220-1202 cheat sheet

A one-page reference for the CompTIA A+ Core 2 exam: the format, how the domains are weighted, and the glossary terms for this exam.

Exam at a glance

Vendor
CompTIA
Level
Entry
Questions
90
Time
90 min
Mock pass mark
78%
Domains
4
Practice Qs
150
Code
220-1202

Domain weightings

How much of the exam each domain covers. Spend your study time in proportion — the heavier the domain, the more questions you'll see.

Key terms

NTFS
NTFS (New Technology File System) is the default file system for modern Windows, supporting file-level permissions, encryption, compression, and journaling. A+ Core 2 covers NTFS alongside FAT32, exFAT, and NTFS vs share permissions.
Share Permissions
Share permissions control access to a folder over the network, and A+ Core 2 requires understanding how they combine with NTFS permissions. When both apply, the most restrictive effective permission wins.
BitLocker
BitLocker is the Windows full-disk encryption feature that protects data if a device is lost or stolen, often using the TPM. A+ Core 2 covers BitLocker and BitLocker To Go as workstation security measures.
User Account Control
User Account Control (UAC) is a Windows security feature that prompts for consent or credentials before allowing changes that require administrative privileges. A+ Core 2 covers UAC as part of securing a Windows workstation.
Malware
Malware is malicious software such as viruses, ransomware, trojans, rootkits, spyware, and keyloggers. A+ Core 2 covers recognizing malware symptoms, removing it with the CompTIA seven-step process, and preventing reinfection.
Malware Removal Process
The malware removal process is CompTIA's seven-step best practice: identify and research symptoms, quarantine the system, disable System Restore, remediate, schedule scans and updates, re-enable System Restore, and educate the user. A+ Core 2 expects the steps in order.
Social Engineering
Social engineering is a category of attack that manipulates people into revealing information or granting access, including phishing, tailgating, shoulder surfing, and impersonation. A+ Core 2 covers recognizing and preventing these attacks.
Multi-factor Authentication
Multi-factor authentication (MFA) is a security control that requires two or more independent factors — something you know, have, or are — to verify identity. A+ Core 2 covers MFA as a logical security measure for workstations and accounts.
Principle of Least Privilege
The principle of least privilege is the practice of granting users and processes only the access they need to do their job. A+ Core 2 covers it through account management, user/group permissions, and disabling unnecessary accounts.
Group Policy
Group Policy is a Windows management feature that centrally enforces configuration and security settings across users and computers in a domain. A+ Core 2 covers using Group Policy and local security policy to secure Windows workstations.
Change Management
Change management is the operational practice of reviewing, approving, documenting, and communicating changes to reduce risk and downtime. A+ Core 2 covers change-management best practices as part of operational procedures.
Backup
A backup is a copy of data kept so it can be restored after loss, corruption, or ransomware. A+ Core 2 covers backup methods (full, incremental, differential, synthetic), the 3-2-1 rule, and testing restores.
Incident Response
Incident response is the documented process for identifying, containing, and recovering from a security incident while preserving evidence and following the chain of custody. A+ Core 2 covers it alongside handling regulated data such as PII and PCI.