Study CompTIA 220-1202 Authentication and Social Engineering: key concepts, common traps, and exam decision cues.
Core 2 security also tests whether you can recognize a control family quickly: physical control, logical control, authentication method, social-engineering tactic, or vulnerability condition. Many missed questions happen because these categories blur together.
MFA: Multifactor authentication, using more than one factor category to strengthen sign-in security.
Social engineering: Manipulating people into bypassing security controls or revealing information.
The exam usually wants you to:
| Control clue | Strongest first reading |
|---|---|
| badge reader, vestibule, fence, guards, locks | physical security |
| ACLs, least privilege, MFA, SSO, PAM, IAM, DLP | logical or identity security |
| smart card, key fob, biometrics, mobile digital key | physical-access security with identity function |
| lighting, cameras, motion sensors | deterrence, monitoring, and physical access support |
| If the prompt says… | Better first reading |
|---|---|
| one sign-in for multiple systems | SSO |
| assertion-based enterprise sign-in | SAML-style identity exchange |
| privileged temporary access | just-in-time or PAM style access model |
| multiple proof types | MFA |
| centralized identity and directory path | IAM or directory services |
| Attack pattern | Strongest first reading |
|---|---|
| email lure | phishing |
| voice call pretending to be trusted support | vishing |
| text-message lure | smishing |
| fake QR code path | QR-based phishing |
| highly targeted executive or role-focused lure | spear phishing or whaling depending on target |
| follow someone through a secure door | tailgating |
| pretending to be staff or vendor | impersonation |
| If the question is really about… | Strongest first reading |
|---|---|
| attacker technique or abuse path | threat |
| missing patch, unsupported system, or missing security tool | vulnerability |
| specific human manipulation trick | social engineering |
| control used to reduce risk | mitigation or security measure |
| Trap | Better reading |
|---|---|
| picking the biggest-sounding control | choose the control family that actually fits the scenario |
| confusing MFA method examples with factor categories | the factor logic matters more than brand or delivery method |
| calling every scam message “phishing” without reading the medium | CompTIA often wants the more precise vishing, smishing, or QR variation |
| treating unpatched and EOL as attack types | they are vulnerability states, not attack methods |
A user receives a text message claiming to be from payroll with a short link asking for a password reset. Which answer best fits Core 2?
Correct answer: B. The delivery path is the clue. Core 2 often separates phishing variants by medium.