CompTIA 220-1202 Practice Test

Explanation:

1. A rogue wireless access point is an unauthorized device set up to broadcast a wireless network, often using the same SSID (network name) as a legitimate network.

2. Users may connect to this rogue network instead of the real one. While they might get internet access, other internal resources (like file shares) are typically unavailable because they’re no longer on the proper corporate network segment.

3. This is a classic security issue covered in CompTIA A+ Core 2 under wireless security threats.

Why the others are incorrect:

A. Unreachable DNS server → would prevent name resolution, but users would still be on the correct network and might be able to reach servers via IP.

B. VLAN misconfiguration → could isolate users from servers, but wouldn’t explain the duplicate SSID from a separate network.

C. Incorrect IP address → could cause connectivity issues but not the presence of a second, unsecured network with the same name.

Explanation:

✅ Email #1 – “Account Locked”

From: ithelpdesk@comptia.co
To: joe@comptia.org
Subject: Account Locked
Suspicious Details:
Sender domain is “.co”, not the corporate domain “.org.”
Urgent language (“detected unusual activity”) is typical phishing
Classification: Phishing
Resolution: Report email to Information Security

✅ Email #2 – “Share Your Feedback”

From: survey@researchco.net
Subject: Share Your Feedback And Get Free Wireless Headphones!
Suspicious Details:
External sender (legitimate surveys typically use internal addresses)
Incentive of a free gift is a common spam technique
Classification: Spam
Resolution: Unsubscribe

✅ Email #3 – “Employee Orientation”

From: Human Resources hr@comptia.org
Subject: Employee Orientation
Suspicious Details: None
Internal sender
Expected onboarding communication
Classification: Legitimate
Resolution: Perform no additional actions

✅ Email #4 – “Security Update”

From: CompTIA Information Security infosec@comptia.org
Subject: Security Update
Suspicious Details:
Attachment: patch1.exe → Highly suspicious. Security patches are rarely distributed as direct .exe attachments via email.
Security updates should come via official channels or internal patch management tools.
Classification: Phishing
Resolution: Report email to Information Security

✅ Email #5 – “Interview”

From: Alex alex@gmail.com
Subject: Interview
Suspicious Details: None
Context matches a recent interview
No suspicious links or attachments
Classification: Legitimate
Resolution: Perform no additional actions

Explanation:

→ Multifactor authentication (MFA) applications, such as Google Authenticator or Authy, frequently generate time-based one-time passwords (TOTP). These numeric codes rely on the smartphone’s internal clock aligning precisely with the time maintained by the authentication server.

→ When someone travels internationally, the device may automatically adjust its time zone or retain an incorrect offset due to network settings or manual changes. This discrepancy disrupts the code generation process, rendering the one-time passwords invalid during login attempts.

→ Investigating and correcting the device’s date, time, and time zone ensures synchronization between the smartphone and the server, restoring proper MFA functionality. Therefore, before reinstalling applications or escalating the issue, technicians should prioritize confirming that the system clock reflects the correct local settings.

Explanation:

Deploying images to 800 devices is a large-scale task that requires speed, consistency, and minimal manual effort.

A network-based remote installation tool (like Windows Deployment Services, SCCM, MDT, or other enterprise deployment solutions) allows IT teams to:

1. Deploy images to multiple machines simultaneously over the network
2. Handle different hardware classes (e.g. drivers for four vendor types) using hardware-specific driver injection
3. Apply custom images based on user groups (e.g. different software for two user types) through task sequences or deployment rules
4. Maintain consistent configurations, reducing human error

This method is highly scalable and far more efficient than copying files manually or imaging each machine one by one.

Why the others are incorrect:

A. Use xcopy to clone the hard drives from one to another
Xcopy is a file copy utility, not suitable for imaging entire disks or deploying OS installations.

B. Use robocopy to move the files to each device
Robocopy can copy files robustly but cannot deploy OS images or handle partitions, boot records, or drivers.

C. Use a local image deployment tool for each device
A local tool requires connecting physical media (USB drives, DVDs) to each machine individually, which is time-consuming and impractical for 800 devices.

Reference:

1. CompTIA A+ Core 2 (220-1102) Objective 1.8: “Given a scenario, deploy and configure imaging tools.”
2. Microsoft Docs – Windows Deployment Services
3. CompTIA A+ Official Study Guide – Deployment strategies

Explanation:

The laptop can reach external websites, meaning:
It has proper network connectivity.
The default gateway and routing are functional.

However, it cannot reach internal websites. This suggests it’s failing to resolve internal domain names (e.g. intranet.company.com).

Internal websites often use private DNS servers that resolve only internal names. If the laptop’s DNS is misconfigured (e.g. pointing only to public DNS like Google 8.8.8.8), internal names cannot be resolved, leading to “Cannot reach this page.”

So the technician should check and configure the correct DNS servers for internal name resolution.

