- What is the primary purpose of an accelerometer in mobile devices?
- To measure atmospheric pressure
- To detect the device's orientation
- To enhance sound quality
- To increase screen brightness automatically
Correct answer: To detect the device's orientation
Correct answer: To detect the device's orientation. Explanation: An accelerometer in mobile devices is used to detect the orientation of the device. It can determine whether the device is being held horizontally or vertically and adjusts the display accordingly.
- In mobile device security, what does a 'sandbox' environment refer to?
- A storage space for deleted files
- An isolated area where apps run separately from the main operating system
- A tool for enhancing Wi-Fi connectivity
- A feature for tracking device location
Correct answer: An isolated area where apps run separately from the main operating system
Correct answer: An isolated area where apps run separately from the main operating system. Explanation: A sandbox in mobile device security is an isolated environment where apps run in a restricted space, separate from the main operating system. This isolation prevents apps from accessing or affecting other parts of the device, enhancing security.
- Which technology is primarily used for short-range wireless communication between mobile devices and peripheral accessories?
Correct answer: Bluetooth
Correct answer: Bluetooth. Explanation: Bluetooth technology is primarily used for short-range wireless communication between mobile devices and peripheral accessories, like wireless headsets, speakers, and smartwatches.
- What is the primary function of an IMEI number in mobile devices?
- To track the device's location
- To identify the device on a cellular network
- To secure the device with a password
- To enhance the device's processing power
Correct answer: To identify the device on a cellular network
Correct answer: To identify the device on a cellular network. Explanation: The International Mobile Equipment Identity (IMEI) number is a unique identifier for a mobile device on a cellular network. It is used primarily for identification and tracking purposes, particularly in the context of stolen or lost devices.
- Which of the following best describes the term 'tethering' in the context of mobile devices?
- Connecting a mobile device to a computer to share internet access
- Locking the device with a security code
- Synchronizing data between a mobile device and a cloud service
- Upgrading the device's operating system
Correct answer: Connecting a mobile device to a computer to share internet access
Correct answer: Connecting a mobile device to a computer to share internet access. Explanation: Tethering refers to the process of connecting a mobile device to a computer or another device to share the mobile device's internet connection. This can be done via Wi-Fi, Bluetooth, or a physical USB connection.
- What is the primary purpose of a VPN on a mobile device?
- To increase the processing speed
- To enhance audio quality during calls
- To provide secure, encrypted internet connectivity
- To improve GPS accuracy
Correct answer: To provide secure, encrypted internet connectivity
Correct answer: To provide secure, encrypted internet connectivity. Explanation: A Virtual Private Network (VPN) on a mobile device is used to provide secure and encrypted internet connectivity. It protects data transmission, especially over public networks, ensuring privacy and security.
- In mobile devices, what does the term 'jailbreaking' refer to?
- Removing manufacturer or carrier restrictions from the device
- Installing additional memory in the device
- Reporting a stolen device to the authorities
- Enhancing the device's battery life
Correct answer: Removing manufacturer or carrier restrictions from the device
Correct answer: Removing manufacturer or carrier restrictions from the device. Explanation: Jailbreaking a mobile device refers to the process of removing manufacturer or carrier-imposed restrictions. This allows the user to customize the device beyond what is normally permitted, including installing unauthorized apps.
- Which mobile device component is responsible for converting digital data into analog sound signals?
- GPU
- DAC (Digital-to-Analog Converter)
- NFC module
- Accelerometer
Correct answer: DAC (Digital-to-Analog Converter)
Correct answer: DAC (Digital-to-Analog Converter). Explanation: The DAC (Digital-to-Analog Converter) in mobile devices is responsible for converting digital data into analog sound signals. It is a critical component for audio playback on smartphones and tablets.
- What is the main function of Gorilla Glass in mobile devices?
- To enhance touch sensitivity
- To protect the screen from scratches and breakage
- To improve display resolution
- To reduce battery consumption
Correct answer: To protect the screen from scratches and breakage
Correct answer: To protect the screen from scratches and breakage. Explanation: Gorilla Glass is a brand of chemically strengthened glass that is designed to be thin, light, and damage-resistant. Its primary function in mobile devices is to protect the screen from scratches and breakage.
- Which of the following components is essential for enabling facial recognition technology in mobile devices?
- Barometer
- Infrared camera
- Accelerometer
- AMOLED display
Correct answer: Infrared camera
Correct answer: Infrared camera. Explanation: An infrared camera is essential for enabling facial recognition technology in mobile devices. It helps in accurately capturing facial features by using infrared light, which works effectively in various lighting conditions.
- Which feature in mobile devices adjusts the screen's brightness based on ambient light conditions?
- Adaptive Brightness
- Night Mode
- Blue Light Filter
- Power Saving Mode
Correct answer: Adaptive Brightness
Correct answer: Adaptive Brightness. Explanation: Adaptive Brightness in mobile devices uses a light sensor to adjust the screen's brightness according to the surrounding light conditions. This feature helps in optimizing the display for better readability and power efficiency.
- In the context of mobile devices, what is the primary function of an OLED display?
- To increase battery life
- To provide a flexible screen
- To deliver higher contrast and deeper blacks
- To protect the screen from physical damage
Correct answer: To deliver higher contrast and deeper blacks
Correct answer: To deliver higher contrast and deeper blacks. Explanation: OLED (Organic Light Emitting Diodes) displays in mobile devices are known for delivering higher contrast ratios and deeper blacks compared to traditional LCDs. This is because OLED pixels emit their own light, which can be completely turned off to achieve true black.
- What does the term 'rooting' refer to in Android mobile devices?
- Installing a custom operating system
- Gaining administrative privileges
- Backing up the device data
- Encrypting the device storage
Correct answer: Gaining administrative privileges
Correct answer: Gaining administrative privileges. Explanation: Rooting in Android mobile devices refers to the process of gaining administrative or superuser privileges. This allows users to override system-level limitations and customize the device more extensively.
- Which component is crucial for a mobile device's GPS functionality?
- NFC chip
- Gyroscope
- GPS receiver
- DAC
Correct answer: GPS receiver
Correct answer: GPS receiver. Explanation: A GPS receiver in mobile devices is crucial for GPS (Global Positioning System) functionality. It receives signals from GPS satellites to determine the device's precise location.
- What is the main purpose of a mobile device's gyroscope sensor?
- To measure the device's acceleration
- To detect changes in orientation and rotation
- To adjust the screen brightness
- To enhance sound quality
Correct answer: To detect changes in orientation and rotation
Correct answer: To detect changes in orientation and rotation. Explanation: A gyroscope sensor in mobile devices is used to detect changes in orientation and rotation. This helps in various functions, such as gaming, navigation, and image stabilization in cameras.
- In mobile devices, what technology is primarily used for contactless payment systems?
- Bluetooth
- Wi-Fi
- NFC (Near Field Communication)
- LTE
Correct answer: NFC (Near Field Communication)
Correct answer: NFC (Near Field Communication). Explanation: NFC (Near Field Communication) technology in mobile devices is primarily used for contactless payment systems. It allows for secure, short-range communication between the mobile device and payment terminals.
- Which technology in mobile devices enables wireless charging?
- Inductive charging
- Solar charging
- Kinetic charging
- Turbo charging
Correct answer: Inductive charging
Correct answer: Inductive charging. Explanation: Inductive charging is the technology used in mobile devices for wireless charging. It uses electromagnetic fields to transfer energy between the device and a charging pad or stand.
- What is the primary function of a mobile device's proximity sensor?
- To detect the presence of nearby objects without physical contact
- To measure environmental temperature
- To monitor the user's heart rate
- To enhance GPS accuracy
Correct answer: To detect the presence of nearby objects without physical contact
Correct answer: To detect the presence of nearby objects without physical contact. Explanation: The proximity sensor in mobile devices detects the presence of nearby objects without any physical contact. It is commonly used to turn off the screen during phone calls when the device is held close to the ear, preventing accidental touches.
- In mobile devices, what is the purpose of a pico projector?
- To enhance the device's audio output
- To project the device's display onto a larger screen
- To improve cellular signal strength
- To scan QR codes and barcodes
Correct answer: To project the device's display onto a larger screen
Correct answer: To project the device's display onto a larger screen. Explanation: A pico projector in mobile devices is used to project the device's display onto a larger screen or surface. This feature allows for sharing visual content with a larger audience, enhancing the versatility of the device.
- What does the term 'hotspot' refer to in the context of mobile devices?
- A feature that allows the device to act as a Wi-Fi access point
- An area on the screen with increased touch sensitivity
- A component that overheats frequently
- A region with strong cellular reception
Correct answer: A feature that allows the device to act as a Wi-Fi access point
Correct answer: A feature that allows the device to act as a Wi-Fi access point. Explanation: The hotspot feature in mobile devices allows them to act as a Wi-Fi access point, sharing the device's cellular data connection with other devices such as laptops or tablets.
- Which feature in mobile devices automatically rotates the screen content based on the device's orientation?
- Auto-rotate
- Ambient Display
- Adaptive Brightness
- Motion Sense
Correct answer: Auto-rotate
Correct answer: Auto-rotate. Explanation: The Auto-rotate feature in mobile devices automatically rotates the screen content to match the orientation of the device (portrait or landscape). It relies on the device's accelerometer and gyroscope sensors to determine the current orientation.
- In an IPv6 address, what is the typical format of a link-local address?
- FE80::/10
- FD00::/8
- 2001::/16
- FC00::/7
Correct answer: FE80::/10
Correct answer: FE80::/10. Explanation: In IPv6, link-local addresses are formatted as FE80::/10. These addresses are used in a single network segment and are not routable beyond their local network.
- What is the function of the ARP (Address Resolution Protocol) in a network?
- It translates IP addresses to MAC addresses.
- It encrypts data packets for secure transmission.
- It assigns IP addresses to devices on a network.
- It determines the fastest route for data packets.
Correct answer: It translates IP addresses to MAC addresses.
Correct answer: It translates IP addresses to MAC addresses. Explanation: ARP (Address Resolution Protocol) is used in IPv4 networks to map IP addresses to the physical MAC (Media Access Control) addresses of devices on a local network, enabling communication within the network.
- In network security, what does a 'DMZ' (Demilitarized Zone) refer to?
- A network segment isolated for testing new applications
- A network segment that separates internal networks from untrusted external networks
- A backup network activated during security breaches
- A network exclusively for internal communications
Correct answer: A network segment that separates internal networks from untrusted external networks
Correct answer: A network segment that separates internal networks from untrusted external networks. Explanation: A DMZ (Demilitarized Zone) in networking is a physical or logical subnetwork that separates an internal local area network (LAN) from untrusted external networks, typically the internet. It adds an additional layer of security by limiting access to internal servers and data.
- What does the term '10/100/1000' refer to in the context of Ethernet networking?
- The number of allowable connected devices
- Network latency in milliseconds
- Network speeds in Mbps
- Cable length in meters
Correct answer: Network speeds in Mbps
Correct answer: Network speeds in Mbps. Explanation: The term '10/100/1000' in Ethernet networking refers to the supported speeds of the network interface card (NIC), in megabits per second (Mbps). It indicates that the NIC can operate at 10 Mbps, 100 Mbps, or 1 Gbps (1000 Mbps).
- What is the primary function of the QoS (Quality of Service) feature in a router?
- To provide backup power in case of outage
- To prioritize certain types of network traffic
- To encrypt data packets
- To assign static IP addresses to devices
Correct answer: To prioritize certain types of network traffic
Correct answer: To prioritize certain types of network traffic. Explanation: Quality of Service (QoS) in networking allows the router to prioritize certain types of traffic (such as VoIP, streaming) over others. This ensures better performance for critical applications, especially in congested network environments.
- In networking, what is the purpose of the 'traceroute' command?
- To map the route data takes across the network
- To test the network speed between two points
- To configure routing tables
- To detect network intrusion
Correct answer: To map the route data takes across the network
Correct answer: To map the route data takes across the network. Explanation: The 'traceroute' command in networking is used to map the path that a packet of information takes from its source to its destination. It provides a list of the points (usually routers) that the packet passes through.
- Which type of network cable is used to connect a computer to a switch in a standard Ethernet network?
- Crossover cable
- Coaxial cable
- Fiber optic cable
- Straight-through cable
Correct answer: Straight-through cable
Correct answer: Straight-through cable. Explanation: In a standard Ethernet network, a straight-through cable is used to connect computers to network devices like switches or routers. It has its wires connected identically on both ends, which is ideal for connecting dissimilar devices.
- What does the term 'latency' refer to in a network?
- The number of data packets lost during transmission
- The speed at which a network can transfer data
- The time it takes for a data packet to travel from source to destination
- The capacity of a network to handle data
Correct answer: The time it takes for a data packet to travel from source to destination
Correct answer: The time it takes for a data packet to travel from source to destination. Explanation: In networking, latency refers to the delay before a transfer of data begins following an instruction for its transfer. It is essentially the time it takes for a packet to travel from its source to the destination.
- In a TCP/IP network, what is the purpose of the 'subnet mask'?
- To identify the network portion of an IP address
- To encrypt data packets
- To detect network intrusion
- To prioritize network traffic
Correct answer: To identify the network portion of an IP address
Correct answer: To identify the network portion of an IP address. Explanation: In TCP/IP networking, a subnet mask is used to identify the network and host portions of an IP address. It plays a crucial role in determining whether the destination of a packet is within the same subnet or an external network.
- What is the primary function of a VLAN (Virtual Local Area Network)?
- To extend the physical reach of the network
- To segregate broadcast domains in a Layer 2 network
- To provide a backup in case of network failure
- To encrypt data traffic within a network
Correct answer: To segregate broadcast domains in a Layer 2 network
Correct answer: To segregate broadcast domains in a Layer 2 network. Explanation: A VLAN (Virtual Local Area Network) is used in networking to create distinct broadcast domains within a Layer 2 network. By segregating a network into VLANs, you can improve performance and security by limiting broadcasts to a specific VLAN.
- In the OSI model, at which layer does the IPv4 protocol operate?
- Layer 1 (Physical Layer)
- Layer 3 (Network Layer)
- Layer 5 (Session Layer)
- Layer 7 (Application Layer)
Correct answer: Layer 3 (Network Layer)
Correct answer: Layer 3 (Network Layer). Explanation: The IPv4 protocol operates at the Network Layer (Layer 3) of the OSI model. This layer is responsible for logical addressing and routing, which are fundamental aspects of the IPv4 protocol.
- Which protocol is used for securely transferring files over a network in a UNIX-like environment?
Correct answer: SFTP
Correct answer: SFTP. Explanation: SFTP (Secure File Transfer Protocol) is used for securely transferring files over a network in UNIX-like environments. Unlike FTP, SFTP provides a secure channel with encrypted data transfer.
- What is the primary purpose of the DNS (Domain Name System)?
- To encrypt internet communications
- To distribute network traffic evenly
- To translate human-readable domain names to IP addresses
- To manage email delivery
Correct answer: To translate human-readable domain names to IP addresses
Correct answer: To translate human-readable domain names to IP addresses. Explanation: The DNS (Domain Name System) is a foundational internet service that translates human-readable domain names (like www.example.com) into numerical IP addresses that computers use to connect to each other.
- In networking, what does NAT (Network Address Translation) accomplish?
- It encrypts data leaving a network.
- It converts private IP addresses to public IP addresses.
- It distributes IP addresses to devices on a network.
- It blocks unauthorized access to a network.
Correct answer: It converts private IP addresses to public IP addresses.
Correct answer: It converts private IP addresses to public IP addresses. Explanation: NAT (Network Address Translation) allows multiple devices on a local network to access the internet through a single public IP address. It translates the private IP addresses of individual devices to the public IP address and vice versa.
- What is the primary function of SNMP (Simple Network Management Protocol)?
- To encrypt network traffic
- To manage network devices and monitor network performance
- To allocate IP addresses within a network
- To provide a secure channel for data transmission
Correct answer: To manage network devices and monitor network performance
Correct answer: To manage network devices and monitor network performance. Explanation: SNMP (Simple Network Management Protocol) is used in network management for configuring network devices such as switches, routers, servers, printers, and more. It also monitors the network performance of these devices.
- Which of the following is a characteristic of a fiber optic cable?
- Susceptible to electromagnetic interference
- Used primarily for analog transmission
- Higher latency than coaxial cables
- Capable of carrying data over longer distances without signal degradation
Correct answer: Capable of carrying data over longer distances without signal degradation
Correct answer: Capable of carrying data over longer distances without signal degradation. Explanation: Fiber optic cables are known for their ability to carry data over long distances with minimal signal degradation. They are immune to electromagnetic interference and offer high bandwidth, making them ideal for high-speed data transmission.
- In a wireless network, what does MIMO (Multiple Input Multiple Output) technology improve?
- Encryption strength
- Data transmission speed and reliability
- Signal range
- Compatibility with older devices
Correct answer: Data transmission speed and reliability
Correct answer: Data transmission speed and reliability. Explanation: MIMO (Multiple Input Multiple Output) technology in wireless networking uses multiple antennas at both the transmitter and receiver to improve communication performance. It enhances data transmission speeds and reliability by exploiting multiple data paths.
- Which type of cable is typically used for a Gigabit Ethernet connection?
Correct answer: Cat5e
Correct answer: Cat5e. Explanation: Cat5e (Category 5 enhanced) cable is commonly used for Gigabit Ethernet connections. It supports higher data rates compared to Cat5 and is more efficient at reducing crosstalk.
- What is the primary role of a firewall in a computer network?
- To manage the allocation of IP addresses
- To monitor and control incoming and outgoing network traffic
- To provide a physical connection between network devices
- To increase the speed of data transmission
Correct answer: To monitor and control incoming and outgoing network traffic
Correct answer: To monitor and control incoming and outgoing network traffic. Explanation: The primary role of a firewall in a computer network is to monitor and control incoming and outgoing network traffic based on an organization's security policies. It acts as a barrier between a trusted and an untrusted network, blocking or permitting data packets based on a set of security rules.
- What is the purpose of the 'ping' command in network troubleshooting?
- To configure network interfaces
- To test the reachability of a host on an IP network
- To display the routing path packets take to a network host
- To resolve domain names to IP addresses
Correct answer: To test the reachability of a host on an IP network
Correct answer: To test the reachability of a host on an IP network. Explanation: The 'ping' command is a basic network troubleshooting tool used to test the reachability of a host on an IP network. It measures the round-trip time for messages sent from the originating host to a destination computer.
- What type of RAM is primarily used in modern graphics cards?
Correct answer: GDDR6
Correct answer: GDDR6. Explanation: GDDR6 (Graphics Double Data Rate, Version 6) is the most commonly used type of RAM in modern graphics cards. It offers higher bandwidth and speed compared to earlier versions, making it ideal for graphics-intensive applications.
- In a computer system, what is the primary purpose of a Southbridge chipset?
- Managing communication between the CPU and memory
- Handling I/O functions and peripheral connectivity
- Accelerating graphic rendering
- Regulating power supply
Correct answer: Handling I/O functions and peripheral connectivity
Correct answer: Handling I/O functions and peripheral connectivity. Explanation: The Southbridge chipset in a computer system is responsible for handling input/output functions and connecting various peripherals. It manages lower-speed peripheral communications like USB, audio, serial, system BIOS, and ISA bus.
- Which connector type is commonly used for modern internal hard drives?
Correct answer: SATA
Correct answer: SATA. Explanation: SATA (Serial Advanced Technology Attachment) connectors are the standard interface for connecting internal hard drives in modern computer systems. They offer faster data transfer rates compared to older IDE connectors.
- What does the term 'thermal throttling' refer to in the context of CPU performance?
- Increasing clock speed based on workload
- Reducing clock speed due to high temperature
- Distributing workload among multiple cores
- Adjusting voltage to save energy
Correct answer: Reducing clock speed due to high temperature
Correct answer: Reducing clock speed due to high temperature. Explanation: Thermal throttling is a mechanism used in CPUs to automatically reduce the processor's clock speed when operating temperatures reach a certain point. This helps prevent overheating and potential damage to the CPU.
- Which type of cable is most suitable for a 10 Gbps network connection over a distance of 100 meters?
Correct answer: Cat 6a
Correct answer: Cat 6a. Explanation: Cat 6a (Category 6 augmented) cables are designed to support 10 Gbps network speeds over distances up to 100 meters. They provide better performance and reduced crosstalk compared to Cat 5e and Cat 6 cables.
- In the context of laptop displays, what does the term IPS stand for and signify?
- Integrated Panel System - indicates a built-in screen
- In-Plane Switching - refers to better color and viewing angles
- Intelligent Panel Sync - relates to adaptive refresh rates
- Inverted Pixel Screen - a type of touch screen technology
Correct answer: In-Plane Switching - refers to better color and viewing angles
Correct answer: In-Plane Switching - refers to better color and viewing angles. Explanation: IPS (In-Plane Switching) is a screen technology used in laptop displays known for its high color accuracy and better viewing angles compared to traditional TN (Twisted Nematic) panels.
- What is the primary purpose of a ZIF (Zero Insertion Force) socket in computer hardware?
- To enhance the cooling of the CPU
- To reduce the risk of damaging the CPU during installation
- To increase the speed of the CPU
- To provide additional power to the CPU
Correct answer: To reduce the risk of damaging the CPU during installation
Correct answer: To reduce the risk of damaging the CPU during installation. Explanation: ZIF (Zero Insertion Force) sockets are designed to easily install a CPU without applying force, significantly reducing the risk of physical damage to the CPU pins or socket during installation.
- Which type of RAM is typically used in the cache memory of a processor?
Correct answer: SRAM
Correct answer: SRAM. Explanation: SRAM (Static Random Access Memory) is commonly used in processor cache memory due to its higher speed compared to DRAM. It is more expensive but offers faster access, making it ideal for CPU cache.
- What is the primary difference between an ATX and a MicroATX motherboard?
- Processor compatibility
- Power consumption
- Size and number of expansion slots
- Memory type support
Correct answer: Size and number of expansion slots
Correct answer: Size and number of expansion slots. Explanation: The primary difference between ATX and MicroATX motherboards is their size and the number of available expansion slots. MicroATX is smaller and typically has fewer expansion slots than ATX, making it suitable for compact systems.
- In computer hardware, what is the function of a heatsink?
- To store data temporarily
- To supply power to the CPU
- To cool down components by dissipating heat
- To accelerate graphics processing
Correct answer: To cool down components by dissipating heat
Correct answer: To cool down components by dissipating heat. Explanation: A heatsink in computer hardware is designed to dissipate heat from critical components, especially the CPU or GPU, helping to maintain optimal operating temperatures and prevent overheating.
- Which connector type is commonly used for connecting solid state drives (SSDs) in a high-performance computing environment?
Correct answer: NVMe
Correct answer: NVMe. Explanation: NVMe (Non-Volatile Memory Express) is a connector and driver interface that delivers the highest throughput and fastest response times for all types of enterprise and client systems. It is commonly used for connecting SSDs in high-performance computing.
- What is the purpose of ECC (Error-Correcting Code) memory in a computer system?
- To improve the graphics rendering
- To reduce the system's power consumption
- To detect and correct data corruption
- To increase the system's processing speed
Correct answer: To detect and correct data corruption
Correct answer: To detect and correct data corruption. Explanation: ECC (Error-Correcting Code) memory is used in high-end computing environments to detect and correct common kinds of internal data corruption. This feature is particularly important in systems where data corruption cannot be tolerated, such as scientific computing or financial computing systems.
- In the context of computer hardware, what is a primary function of the CMOS battery?
- To power the cooling fans
- To maintain system time and BIOS settings
- To provide extra power to the CPU
- To store user data
Correct answer: To maintain system time and BIOS settings
Correct answer: To maintain system time and BIOS settings. Explanation: The CMOS battery in a computer system provides power to the CMOS chip to keep the system clock running and retain BIOS settings even when the computer is turned off or unplugged.
- Which hardware component is responsible for converting digital signals to analog signals for a monitor?
- GPU
- DAC (Digital-to-Analog Converter)
- Motherboard
- Power Supply Unit (PSU)
Correct answer: DAC (Digital-to-Analog Converter)
Correct answer: DAC (Digital-to-Analog Converter). Explanation: The DAC (Digital-to-Analog Converter) is the hardware component responsible for converting digital signals to analog signals that can be used by monitors, especially in older CRT monitors or those with VGA connections.
- What is the primary advantage of using a multi-core processor in a computer?
- Increased RAM capacity
- Enhanced sound quality
- Improved multitasking and processing efficiency
- Lower power consumption
Correct answer: Improved multitasking and processing efficiency
Correct answer: Improved multitasking and processing efficiency. Explanation: The primary advantage of a multi-core processor is the ability to perform more tasks simultaneously, leading to improved multitasking and processing efficiency. This is particularly beneficial for running multiple applications or complex computational tasks.
- What type of power connector is typically used by modern graphics cards?
- 4-pin Molex
- 8-pin PCIe
- 20-pin ATX
- SATA power connector
Correct answer: 8-pin PCIe
Correct answer: 8-pin PCIe. Explanation: Modern high-performance graphics cards typically require an 8-pin PCIe power connector to meet their power demands. This connector provides the additional power needed for graphics-intensive tasks.
- What is the function of the VRM (Voltage Regulator Module) on a motherboard?
- To regulate the voltage supplied to the CPU
- To store data for quick access by the CPU
- To convert AC power to DC power
- To control the speed of the cooling fans
Correct answer: To regulate the voltage supplied to the CPU
Correct answer: To regulate the voltage supplied to the CPU. Explanation: The VRM (Voltage Regulator Module) on a motherboard is responsible for regulating the voltage supplied to the CPU, ensuring it receives the correct voltage for stable and efficient operation.
- Which of the following is a primary characteristic of a Thunderbolt 3 connection?
- It can transmit data at speeds up to 40 Gbps
- It is primarily used for connecting keyboards and mice
- It supports a maximum cable length of 100 meters
- It is incompatible with USB-C devices
Correct answer: It can transmit data at speeds up to 40 Gbps
Correct answer: It can transmit data at speeds up to 40 Gbps. Explanation: Thunderbolt 3 is known for its high data transfer speeds, capable of transmitting data at up to 40 Gbps. This makes it suitable for high-speed data transfer applications such as connecting external drives and high-resolution displays.
- In computer hardware, what is the primary use of a riser card?
- To extend the height of the CPU cooler
- To add additional expansion slots in a small form factor PC
- To increase the RAM capacity
- To enhance the audio quality
Correct answer: To add additional expansion slots in a small form factor PC
Correct answer: To add additional expansion slots in a small form factor PC. Explanation: A riser card is used in small form factor PCs to add additional expansion slots that are parallel to the motherboard. This is especially useful in compact cases where space is limited.
- What is the purpose of a KVM (Keyboard, Video, Mouse) switch in a computer environment?
- To increase the number of USB ports
- To allow a single set of keyboard, monitor, and mouse to control multiple computers
- To enhance the video graphics quality
- To synchronize multiple computers to a single clock source
Correct answer: To allow a single set of keyboard, monitor, and mouse to control multiple computers
Correct answer: To allow a single set of keyboard, monitor, and mouse to control multiple computers. Explanation: A KVM (Keyboard, Video, Mouse) switch allows a user to control multiple computers using a single set of peripherals (keyboard, monitor, and mouse). This is particularly useful in environments like data centers or for users who need to manage multiple machines simultaneously.
- What is the primary purpose of a Type 1 hypervisor in a virtualized environment?
- To provide a platform for user applications
- To manage and run virtual machines directly on hardware
- To control network access for virtual machines
- To encrypt data stored on virtual machines
Correct answer: To manage and run virtual machines directly on hardware
Correct answer: To manage and run virtual machines directly on hardware. Explanation: A Type 1 hypervisor, also known as a bare-metal hypervisor, runs directly on the host's hardware to control the hardware and manage guest operating systems. Its primary role is to provide an isolated environment for running virtual machines directly on the physical hardware.
- In cloud computing, what is the main characteristic of the Infrastructure as a Service (IaaS) model?
- It delivers software applications over the internet.
- It provides virtualized computing resources over the internet.
- It offers platforms for application development.
- It focuses on web-based collaboration tools.
Correct answer: It provides virtualized computing resources over the internet.
Correct answer: It provides virtualized computing resources over the internet. Explanation: Infrastructure as a Service (IaaS) is a cloud computing model that provides virtualized computing resources over the internet. It allows users to rent IT infrastructures like servers, storage, and networking on a pay-per-use basis.
- Which technology allows different virtual machines on a single physical host to share the same physical network interface card NIC?
- VLAN tagging
- VPN tunneling
- Network Address Translation (NAT)
- Load balancing
Correct answer: VLAN tagging
Correct answer: VLAN tagging. Explanation: VLAN tagging allows multiple virtual machines on a single physical host to use the same physical network interface card NIC while maintaining separate network segments. This technology is essential for network isolation and efficient resource utilization in virtualized environments.
- What does the term "elasticity" refer to in the context of cloud computing?
- Data encryption and security
- The ability to scale resources up or down as needed
- Network bandwidth optimization
- Geographic distribution of data centers
Correct answer: The ability to scale resources up or down as needed
Correct answer: The ability to scale resources up or down as needed. Explanation: Elasticity in cloud computing refers to the ability of a system to dynamically scale its resources up or down as needed. This feature allows for efficient resource utilization and cost-effectiveness, adapting to varying workload demands.
- In a virtualized environment, what is the role of a Virtual Machine Monitor (VMM)?
- To monitor the performance of virtual machines
- To manage the storage used by virtual machines
- To create and manage virtual machines
- To provide network security for virtual machines
Correct answer: To create and manage virtual machines
Correct answer: To create and manage virtual machines. Explanation: A Virtual Machine Monitor (VMM), also known as a hypervisor, is a software layer that creates, runs, and manages virtual machines. It allocates physical resources like CPU, memory, and storage to each VM and isolates them from each other.
- Which of the following best describes Software as a Service (SaaS) in cloud computing?
- A model providing underlying hardware infrastructure
- A service offering development platforms and tools
- A delivery model for software applications via the internet
- A cloud-based approach to manage security services
Correct answer: A delivery model for software applications via the internet
Correct answer: A delivery model for software applications via the internet. Explanation: Software as a Service (SaaS) is a cloud computing model where software applications are delivered over the internet. Users access these applications via a web browser, eliminating the need for installing and running the software on individual computers.
- What is the main advantage of using thin provisioning in a virtualized storage environment?
- Increased data transfer speeds
- Enhanced data security and encryption
- Efficient use of storage by allocating space dynamically
- Redundancy and fault tolerance
Correct answer: Efficient use of storage by allocating space dynamically
Correct answer: Efficient use of storage by allocating space dynamically. Explanation: Thin provisioning in a virtualized storage environment allows for the efficient use of storage by dynamically allocating space as needed. It optimizes storage utilization by providing virtual space without dedicating physical storage upfront.
- In virtualization, what is the function of snapshot technology?
- To back up the entire virtual machine
- To create a point-in-time copy of a virtual machine's state
- To transfer virtual machines between hosts
- To distribute network traffic across virtual machines
Correct answer: To create a point-in-time copy of a virtual machine's state
Correct answer: To create a point-in-time copy of a virtual machine's state. Explanation: Snapshot technology in virtualization is used to create a point-in-time copy of a virtual machine's state. This includes the VM's current data and configuration, allowing for easy restoration to that specific point if needed.
- Which feature in cloud computing allows for automatic scaling of resources based on workload demands?
- Load balancing
- Auto-scaling
- Redundancy
- Resource pooling
Correct answer: Auto-scaling
Correct answer: Auto-scaling. Explanation: Auto-scaling in cloud computing is a feature that automatically adjusts the amount of computational resources based on the current workload demands. This ensures optimal performance and cost efficiency by scaling resources up or down as needed.
- What is the primary function of a cloud access security broker CASB in cloud computing?
- To provide data backup and recovery services
- To manage network traffic and load balancing
- To serve as an intermediary for security policy enforcement
- To offer virtualized computing resources
Correct answer: To serve as an intermediary for security policy enforcement
Correct answer: To serve as an intermediary for security policy enforcement. Explanation: A cloud access security broker CASB acts as an intermediary between cloud service users and cloud service providers. It enforces security policies, ensuring compliance and security in cloud environments, particularly for data security, threat prevention, and access control.
- What is the primary purpose of containerization in a cloud computing environment?
- To provide hardware virtualization
- To enable efficient software development and deployment
- To enhance network security
- To manage user access controls
Correct answer: To enable efficient software development and deployment
Correct answer: To enable efficient software development and deployment. Explanation: Containerization in cloud computing is primarily used for efficient software development and deployment. Containers package an application with all of its dependencies, ensuring consistent environment and operation across different computing environments.
- What technology allows a virtual machine in a cloud environment to appear with its own IP address, independent of the host's IP address?
- Network Address Translation (NAT)
- Virtual LAN (VLAN)
- Virtual Private Network (VPN)
- Virtual IP Addressing (VIP)
Correct answer: Network Address Translation (NAT)
Correct answer: Network Address Translation (NAT). Explanation: Network Address Translation (NAT) in a virtualized cloud environment allows a virtual machine to have its own IP address distinct from the host's IP address. NAT translates the VM's private IP addresses to a public IP address, enabling unique identification and communication over the network.
