Try our new practice tests feature: configure your own test including the number of questions, objectives and time limits
The CompTIA 220-902 exam is one of two exams requires to obtain the CompTIA A+ (900 series). This exam will cover operating systems like Windows, Macintosh OSX and Linux as well as topics like security, software troubleshooting and operational procedures.
What type of policy would allow Stacy to use her iPad during meetings for email, taking notes, and accessing the company's intranet?
BYOD (Bring your own device) is the correct answer. MITM is a type of attack. Embedded systems are systems that serve a specific purpose and are part of a larger system, thus this is not correct. iCloud is a storage/synchronization service offered by Apple.
Bring your own device (BYOD )—also called bring your own technology (BYOT), bring your own phone (BYOP), and bring your own personal computer (BYOPC)—refers to being allowed to use one's personally owned device, rather than being required to use an officially provided device. There are two major contexts in which this term is used. One is in the mobile phone industry, where it refers to carriers allowing customers to activate their existing phone (or other cellular device) on the network, rather than being forced to buy a new device from the carrier.The other, and the main focus of this article, is in the workplace, where it refers to a policy of permitting employees to bring personally owned devices (laptops, tablets, smartphones, etc.) to work, and to use those devices to access privileged company information and applications. This phenomenon is commonly referred to as IT consumerization.BYOD is making significant inroads in the business world, with about 75% of employees in high-growth markets such as Brazil and Russia and 44% in developed markets already using their own technology at work. Surveys have indicated that businesses are unable to stop employees from bringing personal devices into the workplace. Research is divided on benefits. One survey shows around 95% of employees stating they use at least one personal device for work.Bring_your_own_device - Wikipedia, the free encyclopedia
Mike has brought his personal laptop running Windows 7 from home for use on the office network, which utilizes Active Directory. He is unable to access company resources, to include the sharedrive, intranet (SharePoint), and printer. He states "these are automatic for my work machine and Sarah's personal laptop." What is something you can do that would get Mike access to these resources?
Mike's computer likely needs to be joined to the domain, as it is network running AD and the features would be enabled/supported through AD. Workgroups do not usually share the features that Mike is looking for, and since it is an AD network this is likely not a correct answer. This is not likely against the company's BYOD policy as Sarah is doing the same thing, but it is best to know what your company's policies are. Windows Update is for updating the OS/Software, not adding the features Mike is looking for.
Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was used only for centralized domain management. However, Active Directory eventually became an umbrella title for a broad range of directory-based identity-related services.A server running the Active Directory Domain Service (AD DS) role is called a domain controller. It authenticates and authorizes all users and computers in a Windows domain type network, assigning and enforcing security policies for all computers, and installing or updating software. For example, when a user logs into a computer that is part of a Windows domain, Active Directory checks the submitted username and password and determines whether the user is a system administrator or normal user. Also, it allows management and storage of information, provides authentication and authorization mechanisms and establishes a framework to deploy other related services: Certificate Services, Active Directory Federation Services, Lightweight Directory Services, and Rights Management Services.Active Directory uses Lightweight Directory Access Protocol (LDAP) versions 2 and 3, Microsoft's version of Kerberos, and DNS.Active_Directory - Wikipedia, the free encyclopedia
You are formatting a new USB drive to be used between several systems running different operating systems (Windows, OSX, Linux). What is the best format to use for the USB drive?
FAT32 is an older format that is supported on most systems, and is the best option provided. NTFS may cause issues between systems and OSs. HFS+ is the native OSX format and is not natively supported by some OSs (to include Windows). AES-128 is an encryption standard.
