Free CompTIA 220-1202 Practice Questions 2026 - Page 9

Explanation:

✅ Correct Answer: B. Cryptominer

A cryptominer is a type of malware specifically designed to use a computer’s processing power to mine cryptocurrency without the user’s knowledge or permission. Because mining digital coins like Bitcoin or Monero requires significant computational resources, systems infected with cryptomining malware often experience extremely high CPU or GPU usage, system slowdowns, increased heat output, and reduced performance for legitimate tasks. Cryptominers are financially motivated, using the victim’s electricity and hardware to generate profit for the attacker, making this malware type notorious for its high resource consumption.

❌ Why the other options are incorrect:

A. Rootkit → A rootkit hides malicious processes or files and often consumes minimal resources to avoid detection. Its primary goal is stealth, not heavy resource usage.

C. Boot sector virus → This type of virus infects the boot sector of storage devices to load before the operating system, but it generally doesn’t cause sustained high resource usage during normal system operation.

D. Trojan → A Trojan disguises itself as legitimate software but may not inherently consume high resources unless it’s performing specific malicious tasks like data theft or installing other malware.

Explanation:

✅ Correct Answer: A. Event Viewer
When a user experiences a BSOD (Blue Screen of Death) error multiple times a day, the technician should check Event Viewer to help determine the cause. Event Viewer is a built-in Windows tool that logs detailed system events, including critical errors, warnings, and system crashes. It records information like the error codes, faulting drivers, and timestamps, which can be essential for diagnosing why the BSODs are occurring. Reviewing the System logs or the Windows Logs > System section in Event Viewer helps the technician pinpoint patterns or specific errors leading to the crashes, making it the most effective first step for troubleshooting frequent BSODs.

❌ Why the other options are incorrect:

B. Performance Monitor → Useful for tracking system performance metrics like CPU, memory, and disk usage but not ideal for identifying the root cause of BSODs.

C. System Information → Provides detailed hardware and system configuration data but does not record or display crash details or error logs.

D. Device Manager → Helps check hardware devices and driver status but doesn’t show historical logs of crashes or detailed BSOD error reports.

Explanation:

✅ Correct Answer: B. To securely establish a console session
By installing an SSH client on a workstation, the help desk technician can securely establish a console session to remote servers. SSH (Secure Shell) is a cryptographic network protocol used for securely accessing and managing devices over an unsecured network. It encrypts all data transmitted between the client and server, protecting login credentials, commands, and output from eavesdropping or tampering. This makes SSH the preferred method for remotely managing servers, performing administrative tasks, and troubleshooting systems via command-line interfaces.

❌ Why the other options are incorrect:

A. To utilize an SSO connection → Single Sign-On (SSO) allows users to log in once and access multiple systems without reentering credentials, but it’s not the primary purpose of SSH.

C. To encrypt and decrypt protected messages → SSH does encrypt data in transit, but it’s primarily for secure remote access, not general-purpose message encryption.

D. To facilitate device log reviews → While an SSH session could be used to view logs on a remote system, facilitating log reviews isn’t the fundamental purpose of installing an SSH client—it’s the secure remote connection itself.

Explanation:

✅ Correct Answer: B. VNC (Virtual Network Computing)
When a technician needs to provide remote support for a legacy Linux-based operating system and must both see the user’s screen and interact with their session, the best solution is VNC (Virtual Network Computing). VNC allows full graphical remote control, enabling the technician to view the desktop environment in real time and move the mouse, type commands, or run applications as though they were physically at the machine. It works cross-platform, making it ideal for connecting from a Windows laptop to a Linux system, especially older systems that may not support newer protocols like RDP.

❌ Why the other options are incorrect:

A. VPN → Provides a secure tunnel between networks but doesn’t itself enable viewing or controlling a user’s screen. It’s a network connection method, not a remote control tool.

C. SSH → Allows secure command-line access but does not provide a graphical session or screen sharing necessary for watching or interacting with a user’s desktop session.

D. RDP (Remote Desktop Protocol) → Primarily used for connecting to Windows systems. While there are some RDP servers for Linux, they may not be compatible with legacy systems, and RDP often initiates a new session rather than sharing an existing one.

