CompTIA 220-1102 A+ Certification Exam: Core 2 Dumps and Practice Test Questions Set 8 Q141-160

Visit here for our full CompTIA 220-1102 exam dumps and practice test questions.

Question 141

A company wants to enforce centralized patch management on all Windows endpoints, ensuring that security updates, feature updates, and application updates are applied automatically, with reporting on compliance status. Which solution BEST meets this requirement?

A) Windows Server Update Services (WSUS) with Group Policy integration
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Windows Server Update Services (WSUS) with Group Policy integration

Explanation:

A) WSUS allows administrators to centrally manage the deployment of Windows updates, including security patches, feature updates, and software updates. Integration with Group Policy ensures that all domain-joined endpoints receive updates according to a defined schedule, preventing devices from becoming vulnerable due to outdated software. WSUS provides detailed reporting on update compliance, showing which devices are up-to-date, missing patches, or experiencing failures. Administrators can approve, decline, or schedule updates, allowing control over update deployment while maintaining operational continuity. Centralized patch management reduces the risk of malware, exploits, and security breaches caused by unpatched vulnerabilities. By combining automatic updates, centralized management, and compliance reporting, WSUS ensures enterprise-wide security, reduces administrative overhead, and supports regulatory requirements for maintaining secure and compliant systems.

B) Sticky Keys is an accessibility feature and cannot manage updates, enforce patch policies, or generate compliance reports. It provides no enterprise security functionality.

C) Paint is a graphics application and cannot deploy or manage software updates, enforce patch compliance, or report on update status. It provides no security or administrative functionality.

D) Windows Calculator performs arithmetic operations and cannot manage or enforce updates, nor generate compliance reports. It provides no security or patch management capabilities.

WSUS with Group Policy integration is correct because it enables centralized update management, automatic deployment, compliance reporting, and enterprise-wide security enforcement.

Question 142

A company wants to enforce multi-factor authentication (MFA) for users accessing corporate applications on Windows endpoints from untrusted networks, log all authentication attempts, and ensure centralized policy enforcement. Which solution BEST meets this requirement?

A) Conditional Access Policies with MFA integrated into Active Directory
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Conditional Access Policies with MFA integrated into Active Directory

Explanation:

A) Conditional Access Policies enforce authentication requirements based on contextual conditions such as network location, device health, and user risk level. Requiring MFA for access from untrusted networks mitigates the risk of credential theft and unauthorized access. Integration with Active Directory allows policies to be centrally managed and automatically applied across all domain-joined devices. Logging of all authentication attempts, including successes and failures, provides visibility for compliance audits, security monitoring, and forensic investigation. Conditional Access supports adaptive enforcement, dynamically adjusting authentication requirements based on risk analysis and device posture. This ensures both security and usability by balancing access requirements with operational efficiency. By combining MFA enforcement, centralized management, logging, and adaptive policy, organizations can secure sensitive resources, maintain compliance, and detect suspicious activity across the enterprise.

B) Sticky Keys is an accessibility feature and cannot enforce MFA, log authentication events, or integrate with directory policies. It provides no enterprise security functionality.

C) Paint is a graphics application and cannot enforce authentication policies, MFA, or logging. It provides no security or compliance capability.

D) Windows Calculator performs arithmetic operations and cannot enforce authentication policies, monitor access, or log events. It provides no enterprise-level security functionality.

Conditional Access Policies with MFA integrated into Active Directory is correct because it enforces strong authentication based on risk, centrally manages policies, logs all access attempts, and ensures enterprise-wide security and compliance.

Question 143

A company wants to prevent execution of unapproved scripts and PowerShell commands on Windows endpoints while maintaining logs of allowed and blocked activity for auditing. Which solution BEST meets this requirement?

A) PowerShell Constrained Language Mode with AppLocker or Group Policy execution restrictions
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) PowerShell Constrained Language Mode with AppLocker or Group Policy execution restrictions

Explanation:

A) PowerShell Constrained Language Mode limits the commands and scripts that users can execute, restricting potentially malicious or unauthorized actions. Combined with AppLocker or Group Policy execution restrictions, administrators can whitelist approved scripts while blocking all others. This ensures security while allowing necessary administrative automation. Logging captures all execution attempts, whether allowed or blocked, enabling auditing, forensic investigation, and regulatory compliance reporting. Centralized policy enforcement via Group Policy ensures consistent application across all domain-joined endpoints. By restricting unauthorized PowerShell activity and logging attempts, organizations reduce the risk of malware execution, insider threats, and accidental misconfigurations. Detailed logging provides visibility into attempted and successful script execution, supporting compliance, security monitoring, and enterprise-wide enforcement of policy standards.

