220-1202 — CompTIA A+ Core 2 Quick Reference
Compact exam-prep reference for CompTIA A+ Core 2 (220-1202): operating systems, security, troubleshooting, and operational procedures.
This independent Quick Reference is for candidates preparing for the CompTIA A+ Core 2 (220-1202) exam. Use it to review high-yield operating system, security, troubleshooting, and operational procedure decisions quickly.
Core 2 Exam Focus Map
| Area | Be ready to do | Common exam trap |
|---|---|---|
| Operating systems | Choose installation methods, Windows tools, command-line utilities, recovery options, and OS features | Confusing Settings, Control Panel, MMC snap-ins, and command-line repair tools |
| Security | Apply least privilege, authentication, malware removal, device hardening, wireless security, and data handling | Treating encryption, MFA, antivirus, or backups as complete security by themselves |
| Software troubleshooting | Diagnose OS, application, browser, update, mobile, and network symptoms | Jumping to reinstall before checking logs, updates, services, permissions, and recent changes |
| Operational procedures | Follow safety, documentation, change management, professionalism, backup, and incident handling practices | Skipping documentation, user communication, or verification after a fix |
Operating Systems Quick Reference
Installation and Deployment Choices
| Scenario | Choose | Why |
|---|---|---|
| New device or unrecoverable OS | Clean installation | Removes previous OS state; requires data backup and app reinstall |
| Preserve apps, files, and settings when supported | In-place upgrade | Faster migration path, but carries over some misconfigurations |
| Many identical systems | Image deployment | Consistent baseline; often paired with unattended setup and post-deployment updates |
| Boot over network for imaging/install | PXE/network boot | Useful for enterprise deployment; requires network support |
| Need to reinstall while keeping user files | Reset/refresh/recovery option | Faster than manual rebuild; still verify backup first |
| Test multiple OS versions | Dual boot/multiboot | Separate OS environments; bootloader and partition planning matter |
| Automated install | Unattended installation | Uses answer/config files to reduce technician interaction |
| Repair boot or system files | Recovery environment/repair install | Use before destructive reinstall when user data matters |
Windows Edition and Feature Selection
Feature availability can vary by Windows release and edition. For exam decisions, focus on the feature category.
| Need | Typical edition direction | Notes |
|---|---|---|
| Basic home use | Home-class edition | Limited business management features |
| Domain join, Group Policy, business management | Pro/Business-class edition | Common small business choice |
| Enterprise policy control, advanced security, large-scale management | Enterprise/Education-class edition | Usually centrally managed |
| BitLocker management | Business-class editions | Device encryption may exist separately; know BitLocker is the full management feature |
| Remote Desktop host | Business-class editions | Remote Desktop client is broader than host support |
| Hypervisor features | Business-class editions | Also requires hardware virtualization support |
| Local users/groups management | Business-class editions | Home systems may use simplified account management |
File Systems, Partitioning, and Boot Modes
| Item | Best use | Exam notes |
|---|---|---|
| NTFS | Windows internal drives | Supports permissions, encryption features, compression, large files |
| FAT32 | Broad compatibility, removable media | Limited compared with modern file systems; not ideal for large files |
| exFAT | Large removable media across OSs | Good for USB drives shared across Windows/macOS |
| APFS | Modern macOS storage | Used by current macOS systems |
| ext4 | Common Linux storage | Standard Linux file system choice |
| GPT | Modern disks, UEFI systems | Preferred for modern Windows deployments |
| MBR | Legacy boot environments | Legacy compatibility; avoid unless required |
| UEFI | Modern firmware | Supports Secure Boot and modern boot workflows |
| BIOS/legacy | Older firmware | May be required for older OS or hardware |
| Secure Boot | Prevent unsigned bootloaders | Can block some recovery media or alternate OS installs |