- In cloud computing, what is the primary function of a Content Delivery Network (CDN)?
- To enhance cybersecurity
- To provide data storage solutions
- To distribute web content and reduce latency
- To manage cloud-based applications
Correct answer: To distribute web content and reduce latency
Correct answer: To distribute web content and reduce latency. Explanation: A Content Delivery Network (CDN) in cloud computing is a system of distributed servers that deliver web content and services to users based on their geographic location. The primary purpose is to reduce latency and speed up content delivery by serving requests from the nearest server location.
- Which of the following best describes Platform as a Service (PaaS) in cloud computing?
- A service providing virtualized server and networking infrastructure
- A delivery model for software applications via the internet
- A cloud-based environment for developing, testing, and managing applications
- A platform offering cloud storage solutions
Correct answer: A cloud-based environment for developing, testing, and managing applications
Correct answer: A cloud-based environment for developing, testing, and managing applications. Explanation: Platform as a Service (PaaS) in cloud computing provides a cloud-based environment where developers can build, test, deploy, and manage applications without worrying about the underlying infrastructure. It simplifies the development process by providing necessary platforms and tools.
- What is a primary benefit of using virtualization in a data center?
- Increased physical space requirements
- Reduced hardware costs and improved resource utilization
- Simplified network configurations
- Enhanced external security protocols
Correct answer: Reduced hardware costs and improved resource utilization
Correct answer: Reduced hardware costs and improved resource utilization. Explanation: Virtualization in data centers primarily leads to reduced hardware costs and improved resource utilization. It allows multiple virtual machines to run on a single physical server, maximizing the use of available resources and reducing the need for additional hardware.
- In a virtualized environment, what is "live migration" of a virtual machine?
- Moving a VM from one host to another without shutting it down
- Updating a VM's software while it's running
- Backing up a VM while it's in use
- Changing a VM's resource allocation in real-time
Correct answer: Moving a VM from one host to another without shutting it down
Correct answer: Moving a VM from one host to another without shutting it down. Explanation: Live migration in virtualization refers to the process of moving a virtual machine from one host server to another without shutting down the VM. This ensures continuous availability and minimal disruption during maintenance or load balancing.
- Which term describes the combination of cloud computing services from both public and private clouds to create a customized IT solution?
- Hybrid cloud
- Multi-cloud
- Community cloud
- Distributed cloud
Correct answer: Hybrid cloud
Correct answer: Hybrid cloud. Explanation: A hybrid cloud is a cloud computing environment that combines services from both public and private clouds to create a more flexible and optimized IT solution. It allows for data and application sharing between the two, offering a balance of scalability, cost-effectiveness, and security.
- What is the main advantage of using server virtualization in a corporate data center?
- Enhanced physical security of servers
- Reduced need for data encryption
- Increased energy efficiency and reduced operating costs
- Simplified software licensing management
Correct answer: Increased energy efficiency and reduced operating costs
Correct answer: Increased energy efficiency and reduced operating costs. Explanation: Server virtualization in a corporate data center primarily leads to increased energy efficiency and reduced operating costs. By running multiple virtual servers on a single physical server, organizations can reduce the number of physical servers required, leading to lower energy consumption and cost savings.
- In cloud computing, what is the main function of orchestration tools like Kubernetes and Docker Swarm?
- Managing and automating containerized application deployment
- Providing virtualized networking solutions
- Enhancing cloud security and compliance
- Offering cloud storage and data backup services
Correct answer: Managing and automating containerized application deployment
Correct answer: Managing and automating containerized application deployment. Explanation: Orchestration tools like Kubernetes and Docker Swarm are used in cloud computing for managing and automating the deployment, scaling, and operation of containerized applications. They simplify container management and enhance the efficiency of application deployment and scaling.
- What is the purpose of using virtual desktop infrastructure (VDI) in an organization?
- To manage physical desktop computers remotely
- To deliver and manage virtual desktops to users
- To encrypt data on desktop computers
- To monitor and log desktop user activities
Correct answer: To deliver and manage virtual desktops to users
Correct answer: To deliver and manage virtual desktops to users. Explanation: Virtual Desktop Infrastructure (VDI) is a technology used to create and manage virtual desktops, which are delivered to users over a network. VDI allows centralized management of desktop environments and provides users access to their personal desktop interface from various devices.
- What is the most likely cause of intermittent connectivity issues in a wireless network, assuming the signal strength is strong?
- Faulty Ethernet cable
- Router firmware out of date
- Incorrect subnet mask
- Overlapping Wi-Fi channels
Correct answer: Overlapping Wi-Fi channels
Correct answer: Overlapping Wi-Fi channels. Explanation: Overlapping Wi-Fi channels can cause interference and intermittent connectivity issues in a wireless network, especially in areas with many Wi-Fi networks. Choosing a less crowded channel can resolve these issues.
- In a PC, which component should be checked first when the system powers on but fails to complete the POST (Power-On Self Test)?
- Hard drive
- RAM
- Operating system
- Graphics card
Correct answer: RAM
Correct answer: RAM. Explanation: If a system powers on but fails to complete POST, the first component to check is the RAM. Faulty or improperly seated RAM can prevent a system from passing POST.
- What tool is most effective for testing the physical integrity of an Ethernet cable?
- Multimeter
- Cable certifier
- TDR (Time-Domain Reflectometer)
- Network sniffer
Correct answer: TDR (Time-Domain Reflectometer)
Correct answer: TDR (Time-Domain Reflectometer). Explanation: A Time-Domain Reflectometer (TDR) is used to test the integrity of cables by sending a signal down the cable and measuring reflections to identify faults.
- When troubleshooting a PC that suddenly shuts down, what should be checked first?
- CPU temperature
- Hard drive health
- RAM stability
- Power supply unit (PSU)
Correct answer: CPU temperature
Correct answer: CPU temperature. Explanation: When a PC suddenly shuts down, the first thing to check is the CPU temperature, as overheating can cause the system to shut down abruptly to prevent damage.
- Which of the following is a common symptom of a failing power supply unit (PSU) in a computer?
- Distorted display
- Slow operating system
- Random system restarts
- Inconsistent mouse movement
Correct answer: Random system restarts
Correct answer: Random system restarts. Explanation: Random system restarts can be a symptom of a failing PSU. Inadequate or unstable power supply can cause the system to restart unexpectedly.
- In a scenario where a laptop connects to a Wi-Fi network but has no internet access, what is the first setting to check?
- Wireless mode compatibility
- Firewall settings
- DNS server configuration
- System date and time
Correct answer: DNS server configuration
Correct answer: DNS server configuration. Explanation: When a laptop can connect to Wi-Fi but has no internet access, the DNS server configuration should be checked first. Incorrect DNS settings can prevent access to internet services while maintaining a local network connection.
- What is the most likely cause of a 'No Signal' message on a monitor when a computer is powered on?
- Faulty monitor
- Incompatible RAM
- Disconnected or faulty video cable
- Corrupt operating system
Correct answer: Disconnected or faulty video cable
Correct answer: Disconnected or faulty video cable. Explanation: A 'No Signal' message usually indicates an issue with the video connection. Checking the video cable for proper connection or faults is the first step in troubleshooting.
- Which tool is essential for safely troubleshooting a power supply unit (PSU) in a desktop computer?
- Phillips head screwdriver
- PSU tester
- ESD (Electrostatic Discharge) wrist strap
- Multimeter
Correct answer: PSU tester
Correct answer: PSU tester. Explanation: A PSU tester is designed specifically for safely testing a power supply unit in a computer. It can verify the functionality of each connector and the health of the PSU.
- What is the most likely reason for a network printer to be accessible but unable to print?
- Incorrect IP address
- Full print queue
- Depleted toner or ink
- Misconfigured duplex setting
Correct answer: Full print queue
Correct answer: Full print queue. Explanation: A full print queue can cause a network printer to be accessible but unable to print. Clearing the queue or restarting the printer can resolve this issue.
- In a laptop, repeated failure to recognize an inserted USB device most likely indicates a problem with what?
- The USB device driver
- The operating system
- The USB port
- The motherboard
Correct answer: The USB port
Correct answer: The USB port. Explanation: If a laptop repeatedly fails to recognize an inserted USB device, it's likely an issue with the USB port itself, either due to physical damage or connectivity issues.
- What is the primary reason for a computer displaying the error message "Operating System Not Found" on boot?
- Corrupted BIOS
- Defective RAM
- Unresponsive CPU
- Missing or faulty boot device
Correct answer: Missing or faulty boot device
Correct answer: Missing or faulty boot device. Explanation: The error message "Operating System Not Found" typically indicates an issue with the boot device (such as a hard drive or SSD), where the system is unable to locate the operating system. This could be due to a missing boot device, incorrect boot order, or a faulty drive.
- In troubleshooting a network issue, which tool is used to trace the path a packet takes from the source to the destination?
- Netstat
- Ping
- Traceroute
- Nslookup
Correct answer: Traceroute
Correct answer: traceroute. Explanation: The traceroute tool in networking is used to trace the path packets take from the source to the destination. It helps in identifying where the packets are being delayed or lost in the network.
- When a computer's fan is constantly running at high speed, even under low load conditions, what should be checked first?
- Power supply unit
- Hard drive health
- CPU usage
- Thermal paste application
Correct answer: Thermal paste application
Correct answer: Thermal paste application. Explanation: When a computer's fan runs at high speed constantly, it's often due to inadequate cooling. Checking the application of thermal paste on the CPU is a crucial first step, as improper application can lead to overheating.
- What tool is commonly used to test the output voltage of each connector on a power supply unit (PSU) in a computer?
- Oscilloscope
- PSU tester
- Multimeter
- Powerline tester
Correct answer: Multimeter
Correct answer: Multimeter. Explanation: A multimeter is commonly used to test the output voltage of each connector on a PSU. It helps in verifying that the PSU is delivering the correct voltage to different components of the computer.
- Which of the following issues is most likely indicated by a 'Double Beep' sound during a computer's boot process?
- Overheating CPU
- RAM failure
- Graphics card malfunction
- Hard drive error
Correct answer: RAM failure
Correct answer: RAM failure. Explanation: A 'Double Beep' sound during boot is often indicative of RAM failure. POST (Power-On Self Test) beep codes vary by motherboard manufacturer but commonly signal issues with memory.
- What is the primary function of a loopback plug when troubleshooting network issues?
- Testing the throughput of a network cable
- Checking the functionality of a network port
- Measuring the length of a network cable
- Identifying the type of network cable
Correct answer: Checking the functionality of a network port
Correct answer: Checking the functionality of a network port. Explanation: A loopback plug is used for testing the functionality of a network port. It loops the signal from the transmit pin to the receive pin, allowing the testing of the port's ability to send and receive data.
- In a scenario where a PC starts but the BIOS screen is not displayed, which component is most likely at fault?
- RAM
- CPU
- Graphics card
- Hard drive
Correct answer: Graphics card
Correct answer: Graphics card. Explanation: If the PC starts but the BIOS screen is not displayed, the most likely issue is with the graphics card. Faulty or improperly seated graphics cards can prevent the display of the BIOS screen.
- When troubleshooting a network issue, what does a "Request Timed Out" message in a ping test typically indicate?
- The destination host is down.
- The network cables are faulty.
- There is high network congestion.
- There's a connectivity issue preventing the packets from reaching the destination.
Correct answer: There's a connectivity issue preventing the packets from reaching the destination.
Correct answer: There's a connectivity issue preventing the packets from reaching the destination. Explanation: A "Request Timed Out" message in a ping test usually indicates a connectivity problem, such as a broken link or misconfiguration, which prevents the ping packets from reaching the destination host.
- What would be the first step in troubleshooting a PC that beeps continuously when powered on but does not display anything on the screen?
- Check the video cable connection.
- Replace the motherboard.
- Test the RAM modules.
- Update the BIOS.
Correct answer: Test the RAM modules.
Correct answer: Test the RAM modules. Explanation: Continuous beeping with no display often indicates a problem with the RAM. Testing the RAM modules or ensuring they are properly seated is the first step in this scenario.
- In a situation where a computer's hard drive is making a loud clicking noise, what is the most likely issue?
- The hard drive is fragmented.
- The hard drive is overheating.
- There is physical damage to the hard drive.
- The SATA/IDE cable is loose.
Correct answer: There is physical damage to the hard drive.
Correct answer: There is physical damage to the hard drive. Explanation: A loud clicking noise from a hard drive typically indicates physical damage, often referred to as the "click of death," and suggests that the drive may be failing.
- What is the most probable cause of a BSOD (Blue Screen of Death) error in Windows immediately after installing new hardware?
- Incompatible hardware
- Insufficient power supply
- Corrupt operating system
- Full hard drive
Correct answer: Incompatible hardware
Correct answer: Incompatible hardware. Explanation: A BSOD immediately following the installation of new hardware typically suggests a hardware compatibility issue or a problem with the device drivers.
- Which Windows command displays and modifies the IP routing table, allowing you to add a static route to a specific network?
- Netstat
- Route
- Nslookup
- Pathping
Correct answer: Route
Correct answer: route. Explanation: The route command displays and modifies the local IP routing table. Using route add lets you create a static route to a particular network, while netstat shows active connections, nslookup queries DNS, and pathping combines ping and tracert.
- A technician needs to convert a basic disk to a dynamic disk and create a new volume on a Windows workstation. Which built-in tool should be used?
- Disk Cleanup (cleanmgr)
- Disk Management (diskmgmt.msc)
- Defragment and Optimize Drives (dfrgui)
- Resource Monitor
Correct answer: Disk Management (diskmgmt.msc)
Correct answer: Disk Management (diskmgmt.msc). Explanation: Disk Management (diskmgmt.msc) is used to create, format, extend, and shrink partitions and to convert disks between basic and dynamic. Disk Cleanup removes temporary files, dfrgui optimizes drives, and Resource Monitor reports performance data.
- Which Windows edition is the minimum required to join a Windows computer to an Active Directory domain?
- Windows Home
- Windows Pro
- Windows S Mode
- Windows IoT Core
Correct answer: Windows Pro
Correct answer: Windows Pro. Explanation: Windows Home cannot join a domain; domain join, Group Policy, BitLocker, and Remote Desktop hosting require at least Windows Pro. Enterprise and Education editions also support domain membership.
- A user needs the Linux command to display the full path of the current working directory in a terminal. Which command should they use?
Correct answer: Pwd
Correct answer: pwd. Explanation: pwd (print working directory) outputs the absolute path of the current directory. ls lists directory contents, cd changes directories, and ps lists running processes.
- Which Windows file system supports file-level encryption with EFS, file permissions, compression, and journaling?
Correct answer: NTFS
Correct answer: NTFS. Explanation: NTFS supports the Encrypting File System (EFS), granular file/folder permissions, compression, quotas, and journaling. FAT32 and exFAT lack these security features, and ext4 is a Linux file system.
- In macOS, which built-in feature provides automatic, incremental backups of the entire system to an external or network drive?
- Mission Control
- Time Machine
- Spotlight
- Keychain
Correct answer: Time Machine
Correct answer: Time Machine. Explanation: Time Machine is the macOS backup utility that creates incremental backups to an external or network volume, allowing files and the whole system to be restored. Mission Control manages windows, Spotlight is search, and Keychain stores credentials.
- A technician wants to install Windows 11 but the upgrade is blocked. Which firmware/hardware requirement is most likely missing?
- A TPM 2.0 module
- A legacy BIOS boot mode
- A FAT32 system partition
- An IDE hard drive
Correct answer: A TPM 2.0 module
Correct answer: A TPM 2.0 module. Explanation: Windows 11 requires TPM 2.0, UEFI with Secure Boot, and a compatible 64-bit CPU. Legacy BIOS, FAT32 system partitions, and IDE drives are not requirements; in fact UEFI (not legacy BIOS) is needed.
- Which Windows command-line tool checks the integrity of protected system files and replaces corrupted ones with cached copies?
- Chkdsk
- Sfc /scannow
- Diskpart
- Format
Correct answer: Sfc /scannow
Correct answer: sfc /scannow. Explanation: System File Checker (sfc /scannow) scans and repairs protected Windows system files. chkdsk checks the file system and disk for errors, diskpart manages partitions, and format prepares a volume.
- A technician must remotely access a Windows desktop's GUI over the network using Microsoft's built-in protocol. Which protocol and default port are used?
- SSH on port 22
- RDP on port 3389
- Telnet on port 23
- VNC on port 5900
Correct answer: RDP on port 3389
Correct answer: RDP on port 3389. Explanation: Remote Desktop Protocol (RDP) provides remote GUI access to Windows and uses TCP port 3389. SSH (22) is command-line, Telnet (23) is insecure, and VNC (5900) is third-party rather than the built-in Microsoft option.
- Which Linux command is used to change the permissions of a file or directory?
Correct answer: Chmod
Correct answer: chmod. Explanation: chmod changes the read, write, and execute permissions of files and directories. chown changes ownership, grep searches text, and apt-get manages packages on Debian-based systems.
- A user wants Windows to run a maintenance script automatically every night at 2 a.m. Which utility should the technician configure?
- Task Scheduler
- Task Manager
- Services console
- System Configuration (msconfig)
Correct answer: Task Scheduler
Correct answer: Task Scheduler. Explanation: Task Scheduler creates triggered or time-based tasks, such as running a script nightly. Task Manager shows running processes, the Services console manages background services, and msconfig controls boot and startup options.
- Which type of partition table is required to support boot drives larger than 2 TB and more than four primary partitions?
Correct answer: GPT
Correct answer: GPT. Explanation: GUID Partition Table (GPT) supports drives larger than 2 TB and up to 128 partitions, and pairs with UEFI. MBR is limited to 2 TB and four primary partitions, FAT is a file system, and RAID is a disk array technology.
- Which Windows tool lets an administrator enforce password policies, software restrictions, and security settings across domain computers?
- Group Policy Editor (gpedit.msc)
- Event Viewer
- Performance Monitor
- Device Manager
Correct answer: Group Policy Editor (gpedit.msc)
Correct answer: Group Policy Editor (gpedit.msc). Explanation: Group Policy (gpedit.msc locally, or Group Policy Management in a domain) configures and enforces security, password, and software policies. Event Viewer reviews logs, Performance Monitor tracks metrics, and Device Manager manages hardware.
- A technician performs an OS installation that wipes the existing partition and installs a fresh copy of Windows with no retained applications or settings. What is this called?
- An in-place upgrade
- A clean install
- A repair installation
- A remote network install
Correct answer: A clean install
Correct answer: A clean install. Explanation: A clean install removes existing data and installs a fresh OS, keeping nothing. An in-place upgrade retains apps and settings, a repair installation fixes system files, and a network install describes the delivery method, not whether data is retained.
- Which command-line utility in Windows is used to manage disks, partitions, and volumes from a text interface, including creating and formatting partitions?
- Ipconfig
- Diskpart
- Gpupdate
- Winver
Correct answer: Diskpart
Correct answer: diskpart. Explanation: diskpart is the command-line partition manager that can list, create, delete, and format partitions. ipconfig manages IP settings, gpupdate refreshes Group Policy, and winver displays the Windows version.
- Which macOS utility allows a user to manage installed fonts, disk first aid, and partitioning of drives?
- Disk Utility
- Finder
- Terminal
- Dock
Correct answer: Disk Utility
Correct answer: Disk Utility. Explanation: Disk Utility in macOS handles formatting, partitioning, and First Aid (repair) of disks. Finder is the file browser, Terminal is the command line, and the Dock launches and switches apps.
- A Windows user needs to map a network share to a drive letter from the command line. Which command accomplishes this?
- Net use
- Net user
- Netdom
- Netsh
Correct answer: Net use
Correct answer: net use. Explanation: net use maps a network drive to a share (for example, net use Z: \\server\share). net user manages local accounts, netdom manages domain trusts, and netsh configures network settings.
- Which Windows feature applies full-disk encryption to a drive and can leverage the TPM to protect the encryption key?
- EFS
- BitLocker
- Windows Defender Firewall
- User Account Control
Correct answer: BitLocker
Correct answer: BitLocker. Explanation: BitLocker provides full-disk encryption and uses the TPM to store and protect keys. EFS encrypts individual files rather than the whole disk, the firewall filters traffic, and UAC manages elevation prompts.
- In Linux, which command is used to elevate a single command to run with root (superuser) privileges?
Correct answer: Sudo
Correct answer: sudo. Explanation: sudo executes a single command with elevated (root) privileges. su switches the entire session to another user, chmod changes permissions, and passwd changes a user's password.
- Which Windows utility consolidates fragmented data on a mechanical hard drive to improve read performance, and is generally avoided on SSDs?
- Disk Cleanup
- Disk Defragmenter (dfrgui)
- Chkdsk
- Storage Spaces
Correct answer: Disk Defragmenter (dfrgui)
Correct answer: Disk Defragmenter (dfrgui). Explanation: Disk Defragmenter (dfrgui) reorganizes fragmented files on HDDs; SSDs use TRIM instead and should not be defragmented. Disk Cleanup removes temp files, chkdsk repairs errors, and Storage Spaces pools drives.
- A help-desk technician suspects malware on a workstation. According to CompTIA's best-practice malware removal procedure, what should be done immediately after identifying and verifying the symptoms?
- Educate the end user
- Quarantine the infected system
- Enable System Restore
- Schedule scans and run updates
Correct answer: Quarantine the infected system
Correct answer: Quarantine the infected system. Explanation: The best-practice order is: identify and verify symptoms, quarantine the system, disable System Restore, remediate (update and scan), schedule scans and updates, re-enable System Restore and create a restore point, and educate the user. Quarantine comes right after verification to stop spread.
- During malware remediation, why should System Restore be disabled before cleaning the infection?
- It speeds up the antivirus scan
- Restore points can hold copies of the malware and re-infect the system
- It frees the TPM for re-encryption
- It is required to boot into Safe Mode
Correct answer: Restore points can hold copies of the malware and re-infect the system
Correct answer: Restore points can hold copies of the malware and re-infect the system. Explanation: System Restore points may capture infected files, so restoring later could reintroduce the malware. Disabling System Restore (and clearing old points) before remediation prevents re-infection; it is re-enabled afterward.
- An attacker sends an email pretending to be the company's CEO, urgently requesting a wire transfer. Which social engineering technique is this?
- Shoulder surfing
- Whaling (a form of phishing)
- Tailgating
- Evil twin
Correct answer: Whaling (a form of phishing)
Correct answer: Whaling (a form of phishing). Explanation: Whaling is a targeted phishing attack aimed at or impersonating high-value individuals such as executives. Shoulder surfing observes screens, tailgating follows someone through a door, and an evil twin is a rogue Wi-Fi access point.
- Which authentication approach requires two different factors, such as a password plus a code from an authenticator app?
- Single sign-on
- Multifactor authentication
- Mandatory access control
- Least privilege
Correct answer: Multifactor authentication
Correct answer: Multifactor authentication. Explanation: Multifactor authentication (MFA) combines two or more distinct factors (something you know, have, or are). Single sign-on grants access to many systems with one login, MAC is a permission model, and least privilege limits access scope.
- An attacker positions a rogue wireless access point with the same SSID as a legitimate network to intercept traffic. What is this attack called?
- Evil twin
- Brute force
- SQL injection
- Zero-day
Correct answer: Evil twin
Correct answer: Evil twin. Explanation: An evil twin is a malicious AP impersonating a legitimate SSID to capture user traffic. Brute force guesses credentials, SQL injection targets databases, and a zero-day exploits an unpatched, unknown vulnerability.
- Which type of malware encrypts a victim's files and demands payment for the decryption key?
- Rootkit
- Ransomware
- Keylogger
- Adware
Correct answer: Ransomware
Correct answer: Ransomware. Explanation: Ransomware encrypts data and demands a ransom for the key. A rootkit hides at a low level to maintain access, a keylogger records keystrokes, and adware displays unwanted ads.
- Which security principle states that users should be granted only the minimum access rights needed to perform their job?
- Implicit deny
- Principle of least privilege
- Defense in depth
- Separation of duties
Correct answer: Principle of least privilege
Correct answer: Principle of least privilege. Explanation: The principle of least privilege limits each user's permissions to only what their role requires. Implicit deny blocks anything not explicitly allowed, defense in depth layers controls, and separation of duties splits sensitive tasks among people.
- Which wireless encryption standard is the most secure and recommended for new networks?
Correct answer: WPA3
Correct answer: WPA3. Explanation: WPA3 is the current strongest Wi-Fi security standard, using SAE for stronger key exchange. WEP and the original WPA are deprecated, and WPA2-TKIP is weaker than WPA2-AES or WPA3.
- A user reports that a website's certificate produces a browser warning that it is not trusted. Which is the most likely cause?
- The certificate is expired or self-signed
- The browser cache is full
- The site uses HTTPS instead of HTTP
- The user disabled cookies
Correct answer: The certificate is expired or self-signed
Correct answer: The certificate is expired or self-signed. Explanation: Untrusted certificate warnings usually mean the certificate is expired, self-signed, or issued by an untrusted CA (or the name does not match). A full cache, HTTPS use, or disabled cookies do not trigger certificate trust warnings.
- Which physical security method uses a unique fingerprint or facial scan to authenticate a user?
- Smart card
- Biometrics
- Key fob
- Hardware token
Correct answer: Biometrics
Correct answer: Biometrics. Explanation: Biometrics authenticate using physical traits such as fingerprints, facial geometry, or iris scans. Smart cards and hardware tokens are possession factors, and a key fob is a physical access device.
- Which feature in Windows prompts for administrator approval before allowing changes that affect system settings, helping prevent unauthorized software changes?
- User Account Control (UAC)
- Windows Defender Firewall
- BitLocker
- AppLocker
Correct answer: User Account Control (UAC)
Correct answer: User Account Control (UAC). Explanation: User Account Control (UAC) requests elevation/approval before applying system-level changes, reducing the impact of malware. The firewall filters network traffic, BitLocker encrypts disks, and AppLocker controls which apps can run.
- A technician wants to protect against unauthorized devices plugging into open network ports in a public area. Which control is most appropriate?
- Disabling unused switch ports / enabling port security
- Increasing the screen brightness
- Lengthening the DHCP lease time
- Disabling SSID broadcast
Correct answer: Disabling unused switch ports / enabling port security
Correct answer: Disabling unused switch ports / enabling port security. Explanation: Disabling unused ports and enabling port security (MAC filtering) prevents rogue devices from connecting. Screen brightness is unrelated, DHCP lease time does not control access, and disabling SSID broadcast applies to wireless, not wired ports.
- Which type of attack floods a system or service with traffic from many compromised hosts so legitimate users cannot access it?
- Man-in-the-middle
- Distributed denial of service (DDoS)
- Spoofing
- Cross-site scripting
Correct answer: Distributed denial of service (DDoS)
Correct answer: Distributed denial of service (DDoS). Explanation: A DDoS attack uses many compromised hosts (a botnet) to overwhelm a target and deny service. Man-in-the-middle intercepts traffic, spoofing falsifies identity, and XSS injects scripts into web pages.
- Which mobile security method allows an administrator to erase all data on a lost or stolen device over the network?
- Remote wipe
- Screen pinning
- Airplane mode
- Developer options
Correct answer: Remote wipe
Correct answer: Remote wipe. Explanation: Remote wipe lets an administrator or user remotely erase a device to protect data if it is lost or stolen. Screen pinning restricts to one app, airplane mode disables radios, and developer options expose debugging features.
- Which best practice helps protect against credential theft from a brute-force password attack?
- Setting an account lockout policy
- Disabling the firewall
- Using WEP encryption
- Granting all users admin rights
Correct answer: Setting an account lockout policy
Correct answer: Setting an account lockout policy. Explanation: An account lockout policy locks an account after a set number of failed attempts, blocking brute-force guessing. Disabling the firewall, using WEP, and granting broad admin rights all weaken security.
- A user receives a pop-up claiming their computer is infected and urging them to call a phone number for support. What is this an example of?
- A legitimate antivirus alert
- A scareware / social engineering scam
- A Windows Update notification
- A driver installation prompt
Correct answer: A scareware / social engineering scam
Correct answer: A scareware / social engineering scam. Explanation: Fake infection pop-ups urging a call are scareware, a social engineering tactic to trick users into paying or granting remote access. They are not legitimate antivirus, update, or driver prompts.
- Which authentication factor category does a hardware token or smart card belong to?
- Something you know
- Something you have
- Something you are
- Somewhere you are
Correct answer: Something you have
Correct answer: Something you have. Explanation: Hardware tokens and smart cards are 'something you have' (possession). Passwords and PINs are 'something you know,' biometrics are 'something you are,' and geolocation is 'somewhere you are.'
- After remediating malware and re-enabling System Restore, what is the final step in CompTIA's malware removal best practices?
- Reinstall the operating system
- Educate the end user
- Disable the antivirus software
- Format all drives
Correct answer: Educate the end user
Correct answer: Educate the end user. Explanation: The final step is to educate the end user about safe practices to prevent reinfection. Reinstalling the OS, disabling antivirus, or formatting drives are not part of the standard final step.
- A Windows PC displays the message 'No boot device found' after the user installed a second hard drive. Which is the most likely fix?
- Reinstall all applications
- Correct the boot order in UEFI/BIOS
- Run a defragmentation
- Update the antivirus definitions
Correct answer: Correct the boot order in UEFI/BIOS
Correct answer: Correct the boot order in UEFI/BIOS. Explanation: Adding a drive can change the boot priority, so the firmware tries to boot the wrong disk. Setting the correct boot order in UEFI/BIOS resolves it. Reinstalling apps, defragmenting, or updating antivirus do not address boot order.
- A user reports that Windows boots very slowly and many unnecessary programs launch at startup. Which tool best lets a technician disable startup items?
- Task Manager (Startup tab)
- Disk Cleanup
- Device Manager
- Event Viewer
Correct answer: Task Manager (Startup tab)
Correct answer: Task Manager (Startup tab). Explanation: In modern Windows, the Task Manager Startup tab (or Startup Apps in Settings) lets you disable programs that launch at boot. Disk Cleanup frees space, Device Manager manages hardware, and Event Viewer reviews logs.
- An application repeatedly crashes and reports a missing DLL error. Which is the most appropriate first troubleshooting step?
- Reinstall or repair the affected application
- Replace the motherboard
- Reformat the hard drive
- Disable the network adapter
Correct answer: Reinstall or repair the affected application
Correct answer: Reinstall or repair the affected application. Explanation: A missing DLL usually means application files are corrupt or incomplete, so repairing or reinstalling the app restores the required libraries. Replacing hardware, reformatting, or disabling the NIC are excessive and unrelated.
- A Windows system shows the 'spinning wheel' and frequent application hangs, and Task Manager shows memory usage near 100%. What is the most likely cause?
- Insufficient RAM for the running workload
- An outdated keyboard driver
- A disconnected monitor
- A disabled firewall
Correct answer: Insufficient RAM for the running workload
Correct answer: Insufficient RAM for the running workload. Explanation: Memory pegged near 100% with hangs indicates insufficient RAM (or a memory leak), causing heavy paging. A keyboard driver, monitor connection, or firewall state would not cause system-wide memory exhaustion.
- A mobile device drains its battery unusually fast and runs hot even when idle. Which is the most likely software-related cause to investigate first?
- A rogue or misbehaving app running in the background
- The device is in airplane mode
- The screen brightness is set too low
- Bluetooth is turned off
Correct answer: A rogue or misbehaving app running in the background
Correct answer: A rogue or misbehaving app running in the background. Explanation: Fast battery drain and heat at idle often point to a background app consuming CPU/network. Airplane mode and low brightness reduce drain, and disabled Bluetooth would not cause excessive consumption.
- A Windows update fails repeatedly and rolls back. Which built-in tool is designed to diagnose and fix common Windows Update problems?
- Windows Update Troubleshooter
- Disk Defragmenter
- Performance Monitor
- Magnifier
Correct answer: Windows Update Troubleshooter
Correct answer: Windows Update Troubleshooter. Explanation: The Windows Update Troubleshooter resets update components and resolves common failures. Disk Defragmenter optimizes drives, Performance Monitor tracks metrics, and Magnifier is an accessibility tool.
- A user's web browser redirects searches to unfamiliar sites and shows excessive pop-ups. What is the most likely cause?
- A browser hijacker / malicious extension
- A failing power supply
- An incorrect time zone setting
- A muted speaker
Correct answer: A browser hijacker / malicious extension
Correct answer: A browser hijacker / malicious extension. Explanation: Redirected searches and pop-ups typically indicate a browser hijacker or malicious extension. Removing the rogue extension and scanning for malware resolves it; a PSU, time zone, or muted speaker are unrelated.
- A smartphone cannot download or update apps and reports insufficient storage. Which is the most appropriate first step?
- Clear cached data and remove unused apps or files
- Replace the SIM card
- Turn off mobile data
- Enable developer mode
Correct answer: Clear cached data and remove unused apps or files
Correct answer: Clear cached data and remove unused apps or files. Explanation: Insufficient storage is resolved by clearing cache and deleting unused apps, photos, or files to free space. Replacing the SIM, disabling mobile data, or enabling developer mode do not free storage.
