A+ security questions are not trying to turn you into a senior security engineer. They are checking whether you can make safe support decisions when a user, laptop, account, phone, wireless network, or shared folder has a security problem.
Fast answer: for CompTIA A+ security scenarios, choose the option that verifies identity, protects data, uses least privilege, keeps evidence intact, and follows policy before making a risky change. If an answer sounds fast but skips verification or documentation, be suspicious.
Use these practice questions like mini help desk tickets. Pick an answer first, then read the explanation. If you are building a Core 2 study path, pair this with our A+ malware removal practice questions, A+ operational procedures practice questions, and A+ Windows command line practice questions.
Quick review: what A+ security usually tests
| Scenario clue | Think about |
|---|---|
| User needs access | Verify identity, approval, least privilege |
| Unexpected MFA prompts | Possible account compromise, not a convenience reset |
| Lost laptop or phone | Encryption, remote wipe, account/session protection |
| Shared folder issue | NTFS/share permissions, groups, least privilege |
| Wi-Fi setup | WPA2/WPA3, strong passphrases, no shared admin secrets |
| Suspicious file or browser popup | Malware process, isolate, scan, document |
| Visitor or tailgating problem | Physical security and policy |
| Sensitive data exposure | Do not browse, copy, or share more than needed |
The exam likes “best next step” wording. That means the technically possible answer is not always the correct answer. The correct answer is the safest useful action for that moment.
CompTIA A+ security practice questions
1. Unexpected MFA prompts
A user calls the help desk because their phone keeps showing MFA approval prompts they did not start. They ask you to reset MFA because the prompts are annoying.
What should you do first?
A. Reset MFA immediately so the user can keep working
B. Tell the user to approve one prompt and change the password later
C. Treat it as possible account compromise, verify identity, review sign-in activity, and follow escalation policy
D. Disable MFA for the user because MFA is causing the issue
Answer: C. Treat it as possible account compromise, verify identity, review sign-in activity, and follow escalation policy.
Unexpected MFA prompts can mean an attacker already has the password and is trying to get the second factor approved. Do not treat that like a normal “new phone” request.
A safe flow is: verify the caller using approved methods, tell them not to approve unknown prompts, check sign-in logs if you have access, revoke sessions or force a password reset if policy requires it, and escalate suspicious activity. Our MFA reset checklist covers this workflow in more detail.
2. Request for admin rights
A user says a vendor application will only install if they are made a local administrator. They want permanent admin rights because “this keeps happening.”
What is the best response?
A. Add the user to local administrators permanently
B. Use an approved elevation, software deployment, or temporary admin process after validating the business need
C. Give the user the domain admin password for five minutes
D. Tell the user to download a cracked installer that does not need admin rights
Answer: B. Use an approved elevation, software deployment, or temporary admin process after validating the business need.
Least privilege is the pattern. Users should have the access needed to do their jobs, not permanent power because one installer is annoying.
In real support work, this may mean deploying the software through Intune, SCCM, Jamf, a managed app catalog, a privileged access tool, or a documented temporary elevation process. If the software is not approved, the answer may be “not yet,” not “sure, enjoy your new attack surface.”
3. Lost company laptop
A remote employee reports that their company laptop was stolen from a car. The laptop had access to email and cloud storage. The employee thinks the laptop was locked when it was stolen.
What should IT do next?
A. Wait to see if the laptop turns up
B. Confirm encryption/device management status, lock or wipe the device if policy allows, revoke sessions, and document the incident
C. Delete the user’s mailbox
D. Tell the user that a lock screen is enough protection
Answer: B. Confirm encryption/device management status, lock or wipe the device if policy allows, revoke sessions, and document the incident.
A lock screen helps, but it is not the whole response. The security question is whether company data and active sessions are protected.
You want to know whether BitLocker or another full-disk encryption tool was enabled, whether the device is managed, when it last checked in, and whether remote lock or wipe is allowed. Also revoke cloud sessions and document what happened. If this becomes a breach review, “probably fine” will not be a fun ticket note.
4. Shared folder permissions
A manager asks you to give one employee access to a finance folder. The employee needs to view invoices but should not edit or delete files.
Which permission approach is best?
A. Give the employee full control so they do not call back later
B. Add the employee to the correct read-only group after approval
C. Share the manager’s password with the employee
D. Copy the finance folder to the employee’s desktop
Answer: B. Add the employee to the correct read-only group after approval.
This is least privilege again. If the user needs read access, do not grant modify or full control just because it is easier.
Groups are cleaner than one-off permissions because they are easier to audit and remove later. Also remember that Windows file access may involve both share permissions and NTFS permissions. If you need the ticket version of this flow, see our shared mailbox access checklist and network share troubleshooting checklist. Different systems, same access-control habit: approve, scope, grant, verify, document.
5. Public Wi-Fi support call
A user is working from a hotel and says they cannot connect to an internal app. They ask whether they should connect to an open Wi-Fi network named “Free Hotel Internet 2” because it has a stronger signal.
What is the safest guidance?
