View 220-1102 Core 2 Exam Questions

Q: 1

A customer reports that an Android phone will not allow the use of contactless electronic payment. Which of the following needs to be enabled to resolve the issue?

Options

Discussion

Liam Mar 4, 2026 5:50 am

Option C-NFC. Cleanly written question, really zero ambiguity here.

Sara B. Mar 1, 2026 4:35 am

Option C Most practice questions and the official guide make it clear you need NFC enabled for contactless payments.

Avery A. Feb 12, 2026 3:45 am

Most practice exams and the CompTIA A+ book highlight C for this.

Liam M. Feb 23, 2026 10:06 am

C imo, NFC's what actually enables the phone to do tap-to-pay. Bluetooth and Wi-Fi aren't used for secure payments like this, they're a common trap in practice sets. Not totally impossible to confuse if you just see 'wireless.' Anyone think something else fits?

Drew G. Mar 3, 2026 12:50 pm

Its D. Bluetooth supports wireless connections, and some payment readers use it, so I think enabling Bluetooth might solve the contactless issue. Not totally sure if this is what they meant but looks possible. Anyone else see a similar question with D before?

HelpfulEngineer8566 Feb 16, 2026 4:58 am

C tbh, Wi-Fi is a common trap here but NFC is needed for Android contactless payments. Seen similar in practice tests.

Sofia Feb 13, 2026 8:37 pm

Yeah, it's C. Contactless payments on Android use NFC by default, not Bluetooth or Wi-Fi. Unless we're talking about a very niche setup (like an accessory or non-standard reader), enabling NFC is what fixes this. Pretty sure that's what CompTIA wants here, but let me know if you disagree!

Anita R. Feb 20, 2026 2:30 pm

Yeah, it's gotta be C for standard Android payments.

CaseyB Feb 26, 2026 11:04 am

If the scenario mentioned a wearable or older Samsung MST, I'd be less sure C is right. But for standard Android, NFC (C) is needed. Anyone spot a situation where Bluetooth (D) flips the answer here?

Logan P. Feb 26, 2026 7:20 am

C vs D? Have seen D picked on some practice sets for wireless payments, makes sense if reader is Bluetooth-based.

Be respectful. No spam.

Correct Answer:

Explanation

Contactless electronic payments on Android devices, such as those made through Google Pay or Samsung Pay, primarily utilize Near Field Communication (NFC) technology. NFC is a short-range wireless protocol that allows two devices to establish communication when brought within a few centimeters of each other. For a payment to be processed, the NFC chip in the phone must be enabled to communicate with the NFC reader in the point-of-sale (POS) terminal. If this setting is disabled, the phone cannot transmit the necessary payment credentials, causing the transaction to fail.

Why Incorrect

A. Wi-Fi is used for connecting to the internet over a local wireless network, not for the direct tap-to-pay communication with a payment terminal.

B. Nearby Share is an Android feature for sharing files and links between devices; it is not used for processing point-of-sale financial transactions.

D. Bluetooth is a short-range wireless technology for connecting peripherals like headphones, but it is not the standard protocol used for tap-to-pay systems.

References

1. Google Wallet Help Center. "Set up tap to pay." Google LLC. In the section "Step 1: Turn on NFC

" the documentation states

"To make tap-to-pay transactions

you need to have NFC (near field communication) turned on." This is official vendor documentation directly confirming the requirement.

2. Android Open Source Project. "Near Field Communication." In the overview section

the documentation describes the Android NFC framework and its modes of operation

including "Card emulation mode: The NFC device can act as an NFC card

to be accessed by an external NFC reader

such as an NFC point-of-sale terminal." This confirms NFC's role in emulating a payment card for transactions.

3. Madlmayr

Langer

& Scharinger

J. (2008). NFC Devices: Security and Privacy. In Proceedings of the Third International Conference on Availability

Reliability and Security (ARES '08). IEEE Computer Society

USA

642–647. DOI: https://doi.org/10.1109/ARES.2008.143. This academic paper discusses the architecture of NFC-based systems

explicitly referencing its use in payment applications where a mobile device emulates a contactless smart card (Section 2

"NFC Architecture").

Q: 2

An administrator's change was approved by the change management review board. Which of the following should the administrator do next?

Options

Discussion

Ben R. Feb 18, 2026 7:44 pm

Practice tests usually cover this kind of workflow, I'd say D.

Emma W. Mar 3, 2026 7:04 am

Its C, seen similar on practice exams and approval always leads straight to implementation unless more testing is required.

FriendlyLearner4534 Feb 24, 2026 10:21 pm

C is the step right after approval. Testing and risk analysis come before the board even sees the change. Pretty sure you only go to D if the board specifically asks for it. If anyone thinks something else should happen next, let me know.

Olivia Feb 28, 2026 11:14 am

Move on and implement, so C.

Aaron E. Feb 24, 2026 2:18 am

Why would you verify testing results (D) after board approval? Isn’t testing done before it’s even submitted?