B) Sticky Keys is an accessibility tool and cannot restrict PowerShell commands, enforce execution policies, or generate logs. It provides no security or auditing functionality.

C) Paint is a graphics program and cannot enforce script execution restrictions, monitor activity, or log events. It provides no enterprise-level compliance or security capability.

D) Windows Calculator performs arithmetic operations and cannot restrict scripts, enforce policies, or log execution activity. It provides no protection against malicious scripting or policy violations.

PowerShell Constrained Language Mode with AppLocker or Group Policy execution restrictions is correct because it prevents unapproved script execution, enforces centralized policies, logs all activity for auditing, and mitigates the risk of malware or unauthorized automation.

Question 144

A company wants to ensure all Windows endpoint logs are collected centrally, encrypted during transit, filtered for relevant events, and forwarded to a SIEM for real-time correlation, alerting, and auditing. Which solution BEST meets this requirement?

A) Windows Event Forwarding (WEF) with SIEM integration
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Windows Event Forwarding (WEF) with SIEM integration

Explanation:

A) Windows Event Forwarding enables centralized collection of Windows event logs, including security, system, and application events. Logs can be encrypted using HTTPS or Kerberos to ensure confidentiality and integrity. Administrators can configure subscriptions to forward only relevant events, reducing noise and focusing on actionable incidents such as failed logins, privilege escalations, or suspicious application launches. Integration with SIEM platforms enables real-time correlation, alerting, and compliance reporting. WEF scales to enterprise environments, supporting thousands of endpoints while maintaining detailed audit trails for forensic investigation and regulatory compliance. Centralized log collection allows administrators to detect anomalies, respond quickly to security incidents, and maintain enterprise-wide visibility. Combined with filtering, secure transmission, SIEM integration, and logging, WEF ensures comprehensive monitoring, operational awareness, and compliance readiness.

B) Sticky Keys is an accessibility feature and cannot collect, forward, or filter logs, nor provide SIEM integration. It provides no security monitoring functionality.

C) Paint is a graphics application and cannot capture, transmit, or filter logs, or generate alerts. It provides no centralized monitoring or compliance functionality.

D) Windows Calculator performs arithmetic operations and cannot forward logs, ensure encryption, or provide alerting. It provides no enterprise monitoring or compliance capability.

Windows Event Forwarding with SIEM integration is correct because it securely collects relevant logs, supports filtering, enables real-time correlation and alerting, and ensures audit readiness and enterprise-wide monitoring.

Question 145

A company wants to prevent malware propagation through removable USB storage while allowing only authorized devices. Enforcement must be automatic, centrally managed, and all blocked attempts logged for auditing and compliance. Which solution BEST meets this requirement?

A) Group Policy Device Installation Restrictions
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Group Policy Device Installation Restrictions

Explanation:

A) Group Policy Device Installation Restrictions allows administrators to define which removable devices are authorized on Windows endpoints. Unauthorized devices are automatically blocked, preventing malware, ransomware, and data exfiltration. Centralized enforcement through Active Directory ensures consistent application of policies across all domain-joined devices. Detailed logging captures all blocked attempts, supporting forensic investigations, compliance reporting, and regulatory audits. Policies can be based on hardware ID, vendor ID, or device type, providing granular control over removable storage. Automatic enforcement ensures enterprise-wide protection while maintaining operational efficiency. By maintaining visibility into blocked device attempts, organizations reduce attack surfaces, enforce regulatory compliance, and protect sensitive data from malicious or unauthorized media.

B) Sticky Keys is an accessibility feature and cannot restrict USB devices, block malware, or generate logs. It provides no enterprise-level security or compliance functionality.

C) Paint is a graphics application and cannot enforce removable device restrictions, prevent malware, or provide audit logs. It provides no security or compliance capability.

D) Windows Calculator performs arithmetic operations and cannot manage removable storage, enforce policies, or log activity. It provides no protection against malware or compliance enforcement.

Group Policy Device Installation Restrictions is correct because it automatically blocks unauthorized removable devices, centrally enforces policies, logs all attempts, and ensures enterprise-wide protection and regulatory compliance.

Question 146

A company wants to enforce centralized management of Windows firewall rules across all endpoints, ensuring that inbound and outbound traffic is controlled, unapproved applications are blocked, and violations are logged for auditing. Which solution BEST meets this requirement?