Explanation:

✅ Correct Answer: C. Check boot options
When a computer that previously worked starts displaying an OS Not Found error, the first thing a technician should do is check the boot options in the BIOS or UEFI settings. Sometimes, the boot order can change due to BIOS resets, firmware updates, or accidental changes, causing the system to try to boot from devices like USB drives or network cards instead of the primary hard disk. Ensuring that the internal hard drive or SSD is listed as the first boot device helps the system locate the operating system and start properly. This is a safe, non-destructive first step before attempting more invasive procedures.

❌ Why the other options are incorrect:

A. Run data recovery tools on the disk → Useful if the disk has failed, but first the technician should confirm that the system is actually attempting to boot from the correct disk.

B. Partition the disk using the GPT format → Repartitioning the disk would erase data, which is unnecessary unless the drive is confirmed to be unconfigured or corrupted beyond repair.

D. Switch from UEFI to BIOS → Changing the boot mode could cause more issues, especially if the OS was installed in a specific mode. It’s not the first step unless there’s evidence that the boot mode is causing the problem.

Explanation:

✅ Correct Answer: C. Potentially unwanted program (PUP)
A potentially unwanted program (PUP) is software that a user may not intend to install because it’s bundled with other applications or disguised within an installation package. Publishers sometimes include undisclosed additional software—such as toolbars, adware, or trialware—in their installers. Users often overlook these extras because they’re hidden in small print or preselected checkboxes during installation. While not always overtly malicious, PUPs can negatively affect system performance, generate unwanted pop-ups, or collect user data, making them undesirable and deceptive.

❌ Why the other options are incorrect:

A. Virus → A virus is malicious code that infects files or programs to replicate and spread, but it’s not specifically about hidden bundled software in legitimate installations.

B. Ransomware → This malware encrypts files and demands payment for decryption but doesn’t typically come bundled secretly with legitimate software installers.

D. Trojan → A Trojan disguises itself as a legitimate application but is inherently malicious. While somewhat similar, it’s not exactly the same as undisclosed bundled software that may not be outright malicious but is unwanted.

Explanation:

Standard operating procedures (SOPs) are documented, step-by-step instructions that help ensure consistent performance of tasks—in this case, how technicians handle support calls and document tickets. Implementing SOPs would require technicians to consistently capture user details, asset tags, and problem descriptions, reducing errors and omissions.

A. Service-level agreements (SLAs) define response or resolution times but don’t guide how to document tickets.

B. Call categories help classify issues but don’t dictate documentation practices.

D. Knowledge base articles help solve issues but don’t enforce ticket documentation standards.

Reference:
CompTIA A+ Core 2 Objectives (220-1102), Domain 4.0 Operational Procedures
CompTIA A+ Official Study Guide (Exam 220-1102), “Documentation and SOPs”

Explanation:

Mobile Device Management (MDM) is software used by organizations to secure and manage mobile devices. MDM can detect when a device has been rooted or jailbroken, which means the user has bypassed built-in security restrictions to install unauthorized apps or gain deeper system access. This is a major security risk, as rooted devices are more vulnerable to malware and data leaks. MDM allows administrators to block such devices from connecting to corporate networks or accessing company data.

By enforcing security policies through MDM, companies ensure that only trusted, compliant devices are allowed to operate in their environment. This reduces the risk of data breaches and maintains the security of sensitive business information. MDM tools can also remotely wipe data, enforce encryption, and deploy security updates to devices. That’s why MDM is the best option to prevent rooted devices from accessing the corporate network.

Wrong Answers

B. Encryption

Encryption secures the data stored on a device or transmitted over networks by converting it into unreadable text that can only be decrypted with the correct key. While it’s essential for protecting confidential information, encryption does not stop a rooted device from attempting to connect to the corporate network. Even if data is encrypted, a rooted phone could still be used to bypass security controls or run malicious software that could compromise systems.

