View 220-1202 Exam Questions

Q: 1

SIMULATION You have been contacted through the help desk chat application. A user is setting up a replacement SOHO router. Assist the user with setting up the router. INSTRUCTIONS Select the most appropriate statement for each response. Click the send button after each response to continue the chat. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button. CompTIA 220-1202 question

Your Answer

Discussion

Mason G. Feb 8, 2026 9:16 am

Nice, that's the correct setup order for the SOHO router config. Default IP, check sticker for login, change the admin password and SSID, set strong WPA2/WPA3, update firmware, then reboot.

Piya Z. Feb 15, 2026 8:57 pm

Anyone else think updating firmware before the admin password is risky? Firmware updates can reset settings, so changing password and SSID should come first. The firmware-first answer is a common trap in these kinds of sims.

Neha Feb 25, 2026 5:25 am

Default IP, sticker credentials, update admin password, set SSID and WPA2/WPA3, firmware update, reboot. That's the expected CompTIA order.

CarefulReviewer9077 Feb 7, 2026 8:12 pm

Update firmware after logging in, not before setting passwords-firmware updates can wipe out changes. Changing admin/SSID first is the safer bet.

Adam L. Feb 12, 2026 10:38 pm

Actually firmware update should always come before changing any wireless settings, since an upgrade can reset configs. Update first right after initial login, then secure SSID and passwords.

PracticalMentor3059 Feb 13, 2026 2:27 am

Change admin password before updating firmware

Vikram Feb 13, 2026 10:11 am

Start with logging in using the default IP and credentials, then change the admin password and SSID, enable WPA2/WPA3, update firmware, and finally reboot. Seen similar order in practice-doing firmware first can wipe new settings so it’s a trap. Pretty sure that’s what CompTIA expects here but open to discussion.

Vikram P. Feb 11, 2026 12:20 am

Change default admin password, then update firmware. That's the normal secure order for SOHO routers unless something urgent is mentioned.

Rowan X. Feb 19, 2026 1:09 pm

If the firmware is super out of date, shouldn’t we update it before setting up WiFi security and SSID? Would that impact the password reset or SSID settings? I’m not sure if CompTIA wants firmware update before or after WiFi config in this scenario.

RileyY Feb 17, 2026 4:45 am

Open the web browser, use the default IP, find credentials on the sticker, change admin password, then set new SSID and enable WPA2/3, update firmware after that, then reboot. That order makes sense since firmware updates can reset your config if done first. Pretty sure that's what they want but open to debate if I missed something.

Be respectful. No spam.

Correct Answer:

THE CORRECT SEQUENCE OF RESPONSES FOR THE SIMULATION IS AS FOLLOWS: 1. YOU WILL NEED TO OPEN A WEB BROWSER AND NAVIGATE TO THE ROUTER'S DEFAULT IP ADDRESS. THIS IS USUALLY 192.168.1.1 OR 192.168.0.1. 2. YOU WILL NEED TO LOOK FOR A STICKER ON THE BOTTOM OF THE ROUTER FOR THE DEFAULT CREDENTIALS. 3. YOU SHOULD CHANGE THE DEFAULT ADMINISTRATOR PASSWORD FOR THE ROUTER. 4. YOU SHOULD CHANGE THE DEFAULT SSID AND CONFIGURE WPA2 OR WPA3 ENCRYPTION WITH A STRONG PASSWORD. 5. YOU SHOULD UPDATE THE ROUTER'S FIRMWARE TO ENSURE YOU HAVE THE LATEST SECURITY PATCHES. 6. REMEMBER TO REBOOT THE ROUTER AFTER THE FIRMWARE UPDATE IS COMPLETE.

Explanation

This sequence represents a logical and secure methodology for SOHO router configuration. The process begins with establishing a connection to the router's management interface via its default IP address. Best practice dictates using the unique credentials printed on the device rather than common, insecure defaults.

The security hardening process prioritizes changing the administrator password to protect the device's configuration settings. This is followed by securing the wireless network itself by changing the default SSID and implementing strong WPA2 or WPA3 encryption. Finally, updating the firmware is a critical step to patch known vulnerabilities. The final instruction to reboot is necessary to apply the firmware update correctly, ensuring the process is completed successfully.

References

1. CompTIA A+ Core 2 (220-1102) Exam Objectives. (2022). CompTIA.

Section 2.5

"Given a scenario

secure a SOHO multifunction device/router

" outlines the required security steps

including: "Change default username and password

" "Change SSID

" "Set encryption

" and "Update firmware." This directly supports steps 3

and 5 of the provided solution.

2. Kurose

J. F.

& Ross

K. W. (2021). Computer Networking: A Top-Down Approach (8th ed.). Pearson.

Chapter 7

Section 7.3.4

"Securing Wireless LANs

" discusses the importance of changing the default SSID and using robust encryption like WPA2 or WPA3 to prevent unauthorized access

supporting step 4. The chapter also implicitly covers accessing the router's configuration page via its IP address (step 1).

3. Cui

& Stolfo

S. J. (2010). A quantitative analysis of the security of home computer users. In Proceedings of the 3rd USENIX conference on Large-scale exploits and emergent threats (LEET'10). USENIX Association.

The paper highlights that a significant percentage of home routers use default credentials

making them vulnerable. This underscores the critical importance of step 3

changing the default administrator password

as the first security action after gaining access.

4. Fouad

Oest

& Parian

A. (2020). Home-Router Security: A Survey of Risks and a Minimalist Solution. IEEE Access

215013-215031. https://doi.org/10.1109/ACCESS.2020.3040318

Section III-A

"Outdated Firmware

" states

"Firmware updates are one of the most effective ways to protect routers from known vulnerabilities." This provides strong academic backing for the inclusion of step 5 as a critical security measure. The paper also discusses the risks of default passwords

supporting step 3.

