Explanation:

A) Windows Event Forwarding enables endpoints to send event logs securely to a centralized collector. WEF supports encryption via HTTPS or Kerberos to ensure log integrity and confidentiality during transit. Administrators can configure subscriptions to forward only relevant events, such as critical system errors, security violations, or application warnings, reducing noise while focusing on actionable events. Centralized collection allows integration with SIEM platforms for real-time correlation, alerting, and compliance reporting. WEF scales to enterprise environments with thousands of devices, providing consolidated visibility across all Windows endpoints. Logs forwarded via WEF maintain detailed audit trails, supporting forensic investigations, compliance reporting, and incident response. By combining encryption, filtering, and integration with centralized monitoring solutions, WEF provides a comprehensive solution for log management, threat detection, and regulatory compliance.

B) Sticky Keys is an accessibility feature and cannot forward logs, filter events, or integrate with centralized monitoring. It provides no security or compliance functionality.

C) Paint is a graphics program and cannot capture, forward, or filter event logs. It does not provide centralized monitoring, alerting, or compliance capabilities.

D) Windows Calculator performs arithmetic operations and cannot manage or transmit logs, provide encryption, or integrate with SIEM. It offers no security monitoring or compliance functionality.

Windows Event Forwarding is correct because it securely forwards relevant logs to a centralized SIEM, supports filtering, enables real-time alerting, and ensures compliance and forensic readiness across enterprise endpoints.

Question 110

A company wants to prevent malware from spreading via USB devices while allowing only approved removable storage. Enforcement must be automatic, centrally managed, and all blocked attempts logged for auditing. Which solution BEST meets these requirements?

A) Group Policy Device Installation Restrictions
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Group Policy Device Installation Restrictions

Explanation:

A) Group Policy Device Installation Restrictions allows administrators to define which removable devices are authorized on Windows endpoints. Unauthorized devices are automatically blocked, preventing malware propagation, ransomware attacks, and data exfiltration. Integration with Active Directory ensures centralized enforcement across all domain-joined devices, providing consistent enterprise-wide security. Detailed logging captures blocked attempts, supporting audit trails, compliance reporting, and forensic investigations. Policies can be configured based on hardware ID, vendor ID, or device type, enabling granular control of removable media. This approach allows operational flexibility by permitting approved devices while mitigating risks associated with external storage. Centralized management, automatic enforcement, and comprehensive logging make this solution effective for malware prevention and compliance. By blocking unauthorized storage and providing visibility into attempted device connections, the organization reduces attack surfaces and maintains enterprise security and regulatory compliance.

B) Sticky Keys is an accessibility tool and cannot control USB devices, enforce policies, or log attempts. It provides no enterprise-level malware protection.

C) Paint is a graphics application and cannot enforce removable device restrictions, block malware, or generate logs. It has no role in enterprise security.

D) Windows Calculator performs arithmetic operations and cannot manage removable storage, enforce policies, or generate compliance logs. It offers no security or compliance functionality.

Group Policy Device Installation Restrictions is correct because it enforces approved device usage, automatically blocks unauthorized media, centrally manages policies, and logs all blocked attempts to prevent malware propagation and ensure enterprise security and compliance.

Question 111

A company wants to enforce centralized monitoring of installed software on all Windows endpoints, automatically detect unapproved applications, generate compliance reports, and allow automated remediation. Which solution BEST fulfills this requirement?

A) Microsoft Endpoint Configuration Manager (SCCM) Inventory and Compliance
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Microsoft Endpoint Configuration Manager (SCCM) Inventory and Compliance

Explanation:

A) Microsoft Endpoint Configuration Manager (SCCM) provides enterprise-grade inventory and compliance management. SCCM automatically collects detailed information about installed software, system configuration, and hardware on all domain-joined devices. Administrators can define a list of approved applications and detect unauthorized installations. Compliance reports can be generated centrally for internal audits and regulatory requirements. SCCM also supports remediation actions, such as uninstalling unauthorized software, notifying users, or blocking noncompliant installations. Integration with Active Directory ensures that policies are applied consistently across all endpoints, reducing manual intervention and configuration errors. SCCM enables monitoring at scale, providing real-time visibility into software usage, policy compliance, and security risks. By combining automated detection, centralized reporting, and remediation, SCCM ensures operational efficiency, regulatory compliance, and enterprise security.