A. Use the open network and ignore browser warnings
B. Use approved remote access from a trusted network, avoid unknown open Wi-Fi, and report suspicious captive portals or certificate warnings
C. Turn off the firewall to improve connectivity
D. Email their password to the help desk so you can test it
Answer: B. Use approved remote access from a trusted network, avoid unknown open Wi-Fi, and report suspicious captive portals or certificate warnings.
A+ security is practical. Open Wi-Fi, fake SSIDs, certificate warnings, and sketchy captive portals are all normal ways users wander into trouble.
The best answer points them back to approved remote access and safe network behavior. If your environment allows hotspot use, VPN, ZTNA, or managed remote access, follow that policy. Do not train users to click through warnings just because a ticket is inconvenient.
6. Browser popups after installing “free” software
A user reports that their browser now shows constant popups after they installed a free PDF tool. They also see a new extension they do not recognize.
What is the best next step?
A. Isolate the device if needed, remove suspicious software/extensions, run approved scans, update, verify, and document
B. Tell the user popups are normal
C. Disable all security tools because they slow down the browser
D. Delete random system files until the popups stop
Answer: A. Isolate the device if needed, remove suspicious software/extensions, run approved scans, update, verify, and document.
This is the malware-removal pattern in a browser-shaped jacket. Check installed applications, extensions, startup items, browser settings, and endpoint protection alerts. Use approved tools. If there is evidence of credential theft, data exposure, or spreading malware, escalate. For more reps, use the A+ malware removal practice questions.
7. BitLocker recovery after a motherboard replacement
A laptop asks for a BitLocker recovery key after hardware service. The user is frustrated and wants you to bypass it because they have a meeting.
What is the correct approach?
A. Bypass encryption with an online tool
B. Retrieve the recovery key from the approved location after verifying the user/device, then document the recovery
C. Disable encryption permanently
D. Reinstall Windows immediately without checking backups
Answer: B. Retrieve the recovery key from the approved location after verifying the user/device, then document the recovery.
Encryption is doing its job. Hardware changes can trigger recovery, and the support response should follow policy. Common approved locations might include Microsoft Entra ID, Active Directory, an MDM platform, or a documented recovery portal. Do not invent shortcuts around encryption. Our BitLocker recovery key troubleshooting checklist walks through the practical support flow.
8. Password reset request from chat
Someone messages the help desk from a personal chat account claiming to be an executive. They say they are locked out and need a password reset immediately.
What is the best response?
A. Reset the password because executives are important
B. Verify identity using the approved reset process before changing credentials
C. Ask them to send their old password first
D. Create a second account with no MFA
Answer: B. Verify identity using the approved reset process before changing credentials.
Help desk password resets are a favorite social engineering target. Urgency plus authority is not proof. Use the approved identity verification path. The important part is that the reset process is not “whoever sounds the most annoyed wins.”
The A+ security decision pattern
When a security question feels close, ask these in order:
- Is identity verified? If not, verify before granting access or resetting credentials.
- Is this least privilege? Grant only the access needed, preferably through approved groups or tools.
- Could data be exposed or lost? Protect it before making changes.
- Could this be an incident? Unexpected MFA prompts, suspicious media, stolen devices, and malware deserve escalation when policy says so.
- Is there a physical security angle? Badges, visitors, privacy screens, locks, and unknown USB drives count.
- Can another tech understand this later? Document what changed and what was verified.
That pattern will get you through a lot of Core 2 security scenarios because it matches the actual support job. Most teams do not want reckless heroes. They want someone who can solve the ticket without creating a second, worse ticket.
Mini checklist for real help desk work
Use this on actual security-ish tickets:
- Verify identity before password, MFA, or access changes.
- Check approval before granting access.
- Use groups and roles instead of one-off permissions.
- Confirm encryption/management status for lost or repaired devices.
- Treat unexpected MFA prompts as suspicious until proven otherwise.
- Do not plug in unknown USB drives.
- Keep user data private while troubleshooting.
- Document symptoms, actions, results, and follow-up.
If you are studying for A+ because you want a help desk job, security is where you show judgment. You do not need to know every enterprise control yet. You do need to stop, verify, protect data, and avoid doing sketchy stuff in the name of speed.
FAQ
Are security questions on CompTIA A+ hard?
They are manageable if you study them as support scenarios. The questions usually test basic security judgment: passwords, MFA, permissions, encryption, malware, Wi-Fi security, physical security, and safe handling of user data.
Should I study Security+ before A+ security?
No. A+ security is more entry-level and support-focused. Security+ goes deeper into risk, architecture, attacks, governance, and incident response. If you are new to IT, A+ security is a good base before Security+.
What is the biggest trap in A+ security questions?
Skipping verification. Wrong answers often sound fast: reset the password, grant admin rights, approve the MFA prompt, plug in the USB drive, bypass encryption. The safer answer usually verifies identity, follows policy, and documents the result.
What should I study after A+ security?
Rotate into Core 2 troubleshooting and procedures. Review malware removal, Windows command-line tools, operational procedures, and ticket documentation. Then use the IT certification hub to decide whether Network+, Security+, or a job-focused project path makes sense next.
Studying for the cert because you want a better support job? Grab a practical path from the IT certification hub, and try Shell Samurai if you want command-line practice that feels more like tickets than flashcards.