File Allocation Table (FAT) is a file system developed for personal computers. Originally developed in 1977 for use on floppy disks, it was adapted for use on hard disks and other devices. It is often supported for compatibility reasons by current operating systems for personal computers and many mobile devices and embedded systems, allowing interchange of data between disparate systems. The increase in disk drives capacity required three major variants: FAT12, FAT16 and FAT32. The FAT standard has also been expanded in other ways while generally preserving backward compatibility with existing software. FAT is no longer the default file system for Microsoft Windows computers.FAT file systems are still commonly found on floppy disks, flash and other solid-state memory cards and modules (including USB flash drives), as well as many portable and embedded devices. FAT is the standard file system for digital cameras per the DCF specification.File_Allocation_Table - Wikipedia, the free encyclopedia
You are passed a trouble ticket about an issue involving a Windows 7 system that should allow remote connections. The previous tech said the RDP service is not set to start automatically. How do you fix this?
SERVICES.MSC is where you change the startup configurations for services in Windows. DXDIAG is a tool for troubleshooting DirectX sound/video issues. Port 3389 is the port for RDP, but the port being blocked was not the issue. Adding the RDP gateway to an adapter is a made up answer.
Remote Desktop Services (RDS), known as Terminal Services in Windows Server 2008 and earlier, is one of the components of Microsoft Windows that allow a user to take control of a remote computer or virtual machine over a network connection. RDS is Microsoft's implementation of thin client architecture, where Windows software, and the entire desktop of the computer running RDS, are made accessible to any remote client machine that supports Remote Desktop Protocol (RDP). User interfaces are displayed from the server onto the client system and input from the client system is transmitted to the server - where software execution takes place. This is in contrast to application streaming systems, like Microsoft App-V, in which computer programs are streamed to the client on-demand and executed on the client machine. RemoteFX was added to RDS as part of Windows Server 2008 R2 Service Pack 1.Remote_Desktop_Services - Wikipedia, the free encyclopedia
Your employer wants you to recommend a cloud service that will allow the IT department to deploy web applications without having to configure physical equipment or operating systems. What type of service is he talking about?
PaaS provide high level services like web and database servers without allowing access to the underlying operating system (Azure and Amazon web services are two examples of this). SaaS provides a software or application that is shared among all users (no dedicated server for your company, think Google Docs or Office 365). IaaS provides lower level services such as networking and a hypervisor, the OS would need to be installed and built up. (Azure, Amazon and many other providers exist for IaaS). iCloud is proprietary to Apple and is more of a filesharing/synchronization service.
Platform as a service (PaaS) or application platform as a service (aPaaS) or platform-based service is a category of cloud computing services that allows customers to provision, instantiate, run, and manage a modular bundle comprising a computing platform and one or more applications, without the complexity of building and maintaining the infrastructure typically associated with developing and launching the application(s); and to allow developers to create, develop, and package such software bundles.Platform_as_a_service - Wikipedia, the free encyclopedia
An unknown device has been found on a SOHO wireless router. Which of the following is BEST to perform to keep this device off the network?
Configuring MAC Filtering will only allow approved MAC Addresses to connect to the router. In addition, proper encryption and security settings should be verified.
In computer networking, MAC Filtering refers to a security access control method whereby the MAC address assigned to each network card is used to determine access to the network. MAC addresses are uniquely assigned to each card, so using MAC filtering on a network permits and denies network access to specific devices through the use of blacklists and whitelists. While the restriction of network access through the use of lists is straightforward, an individual person is not identified by a MAC address, rather a device only, so an authorized person will need to have a whitelist entry for each device that they would like to access the network. While giving a network some additional protection, MAC filtering can be circumvented by using a packet analyzer to find a valid MAC and then using MAC spoofing to access the network using that address. MAC address filtering can be considered as security through obscurity because the effectiveness is based on "the secrecy of the implementation or its components".MAC_filtering - Wikipedia, the free encyclopedia
You show up to work and there is a powered-on laptop on your desk, you co-worker instructs you to make a backup of the user files on the system since the system has been having problems booting. During the process you discover child pornography on the machine, what do you immediately do?