Q: 2

SIMULATION You are configuring a home network for a customer. The customer has requested the ability to access a Windows PC remotely, and needs all chat and optional functions to work in their game console. INSTRUCTIONS Use the drop-down menus to complete the network configuration for the customer. Each option may only be used once, and not all options will be used. Then, click the + sign to place each device in its appropriate location. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button. Wireless AP LAN

Firewall Screened Subnet

Your Answer

Discussion

QuietCandidate9255 Feb 9, 2026 8:24 pm

PC goes in LAN since you want remote RDP, and the game console should be in the screened subnet (DMZ) with UPnP enabled for all its chat/gaming features to work right. That’s what most practice questions seem to expect. Not 100% sure, but this fits the requirements.

Zoe B. Feb 16, 2026 4:50 pm

Windows PC in Wireless LAN, game console in screened subnet with UPnP and RDP port forwarding. Saw similar question in recent practice.

Riley C. Feb 8, 2026 8:23 am

Not quite, the trap is putting the console in LAN. Screened subnet with UPnP for the console.

Arjun L. Feb 23, 2026 3:22 pm

Nah, console in the LAN trips up some game and chat functions. Screened subnet is right.

Alex S. Feb 24, 2026 12:17 am

Yeah, that's right: PC in LAN, console in screened subnet with UPnP and RDP for the PC.

Casey H. Feb 16, 2026 6:31 am

Game consoles usually need UPnP to handle all the weird ports for voice and multiplayer, so putting it in the screened subnet with UPnP makes sense here. The Windows PC goes in LAN with RDP port forwarded. Pretty sure that's the right setup unless the console needs more isolation.

Luke Feb 13, 2026 12:08 pm

That matches what I've seen. PC gets remote RDP in LAN, console in screened subnet using UPnP for chat/gaming.

Ethan V. Feb 13, 2026 1:22 am

Windows PC LAN, game console screened subnet with UPnP, RDP port for PC.

Skyler F. Feb 7, 2026 1:13 am

Console goes in the LAN this time, since UPnP sometimes works even behind typical home NAT if you set port forwarding. Pretty sure that's close enough for most games and chat (though a few could break). RDP to PC still forwarded from outside. Maybe not perfect but covers most use cases unless DMZ is specifically required. Disagree?

FriendlyArchitect8159 Feb 16, 2026 8:37 pm

I'd put both the Windows PC and game console into the LAN to keep things simple. Just port forward RDP for the PC, then open UPnP for the console on that same network. I think that's how a lot of home setups work, but maybe I'm missing a reason for using the DMZ.

Be respectful. No spam.

Correct Answer:

DEVICE PLACEMENT: WINDOWS PC: PLACED IN THE WIRELESS AP LAN. GAME CONSOLE: PLACED IN THE SCREENED SUBNET. FIREWALL CONFIGURATION: RULE 1: DESTINATION: 192.168.1.100 SERVICE/PORT: RDP (3389) RULE 2: DESTINATION: 10.10.10.100 SERVICE/PORT: UPNP

Explanation

To fulfill the requirements, the Windows PC is placed on the secure internal LAN. A specific port forwarding rule is configured on the firewall to allow remote access via Remote Desktop Protocol (RDP), which uses TCP port 3389, directed to the PC's internal IP address (192.168.1.100).

The game console is placed in the Screened Subnet (DMZ) to isolate it from the trusted internal network. To ensure all gaming and chat functions operate correctly, which often require a variety of ports, Universal Plug and Play (UPnP) is enabled for the console's IP (10.10.10.100). UPnP allows the console to dynamically and automatically request the firewall to open and close the specific ports it needs for its operations, providing functionality without manual configuration.

References

1. Microsoft Corporation. (2021). Troubleshoot Remote Desktop. Microsoft Learn. Retrieved from official Microsoft documentation. This source confirms that Remote Desktop Protocol (RDP) for Windows PCs uses TCP port 3389 by default

justifying the port forwarding rule for remote access.

2. National Institute of Standards and Technology (NIST). (2009). SP 800-41 Rev. 1

Guidelines on Firewalls and Firewall Policy. Section 3.3

"DMZ Network Architectures." This publication defines a DMZ (or screened subnet) as a network for hosting public-facing services

isolating them from the internal

trusted network. This supports the placement of the game console

which requires broad external access

into the DMZ.

3. Open Connectivity Foundation. (2020). UPnP Device Architecture 2.0. OCF-20-0004-UPnP-Device-Architecture-V2.0. Section 1.3

"Networking

" and Section 2

"Discovery." The official standard describes how UPnP enables devices to automatically configure network settings

including port mappings on an Internet Gateway Device (IGD)

which is the standard mechanism used by game consoles to ensure connectivity for online features.

4. Kurose

J. F.

& Ross

K. W. (2017). Computer Networking: A Top-Down Approach (7th ed.). Pearson. In Section 4.4.2

"NAT Traversal and Relaying

" the text explains that UPnP is a protocol that allows a host on a LAN to discover and configure its NAT device

including adding and removing port mappings. This is cited as a common solution for P2P applications like online gaming.

Q: 3

SIMULATION As a corporate technician, you are asked to evaluate several suspect email messages on a client's computer. Corporate policy requires the following: >All phishing attempts must be reported. >Future spam emails to users must be prevented. INSTRUCTIONS Review each email and perform the following within the email: >Classify the emails >Identify suspicious items, if applicable, in each email >Select the appropriate resolution If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Your Answer

Discussion

Liam K. Feb 15, 2026 8:08 am

Seriously, do they expect us to memorize every little policy change? For me it's: phishing, spam, legitimate internal mail.