| TPM | Hardware-backed security | Used by features such as device encryption and measured boot |
Windows System Locations and Variables
| Path or variable | Purpose | Trap |
|---|---|---|
C:\Windows | Windows OS files | Do not casually edit or delete |
C:\Windows\System32 | Core system binaries | On 64-bit Windows, System32 contains 64-bit binaries |
C:\Windows\SysWOW64 | 32-bit compatibility binaries | Name is counterintuitive |
C:\Program Files | 64-bit application install path | App architecture matters |
C:\Program Files (x86) | 32-bit application install path | Seen on 64-bit Windows |
C:\Users\username | User profile | Includes Desktop, Documents, AppData |
%USERPROFILE% | Current user profile variable | Useful in scripts and paths |
%TEMP% | Temporary files | Can be cleared carefully during troubleshooting |
%APPDATA% | Roaming app data | User-specific application settings |
%LOCALAPPDATA% | Local app data | Not intended to roam between devices |
Windows Tools and Where to Use Them
| Tool | Use when | High-yield notes |
|---|---|---|
| Settings app | Modern Windows configuration | First stop for user-facing configuration |
| Control Panel | Legacy/admin settings | Still appears in exam scenarios |
| Device Manager | Driver/device state | Disable, update, roll back, uninstall devices |
| Disk Management | Partitions, volumes, drive letters | Not for deep file repair; use chkdsk for file system checks |
| Services | Start/stop/configure services | Startup type can be Automatic, Manual, Disabled |
| Task Manager | Processes, startup apps, performance snapshot | Quick triage for high CPU/RAM/disk |
| Resource Monitor | More detailed resource usage | Useful for disk/network/process correlation |
| Performance Monitor | Counters and long-term performance tracking | More detailed than Task Manager |
| Event Viewer | Logs for system, security, application events | Check timestamps around the reported issue |
| Task Scheduler | Scheduled jobs and triggers | Malware and admin scripts may persist here |
| System Configuration | Boot and startup troubleshooting | Safe boot and service isolation scenarios |
| Registry Editor | Low-level configuration database | Back up before edits; wrong edits can break Windows |
| Local Users and Groups | Local account/group management | Not the same as domain account management |
| Local Security Policy | Password, audit, and local security settings | Local-only unless overridden by domain policy |
| Group Policy Editor | Policy settings | Domain Group Policy usually overrides local policy |
| Windows Defender Firewall | Host firewall rules | Check profile: domain, private, public |
| Windows Security | Antivirus, threat protection, device security | Central security dashboard |
| BitLocker management | Full-volume encryption | Protects data at rest, not data after login |
| Windows Update | OS and driver updates | Failed updates often need logs, disk space, services |
| System Restore | Roll back system state | Does not replace user data backup |
| Backup/File History | User file recovery | Verify restore capability, not just backup existence |
| Recovery Environment | Startup repair, reset, restore, command prompt | Use for boot failures and offline repairs |
Command-Line Reference
Windows Commands
| Command | Primary use | Example exam clue |
|---|---|---|
ipconfig | Show IP configuration | Verify address, gateway, DNS |
ipconfig /all | Detailed network configuration | MAC address, DHCP, DNS servers |
ipconfig /release and ipconfig /renew | Renew DHCP lease | APIPA or stale DHCP lease |
ipconfig /flushdns | Clear DNS resolver cache | Website resolves incorrectly on one PC |
ping | Basic connectivity test | Test loopback, gateway, remote host |
tracert | Trace network path | Determine where routing fails |
nslookup | DNS query testing | Confirm name resolution |
netstat | Show network connections | Suspicious connections or listening ports |
net use | Map network shares | Drive mapping/login script issues |
net user | Manage local users | Local account reset or review |
gpupdate | Refresh Group Policy | Policy change not applied yet |
gpresult /r | Show applied policies | Confirm user/computer policy scope |
chkdsk | Check file system/disk errors | File corruption or improper shutdown |