Rowan S. Feb 23, 2026 5:47 am

Don’t think it’s D, C is the right move here. The CAB approval means all prep and testing are good, so next step should be to implement the change. Verifying testing results would’ve happened before the board reviewed it. Pretty sure on this but open if I missed something.

Cameron N. Mar 2, 2026 7:14 am

Nah, I don’t think it’s D. C is what comes right after board approval since testing and risk analysis should’ve been done before submitting the change. D is a tempting option but doesn’t fit the process order. Anyone disagree?

Quinn G. Feb 22, 2026 2:27 am

PreciseCandidate7476 Feb 25, 2026 1:17 am

C , had something like this in a mock. Once the review board signs off, you're supposed to implement the change right away since risk analysis and testing already happened earlier.

Sam M. Feb 19, 2026 11:30 am

C , official study guides and workflow charts cover this exact sequence. Exams love this step order.

Be respectful. No spam.

Correct Answer:

Explanation

The change management process follows a structured lifecycle to minimize risk and disruption. After a change request is planned, tested, and analyzed for risk, it is presented to a change management review board (often called a Change Advisory Board or CAB) for approval. The board's approval is the formal authorization to proceed. Therefore, the immediate next step in the process is the scheduled implementation of the approved change. All prerequisite activities, such as risk analysis and testing, have already been completed and validated during the review phase.

Why Incorrect

A. Perform risk analysis: This is a critical step that must be completed before the change is submitted to the board for approval.

B. Assign a change coordinator: This role is typically assigned at the beginning of the change process to oversee the request from submission through completion.

D. Verify testing results: Test results are verified and presented to the review board before they grant approval to ensure the change is effective and stable.

References

1. University of California

Berkeley

Information Services and Technology. (n.d.). Change Management Process. Section 5.0

"Change Management Process Flow." The document outlines the standard workflow where the "Change Implementation" phase directly follows the "Change Approval" phase.

2. The University of Texas at Austin

Information Technology Services. (2021). ITS Change Management Process. The process flow diagram on page 5 explicitly shows that the step following "CAB Approval" is "Implement Change."

3. Purdue University

Information Technology. (n.d.). IT Change Management. In the "Process" section

the workflow states

"Once a change is approved

it is ready to be implemented by the assigned implementer(s)." This confirms implementation is the next action after approval.

Q: 3

The camera and microphone on an iPhone user's device are activating without any user input. The user’s friend recently modified the device to allow applications to be installed outside the normal App Store. Which of the following is the issue?

Options

Discussion

Daniel Feb 25, 2026 3:11 am

Option C is right here. Jailbreaking drops iOS security controls so apps from outside the App Store get way more access, like mic and camera. B is a trap, since just leaving MDM doesn't allow those installs. Pretty sure C fits exam logic.

Zoe H. Mar 2, 2026 3:44 am

Makes sense that C fits since jailbreaking is needed to install apps outside the App Store, which drops the builtin protections. Once jailbroken, rogue apps can access stuff like mic and camera with almost no restrictions. I think it's C but open to other views if I'm missing something.

MethodicalCandidate9988 Feb 12, 2026 10:16 pm

Option C

Avery T. Feb 18, 2026 6:01 am

Its C. Jailbreaking lets sideloaded apps bypass normal security on iOS, which can definitely lead to stuff like mic and camera being triggered without permission. Official study guides and practice questions usually point this way for scenarios like this.

Maya R. Feb 17, 2026 2:17 am

The issue here sounds like C. Jailbreaking is what allows apps to be installed outside the App Store and bypasses Apple’s built-in security, letting apps access stuff like the camera/mic without permission. I’m pretty sure B just removes admin controls, but it doesn’t let you sideload apps. Anyone think differently?

Amelia D. Feb 12, 2026 11:42 pm

C imo, but only if "modified" really means a full jailbreak happened. If it was just removing management or some config tweak, then I'd debate B. Pretty sure exam wants C in this specific sideload scenario though.

Jack Y. Mar 1, 2026 6:36 pm

Why would B fit here? MDM unenrollment wouldn’t cause sideloading, but jailbreaking (C) directly removes the security checks.

Ivy Z. Mar 2, 2026 8:08 am

Pretty sure it's C here, not B. Jailbreaking is what lets apps install from outside the App Store and disables key security. B's a trap since MDM doesn't control that directly. Anyone disagree?

Riley Q. Feb 15, 2026 6:15 am

Why is this even B tbh, sideloading doesn’t need MDM off. Seen similar on practice, B always makes no sense for these.

Ivy Mar 2, 2026 11:13 pm

C imo. Saw something like this on a practice test, it's always jailbroken if you can sideload apps.

Be respectful. No spam.