- A Windows computer displays a 'BOOTMGR is missing' error and will not start. Which tool can rebuild the boot configuration from the recovery environment?
- Bootrec /rebuildbcd
- Ipconfig /flushdns
- Sfc /verifyonly
- Taskkill
Correct answer: Bootrec /rebuildbcd
Correct answer: bootrec /rebuildbcd. Explanation: From Windows Recovery Environment, bootrec /rebuildbcd (along with /fixmbr and /fixboot) repairs boot records and the BCD. ipconfig manages DNS cache, sfc checks system files, and taskkill ends processes.
- Applications on a workstation are extremely slow and the hard drive light is constantly active even with few programs open. Which is a likely cause to check?
- A failing hard drive or excessive disk paging
- A disconnected mouse
- An incorrect keyboard layout
- A muted microphone
Correct answer: A failing hard drive or excessive disk paging
Correct answer: A failing hard drive or excessive disk paging. Explanation: Constant disk activity with slowness suggests a failing drive or heavy paging due to low RAM; checking SMART status and resource usage is appropriate. A mouse, keyboard layout, or microphone would not cause this.
- An Android app keeps force-closing immediately after launch on one device but works on others. Which troubleshooting step should be tried first?
- Clear the app's cache and data, then reinstall if needed
- Factory reset the device immediately
- Replace the device battery
- Change the SIM card PIN
Correct answer: Clear the app's cache and data, then reinstall if needed
Correct answer: Clear the app's cache and data, then reinstall if needed. Explanation: Clearing the app's cache/data and reinstalling resolves most single-app crashes from corrupted data. A factory reset is too drastic as a first step, and the battery or SIM PIN are unrelated to one app crashing.
- A user complains that their PC's clock is wrong and secure websites give certificate date errors. Which fix addresses both symptoms?
- Set the correct date/time and replace the CMOS battery if it keeps resetting
- Reinstall the graphics driver
- Disable the antivirus
- Defragment the hard drive
Correct answer: Set the correct date/time and replace the CMOS battery if it keeps resetting
Correct answer: Set the correct date/time and replace the CMOS battery if it keeps resetting. Explanation: An incorrect clock causes certificate validation errors because the cert appears expired or not yet valid; correcting the time (and replacing a dead CMOS battery if it resets) fixes both. The other options do not address the clock.
- A Windows PC shows a 'Low virtual memory' warning when running several large applications. Which adjustment most directly addresses this?
- Increase the size of the page file (virtual memory)
- Lower the display resolution
- Disable Windows Update
- Turn off the screen saver
Correct answer: Increase the size of the page file (virtual memory)
Correct answer: Increase the size of the page file (virtual memory). Explanation: A low virtual memory warning means the page file is too small for the workload; increasing the page file (or adding RAM) resolves it. Resolution, updates, and screen savers are unrelated to virtual memory.
- A laptop's Wi-Fi works but a specific application cannot reach the internet while others can. Which is the most likely cause to check?
- A firewall rule or app-specific setting is blocking the application
- The laptop lid sensor is faulty
- The webcam driver is missing
- The keyboard backlight is off
Correct answer: A firewall rule or app-specific setting is blocking the application
Correct answer: A firewall rule or app-specific setting is blocking the application. Explanation: When one app lacks connectivity but others work, a firewall rule, proxy, or app setting is usually blocking that program. A lid sensor, webcam driver, or keyboard backlight has nothing to do with application networking.
- A technician about to open a desktop power supply should follow which safety procedure?
- Disconnect power and avoid opening the PSU; replace it as a unit
- Open the PSU and discharge it with bare hands
- Keep the system plugged in for grounding
- Wear an anti-static strap connected directly to a power outlet
Correct answer: Disconnect power and avoid opening the PSU; replace it as a unit
Correct answer: Disconnect power and avoid opening the PSU; replace it as a unit. Explanation: Power supplies and CRTs store dangerous charge, so technicians do not open them; the PSU is replaced as a whole unit after disconnecting power. Opening it, leaving it plugged in, or grounding a strap to an outlet are unsafe.
- Which document records the planned steps, scope, and roll-back plan for a proposed IT change and requires approval before implementation?
- Change request / change management plan
- End-user license agreement
- Acceptable use policy
- Knowledge base article
Correct answer: Change request / change management plan
Correct answer: Change request / change management plan. Explanation: A change request documents the scope, plan, risk, and back-out plan and goes through change management approval. An EULA covers software licensing, an AUP governs user behavior, and a KB article is reference documentation.
- Which device should be used to safely dispose of a worn-out laptop lithium-ion battery?
- Take it to an approved recycling or hazardous-materials facility
- Place it in regular household trash
- Incinerate it on site
- Bury it in soil
Correct answer: Take it to an approved recycling or hazardous-materials facility
Correct answer: Take it to an approved recycling or hazardous-materials facility. Explanation: Batteries are hazardous waste and must be recycled or disposed of through approved facilities per local regulations and the SDS. Trash, incineration, and burial are unsafe and environmentally harmful.
- When lifting a heavy server or UPS, which technique reduces the risk of injury?
- Bend at the knees and lift with the legs, keeping the back straight
- Bend at the waist and lift with the back
- Twist the torso while lifting
- Hold the load at arm's length
Correct answer: Bend at the knees and lift with the legs, keeping the back straight
Correct answer: Bend at the knees and lift with the legs, keeping the back straight. Explanation: Proper lifting means bending at the knees, keeping the back straight, and lifting with the legs while holding the load close. Bending at the waist, twisting, or extending the load increases injury risk.
- Which safety equipment prevents static electricity from damaging components during hardware service?
- An anti-static (ESD) wrist strap
- A surge protector
- A multimeter
- A UPS
Correct answer: An anti-static (ESD) wrist strap
Correct answer: An anti-static (ESD) wrist strap. Explanation: An ESD wrist strap (with an anti-static mat) equalizes potential to prevent electrostatic discharge damage. A surge protector guards against power spikes, a multimeter measures electrical values, and a UPS provides backup power.
- A technician is told a chemical spilled in the workspace. Which document provides handling, hazard, and disposal information for that chemical?
- Safety Data Sheet (SDS)
- Standard operating procedure
- Incident report
- Network topology diagram
Correct answer: Safety Data Sheet (SDS)
Correct answer: Safety Data Sheet (SDS). Explanation: A Safety Data Sheet (SDS) details hazards, handling, storage, and disposal for chemicals. An SOP describes routine procedures, an incident report records events, and a topology diagram maps the network.
- When a technician must handle evidence for a potential legal investigation, which concept ensures the integrity and tracking of that evidence?
- Chain of custody
- Acceptable use policy
- Service-level agreement
- Bring-your-own-device policy
Correct answer: Chain of custody
Correct answer: Chain of custody. Explanation: Chain of custody documents who handled evidence and when, preserving its integrity for legal proceedings. An AUP governs usage, an SLA defines service guarantees, and BYOD addresses personal device use.
- Which professional behavior best demonstrates good communication when supporting a frustrated customer?
- Actively listen, avoid interrupting, and clarify the issue
- Use technical jargon to assert expertise
- Take the customer's call while eating lunch
- Argue with the customer about the cause
Correct answer: Actively listen, avoid interrupting, and clarify the issue
Correct answer: Actively listen, avoid interrupting, and clarify the issue. Explanation: Professionalism includes active listening, avoiding interruptions, clarifying needs, and avoiding jargon. Asserting jargon, multitasking during calls, and arguing all damage the customer relationship.
- Which type of fire extinguisher is appropriate for electrical fires involving energized equipment?
- Class C
- Class A
- Class K
- Class D
Correct answer: Class C
Correct answer: Class C. Explanation: Class C extinguishers are rated for electrical fires (energized equipment). Class A is for ordinary combustibles, Class K is for cooking oils, and Class D is for combustible metals.
- Which document defines what a company considers acceptable use of its computers and network by employees?
- Acceptable use policy (AUP)
- Safety data sheet
- Disaster recovery plan
- Asset inventory
Correct answer: Acceptable use policy (AUP)
Correct answer: Acceptable use policy (AUP). Explanation: An acceptable use policy (AUP) specifies how employees may use company IT resources. An SDS covers chemicals, a disaster recovery plan addresses outages, and an asset inventory tracks equipment.
- A technician discovers prohibited content while servicing a user's computer. What is the appropriate first action?
- Follow company policy and preserve the data, reporting through the proper channels
- Delete the content immediately
- Email copies to coworkers
- Ignore it and finish the repair
Correct answer: Follow company policy and preserve the data, reporting through the proper channels
Correct answer: Follow company policy and preserve the data, reporting through the proper channels. Explanation: Best practice is to follow the incident response and chain-of-custody policy, preserve the data/device, and report to the proper authority. Deleting, sharing, or ignoring the content violates procedure and may destroy evidence.
- Which backup approach stores copies in a geographically separate location to protect against site-wide disasters?
- Off-site backup
- Incremental backup on the same server
- A single local external drive left on-site
- Disabling backups to save space
Correct answer: Off-site backup
Correct answer: Off-site backup. Explanation: Off-site (or cloud) backups protect data if the primary site is destroyed, following the 3-2-1 backup rule. Same-server, on-site-only, or disabled backups leave data vulnerable to a single disaster.
- Which ticketing best practice helps other technicians understand and resolve a recurring issue efficiently?
- Document clear problem descriptions, steps taken, and the resolution
- Close tickets without notes once resolved
- Record only the customer's name
- Use vague one-word summaries
Correct answer: Document clear problem descriptions, steps taken, and the resolution
Correct answer: Document clear problem descriptions, steps taken, and the resolution. Explanation: Good ticket documentation captures the problem, troubleshooting steps, and resolution so the knowledge base helps future cases. Closing without notes, recording minimal data, or vague summaries reduce the documentation's value.
- Which practice protects a customer's privacy while a technician works on their device?
- Maintain confidentiality and only access data necessary for the task
- Browse personal files out of curiosity
- Share device contents with friends
- Post screenshots on social media
Correct answer: Maintain confidentiality and only access data necessary for the task
Correct answer: Maintain confidentiality and only access data necessary for the task. Explanation: Technicians must respect privacy and confidential materials, accessing only what the task requires. Browsing personal files, sharing contents, or posting screenshots violates customer trust and policy.
- A technician needs to scale up to handle a high-priority outage affecting many users. According to incident response best practices, which action is appropriate?
- Escalate the issue to the appropriate team and communicate status
- Work alone without informing anyone
- Wait until the next business day
- Close the ticket to reduce the queue
Correct answer: Escalate the issue to the appropriate team and communicate status
Correct answer: Escalate the issue to the appropriate team and communicate status. Explanation: For high-impact incidents, escalation to the right team plus clear status communication speeds resolution. Working in isolation, delaying, or closing the ticket prematurely worsens the outage and breaks the process.
- A company wants to ensure all corporate mobile devices enforce encryption, passcodes, and remote wipe. Which solution centrally manages these policies?
- Mobile device management (MDM)
- A spreadsheet of device serial numbers
- A local antivirus on one PC
- A printer management utility
Correct answer: Mobile device management (MDM)
Correct answer: Mobile device management (MDM). Explanation: Mobile device management (MDM) centrally enforces security policies such as encryption, passcodes, app control, and remote wipe across enrolled devices. A spreadsheet, single-PC antivirus, or printer tool cannot enforce mobile policies.
- Which power protection device keeps servers running long enough to shut down gracefully during a power outage?
- Uninterruptible power supply (UPS)
- Surge protector
- Power strip
- KVM switch
Correct answer: Uninterruptible power supply (UPS)
Correct answer: Uninterruptible power supply (UPS). Explanation: A UPS provides battery backup so systems can run briefly and shut down safely during outages, and it conditions power. A surge protector only absorbs spikes, a power strip just adds outlets, and a KVM shares a console.
- Which best practice should a technician follow before making a significant configuration change to a production system?
- Create a backup and document a roll-back (back-out) plan
- Make the change during peak business hours without notice
- Skip testing to save time
- Avoid telling stakeholders
Correct answer: Create a backup and document a roll-back (back-out) plan
Correct answer: Create a backup and document a roll-back (back-out) plan. Explanation: Change management requires backing up, planning a back-out (roll-back), testing, and notifying stakeholders before production changes. Acting at peak hours, skipping testing, or hiding the change increases risk.
- Which attack tricks users into entering credentials on a fraudulent website that mimics a legitimate one, often reached via a deceptive link?
- Phishing
- Denial of service
- Privilege escalation
- Zero-day
Correct answer: Phishing
Correct answer: Phishing. Explanation: Phishing uses fraudulent emails or sites that impersonate trusted entities to harvest credentials. A denial of service disrupts availability, privilege escalation gains higher rights, and a zero-day exploits an unknown flaw.
- A company requires that hard drives be made unrecoverable before disposal. Which method physically guarantees data cannot be read?
- Shredding or degaussing the drive
- Moving files to the Recycle Bin
- Performing a quick format
- Renaming the partition
Correct answer: Shredding or degaussing the drive
Correct answer: Shredding or degaussing the drive. Explanation: Physical destruction (shredding) or degaussing reliably renders data unrecoverable; drive wiping/secure erase is the software equivalent. Recycle Bin, quick format, and renaming leave data recoverable.
- A Windows PC randomly displays a blue screen of death (BSOD) and reboots after a recent driver update. Which is the best first troubleshooting step?
- Roll back or update the recently changed driver
- Replace the power supply
- Reinstall the printer software
- Disable the on-screen keyboard
Correct answer: Roll back or update the recently changed driver
Correct answer: Roll back or update the recently changed driver. Explanation: BSOD errors that began after a driver change are commonly fixed by rolling back or updating that driver, often via Safe Mode. Replacing the PSU, reinstalling printer software, or disabling the on-screen keyboard do not address a faulty driver.
- A user cannot open files because an application reports them as 'corrupted,' and the issue started after an abrupt power loss. Which tool best checks the file system for errors?
- Chkdsk
- Ping
- Regedit
- Msinfo32
Correct answer: Chkdsk
Correct answer: chkdsk. Explanation: chkdsk scans and repairs file system and disk errors that often follow an unclean shutdown. ping tests connectivity, regedit edits the registry, and msinfo32 reports system information.
- A workstation's antivirus is disabled and will not turn back on, and the user cannot access security websites. What does this most likely indicate?
- An active malware infection interfering with security tools
- A dead CMOS battery
- An unplugged monitor
- A full Recycle Bin
Correct answer: An active malware infection interfering with security tools
Correct answer: An active malware infection interfering with security tools. Explanation: Malware commonly disables antivirus and blocks security sites to avoid removal; booting to Safe Mode or using rescue media to scan is the next step. A CMOS battery, monitor, or Recycle Bin would not block security tools.
- A mobile device cannot install OS updates and shows random reboots and app crashes after the user installed apps from an unofficial source. What is the most likely cause?
- Malware from a sideloaded, untrusted app
- A scratched screen protector
- Too many saved Wi-Fi networks
- A low ringtone volume
Correct answer: Malware from a sideloaded, untrusted app
Correct answer: Malware from a sideloaded, untrusted app. Explanation: Installing apps from unofficial sources can introduce malware causing instability and blocked updates; removing the app and scanning, or resetting, resolves it. A screen protector, saved Wi-Fi networks, or ringtone volume do not cause these symptoms.
- When diagnosing a printer that produces poor quality prints, what should be checked first?
- Network connection
- Printer drivers
- Print spooler
- Toner or ink levels
Correct answer: Toner or ink levels
Correct answer: Toner or ink levels. Explanation: Poor print quality is often directly related to low toner or ink levels. Checking these levels is the first step in troubleshooting printers producing poor quality prints.
- In a scenario where a laptop's battery is not charging, what is the first component you should check?
- The battery itself
- The AC adapter
- The power outlet
- The laptop's charging circuit
Correct answer: The AC adapter
Correct answer: The AC adapter. Explanation: When a laptop's battery is not charging, the first component to check is the AC adapter. A faulty adapter or power supply can prevent the battery from charging.
- What is typically the cause of 'ghost' prints, where faint images of previous prints appear on newly printed pages?
- Low toner or ink
- Paper quality issues
- Faulty drum unit or fuser assembly
- Incorrect printer driver settings
Correct answer: Faulty drum unit or fuser assembly
Correct answer: Faulty drum unit or fuser assembly. Explanation: 'Ghost' prints, where faint images from previous prints appear on new pages, are typically caused by issues with the printer's drum unit or fuser assembly. These components are responsible for transferring and fixing the toner onto the paper.
- What is the most likely cause of a system that starts up but displays nothing on the monitor and the monitor is known to be good?
- Faulty operating system
- Damaged CPU
- Loose or damaged video card
- Corrupted BIOS
Correct answer: Loose or damaged video card
Correct answer: Loose or damaged video card. Explanation: If a system starts up but displays nothing on a monitor that is known to be working, the issue is likely related to the video card. This could be due to it being loose, improperly seated, or damaged.
- A technician powers on a desktop and hears a continuous, regular grinding noise coming from inside the case while the system POSTs normally and boots to Windows. The noise rises and falls with system load. Which component is the most likely source of the grinding noise?
- A failing cooling fan whose bearing has worn out
- The NVMe SSD performing wear-leveling
- The motherboard CMOS battery
- A failing stick of DDR5 memory
Correct answer: A failing cooling fan whose bearing has worn out
A failing cooling fan with a worn bearing is the most likely source. Grinding or rattling that rises and falls with system load points to a mechanical fan (CPU, case, or GPU) whose bearing is degrading, because fan RPM scales with thermal load. An NVMe SSD has no moving parts and cannot grind, and DDR5 and the CMOS battery are silent solid-state components.
- A user reports a sharp, rhythmic clicking sound from their desktop, followed by the system failing to find a bootable operating system on the next restart. Which device is the clicking most consistent with, and what does it signal?
- The optical drive failing to spin a disc
- A mechanical hard disk drive (HDD) experiencing read/write head failure
- An NVMe SSD reaching its endurance limit
- The power supply fan striking a cable
Correct answer: A mechanical hard disk drive (HDD) experiencing read/write head failure
A mechanical hard disk drive experiencing read/write head failure is the cause. The repetitive clicking, often called the 'click of death,' occurs when the actuator arm repeatedly resets after failing to read data, and an unreadable boot drive then produces an OS-not-found error. Solid-state NVMe drives are silent, and a PSU fan or optical drive would not cause an OS to disappear from boot.
- A technician runs the manufacturer's drive diagnostic and sees S.M.A.R.T. reporting rising Reallocated Sectors Count and Pending Sector Count values on a hard drive that still boots. What is the correct interpretation and action?
- The drive needs a firmware reset to clear the counters
- The drive is failing and should be backed up and replaced proactively
- The values indicate a cabling problem, not a drive problem
- The values are normal and require only a defragmentation
Correct answer: The drive is failing and should be backed up and replaced proactively
The drive is failing and should be backed up and replaced proactively. S.M.A.R.T. attributes such as Reallocated Sectors Count and Pending Sector Count increasing over time indicate the drive is remapping bad sectors and degrading, which is a predictor of imminent failure even while it still boots. Defragmentation does not fix physical media damage, and these counters reflect the media, not the data cable.
- A technician presses the power button on a desktop and gets no fans, no lights, and no POST beeps at all. The wall outlet is confirmed good with another device. Which step best isolates whether the power supply unit is at fault?
- Test the PSU with a power supply tester or perform a paperclip jumper test on the 24-pin connector
- Reseat the DDR5 modules and try booting
- Replace the CMOS battery and reset BIOS
- Run S.M.A.R.T. diagnostics on the boot drive
Correct answer: Test the PSU with a power supply tester or perform a paperclip jumper test on the 24-pin connector
Testing the PSU with a power supply tester or paperclip jumper test on the 24-pin ATX connector best isolates the fault. A completely dead system with a known-good outlet points to no power reaching the board, and the tester or jumper confirms whether the PSU produces its rails. Reseating RAM, swapping the CMOS battery, or running S.M.A.R.T. all assume the board is already receiving power, which has not yet been established.
- A user reports a brief burning or acrid plastic smell from their desktop just before it shut off and would no longer power on. What is the safest and most appropriate first action for the technician?
- Run a stress test to reproduce the heat
- Reboot the system to see if the smell returns
- Update the BIOS to the latest firmware
- Unplug the system from power immediately and inspect for a failed power supply or component before powering on again
Correct answer: Unplug the system from power immediately and inspect for a failed power supply or component before powering on again
Unplugging the system immediately and inspecting before re-powering is the safest first action. A burning smell indicates an electrical failure, most often in the power supply or a capacitor or other component, and continuing to apply power risks further damage or fire. Rebooting or stress-testing would re-energize a potentially shorted component, and a BIOS update cannot address physical damage.
- A desktop powers on with fans spinning and lights on, but the monitor stays black with no signal and the system never produces video or POST output. The technician has confirmed the monitor and cable on another PC. Which troubleshooting step is most appropriate next?
- Reseat the RAM and GPU, then listen or watch for POST beep or diagnostic LED codes
- Reinstall the graphics driver in Safe Mode
- Reset the network adapter configuration
- Replace the hard drive because the OS will not load
Correct answer: Reseat the RAM and GPU, then listen or watch for POST beep or diagnostic LED codes
Reseating the RAM and GPU and checking POST beep codes or motherboard diagnostic LEDs is the correct next step. When a system powers on but produces no display and no POST, the most common causes are unseated memory or graphics hardware, and beep codes or debug LEDs identify which subsystem is halting. The OS, video driver, and network adapter are irrelevant because the system is not even reaching POST.
- A workstation repeatedly restarts a few seconds into Windows boot, never reaching the desktop, and cycles indefinitely. The technician suspects a failed update or driver. Which action most directly breaks the loop to diagnose it?
- Swap the RAM for higher-capacity modules
- Interrupt boot to enter the Windows Recovery Environment and disable automatic restart on system failure
- Replace the power supply unit
- Reflash the system BIOS
Correct answer: Interrupt boot to enter the Windows Recovery Environment and disable automatic restart on system failure
Entering the Windows Recovery Environment and disabling automatic restart on system failure is the most direct action. A continuous reboot loop in Windows is frequently caused by a crash that triggers an automatic restart, and disabling that option (or using Recovery to roll back an update or driver) lets the technician read the stop error instead of looping. PSU, BIOS, and RAM swaps are hardware shots in the dark when the symptom points to a software crash loop.
- A Windows 11 workstation crashes to a blue screen of death (BSOD) with a stop code, and the crashes began immediately after the user installed a new third-party device driver. What is the most likely root cause?
- A fragmented system drive
- An expired Windows product license
- A faulty or incompatible device driver
- A weak Wi-Fi signal
Correct answer: A faulty or incompatible device driver
A faulty or incompatible device driver is the most likely cause. A BSOD that appears right after installing new driver software strongly implicates that driver, since drivers run in kernel mode and a defective one can halt the system with a stop error. Licensing, fragmentation, and Wi-Fi signal affect activation, performance, or connectivity, none of which produce kernel stop codes.
- A technician is asked how to fix a recurring blue screen of death on a Windows 11 PC where the stop code references a memory management error. After the obvious driver checks, which hardware test most directly targets this stop code?
- Run chkdsk to repair the file system
- Replace the CMOS battery to restore the clock
- Reset the BIOS to defaults to clear the GPU settings
- Run the Windows Memory Diagnostic or MemTest86 to test the RAM
Correct answer: Run the Windows Memory Diagnostic or MemTest86 to test the RAM
Running the Windows Memory Diagnostic or MemTest86 most directly targets this stop code. A memory-management BSOD often stems from defective or unstable RAM, and a memory test confirms whether modules are failing so they can be reseated or replaced. chkdsk addresses disk file-system errors, while BIOS resets and CMOS battery swaps address configuration and clock issues, not memory faults.
- A user's laptop screen shows the image stretched and bowed so that straight lines appear curved and the picture geometry looks warped, while an external monitor connected to the same laptop displays a perfect image. Where does the fault most likely reside?
- The graphics processing unit (GPU)
- The installed display driver
- The laptop's built-in display panel or its video cable/connection
- The operating system resolution scaling setting
Correct answer: The laptop's built-in display panel or its video cable/connection
The laptop's built-in display panel or its internal video cable is the most likely fault. Because an external monitor driven by the same GPU and driver shows a correct image, the problem is isolated to the components unique to the internal display, such as a damaged panel or a pinched LCD ribbon cable. If the GPU, driver, or scaling setting were at fault, the external monitor would also show distortion.
- A technician examines pages from a laser printer that are uniformly faded and light across the entire sheet, though text is still legible. Which corrective action should be attempted first?
- Clean the print heads with the maintenance utility
- Replace the fuser assembly
- Update the printer's firmware
- Check the toner level and replace or redistribute the toner cartridge
Correct answer: Check the toner level and replace or redistribute the toner cartridge
Checking the toner level and replacing or redistributing the toner cartridge should be tried first. Uniformly faded laser output most commonly means the toner is running low, and gently rocking the cartridge can buy time before a replacement. A fuser problem causes smearing rather than fading, print heads belong to inkjet printers, and firmware updates do not restore image density.
- A laser printer produces output where a faint duplicate of an image or text reappears farther down the page, repeating at regular intervals. What is the most common cause of this ghosting?
- Low toner in the cartridge
- A misaligned paper tray guide
- An incorrect printer driver installed on the PC
- A worn imaging drum or a failing cleaning blade/transfer roller leaving residual toner
Correct answer: A worn imaging drum or a failing cleaning blade/transfer roller leaving residual toner
A worn imaging drum or a failing cleaning blade or transfer roller is the most common cause of ghosting. Ghost images repeat because residual toner from the previous rotation is not fully cleaned off the drum, so it reappears one drum circumference later. Low toner causes fading not ghosting, tray guides affect paper feed, and a wrong driver causes garbled output rather than periodic faint repeats.
- Sheets coming out of a laser printer have visible folds and creases pressed into the paper. The technician has confirmed the paper is the correct weight and is loaded flat. Which area should be inspected as the most likely cause?
- The printer's IP address configuration
- The toner cartridge for low toner
- The network print queue for stuck jobs
- The paper path rollers and fuser for worn or obstructed components causing the jam/crease
Correct answer: The paper path rollers and fuser for worn or obstructed components causing the jam/crease
Inspecting the paper path rollers and fuser is the most likely fix for creased paper. Creases and folds occur when paper is pinched or partially jammed as it travels through worn pickup rollers or a damaged fuser, deforming the sheet during printing. Toner level affects image density, and queue or IP issues prevent printing entirely rather than physically creasing output.
- A user reports that a shared network laser printer is not printing at all, the printer display shows 'Ready,' and no error is displayed on the device. A test page printed directly from the printer's own panel comes out correctly. Where should the technician focus next?
- The print spooler service and print queue on the client computer or print server
- The toner cartridge and imaging drum
- The printer's paper-tray sensors
- The fuser assembly temperature
Correct answer: The print spooler service and print queue on the client computer or print server
Focusing on the print spooler service and the queue on the client or print server is correct. A successful self-test page proves the printer hardware and consumables work, so a job that never prints points to a stalled spooler or a stuck queue between the computer and the printer. Toner, drum, fuser, and tray sensors are all ruled out because the device's own test page printed normally.
- A technician is troubleshooting a Windows 11 laptop that shows a yellow warning triangle over the network icon and the status 'Limited' or no internet, yet the adapter is connected to the access point. Running ipconfig shows an address of 169.254.x.x. What does this APIPA address indicate?
- The DNS server entry is misconfigured
- The default gateway is unreachable due to a firewall rule
- The Wi-Fi adapter driver is corrupt
- The client failed to obtain an IP lease from a DHCP server
Correct answer: The client failed to obtain an IP lease from a DHCP server
An APIPA address of 169.254.x.x indicates the client failed to obtain a lease from a DHCP server. Windows self-assigns this link-local address only when no DHCP response is received, which explains the limited/no-internet state despite an associated wireless link. A bad DNS entry would still show a routable IP, and gateway firewall or driver corruption would present different symptoms than the specific 169.254 self-assignment.
- A technician needs to troubleshoot a desktop that has no network connectivity. Which sequence of steps follows a logical bottom-up approach for an Ethernet client?
- Ping a public website by name, and if it fails, immediately replace the router
- Replace the network switch, then reinstall Windows, then check the cable
- Flush DNS first, then disable the firewall, then replace the NIC
- Verify the cable and link light, confirm an IP via ipconfig, ping the gateway, then ping an external host by name
Correct answer: Verify the cable and link light, confirm an IP via ipconfig, ping the gateway, then ping an external host by name
Verifying the physical link, confirming an IP, pinging the gateway, then resolving and pinging an external host is the logical sequence. This bottom-up flow confirms each layer in order so the technician knows whether the break is physical, addressing, local routing, or name resolution. Replacing hardware or reinstalling Windows up front skips diagnosis, and jumping straight to a public ping without checking local layers cannot localize the failure.
- Users on one floor report that their Wi-Fi 6E connections drop and reconnect intermittently several times an hour, while wired clients on the same network are stable. Which cause is most consistent with intermittent wireless-only drops?
- RF interference or channel overlap/overlapping coverage causing the clients to lose association
- A failed DHCP server on the network
- A misconfigured DNS server entry
- A faulty Ethernet patch panel
Correct answer: RF interference or channel overlap/overlapping coverage causing the clients to lose association
RF interference or overlapping channel coverage is the cause most consistent with these symptoms. Intermittent drops that affect only wireless clients, while wired clients stay stable, point to a radio-layer problem such as interference, channel contention, or roaming between overlapping access points. A DHCP or DNS fault would also disrupt wired clients, and a patch panel issue is purely a wired-side problem.
- A technician is dispatched for a laptop that 'will not charge.' The battery sits at a fixed percentage with the AC adapter plugged in. Which check best isolates whether the AC adapter is the problem before ordering a battery?
- Replace the system board immediately
- Run the Windows Memory Diagnostic
- Reset the BIOS to factory defaults
- Test with a known-good charger of the correct wattage and confirm the charging LED and AC-in detection
Correct answer: Test with a known-good charger of the correct wattage and confirm the charging LED and AC-in detection
Testing with a known-good charger of the correct wattage is the best isolation step. Substituting a verified adapter quickly distinguishes a failed charger, cable, or DC jack from an actual battery fault, and confirming the charging LED and AC-in detection shows whether power is reaching the system. Memory diagnostics are unrelated to charging, and replacing the board or resetting BIOS are premature before the simplest cause is ruled out.
- A technician notices a desktop CPU is thermal-throttling under light load, the cooling fan runs at maximum, and the system occasionally shuts down. Which condition is most consistent with these overheating symptoms?
- A failing power supply on the 5V rail
- Insufficient system RAM
- Dried-out or improperly applied thermal paste or a clogged heatsink reducing heat transfer
- A corrupted Windows page file
Correct answer: Dried-out or improperly applied thermal paste or a clogged heatsink reducing heat transfer
Dried-out thermal paste or a clogged, dust-packed heatsink is the most consistent cause. Poor heat transfer between the CPU and its cooler causes temperatures to spike even at light load, triggering fan ramp-up, throttling, and protective shutdowns. PSU rail problems cause power instability rather than thermal throttling, and RAM or page-file issues affect performance or crashes without raising CPU temperature.
- During POST a desktop emits a repeating beep pattern and never displays video. The technician consults the motherboard manufacturer's documentation. What is the primary purpose of these POST beep codes?
- To confirm the operating system loaded successfully
- To indicate which hardware subsystem failed initialization when video is unavailable
- To report the remaining battery charge of the CMOS cell
- To signal that a Windows update is pending
Correct answer: To indicate which hardware subsystem failed initialization when video is unavailable
POST beep codes indicate which hardware subsystem failed initialization when video output is not available. Because beeps occur before video initializes, they are the firmware's way of reporting faults such as missing RAM or a GPU error, and the meaning is defined by the board's BIOS/UEFI vendor. They are unrelated to CMOS charge, OS load status, or Windows updates, all of which occur after POST or within the OS.
- A technician must connect an external NVMe SSD enclosure to a laptop and wants the maximum sustained transfer rate available through a single reversible port. Which interface should be used?
- eSATA
- USB 2.0 over a Type-A connector
- DisplayPort
- USB4 / Thunderbolt over a USB-C connector
Correct answer: USB4 / Thunderbolt over a USB-C connector
USB4 / Thunderbolt over a USB-C connector provides the highest sustained throughput here. USB4 and Thunderbolt deliver up to 40 Gbps (and up to 80 Gbps or more on newer revisions such as USB4 v2.0 and Thunderbolt 5) over the reversible USB-C connector, well above an external SSD's needs. USB 2.0 tops out at 480 Mbps, eSATA is limited to SATA III speeds and is largely obsolete on modern laptops, and DisplayPort is a video interface, not a storage bus.
- A user's dual-monitor setup shows one display flickering and dropping out intermittently while the other is rock-solid. Both run from the same GPU. Which component should the technician inspect first on the affected display?
- The monitor's brightness setting
- The video cable and its connector on the flickering monitor
- The Windows power plan
- The graphics driver version
Correct answer: The video cable and its connector on the flickering monitor
The video cable and connector on the flickering monitor should be inspected first. Because only one of two displays driven by the same GPU flickers, the fault is isolated to that monitor's signal path, most often a loose, damaged, or marginal cable or connector. A driver, power plan, or brightness issue would tend to affect both displays or alter appearance rather than cause intermittent signal dropout on just one.