sfc /scannow | Verify/repair protected system files | Missing/corrupt Windows files |
DISM /Online /Cleanup-Image /RestoreHealth | Repair Windows component store | Use when SFC cannot repair everything |
diskpart | Advanced disk/partition management | Powerful; wrong disk selection is destructive |
robocopy | Robust file copy | Preserve directory structures and retry copies |
tasklist | List running processes | Command-line process review |
taskkill | End a process | Hung application or script |
shutdown | Restart/shut down from CLI | Remote or scripted shutdown scenarios |
bootrec | Boot repair in recovery environment | MBR/BCD repair scenarios |
bcdboot | Rebuild boot files | UEFI/GPT boot repair scenarios |
Linux and macOS Commands
| Command | Primary use | Notes |
|---|---|---|
ls | List files | Use options for details/hidden files |
cd | Change directory | Know absolute vs relative paths |
pwd | Print working directory | Confirms current path |
cp | Copy files | Recursive copy needed for directories |
mv | Move/rename | Can overwrite if careless |
rm | Remove files | Recursive/force options are dangerous |
mkdir | Create directories | Common scripting command |
cat | Display file contents | Good for short text files |
less | View longer text files | Safer than editing |
grep | Search text | Common log and config search tool |
find | Locate files | Searches by name, type, time, size |
chmod | Change permissions | Numeric modes such as 755 are common |
chown | Change ownership | Requires elevated privileges |
ps | Show processes | Pair with grep for process search |
kill | Send signal to process | Use process ID |
sudo | Run command with elevated privileges | Prefer over logging in directly as root |
su | Switch user | Often used to become root where allowed |
df | File system free space | Use for full disk symptoms |
du | Directory space usage | Find large folders |
ifconfig or ip | Network interface info | ip is common on modern Linux |
ping | Connectivity test | Same concept as Windows |
traceroute | Path trace | Equivalent concept to tracert |
dig or nslookup | DNS testing | dig is common on Linux/macOS |
man | Manual pages | Built-in command reference |
apt, dnf, yum | Package management | Distribution-specific |
passwd | Change password | Local account password command |
Security Quick Reference
Security Principles
| Concept | Meaning | Exam decision point |
|---|---|---|
| CIA triad | Confidentiality, integrity, availability | Identify which goal a control protects |
| Least privilege | Give only required access | Prefer standard user over administrator |
| Defense in depth | Multiple layered controls | No single control is enough |
| Zero trust | Verify explicitly; assume no implicit trust | Strong identity, device posture, and least privilege |
| AAA | Authentication, authorization, accounting | Login, permissions, and logging are separate |
| Non-repudiation | Proof that an action occurred | Logs, signatures, and audit trails |
| Separation of duties | Split sensitive tasks | Reduces fraud and mistakes |
| Need to know | Access only to required data | Often paired with least privilege |
Authentication and Account Controls
| Control | Use for | Trap |
|---|---|---|
| Password | Basic knowledge factor | Complexity alone does not stop reuse or phishing |
| PIN | Device-bound quick sign-in | Not the same as a reusable password |
| Biometrics | Inherence factor | Usually paired with device security |
| Smart card/security key | Possession factor | Stronger than password-only login |
| MFA | Uses two or more factor types | Two passwords are not true MFA |
| SSO | One identity for many apps | Convenient but high-impact if compromised |
| Password manager | Unique complex passwords | Protect the vault with MFA |
| Account lockout | Slows brute force attacks | Can cause denial-of-service if too aggressive |
| UAC | Prompts for elevation | Does not replace NTFS permissions |
| Local account | Stored on one device | Not centrally managed |
| Domain account | Managed by directory service | Central policy and access control |
| Cloud identity | Used for SaaS/cloud services | Check sync, MFA, and conditional access symptoms |
Permission and Sharing Rules
| Item | What to remember |
|---|---|
| NTFS permissions | Apply locally and over network; support inheritance |
| Share permissions | Apply only over network share access |
