Practice Exams:

CompTIA 220-1102 Exam Dumps & Practice Test Questions

Question 1:

A help desk supervisor reports that technicians are unable to log into a Linux server used for accessing various tools. When the systems administrator attempts to connect using a remote desktop session, the graphical interface crashes. 

Which of the following methods would be the best way to troubleshoot this server issue?

A SFTP
B SSH
C VNC
D MSRA

Answer: B

Explanation:

In this situation, the key challenge is that technicians cannot log into the Linux server, and the administrator’s attempt to access it remotely through a graphical interface results in a crash. Since the Linux server’s GUI is unstable or nonfunctional, relying on graphical tools to troubleshoot will not be effective. The focus must be on accessing the server through a method that bypasses the GUI entirely.

Let’s evaluate the options:

  • SFTP (Secure File Transfer Protocol) allows secure file transfers over an encrypted channel but does not provide command-line access or real-time control over the server’s processes. It is limited to file management and cannot be used to diagnose or fix system-level issues.

  • SSH (Secure Shell) is a network protocol designed for secure remote command-line access. It enables administrators to connect to the server’s terminal directly, unaffected by GUI problems. Through SSH, the administrator can run diagnostic commands, review system logs, check process statuses, and perform configuration changes to troubleshoot and resolve the GUI crash or other server issues. SSH is widely considered the fundamental tool for managing Linux servers, especially when the graphical environment fails.

  • VNC (Virtual Network Computing) offers remote graphical desktop access, similar to remote desktop protocols on Windows. However, since the problem involves the GUI crashing, VNC will face the same issues because it depends on the graphical desktop to be operational.

  • MSRA (Microsoft Remote Assistance) is a Windows-specific remote support tool and does not support Linux environments, making it irrelevant here.

Therefore, SSH is the most effective option, providing secure command-line access and complete control for troubleshooting, even when the GUI is down. It is essential for Linux server management and bypasses any dependency on the graphical interface, making it the ideal choice for resolving such issues.

Question 2:

An organization needs to securely erase data from hard drives previously used by employees before reusing the drives. 

Which method offers the highest level of security for erasing all existing data?

A Reinstalling Windows
B Performing a quick format
C Using disk-wiping software
D Deleting all files via the command-line interface

Answer: C

Explanation:

When reusing hard drives that previously stored sensitive or personal data, it is critical to ensure that all information is permanently erased to prevent unauthorized recovery. Simply deleting files or reinstalling an operating system does not guarantee that data is unrecoverable. Each option offers a different level of data sanitization, so choosing the most secure method is essential.

  • Reinstalling Windows might overwrite some parts of the disk associated with the operating system, but it does not guarantee full removal of data on the entire drive. Important data fragments outside of the OS partition or unused disk sectors may remain intact and vulnerable to recovery with forensic tools. Thus, reinstalling the OS alone is insufficient for secure data deletion.

  • Performing a quick format clears the file system’s index and marks the disk space as available for new data, but it does not overwrite the existing data sectors. This means the original data remains physically present on the disk until overwritten by new data. Data recovery tools can easily retrieve information after a quick format, so it is not secure.

  • Using disk-wiping software is the most secure approach. Such tools overwrite the entire drive multiple times with random patterns of data, effectively destroying any trace of previous files. Programs like DBAN (Darik’s Boot and Nuke) perform multiple passes to ensure data cannot be reconstructed by any known recovery techniques. This method complies with industry standards for secure data destruction and protects sensitive information from being recovered.

  • Deleting files via the command line simply removes file pointers, but the actual data remains intact on the disk. Like quick formatting, this leaves data vulnerable to recovery.

In conclusion, disk-wiping software is the best choice because it thoroughly and securely erases all data, making recovery impossible. This method is critical for organizations that need to protect confidential or personal information when repurposing hard drives.

Question 3:

A user recently downloaded and installed a new app from the vendor's website on their smartphone, claiming to improve its performance. Since then, the user has observed unusually high network activity and keeps receiving security alerts about potential threats. 

What should the technician do first to address this problem?

A. Reset the phone to factory settings.
B. Uninstall the fraudulent application.
C. Increase the data plan limits.
D. Disable the mobile hotspot.

Correct Answer: B

Explanation:

When a newly installed app causes high network utilization and triggers security warnings, it often signals the presence of a malicious or fraudulent application. The fact that the app was downloaded directly from the vendor’s website, rather than a trusted app store, raises suspicion about its legitimacy. The immediate priority is to stop the source of the problem without causing unnecessary harm or data loss.

