CompTIA A+ Practice Test (220-1202)
Use the form below to configure your CompTIA A+ Practice Test (220-1202). The practice test can be configured to only include certain exam objectives and domains. You can choose between 5-100 questions and set a time limit.

CompTIA A+ 220-1202 (V15) Information
CompTIA A+ Certification Overview
Exam Versions
The current versions of the CompTIA A+ certification exams are:
- 220-1201 (Core 1)
- 220-1202 (Core 2)
These versions were launched in April 2022 and are expected to retire approximately three years from their release date.
The A+ Certification Test
To earn the CompTIA A+ certification, candidates must pass two separate exams: 220-1201 and 220-1202. Each exam has a separate fee and can be taken in any order. Both exams must be completed before the retirement date and must be from the same set of objectives. The certification is valid for three years from the date of passing the exams.
Exam Details:
- Format: Computer-based tests
- Number of Questions: 90 questions per exam
- Time Limit: 90 minutes per exam
- Result Availability: Immediately after completion, following a short mandatory survey
CompTIA A+ 220-1202
The CompTIA A+ 220-1202 (Core 2) exam is an essential part of the A+ certification, focusing on the software and operational aspects of IT support. Launched in April 2022, this exam tests candidates on a variety of critical topics including operating systems, security, software troubleshooting, and operational procedures. The 220-1202 exam comprises 90 questions, featuring a mix of multiple-choice and performance-based questions that simulate real-world IT scenarios. With a 90-minute time limit, candidates must efficiently demonstrate their knowledge and problem-solving skills. The exam is designed to ensure that IT professionals are well-versed in managing and troubleshooting software issues, implementing security measures, and following best practices in IT operations. Successful completion of the 220-1202, alongside the 220-1201, certifies individuals for three years, highlighting their competence and readiness to handle diverse technical challenges in the IT field.
Exam Policies and Procedures
Candidates must agree to CompTIA's exam policies before starting the test. These policies include:
- No Mobile Phones/Devices: Must be left outside the exam room
- Question Review: Candidates can revisit and change answers before submitting the exam
- Submission: Unanswered questions are marked, and a final review is available before submission
Testing Centers
Since July 9, 2012, CompTIA exams are available exclusively through Pearson VUE testing centers. Candidates can book exams online, by phone, or at the testing center. Options include:
- In-Person Testing: At Pearson VUE testing centers
- Online Testing: Through Pearson VUE's online platform
Performance-Based Questions (PBQs)
The A+ exams include Performance-Based Questions (PBQs), which require candidates to perform specific tasks or solve problems in a simulated environment. These questions test real-world skills in areas like command prompts, Windows OS, and networking environments.
Continuing Education (CE) Program
Certifications with the +CE (Continuing Education) suffix, including A+, Network+, and Security+, must be renewed every three years. Renewal options include:
- Retaking the Exam: Passing the latest version of the exam
- Higher-Level Certification: Passing a higher-level CompTIA exam
- CE Program Requirements: Completing CE activities
Lifetime Certifications
Certifications earned on or before December 31, 2010, are valid for life. However, lifetime certifications are no longer available for new candidates.
More reading:
Free CompTIA A+ 220-1202 (V15) Practice Test
Press start when you are ready, or press Change to modify any settings for the practice test.
- Questions: 20
- Time: Unlimited
- Included Topics:Operating SystemsSecuritySoftware TroubleshootingOperational Procedures
An organization is evaluating an authentication method to centrally manage administrator access to network devices, including routers and switches.
Which of the following protocols is specifically designed for this purpose and provides granular control over authentication, authorization, and accounting (AAA)?
Kerberos
RADIUS
LDAP
TACACS+
Answer Description
The correct answer is TACACS+ because it provides centralized authentication for users attempting to access network resources. It allows for fine-grained control over access rights and can handle remote authentication efficiently.
The other options do not focus primarily on network device access management or lack effective centralized control features.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is TACACS+ and why is it used for network device management?
How does TACACS+ differ from RADIUS in managing network device access?
What are the roles of AAA (Authentication, Authorization, and Accounting) in network security?
