Practice Free 220-1102 Exam Online Questions
Question #211
A technician is creating a tunnel that hides IP addresses and secures all network traffic.
Which of the following protocols is capable of enduring enhanced security?
- A . DNS
- B . IPS
- C . VPN
- D . SSH
Correct Answer: C
C
Explanation:
A VPN (virtual private network) is a protocol that creates a secure tunnel between two devices over the internet, hiding their IP addresses and encrypting their traffic. DNS (domain name system) is a protocol that translates domain names to IP addresses. IPS (intrusion prevention system) is a device that monitors and blocks malicious network traffic. SSH (secure shell) is a protocol that allows remote access and command execution on another device.
Verified References: https://www.comptia.org/blog/what-is-a-vpn https://www.comptia.org/certifications/a
C
Explanation:
A VPN (virtual private network) is a protocol that creates a secure tunnel between two devices over the internet, hiding their IP addresses and encrypting their traffic. DNS (domain name system) is a protocol that translates domain names to IP addresses. IPS (intrusion prevention system) is a device that monitors and blocks malicious network traffic. SSH (secure shell) is a protocol that allows remote access and command execution on another device.
Verified References: https://www.comptia.org/blog/what-is-a-vpn https://www.comptia.org/certifications/a
Question #212
Maintaining the chain of custody is an important part of the incident response process.
Which of the following reasons explains why this is important?
- A . To maintain an information security policy
- B . To properly identify the issue
- C . To control evidence and maintain integrity
- D . To gather as much information as possible
Correct Answer: C
C
Explanation:
Maintaining the chain of custody is important to control evidence and maintain integrity. The chain of custody is a process that documents who handled, accessed, or modified a piece of evidence, when, where, how, and why. The chain of custody ensures that the evidence is preserved, protected, and authenticated throughout the incident response process. Maintaining the chain of custody can help prevent tampering, alteration, or loss of evidence, as well as establish its reliability and validity in legal proceedings. Maintaining an information security policy, properly identifying the issue, and gathering as much information as possible are not reasons why maintaining the chain of custody is important. Maintaining an information security policy is a general practice that defines the rules and guidelines for securing an organization’s information assets and resources. Properly identifying the issue is a step in the incident response process that involves analyzing and classifying the incident based on its severity, impact, and scope. Gathering as much information as possible is a step in the incident response process that involves collecting and documenting relevant data and evidence from various sources, such as logs, alerts, or witnesses.
Reference: Official CompTIA learning resources CompTIA A+ Core 1 and Core 2, page 26
C
Explanation:
Maintaining the chain of custody is important to control evidence and maintain integrity. The chain of custody is a process that documents who handled, accessed, or modified a piece of evidence, when, where, how, and why. The chain of custody ensures that the evidence is preserved, protected, and authenticated throughout the incident response process. Maintaining the chain of custody can help prevent tampering, alteration, or loss of evidence, as well as establish its reliability and validity in legal proceedings. Maintaining an information security policy, properly identifying the issue, and gathering as much information as possible are not reasons why maintaining the chain of custody is important. Maintaining an information security policy is a general practice that defines the rules and guidelines for securing an organization’s information assets and resources. Properly identifying the issue is a step in the incident response process that involves analyzing and classifying the incident based on its severity, impact, and scope. Gathering as much information as possible is a step in the incident response process that involves collecting and documenting relevant data and evidence from various sources, such as logs, alerts, or witnesses.
Reference: Official CompTIA learning resources CompTIA A+ Core 1 and Core 2, page 26
Question #213
When a user is in the office, the user’s mobile phone loads applications and web browses very slowly on a cellular connection.
Which of the following is the best way to fix this issue?
- A . Connect to the company’s Wi-Fi network.
- B . Change the settings on the phone to connect to a different cellular tower.
- C . Install a cellular repeater at the office for this user.
- D . Update all applications on the phone.
Correct Answer: A
A
Explanation:
The best way to fix the issue of slow cellular connection in the office is to connect to the company’s Wi-Fi network. This will allow the user’s mobile phone to access the internet through a faster and more reliable wireless network, instead of relying on the cellular network. Connecting to the Wi-Fi network will also save the user’s data usage and battery life.
Some of the factors that can affect the cellular connection speed are the distance from the cell tower, the obstructions between the phone and the tower, the network congestion, the network technology, and the features of the phone12. In the office, the user may experience a weak or unstable cellular signal due to the building structure, the location, or the interference from other devices. Therefore, switching to the Wi-Fi network can improve the performance of the phone’s applications and web browsing.
Reference: CompTIA A+ Certification Exam Core 2 Objectives3 CompTIA A+ Core 2 (220-1102) Certification Study Guide4 Factors affecting the speed and quality of internet connection1 Why Is Your Mobile Data So Slow? How to Speed It Up in 10 Steps2
A
Explanation:
The best way to fix the issue of slow cellular connection in the office is to connect to the company’s Wi-Fi network. This will allow the user’s mobile phone to access the internet through a faster and more reliable wireless network, instead of relying on the cellular network. Connecting to the Wi-Fi network will also save the user’s data usage and battery life.