| Effective permissions | Combination of user, group, inherited, explicit, share, and NTFS controls |
| Most restrictive result | When share and NTFS both apply, the more restrictive effective access wins |
| Explicit Deny | Usually overrides Allow; use sparingly |
| Inheritance | Child objects inherit parent permissions unless inheritance is changed |
| Ownership | Owner can usually change permissions; taking ownership is a major admin action |
| Move vs copy | Permissions may be retained or inherited depending on volume and operation |
| Groups | Assign permissions to groups, not individual users, when possible |
Wireless and Network Security Choices
| Need | Choose | Avoid |
|---|---|---|
| Secure Wi-Fi | WPA2/WPA3 with strong passphrase or enterprise auth | WEP, weak PSK, shared passwords |
| Guest access | Guest network/VLAN isolation | Putting guests on internal LAN |
| Easier device onboarding | QR code or managed provisioning | WPS if security is a concern |
| Remote administration | VPN or secure management path | Open RDP/SSH to the internet |
| Secure web access | HTTPS | HTTP for sensitive logins |
| Secure shell access | SSH | Telnet |
| Secure file transfer | SFTP/FTPS/HTTPS | Plain FTP |
| Internal name resolution issue | DNS troubleshooting | Assuming internet outage first |
| Suspected rogue wireless | Check SSIDs, BSSIDs, placement, logs | Trusting SSID name alone |
Common Ports and Secure Alternatives
| Service | Common port | Security note |
|---|---|---|
| SSH | 22 | Secure remote CLI |
| DNS | 53 | Required for name resolution; can be abused |
| HTTP | 80 | Not encrypted |
| HTTPS | 443 | Encrypted web traffic |
| SMB | 445 | Windows file sharing; restrict exposure |
| RDP | 3389 | Protect with VPN/MFA/strong policy |
| SMTP | 25, 587 | Mail sending; 587 commonly used for authenticated submission |
| POP3 | 110, 995 | 995 is encrypted POP3 |
| IMAP | 143, 993 | 993 is encrypted IMAP |
| LDAP | 389, 636 | 636 is LDAPS |
| Kerberos | 88 | Common domain authentication protocol |
Malware, Social Engineering, and Hardening
Malware and Attack Types
| Threat | Key clue | Response focus |
|---|---|---|
| Virus | Attaches to files/programs | Scan, remove, restore clean files |
| Worm | Self-propagates over network | Isolate and patch vulnerable systems |
| Trojan | Disguised as legitimate software | Remove payload and source app |
| Ransomware | Encrypts files and demands payment | Isolate, preserve evidence, restore from clean backup |
| Spyware | Tracks activity | Remove, review browser/app permissions |
| Keylogger | Captures keystrokes | Remove and reset credentials from clean device |
| Rootkit | Hides deeply in OS | Offline scan or rebuild may be required |
| Cryptominer | High CPU/GPU use, unknown process | Remove malware and patch entry point |
| Phishing | Fraudulent message/link | Verify sender and report |
| Spear phishing | Targeted phishing | Higher credibility; verify out of band |
| Smishing | SMS phishing | Do not use message links |
| Vishing | Voice phishing | Verify caller identity independently |
| Shoulder surfing | Observing screen/keyboard | Privacy filters and awareness |
| Tailgating | Following into secure area | Badge enforcement |
| Dumpster diving | Searching discarded data | Shred and sanitize |
| Evil twin | Fake Wi-Fi AP | Verify network identity, use VPN where appropriate |
| Rogue AP | Unauthorized AP on network | Locate, disconnect, investigate |
Malware Removal Workflow
| Step | Action | Exam note |
|---|---|---|
| 1 | Identify and research symptoms | Pop-ups, redirects, slow system, unknown processes, disabled security |
| 2 | Quarantine infected system | Disconnect network to prevent spread or data loss |
| 3 | Disable restore points if used | Prevent restoring infected state; re-enable after cleanup |
| 4 | Remediate | Update anti-malware, scan, remove, or rebuild if needed |
| 5 | Schedule scans and run updates | Patch OS, apps, browsers, plugins |
| 6 | Re-enable restore and create clean point | Only after system is verified clean |
| 7 | Educate user | Explain cause, prevention, and reporting path |
| 8 | Document | Record symptoms, actions, tools, and outcome |
Endpoint Hardening Checklist
- Use standard user accounts for daily work.
- Apply OS, browser, firmware, and application updates.
