CompTIA A+ Core 2 Domain 4: Operational Procedures

Configuration change control requires that proposed changes to the baseline be documented, reviewed, and approved by the change/configuration control board before they are implemented.

• AThis skips the formal review/approval step; making an unassessed change directly to a production baseline is exactly the uncontrolled action that change management exists to prevent and document beforehand.
• CUser notification is part of communication, but it is not the controlling step; the change still must be formally proposed and approved before any production baseline is modified, regardless of who was warned.
• DEditing inventory to say servers were modified before any approved change is performed is both premature and inaccurate; asset records are updated to reflect changes, not to authorize them.

A back-out or rollback plan documents the steps to restore affected systems to their previous state if the change fails, so service can be recovered quickly.

• ARisk analysis evaluates the likelihood and impact of the change before approval; it informs the decision but does not describe the procedure to reverse the change after it has already failed in production.
• BAcceptance testing confirms the change works for users after deployment; it validates success but provides no documented steps for restoring the previous state when the upgrade goes wrong.
• CA maintenance window only sets when the work occurs to limit disruption; scheduling the timing says nothing about how the system would be recovered to its earlier configuration if the change breaks it.

An incremental backup stores only the blocks or files that changed since the previous backup (full or incremental), giving the smallest, fastest nightly jobs.

• AA full backup copies the entire data set every time it runs; using it nightly maximizes job size and time, which is the opposite of the small, fast change-only nightly job the administrator wants.
• BA differential copies everything changed since the last full backup, so nightly jobs keep growing through the week; it speeds restores but does not limit each job to only the prior night's changes.
• DA synthetic full merges an existing full with later backups to build a new full image; it produces a complete copy rather than a small nightly job limited to the last night's changes.

The 3-2-1 rule requires that one of the copies be stored offsite so a local disaster cannot destroy every copy at once.

• BThe rule specifies three copies, not four, and adding another copy on the same site and hardware does nothing to protect against the local hazard that the offsite requirement addresses.
• CEncryption protects confidentiality of backups but is not one of the three numbers in the 3-2-1 rule; encrypted copies all sitting in one location are still lost together in a fire or theft.
• DRestore testing is good practice for verifying recoverability, but it is separate from the 3-2-1 rule; testing copies that are all onsite does not satisfy the missing offsite requirement.

A grounded wrist strap electrically connects the technician's skin to ground, continuously bleeding off body static so it cannot discharge into ESD-sensitive parts.

• AEdge connectors are exactly the contacts you should avoid touching; this neither bonds the technician to ground nor dissipates body charge, so a static discharge can still damage the part.
• CCarpet is a classic static generator and air exposure is not the hazard; rushing on an insulating surface increases charge buildup and the chance of a damaging discharge into the components.
• DLeaving the unit energized while installing parts creates a shock and short-circuit hazard and is unsafe; equipment should be powered off and unplugged, with grounding provided by proper ESD tools.

Protective grounding is installed to protect employees, giving fault current a low-impedance path so protective devices operate and hazardous voltage is not left on equipment.

• AGrounding does not raise supply voltage or improve efficiency; this confuses the protective earth path with the current-carrying conductors that actually deliver operating power to the device.
• BGrounding does not make live work safe; employers must still de-energize and verify the absence of voltage before work, so grounding supplements lockout, it does not replace de-energizing.
• DEquipment grounding for electrical safety addresses fault current and shock, not static on insulators; controlling ESD on plastics requires dissipative materials and personnel grounding, a different control.

The SDS, formerly the MSDS, gives the chemical's hazards plus handling, storage, and disposal precautions in a standardized 16-section format.

• BAn AUP defines how employees may use company IT systems and data; it governs user behavior on the network and contains none of the chemical hazard or disposal information needed for a solvent.
• CA EULA sets the legal terms for using software; it is a licensing contract and provides no information about a physical chemical's hazards, handling, or safe disposal requirements.
• DA ticket-handling SOP documents internal support workflow steps; it describes process, not the regulated chemical-specific hazard and disposal data that only a Safety Data Sheet supplies.

