Browse CompTIA Certification Guides

CompTIA A+ Core 2 (220-1202) FAQ

Fuad Efendi March 28, 2026 8 min read

Exam-focused answers on A+ Core 2 operating systems, security, permissions, malware response, recovery tools, and study strategy.

On this page

A+ Core 2 questions reward controlled operational judgment: secure defaults, effective permissions, disciplined recovery order, and fixes that solve the problem without creating a larger one.

What exactly is covered on Core 2 (220-1202)?

Core 2 focuses on operating systems, security, software troubleshooting, and operational procedures. That means Windows/macOS/Linux/ChromeOS basics, account/permission models, updates and patching, malware response workflow, logging and diagnostics, and professional practices (documentation, change/incident, safety, privacy/disposal).

How is Core 2 different from Core 1?

  • Core 1 (220-1201): hardware, mobile, networking, virtualization (client), and troubleshooting.
  • Core 2 (220-1202): operating systems, security, software troubleshooting, operational procedures.

You need both to earn A+. Order doesn’t matter—take the one you’re more ready for first.

What’s the format—are PBQs guaranteed?

Yes. CompTIA lists the current A+ Core 2 220-1202 exam at a maximum of 90 questions in 90 minutes, with a 700 passing score on the 100-900 scale. Expect standard multiple-choice, multiple-response, drag-and-drop, and performance-based questions (PBQs). PBQs simulate tasks such as permissions review, malware workflow, log reading, and recovery decisions. If a PBQ is time-consuming, skip and return.

How many questions and how long is the exam?

Plan for check-in, the NDA, the exam itself, and a brief survey. Pace steadily and keep a 5–10 minute buffer to revisit flagged items.

What Windows topics should I master?

  • Editions & features: Home vs Pro vs Enterprise/Education (BitLocker, Domain join, Group Policy, Hyper-V, RDP host).
  • Core tools: Settings panes, Device Manager, Services, Disk Management, Event Viewer, Task Manager.
  • CLI basics: ipconfig, ping, tracert, nslookup, sfc, DISM, bootrec, bcdedit, gpupdate.
  • Startup & recovery: Safe Mode, WinRE, System Restore, Reset this PC (keep/remove), driver rollback.
  • Permissions: NTFS vs Share, inheritance, ownership, effective permissions.

What about macOS and Linux?

You need fundamentals:

  • macOS: About This Mac, Activity Monitor, Disk Utility, Software Update, FileVault, Time Machine.
  • Linux: package managers (apt, dnf/yum), services (systemctl), network (ip, ping, dig), logs (journalctl, /var/log), permissions (chmod, chown).

What does “effective permission” actually mean?

Users get the most restrictive combination of Share and NTFS where both apply:

  • Over the network: Effective = intersection of Share and NTFS (whichever is more restrictive).
  • Locally: Share doesn’t apply; NTFS rules. If both group and user permissions exist, the most permissive NTFS usually wins within NTFS (except explicit denies which override).

How do I choose between local accounts, Microsoft accounts, and domain accounts?

  • Local: standalone devices, labs, kiosks.
  • Microsoft: consumer cloud features, sync (OneDrive), Store apps.
  • Active Directory / Microsoft Entra ID: enterprise SSO, Group Policy or MDM-backed control, and centralized identity management. Core 2 expects you to recognize when each model is appropriate.

What is the correct malware response order?

For workstation-cleanup questions, CompTIA expects this classic flow (and the why):

  1. Identify symptoms (pop-ups, resource spikes, unknown processes, blocked AV).
  2. Quarantine (isolate from the network; prevent spreading).
  3. Disable System Restore (avoid reinfection from restore points).
  4. Remediate (update definitions, Safe Mode scan, remove; reimage if needed).
  5. Schedule scans and updates; re-enable Restore.
  6. Create a restore point.
  7. Educate user (phishing, macros, downloads, USB hygiene).

That is an exam-preferred endpoint-malware sequence. In real enterprise incidents, the exact workflow may be adjusted by IR policy, EDR tooling, and evidence-preservation requirements.

How do I harden a Windows workstation quickly?

  • Patch OS and apps; enable automatic updates.
  • Keep Defender AV/Firewall on; correct network profile (Domain/Private/Public).
  • Least privilege: standard user daily; elevate only when needed (UAC at default or higher).
  • Enable BitLocker (Pro+) with TPM + PIN; store recovery keys securely.
  • Limit RDP exposure; require NLA; restrict to groups; firewall rules; VPN if remote.
  • Remove unused software, disable unnecessary services, set browser protections.

I’m confused about Safe Mode vs WinRE vs Reset—when to use each?

  • Safe Mode: minimal drivers/services; great for drivers, startup apps, AV cleanup.
  • WinRE: advanced recovery—Startup Repair, Command Prompt, System Restore, Uninstall Updates, UEFI settings.
  • Reset this PC: last resort for persistent OS corruption; choose Keep files vs Remove everything; local vs cloud reinstall.

How do I troubleshoot “Access Denied” on a share?

  1. Confirm path and user/group.
  2. Check Share permissions (Everyone? Authenticated Users? Specific groups?).
  3. Check NTFS permissions on the target folder; ownership; inheritance.
  4. Confirm access scope (local vs network).
  5. If group policy applies, run gpresult/whoami /groups (domain context) or re-logon.

What OS log sources should I know?

  • Windows: Event Viewer → System, Application, Security; Windows Defender; Setup; Reliability Monitor.
  • macOS: Console app; Unified Logging.
  • Linux: journalctl -xe, /var/log/syslog/messages, service-specific logs (/var/log/apache2/*, etc.).

What are typical “fix-order” expectations on Core 2?

