Master CompTIA 220-1102 Exam with Reliable Practice Questions

Correct : B

Detailed

Since both developer mode and the ability to install apps from unknown sources are enabled, the technician should check for Malicious applications (Option B). Unknown sources can allow unverified apps that may include malware or apps that use excessive background data without the user's knowledge. Checking for malicious apps is essential in this scenario.

Storage cache (Option A) would not typically cause high data usage.

Privacy settings (Option C) control data sharing and permissions but don't directly impact data usage.

Permissions (Option D) might help identify apps using data, but the focus should be on apps that could be malicious.

CompTIA A+ Core 2 Reference:

2.7 - Explain common methods for securing mobile devices, including detecting and preventing malware.

Correct : D

Detailed

The issue could have been avoided if the developer had used Sandbox testing (Option D), which allows new software to be tested in a controlled environment before implementation. This process ensures that the software does not negatively impact system functionality, like stopping access to critical resources such as file servers.

End-user acceptance (Option A) ensures that users approve the software, but it wouldn't prevent the issue.

Staff delegation (Option B) relates to who is responsible but doesn't address testing.

Appropriate scoping (Option C) helps in defining the extent of changes but does not replace testing.

CompTIA A+ Core 2 Reference:

4.2 - Explain basic change management best practices, including testing in a sandbox environment.

Correct : C

Detailed

Cross-site scripting (XSS) (Option C) allows attackers to inject malicious scripts into web pages viewed by users. When the user visits the compromised site, the script runs in the user's browser, potentially allowing the attacker to steal data or perform unauthorized actions. XSS is a common vulnerability in web applications that allows code execution.

DoS (Option A) disrupts services but doesn't involve executing code on a user's device.

Spoofing (Option B) involves impersonating another device or user but doesn't execute code.

SQL injection (Option D) attacks a database and is unrelated to executing code on the user's computer.

CompTIA A+ Core 2 Reference:

2.4 - Explain common social engineering attacks, including XSS.

Correct : D

Detailed

Personally Identifiable Information (PII) (Option D) is protected by government regulations. PII includes sensitive data such as names, addresses, social security numbers, and other information that can identify individuals. Various laws, such as GDPR and HIPAA, mandate the protection of PII.

DRM (Option A) refers to digital rights management, which controls access to digital media.

EULA (Option B) refers to software licensing agreements.

PCI (Option C) relates to payment card industry standards for handling cardholder information but is more specific to payment data than general PII.

CompTIA A+ Core 2 Reference:

4.6 - Explain prohibited content and privacy concepts, including the protection of PII.

Correct : C

Detailed

The next step after isolating the system is to perform a system scan to remove the malware (Option C). Since ransomware is suspected, running a comprehensive malware scan can help identify and remove the malicious software. It is crucial to deal with the active threat before taking further actions.

Scheduling an antivirus scan and system update (Option A) may help, but the immediate concern is identifying and removing the ransomware.

Educating the end user (Option B) is important but should happen after the immediate threat is resolved.

Creating a system restore point (Option D) would not be useful at this point since the system is infected.

CompTIA A+ Core 2 Reference:

2.3 - Detect, remove, and prevent malware, including handling ransomware.