EPA guidance says to remove batteries and recycle electronics and lithium-ion batteries through proper recycling channels rather than the trash.

• ALithium-ion batteries are not allowed in household garbage or recycling bins; trashing them risks fires and improper disposal of hazardous materials, which is exactly what regulated recycling prevents.
• BLithium-ion batteries must not go in household recycling bins either; they require dedicated battery-recycling channels because of fire and hazardous-waste risks, not standard commingled recycling.
• CBurning lithium-ion batteries is dangerous and releases hazardous materials; end-of-life batteries are managed as regulated waste and recycled, never destroyed by uncontrolled on-site incineration.

Data that relates to an identified or identifiable person, such as names with addresses and ID numbers, is PII/personal data that must be protected from improper access, use, or disclosure.

• AVoluntarily providing data to a business does not make it public; names tied to addresses and ID numbers identify individuals and remain protected, so treating it as public ignores its sensitivity.
• CPCI DSS covers payment card data such as the primary account number; names, addresses, and ID numbers are personal data but are not payment card account data, so PCI is not the governing scope here.
• DIntellectual property refers to creations like software or designs owned by a creator; the customer's personal records are neither created nor owned by the shop and are not intellectual property.

PCI DSS sets requirements for any entity that stores, processes, or transmits cardholder data such as the primary account number, exactly what the retailer is storing.

• AGDPR governs personal data of individuals in the EU broadly; it may apply, but it is not the standard written specifically to protect stored payment card account data, which the scenario centers on.
• BThe GPL is a software licensing model governing source-code distribution; it has nothing to do with protecting stored payment card numbers and is unrelated to handling regulated cardholder data.
• DHIPAA's protected health information rules apply to health-care data held by covered entities; a retailer storing credit card numbers is handling payment data, not medical records, so HIPAA does not govern it.

Chain of custody tracks evidence through collection, safeguarding, and analysis by documenting each person who handled it and the date/time and purpose of each transfer.

• BAn acceptable use policy defines permitted use of company systems; it may have been violated here, but it does not track who handled a seized device, which is what evidence preservation requires.
• CAn SLA defines service commitments such as response and resolution times between a provider and customer; it has no role in documenting the handling and transfer history of physical evidence.
• DA knowledge base article captures reusable troubleshooting or how-to information for technicians; it is reference content, not the tracked record of who controlled a piece of evidence over time.

PowerShell scripts use the .ps1 extension, which is the correct format for a reusable file built from PowerShell cmdlets on Windows.

• AA .bat file is a Command shell batch script that runs legacy Windows commands; it does not natively execute PowerShell cmdlets, so saving cmdlet-based automation with this extension is the wrong file type.
• BA .py file is a Python script run by the Python interpreter; cmdlets like Get-Service are PowerShell language constructs and are not valid Python, so this extension does not match the script.
• CA .sh file is a Unix/Linux shell script executed by a shell such as bash; it is not the native Windows PowerShell format and would not run PowerShell cmdlets as written.

Energized electrical equipment is a Class C hazard, and CO2 is listed for Class B and Class C fires and leaves no residue, making it safe on electronics.

• AWater conducts electricity and is rated for ordinary Class A combustibles; using it on energized equipment risks shock and does not match the Class C electrical hazard described.
• CDry-powder Class D agents are intended for burning combustible metals, not energized electronics; choosing it confuses the metal-fire class with the Class C electrical hazard in the scenario.
• DWet chemical targets Class K cooking oils and its agent conducts electricity, so it is unsuitable for the energized electrical (Class C) equipment fire described here.

OSHA requires Class A extinguishers be distributed so employee travel distance to any extinguisher is 75 feet or less, matching the ordinary-combustible hazard here.