A user reports that a specific service is not starting on their Windows machine.
What is a common first step to address this issue?
Uninstall the related application
Check the service's status in the Services management console
Update the operating system
Reboot the computer
Answer Description
The correct answer is to check the service's status in the Services management console, as this allows you to see if the service is disabled or stopped. If the service is stopped, you can attempt to start it from this interface. This is the initial step in diagnosing why a service won't start.
Other options, like uninstalling an application or rebooting the system, are broader and may not directly address the specific issue of a service failing to start.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the Services management console in Windows?
Why might a Windows service fail to start?
What are service dependencies in Windows?
Which feature best characterizes the Temporal Key Integrity Protocol in wireless networking?
It uses a fixed encryption key for the entire duration of a session.
It generates a unique encryption key for each data packet sent over the network.
It applies a more robust encryption algorithm than AES.
It is implemented in Bluetooth networks for secure communication.
Answer Description
It generates a unique encryption key for each data packet sent over the network - This is correct. Temporal Key Integrity Protocol (TKIP) was designed as an improvement over WEP (Wired Equivalent Privacy) and addresses its vulnerabilities by generating a new encryption key for each data packet. This ensures greater security by making it harder for attackers to decrypt wireless communication.
It uses a fixed encryption key for the entire duration of a session - This describes WEP, which uses static encryption keys, a major vulnerability that TKIP was designed to overcome.
It applies a more robust encryption algorithm than AES - TKIP does not use AES (Advanced Encryption Standard) and is considered less secure than AES. TKIP was introduced as a temporary solution to improve WEP's security but was eventually replaced by the stronger WPA2 and AES-based encryption.
It is implemented in Bluetooth networks for secure communication - TKIP is used in wireless LANs (Wi-Fi networks) and is not implemented in Bluetooth networks. Bluetooth uses its own security protocols.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why was TKIP created to improve WEP?
How does TKIP differ from AES in terms of security?
What modern protocols replaced TKIP in wireless security?
An office already uses electronic badge readers, CCTV cameras, and motion sensors at each entrance. Management wants an additional control that will actively deter intruders and provide an on-site response capability if a breach occurs. Which physical security measure BEST meets this requirement?
Add more motion-activated CCTV cameras with cloud recording
Upgrade badge readers to require multifactor authentication
Install fixed steel bollards in front of the entrances
Deploy trained security guards to monitor the facility and respond to incidents
Answer Description
Security guards add a human element that passive devices cannot: they deter unauthorized activity through visible presence, make real-time decisions, and physically intervene or call authorities during security incidents. Bollards, upgraded badge readers, and additional cameras enhance perimeter or detection controls but do not provide immediate human response.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are some key advantages of using security guards for physical security?
How do CCTV cameras differ from security guards in terms of functionality?
What is the role of 'multifactor authentication' in physical security, and why is it less effective as an active deterrent?
The security manager at Crucial Technologies wants to help mitigate the possibility of someone being able to access another user’s account by gaining access to the user’s password. What logical security technology should be implemented to satisfy this requirement?
MFA
WPA2
Password complexity rules
Encryption
Answer Description
The answer is MFA. Multi-factor authentication is a logical security method that requires the user to present at least two forms of authentication before being granted access. This is in the form of something the user knows (i.e.password), something they have (i.e. smart card) or something they are (i.e. fingerprint). The other choices are forms of security that would not satisfy the requirement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the three types of factors used in MFA?
How does MFA prevent unauthorized access?
Is MFA better than traditional passwords, and why?
Which of the following documentation practices best facilitates troubleshooting and ensures another technician can resume work on a ticket without confusion?
Writing in clear, concise language that avoids jargon while recording the issue, actions taken, and current status
Using personal abbreviations and shorthand that only the original technician understands
Filling out a standard template but providing only the ticket title and no additional details
Copy-pasting long log files verbatim into the notes field without explanation
Answer Description
Using clear, concise language that avoids unnecessary jargon while listing the problem, the steps taken, and the current status gives any technician enough context to continue work or close the ticket. Copy-pasting logs without explanation, relying on personal shorthand, or providing only minimal details forces later readers to guess what happened, slowing resolution.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is avoiding jargon important in ticket documentation?