Notifying Law Enforcement (LE) is the safe thing to do, then do not touch anything else on the machine. Making a copy of the drive could disturb forensic artifacts and metadata that would be useful to LE. Alerting management is a big risk, you don't know who the computer belongs to and if they may not report it. Powering the machine off is a big no-no, especially if the system already had problems starting or if encryption is involved.
You have just installed several updates for a Windows 7 system, prior to reaching the login screen the system immediately reboots. How would you try to access the system via its installed OS?
Safe Mode will HOPEFULLY allow you to get into the OS, this is the only answer that allows you to access the INSTALLED OS. Booting from a live CD/USB will load an OS that will likely work, but it will not be the one that is installed. There is no such thing as DEFRAG mode booting, and DEFRAG is used to optimize a file system/storage device. The OS is found but it is running into problems as it loads - checking boot priorities will not solve this.
Safe mode is a diagnostic mode of a computer operating system (OS). It can also refer to a mode of operation by application software. Safe mode is intended to help fix most, if not all, problems within an operating system. It is also widely used for removing rogue security software.Safe_mode - Wikipedia, the free encyclopedia
Stan, the new HR manager, wants everyone in his department to have access to create and delete accounts to streamline the process for getting new hires setup in the system. Why is this not a good idea?
This is a clear violation of the principle of least privilege, and it would likely drive the IT department mad. ACLs do not have anything to do with account creation/deletion. Privacy filters are a physical security mechanism that prevent folks from watching your screen, this it does not apply to this situation. Tailgating is when someone follows an authorized individual into a controlled area, also not applicable here.
In information security, computer science, and other fields, the principle of least privilege (PoLP), also known as the principle of minimal privilege or the principle of least authority, requires that in a particular abstraction layer of a computing environment, every module (such as a process, a user, or a program, depending on the subject) must be able to access only the information and resources that are necessary for its legitimate purpose.Principle_of_least_privilege - Wikipedia, the free encyclopedia
Which of the following should be regularly performed to prevent data loss in the event of data corruption or drive failure?
Of the options, only Scheduled Backups will prevent data loss after corruption or drive failure.
In information technology, a backup, or data backup is a copy of computer data taken and stored elsewhere so that it may be used to restore the original after a data loss event. The verb form, referring to the process of doing so, is "back up", whereas the noun and adjective form is "backup". Backups can be used to recover data after its loss from data deletion or corruption, or to recover data from an earlier time. Backups provide a simple form of disaster recovery; however not all backup systems are able to reconstitute a computer system or other complex configuration such as a computer cluster, active directory server, or database server.A backup system contains at least one copy of all data considered worth saving. The data storage requirements can be large. An information repository model may be used to provide structure to this storage. There are different types of data storage devices used for copying backups of data that is already in secondary storage onto archive files. There are also different ways these devices can be arranged to provide geographic dispersion, data security, and portability. Data is selected, extracted, and manipulated for storage. The process can include methods for dealing with live data, including open files, as well as compression, encryption, and de-duplication. Additional techniques apply to enterprise client-server backup. Backup schemes may include dry runs that validate the reliability of the data being backed up. There are limitations and human factors involved in any backup scheme.Backup - Wikipedia, the free encyclopedia
You recently connected a new Windows 8 machine to your company's network with Active Directory, but it is not displaying the proper company logon screen, legal banner, or wall paper. What tool is best suited for correcting this problem.
"gpupdate" will pull all of the group policy settings from the Domain Controller, which can set uniform legal banners, backgrounds, and security settings for all of the company's systems. "regedit" is for editing the registry, while you can set these options through the registry it would be very tedious and not recommended. "msconfig" is a tool for editing startup, boot, and service options; it is not appropriate for this problem. "chkdsk" is for checking disk/file system integrity.