B) Sticky Keys is an accessibility feature and cannot inventory software, enforce compliance, or generate reports. It provides no enterprise-level management capability.

C) Paint is a graphics application and cannot collect inventory data, monitor software compliance, or perform remediation. It offers no visibility or control over enterprise endpoints.

D) Windows Calculator performs arithmetic operations and cannot monitor software, enforce policies, or generate audit reports. It provides no management functionality.

Microsoft Endpoint Configuration Manager is correct because it provides automated software inventory, detects unauthorized applications, generates compliance reports, and enables centralized remediation and enterprise-wide enforcement.

Question 112

A company wants to enforce encryption of all Windows endpoints, store encryption keys in hardware, allow recovery through centralized management, and ensure policies are automatically applied to all domain-joined devices. Which solution BEST meets these requirements?

A) BitLocker with TPM integration and Active Directory recovery
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) BitLocker with TPM integration and Active Directory recovery

Explanation:

A) BitLocker provides full-disk encryption for system and data volumes, protecting sensitive information from unauthorized access. TPM integration ensures that encryption keys are stored securely in hardware, preventing unauthorized access even if the drive is removed. Additional authentication methods, such as PINs or USB keys, provide extra layers of security. Active Directory recovery allows administrators to centrally manage recovery keys, enabling drives to be unlocked in the event of forgotten passwords or hardware failures. Group Policy integration ensures consistent, automatic application of encryption policies across all domain-joined devices, supporting enterprise-wide compliance and operational consistency. BitLocker also provides audit logs and reporting to track encryption status, detect noncompliant devices, and document recovery key usage for regulatory requirements. This combination of full-disk encryption, hardware-based key protection, centralized recovery, and automated policy enforcement ensures data confidentiality, operational continuity, and enterprise-wide security.

B) Sticky Keys is an accessibility tool and cannot encrypt disks, manage encryption keys, or provide centralized recovery. It provides no data protection or compliance functionality.

C) Paint is a graphics program and cannot enforce encryption, integrate with TPM, or manage recovery keys. It provides no enterprise security capability.

D) Windows Calculator performs arithmetic operations and cannot encrypt drives, store keys, or manage recovery. It provides no data security or policy enforcement.

BitLocker with TPM integration and Active Directory recovery is correct because it automatically encrypts disks, leverages hardware key security, provides centralized recovery, and enforces enterprise-wide policies to protect sensitive data.

Question 113

A security administrator wants to detect and investigate potential malware activity on Windows endpoints by examining scheduled tasks, triggers, history, and associated executable paths without altering system state. Which tool BEST supports this investigation?

A) Task Scheduler
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Task Scheduler

Explanation:

A) Task Scheduler allows administrators to view and analyze all scheduled tasks on a Windows endpoint. Detailed information includes triggers (e.g., time or event-based), actions (e.g., executed programs or scripts), history of execution, and the user context under which the task runs. This enables detection of malicious tasks created by malware to maintain persistence on the system. By analyzing tasks without modifying them, Task Scheduler preserves system integrity for forensic investigations. Administrators can filter tasks by user, trigger type, or task status to focus on suspicious activity. Examining scheduled tasks allows detection of unauthorized automated processes, identification of malicious scripts or executables, and correlation with other observed system anomalies. Task Scheduler is essential for post-compromise analysis, security investigations, and forensic readiness, providing visibility into potentially malicious automated activity without risking alteration of the system state.

B) Sticky Keys is an accessibility feature and cannot inspect scheduled tasks, triggers, or history. It provides no investigative or forensic functionality.

C) Paint is a graphics application and cannot examine task schedules, executable actions, or logs. It provides no visibility into malware persistence or automated processes.

D) Windows Calculator performs arithmetic operations and cannot monitor or analyze scheduled tasks. It provides no forensic or investigative functionality.