Why the others are incorrect:

A. Subnet mask
Would impact local network communication but wouldn’t explain why external websites work while internal ones don’t.

C. Default gateway
Must be correct because external sites are reachable.

D. DHCP
DHCP might distribute DNS settings, but the issue specifically lies in DNS configuration itself, not the entire DHCP scope.

Explanation:

The clerk wants to access documents on the town hall server from home.

A VPN (Virtual Private Network) creates a secure, encrypted tunnel between the clerk’s home computer and the town hall network.

Once connected, it’s as if the clerk’s device is physically on the town hall network, allowing secure access to internal servers, shared drives, or intranet resources.

VPN is the standard, secure solution for remote work where access to internal resources is required.

Why the others are incorrect:

A. VNC (Virtual Network Computing)
Used for remote desktop control, not for general network access. Less secure unless tunneled through VPN.

B. RDP (Remote Desktop Protocol)
Allows connecting to a Windows desktop session remotely. However, exposing RDP directly over the internet is a security risk unless protected via VPN.

D. SSH (Secure Shell)
Mainly used for securely accessing command-line interfaces on servers, not for accessing general document shares or internal networks.

Explanation:

Once a technician removes malware, the next step isn’t just technical — it’s about prevention. Users often get infected because of risky habits like clicking suspicious links, downloading unknown attachments, or ignoring browser warnings.

Educating the end user helps them recognize phishing attempts, avoid malicious websites, and understand safe browsing practices. This training reduces the chance of reinfection and strengthens overall security awareness in the organization.

While rescanning the system, checking logs, or even reimaging can be important depending on severity, user education is always the essential next step after cleaning up malware.

Reference:
CompTIA A+ Core 2 (220-1102) Objective 2.5: “Given a scenario, use best practices to secure a workstation.”
CompTIA A+ Official Study Guide – Malware removal process (Final Step: Educate the end user)

Explanation:

The symptoms described — rapid battery drain, device overheating, and recent installation of an app from an advertisement — are strong indicators that the mobile device might be infected with malware. Malicious apps often run processes in the background, consuming significant resources, which explains the battery dying quickly and the phone feeling hot even when idle.

The first step a technician should take is to scan the phone for malware. A reputable mobile antivirus or security app can identify and remove malicious applications. This action directly addresses the potential threat and may resolve the performance and overheating issues without further intervention.

Checking for unauthorized device administrators (Option A) is a valid step in some malware scenarios but should be performed after confirming the presence of malware. Contacting the software developer (Option B) is unlikely to help, especially if the app itself is malicious or the developer is untrustworthy. Applying MDM policies (Option D) is good for corporate environments but is not the immediate action needed for malware remediation.

Thus, the first and most logical step is to scan for and remove any malicious software to protect the device and user data.

Explanation:

The workstation can ping the domain controller (192.168.1.10) and reach the internet, which confirms:
The IP address, subnet mask, and gateway are all correctly configured.
There’s no basic network connectivity issue.

However, the error message “domain cannot be found” means the computer cannot locate the domain controller using its domain name. Joining a domain depends on DNS to resolve domain names (like company.local) to the internal IP address of the domain controller.

Currently, the workstation is configured to use:
DNS1 → 8.8.8.8 (Google DNS, external)
DNS2 → 1.1.1.1 (Cloudflare DNS, external)

Neither of these public DNS servers knows anything about internal domain names. As a result, the workstation cannot resolve the domain name to join the domain.

The solution:

Update the workstation’s DNS settings to use the internal DNS server, typically hosted on the domain controller (in this case, likely 192.168.1.10).
Once the correct DNS server is configured, the workstation can resolve the domain name and successfully join the domain.

Why the others are incorrect:

B. Assign a static IP address
The workstation already has an IP address and can communicate with the network. The problem is DNS, not the IP itself.

C. Configure a subnet mask
The subnet mask is correct, as proven by successful pings to the server.

D. Update the default gateway
Internet access works, indicating the gateway is fine. The gateway doesn’t affect internal DNS resolution in this scenario.

Explanation:

The tool lusrmgr.msc stands for Local Users and Groups Manager in Windows.

It allows an administrator to:
Create, rename, or delete local user accounts
Manage group memberships
Set or reset passwords
Adjust other user account properties

To rename the built-in Administrator account:
Open lusrmgr.msc
Navigate to Users
Right-click the Administrator account
Select Rename, and enter the new account name

This is the precise tool designed for managing local user accounts.

Why the others are incorrect:

B. devmgmt.msc
Device Manager, used for managing hardware devices and drivers—not user accounts.

C. gpedit.msc
Group Policy Editor, used for configuring policies on a system, but not for directly renaming user accounts.

D. eventvwr.msc
Event Viewer, used for viewing system logs and events, not for user account management.

Reference:
CompTIA A+ Core 2 (220-1102) Objective 1.7: “Given a scenario, use management tools in Windows.”
Microsoft Docs – Manage Local Users and Groups