What should a technician include in clear ticket documentation?
How do standard templates help with documentation practices?
What is the purpose of the System File Checker (SFC) tool in Windows?
To scan and replace corrupted or missing system files
To update device drivers
To reinstall Windows
To scan for malware
Answer Description
The System File Checker (SFC) tool is a built-in utility in Windows that scans and replaces corrupted or missing system files with healthy ones. It is a common troubleshooting step to run SFC when experiencing system instability, BSOD, or other system file-related issues. It is not a tool for updating drivers or applications, nor is it a tool for scanning for malware.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How do you run the System File Checker (SFC) tool in Windows?
What common problems can the SFC tool help resolve?
What should you do if SFC cannot repair corrupted system files?
What type of malicious software is designed to replicate itself and spread to other systems through files or programs?
Ransomware
Trojan
Virus
Spyware
Answer Description
Virus - This is correct. A virus is a type of malicious software designed to replicate itself and spread to other systems by attaching itself to files or programs. When an infected file or program is executed, the virus spreads to other files, potentially causing damage or disruption to the system.
Spyware - Spyware is designed to secretly collect information about a user or system, such as browsing habits or sensitive data, without the user’s knowledge. It does not replicate or spread like a virus.
Ransomware - Ransomware encrypts a user's data and demands payment for decryption. While it can spread to other systems in some cases, its primary goal is extortion, not replication.
Trojan - A Trojan disguises itself as legitimate software to trick users into installing it. While it may cause harm or serve as a backdoor for other malicious activities, it does not replicate itself like a virus.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does a virus differ from other types of malware?
How do viruses spread between systems?
What are some common signs of a computer virus infection?
What is the primary purpose of standard operating procedures (SOPs) in a technical environment?
To establish a systematic process for the consistent execution of tasks
To encourage spontaneous decision-making in technical support scenarios
To set vague recommendations that can be interpreted differently by each team member
To define a flexible approach to problem-solving without specific guidelines
Answer Description
Standard operating procedures (SOPs) help establish a systematic process for the consistent execution of tasks. They provide a clear, detailed framework that outlines how specific activities should be performed, ensuring all team members follow the same steps. This uniformity reduces errors, increases efficiency, and maintains consistent quality.
Incorrect answers describe approaches that lack the structure and consistency that SOPs are intended to deliver.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is consistency important in executing Standard Operating Procedures (SOPs)?
How do SOPs contribute to reducing errors in a technical environment?
How do SOPs improve efficiency in a workplace?
A technician must upgrade several Windows 10 laptops to Windows 11 during scheduled maintenance. According to best practices for operating-system upgrades, which action should the technician perform first to minimize the risk of data loss and ensure a smooth upgrade process?
Temporarily disable any third-party antivirus software.
Run Disk Defragmenter to optimize the hard drive.
Create a full backup of user data and the current system image.
Convert the system volume to the FAT32 file system.
Answer Description
The very first step in any in-place upgrade should be to create a complete backup of user data (and preferably a system image). If something goes wrong-power failure, incompatible driver, corrupted installer-the technician can restore the devices to their previous working state. Disabling antivirus, updating drivers, or running disk-defragmentation utilities may be useful later, but they do not protect user files. Microsoft's Windows 11 upgrade guidance explicitly recommends backing up files before installation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is creating a full backup the first priority during an OS upgrade?
What is the difference between a full system image and a user data backup?
Why is FAT32 not recommended for modern Windows systems?
A user is experiencing slow profile load times and intermittent errors when logging into their Windows computer. After careful evaluation, you suspect the Windows user profile has become corrupted. Your immediate action should be to:
Increase the size of the user's profile directory by allocating more disk space to their account
Rename the user's existing profile folder and have them log in to create a new profile
Run a full system antivirus scan to check for malware that may be corrupting the profile
Perform a disk defragmentation to optimize file access speeds and improve profile load times
Answer Description
When dealing with a corrupt user profile in Windows, the most effective step is to recreate the user's profile. The old profile can be renamed, and a new profile created when the user logs in again. Transferring the user's data from the old profile to the new one can resolve issues related to a corrupt profile without affecting the user's personal settings and files.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What happens when a user profile becomes corrupted in Windows?