Group Policy is a feature of the Microsoft Windows NT family of operating systems (including Windows 7, Windows 8.1, Windows 10, Windows 11, and Windows Server 2003+) that controls the working environment of user accounts and computer accounts. Group Policy provides centralized management and configuration of operating systems, applications, and users' settings in an Active Directory environment. A set of Group Policy configurations is called a Group Policy Object (GPO). A version of Group Policy called Local Group Policy (LGPO or LocalGPO) allows Group Policy Object management without Active Directory on standalone computers.Active Directory servers disseminate group policies by listing them in their LDAP directory under objects of class groupPolicyContainer. These refer to fileserver paths (attribute gPCFileSysPath) that store the actual group policy objects, typically in an SMB share \\domain.com\SYSVOL shared by the Active Directory server. If a group policy has registry settings, the associated file share will have a file registry.pol with the registry settings that the client needs to apply.The Policy Editor (gpedit.msc) is not provided on Home versions of Windows XP/Vista/7/8/8.1/10/11.Group_Policy - Wikipedia, the free encyclopedia
A user calls you and asks to reset his password, you confirm that it is actually the user on the phone, and he says his username is bobsmith, you are in a Linux environment. What is the appropriate command for resetting his password?
"sudo passwd bobsmith" will run the passwd utility as a super user and will prompt you to enter a new password for bobsmith. "chown" is used to change file ownership, the syntax provided is also incorrect. "su bobsmith" will allow you to run commands as bobsmith. The "pwd" command shows your Present Working Directory, it has nothing to do with passwords.
passwd is a command on Unix, Plan 9, Inferno, and most Unix-like operating systems used to change a user's password. The password entered by the user is run through a key derivation function to create a hashed version of the new password, which is saved. Only the hashed version is stored; the entered password is not saved for security reasons. When the user logs on, the password entered by the user during the log on process is run through the same key derivation function and the resulting hashed version is compared with the saved version. If the hashes are identical, the entered password is considered to be correct, and the user is authenticated. In theory, it is possible for two different passwords to produce the same hash. However, cryptographic hash functions are designed in such a way that finding any password that produces the same hash is very difficult and practically infeasible, so if the produced hash matches the stored one, the user can be authenticated. The passwd command may be used to change passwords for local accounts, and on most systems, can also be used to change passwords managed in a distributed authentication mechanism such as NIS, Kerberos, or LDAP.Passwd - Wikipedia, the free encyclopedia
An office of 25 computers is interested in employing a file server, network shares, and print server functionality. Which of the following network setups would be BEST suited for this situation?
Only a domain will give you a centralized, controlled network and allow for file servers, print servers, and network shares. These are possible in a workgroup, but will not provide the network control that a business would require.
A computer network is a set of computers sharing resources located on or provided by network nodes. The computers use common communication protocols over digital interconnections to communicate with each other. These interconnections are made up of telecommunication network technologies, based on physically wired, optical, and wireless radio-frequency methods that may be arranged in a variety of network topologies. The nodes of a computer network may include personal computers, servers, networking hardware, or other specialised or general-purpose hosts. They are identified by network addresses, and may have hostnames. Hostnames serve as memorable labels for the nodes, rarely changed after initial assignment. Network addresses serve for locating and identifying the nodes by communication protocols such as the Internet Protocol. Computer networks may be classified by many criteria, including the transmission medium used to carry signals, bandwidth, communications protocols to organize network traffic, the network size, the topology, traffic control mechanism, and organizational intent. Computer networks support many applications and services, such as access to the World Wide Web, digital video, digital audio, shared use of application and storage servers, printers, and fax machines, and use of email and instant messaging applications.Computer network - Wikipedia, the free encyclopedia
In a (Windows) command prompt you type "cd C:\Users\msmith", the output is "Access is denied." How can you overcome this issue.
Running cmd.exe as an admin will give you the elevated privileges to view another user's folder in most instances. "chkdisk" is for checking file system integrity and does not directly deal with file permissions. "chmod" is a Linux tool and will not work on Windows systems. "dir" is used to display the contents of a directory, not change the working directory.