Correct Answer:

Explanation

The process of modifying an iOS device to install applications from outside the official App Store is known as jailbreaking. This action intentionally bypasses critical security features built into the operating system, such as application sandboxing and code signing. By removing these protections, the device becomes vulnerable to malware that can be installed through unofficial sources. Such malicious applications can gain unauthorized, high-level privileges to access sensitive hardware, including the camera and microphone, and operate them without the user's knowledge or consent, leading to the symptoms described.

Why Incorrect

A. A counterfeit Lightning cable primarily risks causing charging problems, data sync issues, or physical damage to the device; it does not alter the OS to permit unauthorized software installation.

B. Unenrolling from Mobile Device Management (MDM) removes an organization's control and policies from the device but does not compromise the core security architecture of the iOS operating system itself.

D. An out-of-date operating system can contain unpatched vulnerabilities, but the specific action described—modifying the device to sideload apps—is the direct cause, which is defined as jailbreaking.

References

1. Apple

Inc. (2023

July 26). Unauthorized modifications to iOS ("jailbreaking") can cause security vulnerabilities

instability

shortened battery life

and other issues. Apple Support

Article HT201954. Retrieved from https://support.apple.com/en-us/HT201954. The document states

"Jailbreaking" your iPhone...eliminates security layers designed to protect your personal information and your iOS device. With this security removed...hackers may steal your personal information

damage your device

attack your network

or introduce malware

spyware

or viruses."

2. Klieber

W. (2011

August 1). Three Security-Related Reasons to Not "Jailbreak" Your iPhone. Carnegie Mellon University

Software Engineering Institute (SEI) Blog. Retrieved from https://insights.sei.cmu.edu/blog/three-security-related-reasons-to-not-jailbreak-your-iphone/. The article explains that jailbreaking removes "sandboxing" protection

which "prevents applications from accessing data from other applications or from the operating system

" thereby allowing malicious code to access sensitive functions.

3. CompTIA. (2021). CompTIA A+ Core 2 (220-1102) Exam Objectives. Version 1.0

Section 2.6. The objective covers "security best practices for mobile devices

" where avoiding unauthorized sources for apps and not performing rooting/jailbreaking are fundamental principles to prevent malware and unauthorized access

which are the direct issues in the question.

Q: 4

A technician is adding some Windows 10 workstations to the corporate domain. A script was able to add the majority of the workstations, but failed on a couple. Which of the following menus should the technician check in order to complete the task manually?

Options

Discussion

SeasonedReviewer4937 Feb 18, 2026 12:45 am

B. Official study guide and labs cover this-worth reviewing if you're rusty on domain joins.

Vikram Feb 28, 2026 5:51 am

B . User Accounts might look right but that's a common trap, domain join is only in System Properties.

Ravi P. Feb 22, 2026 8:59 pm

B . User Accounts looks tempting but you can't actually join a domain from there, only System Properties has that option.

Nathan C. Feb 27, 2026 5:07 am

B tbh. System Properties is where you join a Windows machine to a domain manually. Makes sense for this scenario.

Ivy X. Feb 24, 2026 9:55 am

System Properties is where you actually join a machine to the domain, so B. The others don't let you change domain membership. Pretty sure this is right but let me know if I missed something obvious.

Ishaan K. Feb 24, 2026 10:19 pm

Nah, D is a trap here. System Properties is what you'd use to manually join the domain, so B.

QuietOps583 Mar 1, 2026 5:22 am

B , since System Properties is where you actually join a PC to a domain manually. Network and Sharing helps if there's connectivity trouble, but this sounds like it's just about finishing the add process. Could be wrong if network was the issue, though.

Owen E. Feb 20, 2026 11:01 am

Wouldn't D (Network and Sharing) be the place to check if the script failed due to some network config? On a few practice tests, I saw similar scenarios where fixing adapter or sharing settings was key. Or is that too much troubleshooting for this step?

CalmArchitect3256 Feb 19, 2026 10:01 pm

D since Network and Sharing can be key if the script failed because of connectivity or sharing settings. I've seen similar questions in practice sets highlight this menu. Not 100% sure though, maybe B?

Cameron B. Feb 14, 2026 9:43 pm

For joining a domain manually after a script fails, it's B. System Properties has the option to join or change domains directly. Network settings (D) matter only if you can't reach the domain at all, but for actually adding it, System Properties is the spot. Pretty sure on this one, anyone disagree?

Be respectful. No spam.

Correct Answer:

Explanation

The System Properties window in Windows 10 is the primary graphical user interface (GUI) for managing a computer's identity on a network. Within the "Computer Name" tab of this window, a technician can change the computer's name, switch from a workgroup to a domain, or change its domain membership. This is the standard manual procedure for joining a Windows workstation to an Active Directory domain when automated methods, such as a script, fail. The technician would navigate to this menu, click the "Change..." button, select the "Domain" option, and enter the corporate domain name.

Why Incorrect

A. User Accounts: This Control Panel applet is used for managing local user profiles, passwords, and account types, not for changing the computer's domain affiliation.

C. Windows Firewall: This utility is for configuring inbound and outbound network traffic rules and security settings, which is unrelated to domain join operations.