Why is renaming the user profile folder necessary when fixing a corrupted profile?
How do you transfer user data from the old profile to the new profile in Windows?
A company's technology team has noticed that employees are using company email accounts to sign up for personal streaming services, resulting in spam and phishing attacks. What should be implemented to prevent this behavior?
Increasing email monitoring by the technical team
Implementing an Acceptable Use Policy (AUP)
Installing anti-spam and phishing software
Conducting additional training sessions on cybersecurity
Answer Description
An Acceptable Use Policy (AUP) clearly outlines acceptable and unacceptable actions when using company resources, including email accounts. An AUP would specify that employees should use their company email only for work-related purposes, thus preventing misuse for personal activities that could compromise security. While monitoring helps identify misuse, it does not prevent it, training is supportive but not binding, and software solutions may be part of the strategy, they aren't substitutional for policy.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an Acceptable Use Policy (AUP)?
Why wouldn’t just monitoring or software solutions be enough to address email misuse?
How can an AUP be effectively enforced within an organization?
An individual is able to gain access to a list that includes sensitive information of company employees. The list was found in the company trash bin. This is an example of what type of social engineering?
Phishing
Impersonation
Shoulder surfing
Dumpster diving
Answer Description
Dumpster diving is a social engineering technique that involves searching through trash cans to find disposed of documents that could potentially be used to gain access to sensitive information. The act of dumpster diving is actually not illegal but the use of information gained using this method can be.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is social engineering in cybersecurity?
Why is dumpster diving considered a social engineering attack?
How can companies prevent attacks like dumpster diving?
Your CEO often travels and works from public areas. Due to the sensitive nature of the CEO's work you want a solution to prevent other people in the public areas from reading confidential data on the CEO's mobile device screen. What solution can help in this scenario?
VPN
ACL
Data Loss Prevention Policy
Privacy Screen
Answer Description
A privacy screen is a thin piece of plastic that goes over a device's screen. The privacy screen is transparent for users sitting directly in front of the devices screen, but for anyone looking at the screen from an angle the screen is blocked, blurred or heavily darkened. This protects against confidential data on a screen from being easily visible to others in the area.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does a privacy screen work?
Are there privacy screens for all device types?
What situations are best suited for using a privacy screen?
An organization uses RFID key fobs for door access. Which of the following features is typically provided by the access-control software that manages these fobs?
One-time passwords sent by SMS
Automatic encryption of files stored on the workstation
Detection of rogue wireless access points
Time-stamped audit logs for each door entry
Answer Description
- Correct: Time-stamped audit logs allow administrators to see exactly which fob unlocked which door at what time, providing accountability and forensic evidence.
- Incorrect options:
- One-time passwords sent by SMS are associated with multifactor authentication for logical access, not physical key-fob readers.
- File encryption is a workstation security measure unrelated to door controllers.
- Rogue wireless-access-point detection is a network security task, not a standard feature of door-access systems.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How do RFID key fobs work for door access?
What are time-stamped audit logs, and why are they important for access control?
What distinguishes RFID access control from other security technologies like biometric scanners?
A Windows 11 laptop is randomly crashing, and you suspect that protected operating-system files have become corrupted. From an elevated Command Prompt, which command-line tool should you run to scan all protected system files and automatically replace any incorrect versions with the correct Microsoft versions?
sfc /scannow
nslookup
chkdsk /f
gpupdate /force
Answer Description
The System File Checker command (sfc) with the /scannow switch scans every protected Windows system file and replaces corrupted or missing files with known-good copies stored in the WinSxS cache. CHKDSK checks disk integrity, GPUPDATE refreshes Group Policy, and NSLOOKUP queries DNS records-they do not repair system files.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does the sfc /scannow command do in Windows?
What is the purpose of the WinSxS cache mentioned in the sfc /scannow command?