Uninstalling the suspicious application is the best initial step because it directly removes the likely cause of the excessive network use and security alerts. This approach is minimally disruptive and targets the root cause, allowing the technician to further verify the device’s safety after removing the threat.

Resetting the phone to factory settings (Option A) would indeed eliminate all apps and data, including the malicious one, but this is a drastic measure that results in significant data loss and inconvenience for the user. Since the issue appears isolated to the new app, uninstalling it first is a more reasonable and less invasive solution.

Increasing the data plan limits (Option C) does not address the core issue; it simply allows for more data usage but does not stop the malicious activity or security risks. Similarly, disabling the mobile hotspot (Option D) might temporarily limit some network activity but does nothing to remove the threat or stop the app’s operation on the phone itself.

After uninstalling the app, the technician should run a full security scan to detect any residual malware or threats left behind by the app. Monitoring data usage and network activity after removal will confirm whether the issue has been resolved. If problems persist, further steps like a factory reset can be considered. This stepwise approach minimizes disruption while effectively addressing the security concerns.

Question 4:

After a Change Advisory Board (CAB) approves a change request in an organization's change management workflow, what is the most likely next step to proceed with the process?

A. Obtain end user acceptance.
B. Perform risk analysis.
C. Communicate to stakeholders.
D. Conduct sandbox testing.

Correct Answer: C

Explanation:

Once the Change Advisory Board (CAB) grants final approval for a change request, the very next step is to inform all relevant stakeholders about the upcoming change. This communication ensures that everyone affected—such as IT teams, department managers, end users, and sometimes external partners—is aware of the change, understands its scope, timeline, and potential impact on daily operations. Effective communication is critical to prepare the organization for smooth implementation and to avoid surprises or disruptions.

Risk analysis (Option B) is typically done prior to CAB approval to evaluate the change’s potential impacts and hazards. Performing it after approval would be too late to influence decision-making. Sandbox testing (Option D) to validate the change in a controlled environment also happens before CAB approval to ensure the change is safe to implement.

End user acceptance (Option A) usually occurs after the change is implemented or tested in a staging environment to confirm it meets user requirements. It is not the immediate step following CAB approval.

The communication should be detailed and timely, covering the purpose of the change, its scope, expected effects on systems or processes, and any required actions from stakeholders. This transparency helps reduce resistance and prepares users for the change, increasing the chance of successful adoption. After communication, the organization proceeds with implementing the change, monitoring its effects, and performing post-implementation reviews. This structured approach reduces risks and enhances overall change management effectiveness.

Question 5:

A user contacts the help desk because none of their PC files can be opened. They also report that a desktop program demands payment to unlock file access. After investigation, a technician confirms the PC is infected with ransomware. 

What should the technician do first to limit the ransomware’s impact?

A. Scan and remove the malware.
B. Schedule automated malware scans.
C. Quarantine the system.
D. Disable System Restore.

Correct Answer: C

Explanation:

Ransomware is malicious software designed to encrypt files and demand payment for their release. The first priority when dealing with ransomware is to contain the threat and prevent it from spreading to other devices on the network. This is best achieved by quarantining the infected system—physically or logically isolating it from the network by disconnecting wired and wireless connections.

Quarantining the system (Option C) stops the ransomware from propagating and encrypting additional files on shared drives or networked computers. It also protects the broader network from being compromised while the technician plans remediation steps.

Scanning and removing malware (Option A) is important but should come only after the system is isolated. Without quarantine, attempts to clean the system could inadvertently allow ransomware to spread or cause more damage. Automated scans (Option B) are a good preventive measure but insufficient as an immediate response to an active ransomware infection. Disabling System Restore (Option D) can be useful to prevent ransomware from hiding in restore points, but it is not the urgent first step. The main concern is containment before remediation.

Once the system is quarantined, the technician can safely scan, remove the ransomware, restore files from backups if available, and strengthen defenses to prevent recurrence. Immediate isolation prevents further data loss and limits the infection’s reach, making quarantining the correct initial action in handling ransomware infections.

Question 6:

A company plans to distribute smartphones to its employees and wants to ensure that sensitive information stored on these devices is protected if a phone is lost or stolen. The company needs a solution that allows remote management and security of the devices in such cases.

Which option provides the most effective way to secure smartphone data in the event the devices are lost or stolen?

A. Anti-malware
B. Remote wipe
C. Locator applications
D. Screen lock

Answer: B

Explanation:

When a business issues smartphones to its workforce, protecting the confidential data on those devices becomes a top priority. These devices often hold a variety of sensitive information such as company emails, contacts, login credentials, and proprietary documents. If a device is lost or stolen, the risk of unauthorized access to this sensitive data increases significantly, potentially leading to data breaches or regulatory compliance issues.

