CompTIA A+ (Core 1/2) Practice Exam

What the CompTIA A+ (Core 1/2) exam covers

• Mobile Devices and Hardware38 questions
• Networking61 questions
• Hardware and Network Troubleshooting59 questions
• Operating Systems74 questions
• Security68 questions

Free CompTIA A+ (Core 1/2) sample questions

A sample of 10 questions with answers and explanations. Sign up free to practice all 300.

1. Question 1Mobile Devices and Hardware

   Which component temporarily stores data and running programs for fast CPU access (volatile)?

   • ARAM (memory)Correct
   • BThe GPU fan
   • CThe power supply
   • DThe hard drive/SSD
   ✓ Correct answer: A

   RAM (Random Access Memory) is the volatile, high-speed memory that the CPU uses to store actively running programs and data. Because it is semiconductor-based and directly addressable by the processor, RAM delivers access times measured in nanoseconds, enabling the CPU to fetch instructions and operands without waiting for a slower storage device. The word volatile means all data is lost when power is removed, distinguishing RAM from persistent storage like HDDs and SSDs.

   Why the other options are wrong

   • BThe GPU fan is incorrect because it is a cooling component that moves air across the graphics processor; it does not store data or programs at all.
   • CThe power supply is incorrect because it converts AC wall power to regulated DC voltages and distributes power to all components; it performs no data storage function.
   • DThe hard drive/SSD is incorrect because both are non-volatile storage devices that retain data after power-off and are used for long-term file and OS storage, not for the fast, temporary working memory the CPU accesses directly.
2. Question 2Operating Systems

   What is the safest first response if a workstation is suspected to be infected with malware on a network?

   • AShare files from it to others
   • BDisable antivirus
   • CLeave it connected and ignore it
   • Disolate/quarantine it from the network, then investigate and remediateCorrect
   ✓ Correct answer: D

   The first priority when a workstation is suspected of malware infection is containment: disconnecting the machine from the network (both wired and wireless) prevents the malware from spreading laterally to other systems, communicating with its command-and-control (C2) server, exfiltrating data, or encrypting network shares. After isolation, the technician can safely investigate the system offline using antimalware tools, examine running processes and startup entries, collect forensic evidence, and then remediate either by cleaning the infection or reimaging the system. This follows the CompTIA malware removal procedure: identify and quarantine, disable System Restore, remediate, schedule scans, enable System Restore, educate user, document.

   Why the other options are wrong

   • AShare files from it to others is incorrect because sharing files from a potentially infected system would propagate malware to every system that receives those files, turning one incident into a widespread outbreak across the organization.
   • BDisable antivirus is incorrect because antivirus/anti-malware software is one of the primary tools for detecting and removing infections; disabling it while a system is suspected of infection removes the very protection needed to identify and remediate the threat.
   • CLeave it connected and ignore it is incorrect because leaving a suspected infected machine connected to the network while ignoring it allows the malware to continue spreading, communicate with external C2 servers, encrypt additional files in ransomware scenarios, or perform any other malicious activity unimpeded.
3. Question 3NetworkingSelect all that apply

   A gigabit file server transfers data far slower than expected. Which TWO factors should be checked first because they commonly cap throughput? (Choose TWO)

   • AThe wallpaper on the server desktop
   • BThe number of icons on the taskbar
   • CA link negotiated at 100 Mbps instead of 1 Gbps due to a bad cable or duplex mismatchCorrect
   • DCabling rated below the required category (e.g., Cat5 instead of Cat5e/Cat6)Correct
   ✓ Correct answer: C, D

   Gigabit Ethernet requires Cat5e or Cat6 cabling with all 4 pairs functioning correctly and meeting return loss and near-end crosstalk specifications. If the cable has a damaged pair, crimping defect, or excessive noise, the link may auto-negotiate down to 100 Mbps (Fast Ethernet), capping throughput at one-tenth of the intended speed. A half-duplex mismatch (one side at full-duplex, the other at half-duplex) causes severe throughput degradation due to excessive collisions. Cat5 cable (without the 'e') was designed for 100 Mbps and does not reliably support 1 Gbps over typical runs due to inadequate crosstalk rejection specifications.

   Why the other options are wrong

   • AThe wallpaper on the server desktop is incorrect because desktop wallpaper is a graphical image file rendered by the display system; it consumes negligible CPU resources and zero network bandwidth, making it entirely irrelevant to file transfer throughput.
   • BThe number of icons on the taskbar is incorrect because taskbar icons are OS interface elements stored in memory and drawn by the graphics subsystem; they have no effect on network adapter negotiation speed, cabling bandwidth, or any aspect of network file transfer performance.
4. Question 4Operating Systems

   In Linux, which command changes a file's permissions to rwxr-xr-x using octal notation?

   • Achmod 755 fileCorrect
   • Bchmod 644 file
   • Cchmod 777 file
   • Dchown 755 file
   ✓ Correct answer: A

   Linux file permissions are represented in octal notation where each digit represents the sum of read (4), write (2), and execute (1) permissions for owner, group, and others respectively. The permission string rwxr-xr-x translates to: owner has read+write+execute (4+2+1=7), group has read+execute (4+0+1=5), and others have read+execute (4+0+1=5), giving the octal representation 755. chmod 755 applies exactly these permissions to the specified file, commonly used for executable scripts and programs that all users need to execute but only the owner should modify.