Ben R. Feb 19, 2026 2:43 pm

Yeah, I’d mark the first email as phishing because of the fake sender and urgent credential request-the domain doesn’t match and that’s a classic red flag. The second one's just spam: generic marketing, unknown sender, plus those sketchy coupon attachments, so you add it to the spam filter. Third is clean-legit corporate sender, nothing suspicious about it. Common trap here is thinking you only filter after repeat spam, but policy says prevent all future so filtering right away is needed. Pretty sure this matches what CompTIA wants. Anybody see it different?

Ethan B. Feb 13, 2026 12:05 am

Practice labs and the official A+ exam objectives explain these classifications really clearly.

Olivia L. Feb 12, 2026 3:03 pm

Phishing, spam, legit. Email 1 screams phishing because the sender's domain is off and they're rushing you to re-auth. Email 2 is just plain spam with free coupon bait, not pretending to be anyone. Email 3 looks fine, comes from inside and no weird links. Pretty sure that's how CompTIA wants it handled here, but let me know if I missed something.

ReeseF Feb 6, 2026 8:30 pm

Phishing for email 1 since the sender's domain is off and the link goes to an outside/non-corp site, needs to be reported up. Email 2 is spam, so filter it (block sender/domain). Email 3's legit, so no action needed. This fits what I've seen on practice tests.

Olivia G. Feb 22, 2026 7:57 pm

Which part would you focus on first, sender address or embedded links? I always check domain mismatches before looking for weird requests, but maybe there’s a better order.

Morgan J. Feb 9, 2026 12:43 am

Phishing, spam, legit internal mail. No more needed here.

HannahG Feb 18, 2026 6:32 am

I don’t think deleting is enough for the spam email-policy just says all future spam to users must be prevented, so add the address/domain to the filter right away. Deleting on its own only solves that one message. Phishing gets reported, legit business mail stays in the inbox. Pretty sure that’s what CompTIA is looking for here, but open to other reads if I missed something obvious. The main trap here is assuming filtering is just for recurring spam.

Ivy Feb 23, 2026 6:07 am

Nah, you shouldn't just delete the spam. The policy doesn't require it to be recurring for filtering, so add the sender to the junk filter right away. Phishing is reported, spam is filtered, legit mail okay.

Chloe D. Feb 8, 2026 1:35 pm

Would you mark email 2 as spam or phishing, since it has an attachment but isn't impersonating anyone? Sometimes that trips people up.

Be respectful. No spam.

Correct Answer:

• EMAIL 1 → PHISHING. SUSPICIOUS ITEMS: SENDER DOMAIN DOES NOT BELONG TO THE REAL COMPANY, EMBEDDED HYPERLINK POINTS TO A NON-CORPORATE URL, URGENT REQUEST TO “RE-AUTHENTICATE”. RESOLUTION: REPORT THE MESSAGE TO THE SECURITY/IT TEAM AS A PHISHING ATTEMPT. • EMAIL 2 → SPAM. SUSPICIOUS ITEMS: UNSOLICITED MARKETING CONTENT, UNKNOWN SENDER ADDRESS, ATTACHMENT OFFERING “FREE COUPONS”. RESOLUTION: ADD THE SENDER/DOMAIN TO THE SPAM (JUNK-MAIL) FILTER SO FUTURE MESSAGES ARE BLOCKED. • EMAIL 3 → LEGITIMATE INTERNAL MAIL. NO MISMATCHED LINKS, SENDER IS ON THE CORPORATE DOMAIN, NORMAL BUSINESS CONTEXT. RESOLUTION: LEAVE IN INBOX; NO FURTHER ACTION.

Explanation

Corporate policy requires two distinct actions: phishing must be escalated, while recurring spam should be filtered. Phishing is identified by social-engineering indicators: forged sender domain, mismatched URLs, and a time-critical demand for credentials. Spam carries marketing language, unknown origin and often attachments, but does not impersonate trusted services; the correct mitigation is to block or filter. A correctly addressed, context-appropriate message from an internal domain that contains no malicious indicators is considered legitimate and needs no intervention.

References

1. Jakobsson & Myers

“Phishing and Countermeasures

” IEEE Press/Wiley

2007

Ch. 2 (phishing indicators: forged domains

deceptive links).

2. Abu-Nimeh et al.

“A comparison of machine learning techniques for phishing detection

” ACM Trans. on Information & System Security

vol 13 no 2

2010

pp. 1-31 (urgency & credential harvesting as key features). https://doi.org/10.1145/1698752.1698757

3. Microsoft 365 Security Docs

“Report junk and phishing email

” §“Difference between junk and phishing & required user actions

” 2023 (report phishing; block spam).

4. MIT OpenCourseWare 6.858 “Computer Systems Security

” Lec. 4 notes

p. 3-4 (spam filtering vs. phishing escalation).

Q: 4

SIMULATION Multiple users are reporting audio issues as well as performance issues after downloading unauthorized software. You have been dispatched to identify and resolve any issues on the network using best practice procedures. INSTRUCTIONS Quarantine and configure the appropriate device(s) so that the users’ audio issues are resolved using best practice procedures. Multiple devices may be selected for quarantine. Click on a host or server to configure services. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Your Answer

Discussion

Chloe Feb 17, 2026 9:39 am

Quarantine SRV1 and restart Windows Audio service. This hits both best practice (containment) and resolves the audio issues. Official A+ study guides and practice labs show similar steps, so I think that's the expected path.

Vikram Feb 16, 2026 3:53 pm

Nah, not just user PCs this time-SRV1 should be quarantined since it's the central point. Picking endpoints is a common trap here.

