Study CompTIA 220-1202 Windows Security and Browser Controls: key concepts, common traps, and exam decision cues.
This is the Windows-control side of Core 2 security: Defender, firewall, account types, sign-in methods, encryption choices, and secure browser settings. The exam wants the safest supported configuration, not the fastest shortcut.
Windows Hello: Microsoft’s passwordless or alternative-sign-in framework that can use PIN, fingerprint, or facial recognition depending on device support.
EFS: Encrypting File System, a file-level Windows encryption feature that is different from whole-disk protection such as BitLocker.
The exam usually wants you to:
| If the clue is really about… | Strongest first reading |
|---|---|
| local personal device | local or Microsoft account path |
| managed corporate identity | domain, group, and policy path |
| elevation to perform a task | standard user vs admin and UAC boundary |
| stronger sign-in method | password, PIN, fingerprint, facial recognition, Windows Hello, or SSO depending on the device and environment |
| Encryption need | Strongest first reading |
|---|---|
| protect the whole drive if the device is lost | BitLocker |
| protect removable media | BitLocker-To-Go |
| protect specific files within Windows | EFS |
| secure access to encrypted data after hardware change | recovery-key path, not ordinary password-reset logic |
| If the question says… | Strongest first lane |
|---|---|
| malware definitions are old or protection is degraded | Defender status and definition update path |
| one app is blocked from network use | firewall application rule or exception path |
| downloads or extensions come from unknown sources | browser trust and extension-management path |
| certificate warning appears on a normally trusted site | secure-connection validation problem, not something to click through casually |
| password storage or sync is mentioned | password manager and browser sign-in or sync controls |
| Trap | Better reading |
|---|---|
| treating PIN and password as identical security models | they solve sign-in in different ways and may rely on device-specific protections |
| using EFS when the requirement is whole-device protection | match file-level vs disk-level encryption correctly |
| turning off firewall or Defender as the first move | change the narrowest justified control first |
| installing browser add-ons from any source | source trust is part of the security answer |
flowchart TD
A["Read the security symptom or requirement"] --> B["Sign-in, permission, encryption, browser, or network control?"]
B --> C["Choose the control that matches that layer"]
C --> D["Change the narrowest justified setting"]
D --> E["Verify the issue is fixed without broadening risk"]
A user needs stronger protection for files on a USB drive taken offsite, and another answer choice suggests turning on EFS for the laptop user profile instead. Which answer best fits Core 2?
Correct answer: A. Core 2 expects you to match the encryption method to the medium and the risk. BitLocker-To-Go is the removable-media fit.