The best solution in this scenario is a remote wipe, which allows the organization’s IT administrators to remotely erase all the data on a compromised device. This action ensures that no sensitive information remains accessible on the smartphone, even if it falls into the wrong hands. Remote wipe capabilities are generally provided through mobile device management (MDM) or enterprise mobility management (EMM) tools, which offer centralized control over company-issued devices.

Key advantages of remote wipe include the ability to permanently delete emails, documents, contacts, application data, and any other confidential information stored on the device. This not only prevents data leaks but also helps companies comply with data protection regulations like GDPR and HIPAA, which mandate safeguards for personal and corporate data.

The other options, while important in their own right, are less effective in this particular context. Anti-malware software protects against software threats but does not secure data if the device is physically lost. Locator applications can help find the device’s location but cannot prevent unauthorized data access if the device is unrecoverable. Screen locks prevent immediate unauthorized use but can sometimes be bypassed or reset, leaving data vulnerable.

Additional security measures can complement remote wipe, such as encrypting device storage to make data unreadable without the correct keys, enabling remote lock functions, and regularly backing up data to prevent loss after a wipe.

In conclusion, remote wipe is the most comprehensive and effective solution to protect sensitive smartphone data if the device is lost or stolen, minimizing risk and ensuring corporate data security.

Question 7:

A user complains about receiving random advertisement notifications in the Windows 10 Action Center, which seem to originate from a web browser. What is the best course of action for a technician to resolve this issue?

A. Disable the browser from sending notifications to the Action Center
B. Run a full antivirus scan on the computer
C. Disable all notifications in the Action Center
D. Change specific site notifications from Allowed to Block

Answer: D

Explanation:

The user’s problem involves unwanted advertisement notifications popping up in the Windows 10 Action Center, with these notifications being sent from the web browser. To effectively resolve this issue, it’s important to understand the source and nature of the notifications and to select a solution that targets the problem without causing unnecessary disruption.

Option D, moving specific site notifications from Allowed to Block, is the best choice because modern browsers like Chrome and Edge allow users to control notifications on a per-website basis. Typically, unwanted ads come from sites that the user might have previously allowed to send notifications—sometimes unknowingly. By blocking notifications from these specific websites, the user stops receiving unwanted ads while still allowing notifications from trusted sites such as news outlets or social media platforms.

Option A, disabling all browser notifications, would be a broad solution that blocks every notification from the browser, including those that are useful or important. This approach is unnecessarily restrictive and deprives the user of beneficial alerts.

Option B, running a full antivirus scan, is generally a good practice but does not directly address the root cause here. Since these notifications are more likely related to browser settings and permissions rather than a malware infection, a scan might not resolve the issue. Although scanning is advisable if malware is suspected, it is not the most immediate or effective step in this case.

Option C, disabling all Action Center notifications, is an extreme approach. It would block every system notification, including critical security alerts, system updates, and reminders, which could negatively impact the user’s experience and system health.

Therefore, the best and most targeted solution is Option D, where specific unwanted site notifications are blocked, preserving overall notification functionality and providing a user-friendly resolution. This approach directly tackles the source of the problem without collateral disruption.

Question 8:

A help desk technician is troubleshooting a workstation in a Small Office/Home Office (SOHO) environment. The system is operating above normal baseline levels, and upon investigation, the technician finds an unknown executable running with a randomly generated filename. After terminating this process, the system returns to normal. Although the technician suspects the file is malicious, antivirus software does not detect any threat. The technician now worries that other workstations on the network could be infected by the same unknown virus. 

What is the MOST effective method to check other machines on the network for this unknown threat?

A. Run a startup script that removes files by name.
B. Provide a sample to the antivirus vendor.
C. Manually check each machine.
D. Monitor outbound network traffic.

Answer: D

Explanation:

In situations where an unknown malicious executable is found on a workstation and antivirus software fails to detect it, the technician must use a strategy that can effectively identify infections across the entire network. Since the threat is unknown, signature-based antivirus tools are not reliable at this point, so alternative detection methods must be prioritized.

Monitoring outbound network traffic (Option D) is the most effective approach in this case. Malicious programs often try to communicate with external command and control servers, attempt data exfiltration, or spread laterally through the network. By analyzing outbound connections, unusual or suspicious traffic can be spotted, such as communication with unfamiliar IP addresses, irregular protocols, or unusual spikes in data flow. Tools like Intrusion Detection Systems (IDS) or network monitoring solutions can detect these anomalies and alert administrators to compromised devices.