A) Group Policy Windows Firewall with Advanced Security
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Group Policy Windows Firewall with Advanced Security

Explanation:

A) Group Policy Windows Firewall with Advanced Security allows administrators to define inbound and outbound rules for all domain-joined endpoints centrally. Rules can control traffic based on ports, protocols, IP addresses, and applications. Integration with Active Directory ensures rules are automatically applied across all endpoints, maintaining enterprise-wide consistency and reducing administrative errors. Logging captures allowed and blocked traffic, providing a detailed audit trail for compliance, security monitoring, and forensic investigation. Advanced Security features include connection security rules (IPsec), rule scoping, and profile-specific enforcement for domain, private, and public networks. By centrally managing firewall rules and monitoring network traffic, administrators can reduce the attack surface, prevent unauthorized access, and maintain regulatory compliance. This approach ensures security policies are applied consistently across the enterprise while providing visibility into network activity.

B) Sticky Keys is an accessibility feature and cannot enforce firewall rules, block traffic, or generate logs. It provides no enterprise security functionality.

C) Paint is a graphics application and cannot control network traffic, enforce firewall rules, or log events. It provides no enterprise-level security or compliance functionality.

D) Windows Calculator performs arithmetic operations and cannot enforce network rules, log traffic, or provide auditing capabilities. It provides no security or compliance functionality.

Group Policy Windows Firewall with Advanced Security is correct because it centrally enforces firewall rules, blocks unauthorized applications, logs network events, and provides enterprise-wide compliance and protection.

Question 147

A company wants to automatically encrypt all removable drives, store recovery keys securely, and allow centralized recovery if users forget passwords. Which solution BEST fulfills these requirements?

A) BitLocker To Go with Active Directory recovery key integration
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) BitLocker To Go with Active Directory recovery key integration

Explanation:

A) BitLocker To Go provides full-volume encryption for removable storage such as USB drives and external hard drives. Recovery keys can be stored in Active Directory, enabling centralized recovery if a user forgets the password. Group Policy can enforce automatic encryption of all removable drives when connected to Windows endpoints, preventing unencrypted data transfers. Logging captures encryption and recovery events for auditing and compliance purposes. By enforcing encryption automatically and managing recovery centrally, organizations protect sensitive data, reduce risks from lost or stolen removable storage, and maintain regulatory compliance. BitLocker To Go ensures that encryption is applied consistently across all endpoints and that recovery procedures are available without compromising security.

B) Sticky Keys is an accessibility tool and cannot encrypt removable drives, manage recovery keys, or enforce policies. It provides no enterprise-level data protection.

C) Paint is a graphics application and cannot manage encryption, recovery keys, or enforce policies. It provides no security or compliance functionality.

D) Windows Calculator performs arithmetic operations and cannot encrypt drives, store recovery keys, or enforce policies. It provides no protection for sensitive data.

BitLocker To Go with Active Directory recovery key integration is correct because it automatically encrypts removable storage, stores recovery keys securely, enables centralized recovery, and ensures compliance and enterprise-wide data protection.

Question 148

A company wants to detect and prevent execution of unapproved scripts and PowerShell commands while logging allowed and blocked attempts for auditing and compliance. Which solution BEST meets this requirement?

A) PowerShell Constrained Language Mode with AppLocker or Group Policy execution restrictions
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) PowerShell Constrained Language Mode with AppLocker or Group Policy execution restrictions

Explanation:

A) PowerShell Constrained Language Mode restricts the commands and scripts users can execute, limiting the ability to run potentially malicious code. Combined with AppLocker or Group Policy execution restrictions, administrators can whitelist approved scripts while blocking all others. All attempts, whether allowed or blocked, are logged for auditing, forensic investigation, and compliance reporting. Centralized policy enforcement ensures that all domain-joined endpoints are uniformly protected. Restricting unapproved PowerShell activity mitigates the risk of malware execution, insider threats, and accidental misconfigurations. Detailed logging provides visibility into attempted and successful script execution, supporting compliance and regulatory audits. This combination of execution restriction, centralized policy enforcement, and detailed logging enhances endpoint security while maintaining operational efficiency.

B) Sticky Keys is an accessibility feature and cannot restrict scripts, enforce execution policies, or log activity. It provides no enterprise-level security or compliance functionality.

C) Paint is a graphics program and cannot enforce PowerShell restrictions, monitor script activity, or generate logs. It provides no auditing or security functionality.

D) Windows Calculator performs arithmetic operations and cannot restrict scripts, enforce policies, or log execution activity. It provides no protection against malware or policy violations.

PowerShell Constrained Language Mode with AppLocker or Group Policy execution restrictions is correct because it prevents unapproved script execution, enforces enterprise-wide policy, logs all activity, and supports auditing and regulatory compliance.