   Why the other options are wrong

   • Bchmod 644 file is incorrect because octal 644 translates to rw-r--r--: owner has read+write (4+2=6), group has read-only (4), others have read-only (4); this gives no execute permission to any user and is the standard permission for regular data files like configuration files and documents.
   • Cchmod 777 file is incorrect because octal 777 translates to rwxrwxrwx: all three categories (owner, group, others) have full read, write, and execute permissions; this grants write and execute access to every user on the system and is a serious security misconfiguration for most files.
   • Dchown 755 file is incorrect because chown (change owner) modifies the file's ownership and group assignment, not its permission bits; chown syntax expects a user:group argument (e.g., chown root:root file) rather than an octal number, making chown 755 an incorrect invocation of the wrong command.
5. Question 5Mobile Devices and HardwareSelect all that apply

   You are speccing a virtualization host that will run many VMs. Which TWO hardware design priorities matter MOST for this role? (Choose TWO)

   • AA CPU with many cores and hardware virtualization extensionsCorrect
   • BRGB lighting and a tempered-glass case
   • CA high-end gaming GPU
   • DLarge amounts of ECC RAMCorrect
   ✓ Correct answer: A, D

   A virtualization host runs multiple VMs simultaneously, and each VM is allocated vCPUs that map to physical CPU cores; a CPU with many cores (and hardware virtualization extensions such as Intel VT-x or AMD-V, plus IOMMU/VT-d for device passthrough) allows the hypervisor to schedule more VMs concurrently without CPU contention. ECC (Error-Correcting Code) RAM is essential for production virtualization hosts because a single bit error in host memory can corrupt the memory space of multiple VMs simultaneously; ECC silently corrects single-bit errors, protecting data integrity across all running guest OSes. Large amounts of RAM allow more VMs to run without ballooning or swapping.

   Why the other options are wrong

   • BRGB lighting and a tempered-glass case is incorrect because RGB lighting is a cosmetic visual feature that produces colored lighting effects inside the case, and a tempered glass side panel allows the lighting to be visible; neither feature contributes to virtualization performance, CPU scheduling capability, memory capacity, or any technical workload requirement.
   • CA high-end gaming GPU is incorrect because virtualization workloads are CPU and RAM intensive; unless the VMs require GPU compute for graphics rendering, scientific simulation, or AI workloads (which would use GPU passthrough), a gaming GPU adds power consumption and cost without improving the hypervisor's ability to run more VMs or schedule their workloads efficiently.
6. Question 6Mobile Devices and Hardware

   You install two DDR4 sticks but the system reports single-channel bandwidth. What is the MOST likely cause?

   • AThe sticks were placed in same-color/non-matching slots instead of the dual-channel slot pairCorrect
   • BDDR4 must be installed one stick at a time
   • CThe BIOS is too new
   • DDDR4 only supports single channel
   ✓ Correct answer: A

   Dual-channel operation requires both DIMMs to be installed in matched (paired) slots—typically labeled A1/B1 or A2/B2 on a motherboard, usually indicated by matching colors. When both sticks are inserted into slots belonging to the same channel (e.g., A1 and A2), the memory controller sees them as a single channel and cannot interleave accesses across two independent 64-bit buses. The correct procedure is to consult the motherboard manual and populate the two slots that form a cross-channel pair. After reseating into the correct paired slots, the BIOS/firmware should report dual-channel bandwidth automatically.

   Why the other options are wrong

   • BDDR4 must be installed one stick at a time is incorrect because DDR4 supports multi-DIMM configurations; the platform determines channel count, not a one-at-a-time installation restriction.
   • CThe BIOS is too new is incorrect because firmware version has no bearing on which slots form a dual-channel pair; the physical wiring on the PCB determines channel mapping.
   • DDDR4 only supports single channel is incorrect because DDR4 is a generation designation, not a channel limitation; DDR4 DIMMs are routinely used in dual-, quad-, and higher-channel configurations depending on the CPU and platform.
7. Question 7SecuritySelect all that apply

   Which TWO measures BEST harden a small office wireless network against unauthorized access? (Choose TWO)

   • ARely solely on hiding the SSID for security
   • BUse WPA3 (or WPA2-AES) with a strong passphraseCorrect
   • CChange default admin credentials on the routerCorrect
   • DEnable WEP for compatibility
   ✓ Correct answer: B, C

   WPA3 uses Simultaneous Authentication of Equals (SAE), which replaces the WPA2 Pre-Shared Key handshake with a method resistant to offline dictionary attacks, providing forward secrecy. WPA2 with AES (CCMP) is the minimum acceptable standard. A strong, long, randomized passphrase prevents brute-force attacks even if a handshake is captured. Default router credentials are publicly documented by manufacturer and are systematically tried by bots and attackers; changing them prevents unauthorized access to the router's management interface, which would allow an attacker to change DNS, firewall rules, or the wireless password itself.