User Account Control (UAC) is a mandatory access control enforcement feature introduced with Microsoft's Windows Vista and Windows Server 2008 operating systems, with a more relaxed version also present in Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows 11. It aims to improve the security of Microsoft Windows by limiting application software to standard user privileges until an administrator authorizes an increase or elevation. In this way, only applications trusted by the user may receive administrative privileges, and malware should be kept from compromising the operating system. In other words, a user account may have administrator privileges assigned to it, but applications that the user runs do not inherit those privileges unless they are approved beforehand or the user explicitly authorizes it. UAC uses Mandatory Integrity Control to isolate running processes with different privileges. To reduce the possibility of lower-privilege applications communicating with higher-privilege ones, another new technology, User Interface Privilege Isolation, is used in conjunction with User Account Control to isolate these processes from each other. One prominent use of this is Internet Explorer 7's "Protected Mode".Operating systems on mainframes and on servers have differentiated between superusers and userland for decades. This had an obvious security component, but also an administrative component, in that it prevented users from accidentally changing system settings. Early Microsoft home operating-systems (such as MS-DOS, Windows 95-98 and Windows Me) did not have a concept of different user-accounts on the same machine. Subsequent versionsUser_Account_Control - Wikipedia, the free encyclopedia
Determine which of these options is a technology used by CPU's to segregate blocks of memory for exclusive use by an application:
No-eXecute (NX) bit is a technology featured in most modern processors that allows the CPU to segregate memory for use by a single application. The memory cannot be accessed by another application which helps to protect memory against malicious software.
The NX bit (no-execute) is a technology used in CPUs to segregate areas of memory for use by either storage of processor instructions (code) or for storage of data, a feature normally only found in Harvard architecture processors. However, the NX bit is being increasingly used in conventional von Neumann architecture processors for security reasons. An operating system with support for the NX bit may mark certain areas of memory as non-executable. The processor will then refuse to execute any code residing in these areas of memory. The general technique, known as executable space protection, also called Write XOR Execute, is used to prevent certain types of malicious software from taking over computers by inserting their code into another program's data storage area and running their own code from within this section; one class of such attacks is known as the buffer overflow attack. The term NX bit originated with Advanced Micro Devices (AMD), as a marketing term. Intel markets the feature as the XD bit (execute disable). The ARM architecture refers to the feature, which was introduced in ARMv6, as XN (execute never). The term NX bit itself is sometimes used to describe similar technologies in other processors.NX_bit - Wikipedia, the free encyclopedia
Which of the following technologies allows a PC to boot an operating system from a separate network location?
Preboot Execution Environment (PXE) is an industry standard protocol that allows a computer to boot an operating system from a network server. It is typically used to configure new PC's, often in bulk.
In computing, the Preboot eXecution Environment, PXE (most often pronounced as pixie, often called PXE Boot/pixie boot.) specification describes a standardized client–server environment that boots a software assembly, retrieved from a network, on PXE-enabled clients. On the client side it requires only a PXE-capable network interface controller (NIC), and uses a small set of industry-standard network protocols such as DHCP and TFTP. The concept behind the PXE originated in the early days of protocols like BOOTP/DHCP/TFTP, and as of 2015 it forms part of the Unified Extensible Firmware Interface (UEFI) standard. In modern data centers, PXE is the most frequent choice for operating system booting, installation and deployment.Preboot_Execution_Environment - Wikipedia, the free encyclopedia
Your surpervisor asks you to come up with ideas for increasing the physical security in a computer lab used for sensitive projects, which of the following would NOT be an acceptable suggestion?
Encryption is not a physical security measure. Anything regarding access control such as a cypher lock is considered physical security. Video cameras/surveillance are also physical security features, as is controlling access with something you have such as a smart card.
