Practice Questions

1. Which of the following statements best describes how to restart the Print Spooler service? (Select the two best answers.)

A. Enter net stop spooler and then net start spooler at the command line.

B. Enter net stop print spooler and then net start print spooler at the command line.

C. Go to Run > services.msc and restart the Print Spooler service.

D. Go to Computer Management > System Tools > Event Viewer and restart the Print Spooler service.

Quick Answer: 203

Detailed Answer: 204

2. Where is registry hive data stored?

A. \%systemroot%Windows

B. \%systemroot%WindowsSystem32Config

C. \%systemroot%System32

D. \%systemroot%System32Config

Quick Answer: 203

Detailed Answer: 204

3. You are troubleshooting a user’s Android smartphone. You need to enable USB debugging. Which of the following do you need to enable first?

A. Screen sharing

B. APK downloads

C. Developer Mode

D. Phone rooting

Quick Answer: 203

Detailed Answer: 204

4. Tom has an older laptop with a magnetic-based disk drive. He has been trying to speed up the computer by doing the following:

Upgrading the memory

Removing old applications

Unfortunately, the memory upgrade doesn’t seem to be having any effect, and removing the old applications actually makes the laptop even slower. Which of the following should you do?

A. Defragment the drive

B. Rebuild the user profile

C. End tasks in the Task Manager

D. Update the laptop

Quick Answer: 203

Detailed Answer: 204

5. You are using WSUS and testing new updates on PCs. What is this an example of?

A. Host-based firewall

B. Application baselining

C. Patch management

D. Virtualization

Quick Answer: 203

Detailed Answer: 205

6. Which versions of Windows does not allow for joining domains?

A. Home

B. Pro

C. Pro for Workstations

D. Enterprise

Quick Answer: 203

Detailed Answer: 205

7. One of your customers reports that there is a large amount of spam in her email inbox. Which of the following statements describes the best course of action?

A. Advise her to create a new email account.

B. Advise her to add the spam senders to the junk email sender list.

C. Advise her to find a new ISP.

D. Advise her to reply to all spam and opt out of future emails.

Quick Answer: 203

Detailed Answer: 205

8. In Windows, where can you configure devices like the display and storage drives to turn off after a certain amount of time?

A. Power Plans

B. Display Properties

C. Computer Management

D. Task Manager

Quick Answer: 203

Detailed Answer: 206

9. Which of the following procedures best describes how to find out which type of connection a printer is using?

A. Right-click the printer, select Properties, and click the Sharing tab.

B. Right-click the printer, select Properties, and click the Advanced tab.

C. Right-click the printer, select Properties, and click the Separator Page button.

D. Right-click the printer, select Properties, and click the Ports tab.

Quick Answer: 203

Detailed Answer: 206

10. Your customer is having problems printing from an application. You attempt to send a test page to the printer. Which of the following statements best describes why a test page should be used to troubleshoot the issue?

A. It allows you to see the quality of the printer output.

B. The output of the test page allows you to initiate diagnostic routines on the printer.

C. It verifies the connectivity and illuminates possible application problems.

D. It clears the print queue and resets the printer memory.

Quick Answer: 203

Detailed Answer: 206

11. One of your customers is asking for recommendations on how to prevent potential data and hardware loss during a natural disaster. Of the following, what should you recommend? (Select the two best answers.)

A. Cloud storage

B. Data recovery

C. Backup testing

D. Waterproof smartphones

E. Hot/warm site

F. Local backups

Quick Answer: 203

Detailed Answer: 206

12. Which of the following actions will not secure a functioning computer workstation?

A. Setting a strong password

B. Changing default usernames

C. Disabling the guest account

D. Sanitizing the storage drive

Quick Answer: 203

Detailed Answer: 207

13. Which utility enables you to implement auditing on a single Windows computer?

A. Local Security Policy

B. Group Policy Editor

C. AD DS

D. Services.msc

Quick Answer: 203

Detailed Answer: 207

14. Which of the following statements best describes the main function of a device driver?

A. Modifies applications

B. Works with memory more efficiently

C. Improves device performance

D. Allows the OS to talk to the device

Quick Answer: 203

Detailed Answer: 207

15. Where are restore points stored after they are created?

A. The Recycler folder

B. The System32 folder

C. The %systemroot% folder

D. The System Volume Information folder

Quick Answer: 203

Detailed Answer: 207

16. Which of the following is considered government-regulated data?

A. DRM

B. EULA

C. PII

D. DMCA

Quick Answer: 203

Detailed Answer: 208

17. Which of the following are types of social engineering? (Select the two best answers.)

A. Malware

B. Shoulder surfing

C. Tailgating

D. Rootkits

Quick Answer: 203

Detailed Answer: 208

18. Which of the following is the service that controls the printing of documents on a Windows computer?

A. Printer

B. Print server

C. Print pooling

D. Print Spooler

Quick Answer: 203

Detailed Answer: 208

19. Which of the following is the best way to ensure that a storage drive is secure for disposal?

A. Magnetically erase the drive.

B. Format the drive.

C. Run bootrec /fixboot.

D. Convert the drive to NTFS.

Quick Answer: 203

Detailed Answer: 208

20. A month ago, you set up a wireless access point/router for a small business that is a customer of yours. Now, the customer calls and complains that Internet access is getting slower and slower. As you look at the WAP/router, you notice that it was reset at some point and is now set for open access. You suspect that neighboring companies are using the service connection. Which of the following statements best describes how you can restrict access to your customer’s wireless connection? (Select the two best answers.)

A. Configure the wireless access point to use the latest version of WPA.

B. Configure MS-CHAPv2 on the WAP/router.

C. Disable SSID broadcasting.

D. Move the WAP/router to another corner of the office.

Quick Answer: 203

Detailed Answer: 208

21. A first-level help desk support technician receives a call from a customer and works with the customer for several minutes to resolve the call, but the technician is unsuccessful. Which of the following steps should the technician perform next?

A. The technician should explain to the customer that he will receive a callback when someone more qualified is available.

B. The technician should escalate the call to another technician.

C. The technician should explain to the customer that the problem cannot be resolved and end the call.

D. The technician should continue working with the customer until the problem is resolved.

Quick Answer: 203

Detailed Answer: 209

22. A customer complains that there is nothing showing on the display of his brand-new laptop. Which of the following should you attempt first on the computer?

A. You should replace the inverter.

B. You should reinstall the video drivers.

C. You should boot into Safe Mode.

D. You should check whether the laptop is in Standby or Hibernate mode.

Quick Answer: 203

Detailed Answer: 209

23. A user boots a computer in the morning and notices that icons are much larger than they were the night before. The user tries changing the video resolution and rebooting the computer, but the icons still do not look correct. You ask the user questions and find out that the display read “finishing updates” when the computer was first booted in the morning. What should you do next to fix the problem?

A. Roll back the video driver

B. Reboot the computer

C. Reload the operating system

D. Press F2 to access the BIOS/UEFI

Quick Answer: 203

Detailed Answer: 209

24. A person working at a Linux computer types the command apt-get update. When the person presses Enter, Linux displays several messages, the most prominent one being “Permission denied.” What should the user have typed before the command?

A. nano

B. chmod

C. sudo

D. grep

Quick Answer: 203

Detailed Answer: 209

25. Megan’s laptop runs perfectly when she is at work, but when she takes it on the road, it cannot get on the Internet. Internally, the company uses static IP addresses for all computers. What should you do to fix the problem?

A. Tell Megan to get a wireless cellular card and service.

B. Tell Megan to use DHCP.

C. Tell Megan to configure the Alternate Configuration tab of TCP/IP properties.

D. Configure a static IP address in the Alternate Configuration tab of the user’s TCP/IP properties and enable DHCP in the General tab.

Quick Answer: 203

Detailed Answer: 210

26. Which power-saving mode enables the best power savings while still allowing the session to be reactivated later?

A. Standby

B. Suspend

C. Hibernate

D. Shutdown

Quick Answer: 203

Detailed Answer: 210

27. John’s computer has two storage drives, each 1 TB. The first one, the system drive, is formatted as NTFS. The second one, the data drive, is formatted as FAT32. Which of the following statements are true? (Select the two best answers.)

A. Files on the system drive can be secured.

B. Larger logical drives can be made on the data drive.

C. The cluster size is larger, and storage is more efficient on the system drive.

D. The cluster size is smaller, and storage is more efficient on the system drive.

Quick Answer: 203

Detailed Answer: 210

28. When using the command line, a switch ______.

A. enables a command to work across any operating system

B. is used in application icons

C. changes the core behavior of a command, forcing the command to perform unrelated actions

D. alters the actions of a command, such as widening or narrowing the function of the command

Quick Answer: 203

Detailed Answer: 210

29. You need to view any application errors that have occurred today. Which tool should you use?

A. Event Viewer

B. Local Security Policy

C. MSConfig

D. sfc /scannow

Quick Answer: 203

Detailed Answer: 210

30. Which of the following commands can help you modify the startup environment?

A. msconfig

B. ipconfig

C. Boot Config Editor

D. Registry Editor

Quick Answer: 203

Detailed Answer: 211

31. Which of the following log files references third-party software error messages?

A. Security log

B. System log

C. Application log

D. Setuperr.log

Quick Answer: 203

Detailed Answer: 211

32. Which of the following provides the lowest level of wireless security protection?

A. Disabling the SSID broadcast

B. Using RADIUS

C. Using the latest version of WPA

D. Enabling WEP on the wireless access point

Quick Answer: 203

Detailed Answer: 211

33. A customer uses an unencrypted wireless network. One of the users has shared a folder for access by any computer. The customer complains that files sometimes appear and disappear from the shared folder. Which of the following statements best describes how to fix the problem? (Select the two best answers.)