Some of the factors that can affect the cellular connection speed are the distance from the cell tower, the obstructions between the phone and the tower, the network congestion, the network technology, and the features of the phone12. In the office, the user may experience a weak or unstable cellular signal due to the building structure, the location, or the interference from other devices. Therefore, switching to the Wi-Fi network can improve the performance of the phone’s applications and web browsing.
Reference: CompTIA A+ Certification Exam Core 2 Objectives3 CompTIA A+ Core 2 (220-1102) Certification Study Guide4 Factors affecting the speed and quality of internet connection1 Why Is Your Mobile Data So Slow? How to Speed It Up in 10 Steps2
Question #214
A technician is setting up a conference room computer with a script that boots the application on login.
Which of the following would the technician use to accomplish this task? (Select TWO).
- A . File Explorer
- B . Startup Folder
- C . System Information
- D . Programs and Features
- E . Task Scheduler
- F . Device Manager
Correct Answer: B,E
B,E
Explanation:
✑ B. Startup Folder1: The Startup folder is a special folder that contains shortcuts to programs or scripts that will run automatically when a user logs on. The technician can create a shortcut to the script and place it in the Startup folder for the conference room computer or for all users.
✑ E. Task Scheduler23: The Task Scheduler is a tool that allows you to create tasks that run at specified times or events. The technician can create a task that runs the script at logon for the conference room computer or for all users.
B,E
Explanation:
✑ B. Startup Folder1: The Startup folder is a special folder that contains shortcuts to programs or scripts that will run automatically when a user logs on. The technician can create a shortcut to the script and place it in the Startup folder for the conference room computer or for all users.
✑ E. Task Scheduler23: The Task Scheduler is a tool that allows you to create tasks that run at specified times or events. The technician can create a task that runs the script at logon for the conference room computer or for all users.
Question #215
A technician needs to recommend the best backup method that will mitigate ransomware attacks. Only a few files are regularly modified, however, storage space is a concern.
Which of the following backup methods would BEST address these concerns?
- A . Full
- B . Differential
- C . Off-site
- D . Grandfather-father-son
Correct Answer: B
B
Explanation:
The differential backup method would best address these concerns. Differential backups only back up files that have changed since the last full backup, which means that only a few files would be backed up each time. This would help to mitigate the risk of ransomware attacks, as only a few files would be affected if an attack occurred. Additionally, differential backups require less storage space than full backups.
B
Explanation:
The differential backup method would best address these concerns. Differential backups only back up files that have changed since the last full backup, which means that only a few files would be backed up each time. This would help to mitigate the risk of ransomware attacks, as only a few files would be affected if an attack occurred. Additionally, differential backups require less storage space than full backups.
Question #216
A data center is required to destroy SSDs that contain sensitive information.
Which of the following is the BEST method to use for the physical destruction of SSDs?
- A . Wiping
- B . Low-level formatting
- C . Shredding
- D . Erasing
Correct Answer: C
C
Explanation:
Shredding is the best method to use for the physical destruction of SSDs because it reduces them to small pieces that cannot be recovered or accessed. Wiping, low-level formatting, and erasing are not effective methods for destroying SSDs because they do not physically damage the flash memory chips that store data1.
C
Explanation:
Shredding is the best method to use for the physical destruction of SSDs because it reduces them to small pieces that cannot be recovered or accessed. Wiping, low-level formatting, and erasing are not effective methods for destroying SSDs because they do not physically damage the flash memory chips that store data1.
Question #217
Once weekly a user needs Linux to run a specific open-source application that is not available for the currently installed Windows platform. The user has limited bandwidth throughout the day.
Which of the following solutions would be the MOST efficient, allowing for parallel execution of the Linux application and Windows applications?
- A . Install and run Linux and the required application in a PaaS cloud environment
- B . Install and run Linux and the required application as a virtual machine installed under the Windows OS
- C . Use a swappable drive bay for the boot drive and install each OS with applications on its own drive Swap the drives as needed
- D . Set up a dual boot system by selecting the option to install Linux alongside Windows
Correct Answer: B
B
Explanation:
The user should install and run Linux and the required application as a virtual machine installed under the Windows OS. This solution would allow for parallel execution of the Linux application and Windows applications2.
The MOST efficient solution that allows for parallel execution of the Linux application and Windows applications is to install and run Linux and the required application as a virtual machine installed under the Windows OS. This is because it allows you to run both Linux and Windows together without the need to keep the Linux portion confined to a VM window 3.
B
Explanation:
The user should install and run Linux and the required application as a virtual machine installed under the Windows OS. This solution would allow for parallel execution of the Linux application and Windows applications2.
The MOST efficient solution that allows for parallel execution of the Linux application and Windows applications is to install and run Linux and the required application as a virtual machine installed under the Windows OS. This is because it allows you to run both Linux and Windows together without the need to keep the Linux portion confined to a VM window 3.
Question #218
A technician needs to strengthen security controls against brute-force attacks.
Which of the following options best meets this requirement?
- A . Multifactor authentication
- B . Encryption
- C . Increased password complexity
- D . Secure password vault
Correct Answer: A
A
Explanation:
Multifactor authentication (MFA) significantly enhances security by requiring two or more forms of verification before granting access to an account or system. This method is highly effective against brute-force attacks, where attackers attempt to guess a user’s password through repeated trials. By implementing MFA, even if a password is compromised, unauthorized access is still prevented without the additional authentication factor(s), such as a code from a smartphone app, a fingerprint,
or a physical security token.
Multifactor authentication: Provides an additional layer of security beyond just the password, making it much harder for attackers to gain unauthorized access through brute-force methods, as they would need to compromise more than one authentication factor.
Encryption (B) is crucial for protecting data at rest and in transit, but it does not directly prevent brute-force login attempts. Increased password complexity (C) can deter brute-force attacks by making passwords harder to guess, but it is not as effective as MFA in preventing access when passwords are compromised. A secure password vault (D) helps users manage and store their passwords securely, which can indirectly contribute to security by allowing users to keep more complex passwords, but it does not directly prevent brute-force attacks on accounts.
A
Explanation:
Multifactor authentication (MFA) significantly enhances security by requiring two or more forms of verification before granting access to an account or system. This method is highly effective against brute-force attacks, where attackers attempt to guess a user’s password through repeated trials. By implementing MFA, even if a password is compromised, unauthorized access is still prevented without the additional authentication factor(s), such as a code from a smartphone app, a fingerprint,
or a physical security token.
Multifactor authentication: Provides an additional layer of security beyond just the password, making it much harder for attackers to gain unauthorized access through brute-force methods, as they would need to compromise more than one authentication factor.
Encryption (B) is crucial for protecting data at rest and in transit, but it does not directly prevent brute-force login attempts. Increased password complexity (C) can deter brute-force attacks by making passwords harder to guess, but it is not as effective as MFA in preventing access when passwords are compromised. A secure password vault (D) helps users manage and store their passwords securely, which can indirectly contribute to security by allowing users to keep more complex passwords, but it does not directly prevent brute-force attacks on accounts.
Question #219
Which of the following attacks can a hacker use to execute code on a user’s computer when the user visits a specially prepared, malicious website?
- A . DoS
- B . Spoofing
- C . XSS
- D . SQL injection
Correct Answer: C
C
Explanation:
Detailed
Cross-site scripting (XSS) (Option C) allows attackers to inject malicious scripts into web pages viewed
by users. When the user visits the compromised site, the script runs in the user’s browser, potentially
allowing the attacker to steal data or perform unauthorized actions. XSS is a common vulnerability in
web applications that allows code execution.
DoS (Option A) disrupts services but doesn’t involve executing code on a user’s device. Spoofing (Option B) involves impersonating another device or user but doesn’t execute code. SQL injection (Option D) attacks a database and is unrelated to executing code on the user’s computer.
CompTIA A+ Core 2
Reference: 2.4 – Explain common social engineering attacks, including XSS.
C
Explanation:
Detailed
Cross-site scripting (XSS) (Option C) allows attackers to inject malicious scripts into web pages viewed
by users. When the user visits the compromised site, the script runs in the user’s browser, potentially
allowing the attacker to steal data or perform unauthorized actions. XSS is a common vulnerability in
web applications that allows code execution.
DoS (Option A) disrupts services but doesn’t involve executing code on a user’s device. Spoofing (Option B) involves impersonating another device or user but doesn’t execute code. SQL injection (Option D) attacks a database and is unrelated to executing code on the user’s computer.
CompTIA A+ Core 2
Reference: 2.4 – Explain common social engineering attacks, including XSS.
Question #220
A developer installed a new software package that has stopped all file server access.
Which of the following change management practices should have been followed?
- A . End-user acceptance
- B . Staff delegation
- C . Appropriate scoping
- D . Sandbox testing
Correct Answer: D
D
Explanation:
Detailed
The issue could have been avoided if the developer had used Sandbox testing (Option D), which allows new software to be tested in a controlled environment before implementation. This process ensures that the software does not negatively impact system functionality, like stopping access to critical resources such as file servers.
End-user acceptance (Option A) ensures that users approve the software, but it wouldn’t prevent the issue.
Staff delegation (Option B) relates to who is responsible but doesn’t address testing.
Appropriate scoping (Option C) helps in defining the extent of changes but does not replace testing.
CompTIA A+ Core 2
Reference: 4.2 – Explain basic change management best practices, including testing in a sandbox environment.
D
Explanation:
Detailed
The issue could have been avoided if the developer had used Sandbox testing (Option D), which allows new software to be tested in a controlled environment before implementation. This process ensures that the software does not negatively impact system functionality, like stopping access to critical resources such as file servers.
End-user acceptance (Option A) ensures that users approve the software, but it wouldn’t prevent the issue.
Staff delegation (Option B) relates to who is responsible but doesn’t address testing.
Appropriate scoping (Option C) helps in defining the extent of changes but does not replace testing.
CompTIA A+ Core 2
Reference: 4.2 – Explain basic change management best practices, including testing in a sandbox environment.