• AOSHA does not set one universal distance; it varies by class, so claiming a single 25-foot rule for all classes misstates the selection-and-distribution requirement.
• BFifty feet is the maximum travel distance OSHA sets for Class B flammable-liquid hazards, not for the Class A ordinary-combustible hazard described in the scenario.
• DSpacing is driven by fire class and hazard, not floor area alone, and OSHA sets no 100-foot Class A allowance, so this distractor inflates the permitted distance.

Walking surfaces must stay orderly and free of hazards and branch-circuit conductors may not be laid on the floor, so cables must be routed, supported, and protected.

• ALabeling and periodic inspection do not remove the trip hazard or the prohibition on floor-laid conductors; the cords still endanger anyone walking the path.
• BWalking-surface housekeeping rules apply regardless of voltage, so dismissing placement misreads the trip-hazard and floor-conductor requirements that govern the room.
• CFlexible cords may not be used as a substitute for fixed wiring, and tape does not satisfy support or damage-protection rules, so this normalizes a noncompliant setup.

Guidance recommends assistive lifting devices and fitting the task to the worker to prevent musculoskeletal disorders, directly addressing the heavy-lifting hazard described here.

• BSpeed and bending/jerking with the back increase strain and injury risk; ergonomic guidance targets reducing overexertion, not minimizing handling time at the spine's expense.
• CWork-related musculoskeletal disorders are described as preventable through an ergonomic process, so treating lifting injuries as inevitable ignores established controls and assistive equipment.
• DLifting heavy items is itself a recognized MSD risk factor alongside repetition, so excluding occasional heavy lifts from concern understates the documented hazard.

Flammable and combustible liquids are Class B fires, and OSHA requires Class B extinguishers be placed so travel distance is 50 feet or less.

• ASolvents are flammable liquids, not ordinary Class A combustibles, so applying the 75-foot Class A spacing misclassifies the hazard and the required distribution distance.
• BClass C specifically means energized electrical equipment, not flammable liquids, so labeling a solvent fire Class C confuses the electrical class with a flammable-liquid fire.
• DClass K covers cooking media in kitchen appliances, not bench solvents, so treating an industrial flammable-liquid fire as a cooking-oil fire selects the wrong agent and class.

A differential contains all changes made since the most recent full backup, so restoring the latest full plus the single most recent differential rebuilds Thursday's data.

• AA differential holds changes only since the most recent full, not since deployment, so restoring the differential alone omits all baseline data captured by Sunday's full backup.
• CThat chaining behavior describes incremental backups; differentials each reference the full, so applying every nightly differential is unnecessary and misstates how differentials accumulate changes.
• DRestore order starts from the full base and then applies the differential; reversing it overwrites recovered changes with older baseline data and corrupts the recovery sequence.

GFS retention keeps layered daily, weekly, monthly, and yearly recovery points held for increasing durations, exactly matching the multi-tier scheme described in the scenario.

• BA flat uniform-retention policy contradicts the scenario's different durations per tier; GFS deliberately assigns longer retention to weekly, monthly, and yearly points.
• CMirroring maintains a live copy without dated historical versions, so it cannot provide the daily-through-yearly recovery points the multi-tier retention scheme is built to keep.
• DCDP captures changes continuously but is not the scheduled, multi-tier daily/weekly/monthly/yearly retention described; equating it with GFS misidentifies the rotation model in use.

Backing up to local disk for quick restores and then copying to tape or cloud for long-term off-site retention provides both speed and disaster-resilient geographic separation.

• AStoring the sole copy on the production host means a server or site disaster destroys both data and backup at once, defeating off-site disaster recovery entirely.
• BAn on-site-only tape next to the server is fast but is destroyed by the same fire or flood, providing no geographic separation for disaster recovery.
• CMailboxes are not a managed, secured backup repository; this exposes data, lacks retention control, and is not the disk-then-tape/cloud tiering guidance recommends.

The schedule sets how often backups run (every 6 hours) while the retention policy sets how long each copy is kept (90 days); they are independent settings.