D. Network and Sharing: This center is used to configure network adapter settings, IP addressing, and file/printer sharing options, but not for joining the computer to a domain.

References

1. Microsoft Official Documentation: In the official support documentation for joining a Windows computer to a domain

the steps explicitly direct the user to the System Properties window. The path is detailed as: "Select Start > Settings > System > About. Under Device specifications > Related links

select Advanced system settings." This opens the System Properties dialog.

Source: Microsoft Support

"Join a Windows 10 computer to a domain

" Document ID: 10157

Section: "To join a computer to a domain."

2. University Courseware/IT Documentation: The University of Wisconsin-Madison's IT support documentation provides a step-by-step guide for this exact task. It instructs users to open the System Properties window and use the "Computer Name" tab to join the domain.

Source: University of Wisconsin-Madison

Division of Information Technology (DoIT)

"Windows 10 - Join a Computer to a Domain

" KB Article ID: 5383

Steps 4-6.

3. University Courseware/IT Documentation: Carnegie Mellon University's Computing Services provides instructions for joining a Windows computer to their domain

which also specifies using the System Properties window.

Source: Carnegie Mellon University

Computing Services

"Join a Windows Computer to the Andrew Domain

" Section: "Join a Windows Computer

" Step 3.

Q: 5

h company uses shared drives as part of a workforce collaboration process. To ensure the correct access permissions, inheritance at the top-level folder is assigned to each department. A manager's team is working on confidential material and wants to ensure only the immediate team can view a specific folder and its subsequent files and subfolders. Which of the following actions should the technician most likely take?

Options

Discussion

Avery Feb 28, 2026 4:58 pm

D . Turning off inheritance only on the confidential folder and then setting team permissions is way easier than touching every file. This keeps it scoped and manageable. Pretty sure that's the intent unless each subfolder needs custom access.

Avery U. Feb 22, 2026 11:35 am

Option D official study guide definitely covers this scenario with access inheritance. Pretty sure that's what CompTIA wants here.

Jamie J. Feb 14, 2026 7:10 pm

D . If you only want that confidential folder and everything under it to be restricted to the team, break inheritance there, set the new permissions, then let all child items inherit those tighter settings. Less work and still keeps the top-level department perms in place elsewhere. Only tricky if subs actually needed custom perms, but here D fits best I think.

Jamie X. Feb 19, 2026 7:19 am

For me, D. The question says all files and subs should be locked down for the team, so breaking inheritance just at that folder then letting its children inherit the new tighter permissions makes sense. A is tempting but too manual here.

Adam Feb 17, 2026 4:33 pm

A is wrong, D. Had something like this in a mock-break inheritance just for that folder, set new team permissions, then let subfolders inherit. Keeps it clean and avoids crazy manual edits. I think that's the intended approach unless every child needs a unique setup.

Ajay K. Mar 3, 2026 12:42 am

I don’t think it’s A. D gives the team exclusive access without the painful manual work A requires.

Sanjay G. Feb 26, 2026 3:22 pm

I’m kinda torn, D seems right but could see A if every subfolder needed unique permissions. Just not sure if that’s what the scenario wants. Leaning toward D since it's less manual effort.

Morgan Feb 25, 2026 9:11 pm

D , that's what the official guide and some practice tests highlight. Turning off inheritance at the folder you want, setting tight permissions there, then enabling inheritance for its subfolders is the easiest way to keep things clean and consistent for that team. Pretty sure that's what most CompTIA learning materials show.

LukeN Feb 12, 2026 3:54 pm

Yeah, D makes sense here. You break inheritance just on the confidential folder, apply the team-only permissions there, then let subfolders/files inherit that restriction. Much less manual permission work than A. Pretty sure that's what CompTIA’s looking for, unless you need every file locked down differently. Agree?

Mia U. Feb 23, 2026 6:03 am

Ugh, CompTIA always makes the permissions thing way messier than real life. I’d say A since you could just set each file manually after breaking inheritance, which gives total control you know? But maybe I’m missing a trick.

Be respectful. No spam.

Q: 6

A customer is configuring on an old desktop an inexpensive file server to share photos and videos and wants to avoid complicated licensing. Which of the following operating systems should the technician most likely recommend?

Options

Discussion

Riley N. Feb 20, 2026 11:08 am

B . Linux ticks both boxes: no tricky licensing and works well on old hardware. Windows seems easy at first but the license is the gotcha here. Seen similar questions in practice exams, pretty sure B wins.

Amelia T. Feb 25, 2026 11:52 pm

Option B makes sense, Linux is open source and has no tricky licensing to deal with. Official study guides and lab practice both point toward Linux as the budget-friendly, no-hassle server solution for older hardware. Pretty sure that's what CompTIA wants here, but happy to hear if anyone sees it different.