- Enable host firewall and endpoint protection.
- Remove unnecessary software, services, browser extensions, and startup items.
- Use full-disk encryption on portable devices.
- Enforce screen lock and strong authentication.
- Disable autorun/autoplay where appropriate.
- Restrict local administrator membership.
- Back up important data and test restores.
- Log security events and review alerts.
Software Troubleshooting Reference
CompTIA Troubleshooting Method
| Step | Action | What not to skip |
|---|---|---|
| 1 | Identify the problem | Question user, identify changes, back up data if needed |
| 2 | Establish a theory of probable cause | Start with simple/common causes |
| 3 | Test the theory | If theory fails, establish a new one or escalate |
| 4 | Establish and implement a plan of action | Consider business impact |
| 5 | Verify full functionality and implement preventive measures | Confirm with the user when appropriate |
| 6 | Document findings, actions, and outcomes | Required for repeatability and support history |
Windows Software Symptoms
| Symptom | Likely checks | Possible fix |
|---|---|---|
| Slow performance | Task Manager, startup apps, disk space, malware, updates | Disable unnecessary startup items, remove malware, free space, upgrade resources |
| App crashes | Event Viewer, app updates, compatibility, permissions | Repair/reinstall app, update dependencies, run compatibility mode |
| Missing DLL or dependency | App install state, runtime packages | Repair app or reinstall required runtime |
| Blue screen/restart loop | Drivers, hardware changes, updates, Event Viewer | Safe Mode, roll back driver, uninstall update, system restore |
| Service will not start | Services console, dependencies, account permissions | Correct startup type, credentials, dependency service |
| Windows update failure | Disk space, services, network, logs | Free space, restart update services, run troubleshooter, repair components |
| User cannot access file | NTFS/share permissions, ownership, encryption | Correct group membership or permissions |
| Profile issue | Local profile corruption, sync errors | Recreate profile after data backup |
| Certificate warning | Date/time, hostname mismatch, untrusted cert | Correct clock, verify site, install trusted certificate only when appropriate |
| Browser redirects/pop-ups | Extensions, proxy settings, malware | Remove extensions, reset browser, scan system |
| Cannot install software | Admin rights, OS compatibility, installer integrity | Use admin approval, correct version, trusted source |
| App blocked | Security policy, SmartScreen, allowlist | Verify trust, then adjust policy if authorized |
| File association wrong | Default apps, registry/app install | Reset default app association |
| Drive full | Disk Cleanup, temp files, large profiles | Remove temp files, archive data, expand storage |
| No network after update | Driver, IP settings, VPN, firewall | Roll back driver, renew IP, check firewall/VPN |
Boot and Recovery Decision Table
| Problem | First options | Escalation |
|---|---|---|
| Windows fails after driver update | Safe Mode, roll back driver | System Restore or uninstall update |
| Boot files damaged | Startup Repair | bootrec, bcdboot, or rebuild |
| Corrupt system files | SFC | DISM, then rerun SFC |
| OS unstable after recent change | System Restore | Reset/reinstall if unresolved |
| User data at risk | Boot to recovery media and back up | Remove drive or use external tools if authorized |
| macOS disk issue | Recovery, Disk Utility First Aid | Restore from Time Machine or reinstall macOS |
| Linux boot/config issue | Recovery/single-user mode, logs | Repair bootloader or restore config backup |
Browser and SaaS Troubleshooting
| Symptom | Check |
|---|---|
| Works in one browser, not another | Cache, cookies, extensions, browser version |
| Login loop | Cookies blocked, SSO issue, time skew, MFA challenge |
| Access denied | Account status, license/entitlement, group membership, conditional access |
| Slow web app | Browser cache, network latency, DNS, service status |
| Certificate error | System time, hostname, trust chain, inspection proxy |
| Pop-ups/toolbars | Extensions, notifications, malware |
| Sync not working | Account sign-in, storage quota, network, service health |
| MFA prompt repeatedly fails | Clock sync, registered device, push fatigue, phone change |