• AOnly the 90-day value is retention; the 6-hour value is the run frequency, so calling both retention conflates how often backups run with how long they are kept.
• BThis reverses the definitions; a 90-day interval between jobs and a 6-hour retention would leave almost no recoverable data, which is the opposite of the intent.
• DFrequency and retention directly determine recovery points and how long they survive; dismissing them as cosmetic ignores how the policy governs available restore points.

Recovery guidance emphasizes realistic test scenarios and validating recovery capabilities, so periodically exercising restores is what proves backups will actually recover data.

• AA job completing does not prove the data is restorable; guidance stresses validating recovery, so treating job completion as proof skips the actual restore verification.
• CUsing a real disaster as the first test risks discovering unrecoverable backups when it is too late; planning calls for testing recovery before an incident, not during one.
• DMore frequent backups create more restore points but do not validate integrity or recoverability; frequency cannot substitute for actually testing that a restore succeeds.

A consistency check verifies the replica against the source and corrects drift, directly protecting backup integrity, which is precisely the synchronization concern the admin raised.

• BCompression only reduces size; it performs no source-to-replica verification, so it cannot detect or fix the drift between backup and live data described here.
• CLonger retention keeps more historical points but never validates current replica accuracy, so it does not resolve whether the backup has drifted from the source.
• DMore frequent incrementals capture changes sooner but do not verify integrity; without a consistency check, an inconsistent replica simply gets updated more often, not validated.

PowerShell uses the .ps1 script extension and Python uses .py, and both are interpreted scripting languages rather than precompiled standalone executables, matching the files found.

• APowerShell and Python scripts are interpreted at runtime rather than compiled to standalone binaries, so calling both precompiled executables misstates how these script types actually run.
• BBoth Python and PowerShell are cross-platform, so claiming each is locked to a single operating system contradicts their documented availability on multiple platforms.
• DA .ps1 is a PowerShell script using a different language and engine than .bat command-shell batch files, so equating the two ignores the distinct PowerShell scripting environment.

Documentation describes execution policy as a safety feature that controls running scripts and helps prevent malicious execution, while noting users can bypass it, so it is not a security boundary.

• AExecution policy governs whether scripts run, not encryption; it does not conceal source code, so describing it as file encryption misrepresents the feature's actual function.
• CThe policy can be bypassed (for example by pasting script contents at the prompt), so it is explicitly not an unbreakable boundary, making this overstated claim incorrect.
• DThe Windows default RemoteSigned requires a trusted signature on internet-downloaded scripts, so claiming the default runs any downloaded script unsigned contradicts the shipped behavior.

PowerShell and Python both run on Windows, Linux, and macOS, so either supports a single cross-platform script base without rewriting separate code per operating system.

• ABatch files target the Windows command shell and do not run natively on macOS or Linux, so choosing .bat for cross-platform work fails outside Windows environments.
• BVBScript is a legacy Windows technology, not a universal cross-platform standard, so relying on it for Linux and macOS automation does not meet the multi-OS requirement.
• CCross-platform languages exist, so claiming no script can run across all three operating systems is false and needlessly multiplies maintenance by rewriting per platform.

Forensic guidance centers on preserving information integrity during collection, so safeguarding the data before any rebuild protects its evidentiary value, which is the first responder's priority.

• BReimaging destroys potential evidence and breaks data integrity; prioritizing a quick rebuild over preservation forfeits the very information an investigation would need.
• CAd hoc copying without integrity controls undermines the soundness of the data and its evidentiary value, contradicting the requirement to preserve integrity during collection.
• DPulling power can discard volatile data that has investigative value, so an unconditional immediate shutdown can destroy evidence the first responder should have preserved.

NIST guidance includes incident reporting, notification, and lessons learned as response activities, so completing them after containment is the emphasized post-incident step.

• ADestroying logs removes the record needed for reporting and learning and can violate retention obligations, contradicting the documentation and notification activities guidance requires.
• BPost-incident documentation and lessons learned are core to the life cycle, so omitting them after recovery discards the insight that improves future incident response.
• DReporting and notification may be required to outside parties, so a blanket refusal to notify anyone ignores obligations that the response life cycle expects organizations to meet.