   Why the other options are wrong

   • ARely solely on hiding the SSID for security is incorrect because SSID hiding only prevents passive discovery in beacon frames; the SSID is still transmitted in probe requests and responses and is trivially revealed by any wireless scanner; it provides no cryptographic protection.
   • DEnable WEP for compatibility is incorrect because WEP (Wired Equivalent Privacy) was cryptographically broken in 2001; its RC4 key scheduling vulnerability allows the encryption key to be recovered from captured packets in minutes using freely available tools, providing no meaningful security.
8. Question 8Operating Systems

   You are migrating a user from an old Windows PC to a new one and must transfer accounts, files, and settings. Which Microsoft tool is designed for this user-state migration?

   • AUser State Migration Tool (USMT)Correct
   • BSystem Restore
   • CResource Monitor
   • DDisk Cleanup
   ✓ Correct answer: A

   USMT is a command-line toolkit developed by Microsoft and distributed as part of the Windows ADK (Assessment and Deployment Kit). It consists of two primary executables: ScanState, which captures user accounts, files, application settings, and OS configuration from the source machine into a migration store, and LoadState, which injects that captured state into the destination machine. USMT supports customizable XML configuration files (MigApp.xml, MigDocs.xml, MigUser.xml) to include or exclude specific applications and data. It is designed for large-scale corporate PC refresh projects and integrates with deployment frameworks such as SCCM/MEM and MDT.

   Why the other options are wrong

   • BSystem Restore is incorrect because System Restore captures and restores Windows system state (registry, system files, driver databases) to a previous point in time on the same machine; it cannot transfer user accounts or data from one PC to a different, new PC.
   • CResource Monitor is incorrect because Resource Monitor is a real-time system diagnostics tool that displays per-process CPU, memory, disk, and network consumption; it has no functionality related to user account migration, data transfer, or application settings capture.
   • DDisk Cleanup is incorrect because Disk Cleanup identifies and removes temporary files, cached content, and redundant system files to recover disk space on the current machine; it performs no data capture, account transfer, or cross-machine migration.
9. Question 9Hardware and Network Troubleshooting

   After replacing a laptop's spinning hard drive with an SSD and cloning the OS, the system shows 'No bootable device.' The drive is detected in BIOS. What should you check FIRST?

   • AThat the firmware boot mode (UEFI vs Legacy/CSM) matches how the clone was preparedCorrect
   • BThe keyboard backlight
   • CThe default printer
   • DThe monitor brightness setting
   ✓ Correct answer: A

   When cloning an OS to a new drive, the clone must be booted in the same firmware mode used to create the original installation. A Windows installation on a GPT-formatted drive requires UEFI mode; a Windows installation on an MBR-formatted drive requires Legacy BIOS or CSM mode. If the clone was created from a UEFI/GPT installation but the firmware is set to Legacy/CSM, the firmware's Legacy boot code cannot locate the EFI System Partition and boot loader, producing a 'No bootable device' error even though the drive is detected at the hardware level. Switching the firmware boot mode to match the partition scheme of the cloned drive resolves this.

   Why the other options are wrong

   • BThe keyboard backlight is incorrect because keyboard illumination is a cosmetic peripheral feature; it has no interaction with the firmware boot process, partition table format, or boot loader location on the cloned drive.
   • CThe default printer is incorrect because the default printer is a Windows OS-level setting that determines which printer software opens by default; it is irrelevant before the OS even loads, and 'No bootable device' occurs at firmware level before any OS configuration is accessible.
   • DThe monitor brightness setting is incorrect because monitor brightness is a display hardware parameter; it affects screen luminosity but has no role in the firmware boot sequence, partition table detection, or EFI/MBR boot loader execution.
10. Question 10Security

    A shared office PC lets any user read and modify files in another user's profile folder. Which security principle is being violated, and what is the fix?

    • ARefresh rate—lower it to restrict access
    • BDefragmentation—run defrag to separate the files
    • CDNS hardening—change the DNS server
    • Dleast privilege/permissions—tighten NTFS permissions so users access only their own dataCorrect
    ✓ Correct answer: D

    The principle of least privilege requires that users be granted only the minimum permissions necessary to perform their job functions, which includes restricting file-system access so each user can only access their own profile folder. On Windows systems using NTFS, each user profile directory should have permissions set so that only the owning user and administrators have read/write access. When any user can read and modify another user's profile, the NTFS access control lists (ACLs) are misconfigured, and tightening them to enforce proper boundaries resolves the security violation.

    Why the other options are wrong

    • ARefresh rate—lower it to restrict access is incorrect because the monitor refresh rate controls how many times per second the display redraws the screen and has absolutely no connection to file-system permissions or access control.
    • BDefragmentation—run defrag to separate the files is incorrect because defragmentation reorganizes file fragments on disk for sequential read performance and does not modify, enforce, or alter file-access permissions in any way.
    • CDNS hardening—change the DNS server is incorrect because DNS resolves hostnames to IP addresses for network communication and has no role in controlling local file-system permissions or user access to profile folders.

CompTIA A+ (Core 1/2) practice exam FAQ