Ethan Q. Feb 11, 2026 11:55 pm

Could the issue just be with the Windows Audio service being stopped on SRV1, or do we need to dig into possible malware cleanup steps too?

Ethan X. Feb 9, 2026 3:24 am

Quarantine SRV1 and restart Windows Audio service. Since the issue affects multiple users, it's more likely the server is at fault, not each PC. Pretty sure that's what CompTIA wants here, unless their wording was meant to trick us. Agree?

Sam C. Feb 15, 2026 9:31 am

Does the question specify if only network-wide audio issues should be fixed, or do they want all endpoints checked too? If it's just central, I'd focus on SRV1, but if individual PCs are in scope that might change things.

Nathan Feb 9, 2026 5:42 am

Why would you not just restart only the Windows Audio service without quarantining SRV1 first in this scenario?

Neha Feb 15, 2026 12:45 am

SRV1 quarantine and fixing the Windows Audio service is the right move since all users report issues, not just a few. The trap here is thinking you need to hit every workstation, but question scope points at the server. Pretty sure this matches real exam logic.

Meera W. Feb 17, 2026 12:08 am

Should we also check client PCs if users still have issues after fixing SRV1, or just focus on the server?

Noah G. Feb 20, 2026 12:09 am

SRV1 only.

Owen Feb 12, 2026 2:06 pm

Don’t think you need to quarantine every PC, just SRV1. The wording points to a network-wide resource being the issue, not individual endpoints. Quarantine trap is easy here but pretty sure server isolation is the best move-unless I missed something.

Be respectful. No spam.

Correct Answer:

1. SELECT THE SERVER SRV1. 2. CLICK THE QUARANTINE BUTTON. 3. IN THE SERVER'S CONFIGURATION WINDOW, SELECT THE SERVICES TAB. 4. SELECT THE WINDOWS AUDIO SERVICE. 5. SET THE STARTUP TYPE TO AUTOMATIC AND CLICK THE START BUTTON.

Explanation

The scenario indicates multiple users are experiencing identical issues, which points to a problem with a centralized network resource rather than individual workstations. The server, SRV1, is the only central device serving all users. The reported symptoms, stemming from unauthorized software, are characteristic of a malware infection.

According to incident response best practices, the first step is to contain the threat by quarantining the infected system (SRV1) to prevent the malware from spreading. The second step is remediation. Malware often disrupts normal operations by disabling essential system services. To resolve the specific "audio issues," the "Windows Audio" service, which the malware likely disabled, must be re-enabled and set to start automatically.

References

1. National Institute of Standards and Technology (NIST) Special Publication 800-83 Rev. 1

Guide to Malware Incident Prevention and Handling for Desktops and Laptops.

Section 3.4.2

Containment: This section outlines the importance of isolating the affected system to prevent further damage. It states

"An essential part of containment is disconnecting the affected host(s) from the network... This can be accomplished by disconnecting the network cable from the host or by disabling the host’s network adapter." This supports the action of quarantining SRV1.

Section 3.4.3

Eradication and Recovery: This section details the process of removing the malware and restoring the system to a normal

trusted state. This includes "reinstalling applications" and "restoring system settings from a clean backup

" which conceptually covers re-enabling a disabled

legitimate service.

2. Microsoft Corporation

Windows Audio Service.

Official Documentation: The Windows Audio service (Audiosrv) is officially described as managing all audio functions for Windows programs. The documentation states

"If this service is stopped

audio devices and effects will not function properly. If this service is disabled

any services that explicitly depend on it will fail to start." This directly links the functionality of the service to the reported audio problem.

3. Al-Bataineh

& White

G. (2016). Disabling Windows Services as a Malware Persistence and Evasion Technique. In Proceedings of the 11th International Conference on Malicious and Unwanted Software (MALWARE). IEEE.

DOI: 10.1109/MALWARE.2016.7876931

Abstract & Section III.A: This peer-reviewed paper analyzes how malware manipulates Windows services to achieve its objectives. It explicitly discusses how malware disables legitimate services

such as security or system services

to cause disruption

evade detection

or ensure its own persistence. This academic source validates the premise that malware is a likely cause for the "Windows Audio" service being disabled.

Q: 5

Which of the following file types would a desktop support technician most likely use to automate tasks for a Windows user log-in?

Options

Discussion

Ivy T. Feb 6, 2026 10:22 pm

I don't think it's B. C seems reasonable if Python is on the system, since .py scripts can automate a lot, but Windows doesn’t run them natively at log-in without special setup. I could see techs using it in some environments though. Maybe I'm missing something?

Leo U. Feb 15, 2026 5:44 am

A or C? .bat is classic for Windows logon tasks, but I've also seen .py used when Python's installed on every machine. C feels like a trap here since that's not always default. Pretty sure A is what most techs would use out of the box, correct me if I'm missing something!

Cameron Feb 6, 2026 8:08 am

A or C? I know .bat is standard for Windows logon scripts but I've seen .py used if Python's set up on the machine. Might be reading too much into it but C trips me up sometimes in practice test scenarios.

Ben U. Feb 21, 2026 6:22 pm

A tbh

Sara T. Feb 20, 2026 12:01 am

Option A .sh is for Linux, not Windows logins. .py and .js aren’t used as basic logon scripts in Windows either. Pretty sure it’s .bat unless the question mentioned PowerShell scripts, which it didn’t.

Avery B. Feb 16, 2026 10:48 pm

C vs A

Morgan Feb 6, 2026 9:52 pm

A not B. .bat is way more common for Windows log-in automation unless you're in a super Python-heavy shop. Anyone disagree?