A network/baseline diagram documents component connectivity, network topology, and the logical placement of components in the system architecture, exactly what the technician needs.

• AAn acceptable use policy governs how employees may use IT resources and behavior expectations; it contains no information about device interconnections, segments, or the logical placement of network components.
• CAn SLA defines responsibilities and performance commitments between a provider and customer; it does not map how switches, routers, and VLAN segments are physically and logically interconnected.
• DAn incident report records the details and handling of a specific event after it occurs and does not provide an ongoing reference for how network components interconnect.

An asset inventory records system components with details such as serial number, physical location, software version, and license information, and is updated on installs and removals.

• AA knowledge base stores how-to articles and solutions to recurring problems for technicians and users; it is not designed to track each asset's serial number, owner, location, and license data.
• BAn SLA sets performance and responsibility commitments between provider and customer and does not serve as the per-device inventory of serial numbers, owners, locations, and licenses.
• DAn incident report documents what happened during a single event and the response taken; it does not provide an ongoing, comprehensive inventory of all hardware and software assets.

An SLA defines the provider's specific responsibilities, sets customer expectations, and addresses performance levels such as reliability and response times.

• BAn AUP states the rules and behavior expected of users when using organizational systems; it does not define a vendor's uptime, response-time, or performance commitments to a customer.
• CA EULA grants a user the right to use a software product under stated conditions; it is not the contract that defines a provider's service responsibilities and response-time guarantees.
• DAn NDA obligates parties to keep shared information confidential and addresses secrecy, not service uptime, response times, or measurable performance commitments between provider and customer.

PCI DSS provides baseline technical and operational requirements to protect payment account data and applies to all entities that store, process, or transmit cardholder data.

• AISO 9001 specifies requirements for a quality management system to deliver consistent products and services; it does not establish technical controls for protecting stored or transmitted cardholder data.
• BHIPAA governs protected health information held by covered healthcare entities and business associates; payment card numbers at a retailer fall outside its scope and protected-data definitions.
• CISO 14001 addresses an organization's environmental management practices and impacts; it has nothing to do with the technical and operational safeguarding of payment card account data.

Prioritizing by functional impact, information impact, and recoverability lets the team allocate response resources to the most damaging issues first.

• AStrict first-come-first-served ordering ignores how badly each issue affects operations and data, so a minor cosmetic request could be handled before a server outage crippling the business.
• BRanking by requester seniority rather than actual impact lets low-impact executive requests outrank outages that affect many users, misallocating limited response resources during busy periods.
• DAlphabetical category ordering is arbitrary and unrelated to urgency, so it provides predictable sorting but routinely delays high-impact incidents that happen to fall later in the alphabet.

Routing a high-impact issue beyond a technician's skills to the appropriate higher-tier team aligns specialist resources to the incident and supports timely resolution.

• AClosing an active high-impact issue without a fix abandons the user, hides the unresolved problem from reporting, and prevents the specialist resources needed from ever being engaged.
• CDeleting the record destroys the documented history and progress notes, forces the user to restart, and still leaves the high-impact problem without the database expertise it requires.
• DContinuing to work beyond one's competence on a high-impact incident wastes time, prolongs the outage, and withholds the specialized resources that escalation would promptly bring to bear.

Open-source licenses like the PSF License grant a royalty-free right to reproduce, modify, prepare derivative works, and redistribute the software.

• AA per-seat commercial subscription charges recurring fees tied to user counts and typically forbids redistribution or modification of the product, conflicting with the royalty-free reuse the developer requires.
• BA proprietary EULA grants only limited rights to use the software as delivered and generally prohibits modifying source code or redistributing derivative versions, which the developer specifically needs.
• CA DRM-locked retail license ties the copy to one device and uses technical protection to prevent copying or redistribution, the opposite of the freely modifiable and redistributable software requested.

The Open Source Definition requires that the program include source code and that the license allow modifications and derived works.