A. Enable encryption on the router and the clients.

B. Encrypt the drive that has the share by using EFS (Encrypting File System).

C. Increase the level of security on the NTFS folder by changing the permissions.

D. Change the share-level permissions on the shared folder.

Quick Answer: 203

Detailed Answer: 211

34. A customer is having difficulties with his storage drive, and the system won’t boot. You discover that the operating system has to be reloaded. Which of the following would be the best way to explain this to the customer?

A. “I need to rebuild the computer.”

B. “I need to format the drive and reload the software.”

C. “I need to run a bootrec /fixboot on the computer.”

D. “I need to restore the system; data loss might occur.”

Quick Answer: 203

Detailed Answer: 212

35. Users in your accounting department are prompted to provide usernames and passwords to access the payroll system. Which type of authentication method is being requested in this scenario?

A. MFA

B. Single factor

C. TACACS+

D. RADIUS

Quick Answer: 203

Detailed Answer: 212

36. Which of the following commands makes a duplicate of a file?

A. move

B. copy

C. dir

D. ls

Quick Answer: 203

Detailed Answer: 212

37. Which tool in Windows enables a user to easily see how much memory a particular process uses?

A. System Information Tool

B. Registry

C. Task Manager

D. Performance Monitor

Quick Answer: 203

Detailed Answer: 212

38. Windows was installed on a computer with two storage drives: a C: drive and a D: drive. Windows is installed to C:, and it works normally. The user of this computer complains that his applications are drive intensive and that they slow down the computer. Which of the following statements best describes how to resolve the problem?

A. Move the paging file to the D: drive.

B. Reinstall Windows on the D: drive rather than on the C: drive.

C. Defragment the D: drive.

D. Decrease the size of the paging file.

Quick Answer: 203

Detailed Answer: 212

39. Which of the following tools should be used to protect a computer from electrostatic discharge (ESD) while you are working inside it?

A. Multimeter

B. Crimper

C. Antistatic wrist strap

D. PSU tester

Quick Answer: 203

Detailed Answer: 213

40. You are running some cable from an office to a computer located in a warehouse. As you are working in the warehouse, a 55-gallon drum falls from a pallet and spills what smells like ammonia. Which of the following statements best describes the first step you should take in your efforts to resolve this problem?

A. Call 911.

B. Call the building supervisor.

C. Get out of the area.

D. Save the computer.

Quick Answer: 203

Detailed Answer: 213

41. While you are upgrading a customer’s server storage drives, you notice looped network cables lying all over the server room floor. Which of the following statements best describes how to resolve this issue?

A. Ignore the problem.

B. Tell the customer about safer alternatives.

C. Call the building supervisor.

D. Notify the administrator.

Quick Answer: 203

Detailed Answer: 213

42. Which of the following statements best describes the recommended solution for a lithium-ion battery that won’t hold a charge any longer?

A. Throw it in the trash.

B. Return it to the battery manufacturer.

C. Contact the local municipality and ask about their disposal methods.

D. Open the battery and remove the deposits.

Quick Answer: 203

Detailed Answer: 213

43. Which of the following statements is not assertive communication?

A. “I certainly know how you feel; losing data is a terrible thing.”

B. “Could you explain again exactly what you would like done?”

C. “Do your employees always cause issues like these on computers?”

D. “What can I do to help you?”

Quick Answer: 203

Detailed Answer: 213

44. A customer has a malfunctioning PC, and as you are about to begin repairing it, the customer proceeds to tell you about the problems with the server. Which of the following statements best describes how to respond to the customer?

A. “Wait until I finish with the PC.”

B. “I’m sorry, but I don’t know how to fix servers.”

C. “Is the server problem related to the PC problem?”

D. “I have to call my supervisor.”

Quick Answer: 203

Detailed Answer: 214

45. Which of the following could be described as the chronological paper trail of evidence?

A. First response

B. Chain of custody

C. Setting and meeting expectations

D. Data preservation

Quick Answer: 203

Detailed Answer: 214

46. Which of the following statements best describes what not to do when moving servers and server racks?

A. Remove jewelry.

B. Move a 70-pound wire rack by yourself.

C. Disconnect power to the servers before moving them.

D. Bend at the knees and lift with your legs.

Quick Answer: 203

Detailed Answer: 214

47. Active communication includes which of the following?

A. Filtering out unnecessary information

B. Declaring that the customer doesn’t know what he or she is doing

C. Clarifying the customer’s statements

D. Mouthing off

Quick Answer: 203

Detailed Answer: 214

48. One of your vendors needs to access a server in your data center for maintenance of a software package. The security policy for your organization restricts the use of port 3389. However, command-line protocols are allowed. Which of the following would be the most secure solution?

A. FTP

B. SSH

C. RDP

D. SCP

Quick Answer: 203

Detailed Answer: 215

49. Which of the following statements best describes the first course of action in removing malware?

A. Identify malware symptoms.

B. Quarantine infected systems.

C. Disable System Restore.

D. Remediate infected systems.

E. Schedule scans and run updates.

F. Enable System Restore.

G. Educate the end user.

Quick Answer: 203

Detailed Answer: 215

50. You are working on a Windows computer that is performing slowly. Which of the following commands should you use to resolve the problem? (Select the two best answers.)

A. format

B. dism

C. ipconfig

D. chkdsk

E. dir

F. diskpart

Quick Answer: 203

Detailed Answer: 215

51. A customer working in a scientific lab reports that an optical drive in a PC is no longer responding. Which of the following is the first question you should ask the customer?

A. “What has changed since the optical drive worked properly?”

B. “Did you log in with your administrator account?”

C. “What have you modified since the optical drive worked?”

D. “Have you been to any inappropriate websites?”

E. “Why are you still using an optical drive? No one uses those anymore!”

Quick Answer: 203

Detailed Answer: 216

52. A coworker is traveling to Europe and is bringing her desktop computer. She asks you what concerns there might be. Which of the following statements best describes how to respond to the customer? (Select the two best answers.)

A. Advise her that the computer is not usable in other countries.

B. Advise her to check for a compatible power adapter for that country.

C. Advise her to use a line conditioner for the correct voltage.

D. Advise her to check the voltage selector on the power supply.

Quick Answer: 203

Detailed Answer: 216

53. After you remove malware/spyware from a customer’s PC for the third time, which of the following steps should be taken next?

A. Tell the customer you can’t fix the system again.

B. Do nothing; the customer pays every time.

C. Show the customer how to avoid the problem.

D. Change the customer’s user permissions.

Quick Answer: 203

Detailed Answer: 216

54. You are asked to fix a problem with a customer’s Active Directory Domain Services domain controller that is outside the scope of your knowledge. Which of the following statements best describes the recommended course of action?

A. Learn on the job by trying to fix the problem.

B. Tell the customer that the problem should be reported to another technician.

C. Assure the customer that the problem will be fixed very soon.

D. Help the customer find the appropriate channels to fix the problem.

Quick Answer: 203

Detailed Answer: 216

55. When you are working on a PC, which of the following should you do to prevent electrical shock? (Select the three best answers.)

A. Remove metallic jewelry.

B. Press the “kill switch” on the back of the PSU.

C. Wear an antistatic strap.

D. Disconnect the power cord.

E. Use proper cable management.

F. Keep components in an antistatic bag.

Quick Answer: 203

Detailed Answer: 217

56. You are troubleshooting a Windows Server computer that you have little knowledge about. The message on the screen says that there is a “DHCP partner down” error. No other technicians are available to help you, and your manager wants the server fixed ASAP, or you are fired. Which of the following statements best describe the recommended course of action? (Select the two best answers.)

A. Identify the problem.

B. Escalate the problem.

C. Establish a plan of action.

D. Call tech support.

E. Verify full system functionality.

F. Test the theory to determine cause.

Quick Answer: 203

Detailed Answer: 217

57. Which of the following protects confidential information from being disclosed publicly?

A. Classification

B. Social engineering

C. HTTP

D. Drive wipe

Quick Answer: 203

Detailed Answer: 218

58. You are working on an infected computer that is currently turned off. You are concerned that the boot sector is affected and that there is the potential for malware spread. What should you do to scan the boot sector?