Nina G. Feb 15, 2026 3:55 pm

Makes sense to me to pick B here. Linux is free, open source, and you don't need to worry about licensing costs or restrictions, especially for a home file server. Windows might be easier for some but the question points at licensing as the priority, so Linux just fits better. Unless I missed something?

Sara U. Feb 17, 2026 7:34 pm

B or D? I don't think D is right here since Windows usually wants a license and that's the trap. Linux (B) is free, no licensing mess, so I'd go with B unless I'm missing something.

Drew I. Feb 27, 2026 6:48 am

D , since Windows file sharing is easier for most users and old desktops might already have a license anyway.

Leo G. Mar 2, 2026 10:56 pm

Not another one of these licensing questions, seriously. B

Nora V. Feb 21, 2026 10:05 pm

B . I see Linux pop up as the go-to for this kind of scenario on a lot of practice tests and in the CompTIA objectives. Avoids any license headaches and works well even on really old desktops. If you want to dig deeper, check official A+ guides or spin up a basic lab for file sharing setup.

SkepticalCandidate6005 Feb 23, 2026 12:42 pm

B imo, official study guide and practice labs both say Linux is free and flexible for this kind of setup.

Sofia B. Feb 14, 2026 10:47 pm

Is there any strong reason to recommend D if licensing is a dealbreaker? I get Windows is easier for some, but with Linux being totally free and made for this, seems like B is the clear pick unless the user can't work with it.

Robin E. Feb 18, 2026 7:27 pm

B, had something like this in a mock. Linux avoids license hassles completely and works well for file sharing on older machines.

Be respectful. No spam.

Correct Answer:

Explanation

Linux is the most appropriate operating system for this scenario. Many Linux distributions, such as Ubuntu Server or Debian, are available at no cost and operate under open-source licenses (e.g., GNU General Public License), which eliminates complex licensing agreements and fees. Linux is renowned for its stability and efficiency, making it ideal for running on older hardware. It includes robust, native tools for creating file servers, such as Samba, which allows seamless file sharing with Windows, macOS, and other Linux clients. This combination of zero cost, simple licensing, hardware flexibility, and powerful server capabilities directly meets all the customer's stated requirements.

Why Incorrect

A. Chrome OS is a lightweight, cloud-focused operating system designed for web browsing and is not intended to function as a file server or be installed on generic desktop hardware.

C. macOS is a proprietary operating system that is legally restricted to installation on Apple hardware only. It is not inexpensive and its licensing forbids use on a generic PC.

D. Windows requires purchasing a license. A server version would also necessitate Client Access Licenses (CALs), introducing both significant cost and licensing complexity, which the customer wants to avoid.

References

1. The Linux Foundation. (n.d.). What is Linux? Linux.com. Retrieved from https://www.linux.com/what-is-linux/. This official source states

"Linux is also distributed under an open source license... you can run Linux on a wide variety of hardware... From wristwatches to supercomputers

it is everywhere." This supports the no-cost

simple licensing

and hardware flexibility aspects.

2. Ubuntu. (n.d.). Ubuntu Server for scale-out computing. Canonical. Retrieved from https://ubuntu.com/server. The official documentation for a major Linux distribution highlights its use as a server platform

stating it is "the world’s most popular open-source operating system." This confirms its suitability for the server role.

3. Microsoft. (2023

October 12). Client Access Licenses (CAL) & Management Licenses. Microsoft Learn. Retrieved from https://learn.microsoft.com/en-us/windows-server/get-started/client-access-licenses. This official vendor documentation details the requirement for CALs for devices or users accessing a Windows Server

demonstrating the licensing complexity and cost the customer wishes to avoid.

4. Google. (n.d.). What is ChromeOS? ChromeOS. Retrieved from https://www.google.com/chromebook/chromeos/. Google's official page describes ChromeOS as a cloud-first operating system for specific devices (Chromebooks)

which is inconsistent with the requirements of a local file server on old hardware.

Q: 7

A user's home system has been infected with malware. A technician has isolated the system from the network and disabled System Restore. Which of the following should the technician do next?

Options

Discussion

FriendlyEngineer5779 Mar 3, 2026 11:06 pm

A . CompTIA wants you to scan first after isolating and disabling System Restore. C looks tempting but that's more of a last resort if you can't clean it. Let me know if anyone sees it differently.

Luna D. Feb 20, 2026 11:14 am

A . After isolating and turning off System Restore, CompTIA's malware removal steps say to scan with antivirus before trying anything more drastic. C (reimage) is only if the scan can't clean it up. I think that's what the objectives expect here but open to other takes.

Cameron N. Feb 21, 2026 2:36 pm

Option A fits best since after isolation and disabling System Restore, CompTIA's steps say to run a full antivirus scan. Only go for C if the scan doesn't work or malware can't be cleaned. Pretty sure it's A here, correct me if I'm wrong.

Daniel M. Feb 11, 2026 5:12 pm

Makes sense to go with A here. After you isolate and disable System Restore, CompTIA’s steps have you run the antivirus scan next to try remediation. If that fails, then you'd consider reimaging. Anyone else see it differently?