Question 149

A company wants to collect all Windows endpoint logs centrally, encrypt them during transmission, filter for relevant events, and forward them to a SIEM for real-time alerting and compliance reporting. Which solution BEST meets this requirement?

A) Windows Event Forwarding (WEF) with SIEM integration
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Windows Event Forwarding (WEF) with SIEM integration

Explanation:

A) Windows Event Forwarding enables centralized collection of Windows logs, including security, system, and application events. Logs can be encrypted using HTTPS or Kerberos to ensure confidentiality and integrity. Administrators can configure subscriptions to forward only relevant events, such as failed logins, privilege escalations, or critical application errors. Integration with SIEM allows real-time correlation, alerting, and compliance reporting. WEF supports enterprise-scale deployments with thousands of endpoints and provides detailed audit trails for forensic investigations and regulatory compliance. Centralized log collection ensures administrators can quickly detect anomalies, respond to incidents, and maintain enterprise-wide visibility. Secure transmission, event filtering, SIEM integration, and detailed logging together provide comprehensive monitoring, operational awareness, and compliance readiness.

B) Sticky Keys is an accessibility feature and cannot collect logs, encrypt events, or integrate with SIEM. It provides no monitoring or compliance functionality.

C) Paint is a graphics application and cannot capture, transmit, or filter logs. It provides no centralized monitoring or audit functionality.

D) Windows Calculator performs arithmetic operations and cannot forward logs, encrypt them, or provide alerting. It offers no enterprise-level monitoring or compliance capabilities.

Windows Event Forwarding with SIEM integration is correct because it securely collects logs, filters relevant events, supports real-time correlation and alerting, and ensures enterprise-wide auditing and compliance.

Question 150

A company wants to prevent malware propagation through removable USB storage, allow only authorized devices, centrally enforce policies, and log all blocked attempts for auditing. Which solution BEST meets this requirement?

A) Group Policy Device Installation Restrictions
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Group Policy Device Installation Restrictions

Explanation:

A) Group Policy Device Installation Restrictions allows administrators to define which removable devices are authorized on Windows endpoints. Unauthorized devices are automatically blocked, preventing malware, ransomware, and unauthorized data exfiltration. Centralized enforcement via Active Directory ensures policies are applied consistently across all domain-joined devices. Detailed logs capture all blocked attempts, supporting forensic investigations, compliance reporting, and regulatory audits. Administrators can define policies based on hardware ID, vendor ID, or device type, allowing granular control over removable storage. Automatic enforcement ensures enterprise-wide protection while maintaining operational efficiency. Visibility into blocked attempts helps reduce attack surfaces, enforce regulatory compliance, and protect sensitive data from malicious or unauthorized devices.

B) Sticky Keys is an accessibility feature and cannot block USB devices, prevent malware propagation, or generate logs. It provides no enterprise-level security or compliance functionality.

C) Paint is a graphics application and cannot enforce removable storage restrictions, block malware, or provide audit logs. It provides no security or compliance functionality.

D) Windows Calculator performs arithmetic operations and cannot manage removable devices, enforce policies, or log events. It provides no protection against malware or compliance enforcement.

Group Policy Device Installation Restrictions is correct because it automatically blocks unauthorized removable devices, enforces centralized policies, logs all attempts, and ensures enterprise-wide protection and regulatory compliance.

Question 151

A company wants to implement centralized monitoring of CPU, memory, disk, and network usage on all Windows endpoints to detect performance bottlenecks and potential security incidents. Which tool BEST meets this requirement?

A) Resource Monitor
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Resource Monitor

Explanation:

A) Resource Monitor is a built-in Windows tool that provides detailed, real-time insights into CPU, memory, disk, and network usage. It allows administrators to identify resource-intensive processes, monitor thread and handle activity, and correlate resource usage with network connections. For example, a process with unusually high network traffic might indicate malware or unauthorized data exfiltration. Filtering and sorting features enable administrators to focus on specific processes, services, or network ports. Resource Monitor also provides information about disk queue length, I/O operations, and memory allocation per process. Historical performance data can be captured using Performance Monitor integration for trend analysis, troubleshooting, and capacity planning. By providing detailed, real-time visibility, Resource Monitor enables administrators to detect both performance issues and potential security threats proactively. It supports forensic investigations by allowing correlation between resource spikes, user activity, and security events. Compared to Task Manager, Resource Monitor offers granular detail, including per-thread CPU utilization, active TCP connections, and disk I/O per process, making it a comprehensive tool for performance and security monitoring.

