Study CompTIA 220-1202 Permissions, Hardening, and Malware Workflow: key concepts, common traps, and exam decision cues.
Security on Core 2 is not about memorizing every acronym in isolation. It is about protecting the right boundary: user rights, file access, endpoint hardening, malware containment, or disk protection.
UAC: User Account Control, the Windows feature that prompts for elevation when administrative rights are needed.
Least privilege: Giving only the access required for the task, rather than broad standing administrative rights.
The exam usually wants you to:
| If the prompt is really about… | Strongest first reading |
|---|---|
| user can reach the share but not open or modify files | share plus NTFS plus inheritance and ownership |
| one user needs to perform one admin task | elevation path, not permanent local-admin assignment |
| sign-in method changes but disk unlock is still separate | password, PIN, Windows Hello, and BitLocker solve different problems |
| domain or Active Directory behavior appears in the stem | identity, policy, logon scripts, home folders, group membership, or folder redirection |
| Layer | What it answers |
|---|---|
| share permission | what can happen over the network share path |
| NTFS permission | what the filesystem allows at the folder or file level |
| inheritance | how parent permissions flow downward unless changed |
| ownership | who can retake control when normal permission paths fail |
| UAC or Run as administrator | whether the task requires elevation on the device |
If a file-access question happens over the network, share and NTFS both matter. If it happens locally, NTFS is usually the stronger first check.
| Hardening cue | Strong answer usually does |
|---|---|
| shared workstation or unattended device | screen lock, timeout, and least privilege |
| mobile or laptop theft risk | device encryption, password discipline, and physical protection |
| unmanaged defaults on routers or local systems | change default credentials, patch firmware, disable unused services, and secure management access |
| user convenience conflicts with policy | keep protection on unless the stem explicitly authorizes a controlled exception |
For workstation cleanup, Core 2 still rewards the familiar endpoint order:
| Symptom | Strongest first lane |
|---|---|
| fake antivirus warnings or altered browser behavior | endpoint malware or browser-security problem |
| high network usage and degraded response | suspicious app, spyware, cryptominer, or other unwanted process |
| missing or renamed files | ransomware or malicious alteration path |
| user reports many ads, redirects, or pop-ups | browser compromise, PUPs, or malware-adjacent persistence |
| Trap | Better reading |
|---|---|
| “make them local admin so the problem goes away” | fix the actual boundary and preserve least privilege |
| “turn off Defender or firewall first” | only do that if the prompt explicitly says temporary controlled testing |
| mixing BitLocker with ordinary account sign-in controls | BitLocker protects the drive, not the general sign-in workflow |
| stopping after malware cleanup | post-cleanup protection, updates, restore point, and user education still matter |
A user can browse to a shared folder but cannot modify one specific subfolder. Another answer choice suggests making the user a permanent local administrator on the workstation. Which answer best fits Core 2?
Correct answer: B. This is an authorization-boundary problem. Core 2 prefers correcting the precise file-access layer instead of giving unrelated broad rights.