PracticalConsultant8935 Feb 15, 2026 9:04 am

Makes sense it's A. The CompTIA malware removal steps always want antivirus scan next after disabling System Restore.

LeoD Feb 22, 2026 1:01 am

Option C here. I'd go for reimaging because it's a surefire way to wipe everything if the malware is nasty. Might be overkill but I've seen similar trap options before, not fully sure though.

Owen Feb 17, 2026 9:50 pm

A, saw a similar step order in practice exams. Seems to be what CompTIA wants after isolation and disabling System Restore.

Nathan Feb 21, 2026 3:02 pm

Pretty sure it's A, that's what I saw on similar practice questions and in exam reports.

Meera T. Feb 19, 2026 5:52 am

C tbh, since if the malware is especially nasty or can't be removed, reimaging just wipes everything and guarantees it's clean. I know A is usually next, but some scenarios might need C instead. Anyone else see that come up?

SeasonedSec2315 Mar 3, 2026 12:07 am

Classic CompTIA malware removal steps. Since the system's already isolated and System Restore is off, next move in their sequence is to run a full antivirus scan. That lines up with A. Only thing I'd add is, make sure defs are up to date first if you can safely do that. I think that's what they want here, but feel free to disagree if you see it differently.

Be respectful. No spam.

Correct Answer:

Explanation

The question describes the initial steps of the CompTIA A+ seven-step malware removal best practice procedure. The technician has completed Step 2 (Quarantine the infected system) and Step 3 (Disable System Restore). The immediate next action is Step 4: Remediate the infected systems. This step begins with updating the anti-malware software definitions (if possible from a clean, external source) and then performing a full antivirus scan to detect and remove the malicious software. This makes performing an antivirus scan the correct subsequent action.

Why Incorrect

B. Run Windows updates. This is part of Step 5 in the malware removal process, which is performed only after the system has been successfully cleaned.

C. Reimage the system. This is a method of remediation used as a last resort if scanning and manual removal are unsuccessful or if the system integrity is too compromised.

D. Enable System Restore. This is Step 6, which is done after the system is confirmed to be clean, to create a new, uninfected restore point.

---

References

1. Academic Courseware: Docter

& Dulaney

E. (2022). CompTIA A+ Complete Study Guide: Core 1 Exam 220-1101 and Core 2 Exam 220-1102 (5th ed.). John Wiley & Sons.

Reference: Chapter 21

"Security

" under the section "Best Practice Procedure for Malware Removal

" outlines the seven steps. Step 4

"Remediate the infected systems

" explicitly states to "run a scan with your antimalware software." This follows directly after Step 2 (Quarantine) and Step 3 (Disable System Restore).

2. Vendor Documentation: Microsoft Corporation. (2023). Remove malware from your Windows PC. Microsoft Support.

Reference: In the section "How do I remove malware like a virus?"

the primary recommended action after identifying a threat is to use security software like Microsoft Defender Antivirus to "scan for and remove threats." This aligns with performing a scan as the core remediation step.

3. University IT Publication: Indiana University. (2024

January 18). What are viruses

worms

and Trojan horses? University Information Technology Services Knowledge Base.

Reference: In the section "What to do if you suspect an infection

" the guide advises to "Run a full scan of your system with up-to-date antivirus software." This is presented as a primary action for remediation after initial containment measures.

Q: 8

Which of the following defines the extent of a change?

Options

Discussion

Parker Feb 12, 2026 2:33 pm

A . Impact (D) sounds tempting but that's more about the effect, not the boundaries. Scope directly says how much of the change is included. Seen similar wording in practice tests so think A is solid, unless I'm missing some twist.

Avery I. Feb 25, 2026 5:56 pm

A . Scope is what defines how much of something changes, not the impact. Pretty sure that's what the question wants here.

Chris Q. Feb 14, 2026 10:27 pm

Yeah, that's scope. A here. Impact is about the effect not boundaries, so scope covers the "extent" part in change management.

Hannah D. Feb 22, 2026 10:09 pm

Impact is tempting but that's not right here, scope spells out the actual extent. A.

FriendlyConsultant5926 Feb 24, 2026 1:27 am

D, Extent of a change kinda feels like impact to me, since that measures how far-reaching the change is. Not totally sure though, but that's how I see it.

Skyler I. Feb 17, 2026 2:54 am

Probably A

Rowan Y. Feb 14, 2026 9:12 pm

A is what official guides say-scope defines the boundaries or extent of change. Seen this phrasing before in practice exams. Could see why D is tempting but pretty sure it's A here, agree?

MethodicalSec2908 Feb 27, 2026 2:26 am

Practice questions and labs usually use D for stuff like this. D

Arjun B. Mar 1, 2026 12:36 pm

C or D for me. Analysis could also define the extent during planning, but D (Impact) makes sense since impact relates to how broad the change is. Not 100% though, maybe missing something basic.