B) Sticky Keys is an accessibility feature designed to assist users with physical disabilities. It does not provide visibility into system resources, cannot monitor CPU or memory usage, and offers no security or performance monitoring capabilities.

C) Paint is a graphics application and cannot monitor system performance or network activity. It provides no insights into resource utilization or security events.

D) Windows Calculator is a basic utility for arithmetic operations. It cannot monitor CPU, memory, disk, or network usage and offers no diagnostic or security functionality.

Resource Monitor is correct because it provides comprehensive, real-time monitoring of all critical system resources, supports correlation of system and network activity, and allows administrators to identify performance bottlenecks and potential security incidents across all Windows endpoints.

Question 152

A company wants to enforce multi-factor authentication (MFA) for Windows endpoints accessing corporate resources from untrusted networks. Policies must be centrally managed and adaptive based on device compliance and user risk. Which solution BEST meets this requirement?

A) Conditional Access Policies with MFA integrated into Active Directory
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Conditional Access Policies with MFA integrated into Active Directory

Explanation:

A) Conditional Access Policies provide a framework for enforcing MFA based on contextual conditions such as network location, device health, and user risk profile. Integration with Active Directory enables centralized policy management and automatic application across all domain-joined devices. This ensures consistent enforcement while allowing adaptive security: MFA requirements can adjust dynamically based on device compliance, location, or unusual behavior. Logs of all authentication attempts, both successful and failed, are collected to support auditing, compliance reporting, and forensic investigations. By combining MFA with risk-based conditions, organizations reduce the likelihood of unauthorized access due to stolen credentials while maintaining user productivity. Conditional Access also integrates with SIEM and monitoring systems to alert administrators of unusual authentication patterns, supporting proactive threat detection. This solution balances strong security with operational efficiency, providing enterprise-wide visibility and regulatory compliance.

B) Sticky Keys is an accessibility feature and cannot enforce MFA, monitor authentication, or integrate with directory services. It provides no enterprise security functionality.

C) Paint is a graphics application and cannot enforce authentication policies, log access events, or perform adaptive security functions. It provides no compliance or security capability.

D) Windows Calculator performs arithmetic operations and cannot manage authentication policies, enforce MFA, or collect audit logs. It provides no enterprise-level security functionality.

Conditional Access Policies with MFA integrated into Active Directory is correct because it centrally enforces risk-based authentication, adapts dynamically to threats, logs all activity for auditing, and ensures enterprise-wide security and compliance.

Question 153

A company wants to prevent execution of unapproved applications and scripts on Windows endpoints while maintaining logs of blocked and allowed activity for auditing and compliance. Which solution BEST meets this requirement?

A) AppLocker with Group Policy integration
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) AppLocker with Group Policy integration

Explanation:

A) AppLocker enables administrators to define rules that control execution of applications, scripts, and installers. Rules can be based on publisher signatures, file paths, or cryptographic hashes. Integration with Group Policy ensures automatic enforcement across all domain-joined devices, providing consistent protection enterprise-wide. AppLocker generates logs of allowed and blocked execution attempts, which can be forwarded to a SIEM or auditing system for compliance reporting and forensic investigation. Application whitelisting ensures that only authorized software runs, mitigating risks from malware, unauthorized software installation, and insider threats. AppLocker supports multiple rule collections, including executables, scripts, Windows Installer files, and packaged apps, allowing granular control. Centralized deployment and logging reduce administrative overhead and provide visibility for compliance purposes, ensuring regulatory and operational security requirements are met.

B) Sticky Keys is an accessibility feature and cannot control application execution, enforce rules, or generate logs. It provides no security or auditing capability.

C) Paint is a graphics application and cannot restrict application execution, monitor activity, or create compliance logs. It provides no enterprise-level security functionality.

D) Windows Calculator performs arithmetic operations and cannot enforce execution policies, block applications, or log activity. It provides no security or compliance functionality.

AppLocker with Group Policy integration is correct because it enforces application whitelisting, centrally applies rules, logs all activity for auditing, and ensures enterprise-wide security and regulatory compliance.

Question 154

A company wants to centrally collect all Windows endpoint logs, encrypt them during transit, filter relevant events, and forward them to a SIEM for real-time alerting and compliance reporting. Which solution BEST meets this requirement?

A) Windows Event Forwarding (WEF) with SIEM integration
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Windows Event Forwarding (WEF) with SIEM integration

Explanation:

A) Windows Event Forwarding allows centralized collection of event logs from multiple Windows endpoints. Logs can be encrypted using HTTPS or Kerberos to ensure data confidentiality and integrity. Administrators can configure subscriptions to forward only relevant events, such as failed logins, privilege escalations, or critical application errors. Integration with a SIEM platform enables real-time correlation, alerting, and compliance reporting. WEF scales to enterprise environments, supporting thousands of endpoints, while maintaining detailed audit trails for forensic investigation, incident response, and regulatory compliance. Centralized log collection ensures that anomalies are detected promptly and that administrators have full visibility into system, security, and application events. Combined with filtering, secure transmission, SIEM integration, and logging, WEF provides comprehensive monitoring, operational awareness, and compliance readiness across the enterprise.

B) Sticky Keys is an accessibility tool and cannot collect logs, encrypt events, filter them, or forward to a SIEM. It provides no monitoring or auditing functionality.

C) Paint is a graphics application and cannot capture, transmit, filter, or forward logs. It provides no enterprise-level monitoring or compliance capability.

D) Windows Calculator performs arithmetic operations and cannot forward logs, encrypt them, or generate alerts. It provides no monitoring, auditing, or compliance functionality.

Windows Event Forwarding with SIEM integration is correct because it securely collects logs, filters relevant events, supports real-time alerting, and provides audit readiness and enterprise-wide monitoring.

Question 155

A company wants to prevent malware propagation through removable USB storage while allowing only authorized devices. Enforcement must be automatic, centrally managed, and all blocked attempts logged for auditing and compliance. Which solution BEST meets this requirement?

A) Group Policy Device Installation Restrictions
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Group Policy Device Installation Restrictions

Explanation:

A) Group Policy Device Installation Restrictions allows administrators to define which removable devices are authorized on Windows endpoints. Unauthorized devices are automatically blocked, mitigating malware, ransomware, and unauthorized data exfiltration risks. Centralized enforcement through Active Directory ensures consistent application of policies across all domain-joined devices. Detailed logging captures all blocked attempts, supporting forensic investigation, compliance reporting, and regulatory audits. Policies can be defined by hardware ID, vendor ID, or device type, providing granular control over removable storage. Automatic enforcement ensures enterprise-wide protection while maintaining operational efficiency. Visibility into blocked attempts helps reduce attack surfaces, enforce regulatory compliance, and protect sensitive data from malicious or unauthorized devices.

B) Sticky Keys is an accessibility feature and cannot block USB devices, prevent malware propagation, or generate logs. It provides no enterprise-level security or compliance functionality.

C) Paint is a graphics application and cannot enforce removable device restrictions, prevent malware, or provide auditing capabilities. It provides no security or compliance functionality.

D) Windows Calculator performs arithmetic operations and cannot manage removable storage, enforce policies, or log attempts. It provides no protection against malware or compliance enforcement.

Group Policy Device Installation Restrictions is correct because it automatically blocks unauthorized removable devices, centrally enforces policies, logs all attempts, and ensures enterprise-wide protection and regulatory compliance.

Question 156

A company wants to monitor Windows endpoint processes, network connections, and disk I/O in real time to identify resource-intensive applications and potential malicious activity. Which tool BEST meets this requirement?

A) Resource Monitor
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Resource Monitor

Explanation:

A) Resource Monitor is a built-in Windows tool that provides granular, real-time monitoring of CPU, memory, disk, and network utilization. It enables administrators to identify processes consuming excessive resources, monitor thread and handle activity, and correlate CPU spikes with network connections or disk I/O. This capability is critical for detecting abnormal behavior, such as malware generating network traffic or disk-intensive processes consuming unusual system resources. Resource Monitor includes features for filtering processes, tracking disk queue lengths, and analyzing memory allocation, which supports troubleshooting performance issues and detecting potential security incidents. Historical data can be captured through integration with Performance Monitor for trend analysis, capacity planning, and forensic investigations. Compared to Task Manager, Resource Monitor provides deeper insights into process-level and thread-level activities, disk I/O operations, and network usage per process. These capabilities make it suitable for enterprise environments where monitoring system performance and detecting suspicious activity are crucial.

B) Sticky Keys is an accessibility feature for users with physical disabilities. It does not provide visibility into CPU, memory, disk, or network utilization and offers no security monitoring capability.

C) Paint is a graphics application and cannot monitor system resources, network connections, or disk I/O. It provides no enterprise-level monitoring or security functionality.

D) Windows Calculator performs arithmetic operations and cannot monitor resource utilization, network activity, or disk usage. It provides no monitoring, diagnostic, or security functionality.

Resource Monitor is correct because it provides detailed, real-time insights into processes, network connections, and disk activity, enabling administrators to identify resource-intensive applications, troubleshoot performance issues, and detect potential malicious activity.

Question 157

A company wants to enforce multi-factor authentication (MFA) for Windows endpoints when accessing corporate resources from untrusted networks. Policies must adapt based on device compliance and user risk while logging all authentication attempts. Which solution BEST meets this requirement?

A) Conditional Access Policies with MFA integrated into Active Directory
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Conditional Access Policies with MFA integrated into Active Directory

Explanation:

A) Conditional Access Policies enforce authentication requirements based on contextual conditions such as device health, user risk, and network location. MFA provides an additional security layer, reducing the likelihood of unauthorized access due to stolen credentials. Integration with Active Directory ensures centralized policy management and automatic application to all domain-joined endpoints. Conditional Access Policies are adaptive, dynamically adjusting MFA requirements based on device compliance or risk levels. Logging captures all authentication attempts, including successes and failures, supporting auditing, compliance, and forensic investigation. Real-time integration with monitoring systems and SIEM platforms allows detection of unusual authentication patterns and rapid incident response. This approach balances strong security with operational efficiency, providing enterprise-wide protection for sensitive resources while ensuring regulatory compliance.

B) Sticky Keys is an accessibility feature and cannot enforce MFA, monitor authentication, or integrate with directory policies. It provides no enterprise security functionality.

C) Paint is a graphics application and cannot enforce authentication policies, log access attempts, or apply adaptive security rules. It provides no compliance or security capability.

D) Windows Calculator performs arithmetic operations and cannot manage authentication policies, enforce MFA, or collect audit logs. It provides no enterprise-level security or compliance functionality.

Conditional Access Policies with MFA integrated into Active Directory is correct because it centrally enforces adaptive, risk-based authentication, logs all activity, and ensures enterprise-wide security and compliance.

Question 158

A company wants to enforce application whitelisting on Windows endpoints, automatically block unapproved applications and scripts, and log all execution attempts for auditing and compliance. Which solution BEST meets this requirement?

A) AppLocker with Group Policy integration
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) AppLocker with Group Policy integration

Explanation:

A) AppLocker allows administrators to define rules controlling execution of applications, scripts, and installers. Rules can be based on publisher signatures, file paths, or cryptographic hashes. Integration with Group Policy ensures automatic deployment of rules across all domain-joined endpoints. AppLocker logs all allowed and blocked execution attempts, providing detailed auditing for compliance reporting and forensic investigations. Application whitelisting ensures that only approved software and scripts run, mitigating the risk of malware, ransomware, and insider threats. Multiple rule collections support granular control over executables, scripts, Windows Installer files, and packaged applications. Centralized management reduces administrative effort and ensures consistent enforcement of enterprise security policies. The combination of application restriction, centralized policy deployment, and detailed logging supports regulatory compliance, operational security, and proactive threat mitigation.

B) Sticky Keys is an accessibility feature and cannot enforce application whitelisting, block unapproved software, or log activity. It provides no security or auditing functionality.

C) Paint is a graphics program and cannot restrict application execution or provide logging for auditing purposes. It offers no enterprise-level security or compliance capability.

D) Windows Calculator performs arithmetic operations and cannot enforce execution policies or generate logs. It provides no protection against unapproved applications or scripts.

AppLocker with Group Policy integration is correct because it centrally enforces application whitelisting, blocks unauthorized software, logs execution activity, and ensures enterprise-wide security and compliance.

Question 159

A company wants to centrally collect all Windows endpoint logs, encrypt them during transit, filter relevant events, and forward them to a SIEM for real-time correlation, alerting, and compliance reporting. Which solution BEST meets this requirement?

A) Windows Event Forwarding (WEF) with SIEM integration
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Windows Event Forwarding (WEF) with SIEM integration

Explanation:

A) Windows Event Forwarding allows centralized collection of security, system, and application logs from multiple Windows endpoints. Logs can be encrypted during transit using HTTPS or Kerberos to ensure data confidentiality and integrity. Administrators can define subscriptions to forward only relevant events, reducing noise while maintaining visibility into actionable incidents such as failed logins, privilege escalations, or critical application errors. Integration with a SIEM enables real-time correlation, alerting, and compliance reporting. WEF scales to enterprise environments, supporting thousands of endpoints, and provides detailed audit trails for forensic investigation and regulatory compliance. Centralized log collection allows rapid detection of anomalies, operational monitoring, and enterprise-wide visibility. Secure transmission, filtering, SIEM integration, and logging together provide comprehensive monitoring, operational awareness, and compliance readiness.

B) Sticky Keys is an accessibility feature and cannot collect, encrypt, or forward logs to a SIEM. It provides no enterprise-level monitoring or auditing functionality.

C) Paint is a graphics program and cannot capture, transmit, or filter logs. It provides no centralized monitoring or audit functionality.

D) Windows Calculator performs arithmetic operations and cannot forward logs, encrypt them, or generate alerts. It provides no monitoring, auditing, or compliance functionality.

Windows Event Forwarding with SIEM integration is correct because it securely collects logs, filters relevant events, supports real-time alerting, and ensures audit readiness and enterprise-wide monitoring.

Question 160

A company wants to prevent malware propagation through removable USB storage while allowing only authorized devices. Policies must be automatic, centrally managed, and all blocked attempts logged for auditing and compliance. Which solution BEST meets this requirement?

A) Group Policy Device Installation Restrictions
B) Sticky Keys
C) Paint
D) Windows Calculator

Answer: A) Group Policy Device Installation Restrictions

Explanation:

A) Group Policy Device Installation Restrictions is a Windows feature that allows enterprise administrators to control which removable devices, including USB drives, external hard drives, and other peripheral storage devices, can be connected to endpoints. By defining which devices are authorized, administrators can automatically block any unauthorized removable media, reducing the risk of malware propagation, ransomware infection, and unauthorized data exfiltration. This feature is especially important in enterprise environments, where the use of removable media is common but poses a significant security risk.

Centralized management through Active Directory ensures that policies are consistently applied across all domain-joined devices. Administrators can define rules based on device type, vendor ID, or hardware ID, allowing granular control over what types of removable devices are permitted. This enables organizations to allow corporate-issued USB drives while preventing personal or untrusted devices from being used. Such detailed control helps enforce enterprise security policies without overly restricting legitimate operational workflows.

One of the most critical features of Group Policy Device Installation Restrictions is automatic enforcement. Once a policy is deployed, it is applied without requiring user intervention, ensuring that endpoints remain protected even if users attempt to circumvent controls. Any attempts to connect unauthorized devices are logged in the Windows Event Log, capturing important details such as device identifiers, the user account involved, and the time of the attempt. These logs provide valuable visibility for IT security teams, enabling forensic investigation, threat analysis, and policy refinement.

The logging and auditing capabilities also support compliance with regulatory frameworks such as HIPAA, PCI DSS, SOX, or GDPR, which often require organizations to track and report unauthorized access attempts. By maintaining comprehensive logs of all blocked devices, IT teams can demonstrate adherence to security policies, provide evidence during audits, and respond to incidents in a timely manner. This auditing functionality ensures that security policies are not only enforced but also measurable and reportable, providing accountability across the organization.

Additionally, Group Policy Device Installation Restrictions reduces the attack surface by preventing malware or malicious scripts from spreading via removable media. Many malware variants rely on USB drives for propagation, especially in environments with limited network connectivity or restricted internet access. By automatically blocking unapproved devices, enterprises significantly reduce the risk of infection and contain potential security threats before they can compromise sensitive systems or data.

B) Sticky Keys is an accessibility feature designed to assist users who have difficulty pressing multiple keys simultaneously. While useful for accessibility, Sticky Keys does not provide any functionality to block devices, prevent malware, or enforce enterprise security policies. It cannot log unauthorized attempts or provide centralized management, making it irrelevant in this scenario.

C) Paint is a graphics application included with Windows for creating and editing images. It provides no mechanism for controlling USB device access, enforcing policies, or generating logs for auditing. Paint does not enhance endpoint security and cannot be used to prevent malware or maintain regulatory compliance.

D) Windows Calculator is a utility for performing arithmetic operations. Like Sticky Keys and Paint, it has no security or administrative functionality. It cannot manage removable devices, enforce policies, or log attempts, and therefore does not meet the enterprise requirements for device control or compliance.

In summary, Group Policy Device Installation Restrictions is the only solution among the options that provides:

Automatic blocking of unauthorized removable devices to prevent malware propagation and unauthorized data access.

Centralized policy enforcement through Active Directory, ensuring consistency across all domain-joined endpoints.

Granular control based on device type, vendor ID, or hardware ID, allowing approved devices while blocking others.

Logging of all blocked attempts to support forensic investigation, compliance reporting, and regulatory audits.

Enterprise-wide protection that reduces risk, enhances security posture, and ensures operational compliance.

Sticky Keys, Paint, and Windows Calculator do not provide any device management, enforcement, or auditing capabilities. Therefore, Group Policy Device Installation Restrictions is the correct choice because it meets all enterprise requirements for security, automation, and compliance regarding removable devices.