A. Boot to WinRE.

B. Boot into Safe Mode.

C. Mount the drive using a forensic platform.

D. Boot the drive in another computer.

Quick Answer: 203

Detailed Answer: 218

59. Which of the following Windows tools typically enables you to configure a SOHO router?

A. Web browser

B. Device Manager

C. MSConfig

D. File Explorer

Quick Answer: 203

Detailed Answer: 218

60. What might you need to supply during a local clean installation of Windows Pro edition if newer hardware is not seen correctly?

A. Windows Enterprise edition media

B. Image deployment

C. Installing from a recovery partition or disc

D. Third-party drivers

E. Additional partitions

Quick Answer: 203

Detailed Answer: 219

61. A coworker maps a network drive for a user, but after a system reboot, the drive is not seen in File Explorer. Which of the following steps should be taken first to ensure that the drive remains mapped?

A. Check Reconnect at Sign-in when mapping the drive.

B. Select the drive letter needed to connect each time the coworker logs on.

C. Check the folder connection when mapping the drive.

D. Use the net use command instead.

Quick Answer: 203

Detailed Answer: 219

62. Based on the physical hardware address of the client’s network device, which of the following is commonly used to restrict access to a network?

A. WPA key

B. DHCP settings

C. MAC filtering

D. SSID broadcast

Quick Answer: 203

Detailed Answer: 219

63. A print job fails to leave the print queue. Which of the following services may need to be restarted?

A. Print driver

B. Print Spooler

C. Network adapter

D. Printer

Quick Answer: 203

Detailed Answer: 220

64. After a network application is installed on a computer running Windows, the application does not communicate with the server. Which of the following actions should be taken first?

A. Use Samba for connectivity.

B. Reinstall the latest security update.

C. Add the port number and name of the service to the exceptions list in Windows Defender Firewall.

D. Add the port number to the network firewall.

Quick Answer: 203

Detailed Answer: 220

65. You work for a Fortune 500 company. Several mobile device users report issues connecting to the WLAN in the warehouse area of the building. However, those mobile users can connect to the Internet via 5G service. You test for wireless connectivity with your laptop in the lobby of the building and can connect with no problem. While you are doing your tests, you receive automated messages from a network sniffing program, telling you that devices are failing due to a power outage. Which of the following is most likely causing the wireless connectivity issue?

A. SSID broadcasting has been turned off.

B. The warehouse environment is unclean, and the network devices located there are getting clogged with dust and dirt.

C. The WAP in the warehouse is down.

D. The DHCP scope for the WLAN is full.

E. The system locked out all wireless users.

Quick Answer: 203

Detailed Answer: 220

66. One of your Windows users is trying to install a local printer and is unsuccessful, based on the permissions for the user account. Which of the following types best describes this user account?

A. Power user

B. Administrator

C. Guest

D. Domain Admin

Quick Answer: 203

Detailed Answer: 221

67. When accessing an NTFS shared resource, which of the following are required? (Select the two best answers.)

A. An active certificate

B. Correct user permissions

C. Local user access

D. Correct share permissions

Quick Answer: 203

Detailed Answer: 221

68. You are contracted to recover data from a laptop. In which two locations might you find valuable irreplaceable data? (Select the two best answers.)

A. Ntoskrnl.exe

B. Windows folder

C. Pictures

D. Email

E. System32 folder

Quick Answer: 203

Detailed Answer: 221

69. Which utility enables auditing at the local level?

A. OU Group Policy

B. Local Security Policy

C. Active Directory Policy

D. Site Policy

Quick Answer: 203

Detailed Answer: 221

70. A customer has forgotten his password and can no longer access his company email address. Which of the following statements best describes the recommended course of action?

A. Tell him to remember his password.

B. Ask him for information confirming his identity.

C. Tell him that the password will be reset in several minutes.

D. Tell him that he shouldn’t forget his password.

Quick Answer: 203

Detailed Answer: 221

71. Which of the following can help locate a lost or stolen mobile device?

A. Passcode

B. Auto-erase

C. GPS

D. Encryption

Quick Answer: 203

Detailed Answer: 222

72. Which of the following can be disabled to help prevent access to a wireless network?

A. MAC filtering

B. SSID broadcast

C. WPA passphrase

D. WPA key

Quick Answer: 203

Detailed Answer: 222

73. A user just connected to a corporate VPN. Now, the user’s workstation is no longer able to browse websites. You discover that it is possible to use a different web browser on the same computer to reach websites correctly. Other users are able to connect to websites through the VPN. Which of the following should you do next?

A. Flush the DNS cache

B. Scan the user’s workstation for malware

C. Disconnect from and then reconnect to the VPN

D. Use an enterprise-level sandbox

E. Verify the browser’s proxy configuration

F. Tell the user to use the alternate web browser

Quick Answer: 203

Detailed Answer: 222

74. In Windows, which utility enables you to select and copy characters from any font?

A. Language Bar

B. Sticky Keys

C. Control Panel > Fonts

D. Character Map

Quick Answer: 203

Detailed Answer: 222

75. Which of the following can be described as removing the limitations of Apple iOS?

A. Rooting

B. Jailbreaking

C. VirusBarrier

D. Super-admin powers

Quick Answer: 203

Detailed Answer: 223

76. A customer’s personal settings are not saving properly. You suspect that the user’s local Windows profile is corrupt. You attempt to check the size of the ntuser.dat file, but it does not appear in the user’s profile directory. Which of the following utilities should you use to view the file?

A. Sync Center

B. Display Settings

C. User Accounts

D. Folder Options

Quick Answer: 203

Detailed Answer: 223

77. Which of the following provides language support for representing characters and is built into Windows?

A. Unicode

B. EBCDIC

C. ASCII

D. ITU-T

E. .ps1

Quick Answer: 203

Detailed Answer: 223

78. Which of the following is the best source of information about malicious software detected on a computer?

A. Operating system documentation

B. Anti-malware software website

C. Readme.txt file included with the anti-spyware software installation

D. The user of a previously infected computer

Quick Answer: 203

Detailed Answer: 224

79. You are working for a company as a roaming PC tech and have been assigned work by a network administrator. The admin notifies you that the company is experiencing a DDoS attack. Half a dozen internal Windows PCs are the source of the traffic. The admin gives you the Windows computer names and tells you that they must be scanned and cleaned immediately. Which of the following effects to the PCs should you as a PC technician focus on fixing? (Select the two best answers.)

A. Zombies

B. Spyware

C. Ransomware

D. Virus

E. Botnet

Quick Answer: 203

Detailed Answer: 224

80. You are troubleshooting a networking problem with Windows, and you can’t seem to fix it using the typical Windows GUI-based troubleshooting tools or PowerShell. You have identified the problem and established a theory of probable cause. (In fact, you are on your fourth theory.) Which tool should be used to troubleshoot the problem, and in what stage of the troubleshooting process should you do the troubleshooting?

A. regsvr32; Conduct external or internal research based on symptoms.

B. gpupdate; Perform backups before making any changes.

C. USMT; Verify full system functionality.

D. regedit; Test the theory to determine cause.

E. Boot Camp; Document findings, actions, and outcomes.

Quick Answer: 203

Detailed Answer: 224

Quick-Check Answer Key

1. A and C

2. D

3. C

4. A

5. C

6. A

7. B

8. A

9. D

10. C

11. A and E

12. D

13. A

14. D

15. D

16. C

17. B and C

18. D

19. A

20. A and C

21. B

22. D

23. A

24. C

25. D

26. C

27. A and D

28. D

29. A

30. A

31. C

32. A

33. A and C

34. D

35. B

36. B

37. C

38. A

39. C

40. C

41. B

42. C

43. C

44. C

45. B

46. B

47. C

48. B

49. A

50. B and D

51. A

52. B and D

53. C

54. D

55. B, C, and D

56. A and D

57. A

58. C

59. A

60. D

61. A

62. C

63. B

64. C

65. C

66. C

67. B and D

68. C and D

69. B

70. B

71. C

72. B

73. E

74. D

75. B

76. D

77. A

78. B

79. A and D

80. D

Answers and Explanations

1. Answers: A and C

Explanation: At the command line, this service is simply known as Spooler. Type net stop spooler and net start spooler to restart the service. Or you could go to Run > services.msc to restart the service. (Or, in Computer Management, you can find the Print Spooler service in Services and Applications > Services.) From there, you can start, stop, pause, resume, or restart services and also set their startup type to Automatic, Manual, or Disabled.

Incorrect answers: When stopping a service in the Command Prompt (or PowerShell), remember to use the command-line name, not the name used in the GUI. In this case, the command-line name is spooler, whereas the GUI-based name is Print Spooler. The Event Viewer is used to view and analyze log files.

2. Answer: D

Explanation: Remember that %systemroot% is a variable. It takes the place of whatever folder contains the operating system. This is usually the path Windows. For example, if you were to run a default installation of Windows, the path to the registry hives would be C:WindowsSystem32Config. The main hives are SAM, SECURITY, SOFTWARE, SYSTEM, and DEFAULT. You can access and configure them by opening the Registry Editor (Run > regedit.exe) and opening the HKEY_LOCAL_MACHINE subtree. Other hive information is stored in the user profile folders.