Avery B. Mar 2, 2026 10:13 am

Its A, not D. "Impact" is more effect than extent, scope sets the boundaries.

Be respectful. No spam.

Correct Answer:

Explanation

In the context of change management and project management, the scope defines the specific boundaries of a change or project. It explicitly outlines all the work, deliverables, features, and resources that are included, as well as what is excluded. This detailed definition of boundaries and deliverables directly corresponds to the "extent" of the change, ensuring all stakeholders have a clear and common understanding of what the change entails from start to finish.

Why Incorrect

B. Purpose: This explains the reason or justification for the change, not its boundaries or extent.

C. Analysis: This is the process of examining the change's requirements and potential effects, not the definition of its extent.

D. Impact: This refers to the potential consequences or effects of the change on the organization, which is assessed after the scope is defined.

References

1. Project Management Institute. (2021). A Guide to the Project Management Body of Knowledge (PMBOK® Guide) (7th ed.). Section 2.2.3

"Project Scope

" defines scope as the work required to deliver a product

service

or result with specified features and functions.

2. Carnegie Mellon University Open Learning Initiative. (n.d.). Project Management for Engineers. Module 3: Defining the Project

"Defining the Scope." This courseware states

"The project scope is a written statement that defines the work or tasks to be done or the products or services to be delivered by the project."

3. University of Washington

UW-IT. (n.d.). Change Management - Key Concepts. In its official documentation on IT change management

the scope is identified as a key component of a change request

detailing "what the change is" and "what is being changed

" which directly defines its extent.

Q: 9

A technician is implementing the latest application security updates for endpoints on an enterprise network. Which of the following solutions should the technician use to ensure device security on the network while adhering to industry best practices?

Options

Discussion

JasonK Feb 24, 2026 5:54 pm

I don’t think it’s D. B is mostly about network security, not directly patching endpoints. A is probably the best choice because automating patches actually keeps devices up to date and reduces human error, which lines up with industry best practice. Open to other views though since compliance can get tricky.

Emma Feb 23, 2026 1:25 pm

Honestly, D is tempting for compliance, but A is the right pick for keeping endpoints secure through automation-D's the trap here.

MiaF Feb 12, 2026 5:29 pm

Anyone cross-checking these with the official guide or exam practice questions? That should confirm if A is really industry best practice here.

SanjayA Feb 25, 2026 9:02 pm

C/D? ACLs and documentation both protect devices in different ways but documenting all changes (D) helps you track updates and is required for audits. Pretty sure that’s key for compliance. Not convinced A is always best unless patching is the only focus.

Ajay D. Feb 25, 2026 10:21 am

I was thinking D makes sense too since documenting changes is a big deal in IT. It helps track what's been updated and can be useful for audits or troubleshooting later on. I'm pretty sure that's important for device security, though maybe not as quick as automating. Agree?

Jamie C. Mar 2, 2026 3:35 am

A definitely the way to go for best practice. Automate so patches get applied right away, not missed by accident.

Mia Q. Feb 14, 2026 11:58 am

A or D? Not sure since automation is best practice, but documenting changes does matter for compliance. Anyone else?

Liam R. Feb 18, 2026 9:58 am

Don't think it's D like some said, since automating patches (A) is a must for best practice, not just compliance.

Sam S. Feb 23, 2026 11:18 pm

Adam A. Feb 11, 2026 7:03 pm

A, that's industry best practice for endpoint updates. Patch automation keeps things secure and consistent. Wanna see if others picked this too.

Be respectful. No spam.

Correct Answer:

Explanation

The question asks for the best practice solution for implementing application security updates across an enterprise network. Automating the patching process is the industry standard for ensuring updates are deployed consistently, efficiently, and in a timely manner to all endpoints. This method minimizes the window of vulnerability that exists between the release of a patch and its application, significantly enhancing device security. Manual patching is prone to human error and is not scalable for an enterprise environment, making automation the superior solution.

Why Incorrect

B. Monitor the firewall configuration: This is a network security control measure, not a method for deploying application updates on individual endpoints.

C. Implement access control lists: ACLs are used to manage permissions and filter network traffic, which is unrelated to the process of installing software patches.

D. Document all changes: While change documentation is a critical part of IT governance and a best practice, it is a procedural step, not the technical solution for implementing the updates themselves.

References

1. National Institute of Standards and Technology (NIST). (2022). Guide to Enterprise Patch Management Technologies (Draft). NIST Special Publication 800-40r4. In Section 3.1

"Automated Patch Distribution

" the document states

"Automated patch distribution is a key component of enterprise patch management. It is the process of pushing patches down to clients automatically..." This highlights automation as a core technology for enterprise patching.

2. Microsoft. (2023). Automatically deploy software updates. Microsoft Learn | Microsoft Endpoint Configuration Manager Documentation. This official vendor documentation details the creation of automatic deployment rules (ADRs)

stating

"Use automatic deployment rules (ADR) to deploy required software updates... This deployment method is useful because you don't need to add new updates to the deployment as they're released." This exemplifies an automated solution for enterprise updates.