Mobile OS and Application Security
| Need or symptom | Check or choose |
|---|---|
| Lost or stolen phone | Remote lock/wipe, account password reset, revoke sessions |
| BYOD management | MDM/MAM policy, containerization, minimum OS version |
| Excessive permissions | Review app permissions and privacy settings |
| Battery drain | Background apps, location services, push sync, malware |
| App crashes | Update app/OS, clear cache, reinstall app |
| No email sync | Credentials, MFA/app password policy, server settings, network |
| Untrusted app source | Avoid sideloading unless explicitly authorized |
| Public Wi-Fi use | VPN, HTTPS, avoid sensitive work if untrusted |
| Device resale/disposal | Back up, sign out, factory reset, remove from account/MDM |
| Screen lock | PIN/passcode/biometric with auto-lock |
Backup, Recovery, and Data Handling
Backup Types
| Type | Captures | Restore characteristic |
|---|---|---|
| Full | All selected data | Simplest restore; more storage/time |
| Incremental | Changes since last backup of any type | Efficient backup; restore needs chain |
| Differential | Changes since last full backup | Larger over time; restore needs full plus latest differential |
| Image | Entire system/volume state | Useful for bare-metal recovery |
| File-level | Selected files/folders | Good for user data |
| Snapshot | Point-in-time state | Fast rollback; not always a separate backup |
| Cloud backup | Offsite copy | Depends on bandwidth, account, provider availability |
| Offline backup | Disconnected copy | Helps against ransomware |
Recovery Terms
| Term | Meaning | Exam use |
|---|---|---|
| RPO | Maximum acceptable data loss | Determines backup frequency |
| RTO | Maximum acceptable downtime | Determines recovery method and urgency |
| Versioning | Multiple historical copies | Helps recover from accidental overwrite |
| Retention | How long backups are kept | Balance recovery needs and storage policy |
| Test restore | Proves backup is usable | Backup is not complete until restore is verified |
| 3-2-1 strategy | Multiple copies, media types, and offsite copy | Best-practice concept, not a substitute for policy |
Data Destruction and Disposal
| Media/data | Appropriate action | Notes |
|---|---|---|
| Paper records | Shred or use approved destruction bin | Protects printed sensitive data |
| Hard drives | Wipe, degauss where appropriate, or destroy | Degaussing does not apply to all media types |
| SSDs/flash | Secure erase or physical destruction | Wear leveling makes simple overwrite less reliable |
| Optical media | Shred/crush | Do not just throw away |
| Mobile devices | Factory reset, remove accounts, wipe via MDM | Verify encryption and account removal |
| Toner/printer parts | Recycle per policy | Avoid spills and environmental mishandling |
| Batteries | Recycle properly | Do not puncture or discard casually |
Operational Procedures
Change Management
| Phase | Technician responsibility |
|---|---|
| Request | Define what is changing and why |
| Impact analysis | Identify affected users, systems, risks, and rollback needs |
| Approval | Get authorization before production changes |
| Communication | Notify stakeholders of timing and impact |
| Implementation | Follow documented steps |
| Rollback | Restore previous state if change fails |
| Validation | Test system and user functionality |
| Documentation | Record final state, issues, and lessons learned |
Documentation and Ticketing
| Record | Include |
|---|---|
| Ticket | User, asset, symptoms, priority, contact method |
| Troubleshooting notes | Tests, results, error messages, timestamps |
| Change record | Scope, approval, schedule, rollback plan |
| Asset record | Serial/tag, owner, location, warranty/support status |
| Knowledge base article | Symptoms, cause, resolution, prevention |
| Incident record | Timeline, affected data/systems, containment, escalation |
Safety and Environmental Practices
| Situation | Correct response |
|---|---|
| Working inside PC | Power off, unplug when appropriate, use ESD protection |
| ESD-sensitive components | Use antistatic strap/mat, handle by edges |
| Heavy equipment | Use proper lifting or get assistance |
| Liquid spill | Disconnect power safely, follow site procedure |
| Battery swelling | Stop use, isolate safely, follow disposal process |
| Laser printer service | Be careful around fuser heat and toner |
| Chemical exposure | Refer to safety data sheet and PPE guidance |
| Fire | Use correct extinguisher type and evacuate if unsafe |
| Cable hazards | Route and secure cables to prevent trips |
| E-waste | Recycle through approved process |
Professional Communication
| Scenario | Best practice |
|---|---|
| Upset user | Listen, acknowledge, avoid blame |
| Nontechnical user | Use plain language, avoid jargon |
| Need downtime | Explain impact and expected duration |
| Unauthorized request | Follow policy; do not bypass controls |
| Privacy-sensitive data visible | Minimize exposure and do not discuss unnecessarily |
| Escalation needed | Provide concise summary and evidence |
| Work completed | Verify with user and document outcome |
| Mistake made | Report promptly and follow remediation process |
Scripting and Automation Basics
| Concept | Know |
|---|---|
| Script types | Batch, PowerShell, Bash, Python, JavaScript |
| Variable | Stores reusable value |
| Conditional | Runs logic based on true/false test |
| Loop | Repeats actions |
| Function | Reusable block of code |
| Comment | Explains code; ignored by interpreter |
| Input validation | Prevents bad or unsafe input |
| Error handling | Responds to failures predictably |
| Exit code | Indicates success/failure to calling process |
| Scheduling | Use Task Scheduler, cron, or management platform |
| Security | Do not run unknown scripts; review source and permissions |
| Least privilege | Run automation with only required rights |
| Testing | Test in nonproduction or limited scope first |
Script Decision Points
| Task | Good script candidate? | Why |
|---|---|---|
| Rename many files | Yes | Repetitive and rule-based |
| Collect logs from many devices | Yes | Consistent output and time savings |
| One-time uncertain repair | Maybe | Manual verification may be safer |
| Delete files across profiles | High risk | Requires backup, testing, and narrow scope |
| Change security settings | High risk | Requires approval and rollback plan |
| Install approved app on many PCs | Yes | Use management tools and logging |
High-Yield Traps to Review
| Trap | Correct distinction |
|---|---|
| Encryption equals backup | Encryption protects confidentiality; backup protects recovery |
| RAID equals backup | RAID improves availability; it does not replace backups |
| Admin account for daily work | Use standard user; elevate only when needed |
| Share permission only | NTFS permissions also apply to network access |
| Explicit Deny everywhere | Deny can override Allow and cause difficult troubleshooting |
| SSID hiding is strong security | It is not a substitute for WPA2/WPA3 and strong authentication |
| MAC filtering is strong security | MAC addresses can be spoofed |
| Antivirus alone stops all malware | Layer controls: patching, least privilege, filtering, backups, training |
| Reinstall first | Preserve data and diagnose before destructive action |
| Clear logs to fix issue | Logs are evidence; preserve relevant records |
| SFC and DISM are identical | SFC checks protected system files; DISM repairs component store |
| UAC is permission management | UAC controls elevation prompts; permissions still matter |
| Public vs private firewall profile | Public is more restrictive; wrong profile can block services |
| Local policy vs domain policy | Domain policy can override local settings |
| System Restore is user backup | It rolls back system state, not a full user data backup |
| Safe Mode fixes issue permanently | It isolates causes; still remediate root cause |
Last-Week Review Checklist
- Match Windows tools to symptoms without guessing.
- Practice command purposes, especially network, boot, disk, and system repair commands.
- Review NTFS/share permission interactions and Deny behavior.
- Memorize malware removal order and why quarantine comes early.
- Compare backup types and recovery use cases.
- Review Wi-Fi, browser, MFA, account, and SaaS access troubleshooting.
- Practice deciding when to repair, restore, reset, reimage, or escalate.
- Review change management, documentation, safety, and user communication scenarios.
- For performance-based questions, read the task carefully before changing settings.
Next Step
Use this Quick Reference to target weak areas, then move into timed 220-1202 practice questions and hands-on labs that require choosing the correct tool, command, security control, or troubleshooting step.