When should you use sfc /scannow over chkdsk /f?
A technician is assisting a user who regularly renames files in a directory that contains many similarly named items. To avoid confusion, the user wants File Explorer to always display file-name extensions (such as .docx or .txt). Which setting in File Explorer Options should the technician modify to accomplish this?
Under the View tab, uncheck "Hide protected operating system files (Recommended)"
Under the View tab, uncheck "Hide extensions for known file types"
Under the View tab, uncheck "Always show icons, never thumbnails"
Under the General tab, select "This PC" from "Open File Explorer to"
Answer Description
To make extensions visible, open File Explorer Options, select the View tab, and clear (uncheck) the "Hide extensions for known file types" checkbox. When this option is unchecked, Windows shows the full file name, including its extension, in every folder.
The other options do not affect extension visibility:
- "Hide protected operating system files (Recommended)" only hides critical system files.
- "Always show icons, never thumbnails" forces icons instead of thumbnail previews.
- Changing the "Open File Explorer to" setting on the General tab merely controls the default start location.
[Citation: How-To Geek - "Disable the 'Hide extensions for known file types' checkbox" https://www.howtogeek.com/205086/beginner-how-to-make-windows-show-file-extensions/]
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why are file extensions important for users?
What other settings under the View tab are useful for managing files?
What happens if file extensions are hidden for known file types?
Which type of malware is designed to secretly gather information about a user's activities without their knowledge?
Trojan
Spyware
Rootkit
Ransomware
Answer Description
Spyware is a type of malware that is specifically designed to collect information about a user's activities, including browsing habits and personal data, without their consent. This differentiates it from other malware types such as viruses, which are designed to replicate and spread, or ransomware, which encrypts files to demand a ransom.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does spyware collect user information?
How is spyware different from other types of malware like ransomware and trojans?
What are some signs that spyware might be on your system?
A user with standard (non-administrator) privileges reports a Windows Security notification stating "Windows Defender Firewall is turned off." The user has not made any recent configuration changes, and no Group Policy settings should affect this standalone workstation.
Which of the following is the MOST likely reason the firewall was disabled?
A recent Windows Update temporarily turned the firewall off after a successful install.
The display driver crashed, causing Windows Security Center to report the firewall as off.
Malware on the system has disabled the firewall to avoid detection.
Battery saver mode automatically shut down non-essential services, including the firewall.
Answer Description
Many malware families attempt to weaken host defenses by disabling the operating-system firewall, antivirus, or other protective services. This lets the malicious code communicate freely with command-and-control servers and reduces the chance of detection. Battery-saver settings, driver crashes, and routine Windows Updates do not normally turn off the Windows firewall.
- MITRE ATT&CK technique T1562.004 (Disable or Modify System Firewall) documents adversaries disabling firewalls as a defense-evasion tactic.
- A CISA advisory on the Kimsuky APT describes malware that zeros Windows firewall registry keys to prevent security alerts.
Therefore, the unexpected firewall-off notification is most likely caused by malware on the system.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is MITRE ATT&CK and how does it relate to disabling firewalls?
How does malware disable the Windows Defender Firewall?
What should a user do if malware disables the firewall?
What is typically displayed in a splash screen when logging into a corporate computer system?
A progress bar indicating the status of the system loading its resources.
Advertisements for upcoming company events or employee notifications.
Legal disclaimers or compliance messages that users must acknowledge before accessing the system.
An animated logo or product branding for user entertainment while the system loads.
Answer Description
A splash screen in the context of corporate computer systems often displays regulatory compliance requirements or important announcements. These can include legal disclaimers, privacy policies, or user agreement policies to which the user must adhere. Ensuring employees are aware of these terms is an integral part of compliance with various laws and regulations. It serves as a reminder or warning about the proper use of the system and any legal implications of their actions. This differentiates it from product branding or system loading indicators, which are not primarily for legal or compliance purposes.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of a splash screen in a corporate system?
What laws or regulations might require legal disclaimers on splash screens?
Are splash screens only used for compliance messages?
Wow!
Looks like that's it! You can go back and review your answers or click the button below to grade your test.