• BThe Open Source Definition explicitly permits selling the software as part of an aggregate distribution; zero price is not a requirement, so this statement misstates the actual criteria.
• CRestricting modification and distribution to the original author directly violates the open-source criteria for derived works, which must allow others to modify and redistribute under the same terms.
• DOpen-source software is distributed under a license that grants specific freedoms while retaining copyright; it does not require relinquishing all rights into the public domain.

A EULA for proprietary, commercial software grants limited usage rights while restricting copying and redistribution, and such editions require a valid license to use legally.

• AOpen-source licenses grant rights to view, modify, and redistribute source code; terms that forbid copying and redistribution are the opposite, so this misidentifies both the agreement and the model.
• BA digital certificate cryptographically binds an identity to a key for trust and signing; it is not the contractual usage agreement a user accepts that restricts copying and redistribution.
• DAn SLA sets performance and responsibility commitments between a provider and customer; it is not the install-time usage agreement that limits the user's rights to copy and redistribute software.

Volume licensing offers programs tailored to organization size, and KMS lets enterprises activate computers on their own local network without contacting Microsoft per device.

• AA retail purchase provides one unique product key per copy intended for an individual device, so reusing one retail key across 500 machines is neither permitted nor practical for centralized activation.
• COEM licensing is performed by the hardware vendor before shipment and is tied to that device's firmware; it does not provide the centralized, network-based activation the enterprise wants to manage itself.
• DWindows is proprietary software requiring valid licensing and activation; an open-source license does not apply to it, so this option misrepresents how the operating system may be deployed.

Activation pairs a valid product key or digital license with the device, confirming the copy is genuine and licensed rather than a fraudulent or non-genuine copy.

• AAntivirus definition updates are managed by security software and the OS update service; they are unrelated to product activation, which is about validating licensing rather than malware signatures.
• BMinimum hardware requirements are checked by setup and compatibility tools before or during installation; activation instead validates the licensing of the copy, not whether the CPU or RAM is sufficient.
• CFeature currency is handled by Windows Update, not activation; an activated device can still be several versions behind, so equating activation with being fully up to date is incorrect.

RDP delivers a full graphical desktop session and control of a PC; Pro, Enterprise, and Server editions can host it, while Windows Home editions cannot serve as hosts.

• BSSH provides an encrypted command-line session for remote administration, not a full graphical desktop takeover, so it does not match the described GUI-control scenario on a Windows workstation.
• CA VPN only creates a secure network tunnel into a remote network; by itself it does not present or control another machine's graphical desktop, which the administrator specifically needs.
• DSNMP is used to monitor and collect status from network devices, not to open or control a remote graphical desktop session, so it is unsuited to the described hands-on GUI task.

SSH provides encrypted command-line remote administration and, unlike telnet, has built-in support for robust encryption and authentication of the session.

• ATelnet transmits its session, including credentials, in cleartext with no encryption, which is exactly the insecure legacy behavior the administrator is trying to replace for command-line access.
• BRDP is built to deliver a graphical Windows desktop session; it is not the standard tool for encrypted command-line administration of a headless Linux server and is not the telnet replacement here.
• DFTP is designed to transfer files and does not provide an interactive remote administration shell; it also transmits credentials in cleartext, so it neither fits the task nor improves security.

A VPN builds an encrypted tunnel over the public internet so a user tunnel can reach organization resources as if on a dedicated link to the internal network.

• AExposing RDP directly to the public internet controls a single host and is a well-known attack target; it does not give the user secure, network-level access to internal servers and applications.
• CAn SSH session to a single server provides command-line access to that host only; it does not place the teleworker's computer on the corporate network to reach multiple internal file servers and apps.
• DQuick Assist is an attended screen-sharing tool for helping a person at their device; it does not connect the user's machine to the corporate network to access internal servers and applications.

Quick Assist lets a helper view, annotate, or take control after the user enters a time-limited security code and selects Allow, ideal for ad-hoc remote help.