Quinn P. Feb 24, 2026 4:26 am

A is the one. C is tempting but only works if Python's installed by default, which isn't guaranteed.

Layla K. Feb 7, 2026 12:55 am

A, but if the environment defaults to PowerShell scripts instead of cmd, this flips fast. Seen this confusion in some practice sets.

HelpfulCandidate8096 Feb 23, 2026 9:17 am

Batch files (.bat) are like the go-to for Windows automation at log-in. They're built into all Windows versions and work out of the box, unlike .py which needs Python installed. I'm pretty sure A fits what most support techs would actually use for this use case. Agree?

Be respectful. No spam.

Correct Answer:

Explanation

A .bat (batch) file is a script containing a series of commands for the Windows command-line interpreter (cmd.exe). It is a native and long-standing method for automating tasks within the Windows operating system. Desktop support technicians frequently use batch files for log-in scripts to perform actions like mapping network drives, setting environment variables, or launching applications automatically when a user logs in. These scripts can be easily deployed through Group Policy or by placing them in the user's Startup folder.

Why Incorrect

B. .sh: This file extension is for shell scripts used in Linux and other Unix-like operating systems, not for native Windows automation.

C. .py: This is a Python script. While it can automate tasks on Windows, it requires the Python interpreter to be installed, making it less direct than a native batch file.

D. .js: This is a JavaScript file. While it can be used for scripting on Windows via Windows Script Host (WSH), it is not the most common or primary tool for log-in automation.

References

1. Microsoft Learn. (2023

October 23). Assign user logon scripts. "You can use Group Policy to assign a user logon script... Scripts are useful for configuring user working environments." This documentation confirms the use of scripts for user log-on

a primary application for .bat files.

2. Microsoft Learn. (2023

April 12). Working with batch files. "A batch file is a script file that stores a list of commands to be executed in sequential order... to automate repetitive tasks." This defines the purpose of batch files in Windows.

3. University of Washington - UW-IT Connect. (n.d.). Logon Scripts. "Logon scripts are batch files or executables that run when you log on to a Windows session." This university documentation provides a practical example of .bat files being the standard for log-on scripts in a managed Windows environment.

Q: 6

Which of the following types of social engineering attacks sends an unsolicited text message to a user's mobile device?

Options

Discussion

Ryan G. Feb 25, 2026 10:01 pm

If the question just said "targeted" instead of "unsolicited," wouldn't that actually make C (spear phishing) a better fit? The text angle makes D right here, but just curious how much "unsolicited" shifts the meaning for these attacks.

Luke E. Feb 22, 2026 2:34 am

Makes sense to me, it's D. If they're sending a text, that's smishing not vishing or spear phishing.

Noah J. Feb 18, 2026 4:50 pm

Maybe D. Spear phishing (C) is tempting but only if there was a targeted angle, which isn’t mentioned here.

Casey H. Feb 23, 2026 8:58 pm

C/D? I had something like this in a mock and it was D for SMS-related attacks, not C.

Riley I. Feb 14, 2026 5:35 am

D unless there's a detail about the message being highly targeted. If it's just any random unsolicited text, that's classic smishing. But if the question threw in something personal, maybe C fits better. Curious if anyone disagrees.

Quinn Feb 18, 2026 8:34 pm

Not C, D fits better. Smishing is the term for SMS-based social engineering, so when it comes from an unsolicited text, that's what CompTIA wants here. Spear phishing (C) would need it to be targeted and not just random spam. Pretty sure D nails it for this scenario, but open if someone sees a nuance I missed.

Sara L. Feb 17, 2026 8:19 pm

Its D for smishing. Unsolicited text messages fit that definition, not vishing or impersonation.

Daniel Feb 24, 2026 4:53 am

Seriously wish they’d just use plain language on these! D for smishing, since it’s about SMS text scams. Vishing is for calls, not texts. Pretty sure that’s what CompTIA expects.

Aaron J. Feb 10, 2026 9:18 pm

Why isn't it C? The question doesn't mention if the text is personalized, could that make a difference?

Quinn Feb 9, 2026 3:40 am

That's D. Unsolicited text message is classic smishing, pretty sure that's what they're after here.

Be respectful. No spam.

Correct Answer:

Explanation

Smishing is a form of phishing that uses mobile text messages (SMS) to deceive victims into providing sensitive information, clicking malicious links, or downloading malware. The term is a portmanteau of "SMS" and "phishing." This attack vector directly corresponds to the scenario of receiving an unsolicited text message on a mobile device as described in the question. The goal is to exploit the user's trust in text messaging to execute the attack.

Why Incorrect

A. Impersonation: This is a general technique where an attacker pretends to be a trusted entity. While used in smishing, it is not the specific term for an attack via text message.

B. Vishing: This attack uses voice communication (voice phishing), such as phone calls or voicemails, to trick users, not text messages.

C. Spear phishing: This refers to a highly targeted phishing attack aimed at a specific individual or organization, regardless of the medium (though typically email). The defining characteristic is targeting, not the use of text messages.

References

1. National Institute of Standards and Technology (NIST). (n.d.). Smishing. In Computer Security Resource Center Glossary. Retrieved from https://csrc.nist.gov/glossary/term/smishing

Definition: "A technique that uses text messages (SMS) to trick users into taking an immediate action

such as clicking a link to a fraudulent website

calling a fraudulent number

or downloading a malicious application."

2. National Institute of Standards and Technology (NIST). (n.d.). Vishing. In Computer Security Resource Center Glossary. Retrieved from https://csrc.nist.gov/glossary/term/vishing

Definition: "A type of phishing attack that is conducted by phone."

3. National Institute of Standards and Technology (NIST). (n.d.). Spear Phishing. In Computer Security Resource Center Glossary. Retrieved from https://csrc.nist.gov/glossary/term/spearphishing

Definition: "A targeted phishing attack that is customized for a specific organization or individual."

4. Cybersecurity and Infrastructure Security Agency (CISA). (2022

October 19). Avoiding Social Engineering and Phishing Attacks. CISA.gov.

Section: Phishing: "Smishing is phishing that uses text messages to trick a user... Vishing is phishing that uses a phone call to trick a user." This document clearly differentiates the terms based on the communication medium.

Q: 7

A help desk team was alerted that a company-owned cell phone has an unrecognized password- cracking application. Which of the following should the help desk team do to prevent further unauthorized installations from occurring?

Options

Discussion

Liam I. Feb 16, 2026 7:42 pm

Makes sense to pick D here. MDM can lock down app installs on company devices and enforce rules before anything bad gets added. Not 100% but that's what most exam prep guides call out for stopping these from happening in the first place. Agree?

Zoe Feb 23, 2026 2:45 pm

Not convinced it's C. D handles app whitelisting for company phones, anti-malware (C) is more about detection after the fact.

Luna D. Feb 8, 2026 7:09 pm

D imo, since rolling out MDM is really how you control which apps get installed on company phones. Anti-malware (C) just catches stuff after it's already there. Pretty standard in most A+ prep books. Disagree?

Nora O. Feb 10, 2026 8:14 pm

D here, since only MDM gives you control over what users can install on their phones. Anti-malware (C) might catch some bad apps but won't prevent all unauthorized installs in the first place. Pretty sure that's what they want.

Aisha Z. Feb 6, 2026 3:04 pm

Had something like this in a mock before, it's D. MDM is what actually enforces what gets installed on company phones.

Kevin N. Feb 26, 2026 3:35 am

Its D here. MDM can actually lock down app installs on mobile devices, so employees can't just put whatever they want. Group Policy (A) wouldn't work since that's for Windows, and PAM (B) is about privileged access, not app blocking. The only edge case is if it's a BYOD scenario, but question says company-owned. Pretty sure D's right unless they're hiding some tricky condition.

Ava M. Feb 6, 2026 1:10 pm

Probably D since MDM can actually stop users from adding new apps on managed phones. C just scans, doesn’t enforce. Anyone disagree?

Ethan Feb 20, 2026 4:57 am

D , since MDM actually lets you control app installs on company-owned devices. Group Policy doesn't work for mobile OS, and anti-malware (C) is more reactive. Pretty sure unless it's BYOD, D is the move here.

FriendlyEngineer880 Feb 24, 2026 9:02 am

C for this, seen similar in practice questions. Anti-malware should stop unwanted apps from getting installed, right?

Reese Feb 10, 2026 10:39 am

D , saw a similar question in exam reports and it was MDM for company phones every time.

Be respectful. No spam.

Correct Answer:

Explanation

The core issue is controlling software installations on a company-owned mobile device. Mobile Device Management (MDM) is the specific technology designed to enforce corporate policies on mobile endpoints. MDM solutions provide centralized control over devices, including the ability to create application whitelists (approved apps) and blacklists (prohibited apps). By deploying an MDM, the IT department can prevent users from installing unauthorized applications, such as the password-cracking tool mentioned, directly addressing the requirement to prevent future occurrences.

Why Incorrect

A. Configure Group Policy: Group Policy is a feature of Microsoft Windows Active Directory used to manage user and computer settings on Windows-based systems, not natively on cell phone operating systems.

B. Implement PAM: Privileged Access Management (PAM) is a security strategy focused on controlling, monitoring, and securing access for privileged (administrative) accounts, not managing applications on end-user devices.

C. Install anti-malware software: While anti-malware is crucial for detecting and removing malicious software, its primary function is not to enforce policies that prevent the installation of all unauthorized applications.

References

1. National Institute of Standards and Technology (NIST) Special Publication 800-124 Revision 2

Guidelines for Managing the Security of Mobile Devices in the Enterprise. Section 4.4

"Application Security

" states

"Organizations should use mobile application whitelisting or blacklisting to control which applications can be installed on enterprise-managed mobile devices... These controls are typically implemented through a mobile device management (MDM) system."

2. Microsoft Corporation

What is Microsoft Intune?. Official documentation describes Intune as a cloud-based service focusing on mobile device management (MDM) and mobile application management (MAM). It explicitly states that organizations can "Control the way users access and share information to protect company information" and "Manage the apps your workforce uses." This demonstrates MDM's role in controlling applications.

3. Carnegie Mellon University

Software Engineering Institute

Mobile Device Security. Course materials and technical reports often highlight that a key function of MDM is to enforce enterprise security policies

including restrictions on application installation

to mitigate risks from unauthorized or malicious apps. For example

the document "SEI-2013-TN-003" discusses securing mobile devices and the central role of MDM in policy enforcement.

Q: 8

Which of the following methods involves requesting a user's approval via a push notification to verify the user's identity?

Options

Discussion

SaraX Feb 9, 2026 3:55 pm

B. Official A+ study guide and some solid practice exams usually spell this out with examples like push approvals via authenticator apps. If you review those resources, it lines up. Agree?

SkepticalCandidate4249 Feb 20, 2026 3:34 am

Option D since SMS comes as a notification to your phone, so you might approve by replying. Not 100 percent sure though.

Olivia Y. Feb 16, 2026 2:26 pm

B imo

Zoe S. Feb 8, 2026 5:39 am

B tbh. Had something like this in a mock, push approvals are definitely tied to authenticator apps, not SMS. SMS is just codes. Unless I'm missing a weird edge case, B's the one here.

Ethan Feb 7, 2026 6:27 pm

Its B, since authenticator apps are the ones that do the tap-to-approve push. SMS and calls give you codes to enter, not push approvals. Hardware token is physical, not a notification. Pretty sure about this but if anyone's seen push used with SMS let me know.

ParkerR Feb 20, 2026 7:13 am

Seriously wish CompTIA would word these better. D

LukeT Feb 10, 2026 10:09 am

C vs D? I was thinking hardware token, since some have a button you press to approve, but now not sure if that counts as a push notification. Also, SMS gets approval codes but I guess not really push. Someone correct me if I'm off.

Adam Feb 15, 2026 6:55 pm

I thought it was A, since you can approve with a call sometimes.

Sean T. Feb 24, 2026 4:22 pm

Its B. SMS is just a code, the push approval comes from authenticator apps. Seen similar wording in practice tests.

FriendlyReviewer555 Feb 23, 2026 5:05 am

I was thinking D at first, since SMS does send you a code on your phone, but pretty sure that's not the same as a push notification for approval. Push means you tap approve, so I'm going with D but maybe missing something?

Be respectful. No spam.

Correct Answer:

Explanation

An authenticator application is a software-based security token that provides a second factor of authentication. A primary feature of modern authenticator apps is the ability to send a push notification directly to a user's registered smartphone or device. When a login attempt is made, the user receives this notification and can simply tap "Approve" or "Deny" to verify their identity, completing the authentication process without needing to manually enter a code. This method is specifically designed for user convenience while maintaining security.

Why Incorrect

A. Call: This method involves receiving an automated phone call to authorize a login, typically by pressing a key. It is not a push notification.

C. Hardware token: This is a physical device that generates a one-time password or requires a physical action (e.g., plugging into a USB port). It does not send push notifications.

D. SMS: This method sends a one-time code via a text message, which the user must then manually enter. It does not use a push notification for direct approval.

References

1. Microsoft Documentation. "How to use the Microsoft Authenticator app". Microsoft Entra Documentation. This document describes the functionality: "To respond to a push notification

open the Microsoft Authenticator app... and tap Approve." This directly aligns with the question's scenario.

2. Carnegie Mellon University. "Two-Factor Authentication (2fa) with DUO". Computing Services Documentation. The documentation states

"Push Notification (Recommended): Tap Approve to log in. You don't have to type anything." This university resource confirms push notifications as a primary method for authenticator apps.

3. NIST Special Publication 800-63B. "Digital Identity Guidelines: Authentication and Lifecycle Management". Section 5.1.3.2

"Out-of-Band Authenticators

" describes the mechanism where a primary channel initiates a transaction and a secondary channel (the "out-of-band" device) is used for authentication. Push notifications from an authenticator app are a direct implementation of this concept.

Q: 9

A security administrator teaches all of an organization's staff members to use BitLocker To Go. Which of the following best describes the reason for this training?

Options

Discussion

Ishaan Y. Feb 21, 2026 9:08 pm

I don't think it's D since BitLocker To Go is aimed at removable drives, not internal ones with TPM. Option A makes more sense because that feature's all about password protecting USBs and external media if they're misplaced or stolen. The TPM piece in D is a trap here. Pretty sure A's right, but if anyone has another angle let me know!

MayaU Feb 24, 2026 3:59 am

A for sure, since BitLocker To Go is mainly about protecting removable storage like USB sticks. If they get lost or stolen, the password protection keeps the data safe. I don't think B applies here because that's more BIOS/security settings stuff, not portable drives. Pretty sure on this but correct me if I'm off!

CaseyR Feb 18, 2026 6:11 am

B tbh, saw a similar question in some practice exams.

Leo Q. Feb 8, 2026 10:06 pm

Riley P. Feb 21, 2026 7:38 pm

Not D here, it’s A. Some folks go for D because of BitLocker, but BitLocker To Go is just for protecting files on USBs and other removable storage if lost or stolen.

Chris G. Feb 23, 2026 7:55 pm

I get why some say D, but BitLocker To Go is really for external/removable drives not internal disks with TPM. Maybe A is right since it's about protecting USBs if they're lost. Not totally sure, open to better explanations!

Nina X. Feb 12, 2026 9:35 am

A imo, BitLocker To Go is for encrypting removable media like USBs. That way, if a drive gets lost or stolen, the password protects your data. None of the other options fit how BitLocker To Go is used. Pretty confident.

OwenP Feb 23, 2026 5:33 am

I don’t think it’s B. A is better because BitLocker To Go is for encrypting removable media so if you lose a USB, passwords protect the data. B is more about securing BIOS, which isn’t the use case here.

Be respectful. No spam.

Correct Answer:

Explanation

BitLocker To Go is a specific Microsoft Windows feature designed for full-volume encryption of removable storage devices, such as USB flash drives and external hard drives. The primary purpose of this technology is to protect data at rest on these portable devices. By training staff to use BitLocker To Go, an organization ensures that if a removable drive is lost or stolen, the sensitive data it contains remains confidential and inaccessible without the correct password or recovery key. This directly mitigates the risk associated with the loss or theft of portable media.

Why Incorrect

B: Secure Boot and BIOS passwords are firmware-level security measures to protect the boot process and system settings, not for encrypting data on removable media.

C: VPNs (Virtual Private Networks) are used to encrypt data in transit across a network, which is unrelated to encrypting data at rest on a physical drive.

D: This describes standard BitLocker Drive Encryption for internal, fixed hard drives, which often integrates with a Trusted Platform Module (TPM), not the "To Go" version for removable drives.

References

1. Microsoft Corporation. (2023

October 12). BitLocker To Go FAQ. Microsoft Learn. Retrieved from https://learn.microsoft.com/en-us/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-to-go-faq.

Reference Detail: The document explicitly states

"BitLocker To Go is BitLocker Drive Encryption on removable data drives... BitLocker To Go allows users to encrypt the contents of a removable data drive and use a password to unlock the contents of the drive..." This directly supports the purpose described in option A.

2. Microsoft Corporation. (2023

October 12). BitLocker overview. Microsoft Learn. Retrieved from https://learn.microsoft.com/en-us/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-overview.

Reference Detail: This overview distinguishes between BitLocker for operating system drives (which can use a TPM) and BitLocker for removable data drives (BitLocker To Go)

clarifying why option D is incorrect as it describes the former.

3. University of Washington. (n.d.). Encrypt removable drives with BitLocker To Go. UW-IT Connect. Retrieved from https://itconnect.uw.edu/tools-services-support/storage/encryption/bitlocker-to-go/.

Reference Detail: The page states

"BitLocker To Go is a full disk encryption feature... that allows you to encrypt removable storage devices such as USB flash drives and external hard drives." This reinforces that the technology's specific purpose is to protect removable media.

Q: 10

A technician thinks that an application a user downloaded from the internet may not be the legitimate one, even though the name is the same. The technician needs to confirm whether the application is legitimate. Which of the following should the technician do?

Options

Discussion

PriyaQ Feb 16, 2026 12:46 pm

Option D the file name check is a common trap here. Looks like it matches but not enough for legitimacy.

Noah C. Feb 21, 2026 3:15 am

A hash value is the only way to be sure the file's legit and not just renamed.

Rowan D. Feb 15, 2026 1:59 am

A is what CompTIA official guides highlight for this type of question, since comparing the hash directly checks authenticity. If you want to drill more on these, focus on practice labs and the exam objectives.

Ivy Feb 11, 2026 10:15 am

I don’t think D works since a file name alone can be spoofed so easily. A is the only way to really check integrity and authenticity, since hash values are unique per file version. Task Manager (B) or Safe Mode (C) won’t confirm it’s legit, just that it runs or what process ID is in use. Seen this on practice sets too, pretty sure it’s A but open to other thoughts if I missed something!

MayaS Feb 17, 2026 8:17 pm

Hash comparison is the real check here, so it's A. D is a trap since file names can be faked easily. Unless I'm missing some twist, comparing the hash from the vendor is how you'd know for sure if it's legit. Seen this type pop up in other practice sets too. Anyone disagree?

Meera U. Feb 7, 2026 12:18 am

Super clear question, nice one. A is probably best here since matching hash values from the vendor will actually confirm the file’s legit, not just the name or process ID. Pretty sure about this, but welcome any other ideas if I missed something.

CuriousLearner9203 Feb 25, 2026 6:50 am

A is probably right since hashes can't be faked easily, but I'm not 100 percent sure. File name checks (D) are way too basic for real verification.

Jack Feb 6, 2026 3:35 am

Not D, it's got to be A. Hash comparison is the only way to really prove it's the legit file. File names can be faked easily, so that's a common trap. Pretty sure this matches reports from recent practice sets but let me know if you see it differently.

Ivy Feb 16, 2026 1:14 pm

If you're trying to actually confirm authenticity, I think only A (compare the hash) gives real proof. File names and process IDs can be spoofed or changed, so not reliable for legit checks. Hash comparison is what security best practices recommend. Disagree?

Aaron Feb 10, 2026 5:33 am

Probably A, since just checking the file name (D) isn't enough if someone renamed a malicious file. But, if the vendor somehow published a wrong hash or updated the app after download, that could mess it up. Agree?

Be respectful. No spam.

Correct Answer:

Explanation

A cryptographic hash value is a unique digital fingerprint generated from a file. Software vendors often publish the hash values (e.g., MD5, SHA-256) for their legitimate software downloads. By calculating the hash of the downloaded file and comparing it to the official hash provided by the vendor, the technician can definitively verify the file's integrity and authenticity. A matching hash proves the file is the original and has not been tampered with.

Why Incorrect

B. Run Task Manager and compare the process ID: A Process ID (PID) is a temporary identifier assigned by the operating system each time a program runs; it does not verify the authenticity of the underlying file.

C. Run the application in safe mode: Safe mode is an operating system diagnostic state. It does not provide a mechanism to verify the integrity or legitimacy of an individual application file.

D. Verify the file name is correct: The question states the name is already correct. File names are easily spoofed and are not a reliable indicator of a file's authenticity or safety.

References

1. National Institute of Standards and Technology (NIST) Special Publication 800-101 Rev. 1

Guidelines on Mobile Device Forensics. Section 3.3

"Hashing

" describes the use of cryptographic hash functions like SHA-1 and MD5 to generate a unique value for a file

which is used to "ensure the integrity of the data." This principle of integrity verification is directly applicable to verifying a legitimate software download.

2. National Institute of Standards and Technology (NIST) Computer Security Resource Center

Cryptographic Hash Function. The glossary defines a hash function as an algorithm that "can be used to verify the integrity of data." This supports the use of hashing as the correct method for the scenario.

3. MIT OpenCourseWare

6.858 Computer Systems Security

Fall 2014. Lecture 2

"OS Security

" discusses system integrity. The principles covered explain that cryptographic checksums (hashes) are a fundamental mechanism for verifying that software or system files have not been modified by an attacker.

Question 1 of 20 · Page 1 / 2

Premium Access Includes

✓ Quiz Simulator
✓ Exam Mode
✓ Progress Tracking
✓ Question Saving
✓ Flash Cards
✓ Drag & Drops
✓ 3 Months Access
✓ PDF Downloads

Get Premium Access

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE