CompTIA 220-1102 A+ Certification Exam: Core 2 Dumps and Practice Test Questions Set2 Q21-40

Visit here for our full CompTIA 220-1102 exam dumps and practice test questions.

Question 21

A Windows enterprise environment requires that all systems prevent the installation of any new device drivers unless they have been digitally verified by Microsoft or the organization’s internal certificate authority. The goal is to stop unauthorized hardware from functioning and prevent malicious driver injection. Which feature BEST satisfies this requirement?

A) Driver Signature Enforcement
B) Windows Sound Mixer
C) Synchronization Center
D) Sticky Notes

Answer: A) Driver Signature Enforcement

Explanation:

A) Driver Signature Enforcement is designed to ensure that only verified, digitally signed drivers are permitted to install or load within Windows. This significantly strengthens system integrity because unsigned or tampered drivers can introduce vulnerabilities, rootkits, or malicious kernel-level access. Enforcing signatures requires that every driver pass signature verification using trusted certificate authorities before the system accepts it. Enterprises rely on this feature to ensure that unknown devices cannot inject unsafe drivers and that even administrative users cannot bypass driver integrity checks without explicit policy modification. It prevents exploitation of vulnerable drivers and reduces the risk of privilege escalation attacks that use unsigned kernel modules. By ensuring that all drivers meet strict signing criteria, it creates a secure baseline across all machines, making it the best mechanism for enforcing driver trust requirements.

B) Windows Sound Mixer manages volume levels for system applications and does not impact driver verification, security restrictions, or hardware installation. It is purely an audio interface for volume adjustments and cannot enforce driver signatures or prevent unauthorized driver loading. It has no relevance to hardware integrity or system protection policies and therefore cannot meet organizational requirements for secure driver deployment.

C) Synchronization Center helps users synchronize offline files with network shares. It is used mainly for mobile or laptop users who require access to shared files even while disconnected from the corporate network. This functionality involves data synchronization only and does not regulate driver installation, signature verification, or system-level hardware trust. It cannot restrict unauthorized devices or validate driver authenticity.

D) Sticky Notes provides a simple note-taking interface. It does not enforce system security settings, regulate driver operations, or verify the legitimacy of kernel-level installations. It has no relationship to driver signing, hardware policy enforcement, or system integrity. As a user productivity tool, it cannot satisfy any requirement related to secure driver validation.

Driver Signature Enforcement is correct because it directly enforces the cryptographic validation of all drivers before being accepted by the system. It prevents unsigned or malicious drivers from running, thereby meeting the organization’s requirement for secure device installation. None of the other listed features perform any security validation role.

Question 22

A technician is deploying a new security standard across all enterprise workstations requiring that all privileged administrative actions be logged, monitored, and recorded with exact timestamps. The goal is to detect unauthorized elevation attempts and track all execution of privileged tasks. Which Windows feature should be configured?

A) User Account Control (UAC)
B) Windows Accessibility Options
C) Bluetooth Device Manager
D) Magnifier

Answer: A) User Account Control (UAC)

Explanation:

A) User Account Control plays a central role in regulating privilege elevation and tracking administrative actions. It requires explicit approval whenever elevated privileges are needed, and each such event is logged in security event logs with precise timestamps. This creates a strong auditing trail of administrative behavior, allowing analysts to trace who attempted to elevate, what process attempted to elevate, and whether the action was approved or denied. It also reduces the risk that malware will silently obtain administrative permissions. UAC forces separation of standard user tasks and privileged tasks, creating accountability and observability of elevated operations across the enterprise.

B) Windows Accessibility Options enable features that support users with disabilities, such as display enhancements, keyboard modifications, or visual cues. These features do not create audit logs for administrative actions, nor do they enforce elevation prompts. They are usability aids, not security mechanisms, and do not satisfy requirements for monitoring privileged actions.

C) Bluetooth Device Manager handles wireless device connections. While it can enable or disable Bluetooth hardware or manage paired devices, it does not track administrative actions or provide timestamps of privileged tasks. It cannot record elevation attempts or enforce least-privilege principles.

D) Magnifier is a visual accessibility tool that enlarges screen content. It does not control administrative permissions, track privileged events, or record elevation-related activity. It has no function in enhancing system audit trails or restricting elevated operations.

User Account Control is correct because it is explicitly designed to regulate and log each attempt to access administrative privileges, providing accountability and security auditing needed by the organization. None of the other features relate to privilege control or elevation logging.

Question 23

A systems administrator needs to automate a process that checks multiple Windows servers for specific services, applies patches, updates configurations, and produces a report — all without manual intervention. The actions must run according to a predetermined schedule every night. Which built-in tool is BEST suited for this automation?

A) Task Scheduler
B) Paint 3D
C) Voice Recorder
D) Windows Media Player

Answer: A) Task Scheduler

Explanation:

A) Task Scheduler allows administrators to automate and run scripts or programs according to scheduled triggers. It can execute PowerShell scripts, batch files, or enterprise automation workflows across local or remote systems. It supports time-based triggers, event-based triggers, and custom conditions, enabling complex scheduling logic. It is widely used for patching automation, log collection, service health checks, nightly maintenance jobs, and system cleanup procedures. The tool runs tasks even when users are not logged in and supports administrative privilege elevation where required. It is ideal for enterprise automation tasks that must run at predictable intervals.

B) Paint 3D is a graphics editing application and has no relationship to automation, scripting, or administrative scheduling. It cannot execute scripts, control services, apply patches, or generate system reports. It is strictly a creative tool and cannot satisfy operational automation requirements.

C) Voice Recorder captures audio and saves recordings. It does not run scripts, schedule automated processes, configure policies, or interact with remote servers. Its functionality is unrelated to system maintenance or enterprise-level task automation.

D) Windows Media Player handles audio and video playback and cannot execute scheduled tasks, run scripts, apply updates, or generate reports. It is a media consumption tool with no administrative automation capabilities.

Task Scheduler is correct because it directly supports automated, scheduled execution of scripts and maintenance tasks across Windows systems, fulfilling all of the organization’s requirements.

Question 24

A company uses a strict endpoint security policy requiring that all remote administrative connections use encrypted channels and mutual authentication. The administrator wants to manage Windows servers using remote command execution while ensuring that all data transmitted during the session remains encrypted. Which configuration should be implemented?

A) Enable WinRM with HTTPS listeners
B) Turn on Airplane Mode
C) Enable AutoPlay
D) Disable Screen Saver

Answer: A) Enable WinRM with HTTPS listeners

Explanation

A) Enabling Windows Remote Management with HTTPS listeners provides a fully encrypted communication channel using TLS. This ensures that remote command execution, PowerShell remoting, configuration management, and administrative control occur securely. HTTPS listeners also support certificate-based mutual authentication, validating both the client and the server before allowing remote sessions. This configuration prevents man-in-the-middle attacks, credential interception, and unauthorized access. It is essential for secure enterprise remote administration across untrusted networks and is widely used in high-security environments.

B) Turning on Airplane Mode disables wireless communications. It is not used for remote administration and does not provide encryption or authentication mechanisms. It simply disconnects the device from networks and cannot enable secure remote operations.

C) Enabling AutoPlay affects how media such as USB devices behave upon insertion. It has no relationship to secure communication channels, encryption, remote administration, or mutual authentication. It cannot protect administrative traffic or enforce security policies.

D) Disabling the screen saver affects user interface behavior when the device is idle. It does not encrypt sessions, authenticate systems, or manage remote command execution. It does not contribute to secure remote communications.

WinRM with HTTPS listeners is correct because it provides encrypted, authenticated remote management sessions essential for secure enterprise administration. None of the other choices relate to secure communication.

Question 25

A security engineer must ensure that all Windows event logs across hundreds of computers are forwarded to a centralized analysis server in real time. The goal is to detect intrusions, correlate events, and maintain long-term log retention for compliance. Which solution BEST fulfills this requirement?

A) Windows Event Forwarding
B) Windows Fax and Scan
C) WordPad
D) Tips App

Answer: A) Windows Event Forwarding

Explanation:

A) Windows Event Forwarding enables the centralization of logs from multiple clients into a designated collector server. It automatically aggregates security logs, application logs, and system logs in real time. It supports domain-wide scaling, subscription-based collection, secure transmission, and integration with enterprise SIEM platforms. This provides comprehensive visibility into all endpoints, ensuring correlation of security incidents, detection of anomalous activity, and compliance with audit requirements. It eliminates the need for manual log retrieval and ensures immediate availability of logs for analysis and threat monitoring.

B) Windows Fax and Scan is a communication utility for scanning documents and sending faxes. It cannot collect logs, forward event data, or aid in security analytics. It has no enterprise log management function.

C) WordPad is a basic text editor with no logging, event monitoring, or security analysis capabilities. It cannot pull logs, centralize event data, or support audit retention requirements.

D) The Tips App provides user guidance, tutorials, and feature demonstrations. It does not interact with event logs or provide any administrative or security-related functionality.

Windows Event Forwarding is correct because it directly provides centralized, automated log collection for enterprise-wide monitoring, making it the best solution for real-time correlation and compliance.

Question 26

An enterprise wants to ensure that all Windows laptops enforce full-disk encryption using TPM-based protection. The security team also requires that the recovery keys be backed up automatically to Active Directory so that administrators can retrieve them when necessary. Which Windows feature BEST meets these requirements?

A) BitLocker
B) Hyper-V
C) Windows Sandbox
D) Remote Assistance

Answer: A) BitLocker

Explanation:

A) BitLocker provides enterprise-grade disk encryption designed to protect system drives and data at rest. It integrates directly with the Trusted Platform Module to ensure that the encrypted drive cannot be accessed if the laptop is tampered with or the drive is removed. BitLocker also supports automatic recovery key escrow into Active Directory, giving administrators full control over recovery management. This satisfies both the requirement for TPM-based protection and centralized key storage.

B) Hyper-V is a virtualization platform that allows users to create and run virtual machines. It does not encrypt system drives, interact with TPM for disk protection, or provide recovery key management. Its purpose is workload virtualization, not device-level data protection.

C) Windows Sandbox provides an isolated temporary environment for testing untrusted applications. It does not encrypt drives, store recovery keys, or integrate with enterprise TPM policies. It is designed for application isolation rather than system-wide encryption.

D) Remote Assistance allows a technician to connect to a user’s system for support. It does not secure drives, manage encryption keys, or provide TPM protections. It cannot meet any requirement relating to disk security or encrypted storage.

BitLocker is correct because it is the only technology listed that performs full-disk encryption with TPM enforcement and supports AD recovery key storage.

Question 27

A security administrator needs to block the execution of unauthorized scripts, prevent unsigned executables from running, and enforce strict application control rules across all enterprise systems. The solution must allow only approved, cryptographically validated software to run. What should the administrator implement?

A) AppLocker
B) Notepad
C) Calculator
D) WordPad

Answer: A) AppLocker

Explanation

A) AppLocker provides enterprise-grade application control, allowing administrators to define which scripts, executables, installers, and packaged apps may run. It supports publisher-based rules, path-based rules, and hash-based rules, enabling strict control over all software execution. AppLocker enforces strong application governance by blocking unapproved or unsigned files, thereby reducing malware infiltration, restricting lateral movement, and ensuring that only trusted, validated programs are executed.

B) Notepad is a plain text editor and does not enforce application controls or verify whether software is allowed to run. It cannot block executables, manage scripts, or perform cryptographic validation. It is simply a text-editing tool.

C) Calculator performs arithmetic operations. It provides no security features, cannot enforce script restrictions, and cannot manage software execution policies. It is not a tool used for application governance or enterprise security controls.

D) WordPad is a basic word-processing application and does not regulate software execution or control script behavior. It cannot block unauthorized software or enforce signed-file rules. It serves only as a writing and editing program.

AppLocker is correct because it is the only technology that provides comprehensive application control, allowing only authorized, digitally validated programs to run.

Question 28

An IT department needs to deploy configuration changes, security baselines, registry modifications, and scheduled tasks to hundreds of Windows clients simultaneously. The solution must apply changes automatically every time a user logs in or a device joins the domain. Which feature BEST meets this requirement?

A) Group Policy
B) Windows Memory Diagnostic
C) Snipping Tool
D) XPS Viewer

Answer: A) Group Policy

Explanation:

A) Group Policy provides centralized management for all domain-joined systems, allowing administrators to enforce configuration settings automatically. It can deploy security baselines, apply registry edits, install software, and assign scripts or scheduled tasks. Group Policy Objects apply at computer startup, user login, and periodically in the background, ensuring consistent configuration across large environments. It is essential for enterprise-wide enforcement of administrative and security standards.

B) Windows Memory Diagnostic tests RAM for hardware faults. It cannot enforce configuration changes, deploy policies, edit registries, or manage enterprise devices. Its function is diagnostic, not administrative.

C) Snipping Tool captures screenshots. It does not modify system settings, deploy scripts, or enforce policies. It provides no enterprise configuration capabilities.

D) XPS Viewer displays XPS documents and has no role in device configuration, security enforcement, or administrative management. It cannot apply system-wide settings.

Group Policy is correct because it provides the automation and centralized management necessary for domain-wide configuration enforcement.

Question 29

A forensic investigator must examine a compromised Windows system. The priority is to preserve metadata, original file timestamps, and overall disk integrity. The investigator needs to ensure that the process does not modify the system. Which tool is BEST suited for this scenario?

A) Windows PE (read-only forensic boot)
B) Disk Cleanup
C) Storage Spaces
D) Photo Viewer

Answer: A) Windows PE (read-only forensic boot)

Explanation:

A) Windows PE in a read-only forensic configuration allows investigators to boot a system without altering its internal storage. It prevents write operations, preserving timestamps, metadata, and evidence integrity. Forensic examiners rely on this method because mounting a system in read-only mode ensures that logs, file structures, and disk artifacts remain unchanged for legal and investigative purposes.

B) Disk Cleanup removes temporary files, cached data, and unnecessary items to free space. Running this tool on a compromised system would destroy evidence, alter timestamps, and compromise metadata. It is the opposite of what investigators need.

C) Storage Spaces manages virtual disks and pools of drives. It does not provide forensic integrity, read-only mounting, or evidence preservation capabilities. Using it could alter data structures, timestamps, or disk organization.

D) Photo Viewer simply displays images. It has no forensic purpose, cannot mount disks in read-only mode, and has no role in evidence preservation.

Windows PE read-only boot is correct because it allows examination without modifying data, which is essential for forensic integrity.

Question 30

A company requires that users authenticate with two distinct verification methods when logging into corporate Windows laptops. The solution must integrate with Active Directory, support mobile authenticator apps, and provide strong defense against credential theft. Which technology BEST satisfies these requirements?

A) Multi-factor authentication (MFA)
B) Paint
C) Character Map
D) Solitaire

Answer: A) Multi-factor authentication (MFA)

Explanation:

A) Multi-factor authentication requires users to verify identity using at least two types of factors, such as passwords, mobile authenticator codes, biometrics, or smart cards. It integrates with Active Directory, Azure AD, and enterprise identity platforms. MFA dramatically increases security by preventing unauthorized access even if a password is compromised. It protects corporate assets, reduces credential-theft risks, and supports mobile authentication apps required by modern enterprise environments.

B) Paint is a graphics program and does not authenticate users, integrate with identity services, or provide account protection. It cannot enforce multi-factor requirements.

C) Character Map displays extended characters and symbols. It does not manage authentication or provide any security functionality. It cannot enforce stronger login protections.

D) Solitaire is a game and has no role in account authentication, identity verification, or enterprise security.

MFA is correct because it is the only option that provides strong authentication with multiple verification factors and integrates with enterprise identity systems.

Question 31

An enterprise needs to restrict access to confidential network resources so that only devices that meet specific security requirements—such as current patches, enabled firewalls, and updated antivirus—can connect. The enforcement must occur automatically when the device attempts to access the network. Which technology BEST satisfies this requirement?

A) Network Access Control (NAC)
B) Windows DVD Player
C) Task Manager Performance Tab
D) Disk Defragmenter

Answer: A) Network Access Control (NAC)

Explanation:

A) Network Access Control evaluates devices before they gain access to network resources. It checks whether systems meet predefined security policies such as patch levels, antivirus status, firewall configuration, and system integrity. Devices that fail these criteria can be quarantined, denied access, or routed to remediation networks. This allows enterprises to enforce compliance automatically at the moment a device connects. NAC also integrates with authentication systems and can perform health checks continuously. This makes it ideal for environments requiring granular control over which devices can participate in the network.

B) Windows DVD Player simply plays DVD media and does not perform any security checks, device compliance assessments, or network access enforcement. It is purely a multimedia application and cannot determine whether a device meets any security baseline.

C) Task Manager Performance Tab displays CPU, memory, disk, and network usage. While useful for diagnostics, it does not enforce security policies or control network access. It cannot check for patches, antivirus status, or firewall configuration, and it does not restrict devices based on security posture.

D) Disk Defragmenter optimizes file placement on storage drives to improve performance. It has no ability to enforce access restrictions or validate system compliance. It cannot assess device security or control network participation.

NAC is correct because it evaluates device health, enforces compliance, and restricts access based on security posture—exactly what the enterprise requires.

Question 32

A cybersecurity team wants to ensure that any attempt to modify or replace system files is prevented unless the file is digitally signed and approved. This includes protecting against kernel-level malware that attempts to overwrite critical system components. Which Windows mechanism BEST accomplishes this?

A) Windows File Protection / Windows Resource Protection
B) Sticky Notes
C) Windows Clock
D) Sound Recorder

Answer: A) Windows File Protection / Windows Resource Protection

Explanation:

A) Windows File Protection (older systems) and Windows Resource Protection (newer systems) monitor protected operating system files and prevent unauthorized modification, deletion, or replacement. If a file is changed without proper authorization, the system automatically restores the correct version. This mechanism guards against malware attempting to tamper with kernel files, system libraries, or other essential components. It ensures file integrity and enforces the requirement that only digitally verified files can replace critical system elements.

B) Sticky Notes allows note-taking and has zero involvement with system file integrity or validation. It cannot prevent modifications to critical files or protect the system from unauthorized tampering.

C) Windows Clock manages alarms, timers, and world clocks, but it does not interact with system-level file protection. It provides no defense against malware or file manipulation.

D) Sound Recorder captures audio input and cannot monitor or regulate system files. It contributes nothing to maintaining file integrity or preventing unauthorized system modifications.

Windows File Protection / Resource Protection is correct because it enforces integrity on critical files, ensuring only authorized, digitally validated files can modify system components.

Question 33

A Windows administrator needs to run advanced remote management commands on dozens of servers simultaneously using encrypted channels. The administrator must execute scripts, gather system information, and push configuration changes—all using a secure shell-like environment. Which feature is BEST for this scenario?

A) PowerShell Remoting
B) Math Input Panel
C) Internet Games
D) WordPad

Answer: A) PowerShell Remoting

Explanation:

A) PowerShell Remoting provides secure, encrypted communication between systems, allowing remote command execution, script deployment, and configuration management. It uses WinRM and supports both interactive sessions and mass automation across many systems at once. It is widely used in enterprise environments for centralized administration of servers, enabling the execution of complex workflows with full encryption. This makes it ideal for managing large server fleets securely and efficiently.

B) Math Input Panel recognizes handwritten mathematical expressions and converts them into digital text. It cannot execute remote commands, manage servers, or provide encryption for administrative communications. It has no administrative function.

C) Internet Games are consumer-level entertainment applications and do not support remote management, script execution, or secure communication. They offer no administrative capabilities.

D) WordPad is a word-processing program. It cannot manage servers, execute scripts, or facilitate remote administration. It has no security or networking administration functionality.

PowerShell Remoting is correct because it enables encrypted, scalable, script-driven remote management essential for enterprise server administration.

Question 34

A security analyst needs to determine whether suspicious activity on a Windows machine is originating from scheduled tasks that run automatically without user interaction. The analyst must inspect how tasks were created, when they execute, and what actions they perform. Which tool is BEST suited to investigate this?

A) Task Scheduler
B) Paint
C) Windows Fax and Scan
D) Character Map

Answer: A) Task Scheduler

Explanation:

A) Task Scheduler allows analysts to review all scheduled tasks, including triggers, execution times, actions performed, and security contexts. Suspicious tasks often serve as persistence mechanisms for malware, allowing attackers to maintain presence by launching payloads at set intervals or during system events. Task Scheduler displays configuration history, author information, and execution results, enabling detailed investigation into automated task-based behavior. It is the primary tool for discovering malicious scheduled tasks.

B) Paint is a drawing tool and does not provide any ability to inspect or analyze scheduled tasks, system triggers, or automated actions. It cannot assist in forensic analysis.

C) Windows Fax and Scan handles document scanning and fax transmissions. It does not monitor or display scheduled tasks and cannot assist in reviewing automated actions.

D) Character Map displays typographic characters and symbols. It does not reveal anything about scheduled system processes or automated tasks. It offers no value in malware investigations.

Task Scheduler is correct because it centralizes visibility into all automatically running tasks, making it essential for identifying malicious persistence mechanisms.

Question 35

A company wants to ensure that all Windows laptops automatically connect to the corporate VPN immediately after users log in, before they access any internal resources. The VPN connection must launch without user interaction to support compliance and security monitoring. Which configuration BEST achieves this?

A) Always On VPN
B) Local Disk Management
C) Windows Media Player
D) Remote Desktop Connection Manager

Answer: A) Always On VPN

Explanation:

A) Always On VPN provides seamless, automatic VPN connectivity for Windows clients. It launches at user sign-in and does not require manual activation. It integrates with enterprise identity, enforces encryption policies, and ensures devices are connected securely before accessing corporate resources. It also supports device tunnels and user tunnels, allowing administrators to enforce security compliance and telemetry collection from the moment the system becomes active.

B) Local Disk Management configures partitions and storage devices. It has no networking or VPN automation capabilities and cannot enforce secure connections.

C) Windows Media Player plays audio and video files. It does not provide networking controls or automated VPN connectivity.

D) Remote Desktop Connection Manager organizes remote RDP connections but does not enforce VPN policies or provide automated connection functionality at login.

Always On VPN is correct because it ensures automatic, policy-driven VPN connectivity immediately upon login, meeting all enterprise security requirements.

Question 36

A company wants to ensure that all user credentials stored in Windows are protected against offline attacks, such as when a hard drive is removed and mounted on another machine. The solution must encrypt cached credentials and prevent attackers from easily cracking them. Which feature BEST accomplishes this?

A) Credential Guard
B) Snipping Tool
C) Windows Media Player
D) Magnifier

Answer: A) Credential Guard

Explanation:

A) Credential Guard uses virtualization-based security to isolate and protect derived credentials, including NTLM hashes, Kerberos tickets, and other sensitive secrets, from the rest of the operating system. By leveraging Hyper-V, it places credentials in a secure, isolated memory enclave that is inaccessible even to administrative users or malware running at the OS level. This prevents attackers from dumping credentials to perform offline attacks if a hard drive is removed or if malware attempts to extract password hashes. Credential Guard is fully integrated with Active Directory environments and works seamlessly on enterprise Windows machines, ensuring that authentication secrets are protected, and the integrity of user credentials is maintained. It is particularly effective in defending against Pass-the-Hash and Pass-the-Ticket attacks and is widely recommended in high-security deployments.

B) Snipping Tool allows users to capture screen regions as images. It does not provide credential protection, virtualization isolation, or hashing security. While useful for productivity, it has no relevance to authentication or offline attack prevention.

C) Windows Media Player plays audio and video files. It provides no security functionality, does not isolate memory, and cannot protect cached credentials. Its functionality is limited to media consumption.

D) Magnifier is an accessibility feature that enlarges screen content. It has no relationship to credential storage, encryption, or security. It cannot prevent offline attacks or protect secrets.

Credential Guard is correct because it isolates authentication secrets from the main operating system, preventing attackers from accessing them even if they gain administrative privileges or physical access to a drive. None of the other options provide security protections for credentials.

Question 37

A systems administrator needs to monitor and enforce compliance on Windows devices by detecting whether certain registry settings, configuration baselines, or installed applications match corporate policy. Any deviations must be reported and optionally corrected automatically. Which tool is BEST suited for this task?

A) Microsoft Endpoint Configuration Manager (SCCM) Compliance Settings
B) Paint
C) Windows Calculator
D) Character Map

Answer: A) Microsoft Endpoint Configuration Manager (SCCM) Compliance Settings

Explanation:

A) Microsoft Endpoint Configuration Manager provides a framework called Compliance Settings that allows administrators to define desired configurations for devices. It can audit registry keys, application installations, security policies, and other system parameters, comparing them to the defined baseline. Devices that deviate from the policy can generate alerts and optionally be automatically remediated. This approach enables centralized, scalable compliance enforcement across thousands of endpoints. Compliance reporting integrates with SCCM dashboards, providing visibility into the health and security posture of the enterprise environment. It is ideal for detecting misconfigurations, enforcing corporate standards, and ensuring regulatory compliance.

B) Paint is a graphics application and cannot audit, monitor, or enforce compliance. It is unrelated to system administration or policy enforcement.

C) Windows Calculator performs arithmetic calculations and cannot assess configurations, audit registry values, or report compliance status. It has no enterprise administrative functionality.

D) Character Map displays characters and symbols. It provides no monitoring, auditing, or configuration enforcement capability. It is purely a text tool.

SCCM Compliance Settings is correct because it provides centralized, automated auditing and remediation of system configurations to meet corporate policies, making it essential for enterprise compliance management.

Question 38

A security engineer wants to prevent USB-based malware propagation while still allowing approved removable storage devices to function. The policy must be enforceable across all corporate systems and centrally manageable through Active Directory. Which solution BEST meets this requirement?

A) Group Policy Device Installation Restrictions
B) Notepad
C) Windows Sound Recorder
D) Windows Magnifier

Answer: A) Group Policy Device Installation Restrictions

Explanation:

A) Group Policy Device Installation Restrictions allow administrators to define which removable devices are permitted or denied based on device IDs, hardware IDs, or device classes. When applied, the policy enforces restrictions across all domain-joined systems, ensuring that unapproved devices are blocked from installation. This prevents malware from spreading via USB drives while still allowing vetted storage devices to operate normally. Centralized enforcement makes the policy scalable and ensures compliance across the enterprise. This method is widely used in security-conscious environments to mitigate threats from removable media while maintaining operational flexibility.

B) Notepad is a simple text editor. It cannot enforce device restrictions or manage USB access, nor can it prevent malware propagation. Its functionality is unrelated to device security.

C) Windows Sound Recorder captures audio input. It does not control device installation, restrict USB access, or prevent malware infections. It has no administrative security functionality.

D) Windows Magnifier is an accessibility tool and has no role in security enforcement, device installation control, or malware prevention.

Group Policy Device Installation Restrictions is correct because it enables centralized, scalable management of removable storage policies, preventing unauthorized devices from spreading malware while allowing approved devices.

Question 39

A company wants to track which processes are consuming network bandwidth on Windows servers and identify unauthorized applications sending data externally. The monitoring must include mapping executables to specific TCP/UDP ports. Which built-in tool BEST provides this information?

A) Resource Monitor
B) Sticky Keys
C) Windows Movie Maker
D) Character Map

Answer: A) Resource Monitor

Explanation:

A) Resource Monitor includes detailed process-level monitoring for CPU, memory, disk, and network usage. In the Network tab, it maps each process to the ports it uses, the remote endpoints, and the bandwidth consumed. This allows administrators to identify unauthorized applications transmitting data externally, monitor network utilization, and detect abnormal traffic patterns. Resource Monitor provides real-time visibility into process behaviors, enabling timely intervention and forensic investigation. It is built into Windows, requires no additional installation, and is suitable for enterprise monitoring of network activity at the executable level.

B) Sticky Keys is an accessibility feature for keyboard input. It does not monitor processes, network activity, or bandwidth consumption. It cannot detect unauthorized applications or network usage.

C) Windows Movie Maker is a media editing tool. It does not provide process-level monitoring, port mapping, or bandwidth analysis. It has no relevance to network monitoring or security enforcement.

D) Character Map displays typographic characters and symbols. It has no capability to monitor processes, network traffic, or bandwidth usage.

Resource Monitor is correct because it provides detailed, real-time monitoring of processes, ports, and bandwidth, allowing administrators to identify unauthorized network activity and enforce security policies.

Question 40

 An organization wants to enforce automatic software updates, patch installation, and security baseline deployment across all Windows devices in a large enterprise environment. Updates must be centrally managed and reportable. Which technology BEST accomplishes this goal?
A) Windows Server Update Services (WSUS)
B) WordPad
C) Windows Calculator
D) Snipping Tool

Answer: A) Windows Server Update Services (WSUS)

Explanation:

A) Windows Server Update Services (WSUS) is a Microsoft-provided centralized update management solution designed specifically for enterprise environments. WSUS allows network administrators to manage the distribution of updates and patches across all Windows devices, including desktops, laptops, and servers, within an organization. It provides a structured approach to ensure that devices are kept up to date with the latest security patches, feature updates, and software improvements, which is critical for maintaining both security and operational efficiency.

WSUS enables centralized control over update deployment. Administrators can approve or decline updates before they are pushed to client machines, ensuring that only tested and verified updates are applied. This prevents potential disruptions caused by incompatible patches or software updates that might otherwise affect critical applications. In large enterprises, this level of control is essential, as updates may need to be rolled out in stages to specific groups of users or organizational units (OUs) to minimize risk and downtime.

One of the core features of WSUS is its integration with Active Directory (AD). By leveraging AD, administrators can target updates to specific groups, OUs, or individual computers. This allows highly granular control over update deployment. For example, production servers can receive updates on a delayed schedule after testing in a controlled lab environment, while workstations used by end users may be updated automatically according to predefined policies. This targeting ensures compliance with organizational policies and reduces the risk of introducing instability in critical systems.

WSUS also provides comprehensive reporting and auditing capabilities. Administrators can generate detailed reports showing which devices have successfully installed updates, which updates are pending, and which systems have failed to apply updates. This reporting functionality is crucial for demonstrating compliance with internal IT policies as well as regulatory requirements such as GDPR, HIPAA, or PCI DSS. It allows IT teams to quickly identify non-compliant devices and remediate issues before they pose a security risk.

Another important capability of WSUS is enforcing security baselines. Beyond patching, WSUS can be configured to ensure that client systems meet defined security standards. Security baselines may include specific update levels, configuration settings, or required software versions. By automating baseline enforcement, administrators reduce the risk of vulnerabilities being exploited due to misconfigured or unpatched systems. This is particularly important in environments with a high number of endpoints, where manual enforcement would be impractical and prone to error.

WSUS supports automatic updates, meaning once a device is approved for updates, it can download and install them according to a schedule set by the administrator. This minimizes administrative overhead and ensures that systems remain protected without requiring manual intervention on each device. Organizations can define maintenance windows to prevent updates from interrupting productivity during business hours, further improving operational efficiency.

In addition, WSUS can scale to support large enterprises. It can manage updates for thousands of devices through a hierarchical deployment model, using upstream and downstream servers to distribute updates efficiently. This reduces network bandwidth usage by caching updates locally on downstream servers, preventing the need for each client to download updates directly from Microsoft’s public servers.

B) WordPad is a basic text editor included with Windows. While it is useful for creating simple documents, it has no capabilities related to update management, patch deployment, or security baseline enforcement. WordPad cannot be used to centrally manage or report on software updates, making it completely irrelevant to the requirements of enterprise update management.

C) Windows Calculator is a utility for performing mathematical calculations. It has no administrative or management capabilities, cannot distribute patches, and provides no reporting functions. While essential for certain tasks, it does not contribute to enterprise software update management, security compliance, or operational control.

D) Snipping Tool is a built-in utility for capturing screenshots. It is useful for documentation or support purposes but has no functionality related to patching, baseline enforcement, or update deployment. Like WordPad and Calculator, Snipping Tool does not meet the requirements for centralized management of Windows updates in a large enterprise.

By contrast, WSUS is specifically designed to meet enterprise needs for centralized, reportable, and policy-driven update management. It ensures that all devices receive necessary security patches in a controlled manner, reduces the risk of downtime from untested updates, and provides visibility into compliance status across the organization. This allows IT teams to maintain both security and operational integrity across potentially thousands of endpoints.

WSUS also integrates with other management tools such as System Center Configuration Manager (SCCM) for even more advanced deployment and reporting options. Organizations can combine WSUS’s update capabilities with SCCM’s broader device management functions to achieve full lifecycle management of Windows devices, including software distribution, inventory tracking, and remote remediation.

In WSUS is the only solution among the provided options that provides centralized update management, compliance reporting, security baseline enforcement, and automated deployment. WordPad, Windows Calculator, and Snipping Tool are utilities with specific, limited functions unrelated to patch management or compliance enforcement. Therefore, WSUS is the correct answer because it fulfills all enterprise requirements for secure, controlled, and auditable update deployment across large numbers of Windows devices.