Option A — running a startup script to remove files by name — is unreliable here because the malicious executable uses a random filename. This method could miss variants or renamed instances of the malware and is reactive rather than preventive.

Option B — submitting a sample to the antivirus vendor — is helpful in the long term to improve detection, but it does not provide an immediate way to find infected machines on the network. Waiting for updates could leave systems vulnerable in the meantime.

Option C — manually inspecting each machine — is labor-intensive and inefficient, especially for networks larger than a handful of devices. Moreover, manual checks might miss stealthy malware that avoids detection through obfuscation or dormancy.

In addition to monitoring outbound traffic, a comprehensive response could involve deploying Endpoint Detection and Response (EDR) tools to catch suspicious behaviors and ensuring all systems are updated and patched to prevent exploitation. However, for immediate detection of unknown threats across a network, monitoring outbound traffic remains the best practical approach. This proactive measure allows the technician to spot infected machines communicating suspiciously before a formal signature or update is available from antivirus vendors.

Question 9:

A user reports that their Windows 10 computer is running very slowly, and they notice frequent system crashes.

Which of the following steps should a technician take FIRST to troubleshoot this performance issue?

A Run a full antivirus scan to check for malware infections
B Reinstall the operating system to fix corrupted files
C Disable unnecessary startup programs using Task Manager
D Upgrade the system RAM to improve performance

Answer: A

Explanation:

When a Windows system experiences slow performance and crashes, one of the most common causes is malware infection. Running a full antivirus scan is typically the first troubleshooting step to detect and remove any malicious software that could be using system resources or causing instability. Malware can heavily affect system responsiveness and cause unexpected behavior, including crashes.

Other options, while potentially helpful, are secondary or more invasive actions:

  • Reinstalling the OS (Option B) is a last resort after other troubleshooting fails, as it is time-consuming and leads to data loss if not backed up properly.

  • Disabling startup programs (Option C) can improve boot time and performance but may not resolve crashes caused by malware or system corruption.

  • Upgrading RAM (Option D) improves system performance if hardware bottlenecks exist but does not address software-related issues or crashes.

Thus, the technician should start with the least invasive and most targeted approach — scanning for malware — before moving on to hardware or system reinstall solutions.

Question 10:


Which of the following Windows features allows a user to revert their system files and settings to a previous state without affecting personal files?

A System Restore
B Reset This PC
C File History
D Disk Cleanup

Answer: A

Explanation:

System Restore is a Windows feature designed to roll back system files, installed applications, and system settings to a previous restore point. This can fix problems caused by recent changes without affecting personal documents, pictures, or other user data. It is especially useful when system stability issues arise after installing updates or software.

  • Reset This PC (Option B) reinstalls Windows and can remove apps and settings, optionally preserving personal files, but it is more disruptive than System Restore.

  • File History (Option C) is a backup tool that saves copies of personal files to external drives but does not affect system files or settings.

  • Disk Cleanup (Option D) helps free up disk space by deleting temporary files but does not revert system configurations.

Hence, for quickly resolving system errors without data loss, System Restore is the appropriate choice.

How to open VCE Files

Use VCE Exam Simulator to open VCE files

Avanset VCE Simulator
Sign Up Learn More Full Version

Top CompTIA Certifications

CASP Exams CompTIA A+ Exams CompTIA Cloud+ Exams CompTIA CySA+ Exams CompTIA IT Fundamentals Exams CompTIA Linux+ Exams CompTIA Network+ Exams CompTIA PenTest+ Exams CompTIA Project+ Exams CompTIA Security+ Exams CompTIA SecurityX Exams

Top CompTIA Certification Exams

Site Search:

 

VISA, MasterCard, AmericanExpress, UnionPay

SPECIAL OFFER: GET 10% OFF

ExamCollection Premium

ExamCollection Premium Files

Pass your Exam with ExamCollection's PREMIUM files!

  • ExamCollection Certified Safe Files
  • Guaranteed to have ACTUAL Exam Questions
  • Up-to-Date Exam Study Material - Verified by Experts
  • Instant Downloads
Enter Your Email Address to Receive Your 10% Off Discount Code
A Confirmation Link will be sent to this email address to verify your login
We value your privacy. We will not rent or sell your email address

SPECIAL OFFER: GET 10% OFF

Use Discount Code:

MIN10OFF

A confirmation link was sent to your e-mail.
Please check your mailbox for a message from support@examcollection.com and follow the directions.

Next

Download Free Demo of VCE Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.

Simply submit your e-mail address below to get started with our interactive software demo of your free trial.

Free Demo Limits: In the demo version you will be able to access only first 5 questions from exam.