3. Alberts

& Dorofee

A. (2004). Defining an Enterprise-Level Patch and Vulnerability Management Program. Carnegie Mellon University

Software Engineering Institute. CMU/SEI-2004-TN-036. Section 3.2

"Patch Deployment

" discusses the necessity of tools for patch deployment

noting that "automated tools are available to assist in this process

" which is essential for enterprise-scale operations.

Q: 10

A user receives a message on a PC stating it has been infected by malware. A technician runs a full scan on the user's machine and detects no malware. Later that day, the same message reappears. Which of the following steps should the technician take to restore the system to regular functionality?

Options

Discussion

Sofia Mar 1, 2026 2:11 pm

Sounds like a deep infection that regular scans aren't catching, so reimaging is usually the safest route here. Going with B since it puts everything back to a known-good state. Pretty sure that's what CompTIA wants. Agree?

CarefulDev1224 Feb 23, 2026 1:12 pm

B. not D. SFC is only going to look for corrupted system files, but this sounds like malware that dodges normal detection. Persistent infection after scans usually means you need a full reimage to actually clean it out. Pretty sure that's what CompTIA's expecting thanks to that "restore to regular functionality" line. If anyone disagrees, let me know why you'd pick D.

Noah P. Feb 23, 2026 7:59 pm

Seen this a lot in practice tests and official study guides, pretty sure they want B for persistent malware.

BenO Feb 13, 2026 3:25 am

Its B since the malware keeps coming back even after a scan, so reimaging is basically the only guaranteed fix here. Not 100% but that's what CompTIA usually goes for in this kind of scenario.

Luke Feb 15, 2026 12:26 pm

D , similar scenario popped up in some practice sets so I'd review the official guide again to double check.

SanjayR Feb 21, 2026 9:24 pm

saw pretty similar problem in my exam in exam reports, they always go with B for persistent malware that hides from scans.

Liam O. Feb 15, 2026 9:08 am

DirectTester5976 Feb 26, 2026 6:20 pm

Nah, D is tempting but it won't catch something that's evading both antivirus and system file checks. Pretty sure B fixes this since reimaging wipes out anything hiding deep. Seen similar advice in official CompTIA practice.

Alex Mar 3, 2026 2:05 am

Is SFC (D) really enough if the malware is using non-standard persistence tricks?

Casey P. Feb 28, 2026 4:35 pm

Wouldn't go for D here, since System File Checker just fixes system files but doesn't actually remove malware that hides well. B (reimage) is what I've seen show up as the CompTIA-approved solution for infections that keep coming back. Trap is thinking the scan was enough when it clearly missed something sneaky. Pretty sure it's B but open to opposing views.

Be respectful. No spam.

Correct Answer:

Explanation

The scenario describes a persistent malware symptom (a recurring message) that evades detection by a standard antivirus scan. This strongly suggests the presence of a rootkit or other advanced persistent threat designed to hide from security software. When initial remediation steps like scanning fail, the most reliable and comprehensive method to ensure complete removal and restore the system to a known-good state is to reimage the computer. This process wipes the storage drive and reinstalls the operating system and applications from a trusted source, eliminating any hidden malicious code.

Why Incorrect

A. Check for Windows updates: This is a crucial preventative security measure but will not remove malware that is already active on the system.

C. Enable Windows Firewall: A firewall controls network traffic to prevent unauthorized access; it is not a tool for removing existing malware infections.

D. Run System File Checker: This utility repairs corrupted or missing Windows system files but is not designed to detect or remove malicious software.

References

1. National Institute of Standards and Technology (NIST). (2005). Special Publication 800-83: Guide to Malware Incident Prevention and Handling for Desktops and Laptops. Section 3.3.3

"Eradication and Recovery

" states

"For some incidents

containing and eradicating the malware is not cost-effective or practical

or it may not provide a high enough level of confidence that the malware has been eradicated successfully... In these cases

the most effective and efficient way to recover from an incident is to reimage the compromised hosts from a master image."

2. Stanford University Information Security. (n.d.). Malware and Ransomware. In the section "What to do if your device is infected

" the guidance states

"The most reliable way to clean an infected system is to erase the hard drive and reinstall the operating system and applications."

3. Microsoft Support. (n.d.). Recover your Windows PC. The "Reset this PC" feature with the "Remove everything" option is described as a method to reinstall Windows and remove all applications and settings. This is a built-in reimaging function used to restore a PC to a clean

factory state

which is a standard procedure for irremovable malware.

Question 1 of 20 · Page 1 / 2

Premium Access Includes

✓ Quiz Simulator
✓ Exam Mode
✓ Progress Tracking
✓ Question Saving
✓ Flash Cards
✓ Drag & Drops
✓ 3 Months Access
✓ PDF Downloads

Get Premium Access

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE