CompTIA 220-1202 security guide covering permissions, hardening, malware, wireless, and browser protection decisions.
Core 2 security questions reward the answer that keeps protection on, fixes the right access boundary, and follows the malware or hardening workflow in the right order.
| The prompt is usually checking whether you can… | Without making this common miss |
|---|---|
| preserve least privilege | granting broad admin rights because it feels faster |
| keep identity and access layers distinct | blending local rights, domain identity, share permissions, and NTFS |
| follow workstation malware-remediation order | improvising cleanup steps or skipping post-cleanup actions |
| choose the safest protection mechanism | disabling controls before checking policy, exceptions, or recovery paths |
| Topic | What strong answers usually do |
|---|---|
| account models | distinguish local, Microsoft, and domain identity cleanly |
| access control | separate share, NTFS, inheritance, ownership, and UAC elevation |
| endpoint protection | keep Defender, firewall profiles, and update discipline active unless the scenario explicitly frames a controlled exception |
| disk and data protection | understand BitLocker purpose, recovery-key retrieval, and why it is not the same as a password-reset issue |
| malware workflow | use the CompTIA-preferred endpoint sequence instead of jumping directly to reimage |
Start with 2.1 Permissions & Malware. It covers the access-control and remediation patterns that Core 2 hides inside many scenario questions.
Then continue with 2.2 Secure Practices for the router, browser, mobile, and disposal decisions that often show up as traps.
Then use 2.3 Auth & Social Engineering when the exam is really asking you to classify a control, attack type, or vulnerability state correctly.
Finally use 2.4 Windows Security Controls for the sign-in, encryption, Defender, firewall, and browser-setting questions that still punish sloppy boundaries.
| If the question says… | Strongest first reading |
|---|---|
user gets Access denied over the network |
share plus NTFS plus identity path |
| install or config task fails for one user | least privilege, scoped elevation, or approved deployment path |
| device shows fake AV, redirects, or suspicious persistence | malware workflow and persistence cleanup |
| BitLocker recovery prompt appears after hardware or firmware change | recovery key and trusted-unlock path, not account-password recovery |
| someone suggests turning off UAC, Defender, or firewall | usually a trap unless the prompt explicitly allows temporary controlled testing |
| Trap | Better reading |
|---|---|
| “just make them local admin” | fix the actual permission or elevation boundary |
| “disable protection to see if it works” | verify policy, exception, identity, or app behavior first |
| mixing share and NTFS | network file access uses both |
| treating BitLocker like sign-in security | it protects disk access, not ordinary account authentication |
| stopping after malware cleanup | verify, restore protection posture, create restore point, and educate the user |