Task Scheduler is correct because it allows detailed analysis of scheduled tasks, triggers, execution history, and executable paths without altering the system, enabling administrators to detect and investigate potential malware activity.

Question 114

A company wants to ensure that all PowerShell activity on Windows endpoints is logged, including commands executed, scripts run, modules loaded, and user context, and that logs are forwarded to a SIEM for correlation and alerting. Which configuration BEST meets this requirement?

A) Enable PowerShell Script Block Logging and Module Logging with Event Forwarding
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Enable PowerShell Script Block Logging and Module Logging with Event Forwarding

Explanation

A) PowerShell Script Block Logging captures the full content of all executed scripts, including inline and dynamically generated code, while Module Logging records commands executed within specific modules. Event Forwarding securely transmits these logs to a centralized SIEM, enabling correlation, alerting, and compliance monitoring. This configuration provides administrators with complete visibility into PowerShell activity, including administrative tasks, automation, and potential malicious activity. By tracking executed commands, user context, and modules used, administrators can detect suspicious behavior, identify unauthorized scripts, and perform forensic analysis. Centralized log collection via SIEM integration ensures enterprise-wide monitoring, allowing rapid detection of anomalies and providing audit trails for regulatory compliance. Combining Script Block Logging, Module Logging, and Event Forwarding ensures both real-time monitoring and long-term forensic readiness.

B) Sticky Keys is an accessibility feature and cannot capture PowerShell commands, log scripts, or forward events to a SIEM. It provides no security monitoring capability.

C) Paint is a graphics program and cannot track PowerShell activity, log executed scripts, or forward logs for correlation. It provides no investigative functionality.

D) Windows Calculator performs arithmetic operations and cannot capture commands, scripts, or modules, nor forward logs for analysis. It provides no security or compliance functionality.

Enabling PowerShell Script Block Logging and Module Logging with Event Forwarding is correct because it ensures comprehensive monitoring of PowerShell activity, captures user context, integrates with a SIEM for real-time alerting, and supports enterprise-wide auditing and forensic investigations.

Question 115

A company wants to prevent malware from spreading via removable storage while allowing only approved USB devices. Enforcement must be automatic, centrally managed, and all blocked attempts logged for auditing and compliance. Which solution BEST meets this requirement?

A) Group Policy Device Installation Restrictions
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Group Policy Device Installation Restrictions

Explanation:

A) Group Policy Device Installation Restrictions allows administrators to define which removable devices are authorized on Windows endpoints. Unauthorized devices are automatically blocked, preventing malware propagation, ransomware infections, and unauthorized data exfiltration. Centralized management via Active Directory ensures that policies are consistently applied across all domain-joined devices. Logs of blocked device attempts provide detailed audit trails for compliance reporting, regulatory audits, and forensic investigation. Administrators can configure policies based on hardware ID, vendor ID, or device type, providing granular control over removable media. This approach balances operational needs by permitting approved devices while mitigating risks associated with external storage. Automatic enforcement, centralized control, and comprehensive logging make this solution effective for enterprise-wide malware prevention and compliance. By ensuring only trusted removable storage is used and logging all unauthorized attempts, organizations reduce attack surfaces and maintain regulatory compliance.

B) Sticky Keys is an accessibility tool and cannot restrict USB devices, block malware, or generate logs. It provides no enterprise security functionality.

C) Paint is a graphics application and cannot enforce device restrictions, block malware, or provide audit logging. It provides no protection or compliance capability.

D) Windows Calculator performs arithmetic operations and cannot manage removable storage or enforce policies. It provides no enterprise-level malware protection or compliance support.

Group Policy Device Installation Restrictions is correct because it blocks unauthorized devices, enforces centralized policies, logs all blocked attempts, and ensures enterprise-wide protection against malware propagation and compliance violations.

Question 116

A company wants to enforce multi-factor authentication (MFA) on all Windows endpoints when accessing sensitive resources from untrusted networks. Policies must be centrally managed, logged for auditing, and support integration with Active Directory. Which solution BEST meets this requirement?