Incorrect answers: The other locations are incorrect. The Windows folder is %systemroot%, so the paths that include \%systemroot%Windows don’t make any sense. The System32 folder houses all of the 64-bit protected system files (and many applications) for Windows.

3. Answer: C

Explanation: On Android devices, you would need to enable Developer Mode, also known as Developer Options. How this is done can vary from one device to the next, but a typical process is to go to Settings > About and then tap the Build Number option repeatedly (often seven times). At that point, you will see Developer Options listed within Settings. Inside Developer Options, you will find settings such as USB Debugging that can be enabled.

Incorrect answers: Screen sharing can be accomplished with third-party tools or with the Android Debug Bridge (ADB), which works only if you have Developer Mode enabled. Android Package (APK) is the default file format used by Android. Rooting the phone goes beyond Developer Mode and gives the user (and apps) 100% administrative access. This also opens the device to a myriad of attacks and so is considered insecure and avoided by most organizations.

4. Answer: A

Explanation: You should attempt to defragment the drive. Because it is a magnetic-based disk drive—a hard disk drive (HDD)—it will become fragmented over time. Fragmentation is common with older laptops that do not use solid-state drives. The more applications that are installed and uninstalled, the more a drive becomes fragmented. To make the files contiguous, use the Windows Disk Defragmenter (Optimize Drives) utility. Note that if a drive has less than 15% free space, you may need to run the command-line utility with the -f option: defrag.exe -f.

Incorrect answers: Rebuilding the user profile may be necessary if the profile is large. This can be indicated by slow logon times. Ending tasks in the Task Manager might help temporarily if there are any tasks that need to be terminated, but they might restart on the next reboot of the laptop. Also, the number of unnecessary tasks is probably limited because the user has already removed unnecessary programs (which is one of the best ways to increase the speed of the operating system). Updating the laptop is always a good idea (especially for security reasons) but probably won’t improve the laptop’s performance.

5. Answer: C

Explanation: Patch management is the patching of many systems from a central location. It includes the planning, testing, implementing, and auditing stages. There are various software packages you can use to perform patch management. Windows Server Update Services (WSUS) is an example of Microsoft patch management software. Other Microsoft examples include the Configuration Manager (which is part of Microsoft Endpoint Manager), and there are plenty of third-party offerings as well.

Incorrect answers: A host-based firewall is a software firewall that is loaded on a computer to stop attackers from intruding on a network. Application baselining is the performance measurements of an application over time. Virtualization occurs when an operating system is installed to a single file on a computer. Often, it runs virtually on top of another OS.

6. Answer: A

Explanation: Windows Home edition does not allow for the joining of domains.

Incorrect answers: The rest of the listed answers (Pro, Pro for Workstations, and Enterprise) all allow for joining domains. Essentially, you should recommend Home edition for home use, and one of the others for business use.

7. Answer: B

Explanation: You should recommend that the user add the senders to the junk email sender list. Doing so blocks those senders’ email addresses. (Alternatively, the entire domain can be blocked.) However, this option could take a lot of time; another option is to increase the level of security on the spam filter within the email program. Any further spam can then be sent to the junk email sender list.

Incorrect answers: Users need their email accounts, and creating a new one can result in a lot of work for the user. Finding a new ISP is overreacting a bit; plus, the user has no idea if one ISP will be better at stopping spam than another. Never tell a user to reply to spam. Spam emails should be sent to the spam folder and never replied to as replying is a security risk and, at the very least, would lead to more spam messages.

8. Answer: A

Explanation: To turn off devices after a specified period of time in Windows, access Control Panel > Power Options. Then click Change Plan Settings for the appropriate power plan. (This can also be accessed by searching within Settings.)

Incorrect answers: Display Properties allows you to modify things such as screen resolution. Computer Management is a commonly used console window in Windows; it includes the Event Viewer, Disk Management, and Services. The Task Manager is used to analyze system resources and end tasks (among other things).

9. Answer: D

Explanation: On the Ports tab, you can find how the printer is connected to the computer. It might be via a USB, COM, LPT, or TCP/IP port. You might get to this tab by selecting Properties or Printer Properties, depending on the printer.

Incorrect answers: The Sharing tab allows you to share a locally connected (or remotely controlled) printer on the network. The Advanced tab has options such as print spooling and printer pooling. The Separator page button allows you to configure a page that is inserted after every print job.

10. Answer: C

Explanation: The test page verifies connectivity and gives you insight about possible application problems at the computer that is attempting to print.

Incorrect answers: In this case, you aren’t worried about the quality of the printer output; it is the computer and the application that you are troubleshooting. You use test pages to make sure the computer can print properly to the printer, not to initiate diagnostic routines. Those would be initiated from the built-in display and menu on the printer or in Windows by right-clicking the printer, selecting Printer properties, and then selecting Print Test Page. Printing a test page does not clear the print queue or reset printer memory. You would have to do that at the printer and/or at the computer controlling the printer.

11. Answers: A and E

Explanation: Of the listed answers, you should recommend cloud storage and a hot or warm site. The cloud storage acts as offsite storage of data, away from the customer’s building. The hot or warm site acts as a secondary office that is ready to go (or close to ready to go) if the main office is compromised. Depending on the company’s budget, it might not be able to afford a hot site, but a warm site can work well if there is an efficient disaster recovery plan in place, and if the cloud-based data is quickly accessible.

Incorrect answers: Data recovery is rather vague. Also, the customer doesn’t want to have to recover data; they want the data to be safe. Backup testing is always important, regardless of where the data will be stored; however, the question isn’t about backing up data; it’s about how data will be stored. Waterproof smartphones might work in a flood or a hurricane, but it’s difficult to waterproof things like PCs, servers, networking equipment, and so on. Local backups will not help in the event of a disaster; the customer needs offsite storage of data.

12. Answer: D

Explanation: Sanitizing the storage drive does not secure a computer workstation. It does, however, prevent anyone from accessing data on the drive; however, it also ensures that the computer workstation won’t be functional anymore. A data sanitization method is the specific way in which a data destruction program or file shredder overwrites the data on a drive or another storage device.

Incorrect answers: Setting strong passwords, changing default usernames, and disabling the guest account are all ways of securing a computer workstation.

13. Answer: A

Explanation: Because there is only one computer, you can implement auditing only locally. This is done with the Local Security Policy. (This policy is not available in all editions of Windows.)

Incorrect answers: The Group Policy Editor and Active Directory Domain Services (AD DS) are used by Windows Servers in a domain environment. Some versions of Windows have the Local Group Policy Editor, where auditing can also be turned on. If you type services.msc at the Run prompt, services.msc will open the Services console window; you can turn services on and off and modify their startup type from this window.

14. Answer: D

Explanation: A device driver provides a connection between the operating system and a device. It is a program that makes the interaction between the two run efficiently. It simplifies programming by using high-level application code. The best device drivers come from the manufacturers of devices. They are the ones who developed the device, so it stands to reason that their code would be the most thoroughly tested and debugged.

Incorrect answers: A device driver does not modify applications, but an updated driver could indirectly affect how an application behaves. Some device drivers use memory better than others; it all depends on how well they are coded. A device driver may or may not improve device performance; that depends on several factors, including whether it is an update and how the update is designed to change how the device functions.

15. Answer: D

Explanation: After a restore point is made, it is stored in the System Volume Information folder. To view this folder, you must log on as an administrator, show hidden files and folders, and assign permissions to the account that wants to view that folder. The System Volume Information folder is located in the root of the volume that the restore point was created for.

Incorrect answers: The Recycler folder is the place where deleted information is stored temporarily (until the Recycle Bin is emptied). The System32 folder houses many of the 64-bit system files for the operating system. The %systemroot% folder is, by default, C:Windows.

16. Answer: C

Explanation: PII stands for personally identifiable information. PII is regulated by many laws, such as the Privacy Act of 1974 and several others, including GDPR and PCI-DSS.

Incorrect answers: DRM stands for digital rights management, which is a way of protecting data from illegal copying and distribution. A EULA, which stands for end-user licensing agreement, is an agreement used for software such as Windows and Office. The DMCA, which stands for Digital Millennium Copyright Act, provides laws dealing with digital information and ownership.

17. Answers: B and C

Explanation: Shoulder surfing and tailgating are both types of social engineering. A shoulder surfer attempts to view information on a person’s desk or display without the person’s knowledge. With tailgating, a person attempts to gain access to a secure area by following closely on the heels of another employee, usually without that person’s knowledge.

Incorrect answers: A rootkit is a program that is designed to gain administrator-level access to a computer. It is a type of malicious software (or malware).

18. Answer: D

Explanation: The Print Spooler controls the queue and the printing of documents.