• ARDP requires the host to be configured for incoming connections with an allowed account and a reachable port, which is impractical for an ad-hoc session with a non-technical home user.
• BSSH offers an encrypted command line for administrators, not a consent-based graphical screen-sharing session, so it cannot let the agent view and control the home user's desktop as described.
• CA VPN only tunnels the user's device onto a network; it neither displays the user's screen to the agent nor provides the code-based, permission-gated control the support session requires.

A UPS has an internal battery that keeps connected equipment running for at least a short time when primary power is lost, allowing a graceful shutdown.

• BA surge protector only diverts brief over-voltage spikes away from equipment; it stores no energy, so when utility power fails the connected server loses power immediately with no ride-through time.
• CA power strip merely multiplies outlets from one source and provides neither surge suppression nor stored energy, so an outage cuts power to the server instantly with no opportunity to shut down.
• DA splitter only branches a connection and supplies no battery or power conditioning, so it cannot keep the server energized during an outage or enable an orderly shutdown.

Maintaining and monitoring temperature and humidity within acceptable levels in the facility where the system resides protects equipment availability, since poor conditions can adversely affect systems.

• AAn ESD strap protects components from static discharge during hands-on handling; it does nothing to regulate the ambient room conditions that affect equipment running continuously in the server room.
• BA UPS addresses power continuity during outages but does not regulate ambient temperature or moisture, so it cannot prevent overheating or humidity-related damage to the concentrated equipment.
• DAn acceptable use policy governs user behavior with IT resources; displaying it provides no physical regulation of the heat and moisture conditions that threaten densely packed server hardware.

Environmental control monitoring that issues an alarm or notification of harmful changes lets staff respond promptly to drift, even when no one is present.

• AA change management board reviews and authorizes proposed system changes; it is a procedural control and cannot detect or warn staff about real-time temperature or humidity excursions in the facility.
• CA locked cabinet adds physical access security to protect against tampering or theft; it provides no sensing of climate conditions and cannot alert staff when temperature or humidity moves out of range.
• DOff-site backup rotation protects data recoverability after loss; it does nothing to observe live facility conditions or notify staff of overnight temperature and humidity excursions in the data center.

Configuration change control requires that proposed changes be tracked, reviewed, and approved or disapproved by a configuration control board (CCB) or change advisory board before implementation in production.

• ATiming alone is a scheduling detail and does not satisfy the formal review requirement; a change affecting dependent production applications must still be evaluated and authorized before it proceeds at all.
• CTrust in the vendor does not remove the need for impact analysis and authorization; vendor-sourced upgrades can still break dependent applications and must pass through the documented approval process first.
• DA major OS upgrade on a multi-application production server is not low-risk routine maintenance; assuming it is bypasses the required review and logging that change control mandates for such impactful changes.

Change control includes provisions for reversing changes; a documented back-out/rollback plan with the saved baseline lets the team restore the prior known-good configuration if the deployed change fails.

• AAn impact analysis quantifies consequences and helps justify the change, but it provides no procedure or saved configuration for actually reversing the firmware change once it has already been applied.
• BUser acceptance documents stakeholder agreement about timing and scope, yet it contains no technical steps or baseline needed to undo the change and recover the previous working configuration.
• DA topology diagram records device locations and interconnections for reference, but it offers no procedure to revert firmware or recover the earlier configuration after a failed change.

Each differential captures everything changed since the last full, so recovery requires only the last full plus a single differential set, giving the simplest, fastest restore the administrator wants.

• BIncrementals minimize backup time but complicate restores, because recovery must apply the last full and then every incremental in sequence, which conflicts with the goal of combining the fewest sets.
• CWithout a full baseline there is no complete starting image to restore from, and chaining many incrementals together is the slowest and most fragile recovery path possible.
• DMerged incremental chains still depend on many dependent sets, and skipping restore validation leaves recoverability unproven, neither of which satisfies the request for the simplest reliable restore.

A hot site is fully equipped and kept current with near-real-time data replication, so it can take over operations almost immediately, satisfying the very short recovery-time objective.