A) Conditional Access Policies with MFA integrated into Active Directory
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Conditional Access Policies with MFA integrated into Active Directory

Explanation:

A) Conditional Access Policies provide enterprise-wide control over how users access sensitive resources based on contextual information such as location, device compliance, and risk level. By requiring MFA for untrusted networks, these policies prevent unauthorized access even if credentials are compromised. Integration with Active Directory ensures policies are applied consistently across all domain-joined devices, providing centralized management and enforcement. Logging captures all access attempts, successful or failed, which supports compliance reporting and forensic investigations. Conditional Access supports adaptive security, adjusting requirements based on risk or device health, allowing flexibility while maintaining security. This centralized, automated approach reduces human error, ensures consistency across the enterprise, and provides evidence for internal and external audits. It mitigates credential-based attacks and enforces a secure authentication posture for high-value resources.

B) Sticky Keys is an accessibility feature and cannot enforce authentication policies, log access attempts, or integrate with Active Directory. It provides no enterprise security capability.

C) Paint is a graphics program and cannot manage authentication, enforce MFA, or generate audit logs. It provides no security or compliance functionality.

D) Windows Calculator performs arithmetic operations and cannot enforce conditional access or MFA. It provides no visibility or control over authentication events.

Conditional Access Policies with MFA integrated into Active Directory is correct because it enforces secure access based on risk, integrates centrally with the enterprise directory, provides audit-ready logging, and supports adaptive security policies for enterprise-wide protection.

Question 117

A company wants to prevent unauthorized software installations and enforce approved applications on Windows endpoints. Policies must be automatically applied across all devices, and all blocked attempts must be logged for compliance and auditing. Which solution BEST meets these requirements?

A) AppLocker with Group Policy integration
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) AppLocker with Group Policy integration

Explanation:

A) AppLocker allows administrators to define execution rules for applications, scripts, and installers based on publisher, path, or cryptographic hash. Integration with Group Policy ensures rules are enforced automatically across all domain-joined devices, providing enterprise-wide consistency. AppLocker generates logs of blocked attempts, enabling auditing, compliance reporting, and forensic investigation. By enforcing application whitelisting, AppLocker mitigates malware execution, unauthorized software installations, and insider threats. Multiple rule collections allow granular control over executables, scripts, Windows Installer files, and packaged applications. Centralized management ensures that policy changes propagate automatically to all endpoints, reducing administrative overhead and ensuring consistent security enforcement. This combination of automatic enforcement, logging, and centralized management ensures enterprise-level control over software execution and compliance with regulatory standards.

B) Sticky Keys is an accessibility feature and cannot enforce software restrictions, block unauthorized applications, or generate audit logs. It provides no security enforcement.

C) Paint is a graphics program and cannot control software execution, enforce whitelisting, or log application attempts. It offers no enterprise-level security capabilities.

D) Windows Calculator performs arithmetic operations and cannot manage application execution or auditing. It provides no compliance or security functionality.

AppLocker with Group Policy integration is correct because it enforces enterprise-wide software control, blocks unauthorized executions, logs attempts for compliance, and provides centralized policy management.

Question 118

A company wants to monitor Windows endpoint performance in real time, including CPU, memory, disk, and network usage. Administrators must identify resource-intensive processes, correlate network connections with process activity, and generate reports for troubleshooting and forensic analysis. Which tool BEST meets these requirements?

A) Resource Monitor
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Resource Monitor

Explanation:

A) Resource Monitor provides detailed, real-time visibility into CPU, memory, disk, and network usage on Windows endpoints. Administrators can see which processes are consuming excessive resources, analyze associated threads, services, and handles, and correlate resource usage with active network connections. Network monitoring identifies TCP connections, listening ports, and bandwidth utilization, allowing detection of anomalies, malware, or misconfigured applications. Filtering capabilities enable administrators to isolate specific processes or resources for detailed troubleshooting. Resource Monitor supports integration with Performance Monitor for historical trend analysis, capacity planning, and predictive resource management. Compared to Task Manager, it provides deeper insight, including disk queue lengths, I/O operations per process, memory allocation, and thread activity. This level of granularity is essential for enterprise troubleshooting, forensic investigation, and performance optimization, providing administrators with the ability to detect anomalies, identify root causes, and maintain operational stability across all endpoints.