  • Favor reversible and low-risk steps first: restart service/app → disable startup item → driver rollback → repair tools (sfc, DISM) → System Restore → Reset (as last resort).
  • Avoid unnecessary registry edits or third-party “cleaners”.

How much scripting do I need?

Basics only: recognize PowerShell/Bash/Python purpose, safe patterns, and typical tasks:

  • PowerShell: Get-Command, Get-Help, Get-Service, pipeline, run as admin, execution policy awareness.
  • Bash: shebang, variables, loops, exit codes.
  • Python: venv, pip, simple file/OS scripts. Know when to schedule with Task Scheduler or cron/systemd timers.

What is the best way to study for PBQs?

  • Practice workflows (permissions, malware steps, backup/restore).
  • Rehearse where settings live (Windows tools; macOS/Linux locations).
  • Build mini-labs: create a test folder tree with varying NTFS/Share rights; simulate a malware cleanup; walk through Safe Mode → WinRE → Reset decisions.

Can I bring notes? What about calculators or scratch paper?

Assume no external materials unless the testing provider explicitly allows them. On-screen tools and whatever the proctor provides are fair game. Always follow proctor instructions.

What are common Core 2 weak spots—and how do I fix them?

  • Malware order: Write it on a sticky (for study) until automatic; drill scenario questions.
  • Share vs NTFS: Build a local lab, change one permission at a time, test with a second user.
  • Updates vs drivers: Know where to roll back and when to prefer vendor drivers.
  • Logs: Practice finding actionable errors (time, source, event ID); correlate with symptoms.
  • Reset vs Restore vs Rollback: Learn triggers for each option.

macOS: FileVault vs Time Machine—what’s the quick story?

  • FileVault: full-disk encryption; protect data at rest; keep recovery key safe.
  • Time Machine: versioned backups; external drive or network target; restore files or entire system.

Linux: which commands matter most for Core 2?

  • Networking: ip a, ip r, ping, dig.
  • Packages: apt, dnf/yum.
  • Services: systemctl status|start|stop.
  • Permissions: chmod, chown, sudo.
  • Logs: journalctl -xe; check unit-specific logs.

What does Core 2 expect for mobile and MDM?

  • Enrollment basics; passcode policy, remote lock/wipe, Wi-Fi/VPN profiles, app allow/deny.
  • iOS: profiles via MDM, iCloud, Keychain, FileVault on mac side (awareness).
  • Android: Google account, Work Profile, per-app permissions, biometrics.

Backups: which approach is most “CompTIA-correct”?

  • 3-2-1 mindset (three copies, two media, one off-site).
  • OS-native tools first (Time Machine; Windows File History / full-image solutions).
  • Test restore paths; verify schedules; encrypt backups containing sensitive data.

What’s the difference between policies, standards, and procedures (Ops section)?

  • Policy: high-level rule (e.g., “all laptops must be encrypted”).
  • Standard: specific requirement to meet the policy (e.g., BitLocker with TPM+PIN).
  • Procedure: step-by-step instructions to implement standards (how to enable BitLocker). Core 2 expects you to recognize and apply the right layer in scenarios.

How do I structure my troubleshooting answers?

Use the classic six:

  1. Identify (gather, duplicate, ask what changed).
  2. Establish a theory of probable cause.
  3. Test the theory to confirm root cause.
  4. Plan and implement the fix.
  5. Verify full functionality; implement prevention (patch, doc, training).
  6. Document findings, actions, outcomes.

Choose least privilege, secure defaults, and reversible steps when options compete.

Any exam-day pacing advice beyond “skip PBQs”?

  • First pass fast (≈ 60–70 seconds per item); flag long stems/PBQs.
  • If a stem is long, skim the final question first to aim your reading.
  • Eliminate choices that violate policy, least privilege, or safety.
  • Keep a 5–10 minute buffer for flagged items and PBQs.

What if I forget a command’s exact syntax?

Know what tool to reach for and where it lives. You aren’t expected to memorize obscure flags—focus on purpose and order of operations (e.g., DISM before/after sfc, then Restore/Reset if needed).

How long should I study—and how do I structure it?

From light experience: 3–4 weeks. From near-zero: 5–6 weeks with labs. Suggested cadence:

  • Mon–Fri: 45–60 minutes reading + 20–25 mixed questions.
  • Sat: PBQ lab (permissions, malware, recovery).
  • Sun: Light review + 25–30 question set; log misses → 2-bullet rules of thumb.

How should I review my practice sets?

  • Flag and revisit in one pass; study why each wrong answer is wrong.
  • Convert recurring misses into 2-bullet rules (“Share vs NTFS intersection”, “Malware: quarantine early”).
  • Re-test the same topic within 24 hours (spaced repetition).

What about retakes and CE renewal?

Policies evolve; always check the official site for current rules. A+ typically renews via CEUs or re-examination. Earning higher-level certs (e.g., Network+, Security+) can also provide CE credit.

After Core 2, what’s a smart next step?

Pick a role-aligned track:

  • Support/Field Tech → Network+
  • Security-minded → Security+
  • Sysadmin/DevOps path → Linux+ / Server+ Keep practicing real workflows and documenting fixes—those habits carry into interviews and day-one roles.

Quick readiness checklist

  • I can run and interpret Event Viewer, Device Manager, Services, Disk Management.
  • I can execute sfc/DISM and explain when to use System Restore vs Reset.
  • I can compute effective permissions for a user on a network share.
  • I can list the malware response order and justify each step.
  • I know basic macOS/Linux tools and where to find logs.
  • I follow a six-step troubleshooting and change/incident process.

Quiz

Loading quiz…
Cheat Sheet