- A technician suspects a recently added DDR5 module is unstable, causing random application crashes without a consistent stop code. Which approach best confirms whether a specific module is at fault?
- Replace the CPU
- Remove modules and test one stick at a time in a known-good slot, or run an extended memory test
- Update the GPU firmware
- Reinstall the operating system
Correct answer: Remove modules and test one stick at a time in a known-good slot, or run an extended memory test
Testing one stick at a time in a known-good slot, or running an extended memory test, best confirms a faulty module. Isolating each DDR5 stick individually pinpoints which module or slot triggers the instability, and a memory test stresses each one for errors. Swapping the CPU, reinstalling the OS, or updating GPU firmware do not address suspected RAM and waste time on unrelated subsystems.
- A technician is troubleshooting why a freshly built PC posts but reports only half of its installed DDR5 capacity in BIOS. Both modules are identical and seated. What is the most likely cause?
- Windows has not been activated
- The CPU does not support DDR5
- The power supply wattage is too low
- One memory module or its DIMM slot is faulty or not fully seated
Correct answer: One memory module or its DIMM slot is faulty or not fully seated
A faulty or improperly seated module or slot is the most likely cause of half the capacity appearing. When two identical sticks are installed but only one is counted, the system is recognizing a single working module, pointing to a bad stick, a damaged slot, or an incomplete seat. Since the system POSTed successfully, the CPU clearly supports DDR5; OS activation has no effect on detected RAM, and low PSU wattage would cause power faults rather than a halved memory count.
- A technician needs to confirm whether a network port on a switch is functioning without a second device, by looping the transmit pins back to the receive pins. Which tool accomplishes this?
- A multimeter
- A toner probe
- A loopback plug (loopback adapter)
- A POST card
Correct answer: A loopback plug (loopback adapter)
A loopback plug accomplishes this test. It electrically connects a port's transmit pins back to its receive pins so the device or NIC sees its own signal, confirming the port and interface can send and receive without a remote endpoint. A toner probe traces cable runs, a multimeter measures voltage and continuity, and a POST card reads motherboard boot codes.
- A user reports that a mobile phone overheats and the touchscreen becomes unresponsive while running a GPS navigation app in direct sunlight, then returns to normal after cooling. What is the most likely explanation?
- A failing battery that needs immediate replacement
- Thermal throttling and protective limits triggered by excess heat from sustained high load plus ambient temperature
- Insufficient cellular signal causing the touchscreen lag
- A corrupted operating system requiring a factory reset
Correct answer: Thermal throttling and protective limits triggered by excess heat from sustained high load plus ambient temperature
Thermal throttling and protective limits from excess heat is the most likely explanation. Sustained GPU/CPU load from navigation combined with direct-sun ambient heat drives a phone above its thermal limits, so it throttles and may dim or limit the touchscreen until it cools, after which behavior returns to normal. A failing battery, OS corruption, or weak signal would not resolve simply by letting the device cool down.
- A technician finds that a Wi-Fi 7 capable laptop connects with a strong signal but achieves only a fraction of expected throughput, while a phone on the same access point reaches full speed. Which setting on the laptop should be checked first?
- The laptop's screen resolution
- The wireless adapter's configured band and channel-width/standard settings (e.g., forced 2.4 GHz or limited width)
- The default printer assignment
- The system clock and time zone
Correct answer: The wireless adapter's configured band and channel-width/standard settings (e.g., forced 2.4 GHz or limited width)
The wireless adapter's band, channel-width, and standard settings should be checked first. If the laptop's adapter is locked to 2.4 GHz, a narrow channel width, or a legacy standard, it will connect with good signal yet deliver far less throughput than a properly configured device on the same access point. Screen resolution, printer assignment, and the system clock have no bearing on wireless data rates.
- A desktop intermittently loses its Ethernet link for a few seconds at a time, and wiggling the cable near the wall jack reproduces the drop. Which is the most likely cause and the correct fix?
- An exhausted DHCP scope; reboot the client
- A damaged cable or loose RJ45 termination; reterminate or replace the cable
- A corrupted DNS cache; run ipconfig /flushdns
- A failing CPU; replace the processor
Correct answer: A damaged cable or loose RJ45 termination; reterminate or replace the cable
A damaged cable or loose RJ45 termination is the most likely cause, fixed by reterminating or replacing the cable. The fact that physically moving the cable reproduces the drop points directly to a marginal physical connection rather than a logical layer. A CPU fault would not be motion-sensitive, and DHCP-scope or DNS-cache problems do not respond to flexing a cable.
- A technician is comparing DDR4 and DDR5 memory before specifying RAM for a new Windows 11 workstation build. Which statement accurately describes a difference introduced with DDR5?
- DDR5 modules run at a higher standard voltage of 1.5V to push more power into the chips
- DDR5 lowers maximum data rates compared with DDR4 to improve stability
- DDR5 includes on-die ECC and moves voltage regulation onto the module with an integrated PMIC
- DDR5 uses the same 240-pin notch layout as DDR4 so the modules are physically interchangeable
Correct answer: DDR5 includes on-die ECC and moves voltage regulation onto the module with an integrated PMIC
DDR5 includes on-die ECC and an on-module power management IC (PMIC) is the correct answer. Every DDR5 chip carries on-die ECC that corrects single-bit errors inside the chip, and DDR5 moves voltage regulation from the motherboard onto the module via a PMIC while dropping operating voltage to 1.1V (down from DDR4's 1.2V). DDR5 also reaches higher data rates than DDR4 and uses a different keying notch, so the modules are not interchangeable.
- A user asks why their server-grade RAM is labeled ECC while the memory in their gaming PC is non-ECC. What is the practical difference between ECC and non-ECC RAM?
- ECC RAM is exclusively used in laptops, while non-ECC RAM is only for desktops
- ECC RAM runs at twice the clock speed of non-ECC RAM of the same generation
- ECC RAM stores data without electrical refresh, while non-ECC RAM must be refreshed constantly
- ECC RAM detects and corrects single-bit memory errors automatically, while non-ECC RAM does not
Correct answer: ECC RAM detects and corrects single-bit memory errors automatically, while non-ECC RAM does not
ECC RAM detects and corrects single-bit errors automatically while non-ECC does not is correct. ECC (Error-Correcting Code) memory adds an extra chip and parity bits so single-bit errors are caught and fixed in real time, which is valued in servers and workstations where data integrity is critical. ECC does not inherently run faster, and both ECC and non-ECC are DRAM that requires periodic refresh.
- A technician is selecting memory for a laptop and must choose the correct physical form factor. Which type of RAM module is designed for laptops?
Correct answer: SO-DIMM
SO-DIMM is correct. Small Outline DIMMs (SO-DIMMs) are the compact memory modules used in laptops and many small-form-factor systems; they are physically shorter than the full-size DIMMs used in desktops. A standard DIMM is too long for a laptop slot, and RIMM and SIPP are obsolete formats not used in current laptops.
- A technician needs to install an NVMe SSD that connects through the PCIe bus rather than the SATA bus. Which interface and slot does this drive use?
- An M.2 slot keyed for PCIe lanes
- A 4-pin Molex power header
- A 15-pin SATA data connector
- A 40-pin IDE ribbon connector
Correct answer: An M.2 slot keyed for PCIe lanes
An M.2 slot keyed for PCIe lanes is correct. NVMe drives communicate over PCIe lanes for much higher throughput than SATA, and consumer NVMe SSDs typically use the M.2 form factor with M-key edge connectors. A SATA data connector limits the drive to the SATA bus speed, and IDE and Molex are legacy interfaces unrelated to NVMe.
- A technician is told two SSDs both use the M.2 form factor, yet one runs far faster than the other. What most directly explains the speed difference between an M.2 SATA SSD and an M.2 NVMe SSD?
- The SATA drive uses faster NAND flash chips than the NVMe drive
- The SATA drive runs at a higher voltage, giving it more bandwidth
- The NVMe drive communicates over PCIe lanes while the SATA drive is capped at the SATA III bus
- The NVMe drive is larger physically so it holds more cache
Correct answer: The NVMe drive communicates over PCIe lanes while the SATA drive is capped at the SATA III bus
The NVMe drive communicates over PCIe lanes while the M.2 SATA drive is capped at the SATA III bus is correct. Both can share the M.2 physical slot, but an M.2 SATA SSD is limited to roughly 600 MB/s by the SATA III interface, while an M.2 NVMe SSD uses multiple PCIe lanes and reaches several gigabytes per second. The flash chips, physical size, and voltage are not the determining factor.
- A user wants to know whether to buy an SSD or an HDD for a new system. Which statement correctly contrasts the two storage technologies?
- An SSD uses flash memory with no moving parts and offers faster access than a platter-based HDD
- An HDD has no moving parts and is faster, while an SSD uses spinning platters
- An HDD always offers lower latency than an SSD because of its higher RPM
- An SSD must be defragmented regularly while an HDD never needs defragmentation
Correct answer: An SSD uses flash memory with no moving parts and offers faster access than a platter-based HDD
An SSD uses flash memory with no moving parts and is faster than a platter-based HDD is correct. Solid-state drives store data on NAND flash and have no spinning platters or read/write heads, giving far lower access latency and higher durability than a hard disk drive, which uses rotating magnetic platters. SSDs should not be defragmented, and HDD RPM does not let it beat SSD latency.
- A technician is configuring storage for a server and wants striping with no redundancy to maximize performance and capacity. Which RAID level should be used, and what is the trade-off versus mirroring?
- RAID 0 requires at least three drives, while RAID 1 requires only one
- RAID 0 stripes data across drives with no fault tolerance, while RAID 1 mirrors data for redundancy
- RAID 0 and RAID 1 both provide parity-based redundancy across all drives
- RAID 0 mirrors data for redundancy, while RAID 1 stripes data with no fault tolerance
Correct answer: RAID 0 stripes data across drives with no fault tolerance, while RAID 1 mirrors data for redundancy
RAID 0 stripes data with no fault tolerance while RAID 1 mirrors for redundancy is correct. RAID 0 splits data across two or more drives for speed and full combined capacity but loses everything if one drive fails. RAID 1 keeps an identical copy on a second drive so the array survives a single-drive failure at the cost of usable capacity. Neither uses parity, and RAID 1 needs at least two drives.
- A technician needs a RAID array that tolerates a single drive failure using distributed parity while still using disk space efficiently. Which configuration fits, and what is its minimum drive count?
- RAID 1, requiring a minimum of two drives
- RAID 5, requiring a minimum of three drives
- RAID 6, requiring a minimum of two drives
- RAID 0, requiring a minimum of two drives
Correct answer: RAID 5, requiring a minimum of three drives
RAID 5 with a minimum of three drives is correct. RAID 5 stripes data with distributed parity across all member drives, so it survives the loss of any single drive and rebuilds from parity, while keeping storage overhead low (one drive's worth of capacity is consumed by parity). RAID 0 has no redundancy, RAID 1 is a mirror, and RAID 6 needs at least four drives.
- A technician must choose between RAID 5 and RAID 6 for an array where a second drive could fail during a long rebuild. How do these two levels differ?
- RAID 5 mirrors all data while RAID 6 stripes without parity
- RAID 6 uses single parity while RAID 5 uses double parity
- RAID 6 cannot tolerate any drive failure while RAID 5 tolerates two
- RAID 5 uses single distributed parity and survives one drive failure; RAID 6 uses double parity and survives two
Correct answer: RAID 5 uses single distributed parity and survives one drive failure; RAID 6 uses double parity and survives two
RAID 5 uses single distributed parity (one failure tolerated) and RAID 6 uses double parity (two failures tolerated) is correct. RAID 6 writes two independent parity blocks across the array, so it can survive the simultaneous loss of two drives, which is valuable when rebuilds are long and a second failure is a real risk. RAID 5 only tolerates a single failure. Neither level mirrors all data.
- A technician is asked to summarize the common nested and standard RAID levels for a study sheet. Which description of RAID 10 is accurate?
- RAID 10 is a stripe of mirrored sets, combining the speed of striping with the redundancy of mirroring
- RAID 10 has no fault tolerance and exists only to boost capacity
- RAID 10 uses double distributed parity across at least four drives
- RAID 10 is a single mirror with no striping
Correct answer: RAID 10 is a stripe of mirrored sets, combining the speed of striping with the redundancy of mirroring
RAID 10 is a stripe of mirrored sets is correct. RAID 10 (also written RAID 1+0) mirrors pairs of drives and then stripes data across those mirrored pairs, delivering both the read/write performance of striping and the fault tolerance of mirroring; it needs a minimum of four drives. Double parity describes RAID 6, and RAID 10 is neither a plain mirror nor a non-redundant array.
- A technician building a study reference wants the standard RAID levels ranked by what they provide. Which mapping of level to behavior is correct?
- RAID 0 = single parity; RAID 1 = double parity; RAID 5 = striping; RAID 6 = mirroring
- RAID 0 = mirroring; RAID 1 = striping; RAID 5 = no parity; RAID 6 = single parity
- RAID 0 = double parity; RAID 1 = single parity; RAID 5 = mirroring; RAID 6 = striping
- RAID 0 = striping (speed, no redundancy); RAID 1 = mirroring; RAID 5 = single parity; RAID 6 = double parity
Correct answer: RAID 0 = striping (speed, no redundancy); RAID 1 = mirroring; RAID 5 = single parity; RAID 6 = double parity
RAID 0 = striping, RAID 1 = mirroring, RAID 5 = single distributed parity, RAID 6 = double parity is the correct mapping. These are the core RAID levels the A+ objectives expect: RAID 0 boosts speed with no redundancy, RAID 1 duplicates data, RAID 5 spreads single parity for one-drive fault tolerance, and RAID 6 adds a second parity block for two-drive fault tolerance. The other mappings scramble these definitions.
- A technician is documenting the seven steps of the laser printer imaging process in the correct order. Which sequence is correct per the standard laser printing model?
- Cleaning, processing, charging, developing, exposing, fusing, transferring
- Exposing, charging, processing, transferring, developing, cleaning, fusing
- Processing, charging, exposing, developing, transferring, fusing, cleaning
- Charging, processing, developing, exposing, fusing, transferring, cleaning
Correct answer: Processing, charging, exposing, developing, transferring, fusing, cleaning
Processing, charging, exposing, developing, transferring, fusing, cleaning is the correct order. The page is first built in memory (processing), the drum receives a uniform charge (charging), the laser writes the image (exposing), toner sticks to the written areas (developing), toner moves to the paper (transferring), heat and pressure bond it (fusing), and the drum is wiped clean for the next job (cleaning). The other sequences reorder these steps incorrectly.
- A technician is reviewing the laser printing process and needs to identify the step where the toner image is permanently bonded to the paper. Which step performs this, and what does it use?
- The charging step, which uses a corona wire to apply a static charge to the paper
- The developing step, which uses the laser to write the image
- The fusing step, which uses heat and pressure to melt the toner onto the paper
- The cleaning step, which uses an erase lamp to remove leftover toner
Correct answer: The fusing step, which uses heat and pressure to melt the toner onto the paper
The fusing step, using heat and pressure, is correct. After toner is transferred to the page, the fuser assembly applies heat and pressure to melt the toner so it permanently bonds to the paper, which is why pages are warm exiting a laser printer. Charging prepares the drum, developing applies toner to the drum, and cleaning removes residual toner.
- A technician finds faint vertical lines and inconsistent print darkness on a laser printer and reviews how the drum receives its uniform negative charge. Which component is responsible for applying that charge to the photosensitive drum?
- The primary corona wire (or primary charge roller)
- The fuser roller
- The pickup roller
- The transfer belt
Correct answer: The primary corona wire (or primary charge roller)
The primary corona wire (or primary charge roller) is correct. The corona wire applies a uniform negative charge across the photosensitive drum during the charging step so the laser can later selectively discharge areas to form the image. The fuser melts toner onto paper, the pickup roller feeds paper, and the transfer mechanism moves toner from drum to page.
- A user is deciding between an inkjet and a laser printer for a small office that prints high volumes of black text. Which statement accurately compares the two technologies?
- Inkjet printers always cost more per page than laser printers for text printing
- Laser printers use toner fused with heat and excel at high-volume text; inkjets spray liquid ink and suit photos and low volumes
- Laser printers spray liquid ink droplets while inkjets melt powder onto the page
- Inkjet printers use toner powder while laser printers use liquid ink cartridges
Correct answer: Laser printers use toner fused with heat and excel at high-volume text; inkjets spray liquid ink and suit photos and low volumes
Laser printers use toner fused with heat and excel at high-volume text, while inkjets spray liquid ink and suit photos and low volumes, is correct. Laser printers offer lower cost per page and faster output for heavy text workloads, while inkjets produce excellent color photos but have higher per-page ink costs and slower speeds at volume. The other choices swap the underlying technologies.
- A technician is servicing a receipt printer at a retail register that uses heat-sensitive paper and has no ink or toner. What type of printer is this, and how does it form an image?
- A laser printer, which fuses toner with a heated roller
- An inkjet printer, which sprays heated ink droplets onto plain paper
- A thermal printer, which uses a heated print head to darken special thermal paper
- An impact dot-matrix printer, which strikes an inked ribbon against the paper
Correct answer: A thermal printer, which uses a heated print head to darken special thermal paper
A thermal printer using a heated print head on thermal paper is correct. Direct thermal printers apply heat from the print head to chemically treated paper, turning it dark to form characters; they are common in receipt and label printing and need no ink or toner. Impact printers use a ribbon, lasers use toner, and inkjets spray liquid ink.
- A technician is choosing between HDMI and DisplayPort for connecting a high-refresh-rate gaming monitor. Which statement is accurate about these two display interfaces?
- DisplayPort cannot carry audio, so a separate cable is always required
- Both carry digital video and audio, but DisplayPort is more common on PC monitors while HDMI dominates TVs and consumer AV gear
- HDMI and DisplayPort use the same connector, so the cables are interchangeable
- HDMI carries only analog video, while DisplayPort carries digital
Correct answer: Both carry digital video and audio, but DisplayPort is more common on PC monitors while HDMI dominates TVs and consumer AV gear
Both carry digital video and audio, with DisplayPort common on PC monitors and HDMI dominant on TVs, is correct. HDMI and DisplayPort are both all-digital interfaces that carry video and audio; DisplayPort is favored on computer displays (and supports features like daisy-chaining via MST), while HDMI is ubiquitous on televisions and home theater equipment. Both carry audio, both are digital, and their connectors differ.
- A technician is comparing the reversible USB-C connector to legacy USB 3.0 Type-A ports. Which statement correctly distinguishes them?
- USB-C is a data-transfer speed, while USB 3.0 is a physical connector shape
- USB-C and USB 3.0 are the same thing under two marketing names
- USB 3.0 connectors are reversible, while USB-C connectors only insert one way
- USB-C is a reversible connector form factor, while USB 3.0 describes a data-transfer standard typically delivered over a Type-A port
Correct answer: USB-C is a reversible connector form factor, while USB 3.0 describes a data-transfer standard typically delivered over a Type-A port
USB-C is a reversible connector form factor while USB 3.0 is a data-transfer standard typically on a Type-A port is correct. USB-C refers to the physical connector that plugs in either orientation, whereas USB 3.0 (now described as USB 3.2 Gen 1, 5 Gbps) is a speed specification historically carried on the rectangular Type-A connector. A single port can combine both ideas (USB-C carrying USB 3.2 data), so they are not the same and the connector versus speed roles are not reversed.
- A technician needs to connect an external SSD enclosure to a new laptop at 40 Gbps over a single USB-C port. Which interface standard supports this throughput on a USB-C connector?
- USB 2.0, which carries up to 480 Mbps
- eSATA, which carries up to 6 Gbps
- Thunderbolt 4 / USB4, which carries up to 40 Gbps over USB-C
- FireWire 800, which carries up to 800 Mbps
Correct answer: Thunderbolt 4 / USB4, which carries up to 40 Gbps over USB-C
Thunderbolt 4 / USB4 over USB-C at up to 40 Gbps is correct. Thunderbolt 4 and the higher tiers of USB4 use the USB-C connector and deliver up to 40 Gbps, ideal for fast external storage and displays; Thunderbolt 5 raises this further to 80 Gbps. USB 2.0, FireWire 800, and eSATA are all far slower legacy interfaces.
- A technician is sizing a power supply for a desktop with a 170W CPU, a 320W graphics card, and roughly 100W for the motherboard, drives, and fans. Approximately what continuous wattage do the components draw, and how should the PSU be rated?
- About 1200W total, so a 600W PSU is appropriate
- About 590W total, so a PSU rated comfortably above that (for example 750W) should be chosen for headroom and efficiency
- About 250W total, so a 300W PSU is sufficient
- About 590W total, so a 500W PSU is the correct choice to save power
Correct answer: About 590W total, so a PSU rated comfortably above that (for example 750W) should be chosen for headroom and efficiency
About 590W total, so a PSU rated above it such as 750W, is correct. Adding the CPU (170W), GPU (320W), and other components (about 100W) gives roughly 590W, and a power supply should be sized with headroom above peak draw so it runs in its efficient range and handles transient spikes. A 500W or 300W unit would be undersized, and 1200W is far more than this system needs.
- A technician is replacing a graphics card and must verify the power supply can feed it. Which connector on a modern ATX power supply is intended to deliver supplemental power to a discrete GPU?
- The 15-pin SATA power connector
- The 6-pin or 8-pin PCIe power connector (or the 12VHPWR/12V-2x6 connector on newer cards)
- The 24-pin main ATX motherboard connector only
- The 4-pin Molex peripheral connector
Correct answer: The 6-pin or 8-pin PCIe power connector (or the 12VHPWR/12V-2x6 connector on newer cards)
The 6-pin or 8-pin PCIe power connector (or 12VHPWR/12V-2x6 on newer cards) is correct. Discrete graphics cards draw more power than the PCIe slot alone provides, so they use dedicated PCIe power cables; high-end current cards may use the 16-pin 12VHPWR/12V-2x6 connector. The 24-pin powers the board, Molex feeds legacy peripherals, and SATA power feeds drives.
- A technician is selecting a CPU socket type for a new build and must match the processor to the board. Which statement about CPU socket architectures is accurate?
- LGA places the pins on the CPU while PGA places them on the socket
- LGA sockets place the pins on the motherboard socket while the CPU has flat contact pads; PGA places the pins on the CPU
- Socket type has no effect on which CPU a motherboard can accept
- Both LGA and PGA require liquid cooling to function
Correct answer: LGA sockets place the pins on the motherboard socket while the CPU has flat contact pads; PGA places the pins on the CPU
LGA puts pins on the socket with pads on the CPU, while PGA puts pins on the CPU, is correct. Land Grid Array (LGA) sockets, used by Intel, hold the delicate pins in the socket and the CPU presents flat contact lands; Pin Grid Array (PGA) puts the pins on the processor. The pin locations are not reversed, neither mandates liquid cooling, and socket type absolutely determines CPU compatibility.
- A technician must install expansion cards into a desktop and needs the slot that provides the most bandwidth for a graphics card. Which slot is used, and how is its bandwidth scaled?
- A PCIe x16 slot, where bandwidth scales with the number of lanes (x1, x4, x8, x16)
- A SATA slot, where bandwidth scales with drive RPM
- A legacy PCI slot, where bandwidth scales with cable length
- An AGP slot, which is the current standard for modern GPUs
Correct answer: A PCIe x16 slot, where bandwidth scales with the number of lanes (x1, x4, x8, x16)
A PCIe x16 slot with bandwidth scaling by lane count is correct. PCI Express provides serial lanes, and a slot is described by its lane width (x1, x4, x8, x16); graphics cards use the x16 slot for maximum bandwidth. Legacy PCI and AGP are obsolete for current GPUs, and SATA is a storage interface, not an expansion slot for cards.
- A technician is installing a CPU cooler and must apply thermal paste between the processor and heat sink. What is the purpose of the thermal paste?
- To electrically insulate the CPU pins from the socket
- To glue the CPU permanently to the motherboard
- To fill microscopic air gaps and improve heat transfer from the CPU lid to the heat sink
- To increase the clock speed of the processor
Correct answer: To fill microscopic air gaps and improve heat transfer from the CPU lid to the heat sink
To fill microscopic air gaps and improve heat transfer is correct. Thermal paste (thermal interface material) fills the tiny imperfections between the CPU's integrated heat spreader and the cooler base, conducting heat far better than the trapped air it displaces. It is not an electrical insulator for pins, not an adhesive, and does not change clock speed.
- A technician is choosing between air and liquid cooling for a high-performance CPU. Which statement about a closed-loop (AIO) liquid cooler is accurate?
- It cools by submerging the entire motherboard in dielectric fluid
- It eliminates the need for any fans in the system
- It circulates coolant through a pump and water block to a radiator with fans, moving heat away from the CPU more effectively under heavy loads
- It requires the user to manually refill coolant before every boot
Correct answer: It circulates coolant through a pump and water block to a radiator with fans, moving heat away from the CPU more effectively under heavy loads
It circulates coolant from a water block to a radiator with fans is correct. A closed-loop all-in-one (AIO) cooler uses a pump to move liquid through a block on the CPU to a radiator where fans dissipate the heat, often outperforming air coolers under sustained load. AIOs still use fans on the radiator, are sealed (no refilling), and do not submerge the board.
- A technician is documenting motherboard form factors for a build guide. Which ordering correctly reflects relative physical size from largest to smallest among common consumer boards?
- Mini-ITX is larger than ATX, which is larger than microATX
- MicroATX is larger than ATX, which is larger than Mini-ITX
- Mini-ITX is the largest and ATX is the smallest
- ATX is larger than microATX, which is larger than Mini-ITX
Correct answer: ATX is larger than microATX, which is larger than Mini-ITX
ATX larger than microATX larger than Mini-ITX is correct. Standard ATX boards are the largest of these consumer formats with the most expansion slots, microATX is smaller with fewer slots, and Mini-ITX is the compact form used in small-form-factor builds. The other orderings misrank the sizes.
- A technician is replacing the firmware interface battery on a desktop and the system keeps losing its date and boot order when unplugged. Which small battery and chip are involved, and what do they retain?
- A lithium-ion pack that powers the RAM to retain open documents
- A 9V battery powering the CPU cache when the system is off
- A NiMH battery that powers the cooling fans during sleep
- A CR2032 coin cell powering CMOS, which retains BIOS/UEFI settings and the real-time clock
Correct answer: A CR2032 coin cell powering CMOS, which retains BIOS/UEFI settings and the real-time clock
A CR2032 coin cell powering CMOS, which retains BIOS/UEFI settings and the real-time clock, is correct. The small CR2032 lithium coin cell keeps the CMOS and real-time clock powered while the system is off so settings like boot order and the system date persist; a dead cell causes time and configuration loss. RAM is volatile and is not preserved by this battery.
- A technician is connecting four SATA hard drives and needs to know the maximum throughput of the SATA III interface each drive uses. What is the SATA III (SATA 6Gb/s) bus speed, and what is its practical data rate?
- 40 Gbps signaling, roughly 4 GB/s of usable data throughput
- 1.5 Gbps signaling, roughly 150 MB/s of usable data throughput
- 3 Gbps signaling, roughly 300 MB/s of usable data throughput
- 6 Gbps signaling, roughly 600 MB/s of usable data throughput
Correct answer: 6 Gbps signaling, roughly 600 MB/s of usable data throughput
6 Gbps signaling, roughly 600 MB/s usable, is correct. SATA III (often labeled SATA 6Gb/s) signals at 6 gigabits per second, which after encoding overhead yields about 600 megabytes per second of real throughput, and this cap is why SATA SSDs are far slower than NVMe drives. 3 Gbps is SATA II, 1.5 Gbps is SATA I, and 40 Gbps describes Thunderbolt/USB4.
- A technician needs to identify the connector that supplies the main power to an ATX motherboard. Which connector is it?
- An 8-pin PCIe graphics connector
- A single 4-pin Molex connector
- A 24-pin (20+4) ATX main power connector
- A 15-pin SATA power connector
Correct answer: A 24-pin (20+4) ATX main power connector
The 24-pin (20+4) ATX main power connector is correct. The primary motherboard power comes from the 24-pin ATX connector (commonly built as 20+4 pins for compatibility), usually paired with a separate 4- or 8-pin EPS connector for the CPU. Molex feeds legacy peripherals, SATA power feeds drives, and the 8-pin PCIe powers graphics cards.
- A technician is selecting display panel technology for users who need accurate color and wide viewing angles for photo editing. Among common LCD panel types, which best meets that need?
- Plasma, which is standard for current desktop monitors
- IPS (In-Plane Switching), which offers superior color accuracy and viewing angles
- TN (Twisted Nematic), which prioritizes fast response over color accuracy
- CRT, which uses an electron gun and phosphor coating
Correct answer: IPS (In-Plane Switching), which offers superior color accuracy and viewing angles
IPS (In-Plane Switching) is correct. IPS LCD panels deliver the best color reproduction and wide viewing angles, making them the preferred choice for photo and design work. TN panels trade color quality for fast response times favored by some gamers, while CRT and plasma are obsolete display technologies not used in current monitors.
- A technician is asked which storage interface a 2.5-inch SATA SSD uses for both data and power. Which pair of connectors is correct?
- A 7-pin SATA data connector and a 15-pin SATA power connector
- An M.2 edge connector that carries both data and power
- A 40-pin IDE data connector and a 4-pin Molex power connector
- A USB-C connector that carries both data and power
Correct answer: A 7-pin SATA data connector and a 15-pin SATA power connector
A 7-pin SATA data connector and a 15-pin SATA power connector is correct. A standard 2.5-inch SATA SSD or hard drive uses a 7-pin connector for data and a separate 15-pin connector for power. IDE/Molex is the legacy parallel ATA standard, M.2 is a different gumstick form factor, and USB-C is for external rather than internal SATA drives.
- A technician notices a laser printer is leaving faint ghost images of a previous page on subsequent prints. Reviewing the imaging process, which step normally prevents this by removing residual toner and charge from the drum?
- The cleaning step, where an erase lamp and a cleaning blade remove leftover toner and reset the drum charge
- The exposing step, where the laser writes the image
- The processing step, where the page is rendered in memory
- The transferring step, where toner moves from the drum to the paper
Correct answer: The cleaning step, where an erase lamp and a cleaning blade remove leftover toner and reset the drum charge
The cleaning step, where an erase lamp and cleaning blade remove leftover toner and reset the drum, is correct. After fusing, the cleaning phase scrapes residual toner off the drum and the erase lamp neutralizes leftover charge so no ghost image carries to the next page; a worn cleaning blade or failing erase lamp causes the ghosting described. Transferring, exposing, and processing are earlier steps that do not remove residual toner.
- A technician is building a study sheet on the laser imaging process and needs the name of the step where negatively charged toner is attracted to the areas of the drum that the laser discharged. Which step is this?
- Transferring
- Charging
- Fusing
- Developing
Correct answer: Developing
Developing is correct. During the developing step, charged toner from the developer roller is attracted to the areas of the photosensitive drum that the laser exposed, forming the image in toner on the drum before it is moved to paper. Charging applies the initial uniform charge, fusing bonds toner to paper, and transferring moves toner from the drum to the page.
- A technician needs to memorize the seven layers of the OSI model from bottom to top for a networking class. Which sequence correctly lists the OSI layers starting at Layer 1?
- Physical, Network, Data Link, Session, Transport, Application, Presentation
- Physical, Data Link, Network, Transport, Session, Presentation, Application
- Application, Presentation, Session, Transport, Network, Data Link, Physical
- Data Link, Physical, Network, Transport, Presentation, Session, Application
Correct answer: Physical, Data Link, Network, Transport, Session, Presentation, Application
Physical, Data Link, Network, Transport, Session, Presentation, Application is the correct bottom-to-top order of the seven OSI layers (Layer 1 through Layer 7). Layer 1 Physical handles bits on the wire and Layer 7 Application is where user programs operate. A common mnemonic is 'Please Do Not Throw Sausage Pizza Away.'
- A user reports that a workstation cannot reach any network resource. Ipconfig shows the address 169.254.18.7 with a 255.255.0.0 mask. What does this address indicate?
- A valid public IP address assigned by the ISP
- An APIPA address assigned because no DHCP server could be reached
- A static address manually entered by the user
- A loopback address used for local testing
Correct answer: An APIPA address assigned because no DHCP server could be reached
An APIPA address assigned because no DHCP server could be reached is correct. Automatic Private IP Addressing uses the 169.254.0.0 to 169.254.255.255 range (169.254.0.0/16) when a client fails to obtain a lease from a DHCP server, which lets devices communicate only on the local link, not the internet. The loopback address is 127.0.0.1, a different range entirely.
- A technician is choosing twisted-pair cabling for a new gigabit office run and must explain the practical difference between Cat 5e and Cat 6 to a manager. Which statement is accurate?