B) Sticky Keys is an accessibility feature and cannot monitor system or network resources, correlate processes, or generate reports. It provides no investigative or performance monitoring capability.

C) Paint is a graphics application and cannot track CPU, memory, disk, or network activity, nor correlate processes with network usage. It offers no forensic or troubleshooting capability.

D) Windows Calculator performs arithmetic operations and cannot monitor resource utilization, network connections, or process activity. It provides no enterprise-level performance or investigative functionality.

Resource Monitor is correct because it provides comprehensive, real-time monitoring of system and network resources, supports detailed analysis of processes, correlates resource usage with network activity, and generates reports for troubleshooting and forensic investigations.

Question 119

A company wants all Windows endpoint event logs, including security, system, and application logs, to be forwarded to a centralized SIEM. Logs must be encrypted, filtered for relevant events, and allow real-time correlation and alerting for compliance and monitoring. Which solution BEST fulfills this requirement?

A) Windows Event Forwarding (WEF)
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Windows Event Forwarding (WEF)

Explanation:

A) Windows Event Forwarding (WEF) allows centralized collection of event logs from multiple Windows endpoints. WEF supports encryption using HTTPS or Kerberos, ensuring the integrity and confidentiality of log data in transit. Administrators can configure subscriptions to forward only relevant events, such as critical system errors, security failures, or application warnings, reducing noise and focusing on actionable events. Centralized collection enables integration with SIEM solutions for real-time correlation, alerting, and compliance reporting. WEF scales to enterprise environments, supporting thousands of endpoints while maintaining detailed audit trails for forensic investigations, regulatory compliance, and internal security reviews. Combined with filtering, encryption, and SIEM integration, WEF provides a secure, centralized, and scalable solution for log management, threat detection, and compliance monitoring.

B) Sticky Keys is an accessibility feature and cannot forward logs, filter events, or integrate with SIEM. It provides no enterprise security monitoring capability.

C) Paint is a graphics application and cannot collect, forward, or filter event logs. It provides no centralized monitoring or auditing functionality.

D) Windows Calculator performs arithmetic operations and cannot manage logs, provide encryption, or integrate with SIEM. It offers no security or compliance functionality.

Windows Event Forwarding is correct because it securely forwards relevant logs, supports filtering, enables real-time alerting, and ensures compliance and forensic readiness across all enterprise endpoints.

Question 120

A company wants to prevent malware propagation through removable USB storage while allowing only approved devices. Enforcement must be automatic, centrally managed, and all blocked attempts logged for auditing and compliance purposes. Which solution BEST meets this requirement?

A) Group Policy Device Installation Restrictions
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Group Policy Device Installation Restrictions

Explanation:

A) Group Policy Device Installation Restrictions allows administrators to define which removable devices are authorized on Windows endpoints. Unauthorized devices are automatically blocked, preventing malware propagation, ransomware attacks, and data exfiltration. Centralized management via Active Directory ensures consistent enforcement across all domain-joined devices. Detailed logs capture all blocked device attempts, supporting compliance reporting, forensic analysis, and regulatory audits. Policies can target devices based on hardware ID, vendor ID, or device type, enabling granular control over removable media. This solution balances operational needs by allowing approved devices while mitigating risks from untrusted media. Automatic enforcement, centralized management, and comprehensive logging ensure enterprise-wide protection and compliance. By restricting unauthorized storage and providing visibility into blocked attempts, organizations can maintain security and regulatory adherence.

B) Sticky Keys is an accessibility tool and cannot restrict USB devices, block malware, or generate logs. It provides no enterprise-level security functionality.

C) Paint is a graphics application and cannot enforce device restrictions, block malware, or log events. It provides no protection or compliance functionality.

D) Windows Calculator performs arithmetic operations and cannot manage removable storage, enforce policies, or log activity. It provides no enterprise malware protection or compliance capability.

Group Policy Device Installation Restrictions is correct because it blocks unauthorized removable devices, centrally manages policies, logs all attempts, and ensures enterprise-wide protection against malware propagation and compliance violations.