Incorrect answers: A printer is a physical printing device; Microsoft also refers to the print driver software as the printer. A print server is a device that controls one or more printers; it is usually connected to a network. With print pooling, two or more printers are grouped together so that a user’s document will print faster: If one printer is occupied, the other takes over.

19. Answer: A

Explanation: Magnetically erase the drive; for example, degauss the drive. Degaussing a drive is an excellent way to remove all traces of data—but only if the drive is electromagnetic! Of course, physical destruction (shredding, pulverizing) is better; degaussing might be used on top of physical destruction.

Incorrect answers: Formatting the drive is not enough due to the data residue that is left behind. Running bootrec /fixboot rewrites the boot sector of the drive, but the data remains. Converting the drive from FAT32 to NTFS (with the convert command) keeps the data intact.

20. Answers: A and C

Explanation: If the WAP/router was reset, any security settings that you originally set up are most likely gone. If you backed up the settings previously, you could restore them. Either way, some type of encryption protocol (preferably WPA3/WPA2) is necessary. The passphrase or network key generated by the WAP/router needs to be installed on each client before it can be recognized on the network. This passphrase/key should be kept secret, of course. After all the clients have been associated with the WAP/router, disable SSID broadcasting so that no one else can “see” the router (without more advanced software).

Incorrect answers: MS-CHAPv2 is used with remote connections such as VPNs. Moving the WAP/router probably won’t work if this is a small business. Today’s SOHO routers have powerful radios with a lot of range. Chances are that moving the router to one corner of the office won’t have any effect.

21. Answer: B

Explanation: The tech should escalate the call to another technician. This is exactly why help desks are configured in groups and levels: Level 1, Level 2, Level 3, and possibly beyond. Don’t try to be a superhuman. In technology, there is almost always someone who knows more than you about a specific subject. First, route the call to the next-level tech and then let the customer know that you are doing so.

Incorrect answers: Good help desks are set up in such a way that someone is always available. Every problem can be resolved. Finding the solution is just a matter of knowledge and persistence. (Remember this when you take the real exams.) Don’t try to fix the problem, regardless of the time needed. Your time—and the customer’s time—is very valuable. Escalate so that you, your organization, and the customer can approach and solve the problem efficiently.

22. Answer: D

Explanation: The computer might need a special keystroke, a press of the power button, or just a little more time to come out of Hibernate mode. Remember: Check simple, quick solutions first because they are usually the culprits.

Incorrect answers: Booting into Safe Mode and reinstalling video drivers can be time-consuming, but, if necessary, you can attempt these steps in that order—after checking the power state. Replacing the inverter is not a likely answer with a brand-new laptop; a laptop may not even have an inverter.

23. Answer: A

Explanation: You should roll back the driver to its original state. You will need to boot into Safe Mode to do this. Chances are that the operating system update installed a new video driver—and it is not working properly with the system.

Incorrect answers: The computer was already rebooted, and another reboot will probably not help. However, this can be a good troubleshooting technique, helping you to see what the computer does while booting. Reloading the operating system is usually a last resort to problems because it is time-consuming, and there is a risk of data loss. F2 is a common key to use when entering the BIOS/UEFI. While there are video settings in the BIOS, it is improbable that the issue is being caused by the BIOS.

24. Answer: C

Explanation: The person should have typed sudo first before the apt-get update command. In this scenario, the person is working as a typical user but is trying to run a command that requires administrative privileges. The user account would need to be a member of the sudo group and would have to preface any administrative command with sudo. By the way, apt-get update is a command that can be run on Debian-based systems to attempt to ascertain if any updates are available for the operating system. Other similar Linux update commands include apt update and dnf update.

Incorrect answers: nano is a text editor in Linux. chmod is used to change permissions on files and directories in Linux. grep is a filtering tool.

25. Answer: D

Explanation: The issue is that Megan needs to obtain an IP address through DHCP when on the road. But setting the network adapter to obtain an IP address automatically is not enough. To connect to the internal company network, the Alternate Configuration tab must be configured as a user-configured static IP address. This solution enables Megan to connect to networks while on the road by obtaining IP addresses automatically and allows her to connect to the internal company network with the static IP address.

Incorrect answers: Megan shouldn’t do anything. As a technician, you should fix the problem, so the other options, where Megan is doing her own troubleshooting, are incorrect.

26. Answer: C

Explanation: Hibernate mode saves all the contents of RAM (as hiberfil.sys in the root of C:) and then shuts down the system so that it is using virtually no power. To reactivate the system, you must press the power button. At that point, the entire session is loaded from RAM, and you can continue on with the session.

Incorrect answers: Standby (Sleep in Windows) and Suspend modes turn off the storage drive and display and throttle down the CPU and RAM, but they still use power. Although these power modes use less power than the computer being powered on, altogether they end up using much more power than Hibernate mode does. Shutdown is great for power savings, but the session is lost when the computer is shut down.

27. Answers: A and D

Explanation: NTFS can use NTFS file-level security, whereas FAT32 cannot. NTFS clusters are smaller than FAT32 clusters. NTFS partitions are therefore more efficient (when installed correctly) than FAT32 partitions.

Incorrect answers: NTFS can create larger partitions (or logical drives) than FAT32 in general, so larger logical drives would exist on an NTFS partition, not on a FAT32partition. Also, logical drives are based on the older MBR partitioning scheme and are not necessary on most of today’s computers that use a GPT partitioning scheme.

28. Answer: D

Explanation: A switch (or option) alters the action of a command but not by forcing it to perform unrelated actions.

Incorrect answers: A switch works only at the current time within the operating system you are currently using, so “to work across any operating system” doesn’t make sense in this scenario. Switches are not used in application icons; they are used within commands. For example, dir /p would display directory contents page by page.

29. Answer: A

Explanation: The Event Viewer contains the log files of all the errors that occur on the machine. In this case, you would go to the Application log. Another common log is the System log, which shows errors concerning the OS and drivers.

Incorrect answers: In the Local Security Policy, you can set up auditing and create password policies for the computer. MSConfig enables you to boot the computer in different modes and enable or disable services and applications. sfc /scannow is a command run in the Command Prompt (by an administrator only) that scans the integrity of the protected system files and repairs them, if possible.

30. Answer: A

Explanation: The msconfig command (and MSConfig utility) enables you to modify the startup environment via the General and Boot tabs.

Incorrect answers: ipconfig displays all network adapters’ settings. The Boot Config Editor, BCDEdit, is used to modify the Boot Configuration Data (BCD) store. You might need to modify the BCD if you are trying to dual-boot a computer. The Registry Editor allows you to make changes to Windows by accessing various hives of information and individual entries. Although the BCDEdit and Registry Editor utilities might be able to modify some startup features, they are not “commands” and are used for more advanced and less frequently used modifications than msconfig.

31. Answer: C

Explanation: The Application log in the Event Viewer displays errors concerning Windows applications as well as third-party applications.

Incorrect answers: The Security log shows auditing events. The System log shows events concerning system files, drivers, and operating system functionality. Setuperr.log is a log file that is created during the installation of Windows. If it is created, it is stored in %windir%Panther and is not within the Event Viewer.

32. Answer: A

Explanation: Disabling the SSID broadcast is a security precaution, but it only keeps out the average user. Any attacker with two bits of knowledge can scan for other things the wireless access point broadcasts.

Incorrect answers: Using WEP is more secure than not using any encryption; it’s better to have WEP than to have an open network with the SSID disabled. RADIUS is an external method of authenticating users; it often requires a Windows Server machine. The latest version of WPA is very secure; if you can enable one security option, make it WPA3—or WPA2, if WPA3 is not available.

33. Answers: A and C

Explanation: Use the latest version of WPA encryption on the router (and clients) to deny wardrivers and other stragglers access to the customer’s network and, ultimately, any shared folders on the network. Increase the level of NTFS security by changing the permissions in the Security tab of the shared folder.

Incorrect answers: EFS isn’t necessary if you set up encryption on the wireless access point, but if you are dealing in confidential information, you should consider using EFS as well. Here’s the deal: Share-level permissions are rarely modified. NTFS permissions are more configurable, so that is where the bulk of your time configuring permissions will go.

34. Answer: D

Explanation: Always explain specifically and exactly what you must do and what the ramifications are. Verify that the customer agrees to the proposed work (in writing).

Incorrect answers: Try to avoid being vague (“I need to rebuild the computer”) and, conversely, avoid technical acronyms and jargon. Always make sure the customer is fully aware of the situation.

35. Answer: B

Explanation: Single-factor authentication is being used here. In this case, the only factor of authentication is something the users know—usernames and passwords.

Incorrect answers: MFA, which stands for multifactor authentication, combines two or more types of authentication methods—for example, a password and a fingerprint. MFA is recommended over single-factor authentication. TACACS+ and RADIUS are authentication protocols, not authentication methods, and are often involved with single sign-on (SSO), federated identity management (FIM), and MFA authentication schemes. Regardless, the scenario says that the users are logging in to a payroll system, which is a separate entity from any authentication servers.

36. Answer: B

Explanation: copy is used to make a duplicate of a file in another location.

Incorrect answers: move enables you to shift a file to another location. dir gives you the contents of a specific folder. copy, move, and dir are Windows commands. ls lists the directory contents on a Linux-based system (as does dir in many Linux distributions).

37. Answer: C

Explanation: The Task Manager enables a user to see the amount of memory and the percentage of processing power a particular process uses in real time. This can be done on the Processes tab.

Incorrect answers: System Information gives you information about the hardware and software of the computer, but it is static (text only) and doesn’t change in real time. The Registry stores all of the settings of Windows and is modified with the Registry Editor. Performance Monitor can graph the performance of the different components in the computer and, if configured properly, can do the same thing as the Task Manager in this scenario—but not as easily.

38. Answer: A

Explanation: By moving the paging file (or swap file, aka virtual memory) to the D: drive, you are freeing up C: to deal with those drive-intensive programs.

Incorrect answers: Reinstalling Windows is a huge process that you should avoid at all costs, especially when unnecessary, as it would be in this example. Defragging the C: drive would help if that is where the OS and applications are, but defragging the D: drive will not speed up the applications. Decreasing the pagefile size never helps. However, increasing the size of this file, moving it, and adding RAM are all ways to make applications run faster.

39. Answer: C

Explanation: Use an antistatic wrist strap when working inside a computer to protect against electrostatic discharge (ESD). Other ways to prevent ESD include using an antistatic mat, touching the chassis of the case (self-grounding), and using antistatic bags.

Incorrect answers: A multimeter is used to run various electrical tests. A crimper is used to connect plugs and other connectors to the ends of a cable—for example, crimping RJ45 plugs on to the ends of a twisted-pair cable. A PSU tester is used to test the voltage of a power supply unit and other electrical connections inside a computer.

40. Answer: C

Explanation: If something is immediately hazardous to you, you must leave the area right away.

Incorrect answers: After leaving the area of a hazard, you can call 911, the building supervisor/facilities department, or your manager, depending on the severity of the situation. Computers and all other technology are less important than human life. Remember that. Plus, if backup systems have been implemented properly, you have nothing to lose if a computer is damaged. If the situation is not an emergency, be sure to reference the material safety data sheet (MSDS) for the substance you encounter.

41. Answer: B

Explanation: You need to explain to the customer that there is a safer way. Cable management is very important when it comes to the safety of employees. Trip hazards such as incorrectly routed network cables can have devastating effects on a person.

Incorrect answers: Don’t ignore the problem. It is not your place to notify the building supervisor or administrator because this is not your company. However, you might opt to tell your manager about the event. A wise consulting company wants to protect its employees and wants to know of potential hazards at customer locations.

42. Answer: C

Explanation: Every municipality has its own way of recycling batteries. They might be collected by the town or county yearly, or perhaps there are other recycling programs that are sponsored by recycling companies. Call the municipality to find out exactly what to do.

Incorrect answers: You should definitely recycle batteries and not throw them in the trash. Manufacturers probably won’t be interested in batteries that don’t charge any longer. It is more likely that you will recycle them. Be safe: Never open a battery!

43. Answer: C

Explanation: Asking a customer if employees always cause issues is just plain rude; this type of communication should be avoided.

Incorrect answers: The other three statements are positive and helpful—or at least consoling. Avoid being judgmental of a customer.

44. Answer: C

Explanation: Ask if the server problem is related to the PC problem. Try to understand the customer before making any judgments about the problem. Make sure it isn’t a bigger problem than you realize before making repairs that could be futile. If you find out that it is a separate problem, ask the customer which issue should be resolved first.

Incorrect answers: You never know if problems are interrelated, so always listen to the customer and be patient before starting any work. If necessary—and if it is a separate problem—you can escalate the server issue to another technician, but you should state that you will do so. Statements about what you know and don’t know are rarely necessary. You might have to ultimately call your supervisor about the server issue. But as an A+ technician, you might have the server knowledge required. It depends on the problem. Find out the entire scope of the issues at hand and whether or not the problems are related before beginning any work.

45. Answer: B

Explanation: Chain of custody is a chronological paper trail of evidence that may or may not be used in court.

Incorrect answers: First response describes the steps a person takes when first responding to a computer with prohibited content or illegal activity: It includes identifying what exactly is happening, reporting through proper channels, and preserving data and devices. Setting and meeting expectations deal with customer service; this is something you should do before you start a job for a customer. Data (and device) preservation is a part of first response; a person who first arrives at the scene of a computer incident will be in charge of preserving data and devices in their current state.

46. Answer: B

Explanation: Don’t attempt to move heavy objects by yourself. Ask someone to help you.

Incorrect answers: Removing jewelry, disconnecting power, and bending at the knees and lifting with the legs are all good safety measures.

47. Answer: C

Explanation: One example of active communication is clarifying a customer’s statements. For instance, if you are unsure exactly what the customer wants, clarify the information or repeat it back to the customer to ensure that everyone is on the same page.

Incorrect answers: Never declare that the customer doesn’t know what he is doing. Doing so is a surefire way to lose the customer and possibly your job. It should go without saying: Mouthing off could be the worst thing you could do. Save that for the drive home on the freeway. (I’m just kidding!) Be professional at all times when working with customers—and perhaps while driving as well.

48. Answer: B

Explanation: The best answer is to have the vendor use Secure Shell (SSH). This allows for a command line–based connection to the server. For example, ssh [email protected] would connect the username vendor to the server with the IP address 10.0.2.143. There’s more to it, but I think you get the idea. SSH provides for encrypted communications between a client and a server; it is an industry standard. However, it is command line only (by default). Get to know SSH—for the exam and for the IT field.

Incorrect answers: File Transfer Protocol (FTP) allows a person to upload and download files to and from an FTP server. It does not allow for maintenance of specific software packages that are installed on the server. Also, it is not very secure. Better alternatives include SFTP (which uses SSH) and FTPS. Remote Desktop Protocol (RDP) is a GUI-based tool used to remotely control Windows systems. It is not command line based. Key point: RDP uses port 3389 (by default), which has been restricted by the organization’s security policy. Secure Copy (SCP) is another utility that uses SSH for communications. However, it is only used to copy files to remote hosts; it is not used for maintenance.

49. Answer: A

Explanation: The first step in the malware removal best practices procedure is to identify malware symptoms.

Incorrect answers: The other steps in the malware removal best practices procedure are (2) quarantine infected systems; (3) disable System Restore; (4) remediate infected systems; (5) schedule scans and run updates; (6) enable System Restore; and (7) educate the end user.

50. Answers: B and D

Explanation: The best listed answers are dism and chkdsk. For a computer that is running slowly, try using the chkdsk (check disk) and sfc (System File Checker) commands. Then, if those run into problems, try using the dism (Deployment Image Servicing and Management) command. chkdsk and sfc can repair problems with the drive and with system files. dism can repair problems with the system image (from which sfc will draw information).

Incorrect answers: format is used to ready a partition for files. ipconfig is used to view network IP configuration data on a Windows system. dir lists the files and folders within a current folder (directory). diskpart is used to make modifications to the partitions on a storage drive; it is the command-line equivalent of Disk Management. Know the command line!

51. Answer: A

Explanation: You should first ask if anything has changed since the optical drive worked properly.

Incorrect answers: Don’t blame the user by asking what “you” modified; it implies that you think the user caused the issue. Always ask if anything has changed before asking any other questions. Try not to accuse a user of accessing inappropriate websites because doing so could be considered inflammatory and harassment. Think like a robot with the single purpose of fixing the problem but act like a professional and courteous human being. Also, optical drives are necessary in some environments. Think before you speak; chances are there is a good reason a person in a scientific lab is using an older—but viable—technology.

52. Answers: B and D

Explanation: Your coworker might need an adapter; otherwise, the plug may not fit in some countries’ outlets. Some power supplies have selectors for the United States and Europe (115 and 230 volts). If the wrong voltage is selected, the power supply will not work, and the computer will not boot; setting the voltage incorrectly can also be a safety concern. Newer power supplies might auto-sense the voltage. If a power supply doesn’t have one of those red switches, check the documentation to see if it can switch the voltage automatically.

Incorrect answers: A computer most certainly can be used in other countries, as long as it is configured properly and you have the right adapter. Line conditioners simply clean the power for a specific voltage. If your circuit has dirty power (for example, if it is fluctuating between 113 and 130 volts), a line conditioner will keep it steady at 120 volts.

53. Answer: C

Explanation: Teach the user how to avoid this problem by recommending safe computing practices (even if you have taught the customer before). The customer will then be more likely to come back to you with other computer problems. ’Nuff said.

Incorrect answers: Avoid saying “can’t”; it’s a negative expression that belittles your own ability, which is most likely greater than that. Embrace the teaching method. Over time, it means that you will encounter the same problem less often, and the customer will ultimately thank you for your input. Changing user permissions might help if the person is an administrator. Better yet, you could urge the customer to use a standard user account by default.

54. Answer: D

Explanation: Make sure that the customer has a path toward a solution before dismissing the issue. This might end up being another technician or the entire team.

Incorrect answers: Do not try to fix the problem if the scope of work is outside your knowledge. Some PC technicians might not work on domain controllers because they are advanced Microsoft servers that are used in client/server networks. If possible, watch the technician who is ultimately assigned to the job while he or she is performing the work. However, you don’t want to tell the customer to report the problem elsewhere; you should take the lead and find the appropriate channels and see the problem through, even if you aren’t in charge of the technical fix. Never assure a customer that a problem will be fixed very soon. If you encounter more problems (and you most likely will if you do not know the technology), then your false promises will inevitably lead to a loss of customer respect—for you and for your organization.

55. Answers: B, C, and D

Explanation: You should wear an antistatic strap and either disconnect the power cord or press the “kill switch” on the back of the power supply unit (PSU). The power cord carries 120 volts at 15 amps—and such voltage and amperage entail obvious danger. The best way to work on a PC is to disconnect the power cord from the PSU. However, if the PC’s PSU is equipped with an on/off switch (aka “kill switch”), you could turn that off instead. The recommended method is to do both! If for some reason a person failed to do either of these, the antistatic strap would still prevent electrical shock because a proper strap has an embedded 1 megaohm resistor that can absorb some of the electricity. It’s important to use such a strap in any event because you never know what other electrical sources you might come into contact with and you want to protect the computers you’re working on from ESD. You should also unplug everything else from a PC you are working on, especially network lines and older modem lines.

Incorrect answers: Metallic jewelry shouldn’t cause electrical shock, but it’s a good idea to remove jewelry anyway so it doesn’t get snagged on a computer component. Proper cable management is always a good idea—inside and outside a computer. It’s not going to prevent electrical shock, but cable management can improve airflow inside the computer and increase safety outside the computer. Keeping components inside an antistatic bag is a good idea—but only to protect the components. Remember to place an antistatic bag on an antistatic mat so that the components’ (and the bag’s) electrical potential is equalized, thus reducing the chance of ESD damage.

56. Answers: A and D

Explanation: You should attempt to identify the problem and call (or otherwise contact) Microsoft tech support. The message tells you that the DHCP partner is down. This means that there are two DHCP servers, one acting as a failover. As part of your identification of the problem, you should access the TechNet—for example, https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn338985(v=ws.11). You will find out more about the problem and possibly learn that it isn’t as bad as it might seem, and your manager might be overreacting slightly. (These things happen.) In reality, this message means that the partner DHCP server is down, but the one you are working at locally is still functional and is responding to all DHCP requests. You should indeed fix the problem, of course, but now you can call Microsoft tech support in a methodical and calm way, armed with information about what you think the problem is. When a company purchases a Windows Server operating system, it comes with tech support, either from Microsoft or from the company that built the server. Because your knowledge of Windows Server is limited, contacting tech support is a great way to not only fix the problem but also learn a thing or two from the people who work with the system all the time.

Incorrect answers: Escalating the problem is impossible because no other technicians are available to help you. The other answers refer to the CompTIA troubleshooting process, none of which you should attempt until you have called tech support. Now, if your knowledge of Windows Server is sufficient, you can attempt to solve the problem yourself. Though this might seem like a complex question, it really isn’t. Trust in your knowledge of the fundamentals!

57. Answer: A

Explanation: The classification of data helps prevent confidential information from being publicly disclosed. Some organizations have a classification scheme for their data, such as normal, secret, and top secret. Policies are implemented to make top secret data the most secure on the network. By classifying data, you are determining who has access to it. This is generally done on a need-to-know basis.

Incorrect answers: Social engineering is the art of manipulating people into giving classified information. To protect a web-based connection (and data that passes through it), an organization would use HTTPS (and an encrypted certificate), not HTTP. Wiping a storage drive is a vague response. How is it being wiped? If it is being formatted, that is not enough to protect confidential information. You need to perform bit-level erasure with third-party software, degauss the drive, or destroy it to make sure that no one can access the data. Data is always stored somewhere on a server or NAS device, so properly disposing of a single drive doesn’t protect any and all confidential information from being publicly disclosed.

58. Answer: C

Explanation: The best answer is to mount the drive using a forensic platform. There are several forensic imaging programs that can make an image of the drive, copy the drive, mount the drive, and so on. Using such a program is the best method.

Incorrect answers: You could also boot the drive in another computer that is simply a test computer (in an isolated environment), but that wouldn’t give you the tools that a forensic platform has to offer—and if the boot sector is affected, you might want those tools. Also, you risk infecting the other system. WinRE and Safe Mode are tools used to troubleshoot Windows. Safe Mode can be used to attempt to scan a boot sector, but it isn’t the best option. A forensic platform can scan the drive safely without the computer being booted at all. This way, there is less chance of the malware spreading any further.

59. Answer: A

Explanation: A web browser such as Edge, Firefox, or Chrome (or any other web browser) is normally used to configure a router.

Incorrect answers: In Device Manager, you enable and disable devices and install, update, and roll back drivers for devices. MSConfig is used to modify how a computer boots and to enable/disable programs and services. File Explorer is used to manipulate files in Windows.

60. Answer: D

Explanation: With a clean installation, the OS is installed to a blank partition. It could be a new storage drive or a drive or an individual partition that was wiped clean of data. Generally, a clean installation is attended to by the technician, who interacts step-by-step with the OS as it is installing. Newer hardware might not be seen correctly by some operating systems, so be ready to supply third-party drivers for hardware (such as storage drives, video, or RAID).

For example, if a system had a Serial Attached SCSI (SAS) drive or a RAID controller, you might need to supply the driver for that during the installation of Windows. It all depends on what Windows can recognize. But again, this is optional. If you have a typical SATA drive, Windows should most definitely recognize it automatically.

Incorrect answers: Enterprise edition is not necessary here. Windows Pro has essentially the same driver set and will either pick up on the new hardware or not. You are not performing image deployment here, nor are you installing from a recovery partition. The scenario states a “local clean installation,” which means that a technician is sitting at the system doing the installation step-by-step. Once Windows knows which drive to install to, partitioning, formatting, and configuration of settings can commence—in that order. Additional partitions are not something a technician would “supply” so to speak. They are configured by the technician in whatever manner is necessary. It could be that the entire drive (C: drive, recovery partition, and EFI partition) will be automatically configured by Windows. Or perhaps a technician might opt to have additional partitions, but they are not absolutely necessary.

61. Answer: A

Explanation: Although Windows has the Reconnect at Sign-in checkbox selected by default, it could have been disabled.

Incorrect answers: You don’t need to select the drive letter each time a connection is made; once you set up the mapped network drive, it uses that drive letter automatically each time. You should check the connection to the folder when mapping the drive, but based on the scenario, this worked fine when the drive was mapped; it was the reboot that caused the issue. If you choose to use the net use command, be sure to make persistent connections by adding /persistent:yes to the command syntax.

62. Answer: C

Explanation: MAC filtering is used to restrict computers from connecting to a network; it is based on the physical Media Access Control (MAC) address of the computer’s network adapter. It works with wired or wireless connections.

Incorrect answers: WPA is used to encrypt the wireless session between a computer and a wireless access point (WAP); its key code is required to gain access to the network. DHCP settings simply allow a specific range of IP addresses and other IP data—such as gateway address and DNS server address—to be handed out to clients. The SSID broadcast is the name of the wireless network as broadcast out over radio waves by the WAP.

63. Answer: B

Explanation: The Print Spooler needs to be restarted on the computer that started the print job or the computer that controls the printer. This can be done in the Services console window or in the Command Prompt with the net stop spooler and net start spooler commands—or it can be done anywhere else that services can be started and stopped, such as in the Task Manager.

Incorrect answers: Print drivers are not services; they are not started, stopped, or restarted. Instead, they are either installed, uninstalled, updated, or rolled back. The network adapter and the printer are devices, not services.

64. Answer: C

Explanation: Adding the port number and name of service to the Windows Defender Firewall exceptions list is the correct answer. But I’m going to pontificate more, as I usually do.

Incorrect answers: Samba is a tool used to connect Linux systems to Microsoft domains. Because the question only mentions Windows (and a “server”), it is unlikely that this is the problem. Uninstalling and reinstalling security updates does not help this particular situation. By default, any of today’s Windows OS versions enable Windows Defender Firewall automatically and don’t allow inbound connections from the server to the network application. Therefore, you need to make an “exception.” In Windows, use Windows Defender Firewall with Advanced Security, either from Administrative Tools or by typing wf.msc at the Run prompt. If you decide to add a port, you need to know the port number of the application. For example, VNC applications might use port 5900 or port 5901 for incoming connections.

65. Answer: C

Explanation: The simple answer is that the wireless access point (WAP) is down, but the rest of the wireless access points are functioning normally. The WAP is most likely down because of a power outage in a portion of the warehouse. Perhaps a circuit tripped, or there was some “planned” maintenance that you weren’t aware of.

Incorrect answers: It is unlikely that SSID broadcasting would be turned off; that would make it difficult for users to access the WAP. It is also unlikely that a Fortune 500 company would have an unclean warehouse. I mean, all warehouses get somewhat dirty, but in an enterprise company, they are cleaned often. Also, it is likely that the WAP is mounted to the ceiling or high on a wall, where it is unlikely to get dirty. The smallest class C DHCP scope can allow as many as 253 wireless connections (not including the WAP/router itself). It is unlikely that warehouse wireless connectivity would surpass this. If the entire wireless system locked out all wireless users, you would be receiving much more than several complaints about wireless connectivity issues.

66. Answer: C

Explanation: The Guest account is the most likely answer here. This account has the fewest privileges of all Windows accounts. It cannot install printers or printer drivers. Standard users can also have issues with printers, depending on the version of Windows and the policies involved. But the Guest account has absolutely no administrative powers whatsoever.

Incorrect answers: Power Users don’t really have power anymore. They are included for backward compatibility with older versions of applications and how they interact with Windows. The Administrator account is the most powerful account on a local Windows system and has complete control over everything, unless there is a domain involved. Then you would want a Domain Administrator account.

67. Answers: B and D

Explanation: The share-level permissions must first be set to enable access to the user. Then the NTFS file-level “user” permissions must also be set; the more restrictive of the two will take precedence. (Usually this is configured by making NTFS more restrictive.)

Incorrect answers: Certificates are normally used in Internet or VPN sessions. Local user access is a somewhat vague answer but doesn’t apply here; when a user connects to a shared resource, that person does so over the network to a remote computer.

68. Answers: C and D

Explanation: Pictures and email are possibly valuable—and definitely irreplaceable if there is no backup.

Incorrect answers: The rest of the answers mention things that can be restored or reinstalled from the operating system image or disc.

69. Answer: B

Explanation: Of all the answers, the only one that deals with the local level is Local Security Policy.

Incorrect answers: Organizational Unit (OU) Group Policy, Active Directory Policy, and Site Policy all require at least one domain controller on the network. You should know some domain-based policy terminology to compare the options in these policies to security options on the local computer. You can access the Local Security Policy from Administrative Tools or by typing secpol.msc at the Run prompt.

70. Answer: B

Explanation: In many cases, passwords cannot be reset by the user or by the systems administrator. If that is the case here, you need to verify the identity of the person first. You might need to do so just as a matter of organizational policy.

Incorrect answers: Telling the person not to do that or to simply remember the password is just rude. If the password can be reset and you are allowed to reset it, you should do so immediately.

71. Answer: C

Explanation: GPS can help to locate a stolen or lost mobile device. Plenty of third-party programs allow a user to track a device, as long as it is on and has GPS installed and functioning. If the device is off, the program will display the last known good location.

Incorrect answers: Passcodes are used to secure a device in the event that it is stolen or lost. Auto-erase is used to wipe the contents of a device that is lost or stolen. Encryption protects the data in the event that the user no longer has possession of it.

72. Answer: B

Explanation: To aid in preventing access to a wireless network, disable the SSID. But only do this when all computers have been connected. If more computers need to be connected later, they will have to connect manually, or the SSID will have to be reenabled.

Incorrect answers: Although disabling the SSID is an okay security method, it won’t keep smart attackers out of your network. MAC filtering and WPA encryption (the latest version) do a much better job at that than disabling the SSID.

73. Answer: E

Explanation: The best answer is to verify the web browser’s proxy configuration. Chances are that the network is making use of a proxy server in conjunction with the VPN. Most likely, an incorrect proxy server name or IP address was entered into the settings. If another web browser (with no proxy configuration) is able to connect to websites, then you are most likely looking at a configuration issue in the original web browser.

Incorrect answers: Flushing the DNS cache can help when DNS is not resolving properly, but it does work with the other web browser. You can flush the DNS cache in Windows with the ipconfig /flushdns command. There are a variety of ways to do this in Linux, including using the systemd-resolve -flush-caches command. It is unlikely that malware has affected the system. If, however, the user was redirected to other websites than intended, you should scan for malware. Disconnecting and reconnecting from and to the VPN is similar to rebooting a computer: It rarely works. An enterprise-level sandbox is a place where a developer can work on code in an isolated manner. Using the alternate browser is a temporary workaround, but it’s not a good one because it defeats the security reasons for using a VPN and proxy server.

74. Answer: D

Explanation: Character Map enables you to copy characters from any font type. To open it, search for “Character Map” or go to Run and type charmap.

Incorrect answers: The Language Bar automatically appears when you use handwriting recognition or speech recognition. It can be configured within Region and Languages. Sticky Keys is a feature that helps users with physical disabilities; it can be turned on by rapidly pressing the Shift key five times and agreeing Yes. You can work with fonts by going to Settings > Personalization > Fonts or by accessing Control Panel > Fonts. From here you can add or remove text fonts.

75. Answer: B

Explanation: Jailbreaking is the process of removing the limitations of an Apple device’s iOS. It enables a user to gain root access to the system and download previously unavailable applications, most likely unauthorized by Apple.

Incorrect answers: Rooting is similar to jailbreaking, but the term rooting is typically used with Android-based devices. It gives administrative capabilities to users of Android-based devices. Both jailbreaking and rooting are not recommended and may void device warranties. VirusBarrier was the first AV software designed for iOS; it was developed in response to a particularly nasty jailbreak. Super-admin powers is just a colorful term for what you get when you root or jailbreak a mobile device.

76. Answer: D

Explanation: Files such as ntuser.dat are protected system files and hidden by default. To view the file, you would have to go to Folder Options (either from File Explorer, Control Panel, or Settings) and unhide it and also allow the viewing of protected system files. A typical ntuser.dat file can be between 5 and 20 MB. If you see one that is much larger than that, then it could be corrupt and cause the system to perform poorly and erratically.

Incorrect answers: Sync Center is located within the Control Panel or can be found by using the search tool. It allows you to set up synchronization partnerships with external devices and enables you to manage offline files. Display Settings is where you go to modify things such as a monitor’s resolution or color settings. User Accounts is where you would go to add or remove users. Be sure to know your Control Panel icons and Settings categories—for the exam and for the real world!

77. Answer: A

Explanation: Unicode is the code used to represent characters among multiple computers’ language platforms. It is commonly used in Microsoft Word and other Office programs. For example, to show the logical equivalence symbol (≡), you would type U+2261, highlight that text, and then press the Alt+X shortcut on the keyboard, which changes the text into the symbol (≡).Unicode works regardless of the language a person is working in.

Incorrect answers: ASCII and EBCDIC are different types of character encoding sets that work in the English language only. ITU-T deals with standards for telecommunications. .ps1 is the main file extension used for PowerShell scripts.

78. Answer: B

Explanation: New malicious software (malware) is always being created. Because of this, the best place to find information about spyware, a virus, rootkit, ransomware, or other malware is at a place that can be updated often and easily: the anti-malware company’s website.

Incorrect answers: Operating system documentation usually does not include this kind of information. In addition, the OS documents and the anti-spyware readme.txt file will be outdated soon after they are written. Never trust what a user has to say about malware. The user is not the person who would remove it; a technician would.

79. Answers: A and D

Explanation: The Windows PCs have probably been infected by a virus/worm and have been compromised and turned into zombies (bots). Trojans could also be involved in this scenario. The Windows PCs are probably part of a botnet that includes other computers as well. The botnet is orchestrated by a single computer that initiates the DDoS (distributed denial-of-service) attack. The infections that you as the technician will have to remove include the worm and the zombie program (or script). You might also be informed that the systems need to be isolated, wiped, and reimaged before they can be used again.

Incorrect answers: Spyware is software installed on a computer to track the user/computer. Ransomware is malware that is used to encrypt the files on a user’s computer. You as a PC technician won’t be able to do much about the entire botnet.

80. Answer: D

Explanation: Use the Registry Editor (regedit.exe) to try troubleshooting the problem if typical GUI-based and command-line methods have provided no resolution. The Registry Editor allows you to do any configuration necessary in Windows, and using it may be necessary for more complex troubleshooting problems. At this point, you are testing the theory to determine cause because you have already identified the problem and established a theory of probable cause. Remember your CompTIA A+ troubleshooting methodology from the 220-1101 objectives, which has the following steps:

1. Identify the problem.

2. Establish a theory of probable cause (question the obvious).

3. Test the theory to determine the cause.

4. Establish a plan of action to resolve the problem and implement the solution.

5. Verify full system functionality and, if applicable, implement preventive measures.

6. Document the findings, actions, and outcomes.

Incorrect answers: regsvr32 is used to register/unregister ActiveX controls and DLLs in the registry. gpupdate enables policy changes to take effect without the need for a logoff or restart. USMT is used to migrate user accounts. Boot Camp is a tool used in macOS to dual-boot Mac computers to Windows. It is the only answer listed that is not a Windows-based command.