Encryption is a valuable security tool, but it addresses data privacy rather than device compliance or network access control. It’s not a method for detecting or blocking unauthorized device modifications like rooting or jailbreaking. For that purpose, companies need a management tool that actively monitors device health and security posture, which encryption alone cannot provide.

C. Geofencing

Geofencing is a technology that uses GPS or other location data to define virtual geographic boundaries. It can trigger actions when a device enters or leaves a specific area—for example, limiting app usage or sending alerts. However, geofencing does not monitor device security status or detect rooting. A rooted phone could still connect to the network regardless of where it’s physically located if no other protections are in place.

Geofencing is useful for controlling device behavior based on location—for instance, disabling cameras in secure facilities—but it’s unrelated to detecting device integrity or preventing compromised devices from accessing corporate systems. Therefore, it’s not the right solution for blocking rooted phones.

D. Lock screen

A lock screen protects the device from unauthorized local access by requiring a PIN, password, or biometric method to unlock it. This is crucial for preventing someone from picking up a lost phone and accessing its data. However, a lock screen has no impact on whether a rooted device can connect to a network or use corporate resources.

Even with a lock screen, a rooted phone remains a security risk because its operating system has been altered, potentially bypassing security measures and exposing sensitive data or apps. While a lock screen is an important physical security measure, it doesn’t address the core problem of preventing rooted devices from connecting to corporate systems.

Explanation:

Device encryption protects data on a smartphone by converting it into unreadable code that can only be unlocked with the proper credentials, such as a password, PIN, or biometric scan. Even if someone physically steals the phone and tries to access its storage directly, they won’t be able to read the data without decrypting it. This is especially important for travelers who risk losing their devices in airports, hotels, or foreign cities.

Enabling biometrics adds another layer of protection for quick access, but encryption ensures the data itself remains safe if the device is compromised. Together, biometrics and encryption provide strong security for sensitive personal or business information stored on the phone.

Wrong Answers

A. Remote backups
Remote backups save your data to the cloud so it can be recovered if your phone is lost, stolen, or damaged. While backups are important for data recovery, they don’t directly protect the contents of the device itself from unauthorized access. A thief could still access data stored locally on the device if it’s not encrypted or otherwise secured. Backups help with data loss, not data theft prevention.

B. Location tracking
Location tracking helps you find a lost or stolen phone by showing its physical location on a map. It’s useful for trying to recover a missing device, but it doesn’t stop someone from accessing your data if they have physical possession of the phone. Location tracking alone doesn’t protect the device’s contents from unauthorized viewing.

C. PIN code screen lock
A PIN code adds security by preventing unauthorized users from unlocking the phone. However, if the data on the phone is not encrypted, it might still be possible for someone to bypass the lock and extract data directly from the storage using specialized tools. Encryption is stronger because it protects the actual data itself, not just access to the phone’s interface. A PIN is good security practice, but encryption provides deeper protection for data at rest.

Explanation:

Virtualization allows you to run an older operating system inside a virtual machine (VM) on a modern host system. This is ideal when you have legacy applications that won’t work on newer OS versions. The VM acts like a separate computer, isolating the outdated OS from the rest of the system and reducing security risks. It’s the most efficient way to keep the legacy app accessible while migrating the user’s main environment to the latest OS.

For example, the company can upgrade all desktops to Windows 11, but install a virtual machine running the older OS just for the legacy app. This avoids dual-boot complexity and keeps everything secure and manageable.

Wrong Answers

A. Terminal server
Terminal servers let users access applications hosted on a central server. However, this doesn’t solve the problem if the legacy app still requires an older OS to run. The company would need to maintain an old OS on the terminal server, which raises the same security concerns.

B. Bare-metal server
A bare-metal server runs the operating system directly on hardware without virtualization. Setting up a separate physical machine just for one legacy app is costly, inefficient, and harder to maintain. Virtualization is more practical and cost-effective.

C. Multiboot
Multiboot allows a computer to boot into different operating systems one at a time. While it can support a legacy OS, it’s inconvenient because the user would have to reboot every time they need to switch environments. It also exposes the system to security risks if the older OS connects to the network. Virtualization allows simultaneous use without constant reboots.