- Cat 5e supports 10 Gbps to 100 meters while Cat 6 is limited to 1 Gbps
- Cat 6 has tighter twist specifications and supports 10 Gbps over shorter runs, while Cat 5e tops out at 1 Gbps
- Cat 6 cannot be used for gigabit Ethernet at all
- Cat 5e uses fiber strands while Cat 6 uses copper
Correct answer: Cat 6 has tighter twist specifications and supports 10 Gbps over shorter runs, while Cat 5e tops out at 1 Gbps
Cat 6 has tighter twist specifications and supports 10 Gbps over shorter runs (up to about 55 meters), while Cat 5e tops out at 1 Gbps. Both handle gigabit Ethernet, but Cat 6 reduces crosstalk and adds bandwidth headroom. Cat 6a extends 10 Gbps to the full 100 meters; neither cable type uses fiber strands.
- A help desk technician is explaining how a hub, a switch, and a router differ. Which description is correct?
- All three operate at Layer 3 and route between subnets
- A hub forwards frames only to the intended port, a switch broadcasts to all ports, and a router stays within one subnet
- A hub repeats traffic to all ports, a switch forwards frames to the correct port by MAC address, and a router moves packets between different networks
- A switch connects to the internet while a hub assigns IP addresses
Correct answer: A hub repeats traffic to all ports, a switch forwards frames to the correct port by MAC address, and a router moves packets between different networks
A hub repeats traffic to all ports, a switch forwards frames to the correct port by MAC address, and a router moves packets between different networks is correct. A hub is a dumb Layer 1 repeater, a switch is a Layer 2 device that learns MAC addresses, and a router is a Layer 3 device that connects separate networks. The hub floods every port; the switch does not.
- A technician is configuring email for a user who wants messages to stay synchronized across a phone, laptop, and tablet. Why is IMAP a better choice than POP3 here?
- IMAP downloads and deletes messages from the server, freeing storage
- IMAP keeps messages on the server and syncs folder state across all devices, while POP3 typically downloads and removes them
- POP3 encrypts mail by default while IMAP does not
- IMAP works only with webmail and cannot be used in a desktop client
Correct answer: IMAP keeps messages on the server and syncs folder state across all devices, while POP3 typically downloads and removes them
IMAP keeps messages on the server and syncs folder state across all devices, while POP3 typically downloads and removes them is correct. IMAP (port 143, or 993 with TLS) is designed for multi-device access because the server holds the authoritative copy. POP3 (port 110, or 995 with TLS) traditionally pulls mail down to one device, which is why it is a poor fit for syncing.
- A technician is comparing TCP and UDP for a voice-over-IP deployment. Which statement correctly distinguishes the two transport protocols?
- UDP numbers and reorders packets while TCP sends them blindly
- TCP is connection-oriented with acknowledgments and retransmission, while UDP is connectionless with no delivery guarantee
- Both protocols establish a three-way handshake before sending data
- TCP is connectionless and faster while UDP guarantees delivery with acknowledgments
Correct answer: TCP is connection-oriented with acknowledgments and retransmission, while UDP is connectionless with no delivery guarantee
TCP is connection-oriented with acknowledgments and retransmission, while UDP is connectionless with no delivery guarantee is correct. TCP uses a three-way handshake and ensures ordered, reliable delivery, making it heavier. UDP skips that overhead, so it is preferred for real-time traffic like VoIP and streaming where speed matters more than retransmitting a lost packet.
- An administrator is migrating a network from IPv4 to IPv6 and needs to explain the addressing difference. Which statement accurately compares the two?
- Both use 64-bit addresses but IPv6 omits the subnet mask
- IPv4 uses 128-bit addresses and IPv6 uses 32-bit addresses
- IPv4 uses 32-bit addresses written in dotted decimal, while IPv6 uses 128-bit addresses written in hexadecimal
- IPv6 addresses are shorter than IPv4 addresses to save space
Correct answer: IPv4 uses 32-bit addresses written in dotted decimal, while IPv6 uses 128-bit addresses written in hexadecimal
IPv4 uses 32-bit addresses written in dotted decimal, while IPv6 uses 128-bit addresses written in hexadecimal is correct. The expanded 128-bit space lets IPv6 supply a vastly larger pool of addresses, written as eight groups of four hex digits separated by colons. IPv4's 32 bits allow roughly 4.3 billion addresses, which is why exhaustion drove IPv6 adoption.
- A cable installer must run network cable through the open-air space above a drop ceiling that is used to circulate building air. Which cable type is required by fire code for this space?
- Standard PVC-jacketed (non-plenum) cable
- Plenum-rated cable with a fire-resistant, low-smoke jacket
- Direct-burial outdoor cable
- Coaxial RG-6 cable
Correct answer: Plenum-rated cable with a fire-resistant, low-smoke jacket
Plenum-rated cable with a fire-resistant, low-smoke jacket is required in plenum spaces such as the air-handling area above a drop ceiling. Plenum cable uses jacketing (often FEP) that resists flame and emits less toxic smoke, because air in that space recirculates through the building. Standard non-plenum PVC cable can release dense, toxic smoke and is prohibited there.
- A technician is assigning addresses for an internal-only network and must choose from the private IPv4 ranges. Which of the following is a valid private address block?
- 11.0.0.0 to 11.255.255.255
- 169.254.0.0 to 169.254.255.255
- 192.168.0.0 to 192.168.255.255
- 172.32.0.0 to 172.32.255.255
Correct answer: 192.168.0.0 to 192.168.255.255
192.168.0.0 to 192.168.255.255 is a valid private IPv4 range (RFC 1918). The three private blocks are 10.0.0.0/8, 172.16.0.0 to 172.31.255.255, and 192.168.0.0/16. The 172.32 block falls outside the private 172.16–172.31 span, and 169.254.0.0/16 is the APIPA link-local range, not a routable private block.
- A technician is terminating cables and needs to distinguish an RJ45 connector from an RJ11 connector. Which statement is correct?
- RJ45 has 4 pins for telephone, and RJ11 has 8 pins for Ethernet
- RJ11 is larger than RJ45 and used for fiber connections
- RJ45 has 8 pins and is used for Ethernet, while RJ11 is smaller with up to 6 pins and used for telephone lines
- Both connectors are identical in size and are interchangeable
Correct answer: RJ45 has 8 pins and is used for Ethernet, while RJ11 is smaller with up to 6 pins and used for telephone lines
RJ45 has 8 pins and is used for Ethernet, while RJ11 is smaller with up to 6 pins and used for telephone lines is correct. The RJ45 plug terminates eight-conductor twisted-pair Ethernet cable, while the physically narrower RJ11 carries one or two phone lines. An RJ45 will not fit into an RJ11 jack because it is wider.
- A technician is deciding between assigning a static IP address and using dynamic IP addressing for a network printer. Which statement best describes the difference?
- Static addressing requires a DHCP server to function
- A static IP changes each time the device reboots, while a dynamic IP never changes
- A static IP is manually fixed and stays the same, while a dynamic IP is leased automatically by DHCP and may change
- Dynamic IPs are only used on servers and static IPs only on clients
Correct answer: A static IP is manually fixed and stays the same, while a dynamic IP is leased automatically by DHCP and may change
A static IP is manually fixed and stays the same, while a dynamic IP is leased automatically by DHCP and may change is correct. Servers, printers, and other resources that need a predictable address are often given static IPs, while client workstations typically take dynamic leases. A static address is configured manually and does not require DHCP.
- A technician needs to connect two computers directly with an Ethernet cable on equipment that does not support auto-MDI-X. Which cable type is traditionally required, and how does it differ from a straight-through cable?
- A rollover cable, which connects identical pinouts on both ends
- A crossover cable, because it swaps the transmit and receive pairs so two like devices can communicate
- A straight-through cable, because both ends use opposite wiring standards
- A straight-through cable, because it swaps the transmit and receive pairs
Correct answer: A crossover cable, because it swaps the transmit and receive pairs so two like devices can communicate
A crossover cable is traditionally required because it swaps the transmit and receive pairs so two like devices (such as PC to PC) can communicate. A straight-through cable wires both ends identically and is used between different device types, like a PC to a switch. Modern gear with auto-MDI-X detects and adjusts automatically, but the crossover design is what physically crosses the pairs.
- A technician is documenting which transport protocol several applications use. Which application is most likely to rely on UDP rather than TCP?
- A live streaming video feed where occasional dropped frames are acceptable
- A remote desktop session
- An email message sent over SMTP
- A file download over HTTPS
Correct answer: A live streaming video feed where occasional dropped frames are acceptable
A live streaming video feed where occasional dropped frames are acceptable is the application most likely to use UDP. UDP's connectionless, low-overhead design favors timely delivery over guaranteed delivery, so it suits streaming, VoIP, and DNS lookups. File downloads and email need every byte intact and reordered correctly, so they use the reliable, connection-oriented TCP.
- A new technician asks what a subnet mask actually does. Which explanation is correct?
- It assigns a public IP address to the router
- It converts a hostname into an IP address
- It encrypts the IP header to protect the address
- It defines which portion of an IP address identifies the network and which identifies the host
Correct answer: It defines which portion of an IP address identifies the network and which identifies the host
A subnet mask defines which portion of an IP address identifies the network and which identifies the host. For example, with 255.255.255.0 the first three octets are the network and the last is the host, so devices can determine whether a destination is local or must be sent to the gateway. Converting hostnames to addresses is the job of DNS, not the subnet mask.
- A user plugs a new laptop into the wired network and it automatically receives an IP address, subnet mask, default gateway, and DNS server. Which service provided this configuration?
Correct answer: DHCP
DHCP (Dynamic Host Configuration Protocol) provided this configuration. DHCP automatically leases an IP address along with the subnet mask, default gateway, and DNS server settings to clients, using UDP port 67 on the server and port 68 on the client. DNS resolves names to addresses but does not hand out IP configurations.
- A user can reach a website by typing its IP address but not by typing its domain name. Which service is most likely failing?
Correct answer: DNS
DNS (Domain Name System) is most likely failing. DNS resolves human-readable names like example.com into the numeric IP addresses computers use to connect, operating on port 53. If raw IP access works but names do not resolve, name resolution is broken even though IP connectivity is fine.
- A home router lets many internal devices share a single public IP address provided by the ISP. Which technology performs this function?
Correct answer: NAT
NAT (Network Address Translation) performs this function. NAT maps the multiple private IP addresses behind a router to one public address, translating source addresses and ports so internal hosts can reach the internet over a single routable address. DHCP only hands out the internal addresses; it does not translate them for internet use.
- A technician needs to separate the accounting department's traffic from general office traffic on the same physical switch without running new cable. Which technology accomplishes this?
Correct answer: VLAN
A VLAN (Virtual Local Area Network) accomplishes this. A VLAN logically segments a single physical switch into separate broadcast domains, so accounting and general traffic stay isolated even though they share the same hardware. This improves security and limits broadcast scope without adding physical cabling.
- A technician is configuring firewall rules and needs to allow DNS queries through. Which port and protocol does DNS primarily use?
- TCP port 25
- UDP port 67
- Port 53 (UDP for most lookups, TCP for larger transfers)
- TCP port 80
Correct answer: Port 53 (UDP for most lookups, TCP for larger transfers)
DNS primarily uses port 53, with UDP for most standard lookups and TCP for larger responses and zone transfers. A technician opening DNS must allow port 53. Port 25 is SMTP, port 67 is DHCP, and port 80 is HTTP, none of which carry name resolution.
- A technician is allowing legacy file transfers through a firewall and needs the control and data ports for FTP. Which ports does FTP use?
- Ports 80 and 443
- Port 22 only
- Ports 67 and 68
- Ports 20 and 21
Correct answer: Ports 20 and 21
FTP uses ports 20 and 21: port 21 carries the control/command channel and port 20 carries the data channel in active mode. Port 22 is SSH and SFTP, ports 80 and 443 are web traffic, and ports 67 and 68 are DHCP. Knowing the 20/21 pairing distinguishes FTP from the secure SSH-based SFTP.
- A technician is verifying that secure web traffic is permitted through a corporate firewall. Which port carries HTTPS?
- Port 8080
- Port 21
- Port 80
- Port 443
Correct answer: Port 443
Port 443 carries HTTPS, the TLS-encrypted version of web traffic. Standard unencrypted HTTP uses port 80, so a firewall must allow 443 for secure browsing. Port 8080 is a common alternate HTTP proxy port, and port 21 is FTP control.
- A technician needs to open the firewall so administrators can use Remote Desktop to a Windows server. Which port must be allowed?
- Port 445
- Port 3389
- Port 22
- Port 23
Correct answer: Port 3389
Port 3389 must be allowed for Remote Desktop Protocol (RDP). RDP is Microsoft's graphical remote-access protocol and listens on TCP 3389 by default. Port 22 is SSH, port 23 is Telnet, and port 445 is SMB file sharing.
- A technician is comparing the 2.4 GHz and 5 GHz Wi-Fi bands to advise a client on placement. Which statement is accurate?
- 2.4 GHz offers longer range and better wall penetration but lower speeds, while 5 GHz offers higher speeds with shorter range
- 5 GHz penetrates walls better than 2.4 GHz
- Both bands have identical range and throughput characteristics
- 2.4 GHz offers higher speeds but shorter range than 5 GHz
Correct answer: 2.4 GHz offers longer range and better wall penetration but lower speeds, while 5 GHz offers higher speeds with shorter range
2.4 GHz offers longer range and better wall penetration but lower speeds, while 5 GHz offers higher speeds with shorter range is correct. Lower-frequency 2.4 GHz signals travel farther and pass through obstacles more easily but are more congested and slower. Higher-frequency 5 GHz delivers more throughput and less interference but covers less distance.
- A technician is upgrading a client to Wi-Fi 6E and explaining what is new compared to standard Wi-Fi 6. Which statement correctly describes Wi-Fi 6E?
- Wi-Fi 6E is an older standard than Wi-Fi 5
- Wi-Fi 6E adds the 6 GHz band to the 2.4 GHz and 5 GHz bands already used by Wi-Fi 6
- Wi-Fi 6E operates exclusively on cellular frequencies
- Wi-Fi 6E removes the 5 GHz band and uses only 2.4 GHz
Correct answer: Wi-Fi 6E adds the 6 GHz band to the 2.4 GHz and 5 GHz bands already used by Wi-Fi 6
Wi-Fi 6E adds the 6 GHz band to the 2.4 GHz and 5 GHz bands already used by Wi-Fi 6. The '6E' designation means 'Extended' into roughly 5.925 to 7.125 GHz, providing additional wide, uncongested channels for higher throughput and lower latency. It does not drop existing bands; it adds spectrum on top of them.
- A technician is documenting 802.11 standards and their maximum theoretical throughput. Which pairing is correct?
- 802.11n (Wi-Fi 4) operates only on 5 GHz at 11 Mbps
- 802.11ac (Wi-Fi 5) operates on 5 GHz, while 802.11ax (Wi-Fi 6) operates on both 2.4 GHz and 5 GHz with higher efficiency
- 802.11g operated on 5 GHz at 1.3 Gbps
- 802.11ax (Wi-Fi 6) is slower than 802.11g
Correct answer: 802.11ac (Wi-Fi 5) operates on 5 GHz, while 802.11ax (Wi-Fi 6) operates on both 2.4 GHz and 5 GHz with higher efficiency
802.11ac (Wi-Fi 5) operates on 5 GHz only, while 802.11ax (Wi-Fi 6) operates on both 2.4 GHz and 5 GHz with higher efficiency is correct. Wi-Fi 5 was a 5 GHz-only standard, while Wi-Fi 6 brought OFDMA efficiency improvements across both bands. 802.11n (Wi-Fi 4) was dual-band and reached up to 600 Mbps, and 802.11g was a 2.4 GHz standard at 54 Mbps.
- A technician must allow the IMAP-over-TLS port and the SMTP port through a firewall for a mail client. Which port pairing is correct?
- IMAP over TLS uses port 80 and SMTP uses port 443
- IMAP over TLS uses port 993 and SMTP uses port 25
- IMAP over TLS uses port 110 and SMTP uses port 53
- IMAP over TLS uses port 3389 and SMTP uses port 22
Correct answer: IMAP over TLS uses port 993 and SMTP uses port 25
IMAP over TLS uses port 993 and SMTP uses port 25 is correct. Secure IMAP (IMAPS) listens on 993, while plain IMAP uses 143. The CompTIA A+ exam objectives list port 25 as the SMTP port; in practice port 25 is the MTA-to-MTA relay port, while client submission typically uses port 587, but 25 is the value tested on the A+ exam. Port 110 is unencrypted POP3 and port 53 is DNS, so neither belongs to this mail pairing.
- A technician is helping a user add a personal email account to a new smartphone. The user wants every device they own to see the same folders and read/unread status, and they do not want messages removed from the mail server when the phone syncs. Which incoming-mail configuration should the technician use?
- Exchange ActiveSync over TCP port 443
- IMAP over TCP port 993
- SMTP over TCP port 587
- POP3 over TCP port 995
Correct answer: IMAP over TCP port 993
IMAP over TCP port 993 is correct because IMAP keeps messages stored on the central mail server and synchronizes folder structure and read/unread state across multiple clients, with port 993 being the encrypted (IMAPS) port. POP3 (secure port 995) by default downloads mail to one device and is oriented toward removing it from the server, so it does not keep folders in sync across devices. SMTP on 587 is for sending mail, not retrieving it, and Exchange ActiveSync is a corporate sync protocol rather than the standard personal account choice described here.
- A technician needs to explain the difference between a mobile hotspot and USB tethering to a user who wants to share their phone's cellular data connection with a laptop. Which statement most accurately describes the distinction?
- A mobile hotspot shares the cellular connection over Wi-Fi to multiple devices, while USB tethering shares it over a wired cable to a single connected device
- A mobile hotspot works only on 5G networks, while USB tethering works only on Wi-Fi 6E networks
- A mobile hotspot requires a SIM card, while USB tethering uses the laptop's own cellular modem
- A mobile hotspot shares the connection only over Bluetooth, while USB tethering shares it over Wi-Fi
Correct answer: A mobile hotspot shares the cellular connection over Wi-Fi to multiple devices, while USB tethering shares it over a wired cable to a single connected device
The accurate distinction is that a mobile hotspot broadcasts the phone's cellular data over Wi-Fi so several devices can join, while USB tethering shares that same cellular connection over a physical USB cable to one directly attached device. Tethering can also occur over Bluetooth, but the wired USB form is the point-to-point option that also charges the phone. The other choices misstate the transports (hotspot is not Bluetooth-only) and invent network-generation or modem requirements that do not define the two features.
- A technician at a company is enrolling employee-owned smartphones so the organization can enforce passcode requirements, push approved apps, and remotely wipe corporate data if a device is lost. Which solution provides this centralized control?
- Exchange ActiveSync calendar sync
- A virtual private network (VPN)
- Near field communication (NFC)
- Mobile device management (MDM)
Correct answer: Mobile device management (MDM)
Mobile device management (MDM) is the correct solution because it lets an organization centrally enforce security policies such as passcode complexity, deploy and manage applications, and perform remote lock or selective wipe of corporate data across enrolled devices, which is essential in corporate and BYOD environments. A VPN only encrypts network traffic in transit and does not manage device policy, NFC is a short-range wireless technology unrelated to policy enforcement, and Exchange ActiveSync only synchronizes mail, contacts, and calendar rather than managing the whole device.
- A technician is asked to explain the practical limit that prevents a Windows 11 workstation from using more than about 4 GB of RAM. Which characteristic of the installed operating system causes this ceiling?
- The drive is formatted with FAT32 instead of NTFS
- The CPU does not support hardware virtualization
- The OS is a 32-bit edition, whose memory address space tops out near 4 GB
- The system firmware is configured for MBR rather than GPT
Correct answer: The OS is a 32-bit edition, whose memory address space tops out near 4 GB
A 32-bit operating system is the cause, because its memory addressing tops out at roughly 4 GB regardless of how much physical RAM is installed. A 64-bit OS can address far more memory, which is why modern Windows 11 ships only as 64-bit. The file system and partition style affect storage and disk size, not the amount of RAM the OS can address, and CPU virtualization support is unrelated to the memory ceiling.
- A technician runs the command 'chmod 777 backup.sh' on a Linux server. What level of access does this grant?
- Read and execute for the owner only, with no access for others
- Full access for the owner, read-only for the group, none for others
- Write access for root only, with everyone else denied
- Read, write, and execute for the owner, group, and all other users
Correct answer: Read, write, and execute for the owner, group, and all other users
chmod 777 grants read, write, and execute permissions to the owner, the group, and all other users. Each digit represents one of those three identities, and 7 is the sum of read (4), write (2), and execute (1). Because 777 gives everyone full control, it is considered insecure for most files and is rarely appropriate outside controlled scenarios.
- A technician must keep all existing applications, user files, and settings while moving a workstation from Windows 10 to Windows 11. Which installation method meets this requirement?
- An in-place upgrade
- A recovery partition reset
- A clean install
- A network PXE deployment
Correct answer: An in-place upgrade
An in-place upgrade installs the new Windows version over the old one while preserving installed applications, user files, and most settings. A clean install wipes the target partition and starts fresh, removing applications and settings, which is the opposite of the requirement. PXE deployment and a recovery reset do not retain the existing application set.
- A new technician asks why a script that runs in PowerShell will not run identically when pasted into the legacy Command Prompt. What is the most accurate explanation of the difference between cmd and PowerShell?
- PowerShell can only run on Windows Server, while Command Prompt runs on desktop editions
- PowerShell is an object-oriented scripting shell with cmdlets, while Command Prompt is a simpler text-based command interpreter
- Command Prompt supports cmdlets and pipelines of objects, while PowerShell only passes plain text
- Command Prompt is newer and replaced PowerShell in Windows 11
Correct answer: PowerShell is an object-oriented scripting shell with cmdlets, while Command Prompt is a simpler text-based command interpreter
PowerShell is an object-oriented automation shell that uses cmdlets and passes structured objects through the pipeline, whereas Command Prompt (cmd) is an older interpreter that works with plain text and simpler built-in commands. PowerShell is far more capable for administration and scripting. Command Prompt does not support cmdlets or object pipelines, and PowerShell runs on both desktop and server editions.
- A technician is choosing a file system for an internal Windows system drive that must support file-level permissions and encryption. Which difference between FAT32 and NTFS makes NTFS the correct choice?
- NTFS works only on removable media, while FAT32 is for internal drives
- NTFS supports access permissions, encryption, and journaling, while FAT32 supports none of these
- FAT32 supports permissions and encryption, while NTFS supports neither
- FAT32 has no maximum file size, while NTFS is limited to 4 GB files
Correct answer: NTFS supports access permissions, encryption, and journaling, while FAT32 supports none of these
NTFS supports file and folder permissions, EFS encryption, compression, and journaling, while FAT32 offers none of those security or reliability features. That is why NTFS is the standard for Windows system drives. FAT32 is limited to a maximum 4 GB file size and lacks permissions, making the reversed statements incorrect.
- A technician changed a Group Policy setting on the domain controller and needs a workstation to apply it immediately rather than waiting for the next refresh cycle. Which command should be run on the workstation?
- Ipconfig /flushdns
- Net accounts /sync
- Gpresult /r
- Gpupdate /force
Correct answer: Gpupdate /force
gpupdate /force is the command that immediately reapplies Group Policy settings to a computer, with /force reprocessing all policies rather than only changed ones. gpresult /r reports which policies are currently applied but does not refresh them. net accounts and ipconfig /flushdns deal with account policy display and DNS caching, not pulling new Group Policy.
- A technician used to working on Linux types 'ifconfig' on a Windows 11 machine and gets an error. Which Windows command provides the equivalent display of IP address and network adapter configuration?
- Tracert
- Ifconfig /all
- Netstat
- Ipconfig
Correct answer: Ipconfig
ipconfig is the Windows command that displays IP address, subnet mask, and gateway information for network adapters, filling the role that ifconfig (or the newer ip command) plays on Linux and Unix. Windows does not include ifconfig. netstat shows active connections and listening ports, and tracert maps the path to a remote host, so neither replaces the configuration display.
- A technician views a Linux file listing and sees the permission string 'rwxr-x---' on a directory. Who is allowed to read the contents of that directory?
- Only the root user
- Everyone, including other users
- The group and other users, but not the owner
- The owner and members of the group
Correct answer: The owner and members of the group
The owner and the group can read this directory, because the permission string is read in three sets of three: owner (rwx) has full access, group (r-x) has read and execute, and others (---) have none. The 'r' in the group block grants the group read access, so only the owner and group can read it. Other users have no permissions at all, and root being able to override is a separate matter from the listed permissions.
- A technician needs to reset a forgotten password for a local Windows account named jsmith from an elevated Command Prompt. Which command accomplishes this?
- Whoami /user jsmith
- Gpresult jsmith /reset
- Net localgroup jsmith NewPass123
- Net user jsmith NewPass123
Correct answer: Net user jsmith NewPass123
net user jsmith NewPass123 sets a new password for the local account jsmith. The net user command creates, modifies, and displays user accounts, and supplying a value after the username changes that account's password. net localgroup manages group membership, gpresult reports policy, and whoami reports the current security context, so none of them reset a password.
- A technician needs to format a large external SSD that must move files larger than 4 GB between Windows and macOS without installing extra drivers. Which difference between NTFS and exFAT makes exFAT the better choice here?
- ExFAT has no practical 4 GB file-size limit and is natively read/write on both Windows and macOS, while NTFS is read-only on macOS by default
- NTFS supports files only up to 4 GB, while exFAT is capped at 2 GB
- NTFS is read/write on macOS by default, while exFAT is Windows-only
- ExFAT enforces file-level permissions, while NTFS does not
Correct answer: ExFAT has no practical 4 GB file-size limit and is natively read/write on both Windows and macOS, while NTFS is read-only on macOS by default
exFAT is the better choice because it has no practical 4 GB file-size limit and is natively read/write on both Windows and macOS, making it ideal for cross-platform removable media. NTFS is read-only on macOS without third-party drivers. exFAT does not provide file-level permissions, and the 4 GB cap belongs to FAT32, not NTFS.
- A user reports that file operations on a Windows drive are failing and the system warns of file system errors. Which built-in command-line tool scans the disk for file system and bad-sector errors and can repair them?
- Format
- Tasklist
- Chkdsk
- Robocopy
Correct answer: Chkdsk
chkdsk (Check Disk) scans a volume for file system errors and bad sectors and can fix them, commonly run as chkdsk /f to fix file system errors or chkdsk /r to locate bad sectors and recover readable data. tasklist lists running processes, format prepares a volume by erasing it, and robocopy copies files, so none of those repair the file system.
- After a malware cleanup, a Windows 11 machine shows missing or corrupted system files. Which command checks the integrity of protected system files and restores correct versions?
- Defrag /c
- Dism /online /cleanup-image /restorehealth
- Diskpart
- Sfc /scannow
Correct answer: Sfc /scannow
sfc /scannow is correct: System File Checker scans all protected operating system files and replaces any that are corrupted or missing with known-good cached copies. diskpart manages partitions, and defrag reorganizes file fragments on mechanical drives, neither of which repairs system files. DISM /RestoreHealth repairs the Windows component store but is a separate, more intensive repair tool.
- A technician explains to a colleague where Windows stores low-level configuration data for hardware, software, and user profiles in a centralized hierarchical database. What is this component called?
- The Windows Registry
- The Group Policy cache
- The Event Viewer log store
- The Task Scheduler library
Correct answer: The Windows Registry
The Windows Registry is the centralized hierarchical database that stores configuration settings for the operating system, hardware, installed applications, and user profiles, organized into hives and keys and edited with regedit. Event Viewer holds logs, Task Scheduler stores scheduled jobs, and the Group Policy cache holds applied policy, so none of those is the configuration database.
- A small business wants the cheapest Windows 11 edition that can still join an Active Directory domain and use BitLocker. Which edition meets both requirements?
- Windows 11 Home
- Windows 11 Pro
- Windows 11 S mode
- Windows 11 Home Single Language
Correct answer: Windows 11 Pro
Windows 11 Pro is the lowest edition that supports both Active Directory domain join and BitLocker drive encryption, along with Group Policy and Remote Desktop hosting. Windows 11 Home lacks domain join, BitLocker, and Group Policy, and Home Single Language and S mode are even more limited consumer variants.
- A user is comparing Windows 10 and Windows 11 and asks what changed in the default hardware requirements. Which requirement does Windows 11 add that Windows 10 did not mandate?
- A 32-bit processor option
- A TPM 2.0 chip and UEFI Secure Boot
- A minimum of 1 GB of RAM
- Support for the FAT32 boot file system
Correct answer: A TPM 2.0 chip and UEFI Secure Boot
Windows 11 added a requirement for TPM 2.0 and UEFI Secure Boot, which Windows 10 did not strictly mandate. Windows 11 also requires a 64-bit processor and more RAM than Windows 10's minimum, so a 32-bit option and a 1 GB floor are not new Windows 11 requirements. The boot volume uses NTFS, not FAT32.
- A technician sets up a shared family laptop and wants a user to be able to run installed apps and change their own settings but not install software system-wide or modify other users' files. Which account type fits, and what is the key limitation versus an administrator account?
- An administrator account, which has the same restrictions as a standard account
- A standard user account, which cannot make system-wide changes without administrator credentials
- A guest account, which can install software for all users
- A service account, which is the only type that can run applications
Correct answer: A standard user account, which cannot make system-wide changes without administrator credentials
A standard user account is correct: it can run applications and change personal settings but cannot install software system-wide or alter protected system areas without administrator credentials via User Account Control. An administrator account has full control, the opposite of the limitation described. Guest accounts are highly restricted and cannot install software for everyone, and service accounts run background services.
- A technician needs to wipe a workstation and deploy a fresh, bloat-free copy of Windows 11 with a new registry and no carried-over applications. Which approach should be used and what is the main tradeoff compared with an upgrade?
- A repair install, which always erases the partition
- A clean install, which removes existing apps and data so they must be reinstalled and restored
- A feature update, which formats the system drive each time
- An in-place upgrade, which deletes all user data automatically
Correct answer: A clean install, which removes existing apps and data so they must be reinstalled and restored
A clean install meets the goal: it formats the target partition and installs a fresh copy of Windows with a new registry and no carried-over applications, at the cost of having to reinstall apps and restore data afterward. An in-place upgrade preserves data and apps rather than deleting them, a repair install is meant to fix files without wiping data, and feature updates do not reformat the system drive.
- A technician must verify a Windows machine's exact build and version before applying a compatibility fix, using a quick command. Which command opens the About Windows dialog showing the version and build?
- Systeminfo /now
- Winver
- Ver /build
- Msconfig /version
Correct answer: Winver
winver opens the About Windows dialog, which displays the edition, version, and OS build number. The legacy ver command prints only a short version string at the prompt and does not accept a /build switch, systeminfo provides extensive detail but uses no /now switch, and msconfig opens System Configuration rather than a version dialog.
- A technician on Linux needs to display the IP address, subnet mask, and link state of network interfaces on a modern distribution where ifconfig is deprecated. Which command is the current recommended replacement?
- Netsh interface show
- Route print
- Ip addr
- Ipconfig
Correct answer: Ip addr
ip addr is the current Linux command for showing interface addresses and state; the ip suite from iproute2 has replaced the deprecated ifconfig on most modern distributions. ipconfig is the Windows tool, netsh is a Windows networking shell, and route print displays the Windows routing table, so none of those apply to Linux.
- A technician must list every active TCP/IP connection and the local listening ports on a Windows workstation to investigate a suspicious process. Which command provides this?
- Netstat -ano
- Ipconfig /all
- Ping -listen
- Nslookup -ports
Correct answer: Netstat -ano
netstat -ano lists active TCP/IP connections and listening ports, and the -o switch appends the owning process ID so the connection can be tied to a process. ipconfig /all shows adapter configuration but not connections, nslookup queries DNS, and ping tests reachability, so none of those enumerate sockets.
- A technician needs the macOS feature that lets the user run multiple separate desktops and view all open windows at a glance for organizing work. Which feature provides this?
- Keychain Access
- Spotlight
- Time Machine
- Mission Control
Correct answer: Mission Control
Mission Control is the macOS feature that displays all open windows and lets the user create and switch between multiple virtual desktops (Spaces). Time Machine handles backups, Spotlight is the search tool, and Keychain Access stores credentials, so none of those manage desktops and windows.
- A technician must copy a large directory tree across the network and have the operation resume and mirror only changed files on later runs. Which Windows command-line tool is designed for this robust copying?
Correct answer: Robocopy
robocopy (Robust File Copy) is built for reliable, resumable directory-tree copying and can mirror folders, retry on failures, and copy only changed files with switches like /mir. The older xcopy and basic copy commands lack robocopy's mirroring and retry features, and format erases a volume rather than copying files.
- A technician wants to confirm which Group Policy settings are actually being applied to the currently logged-on user and computer. Which command produces this resultant-set-of-policy report?
- Secedit /analyze
- Gpresult /r
- Net config workstation
- Gpupdate /force
Correct answer: Gpresult /r
gpresult /r displays the Resultant Set of Policy, summarizing which Group Policy objects are applied to the current user and computer. gpupdate /force reapplies policy but does not report it, net config workstation shows workstation service settings, and secedit analyzes security templates rather than listing applied GPOs.
- A technician installs Linux on a desktop and must choose a journaling file system commonly used as the default on many distributions. Which file system fits that description?
Correct answer: Ext4
ext4 is a journaling file system that serves as the default on many Linux distributions, providing crash resilience and support for large files and volumes. NTFS is the Windows default, APFS is Apple's modern file system for macOS and iOS, and exFAT is a lightweight cross-platform format for removable media without journaling.
- A technician is documenting macOS data management tools and needs the feature that installs, updates, and removes applications from a curated Apple storefront. Which feature is this?
- Terminal
- The App Store
- Disk Utility
- Finder
Correct answer: The App Store
The App Store is the macOS storefront used to install, update, and remove applications from Apple's curated catalog. Disk Utility manages disks and partitions, Finder is the file browser, and Terminal provides command-line access, so none of those is the application storefront.
- A technician wants to verify whether a workstation's CPU and Windows are running in 64-bit mode and which drivers must be installed. Which statement about 32-bit versus 64-bit support is correct?
- A 64-bit version of Windows requires 64-bit drivers and can run most 32-bit applications, but cannot use 32-bit kernel-mode drivers
- A 32-bit version of Windows can run 64-bit applications natively
- A 64-bit version of Windows requires 32-bit drivers for all hardware
- 32-bit and 64-bit drivers are interchangeable on any Windows edition
Correct answer: A 64-bit version of Windows requires 64-bit drivers and can run most 32-bit applications, but cannot use 32-bit kernel-mode drivers
A 64-bit Windows installation requires 64-bit drivers and can still run most 32-bit applications through compatibility layers, but it cannot load 32-bit kernel-mode drivers. A 32-bit OS cannot run 64-bit applications, and drivers are not interchangeable between architectures, so the matching statements are false.
- A technician needs to test name resolution by querying a DNS server directly from a Windows command prompt to confirm a hostname resolves to the correct IP. Which command is appropriate?
- Arp -a
- Nslookup
- Ping -t
- Hostname
Correct answer: Nslookup
nslookup queries DNS servers to resolve hostnames to IP addresses and can diagnose name-resolution problems. ping with -t pings continuously by IP or name but does not show raw DNS query results, arp -a displays the local MAC-to-IP cache, and hostname just prints the local computer name, so none of those query DNS directly.
- A technician must securely manage a large boot drive over 2 TB with more than four primary partitions and integrity-checked partition tables. Which partitioning scheme provides these capabilities, and how does it differ from MBR?
- MBR, which supports unlimited partition sizes and stores backup tables
- GPT, which is limited to four primary partitions like MBR
- MBR, which is required for all UEFI boot drives
- GPT, which supports drives over 2 TB and many partitions with redundant, checksummed partition tables, unlike MBR
Correct answer: GPT, which supports drives over 2 TB and many partitions with redundant, checksummed partition tables, unlike MBR
GPT (GUID Partition Table) is correct: it supports drives larger than 2 TB, allows many partitions, and keeps redundant, checksummed copies of the partition table for integrity. MBR is limited to 2 TB and four primary partitions and lacks built-in redundancy. UEFI systems generally boot from GPT, not MBR, which makes the remaining statements incorrect.
- A technician needs the Linux command that lists files in a directory, including hidden files and detailed permission, owner, and size information. Which command and option set does this?
- Grep -r
- Pwd -l
- Ls -la
- Cat -all
Correct answer: Ls -la
ls -la lists directory contents in long format (-l) and includes hidden dot files (-a), showing permissions, owner, group, size, and modification time. cat displays file contents, grep searches text, and pwd prints only the current directory path, so none of those produce a detailed directory listing.
- A technician must add a domain user to the local Administrators group on a single Windows workstation from the command line. Which command does this?
- Net localgroup Administrators DOMAIN\user /add
- Whoami /add Administrators
- Gpupdate /add Administrators
- Net user Administrators DOMAIN\user /add
Correct answer: Net localgroup Administrators DOMAIN\user /add
net localgroup Administrators DOMAIN\user /add adds the specified user to the local Administrators group, since net localgroup manages membership of local groups. net user manages individual accounts rather than group membership, and gpupdate and whoami do not modify group membership at all.
- A technician explains to a help-desk trainee why elevating to administrator is required to install most desktop software in Windows 11. What underlying security mechanism prompts for elevation when a standard user attempts a system change?
- BitLocker
- User Account Control (UAC)
- Windows Defender Firewall
- Storage Sense
Correct answer: User Account Control (UAC)
User Account Control (UAC) is the mechanism that prompts for administrator approval or credentials when a standard user attempts a change that affects the whole system, such as installing software. BitLocker encrypts drives, the firewall filters network traffic, and Storage Sense frees disk space, none of which governs elevation prompts.
- A technician must edit a specific Windows configuration value because no graphical setting exposes it. Which built-in tool directly opens the configuration database for editing keys and values?
- Regedit
- Msconfig
- Cmd
- Services.msc
Correct answer: Regedit
regedit (Registry Editor) opens the Windows Registry for browsing and editing keys and values directly, which is necessary when no GUI option exists. msconfig manages startup and boot options, services.msc manages Windows services, and cmd is the command interpreter, so none of those edit registry values directly.
- A technician needs the macOS command-line utility to install command-line developer tools and run shell scripts in a Unix-like environment. Which application provides this interface?
- System Settings
- Dock
- Terminal
- Finder
Correct answer: Terminal
Terminal is the macOS application that provides a command-line interface to the underlying Unix shell, where a technician can run shell commands and scripts. Finder browses files graphically, System Settings configures the OS through a GUI, and the Dock launches applications, so none of those offer a shell.
- A technician wants to know why a Windows 11 Pro for Workstations machine can address far more RAM and CPUs than Windows 11 Home. Which statement about edition differences is correct?
- Pro for Workstations removes BitLocker that Home includes
- Home is the only edition that can join a domain
- Home supports more RAM than Pro for Workstations
- Pro for Workstations supports more RAM and CPU sockets and adds the ReFS file system, beyond what Home offers
Correct answer: Pro for Workstations supports more RAM and CPU sockets and adds the ReFS file system, beyond what Home offers
Windows 11 Pro for Workstations supports more physical RAM (up to 6 TB) and more CPU sockets (up to 4) than Home (128 GB RAM, 1 socket) and adds support for the ReFS resilient file system, targeting high-end workloads. Home actually supports less RAM, lacks BitLocker and domain join, and includes no ReFS support, so the remaining statements are incorrect.
- A technician compares Windows 10 and Windows 11 interface and support differences for a fleet refresh. Which statement is accurate as of 2026?
- Windows 10 requires TPM 2.0 while Windows 11 does not
- Windows 11 still offers a Start menu pinned to the bottom-left corner only
- Windows 11 dropped support for 64-bit processors
- Windows 10 reached end of support in October 2025, prompting migration to Windows 11
Correct answer: Windows 10 reached end of support in October 2025, prompting migration to Windows 11
Windows 10 reached end of support on October 14, 2025, which is the practical driver behind moving fleets to Windows 11. Windows 11 centers the Start menu and taskbar by default rather than pinning them to the corner, it is Windows 11 that mandates TPM 2.0, and Windows 11 runs only on 64-bit processors, so the other statements are wrong.
- A security analyst defines a DDoS attack for new help-desk staff. Which statement best describes a distributed denial-of-service attack?
- An attacker guesses a password by trying every possible combination of characters
- Many compromised hosts flood a target with traffic so legitimate users cannot reach the service
- An attacker secretly intercepts and alters traffic between two communicating parties
- A single program copies itself across a network without any user interaction
Correct answer: Many compromised hosts flood a target with traffic so legitimate users cannot reach the service
Many compromised hosts flood a target with traffic so legitimate users cannot reach the service is the correct definition of a DDoS attack. The "distributed" part means the flood comes from numerous machines (often a botnet), overwhelming bandwidth or resources. Intercepting and altering traffic describes an on-path (man-in-the-middle) attack, and self-copying across a network describes a worm.
- A technician is comparing two password-cracking techniques. Which statement correctly distinguishes a dictionary attack from a brute-force attack?
- A dictionary attack tries words from a precompiled list of likely passwords, while a brute-force attack tries every possible character combination
- A dictionary attack only works on wireless networks, while a brute-force attack only works on wired networks
- Both attacks require the attacker to already know the password hash format before starting
- A dictionary attack tries every possible character combination, while a brute-force attack only tries common words
Correct answer: A dictionary attack tries words from a precompiled list of likely passwords, while a brute-force attack tries every possible character combination
A dictionary attack tries words from a precompiled list of likely passwords, while a brute-force attack tries every possible character combination. The dictionary approach is faster because it leverages common or leaked passwords, whereas brute force is exhaustive but slower. The other choices reverse the definitions or add unrelated restrictions.
- A network administrator must explain the security difference between WPA2 and WPA3 to management. Which improvement does WPA3-Personal provide over WPA2-Personal?
- It uses Simultaneous Authentication of Equals to resist offline password-guessing attacks
- It transmits all wireless traffic in plaintext for easier troubleshooting
- It replaces AES encryption with the older TKIP cipher for compatibility
- It removes the need for any passphrase on the wireless network
Correct answer: It uses Simultaneous Authentication of Equals to resist offline password-guessing attacks
WPA3-Personal uses Simultaneous Authentication of Equals (SAE), a handshake that resists offline dictionary and brute-force attacks against the captured handshake, which is the key advantage over WPA2's pre-shared key handshake. WPA3 still requires a passphrase, uses stronger AES-based encryption (not the deprecated TKIP), and never sends traffic in plaintext.
- A technician needs to share a folder on an NTFS volume and is unsure how share permissions and NTFS permissions interact. Which statement is correct?
- NTFS permissions only apply when a file is accessed over the network, never locally
- When a user connects over the network, the most restrictive of the combined share and NTFS permissions applies
- Share permissions apply to local logons at the keyboard but not to network access
- Share permissions always override NTFS permissions for both network and local access
Correct answer: When a user connects over the network, the most restrictive of the combined share and NTFS permissions applies
When a user connects over the network, the most restrictive of the combined share and NTFS permissions applies, so the effective access is the more limited of the two. NTFS permissions apply to both local and network access, while share permissions apply only to network access, which is the opposite of the other distractors.
- A security awareness trainer is explaining the difference between phishing and spear phishing. Which statement is accurate?
- Phishing sends generic lures to many people, while spear phishing targets a specific individual with personalized details
- Phishing targets one executive, while spear phishing is sent broadly to thousands of users
- Phishing only occurs by phone, while spear phishing only occurs by text message
- Phishing and spear phishing are identical and the terms are interchangeable
Correct answer: Phishing sends generic lures to many people, while spear phishing targets a specific individual with personalized details
Phishing sends generic lures to many people, while spear phishing targets a specific individual with personalized details, often using information about the victim's role or relationships to appear credible. The reversed definition and the channel-specific claims (phone vs text) are incorrect.
- An organization grants each employee only the access rights needed for their job and nothing more. Which security concept does this practice define?
- Defense in depth
- Single sign-on
- Implicit deny
- Principle of least privilege
Correct answer: Principle of least privilege
The principle of least privilege means users are granted only the minimum permissions required to perform their duties, reducing the damage from compromised accounts or insider misuse. Single sign-on centralizes authentication, defense in depth layers multiple controls, and implicit deny blocks anything not explicitly permitted.
- A technician is explaining symmetric versus asymmetric encryption. Which statement correctly describes the key difference?
- Symmetric encryption cannot be used to protect data at rest, only data in transit
- Symmetric encryption uses a public and private key pair, while asymmetric encryption uses a single shared key
- Symmetric encryption uses one shared key for both encryption and decryption, while asymmetric encryption uses a public and private key pair
- Asymmetric encryption is always faster than symmetric encryption for bulk data
Correct answer: Symmetric encryption uses one shared key for both encryption and decryption, while asymmetric encryption uses a public and private key pair
Symmetric encryption uses one shared key for both encryption and decryption, while asymmetric encryption uses a mathematically related public and private key pair. Symmetric is generally faster and well suited to bulk data, while asymmetric solves the key-distribution problem; the reversed and speed claims are wrong.
- A facilities security briefing distinguishes tailgating from piggybacking. Which statement is correct?
- Both terms describe attacks that occur exclusively over wireless networks
- Tailgating only happens in parking lots, while piggybacking only happens in server rooms
- Tailgating requires a stolen badge, while piggybacking requires a cloned fingerprint
- In tailgating the intruder follows without the authorized person's knowledge, while in piggybacking the authorized person knowingly holds the door open
Correct answer: In tailgating the intruder follows without the authorized person's knowledge, while in piggybacking the authorized person knowingly holds the door open
In tailgating the intruder slips in behind an authorized person without their knowledge or consent, while in piggybacking the authorized person knowingly allows the second person through, such as holding the door. The other options invent unrelated requirements or locations.
- A technician documents malware categories for a training guide. Which choice correctly pairs a malware type with its defining behavior?
- Adware physically destroys hard-drive platters when triggered
- A logic bomb broadcasts a fake wireless SSID to capture credentials
- Spyware secretly gathers information about a user's activity and sends it to a third party
- A keylogger encrypts files and demands a ransom for the decryption key
Correct answer: Spyware secretly gathers information about a user's activity and sends it to a third party
Spyware secretly gathers information about a user's activity, such as browsing habits or keystrokes, and reports it to a third party. The other pairings describe the wrong malware: ransomware encrypts and demands payment, a logic bomb executes on a trigger condition, and an evil-twin access point broadcasts a fake SSID.
- A technician is teaching the difference between a virus, a worm, and a trojan. Which statement is accurate?
- A trojan self-replicates across networks faster than any virus or worm
- A worm self-replicates across networks without user action, while a virus requires a host file to spread
- A virus spreads automatically without any host file or user interaction
- A worm always disguises itself as a legitimate program to trick the user into running it
Correct answer: A worm self-replicates across networks without user action, while a virus requires a host file to spread
A worm self-replicates across networks without user action, while a virus needs to attach to a host file and typically requires the user to run the infected file. A trojan disguises itself as a legitimate program and does not self-replicate, which is why the trojan and reversed claims are incorrect.
- A user's antivirus cannot detect a stealthy infection that loads before the operating system and hides its own processes. Which type of malware is most likely present?
- Macro virus
- Rootkit
- Adware
- Spyware
Correct answer: Rootkit
A rootkit is malware designed to gain privileged access and hide itself, often loading at a low level (boot or kernel) so it conceals its files, processes, and registry keys from normal antivirus scans. Adware and spyware do not typically operate at the boot level, and a macro virus runs inside documents rather than hiding the OS.
- A technician wants to encrypt an entire Windows 11 system drive so data is protected if the laptop is stolen. Which built-in feature should be used?
- Windows Defender Firewall
- User Account Control
- BitLocker
- File History
Correct answer: BitLocker
BitLocker is the built-in Windows full-disk encryption feature that encrypts the entire volume, typically using the TPM to protect the keys, so the data is unreadable if the drive is removed or the device is stolen. The firewall filters network traffic, UAC controls privilege elevation, and File History backs up files but does not encrypt the drive.
- A company requires users to provide a password plus a fingerprint before accessing email. Which security control does this requirement define?
- Role-based access control
- Single sign-on
- Federated identity
- Multifactor authentication
Correct answer: Multifactor authentication
Multifactor authentication requires two or more distinct factor categories, such as something you know (a password) combined with something you are (a fingerprint), so a stolen password alone cannot grant access. Single sign-on reduces repeated logins, role-based access assigns permissions by job role, and federation links identities across organizations.
- An employee receives an email that appears to be from the IT department asking them to click a link and confirm their login credentials. Which type of attack is this?
- Phishing
- Replay attack
- Privilege escalation
- Denial of service
Correct answer: Phishing
Phishing is a social-engineering attack that uses fraudulent messages, typically email, to trick recipients into revealing credentials or clicking malicious links by impersonating a trusted source such as IT. A denial-of-service attack disrupts availability, privilege escalation gains higher rights, and a replay attack reuses captured authentication data.
- A user can no longer open their documents, and a message demands payment in cryptocurrency to restore access. Which malware best matches this behavior?
- Boot sector virus
- Ransomware
- Spyware
- Trojan
Correct answer: Ransomware
Ransomware encrypts the victim's files and demands payment, often in cryptocurrency, in exchange for the decryption key, exactly matching the locked documents and payment demand. A trojan disguises itself as legitimate software, spyware quietly collects data, and a boot sector virus infects the boot process rather than encrypting files for ransom.
- An attacker calls an employee pretending to be a vendor and persuades them to reveal a password. Which broad category of attack does this represent?
- ARP poisoning
- SQL injection
- Cross-site scripting
- Social engineering
Correct answer: Social engineering
Social engineering manipulates people into divulging confidential information or performing actions, relying on deception and trust rather than technical exploits; impersonating a vendor to extract a password is a classic example. Cross-site scripting and SQL injection target web applications, and ARP poisoning manipulates network address mappings.
- When a standard user attempts to install software in Windows 11, a dialog dims the screen and asks for administrator approval. Which feature produces this prompt?
- Credential Manager
- Group Policy Editor
- Windows Defender SmartScreen
- User Account Control
Correct answer: User Account Control
User Account Control (UAC) prompts for consent or administrator credentials before allowing changes that require elevated privileges, presenting the secure desktop dialog that dims the screen. SmartScreen warns about unrecognized downloads, Group Policy configures system settings, and Credential Manager stores saved logons, none of which generate the elevation prompt.
- A technician is comparing wireless protocols and wants the strongest available option for a new business network. Why is WPA3 preferred over WPA2?
- WPA3 strengthens the key-exchange handshake and provides stronger encryption that resists offline password attacks
- WPA3 only works on 2.4 GHz networks and disables the 5 GHz band
- WPA3 eliminates the need for any encryption keys on the network
- WPA3 reverts to the WEP cipher to maximize device compatibility
Correct answer: WPA3 strengthens the key-exchange handshake and provides stronger encryption that resists offline password attacks
WPA3 strengthens the key-exchange handshake (using SAE) and provides stronger encryption that resists offline password-guessing attacks, making it the most secure choice for new deployments. It still uses encryption keys, does not revert to the broken WEP cipher, and operates across modern bands rather than being limited to 2.4 GHz.
- A vendor discloses that attackers are exploiting a flaw for which no patch yet exists. Which term defines this situation?
- Zero-day attack
- Insider threat
- Brute-force attack
- Replay attack
Correct answer: Zero-day attack
A zero-day attack exploits a previously unknown vulnerability before the vendor has released a patch, leaving defenders with zero days to prepare a fix. A brute-force attack guesses credentials, an insider threat comes from an authorized person, and a replay attack reuses captured data, none of which depend on an unpatched, unknown flaw.
- A small business wants to verify the identity of users connecting to its wireless network against a central server using usernames and certificates rather than a single shared passphrase. Which configuration should the technician choose?
- Open authentication with a captive portal only
- WPA3-Personal with a shared pre-shared key
- WEP with a static 128-bit key
- WPA3-Enterprise with a RADIUS authentication server
Correct answer: WPA3-Enterprise with a RADIUS authentication server
WPA3-Enterprise with a RADIUS server (802.1X) authenticates each user individually against a central server using credentials or certificates, which is what the scenario requires. WPA3-Personal relies on a single shared passphrase, open authentication provides no per-user verification, and WEP is deprecated and insecure.
- A technician is hardening a shared Windows 11 workstation. Which action best follows the principle of least privilege for daily users?
- Add every user to the local Administrators group for convenience
- Share the built-in Administrator account password with all staff
- Configure each user's daily account as a standard user rather than a local administrator
- Disable User Account Control so prompts never appear
Correct answer: Configure each user's daily account as a standard user rather than a local administrator
Configuring each user's daily account as a standard user rather than a local administrator enforces least privilege, limiting the damage malware or mistakes can cause because elevation requires explicit administrator approval. Adding everyone to Administrators, disabling UAC, or sharing the Administrator password all expand privileges and weaken security.
- A security model assumes no device or user is automatically trusted, even inside the corporate network, and verifies every access request. Which model is described?
- Zero Trust
- Open access
- Perimeter-only defense
- Implicit allow
Correct answer: Zero Trust
The Zero Trust model treats no user, device, or network location as inherently trusted and requires continuous verification of every access request, summarized as "never trust, always verify." Perimeter-only defense trusts everything inside the firewall, while implicit allow and open access provide little or no verification.
- A technician needs to permanently destroy data on failed solid-state drives before disposal, but degaussing is ineffective on them. Which method reliably renders the data unrecoverable?
- Performing a quick format from the operating system
- Physical destruction such as shredding or pulverizing the drive
- Degaussing the drive with a strong magnetic field
- Deleting the partition and emptying the Recycle Bin
Correct answer: Physical destruction such as shredding or pulverizing the drive
Physical destruction such as shredding or pulverizing reliably destroys data on SSDs, which store data in flash memory and are unaffected by magnetic fields. Degaussing only works on magnetic media like hard disks, and deleting partitions or quick-formatting leaves recoverable data behind.
- An administrator wants employees to log in once and then access multiple internal applications without re-entering credentials. Which solution provides this?
- Single sign-on
- Mandatory access control
- Principle of least privilege
- Multifactor authentication
Correct answer: Single sign-on
Single sign-on (SSO) lets a user authenticate once and then access multiple connected applications without logging in again, improving convenience and centralizing credential management. Multifactor authentication adds verification factors, least privilege limits permissions, and mandatory access control enforces labels, none of which describe one-time login across apps.
- A technician configures a smartphone fleet so devices lock after several failed passcode attempts and can be located or erased remotely through a central console. Which technology provides this central management?
- A host-based firewall
- A virtual private network (VPN)
- Mobile device management (MDM)
- BitLocker To Go
Correct answer: Mobile device management (MDM)
Mobile device management (MDM) centrally enforces security policies on mobile devices, including failed-attempt lockout, remote locate, and remote wipe through a management console. BitLocker To Go encrypts removable drives, a firewall filters traffic, and a VPN secures connections, but none provide fleet-wide mobile policy management.
- A technician must decommission a hard drive but the company plans to reuse it internally rather than destroy it. Which method sanitizes the drive while keeping it usable?
- Pulverizing the drive into small fragments
- Drilling multiple holes through the platters
- Incinerating the drive in a certified furnace
- A standard format that overwrites the drive with new data
Correct answer: A standard format that overwrites the drive with new data
A full (non-quick) format that overwrites the drive with new data sanitizes the drive while leaving the hardware intact and reusable, making it the right choice when the drive will be repurposed internally. The question's option refers to a format that performs actual sector-level overwriting, not a quick format that only clears the index. Pulverizing, incinerating, and drilling are physical destruction methods that render the drive unusable.
- A technician notices that a user's browser keeps redirecting to advertising pages and displaying frequent pop-up ads. Which malware type is the most likely cause?
- Adware
- Rootkit
- Logic bomb
- Ransomware
Correct answer: Adware
Adware displays unwanted advertisements and often redirects browsers to ad-laden pages, matching the constant pop-ups and redirects described. Ransomware encrypts files for payment, a rootkit hides itself with privileged access, and a logic bomb triggers a payload on a specific condition, none of which primarily generate ads.
- A technician wants to confirm that downloaded software has not been altered before installation. Which security mechanism allows the user to verify the file's integrity?
- Verifying the file was downloaded over HTTP rather than HTTPS
- Confirming the file size is under a fixed limit
- Checking that the file extension matches the program type
- Comparing a cryptographic hash of the file against the value published by the vendor
Correct answer: Comparing a cryptographic hash of the file against the value published by the vendor
Comparing a cryptographic hash (such as SHA-256) of the downloaded file against the vendor-published value verifies integrity, because any change to the file produces a completely different hash. File extension, file size, and the HTTP-versus-HTTPS check do not prove the contents are unmodified.
- An attacker leaves USB flash drives labeled "Payroll" in a company parking lot hoping employees will plug them in. Which social-engineering technique is this?
- Pretexting
- Baiting
- Whaling
- Tailgating
Correct answer: Baiting
Baiting lures victims with something enticing, such as a malware-loaded USB drive labeled to spark curiosity, relying on the victim to take the bait. Tailgating is following someone through a door, whaling targets high-level executives, and pretexting builds a fabricated scenario to extract information.
- A technician must grant a contractor temporary elevated access to a server only for the duration of a specific maintenance task, after which the access is automatically revoked. Which logical security approach fits this requirement?
- Single sign-on
- Just-in-time access
- Standing administrative access
- Implicit deny
Correct answer: Just-in-time access
Just-in-time access grants elevated privileges only for a limited window when needed and revokes them afterward, minimizing the time an account holds powerful rights. Single sign-on handles authentication convenience, standing administrative access leaves privileges always on, and implicit deny blocks unlisted access rather than time-limiting it.
- A small office relies on its router's firewall, antivirus on each PC, strong passwords, and locked server-room doors. Which security strategy does this combination represent?
- A single point of failure design
- Defense in depth using multiple layered controls
- Implicit allow networking
- Security through obscurity
Correct answer: Defense in depth using multiple layered controls
Defense in depth uses multiple overlapping controls (network, host, authentication, and physical) so that if one layer fails, others still protect the asset. A single point of failure is the opposite, security through obscurity hides details rather than layering controls, and implicit allow permits unlisted access.
- A user reports a browser pop-up warning that a banking website's certificate has expired. What does an expired certificate primarily indicate?
- The website has been permanently shut down by its hosting provider
- The user's antivirus subscription has lapsed
- The site is encrypted with the strongest available cipher
- The certificate's validity period has ended and the browser can no longer confirm it is current and trusted
Correct answer: The certificate's validity period has ended and the browser can no longer confirm it is current and trusted
An expired certificate means the certificate's validity period has ended, so the browser can no longer confirm the site's identity is current and trusted, prompting a warning. It does not indicate the site is shut down, that antivirus lapsed, or that encryption is at its strongest; users should be cautious until it is renewed.
- A technician wants to ensure users create passwords that resist guessing and reuse. Which Windows setting best enforces this organization-wide?
- Enabling the built-in Guest account for shared use
- A password policy specifying minimum length, complexity, and history requirements
- Setting all accounts to never require a password change
- Disabling the screen lock timeout for all accounts
Correct answer: A password policy specifying minimum length, complexity, and history requirements
A password policy that sets minimum length, complexity, and history requirements forces strong, non-reused passwords and is enforced centrally through Group Policy or local security policy. Disabling screen lock, enabling the Guest account, and removing password expiration all weaken security rather than strengthen it.
- A technician wants endpoints to detect suspicious behavior, contain threats, and feed alerts to a central console for investigation, going beyond signature-based antivirus. Which solution provides these capabilities?
- A pop-up blocker
- Endpoint detection and response (EDR)
- A host-based firewall
- Disk defragmentation software
Correct answer: Endpoint detection and response (EDR)
Endpoint detection and response (EDR) continuously monitors endpoint behavior, detects and contains threats, and reports telemetry to a central console for investigation, providing capabilities beyond traditional signature-based antivirus. A firewall filters traffic, a pop-up blocker stops ads, and defragmentation reorganizes files, none of which provide threat hunting and response.
- A controlled entry area requires a person to pass through two interlocking doors, where the second door will not open until the first has closed, preventing tailgating. Which physical security control is this?
- Bollard
- Motion sensor
- Access control vestibule
- Badge reader
Correct answer: Access control vestibule
An access control vestibule (sometimes called a mantrap) uses two interlocking doors so only one person can pass at a time, directly preventing tailgating into a secure area. A bollard blocks vehicles, a badge reader authenticates a credential at a single door, and a motion sensor detects movement but does not physically gate entry.
- According to CompTIA's ten-step best practice procedure for malware removal, which step immediately follows verifying and investigating the malware symptoms?
- Schedule scans and run updates
- Educate the end user
- Disable System Restore
- Quarantine the infected system
Correct answer: Quarantine the infected system
Quarantining the infected system is the second step, performed right after investigating and verifying symptoms. Isolating the machine from the network and other systems prevents the malware from spreading or exfiltrating data while remediation is performed. Educating the user is the final step in the procedure, and disabling System Restore comes after quarantine.
- A technician is following CompTIA's malware removal best practices on a Windows 11 PC. Why must System Restore be disabled before the system is remediated?
- System Restore consumes too much CPU during a scan
- Restore points can harbor copies of the malware and reinfect the system if rolled back
- Disabling it frees the page file needed for scanning
- Antivirus software cannot scan a drive while System Restore is enabled
Correct answer: Restore points can harbor copies of the malware and reinfect the system if rolled back
Restore points can harbor copies of the malware, so rolling back later could reintroduce the infection. CompTIA's procedure has the technician disable System Restore before remediation to purge those infected restore points, then re-enable it and create a fresh clean restore point afterward. The other reasons are not why System Restore is disabled.
- What is System Restore in Windows 11 designed to do?
- Roll back system files, drivers, and registry settings to an earlier restore point without affecting personal files
- Reset the device to factory settings and erase all data
- Create a full image backup of all user files and documents
- Reinstall Windows while keeping installed applications
Correct answer: Roll back system files, drivers, and registry settings to an earlier restore point without affecting personal files
System Restore rolls back system files, installed drivers, and registry settings to a previously captured restore point while leaving personal files such as documents and photos untouched. It is not a file backup tool and does not reinstall or reset Windows. Restore points are created automatically before major changes like updates or driver installs, and can be created manually.
- A technician needs to scan a heavily infected Windows 11 PC where the malware blocks the antivirus from running normally. Which boot environment loads only essential drivers and services so the scan can run with the malware inactive?
- Safe Mode
- BIOS setup utility
- Recovery Console
- Hibernation mode
Correct answer: Safe Mode
Safe Mode boots Windows with only the minimal set of drivers and services required to run the operating system, which usually prevents malware from loading and lets the antivirus scan and remove it. The BIOS setup and hibernation are unrelated to running a scan, and the Recovery Console was a Windows XP-era tool replaced by the Windows Recovery Environment in modern Windows.
- What does Safe Mode in Windows provide that the normal startup does not?
- Automatic installation of all pending updates
- A diagnostic startup that loads only basic drivers and disables most startup programs and services
- Faster boot times by skipping the page file
- Full hardware acceleration for the graphics card
Correct answer: A diagnostic startup that loads only basic drivers and disables most startup programs and services
Safe Mode is a diagnostic startup state that loads only basic drivers and disables most third-party startup programs and services, which helps isolate whether a problem is caused by the core OS or by added software, drivers, or malware. It does not speed up boot for normal use, and it intentionally uses a generic display driver rather than full graphics acceleration.
- A technician needs to boot a Windows 11 laptop into Safe Mode but the system boots normally to the sign-in screen. From the Windows Recovery Environment Startup Settings menu, which key selects Safe Mode with Networking?
Correct answer: F5
On the Startup Settings screen reached through the Windows Recovery Environment, pressing 5 or F5 selects Safe Mode with Networking, while 4 or F4 selects plain Safe Mode and 6 or F6 selects Safe Mode with Command Prompt. The legacy F8-at-boot method does not work by default on modern Windows 11 systems with fast UEFI startup.
- A user wants to reach Safe Mode on a Windows 11 PC that still boots to the desktop. Which built-in method opens the Windows Recovery Environment where Safe Mode options are available?
- Press the power button five times in a row
- Delete the hiberfil.sys file and reboot
- Hold Shift while clicking Restart in the power menu
- Run sfc /scannow from an elevated prompt
Correct answer: Hold Shift while clicking Restart in the power menu
Holding Shift while clicking Restart boots the PC into the Windows Recovery Environment, where Troubleshoot, Advanced options, then Startup Settings lead to the Safe Mode choices. Running sfc repairs system files but does not open recovery, and the other actions do not lead to Safe Mode.
- A technician is asked to remove malware from a computer for a user. Following best practices, after the malware is remediated and scans are scheduled, what should be done before considering the job complete?
- Disable Windows Defender to avoid future conflicts
- Re-enable System Restore, create a new restore point, and educate the end user
- Roll the system back to the oldest available restore point
- Defragment the system drive and shrink the page file
Correct answer: Re-enable System Restore, create a new restore point, and educate the end user
After remediation, the technician re-enables System Restore and creates a fresh clean restore point, then educates the end user on safe habits to prevent reinfection. Rolling back to an old restore point risks reinfection, and disabling Defender would leave the system unprotected. Defragmenting is unrelated to malware removal.
- A technician suspects a Windows 11 PC is infected but the installed antivirus reports it is clean. Following the remediation step of malware removal, what should the technician do before scanning again?
- Run Disk Cleanup to remove temporary files
- Increase the size of the page file
- Reinstall the operating system immediately
- Update the anti-malware definitions, ideally from a known-clean source
Correct answer: Update the anti-malware definitions, ideally from a known-clean source
Updating the anti-malware definitions ensures the scanner can recognize the latest threats; if the infected machine cannot reach the internet, definitions can be downloaded on a clean PC and transferred. Reimaging is a later or last-resort step, and adjusting the page file or running Disk Cleanup does not improve detection.
- A Windows 11 workstation has become very slow over the past week. Task Manager shows disk usage pinned at 100 percent with no demanding applications open. Which is the most likely culprit a technician should investigate first?
- An outdated BIOS clock battery
- Too many open browser tabs only
- A failing or fragmented storage drive or a background process such as indexing or an update churning the disk
- Insufficient monitor refresh rate
Correct answer: A failing or fragmented storage drive or a background process such as indexing or an update churning the disk
Sustained 100 percent disk usage with nothing demanding open points to a failing or thrashing storage drive or a heavy background process such as Windows Search indexing, Superfetch/SysMain, or an update working the disk. The technician should check drive health and identify the disk-bound process. Refresh rate and the CMOS battery do not cause slow disk performance.
- A technician is troubleshooting slow performance on a Windows 11 PC and wants to identify which process is consuming the most CPU and memory in real time. Which built-in tool is the most appropriate?
- Event Viewer
- Disk Management
- Device Manager
- Task Manager
Correct answer: Task Manager
Task Manager shows real-time CPU, memory, disk, and network usage broken down per process, making it the fastest way to spot a resource hog. Device Manager handles hardware and drivers, Disk Management handles partitions, and Event Viewer shows logs rather than live resource consumption.
- A Windows 11 PC repeatedly displays a low memory warning and applications begin closing on their own when several large programs are open. The machine has only 8 GB of RAM. Besides adding physical RAM, which adjustment most directly relieves the condition?
- Lower the screen resolution
- Increase the size of the page file (virtual memory)
- Switch the boot drive to MBR
- Disable System Restore
Correct answer: Increase the size of the page file (virtual memory)
Increasing the page file (virtual memory) gives Windows more room to offload memory pages to disk when physical RAM is exhausted, which directly addresses low memory warnings, though adding RAM is the better long-term fix. Disabling System Restore, lowering resolution, or changing the partition style does not free working memory.
- A user reports a recurring low memory warning on Windows 11. The technician finds one application steadily consuming more and more RAM the longer it runs, even when idle. What does this behavior most likely indicate?
- A failing power supply
- An incorrect display scaling setting
- A memory leak in the application
- A corrupt page file that must be deleted
Correct answer: A memory leak in the application
An application whose memory consumption climbs continuously over time, even while idle, exhibits a classic memory leak, where allocated memory is never released back to the system. The fix is to update or reinstall the offending application or report the bug. A page file, power supply, or display scaling issue would not cause one specific app to steadily balloon in RAM use.
- A user reports that one specific application crashes to the desktop within seconds of launching, while every other program runs fine. As a first troubleshooting step for application crashes, what should the technician do?
- Reset the BIOS to defaults
- Check Event Viewer for the application error and try repairing or reinstalling that application
- Replace the system RAM
- Reinstall the entire operating system
Correct answer: Check Event Viewer for the application error and try repairing or reinstalling that application
When a single application crashes while everything else works, the problem is isolated to that app, so the technician checks Event Viewer (Application log) for the faulting module and then repairs, updates, or reinstalls just that program. Reinstalling Windows, swapping RAM, or resetting BIOS are disproportionate when only one application is affected.
- A technician is troubleshooting an application that crashes intermittently on Windows 11. Which built-in log location records the faulting application name, module, and exception code to help pinpoint the cause?
- The Services console
- The Application log in Event Viewer
- The Performance Monitor data collector set
- The Startup tab in Task Manager
Correct answer: The Application log in Event Viewer
The Application log in Event Viewer records application crash events, including the faulting application name, the faulting module (often a specific DLL), and the exception code, which guides the technician to the root cause. The Startup tab, Services console, and Performance Monitor serve other troubleshooting purposes and do not log crash details.
- After a recent feature update, a Windows 11 application that worked fine before now crashes on launch. Which approach should a technician try first to restore functionality with the least disruption?
- Roll the system back using System Restore or use the application's Repair option, then check for an updated version
- Disable the page file
- Replace the motherboard
- Reformat the drive and reinstall Windows
Correct answer: Roll the system back using System Restore or use the application's Repair option, then check for an updated version
Because the crash began after a known change (the update), using System Restore to roll back or running the application's built-in Repair, then checking for an app update that addresses the new OS version, is the least disruptive effective fix. Reformatting or replacing hardware is excessive, and disabling the page file would not help and could destabilize the system.
- A Windows 11 computer presents a black screen with the message 'Operating System not found' after the user changed the boot order in UEFI. What is the most likely cause?
- The antivirus quarantined the desktop
- The CPU has overheated
- The boot order no longer lists the correct drive containing the OS first
- The monitor cable is loose
Correct answer: The boot order no longer lists the correct drive containing the OS first
An 'Operating System not found' message right after a boot order change usually means the firmware is now trying to boot from a device with no bootable OS, so the technician should set the correct system drive first in the UEFI boot order. CPU temperature, a video cable, or antivirus would not produce this specific firmware-level message.
- A technician wants to permanently stop several unnecessary programs from launching at boot to speed up sign-in on Windows 11. Which built-in interface is the primary place to disable startup applications in current Windows?
- The Disk Cleanup utility
- Device Manager
- The Startup tab in Task Manager
- The Boot tab in System Configuration (msconfig)
Correct answer: The Startup tab in Task Manager
In Windows 11 the Startup tab in Task Manager (also exposed under Settings, Apps, Startup) is the primary place to enable or disable startup applications and see their startup impact. The Boot tab in msconfig controls boot options and Safe Boot rather than the list of startup apps, and Device Manager and Disk Cleanup are unrelated.
- A Windows 11 user reports that the Start menu, search, and several built-in apps suddenly fail to open or crash, though third-party software works. Which command-line tool is the most appropriate first step to repair protected system files?
- Ipconfig /flushdns
- Format c:
- Chkdsk /r
- Sfc /scannow
Correct answer: Sfc /scannow
sfc /scannow scans and repairs corrupted or missing protected Windows system files, which commonly cause built-in components like Start, search, and shell apps to fail. format would erase the drive, ipconfig /flushdns addresses name resolution, and chkdsk targets disk and file-system errors rather than OS file corruption.
- A user creates a new sign-in but their familiar desktop, documents, and settings are missing, while another local account on the same PC is fine. Windows shows a notice that it signed them in with a temporary profile. What is the most likely cause?
- A failed RAM module
- A corrupted user profile
- An incorrect time zone
- An expired Windows license
Correct answer: A corrupted user profile
Being signed in with a temporary profile while another account works normally indicates a corrupted user profile; Windows loads a temporary one because it cannot load the damaged profile. The fix typically involves repairing the profile registry reference or creating a new profile and migrating data. RAM, licensing, or time zone settings would not cause a profile-specific failure.
- A Windows 11 machine reboots unexpectedly with a stop error referencing a specific driver after a printer driver was updated. Booting normally fails the same way. Which step lets the technician load Windows with minimal drivers to roll the bad driver back?
- Run Disk Cleanup repeatedly
- Replace the power supply
- Increase the page file size from BIOS
- Boot into Safe Mode and roll back or uninstall the problem driver
Correct answer: Boot into Safe Mode and roll back or uninstall the problem driver
Booting into Safe Mode loads only essential drivers, allowing Windows to start so the technician can use Device Manager to roll back or uninstall the faulty driver that triggers the stop error. Adjusting the page file, running Disk Cleanup, or replacing the PSU does not address a driver-caused boot failure.
- A user complains their Windows 11 PC frequently shows a 'service failed to start' message and a feature stops working. Which built-in console lets a technician view, start, stop, and set the startup type of background services?
- Credential Manager
- Event Viewer
- Resource Monitor
- The Services console (services.msc)
Correct answer: The Services console (services.msc)
The Services console (services.msc) lets the technician view each background service, start or stop it, and set its startup type to Automatic, Manual, or Disabled, which is the right tool for a service that fails to start. Event Viewer only logs the failure, Resource Monitor shows live resource use, and Credential Manager stores saved credentials.
- An Android phone shows constant pop-up ads even outside the browser and the battery drains quickly after the user side-loaded an app from an unofficial store. Which is the most appropriate troubleshooting action?
- Replace the phone's battery
- Uninstall the recently side-loaded app and run a reputable mobile anti-malware scan
- Factory reset the router
- Disable Bluetooth permanently
Correct answer: Uninstall the recently side-loaded app and run a reputable mobile anti-malware scan
System-wide pop-ups and rapid battery drain appearing right after a side-loaded app point to mobile malware or adware, so the technician should uninstall the suspicious app and run a reputable mobile anti-malware scan, escalating to a backup-and-reset if needed. Replacing the battery, resetting the router, or disabling Bluetooth would not remove the offending app.
- A user's iPhone repeatedly shows that an app is not responding and the device feels sluggish, but only since the latest app update. Which is the best first step before considering a full device reset?
- Restore the device from a months-old backup
- Force close the app and update or reinstall just that app
- Replace the device's display
- Disable cellular data
Correct answer: Force close the app and update or reinstall just that app
Because the slowdown is tied to one app and one update, force closing the app and updating or reinstalling that specific app is the least disruptive effective fix; clearing its cache or data may also help. Replacing hardware or disabling cellular data is unrelated, and restoring an old backup is more disruptive and unnecessary at this stage.
- A technician notices a Windows 11 PC has a rogue antivirus pop-up demanding payment, the real Windows Defender is turned off and will not re-enable, and the user cannot reach security vendor websites. What does this combination of symptoms most strongly indicate, and what is the correct response?
- A network outage; reset the router
- A failing hard drive; replace it immediately
- A licensing problem; reactivate Windows
- A malware infection; quarantine the system and begin the malware removal procedure
Correct answer: A malware infection; quarantine the system and begin the malware removal procedure
A fake security alert, real-time protection that has been disabled and resists re-enabling, and blocked access to security sites are hallmark signs of a malware infection actively defending itself. The correct response is to quarantine the system and work through the malware removal best-practice steps. Hardware, licensing, and router issues do not explain this pattern.
- A backup administrator runs a full backup every Sunday and then runs a job each weeknight that copies only the files changed since the last backup of any kind, clearing the archive bit afterward. Which backup type is being run on the weeknights?
- Incremental backup
- Differential backup
- Snapshot backup
- Synthetic full backup
Correct answer: Incremental backup
This is an incremental backup. An incremental backup captures only the data changed since the most recent backup of any type (full or incremental) and clears the archive bit, so each night's job is small and fast. A differential, by contrast, copies everything changed since the last full backup and does not clear the archive bit, so it grows each day. Synthetic full and snapshot describe different mechanisms.
- A company keeps a full backup from each Sunday and a job each weeknight that captures all files changed since that Sunday full backup. To fully restore data lost Thursday morning, the technician needs the Sunday full plus only the most recent nightly job. Which backup type is in use on the weeknights?
- Bare-metal backup
- Differential backup
- Copy backup
- Incremental backup
Correct answer: Differential backup
This is a differential backup. A differential captures everything changed since the last full backup, so restoring requires only the full plus the single most recent differential. An incremental would require the full plus every incremental in the chain, because each incremental only holds changes since the prior backup. Differential jobs grow larger each day but simplify recovery.
- A technician is comparing two strategies. Strategy X requires restoring the last full backup and every backup taken since, in order. Strategy Y requires restoring the last full backup and only the single most recent dated backup. Which statement correctly distinguishes incremental from differential backups?
- Strategy X is incremental and Strategy Y is differential
- Both strategies describe full backups taken at different intervals
- Both strategies describe synthetic full backups
- Strategy X is differential and Strategy Y is incremental
Correct answer: Strategy X is incremental and Strategy Y is differential
Strategy X is incremental and Strategy Y is differential. Incremental backups store only changes since the previous backup, so a restore must replay the full plus the entire incremental chain. Differential backups store all changes since the last full, so a restore needs only the full plus one differential. Incrementals back up faster but restore slower; differentials are the reverse.
- A backup system periodically merges the most recent full backup with subsequent incremental backups on the backup storage itself, producing a new complete full backup without re-reading all data from the production servers. Which backup type does this describe?
- Synthetic full backup
- Cold backup
- Differential backup
- Bare-metal backup
Correct answer: Synthetic full backup
This describes a synthetic full backup. A synthetic full is assembled on the backup target by consolidating an existing full with later incrementals, creating a complete restore point without imposing the I/O load of a fresh full backup on production systems. It is now part of the current A+ Core 2 backup objectives alongside full, incremental, and differential.
- An organization wants its disaster-recovery plan to follow an industry rule that guards against losing data to a single site failure or media failure. The plan keeps three copies of data, on two different media types, with one copy stored off site. Which backup principle is being applied?
- RAID 1 mirroring
- Grandfather-Father-Son rotation
- Continuous data protection
- The 3-2-1 backup rule
Correct answer: The 3-2-1 backup rule
This is the 3-2-1 backup rule: three copies of the data, stored on two different media types, with one copy kept off site. It protects against both hardware failure and site-wide disasters such as fire or theft. Grandfather-Father-Son is a media rotation scheme for tape sets, not a copy-count rule, and RAID provides redundancy but is not a backup.
- A data center uses tapes labeled daily, weekly, and monthly, reusing the daily tapes most often, the weekly tapes less often, and retaining the monthly tapes the longest. Which backup rotation scheme does this describe?
- 3-2-1 rotation
- First-in-first-out rotation
- Grandfather-Father-Son rotation
- Tower of Hanoi rotation
Correct answer: Grandfather-Father-Son rotation
This is the Grandfather-Father-Son (GFS) rotation scheme. Daily backups are the 'son,' weekly are the 'father,' and monthly are the 'grandfather,' with longer retention as the interval grows. GFS balances how many tapes are needed against how far back data can be recovered, and it is the rotation scheme listed in the current A+ backup objectives.
- A manager asks a technician how much data, measured in time, the business can afford to lose if a server fails between scheduled backups. Which disaster-recovery metric answers this question?
- Service-Level Agreement (SLA)
- Recovery Time Objective (RTO)
- Mean Time Between Failures (MTBF)
- Recovery Point Objective (RPO)
Correct answer: Recovery Point Objective (RPO)
This is the Recovery Point Objective (RPO). RPO defines the maximum acceptable amount of data loss measured as a point in time, which in turn dictates how frequently backups must run. RTO, by contrast, defines how quickly a system must be restored to operation. Confusing the two is a common error: RPO is about data loss, RTO is about downtime.
- A disaster-recovery plan states that a critical application must be fully restored and operational within four hours of an outage. Which metric does the four-hour target represent?
- Backup window
- Mean Time To Repair (MTTR)
- Recovery Time Objective (RTO)
- Recovery Point Objective (RPO)
Correct answer: Recovery Time Objective (RTO)
The four-hour target is the Recovery Time Objective (RTO). RTO specifies the maximum tolerable duration of downtime before a system must be back in service. It is distinct from RPO, which measures how much data loss is acceptable. An RTO drives decisions about standby hardware and recovery procedures, while RPO drives backup frequency.
- A technician must explain the difference between RTO and RPO to a new hire. Which pairing correctly matches each term to what it measures?
- Both measure the time required to complete a backup job
- RTO measures acceptable downtime; RPO measures acceptable data loss
- Both measure the storage capacity reserved for backups
- RTO measures acceptable data loss; RPO measures acceptable downtime
Correct answer: RTO measures acceptable downtime; RPO measures acceptable data loss
RTO measures acceptable downtime; RPO measures acceptable data loss. The Recovery Time Objective is how long the business can tolerate a system being unavailable, while the Recovery Point Objective is how far back in time data can be restored, i.e. how much recent data may be lost. A tight RPO means more frequent backups; a tight RTO means faster recovery infrastructure.
- A change request is submitted to apply a routine, pre-approved monthly security patch that follows a well-documented procedure and carries low risk. Under standard change management, which change type best classifies this request?
- Emergency change
- Normal change
- Major change
- Standard change
Correct answer: Standard change
This is a standard change. A standard change is a routine, low-risk, pre-authorized change that follows an established procedure and typically does not require full change-board review each time. A normal change requires assessment and approval through the change process, and an emergency change is reserved for urgent fixes such as responding to an active outage or security incident.
- A technician is asked to define change management for a help-desk onboarding document. Which description best captures its purpose?
- A schedule that determines how often backups are rotated off site
- A formal process for requesting, reviewing, approving, and documenting modifications to IT systems
- A method for encrypting data at rest on company servers
- A ticketing workflow used only for hardware replacement requests
Correct answer: A formal process for requesting, reviewing, approving, and documenting modifications to IT systems
Change management is a formal process for requesting, reviewing, approving, and documenting modifications to IT systems. It reduces risk by requiring a documented purpose, scope, risk analysis, approvals, a rollback plan, and end-user acceptance before changes reach production. It is broader than ticketing or backup rotation, which describe unrelated operational tasks.
- During a change-management review, the board sets a window of midnight to 4 a.m. Sunday as the only time a production database upgrade may be performed. What is this scheduled period called?
- Rollback period
- Sandbox interval
- Maintenance window
- Change freeze
Correct answer: Maintenance window
This is a maintenance window: a pre-approved, scheduled period during which disruptive changes may be applied with minimal impact on users. It is distinct from a change freeze, which is a period when changes are deliberately prohibited (for example during a peak sales season). Defining maintenance windows is a core part of the change-management process.
- After a change is approved and implemented, the change-management process calls for confirming with the people who actually use the affected system that it now works as intended before the change ticket is closed. Which step is this?
- End-user acceptance
- Peer review
- Risk analysis
- Scope definition
Correct answer: End-user acceptance
This is end-user acceptance. After implementation, the change process requires confirmation from the affected users that the system functions as expected, validating the change in real use before closure. Risk analysis and scope definition occur before implementation, and peer review is a technical check of the proposed work rather than user confirmation of the outcome.
- A change request form includes a section describing exactly which servers, applications, and user groups the proposed change will touch and which will be left untouched. Which element of the change request does this section represent?
- Scope of the change
- Risk analysis
- Purpose of the change
- Rollback plan
Correct answer: Scope of the change
This is the scope of the change. The scope defines precisely what systems, services, and users are affected, drawing a clear boundary around the work so its impact can be assessed and communicated. The purpose explains why the change is needed, the risk analysis evaluates what could go wrong, and the rollback plan describes how to revert if it fails.
- An IT department maintains a database that tracks every hardware and software asset, its configuration, and the relationships between assets, so technicians can see how a change to one item may affect others. What is this repository called?
- Service-level agreement
- Acceptable use policy
- Knowledge base
- Configuration management database (CMDB)
Correct answer: Configuration management database (CMDB)
This is a configuration management database (CMDB). A CMDB is a central record of an organization's IT assets, their configurations, and the dependencies among them, supporting both asset management and change-impact analysis. A knowledge base stores how-to and troubleshooting articles, while an SLA defines service commitments and an AUP defines acceptable use.
- A technician affixes a small barcoded label with a unique identifier to each company laptop and monitor so the items can be scanned and tracked in inventory. What is this label called?
- Asset tag
- Service tag from the vendor only
- Configuration baseline
- Chain-of-custody form
Correct answer: Asset tag
This is an asset tag. Asset tags are organization-assigned identifiers, often barcoded, attached to equipment so each item can be uniquely tracked through inventory and asset-management systems. They support documentation and accountability and are part of the A+ asset-management objectives, distinct from a vendor service tag or a chain-of-custody form.
- A help-desk team writes step-by-step documents that define exactly how to perform recurring tasks such as imaging a new laptop or resetting an account, so every technician completes them the same way. What are these documents called?
- Incident reports
- Service-level agreements
- Standard operating procedures (SOPs)
- Risk analyses
Correct answer: Standard operating procedures (SOPs)
These are standard operating procedures (SOPs). SOPs document the exact, repeatable steps for routine tasks so work is performed consistently regardless of who does it. Incident reports document what happened during a specific event, SLAs define service commitments, and a risk analysis evaluates the potential impact of a proposed change.
- A technician resolves an unusual printer error and writes a clear article describing the symptom, cause, and fix, then publishes it so other technicians can search for and reuse the solution. Which documentation resource is being added to?
- Knowledge base
- Network topology diagram
- Acceptable use policy
- Change request form
Correct answer: Knowledge base
This is the knowledge base. A knowledge base is a searchable collection of articles capturing symptoms, causes, and solutions so that recurring issues can be resolved efficiently without reinventing the fix each time. It is distinct from an acceptable use policy, a change request, or a topology diagram, which serve governance, change, and design purposes respectively.
- When opening a ticket, a technician records the user's contact information, a clear problem description, the device and error messages, categorizes the issue, and assigns a severity level. Which ticketing best practice does capturing this complete, structured information support?
- Disabling the ticketing system audit log
- Accurate categorization and prioritization for efficient routing and resolution
- Storing tickets only in the technician's personal notes
- Closing tickets immediately to improve metrics
Correct answer: Accurate categorization and prioritization for efficient routing and resolution
Capturing complete, structured information supports accurate categorization and prioritization so tickets are routed and resolved efficiently. Recording contact info, a clear problem description, device details, category, and severity lets the right resources address the issue quickly and builds a searchable history. Closing tickets prematurely or keeping private notes undermines tracking and team knowledge sharing.
- A technician is about to install RAM and a PCIe card in a desktop. Which combination of methods best prevents electrostatic discharge from damaging the components?
- Increasing room humidity to zero percent and using a vacuum cleaner inside the case
- Wearing rubber-soled shoes and working on carpet
- Holding components by their gold contact pins to ground them
- Wearing an antistatic wrist strap connected to the chassis and using an antistatic mat
Correct answer: Wearing an antistatic wrist strap connected to the chassis and using an antistatic mat
Wearing an antistatic wrist strap connected to the chassis and using an antistatic mat best prevents ESD damage. These methods keep the technician and components at the same electrical potential so static cannot discharge through the parts. Working on carpet and very low humidity actually increase static buildup, touching gold contacts can transfer ESD, and vacuum cleaners can generate static.
- A technician notices a coworker handling a graphics card while standing on carpet in a dry room without any grounding equipment. Which additional ESD-prevention measure should the technician recommend?
- Maintain appropriate humidity and use an ESD strap or mat to equalize potential
- Store the card in a regular plastic shopping bag
- Raise the surrounding temperature as high as possible
- Hold the card firmly by its connector edge while walking
Correct answer: Maintain appropriate humidity and use an ESD strap or mat to equalize potential
The technician should recommend maintaining appropriate humidity and using an ESD strap or mat to equalize electrical potential. Higher humidity reduces static buildup, and a wrist strap or antistatic mat keeps the technician and component at the same potential. Regular plastic bags generate static, ordinary temperature changes do not address ESD, and carrying a card by its connector edge risks both static and physical damage.
- A technician straps a band around the wrist and clips its lead to the metal frame of the computer chassis before touching internal components. What is the purpose of this antistatic wrist strap?
- To measure the resistance of the power supply unit
- To supply low-voltage power to the components being handled
- To keep the technician at the same electrical potential as the equipment so static does not discharge into components
- To physically secure cables inside the case
Correct answer: To keep the technician at the same electrical potential as the equipment so static does not discharge into components
The purpose of an antistatic wrist strap (ESD strap) is to keep the technician at the same electrical potential as the equipment so static does not discharge into sensitive components. By bonding the wearer to the chassis ground, any static charge is safely equalized rather than arcing through delicate circuitry. It does not supply power, measure resistance, or secure cables.
- A cleaning chemical is spilled in a workshop and a technician needs to know its hazards, required protective equipment, first-aid steps, and proper disposal. Which document provides this information?
- Acceptable use policy (AUP)
- Safety Data Sheet (SDS)
- Service-level agreement (SLA)
- Standard operating procedure (SOP)
Correct answer: Safety Data Sheet (SDS)
This is the Safety Data Sheet (SDS), formerly called the MSDS. An SDS details a substance's physical and chemical properties, health hazards, required personal protective equipment, first-aid and spill-handling procedures, and disposal requirements. It is the authoritative reference for safely handling and disposing of chemicals, unlike an SLA, SOP, or AUP, which govern services, procedures, and usage.
- A technician must collect a hard drive as potential evidence in a legal investigation. Which practice documents every person who handled the drive, along with the dates, times, and reasons, to preserve its integrity?
- Service-level agreement
- Change request log
- Chain of custody
- Acceptable use policy
Correct answer: Chain of custody
This is chain of custody. A chain of custody is the documented, unbroken record of everyone who handled a piece of evidence, including dates, times, and the purpose of each transfer, ensuring the evidence is preserved intact and admissible. It is central to first-response and forensic procedures, unlike an AUP, SLA, or change log, which serve unrelated governance functions.
- While repairing a laptop, a technician discovers files that appear to violate the law. Following first-response incident-handling procedures, what should the technician do first?
- Continue the repair and mention it casually to the customer later
- Delete the files to protect the company from liability
- Identify the situation, preserve the data without altering it, and report it through the proper chain of custody
- Copy the files to a personal drive to investigate further
Correct answer: Identify the situation, preserve the data without altering it, and report it through the proper chain of custody
The technician should identify the situation, preserve the data without altering it, and report it through the proper chain of custody. First-response procedure is to recognize the incident, leave evidence untouched to maintain its integrity, document everything, and escalate to the appropriate authorities. Deleting, copying to a personal drive, or ignoring the find all destroy evidence and violate proper incident handling.
- A technician services a laser printer whose pages have a sharp, dark vertical line running the full length of every sheet at the same horizontal position. The line repeats on each page in exactly the same spot. What is the most likely cause?
- A scratch or groove in the imaging drum (photosensitive drum)
- A corrupted print driver on the host computer
- A network packet-loss problem between the host and printer
- An incorrect paper type selected in the printer properties
Correct answer: A scratch or groove in the imaging drum (photosensitive drum)
A scratch or groove in the imaging drum is the cause. A consistent vertical line in the same position on every page points to physical damage on the drum surface that picks up toner where it should not; replacing the drum (or toner cartridge containing it) resolves it. Driver corruption, network loss, and paper-type settings produce other symptoms, not a fixed repeating vertical streak.
- A user's smartphone shows full Wi-Fi signal bars but pages will not load, while other devices on the same access point work fine. Toggling airplane mode and rebooting does not help. What should the technician try next?
- Replace the access point because it is failing
- Forget the Wi-Fi network on the phone and rejoin it, re-entering the credentials
- Update the carrier's cellular APN settings
- Disable Bluetooth to free up the radio
Correct answer: Forget the Wi-Fi network on the phone and rejoin it, re-entering the credentials
Forgetting and rejoining the Wi-Fi network is the correct next step. Because other devices work on the same AP, the problem is isolated to this phone's stored profile, which may hold a stale IP, bad DHCP lease, or corrupted credentials; removing and re-adding the network forces a fresh association and lease. Replacing a working AP, editing cellular APN settings, or disabling Bluetooth do not address a single-device Wi-Fi profile issue.
- A desktop displays distorted, garbled video with random colored artifacts and occasional checkerboard patterns across the screen, and the artifacts worsen as the system runs longer. The monitor and cable test good on another PC. What is the most likely cause?
- An incorrectly seated RAM module
- A failing power button on the case
- An overheating or failing graphics processing unit (GPU)
- A disconnected front-panel audio header
Correct answer: An overheating or failing graphics processing unit (GPU)
An overheating or failing GPU is the most likely cause. Random colored artifacts, checkerboard patterns, and distortion that worsen with heat are classic signs of a graphics card overheating or beginning to fail; cleaning the cooler, reseating the card, or replacing it addresses it. Since the monitor and cable test fine elsewhere, and RAM faults, power buttons, and audio headers do not produce graphical artifacting, the GPU is the suspect.
- A laptop frequently shows a 'Plugged in, not charging' status even though the correct AC adapter is connected and the system runs on AC power. The battery percentage stays frozen. What is the most likely cause?
- A faulty display backlight inverter
- A disabled wireless adapter in BIOS
- An outdated audio driver
- A degraded battery that the firmware has stopped charging to protect it
Correct answer: A degraded battery that the firmware has stopped charging to protect it
A degraded battery is the most likely cause. When the system runs fine on AC but the battery sits frozen at a percentage and reports 'plugged in, not charging,' the battery's health has dropped enough that firmware halts charging to protect the cells; battery replacement restores normal charging. A backlight inverter, disabled wireless adapter, and audio driver have nothing to do with charge status.
- After moving a desktop to a new desk, the technician powers it on and the system posts but no Ethernet link light appears at the wall jack or the NIC, and the cable tester shows an open on one wire pair. What is the most likely cause?
- A damaged or improperly terminated Ethernet cable
- An incorrect subnet mask on the workstation
- A failed DNS server on the network
- A duplicate IP address conflict
Correct answer: A damaged or improperly terminated Ethernet cable
A damaged or improperly terminated cable is the cause. A cable tester reporting an open on a wire pair combined with no link light at either end indicates a physical break or bad termination in the cabling; re-terminating or replacing the cable restores the link. Subnet mask errors, DNS failures, and IP conflicts are logical issues that would still show a link light and never appear on a continuity tester.
- A user reports that their inkjet printer produces printouts with horizontal white gaps or banding through solid color areas, even on a high-quality setting. What should the technician try first?
- Replace the printer's fuser assembly
- Run the printer's nozzle-check and head-cleaning utility
- Reinstall the network protocol on the host PC
- Lower the screen resolution on the workstation
Correct answer: Run the printer's nozzle-check and head-cleaning utility
Running the nozzle-check and head-cleaning utility is the correct first step. Horizontal white banding on an inkjet typically means clogged or partially dried print-head nozzles, which the built-in cleaning cycle clears; this is faster and cheaper than replacing parts. Fuser assemblies exist only in laser printers, and neither a network reinstall nor a screen-resolution change affects inkjet output quality.
- A workstation intermittently freezes and reboots, and after the reboots the BIOS clock has reset to a default date and the system asks to re-enter setup. What is the most likely cause?
- A failing solid-state drive
- A misconfigured DHCP scope
- A depleted CMOS battery on the motherboard
- A loose monitor data cable
Correct answer: A depleted CMOS battery on the motherboard
A depleted CMOS battery is the most likely cause. When the system loses its date/time and BIOS settings after power cycles, the small coin-cell battery that maintains CMOS memory has run down; replacing the battery and reconfiguring BIOS settings resolves it. An SSD fault, DHCP misconfiguration, or loose monitor cable would not cause the clock and firmware settings to reset.
- A technician runs ipconfig on a Windows PC that has no network access and sees an address in the 169.254.x.x range. What does this indicate?
- The client successfully received a public IP address
- The client is using a manually configured static address
- The client's DNS cache is corrupted
- The client failed to obtain an address from a DHCP server and self-assigned an APIPA address
Correct answer: The client failed to obtain an address from a DHCP server and self-assigned an APIPA address
It indicates the client could not reach a DHCP server and self-assigned an APIPA (Automatic Private IP Addressing) address. The 169.254.x.x range is reserved for APIPA, which Windows assigns when no DHCP response is received; the technician should check the DHCP server, the cable, and link before anything else. A public IP, a static config, and a DNS cache problem would not produce a 169.254 address.
- A desktop's chassis cooling fan spins for a moment at power-on then stops, and the system shuts down after a few seconds without completing POST. The technician already verified the PSU outputs correct voltages. What should be checked next?
- Whether the monitor's brightness is turned all the way down
- Whether the CPU heatsink is properly seated and the CPU fan is connected, triggering thermal shutdown
- Whether the network cable is plugged into the correct port
- Whether the printer spooler service is running
Correct answer: Whether the CPU heatsink is properly seated and the CPU fan is connected, triggering thermal shutdown
Checking the CPU heatsink seating and CPU fan connection is the correct next step. With the PSU confirmed good, a system that powers for a few seconds then shuts down is usually protecting itself from overheating because the CPU cooler is loose or its fan is unplugged; reseating the heatsink with fresh thermal paste and connecting the fan resolves it. Monitor brightness, network port, and the print spooler have no bearing on a thermal POST shutdown.
- Several users on the same wireless access point report slow speeds and frequent disconnects only during busy afternoon hours, while early morning performance is fine. A site survey shows many neighboring networks on the same 2.4 GHz channel. What is the most likely cause?
- A failing hard drive in each affected laptop
- An expired SSL certificate on the web server
- RF channel interference and congestion from overlapping nearby networks
- A depleted CMOS battery in the access point
Correct answer: RF channel interference and congestion from overlapping nearby networks
RF channel interference and congestion is the most likely cause. Slowdowns and drops that coincide with peak usage, combined with many neighboring networks crowding the same 2.4 GHz channel, point to co-channel interference; switching to a less-congested channel (1, 6, or 11) or moving clients to 5 GHz resolves it. Per-laptop drive failures, a server certificate, and a CMOS battery would not cause time-of-day, AP-wide wireless congestion.
- A technician is configuring RAM for a new build and wants the memory controller to address two modules simultaneously to increase bandwidth. To enable dual-channel mode, how should the matched DIMMs be installed?
- In the color-matched (paired) slots specified by the motherboard, typically the first and third slots
- In the two slots physically closest to the CPU socket regardless of color
- In any two adjacent slots, since channel pairing is determined automatically by capacity
- Only in the last two slots so the chipset can mirror the modules
Correct answer: In the color-matched (paired) slots specified by the motherboard, typically the first and third slots
Correct answer: In the color-matched (paired) slots specified by the motherboard, typically the first and third slots. Dual-channel operation requires identical modules placed in the slots the board assigns to separate channels, which manufacturers usually mark with matching colors (often slots 1 and 3, or 2 and 4). This lets the memory controller access both modules in parallel, roughly doubling effective bandwidth. Simply using adjacent slots or the slots nearest the CPU does not guarantee the modules land on different channels.
- A technician must connect a high-speed external drive enclosure and sees the port labeled USB 3.2 Gen 2x2. What maximum theoretical data rate does this standard provide?
- 5 Gbps
- 10 Gbps
- 20 Gbps
- 40 Gbps
Correct answer: 20 Gbps
Correct answer: 20 Gbps. USB 3.2 Gen 2x2 uses two 10 Gbps lanes over a USB-C connector to reach a combined 20 Gbps. By comparison, USB 3.2 Gen 1 tops out at 5 Gbps and USB 3.2 Gen 2 at 10 Gbps, while 40 Gbps is associated with Thunderbolt 3/4 and USB4, not USB 3.2 Gen 2x2.
- A technician is replacing a failed compact flash storage module soldered onto a thin-and-light laptop's board and notes it is eMMC rather than an SSD. Which statement best describes eMMC storage?
- It is flash storage with the controller and NAND packaged together, commonly soldered to the board and generally slower than an NVMe SSD
- It is a form of volatile memory that loses data when power is removed
- It is a high-end NVMe interface that outperforms M.2 SSDs
- It is a spinning magnetic medium used in budget laptops
Correct answer: It is flash storage with the controller and NAND packaged together, commonly soldered to the board and generally slower than an NVMe SSD
Correct answer: It is flash storage with the controller and NAND packaged together, commonly soldered to the board and generally slower than an NVMe SSD. eMMC (embedded MultiMediaCard) integrates non-volatile NAND flash and its controller into one chip that is typically soldered onto budget and ultra-thin devices, so it cannot be easily upgraded and offers lower performance and capacity than a discrete NVMe SSD. It is not volatile memory, not a spinning disk, and does not exceed NVMe SSD speeds.
- A technician is asked to set up a way for users to generate a shareable file from any application's Print dialog without sending output to physical paper. Which solution correctly accomplishes this?
- Installing a virtual printer driver such as Microsoft Print to PDF that captures the print job to a file
- Replacing the laser printer's fuser assembly with a higher-temperature unit
- Adding a second paper tray to the network printer
- Switching the printer's connection from USB to parallel
Correct answer: Installing a virtual printer driver such as Microsoft Print to PDF that captures the print job to a file
Correct answer: Installing a virtual printer driver such as Microsoft Print to PDF that captures the print job to a file. A virtual (print-to-file) driver appears in the Print dialog like any printer but redirects the rendered output into a file, such as a PDF, instead of to hardware. Changing a fuser, adding a paper tray, or switching the physical interface all involve actual paper output and do not create a digital file.
- A technician must open the firewall so administrators can securely manage a Linux server through an encrypted command-line session. Which port should be allowed?
- Port 22 (SSH)
- Port 23 (Telnet)
- Port 21 (FTP)
- Port 80 (HTTP)
Correct answer: Port 22 (SSH)
Correct answer: Port 22 (SSH). SSH (Secure Shell) listens on TCP port 22 and provides an encrypted command-line session for remote management. Telnet on port 23 offers similar remote access but sends data, including credentials, in clear text, so it is not secure. Ports 21 and 80 are for FTP control and unencrypted web traffic, neither of which provides a secure remote shell.
- A technician is installing a wireless access point on a ceiling where no power outlet is available and wants to deliver both data and electrical power over a single Ethernet cable. Which technology makes this possible?
- Power over Ethernet (PoE)
- Quality of Service (QoS)
- Network Address Translation (NAT)
- Universal Plug and Play (UPnP)
Correct answer: Power over Ethernet (PoE)
Correct answer: Power over Ethernet (PoE). PoE delivers electrical power and data simultaneously over a single twisted-pair Ethernet cable, allowing devices such as access points, IP cameras, and VoIP phones to operate without a nearby power outlet. QoS prioritizes traffic, NAT translates addresses, and UPnP automates device discovery and port mapping, none of which supply power over the cable.
- On a SOHO router's DHCP settings, a technician sees a configurable 'lease time.' What does increasing the DHCP lease time accomplish?
- It permanently assigns the same address to every device regardless of availability
- It lengthens how long a client may keep its assigned IP address before it must renew
- It increases the number of addresses available in the DHCP scope
- It forces all clients to use static IP addressing instead of DHCP
Correct answer: It lengthens how long a client may keep its assigned IP address before it must renew
Correct answer: It lengthens how long a client may keep its assigned IP address before it must renew. The DHCP lease time defines the duration a client holds a leased address before renewing it with the server; a longer lease reduces renewal traffic, while a shorter lease returns unused addresses to the pool more quickly. It does not enlarge the address scope, create permanent reservations, or convert clients to static addressing.
- A technician is configuring several 2.4 GHz access points in one building and wants to minimize co-channel interference in North America. Which set of channels is non-overlapping and should be used?
- Channels 2, 5, and 8
- Channels 1, 5, and 9
- Channels 3, 6, and 9
- Channels 1, 6, and 11
Correct answer: Channels 1, 6, and 11
Correct answer: Channels 1, 6, and 11. In the 2.4 GHz band, each channel is 22 MHz wide and channels are spaced only 5 MHz apart, so most overlap. Channels 1, 6, and 11 are the only commonly used set that does not overlap in North America, which minimizes interference between adjacent access points. The other groupings include channels that overlap and would degrade performance.
- A user reports that the backlight on their laptop's LCD screen has gone dark, although a faint image is still visible when light is shined directly on the panel. Which field-replaceable component is the most likely cause?
- The digitizer assembly
- The inverter or LED backlight driver
- The Wi-Fi antenna wire
- The laptop's RAM module
Correct answer: The inverter or LED backlight driver
The inverter or LED backlight driver is the most likely cause. On a laptop the backlight is powered separately from the image-generating panel, so when the backlight circuitry fails the screen goes dark while a faint image remains visible under direct light. A digitizer handles touch input, the Wi-Fi antenna affects wireless signal, and RAM failure would cause boot or stability problems rather than a dim-but-present image.
- A technician is replacing a SO-DIMM in a laptop to upgrade its memory. Which characteristic distinguishes SO-DIMM modules from the DIMM modules used in desktop computers?
- SO-DIMMs run at higher voltages than desktop DIMMs to compensate for their smaller size
- SO-DIMMs can only be installed in pairs, while desktop DIMMs install singly
- SO-DIMMs require external power connectors that desktop DIMMs do not
- SO-DIMMs are physically smaller modules designed for the limited internal space of laptops
Correct answer: SO-DIMMs are physically smaller modules designed for the limited internal space of laptops
SO-DIMMs are physically smaller modules designed for the limited internal space of laptops. The Small Outline DIMM form factor is shorter than a standard desktop DIMM specifically so it fits inside the compact chassis of portable computers. SO-DIMMs do not require pairing, and neither SO-DIMMs nor desktop DIMMs use external power connectors, so those statements are incorrect.
- A laptop's touchscreen no longer responds to finger taps, but the display still shows a clear, bright image and the system functions normally with an external mouse. Which component should the technician replace?
- The LCD panel
- The inverter board
- The digitizer
- The system board battery
Correct answer: The digitizer
The technician should replace the digitizer. The digitizer is the layer that detects and translates touch input into coordinates the system can use, so a failed digitizer stops touch from working while the image remains clear and the device still operates with a mouse. The LCD panel produces the visible image, the inverter powers older backlights, and the battery affects power, none of which match a touch-only failure.
- After replacing the cracked display assembly on a laptop, a technician notices that Wi-Fi signal strength is now much weaker than before the repair. Which step was most likely missed during reassembly?
- Reconnecting the Wi-Fi antenna wires that route through the display bezel
- Updating the laptop's BIOS firmware
- Reinstalling the laptop's RAM modules
- Calibrating the new digitizer
Correct answer: Reconnecting the Wi-Fi antenna wires that route through the display bezel
The technician most likely failed to reconnect the Wi-Fi antenna wires that route through the display bezel. In most laptops the wireless antennas are embedded in the lid around the screen for better reception, so they must be reattached to the wireless card after any display replacement or signal strength drops sharply. A BIOS update, RAM reinstall, or digitizer calibration would not explain a sudden, repair-related decline in Wi-Fi strength.
- A technician wants to test a piece of software inside a virtual machine on their existing Windows laptop without wiping the operating system. Which type of virtualization software runs as an application on top of the host operating system to accomplish this?
- A Type 2 (hosted) hypervisor
- A Type 1 (bare-metal) hypervisor
- A container runtime engine
- A network load balancer
Correct answer: A Type 2 (hosted) hypervisor
Correct answer: A Type 2 (hosted) hypervisor. A Type 2 hypervisor installs and runs as an application on top of an existing host operating system, such as Windows, which is exactly what a technician needs to test software in a VM without replacing the OS. A Type 1 hypervisor installs directly on bare-metal hardware with no underlying OS, so it would not run as an app on the existing laptop. A container runtime shares the host kernel rather than running a full guest OS in a VM, and a network load balancer distributes traffic and is unrelated to running a guest OS locally.
- A group of separate hospitals that must all comply with the same healthcare privacy regulations wants to share a single cloud infrastructure restricted to organizations with those shared concerns. Which cloud deployment model best fits this requirement?
- Public cloud
- Community cloud
- Private cloud
- Hybrid cloud
Correct answer: Community cloud
Correct answer: Community cloud. A community cloud is shared by several organizations that have common requirements such as the same regulatory or compliance concerns, which matches multiple hospitals sharing one infrastructure under shared privacy rules. A public cloud is open to any customer over the internet and is not restricted to a defined group, a private cloud serves only one single organization, and a hybrid cloud combines public and private resources rather than describing a shared community of like-minded organizations.
- A company is billed by its cloud provider only for the exact amount of compute time and storage it consumes each month, with usage tracked and reported through a dashboard. Which essential characteristic of cloud computing does this billing approach describe?
- Resource pooling
- Broad network access
- Measured service (metered utilization)
- Rapid elasticity
Correct answer: Measured service (metered utilization)
Correct answer: Measured service (metered utilization). Measured service means cloud usage is automatically monitored, metered, and reported so customers pay only for the resources they actually consume, which is exactly the pay-per-use billing described. Resource pooling refers to multiple customers sharing the same underlying physical resources, broad network access refers to reaching services from many devices over the network, and rapid elasticity refers to scaling resources up or down quickly rather than to how usage is measured and billed.
- In a public cloud, a single physical server simultaneously hosts virtual machines belonging to several different, unrelated customers, with each customer logically isolated from the others. What is this arrangement called?
- Multitenancy
- Clustering
- Failover
- Single-tenancy
Correct answer: Multitenancy
Correct answer: Multitenancy. Multitenancy describes a model where one shared physical infrastructure serves multiple separate customers (tenants) at the same time while keeping each tenant's data and instances logically isolated, which matches several unrelated customers' VMs on one server. Clustering groups servers to act as one system for availability, failover is the automatic switch to a standby resource when one fails, and single-tenancy dedicates an environment to just one customer rather than sharing it among many.
- A security analyst needs to safely open and observe a suspicious email attachment in an isolated, disposable virtual environment that cannot affect the production network. Which use of virtualization is the analyst applying?
- Cross-platform virtualization
- A virtual sandbox
- Thin provisioning
- Resource pooling
Correct answer: A virtual sandbox
Correct answer: A virtual sandbox. A sandbox is an isolated, often disposable virtual environment used to run or analyze untrusted code or files without risking the host or production systems, which is exactly what safely detonating a suspicious attachment requires. Cross-platform virtualization is about running a guest OS different from the host, thin provisioning is a storage allocation technique that assigns space on demand, and resource pooling refers to sharing underlying resources among users rather than isolating malware for analysis.
- A technician needs to enable or disable individual startup programs and toggle which services load during a Windows boot, primarily for troubleshooting. Which built-in utility opens the System Configuration interface for these tasks?
- Msconfig
- Msinfo32
- Dxdiag
- Regsvr32
Correct answer: Msconfig
Correct answer: msconfig. The System Configuration utility (msconfig) lets a technician control boot options, choose a diagnostic or selective startup, and enable or disable services and (on older Windows) startup items, which makes it a standard tool for narrowing down boot and startup problems. msinfo32 only reports system information, dxdiag diagnoses DirectX and multimedia hardware, and regsvr32 registers or unregisters DLL components.
- A help-desk technician wants to view Windows logs for application errors, security audits, and system events when diagnosing recurring crashes. Which Microsoft Management Console snap-in should be opened?
- Performance Monitor
- Event Viewer
- Resource Monitor
- Device Manager
Correct answer: Event Viewer
Correct answer: Event Viewer. Event Viewer (eventvwr.msc) organizes Windows logs into categories such as Application, Security, Setup, and System, so a technician can review error, warning, and audit entries to pinpoint the cause of recurring crashes. Performance Monitor tracks live and logged performance counters, Resource Monitor shows real-time CPU, disk, network, and memory use, and Device Manager manages hardware and drivers rather than event logs.
- On a modern Linux system, a technician wants to install a new software package and automatically resolve its dependencies from the distribution's repositories on a Debian or Ubuntu-based system. Which command is appropriate?
Correct answer: Apt
Correct answer: apt. On Debian and Ubuntu-based distributions, apt is the package manager used to install, update, and remove software while automatically pulling in required dependencies from configured repositories. grep searches text for patterns, ps lists running processes, and chmod changes file permissions, none of which manage software packages.
- A technician is searching a large Linux log file for every line that contains the word 'denied' to investigate access failures. Which command is designed to filter text by matching a pattern?
Correct answer: Grep
Correct answer: grep. The grep command searches input or files for lines that match a specified pattern and prints the matching lines, making it the standard tool for filtering a log file for entries such as those containing 'denied'. cat simply outputs an entire file, pwd prints the current working directory, and df reports disk space usage on mounted file systems.
- A macOS user wants a fast way to find files, applications, and even perform calculations by typing a query that appears as a search bar at the top of the screen. Which built-in feature provides this system-wide search?
- Mission Control
- Spotlight
- Time Machine
- Keychain
Correct answer: Spotlight
Correct answer: Spotlight. Spotlight is the macOS system-wide search that lets users quickly locate files, launch applications, look up definitions, and perform quick calculations or conversions from a single search field. Mission Control arranges open windows and desktops, Time Machine handles incremental backups, and Keychain stores saved passwords and certificates.
- A technician must open a Windows tool that shows real-time CPU, memory, disk, and network usage per process, along with tabs for Startup apps, Services, and user sessions, to identify a process consuming excessive resources. Which utility provides this?
- Task Scheduler
- Disk Management
- Task Manager
- System Information
Correct answer: Task Manager
Correct answer: Task Manager. Task Manager presents tabs such as Processes, Performance, Startup, and Services, letting a technician monitor real-time CPU, memory, disk, and network consumption per process and end a runaway task. Task Scheduler automates timed jobs, Disk Management handles partitions and volumes, and System Information only reports static configuration details.
- A macOS user wants the system to automatically store website logins, Wi-Fi passwords, and certificates securely so they can be retrieved without retyping. Which built-in macOS feature manages these saved credentials?
- Keychain
- Spotlight
- Finder
- Dock
Correct answer: Keychain
Correct answer: Keychain. Keychain is the macOS credential-management feature that securely stores passwords, Wi-Fi network keys, certificates, and other secrets so apps and Safari can retrieve them without prompting the user repeatedly. Spotlight is the search feature, Finder is the file manager, and the Dock provides quick access to applications and minimized windows.
- A technician needs to immediately stop a misbehaving Linux process and knows its process ID from a prior listing. Which command terminates a process by its PID?
Correct answer: Kill
Correct answer: kill. The kill command sends a signal, by default a termination request, to a process identified by its PID, allowing a technician to stop a process that is not responding. ls lists directory contents, mv moves or renames files, and dig queries DNS records, none of which terminate processes.
- A technician is configuring inbound and outbound traffic rules on a Windows 11 workstation to block a specific application from communicating over the network. Which built-in component should be used to create these rules?
- Windows Defender Firewall with Advanced Security
- Device Manager
- Disk Cleanup
- Credential Manager
Correct answer: Windows Defender Firewall with Advanced Security
Correct answer: Windows Defender Firewall with Advanced Security. This console lets a technician create granular inbound and outbound rules by program, port, protocol, or profile, so a specific application can be blocked from network communication. Device Manager handles hardware and drivers, Disk Cleanup removes temporary files to free space, and Credential Manager stores saved logon credentials.
- A web application accepts user input in a search box, and an attacker enters a string that manipulates the back-end database to dump customer records. Which type of attack is this?
- SQL injection
- Cross-site scripting
- Denial of service
- ARP poisoning
Correct answer: SQL injection
Correct answer: SQL injection. SQL injection inserts malicious database commands through unsanitized input fields so the application executes them against its database, exposing or altering data. Cross-site scripting injects scripts that run in other users' browsers rather than against the database. A denial of service overwhelms a service with traffic instead of querying data. ARP poisoning corrupts a local network's address mapping and is unrelated to database input.
- A technician wants only approved corporate laptops to connect to the office wireless network by allowing specific hardware addresses. Which control accomplishes this?
- Universal Plug and Play
- Content filtering
- Port forwarding
- MAC address filtering
Correct answer: MAC address filtering
Correct answer: MAC address filtering. MAC address filtering permits or denies devices based on their unique network adapter hardware address, limiting which machines may join the network. Content filtering blocks categories of websites rather than devices. Port forwarding directs inbound traffic to an internal host. Universal Plug and Play automatically opens ports and is generally a security risk, not an access control.
- A remote employee needs to securely access internal company resources over the public internet as if connected to the local network. Which technology provides this encrypted connection?
- Proxy server
- Virtual private network (VPN)
- Network address translation
- Demilitarized zone (screened subnet)
Correct answer: Virtual private network (VPN)
Correct answer: Virtual private network (VPN). A VPN builds an encrypted tunnel across the public internet so the remote device behaves as if it is on the internal network, protecting traffic in transit. A proxy server forwards requests but does not create a secure private tunnel to internal resources. Network address translation remaps IP addresses for routing. A demilitarized zone isolates public-facing servers and is not a remote-access tunnel.
- An attacker secretly intercepts and relays communication between two parties who believe they are talking directly to each other. Which attack does this describe?
- Insider threat
- Brute-force attack
- On-path (man-in-the-middle) attack
- Logic bomb
Correct answer: On-path (man-in-the-middle) attack
Correct answer: On-path (man-in-the-middle) attack. An on-path attack inserts the attacker between two communicating parties to eavesdrop on or alter the traffic without their knowledge. A brute-force attack guesses credentials by trying many combinations. An insider threat is a trusted person misusing access. A logic bomb is malicious code triggered by a condition, not interception of live communication.
- A company wants to enforce that every Windows workstation automatically locks after 10 minutes of inactivity to protect against unauthorized access. Which setting should the technician configure?
- Turning off the lock screen
- Disabling the screensaver entirely
- Enabling Fast Startup
- A screen-lock timeout with a required sign-in password
Correct answer: A screen-lock timeout with a required sign-in password
Correct answer: A screen-lock timeout with a required sign-in password. Configuring an inactivity timeout that locks the screen and demands the password on resume prevents someone from using an unattended, logged-in session. Disabling the screensaver or the lock screen removes the protection. Fast Startup speeds boot times and has no bearing on locking idle sessions.
- A technician must verify a user's identity before issuing a smart card by checking authentication, authorization, and accounting through a central server. Which framework describes these three functions?
- AAA (authentication, authorization, and accounting)
- ACL (access control list)
- DLP (data loss prevention)
- UTM (unified threat management)
Correct answer: AAA (authentication, authorization, and accounting)
Correct answer: AAA (authentication, authorization, and accounting). AAA centrally verifies who a user is, what they are allowed to do, and logs their activity, often through a server such as RADIUS. An access control list defines permit or deny rules but is not the three-part framework. Data loss prevention stops sensitive data from leaving the organization. Unified threat management bundles multiple security appliances rather than describing identity functions.
- An attacker stands behind an employee at an ATM-style kiosk and watches them type their PIN to steal it. Which low-tech attack is this?
- Pretexting
- Dumpster diving
- Shoulder surfing
- Vishing
Correct answer: Shoulder surfing
Correct answer: Shoulder surfing. Shoulder surfing is the act of observing someone enter credentials or sensitive information by looking over their shoulder or watching their screen. Dumpster diving retrieves information from discarded materials. Pretexting invents a false scenario to extract information by conversation. Vishing uses phone calls to trick victims, not direct observation.
- An organization wants software updates and security patches deployed to all workstations on a tested, regular schedule rather than letting users install them ad hoc. Which practice is this?
- Asset tagging
- Patch management
- Change rollback
- Disk imaging
Correct answer: Patch management
Correct answer: Patch management. Patch management is the controlled process of testing and deploying operating system and application updates on a schedule to close known vulnerabilities. Asset tagging tracks physical inventory. Change rollback reverts a system to a prior state after a problem. Disk imaging captures a system snapshot for deployment or recovery, not for distributing patches.
- A help-desk technician must reset a forgotten password but first confirms the caller's identity by asking security questions and verifying their employee record. Which best practice does this represent?
- Disabling multifactor authentication temporarily
- Granting administrator rights to speed resolution
- Emailing a new password in plain text
- Verifying identity before performing account changes
Correct answer: Verifying identity before performing account changes
Correct answer: Verifying identity before performing account changes. Confirming a caller is who they claim to be prevents an attacker from using social engineering to hijack an account through a password reset. Granting administrator rights, sending plaintext passwords, or disabling multifactor authentication all weaken security and create new attack opportunities.
- A Windows 11 user complains that File Explorer keeps freezing and the taskbar occasionally becomes unresponsive, but a full restart is impractical right now. Which Task Manager action best restores the desktop shell without rebooting?
- End and restart the Windows Explorer (explorer.exe) process
- Set the priority of explorer.exe to Realtime
- End the System Idle Process to free resources
- Switch to the Startup tab and disable all entries
Correct answer: End and restart the Windows Explorer (explorer.exe) process
Ending and restarting the Windows Explorer (explorer.exe) process is correct because explorer.exe controls the desktop, taskbar, and File Explorer; restarting it from Task Manager reloads the shell and clears a hung interface without a full reboot. Changing priority to Realtime can starve other processes, the System Idle Process only reports unused CPU, and disabling startup entries affects future boots, not the current frozen shell.
- A user reports that opening a single Office document is extremely slow and the application shows 'Not Responding' for long periods, yet the same files open quickly on a colleague's PC. The technician suspects the local Office installation is damaged. Which built-in action targets the application files most directly?
- Reinstall the entire Windows operating system
- Run an Online Repair of the Microsoft 365/Office installation from Apps & features
- Disable hardware acceleration in Display settings
- Increase the page file size to the maximum value
Correct answer: Run an Online Repair of the Microsoft 365/Office installation from Apps & features
Running an Online Repair of the Microsoft 365/Office installation is correct because it re-downloads and replaces corrupted or missing application components without removing user data, directly fixing a damaged Office install. Reinstalling all of Windows is excessive for one application, disabling hardware acceleration addresses rendering glitches rather than corruption, and enlarging the page file targets memory, not corrupted program files.
- After connecting to a corporate Wi-Fi network, a Windows 11 laptop shows 'No Internet, secured' and cannot browse, while other devices on the same network work. Which command sequence is the most appropriate first step to renew the network configuration?
- Chkdsk /f followed by sfc /scannow
- Diskpart then clean
- Ipconfig /release followed by ipconfig /renew
- Shutdown /r /t 0 followed by bootrec /fixmbr
Correct answer: Ipconfig /release followed by ipconfig /renew
Running ipconfig /release followed by ipconfig /renew is correct because it drops the current (possibly invalid) DHCP lease and requests a fresh IP configuration, which commonly resolves 'No Internet, secured' connectivity faults. chkdsk and sfc repair files, diskpart clean wipes a disk, and shutdown/bootrec address boot problems rather than IP addressing.
- A Windows 11 computer repeatedly displays a stop error and reboots, and the technician needs to examine the crash data after the system comes back up to identify the failing component. Which approach lets the technician analyze the captured crash information?
- Run Disk Cleanup and delete temporary internet files
- Open the memory dump file with a debugging tool such as WinDbg
- Toggle Fast Startup off in Power Options
- Reset the BIOS to factory defaults
Correct answer: Open the memory dump file with a debugging tool such as WinDbg
Opening the memory dump file with a debugging tool such as WinDbg is correct because Windows writes crash details to a .dmp file during a stop error, and analyzing that dump reveals the driver or module that triggered the fault. Disk Cleanup removes temporary files, disabling Fast Startup changes shutdown behavior, and resetting the BIOS does not interpret the existing crash data.
- An iPhone user reports that the device becomes unresponsive and the screen is frozen, with no reaction to taps and the power button alone failing to wake it. Which step should the technician try first to recover the device?
- Restore the device to factory settings through iTunes/Finder
- Remove and reseat the SIM card
- Perform a force restart using the documented button sequence
- Place the device in a bag of rice for several hours
Correct answer: Perform a force restart using the documented button sequence
Performing a force restart using the documented button sequence is correct because it forcibly reboots a frozen iPhone without erasing data, making it the least invasive and recommended first recovery step for an unresponsive device. A factory restore destroys data and should be a last resort, reseating the SIM addresses cellular service, and the rice method is an ineffective remedy unrelated to a software freeze.
- A clinic asks a technician to handle workstations that store patients' medical histories, diagnoses, and treatment records. Which category of regulated data best describes this information?
- PHI (protected health information)
- PCI DSS cardholder data
- Publicly available marketing data
- Open-source licensing data
Correct answer: PHI (protected health information)
Correct answer: PHI (protected health information). Medical histories, diagnoses, and treatment records are health-related data tied to an individual, which falls under protected health information and is governed by healthcare privacy regulations. PCI DSS cardholder data refers specifically to payment card numbers and related data, not medical records. Publicly available marketing data is not regulated personal data, and open-source licensing data describes software terms rather than a category of personal information.
- A company installs a paid application and must comply with the agreement that limits how many devices may run the software and prohibits redistribution. Which type of software license is being used?
- Open-source license that permits free redistribution of the source code
- Commercial (proprietary) license with a defined number of seats
- Public-domain release with no restrictions
- Personal freeware license intended only for hobby use
Correct answer: Commercial (proprietary) license with a defined number of seats
Correct answer: Commercial (proprietary) license with a defined number of seats. A paid application whose end-user license agreement restricts the number of devices and forbids redistribution is a commercial, proprietary license sold in a fixed number of seats or installations. Open-source licenses are designed to allow source code to be shared and redistributed, public-domain releases carry no usage restrictions at all, and personal freeware is free of charge rather than a paid product with seat limits.
- While on a service call, a customer becomes upset and starts venting about an unrelated problem. According to professional communication best practices, what should the technician do?
- Listen actively without interrupting or arguing, then refocus on resolving the issue
- Interrupt to correct the customer and explain why they are wrong
- Take a personal phone call until the customer calms down
- Tell the customer the complaint is not the technician's problem and walk away
Correct answer: Listen actively without interrupting or arguing, then refocus on resolving the issue
Correct answer: Listen actively without interrupting or arguing, then refocus on resolving the issue. Professionalism calls for using active listening, avoiding arguments and being judgmental, and clarifying customer statements before steering the conversation back to the task. Interrupting to tell the customer they are wrong is argumentative, taking a personal call ignores the customer and is a distraction, and dismissively walking away abandons the service obligation.
- A server room repeatedly overheats, and equipment fails when the air becomes too dry or too humid. Which environmental control most directly addresses both excessive heat and improper moisture levels?
- Installing additional surge suppressors on each rack
- Issuing antistatic wrist straps to all visitors
- Maintaining proper temperature and humidity through HVAC controls
- Posting an acceptable use policy at the entrance
Correct answer: Maintaining proper temperature and humidity through HVAC controls
Correct answer: Maintaining proper temperature and humidity through HVAC controls. Heating, ventilation, and air conditioning systems regulate both temperature and humidity, preventing overheating while keeping moisture in a safe range that also limits static buildup from overly dry air. Surge suppressors address power spikes, not climate; antistatic wrist straps protect against ESD during handling but do not control room conditions; and an acceptable use policy governs employee behavior rather than the physical environment.
- An IT team maintains a labeled drawing that shows how each switch, router, server, and subnet connects across the building. Which type of documentation are they keeping current?
- A material safety data sheet
- An acceptable use policy
- A chain-of-custody form
- A network topology diagram
Correct answer: A network topology diagram
Correct answer: A network topology diagram. A labeled drawing depicting how switches, routers, servers, and subnets interconnect is a network topology diagram, used to understand and troubleshoot the infrastructure layout. A material safety data sheet describes chemical hazards, an acceptable use policy defines permitted use of company systems, and a chain-of-custody form tracks who handled evidence rather than how devices are wired together.
- A technician needs to compare current performance counters against a previously saved baseline on a Windows 11 workstation to spot what changed after a hardware upgrade. Which built-in console is designed to collect and log this performance data over time?
- Performance Monitor (perfmon)
- Disk Cleanup (cleanmgr)
- Disk Defragmenter (dfrgui)
- System Configuration (msconfig)
Correct answer: Performance Monitor (perfmon)
Correct answer: Performance Monitor (perfmon). It lets a technician add specific counters, create data collector sets, and log metrics over time so current performance can be compared against a saved baseline. Disk Cleanup only frees space, Disk Defragmenter reorganizes file fragments on mechanical drives, and System Configuration manages boot and startup options, none of which log performance baselines.
- A Windows 11 user wants to recover from a problem by reverting the entire PC to an earlier point while keeping personal files but removing recently installed apps and drivers. Which Recovery option in Settings best matches this request?
- Reset this PC and keep my files
- Reset this PC and remove everything
- Open Disk Management
- Run Startup Repair
Correct answer: Reset this PC and keep my files
Correct answer: Reset this PC and keep my files. This option reinstalls Windows while preserving personal files but removes installed apps and most drivers, returning the system to a clean state. Remove everything wipes personal files too, Disk Management handles partitions and volumes, and Startup Repair only fixes boot problems rather than reverting installed software.
- A technician is documenting the connectors on a power supply and must identify the connector that delivers supplemental power directly to the CPU through the motherboard. Which connector is this?
- 4-pin or 8-pin EPS (CPU) connector
- 15-pin SATA power connector
- 6-pin PCIe power connector
- 4-pin Molex peripheral connector
Correct answer: 4-pin or 8-pin EPS (CPU) connector
Correct answer: the 4-pin or 8-pin EPS (CPU) connector. It plugs into a dedicated socket near the processor to supply extra power to the CPU. The 15-pin SATA connector powers drives, the 6-pin PCIe connector feeds graphics cards, and the legacy 4-pin Molex connector powers older peripherals such as fans and optical drives.
- A user reports that double-clicks on certain file types open the wrong program after installing new software on Windows 11. Which is the most appropriate first step to restore the intended behavior?
- Change the default app for that file type in Settings under Default apps
- Reinstall the Windows operating system
- Replace the storage drive
- Disable the network adapter
Correct answer: Change the default app for that file type in Settings under Default apps
Correct answer: change the default app for that file type in Settings under Default apps. The new software registered itself as the handler for that extension, so reassigning the default program corrects which application launches. Reinstalling Windows is excessive for a file-association issue, and replacing the drive or disabling the network adapter are unrelated to which program opens a file.
- An organization wants to require additional verification only when a sign-in looks unusual, such as a login from a new location or device, rather than prompting for a second factor every time. Which security approach describes this behavior?
- Risk-based (adaptive) authentication
- Single sign-on
- Hard token rotation
- Mandatory access control
Correct answer: Risk-based (adaptive) authentication
Correct answer: risk-based (adaptive) authentication. It evaluates contextual signals like location, device, and behavior and steps up to extra verification only when the risk appears elevated. Single sign-on lets one login reach many apps, hard token rotation cycles physical token codes, and mandatory access control restricts resource access by classification labels rather than adapting login challenges.
- A technician must explain why a smartphone screen rotates the displayed image but the photos themselves are stabilized while recording video. Which mobile feature provides the stabilization for video capture?
- Optical or electronic image stabilization
- Near-field communication
- The proximity sensor
- The fingerprint reader
Correct answer: Optical or electronic image stabilization
Correct answer: optical or electronic image stabilization. It compensates for small hand movements during capture so recorded video and photos appear steady. Near-field communication handles short-range data and payments, the proximity sensor detects when the phone is near the face during calls, and the fingerprint reader authenticates the user, none of which stabilize captured footage.
- A company wants its cloud workloads to keep running by automatically shifting to resources in another region if the primary region goes offline. Which cloud characteristic best describes designing for this continued operation despite a failure?
- High availability
- Metered utilization
- Rapid elasticity
- Resource pooling
Correct answer: High availability
Correct answer: high availability. It refers to designing systems with redundancy and failover so services keep operating even when a component or region fails. Metered utilization concerns pay-per-use billing, rapid elasticity is the ability to quickly scale capacity up or down, and resource pooling is sharing underlying hardware among many tenants, none of which specifically describe surviving a regional outage.