• AA cold site provides only the facility shell, so staff must deliver, install, and configure all equipment and restore data, producing recovery times of days that miss a minutes-long objective.
• BOffsite storage protects backup copies but is not a processing location; data still has to be transported and restored onto rebuilt systems before operations can resume.
• CA warm site shortens recovery compared with a cold site, yet its remaining configuration and data-restore steps typically take hours to days, which still exceeds a near-immediate objective.

An SDS uses a standardized 16-section format covering hazards, first aid, safe handling and storage, exposure controls and PPE, and disposal, exactly the chemical-safety information the technician needs.

• AAn acceptable use policy addresses employee conduct with IT systems and data, not the physical and health hazards, protective equipment, or disposal instructions for a specific chemical product.
• CAsset records track inventory and ownership details for hardware; they contain no information about chemical hazards, protective equipment, or how to handle and dispose of a solvent safely.
• DA topology diagram documents network device connections and layout, which is entirely unrelated to the handling precautions, PPE, and disposal guidance required for a hazardous cleaning chemical.

Used lithium-ion batteries are broadly captured by universal waste battery rules and should be sent to a battery recycler or collection point rather than discarded in the trash.

• ADiscarding lithium-ion batteries in ordinary trash is discouraged because they can cause fires in waste streams and contain materials that should be recovered rather than landfilled.
• BReleasing battery contents to drains is unsafe and improper, and battery casings do not belong in standard paper recycling; this mishandles a regulated, potentially hazardous item.
• CBurning lithium-ion batteries is hazardous and can cause explosions and toxic emissions, and it is not an approved disposal route; the residue still cannot lawfully go to general waste.

The order of volatility directs responders to capture the most volatile data first; RAM, running processes, and active connections vanish on shutdown, so they must be acquired before less volatile disk data.

• ADisk data is comparatively non-volatile and persists after shutdown, so imaging it first risks losing memory-resident evidence that disappears the moment the system state changes or power is cut.
• BOffsite backups are among the least volatile sources and remain available later; prioritizing them ignores live data that exists only while the machine is currently running.
• DLogs shipped to a separate server are persistent and can be retrieved afterward; collecting them first wastes the narrow window for capturing memory-resident artifacts that cannot be recovered later.

Recording who collected, handled, transferred, and stored the evidence, with times and signatures, preserves integrity and demonstrates the data was not altered, which is essential for legal admissibility.

• BDistributing uncontrolled copies through email creates unverified duplicates and breaks tracking of the original, undermining integrity rather than proving the evidence was handled and preserved properly.
• CRestoring and exploring evidence on live hardware can modify timestamps and data, jeopardizing integrity; analysis should occur on verified copies under controlled, documented handling procedures.
• DAltering the source system by deleting accounts destroys potential evidence and changes the device's state, which damages the case instead of preserving the data for proceedings.

The Open Source Definition requires free redistribution (including for sale), availability of source code, and permission to make and distribute modifications and derived works under the same terms.

• AOpen source concerns freedoms in the license, not price; the definition explicitly forbids restricting sale and permits charging a fee, so 'no cost' is not what makes software open source.
• BMere visibility of source is insufficient; the Open Source Definition requires that the license allow modifications and derived works, so a no-modification, look-only license is not open source.
• DThe definition prohibits discrimination against fields of endeavor, so a license that bars business or other specific uses fails the criteria and cannot be considered open source.

SSH provides an encrypted client-server channel for remote command-line administration, protecting credentials and commands from network eavesdropping, which is why it is the recommended replacement for Telnet.

• ATelnet transmits logins, passwords, and commands in cleartext with no encryption, so anyone capturing the traffic can read the credentials; its broad legacy support does not make it safe here.
• CRDP delivers a Windows graphical desktop and is not how administrators reach a switch's text command line; the device exposes a CLI, making a graphical-remoting protocol the wrong tool.
• DAttended screen-sharing tools target helping a person at a graphical desktop, not unattended command-line management of headless network gear, so they do not fit this administrative task.