Physical security describes security measures that are designed to deny unauthorized access to facilities, equipment and resources and to protect personnel and property from damage or harm (such as espionage, theft, or terrorist attacks) Physical security involves the use of multiple layers of interdependent systems that can include CCTV surveillance, security guards, protective barriers, locks, access control, perimeter intrusion detection, deterrent systems, fire protection, and other systems designed to protect persons and propertyPhysical Security - Wikipedia, the free encyclopedia
You are having trouble with several drivers on your system and want to uninstall them, but can't do it while Windows 8 is running normally. What tool will allow you to boot into Safe Mode?
MSCONFIG allows you to safe boot or boot into Safe Mode. GRUB is a utility usually associated with booting into Linux systems. REGEDIT is used for editing the Windows registry. BIOS/UEFI is used for managing hardware configurations.
MSConfig (officially called System Configuration in Windows Vista, Windows 7, Windows 8 or Windows 10, or Windows 11 and Microsoft System Configuration Utility in previous operating systems) is a system utility to troubleshoot the Microsoft Windows startup process. It can disable or re-enable software, device drivers and Windows services that run at startup, or change boot parameters. It is bundled with all versions of Microsoft Windows operating systems since Windows 98 except Windows 2000. Windows 95 and Windows 2000 users can download the utility as well, although it was not designed for them.MSConfig - Wikipedia, the free encyclopedia
Partitioning is the act of logically separating a single physical disk. Allowing an Operating System to perceive a hard drive as multiple hard drives.
Disk partitioning or disk slicing is the creation of one or more regions on secondary storage, so that each region can be managed separately. These regions are called partitions. It is typically the first step of preparing a newly installed disk, before any file system is created. The disk stores the information about the partitions' locations and sizes in an area known as the partition table that the operating system reads before any other part of the disk. Each partition then appears to the operating system as a distinct "logical" disk that uses part of the actual disk. System administrators use a program called a partition editor to create, resize, delete, and manipulate the partitions. Partitioning allows the use of different filesystems to be installed for different kinds of files. Separating user data from system data can prevent the system partition from becoming full and rendering the system unusable. Partitioning can also make backing up easier. A disadvantage is that it can be difficult to properly size partitions, resulting in having one partition with too much free space and another nearly totally allocated.Disk_partitioning - Wikipedia, the free encyclopedia
Your employer is concerned about zero-day attacks to obtain their intellectual property, what security feature helps mitigate such an attack.
Zero-day exploits (ZDE) are very difficult to defend against since they exploit unpatched vulnerabilities. Firewalls (port blocking, and ACLs) do not typically rely on vulnerability patching to enhance security posture, thus it is the correct answer. Windows Update will not necessarily help against ZDEs as patches are not available yet. Anti-virus (AV) also suffers from solutions not being available, though AV vendors may push out patches quicker than OS vendors. Advanced attackers also work to avoid AV. BIOS/UEFI passwords do not really impact ZDEs.
A zero-day is a computer-software vulnerability either unknown to those who should be interested in its mitigation (including the vendor of the target software) or known and without a patch to correct it. Until the vulnerability is mitigated, hackers can exploit it to adversely affect programs, data, additional computers or a network. An exploit directed at a zero-day is called a zero-day exploit, or zero-day attack. The term "zero-day" originally referred to the number of days since a new piece of software was released to the public, so "zero-day software" was obtained by hacking into a developer's computer before release. Eventually the term was applied to the vulnerabilities that allowed this hacking, and to the number of days that the vendor has had to fix them. Once the vendors learn of the vulnerability, they will usually create patches or advise workarounds to mitigate it. The more recently that the vendor has become aware of the vulnerability, the more likely it is that no fix or mitigation has been developed. Once a fix is developed, the chance of the exploit succeeding decreases as more users apply the fix over time. For zero-day exploits, unless the vulnerability is inadvertently fixed, such as by an unrelated update that happens to fix the vulnerability, the probability that a user has applied a vendor-supplied patch that fixes the problem is zero, so the exploit would remain available. Zero-day attacks are a severe threat.Zero-day_(computing) - Wikipedia, the free encyclopedia
Looks like thats it! You can go back and review your answers or click the button below to grade your test.