How to use 220-1102 flashcards effectively
Flashcards work through active recall — the process of retrieving information from memory rather than passively re-reading it. Research consistently shows that active recall produces stronger, longer-lasting memory than re-reading study guides. For 220-1102 preparation, this means flashcards are one of the highest-return study tools available.
Attempt recall first
Read the 220-1102 question on each card, pause, and attempt to formulate the answer in your own words before revealing. This retrieval attempt — even if wrong — dramatically strengthens memory compared to immediately reading the answer.
Review wrong cards again
When you get a card wrong, note it and add it back to your review pile. Spaced repetition — seeing difficult cards more frequently — is the mechanism that makes flashcard study far more efficient than linear reading.
Study by domain
Group your 220-1102 flashcard sessions by domain for the first 3–4 weeks. Master one domain before moving to the next. In the final week, shuffle all cards together to test cross-domain recall — which is what the real 220-1102 exam requires.
Short sessions beat marathon reviews
20–30 flashcard cards per session, done daily, produces better retention than a single 200-card marathon session. Five short daily sessions per week over 4 weeks gives you over 400 total card reviews — enough to reliably pass 220-1102.
220-1102 flashcard preview
Sample cards from the 220-1102 flashcard bank. Read the question, think of the answer, then read the explanation below.
A user reports that their Windows 10 computer is running slowly and they see a 'Low memory' message when opening applications. What should the technician check first to diagnose the issue?
Check RAM usage in Task Manager
When a user experiences low memory errors, the first step is to check current memory usage via Task Manager to determine if the system is running out of RAM due to high usage or a memory leak. Checking for malware, adjusting virtual memory, or running disk cleanup are subsequent steps that may be taken after identifying the cause.
A helpdesk technician receives a call from a user who reports that their antivirus software is disabled and cannot be re-enabled. Additionally, the user's files have been renamed with a '.encrypted' extension. Which type of malware is most likely responsible?
Ransomware
Ransomware typically disables security software and encrypts files, renaming them with extensions like .encrypted, and demands a ransom for decryption. Trojans disguise themselves as legitimate software, worms spread without user action, and rootkits hide malware from detection—none primarily focus on file encryption.
A user reports that after installing a new printer driver on a Windows 10 computer, the system blue screens whenever they attempt to print. The computer boots normally but crashes during the print job. Which of the following should the technician do FIRST to resolve the issue?
Boot into Safe Mode and roll back the printer driver.
A blue screen caused by a new driver should be addressed by booting into Safe Mode, which loads only essential drivers, and then rolling back the problematic driver. This is the most direct and effective first step to restore functionality without affecting other system settings.
A technician is decommissioning several hard drives that contained sensitive client data. The drives are still functional but need to be disposed of securely. Which method ensures the data cannot be recovered?
Use a degausser to demagnetize the platters.
Degaussing uses a strong magnetic field to destroy the data on magnetic storage media, rendering the drive unusable and data unrecoverable. Other methods like formatting or deleting files leave data recoverable with specialized software.
A change advisory board (CAB) approved a standard change to update antivirus definitions on all servers. The technician completes the update on a file server and verifies the server is functioning normally. According to change management best practices, what documentation should the technician complete?
Update the change log with implementation details and results
After implementing a standard change and verifying success, the technician should update the change log or ticket with details of the implementation, including date, time, actions taken, and results. This provides an audit trail and helps in future troubleshooting. Sending an email summary might be optional, but formal documentation in the change management system is required. The backout plan is created before implementation, not after.
A company's change management policy requires all server changes to be approved by the Change Advisory Board (CAB). A technician discovers that a critical database server's operating system needs a security patch to comply with a new regulatory requirement that takes effect in one week. The patch has a known risk of causing service downtime. The next scheduled CAB meeting is in two weeks. What should the technician do FIRST?
Submit an urgent change request and obtain emergency approval
This is an urgent regulatory compliance need, which may qualify as an emergency change. The correct first step is to submit an urgent change request with a risk assessment and seek approval from the appropriate authority (such as the IT director or emergency CAB) to expedite the change while still following proper change management procedures. Waiting would violate compliance, and implementing without approval circumvents management controls. A workaround is not always viable.
A company is implementing a bring-your-own-device (BYOD) policy and needs to ensure that corporate data on employee mobile devices is protected. Which of the following is the MOST important technical control to implement?
Enable remote wipe capability for corporate data
Containerization or MDM (Mobile Device Management) with remote wipe capability is the most critical control because it allows the organization to separate and, if necessary, remove corporate data from a lost or compromised device without affecting personal data.
A company requires employees to present both a smart card and a PIN to log into their workstations. Which authentication principle is being implemented?
Two-factor authentication
Two-factor authentication (2FA) requires two different types of identification from distinct categories: something you have (smart card) and something you know (PIN). Single-factor uses only one category. Biometric would be something you are (fingerprint, face), and token-based authentication often refers to a single possession factor.
A company requires all Windows 10 workstations to be able to join an Active Directory domain. Which edition of Windows 10 must be installed on these workstations?
Windows 10 Pro
Windows 10 Pro, Enterprise, and Education editions can join a domain. Windows 10 Home edition does not support domain membership. The technician must ensure that the computers have at least Windows 10 Pro to meet this requirement.
A company wants to allow employees to securely access internal resources from home via the internet. Which method provides the highest level of security for remote desktop connections?
Require the use of a VPN connection before establishing a Remote Desktop session.
Using a VPN is the most secure way to allow remote desktop access. The VPN creates an encrypted tunnel and requires strong authentication (often with MFA) before the user can even reach the internal network. This significantly reduces the attack surface compared to other methods.
A change advisory board (CAB) approves an emergency change to apply a critical security patch to a critical server. After the patch is applied and the server is verified operational, the technician completes the documentation. According to change management best practices, what post-implementation step is unique to emergency changes?
Schedule a post-implementation review within 30 days
Emergency changes bypass the normal approval process due to urgency. To ensure accountability and proper oversight, a post-implementation review (PIR) is typically required within a specified timeframe (e.g., 30 days). During the PIR, the change is reviewed to ensure it was justified, documented correctly, and that any lessons learned are captured. This step is not required for standard or normal changes because they already went through full approval. Notifying users is not unique to emergency changes. Reverting is not a standard step unless something went wrong. Verbal approval from the CEO is not a standard process.
A company is decommissioning several SSDs from high-security laptops. The SSDs were encrypted with BitLocker. The organization must ensure data is unrecoverable while complying with environmental disposal regulations. Which method should be used?
C. Physical shredding
For SSDs, physical destruction (shredding) is the most reliable method to ensure data is unrecoverable. Degaussing does not affect NAND flash memory. Overwriting may be ineffective due to wear-leveling algorithms that can leave data remnants. Incineration can release hazardous materials and often violates environmental regulations. Shredding destroys the chips and allows recycling of the materials, meeting both security and environmental goals.
A company has several Windows 7 Professional workstations that need to be upgraded to Windows 10. Which of the following is the minimum edition of Windows 10 that supports an in-place upgrade from Windows 7 Professional?
Windows 10 Pro
In-place upgrades preserve installed applications and settings. Windows 7 Professional can upgrade directly to Windows 10 Pro (or Windows 10 Enterprise). Windows 10 Home is not eligible, and Windows 10 Education is for academic environments. Therefore, Windows 10 Pro is the minimum edition that supports the upgrade from Windows 7 Professional.
A company has a policy that requires all workstations to have antivirus software installed and keep it up to date. A technician finds that several computers have disabled their antivirus services. Which security control would have MOST effectively prevented users from disabling the antivirus?
Group Policy settings to enforce antivirus protection
Using Group Policy to enforce the antivirus service startup and protection status is the most effective way to prevent users from disabling it. Application whitelisting would prevent unauthorized software but not stop a user from disabling a service. User Account Control (UAC) prompts can be bypassed by users with local admin rights. Data Execution Prevention (DEP) prevents memory exploits, not service tampering.
A change request to update the firmware on a network switch has been approved by the Change Advisory Board (CAB) and is scheduled for a maintenance window. During the implementation, the technician discovers that the downloaded firmware file is corrupted. The technician has verified that a backup configuration file exists. According to change management best practices, what should the technician do FIRST?
Contact the CAB to report the issue and await further instructions
In change management, if a step in the approved plan cannot be executed as intended (e.g., corrupted firmware), the technician should not proceed with the change. The best practice is to stop the implementation and contact the CAB to report the issue and request further instructions. Attempting to work around the problem or modifying the plan without approval can cause unintended consequences and violates change management procedures. Updating the server later assumes the change will still be implemented; the proper process is to follow the change management workflow.
A change advisory board (CAB) has approved a standard change to update the firmware on a network switch. Before implementing the change, the technician creates a backup of the current configuration and prepares a rollback plan. After successfully applying the firmware update, what should the technician do NEXT according to change management best practices?
Document the change in the change request with the results
After completing the implementation and verification, the technician must document the change in the change request ticket. This includes results, any issues encountered, and the verification steps. Proper documentation ensures traceability and compliance. Closing the request without documentation is premature.
A company policy requires that all mobile devices used for work be managed via Microsoft Intune. An employee loses a company-issued smartphone. The IT administrator needs to remotely wipe the device to prevent data loss. Which prerequisite must have been completed on the device for this action to be possible?
Device enrolled in Intune
Remote wipe is a management feature of MDM solutions like Microsoft Intune. The device must be enrolled in Intune to receive management commands. BitLocker is for Windows encryption, Find My Device is a consumer location service, and a VPN profile provides connectivity but not management capabilities.
A company is decommissioning several workstations that contain confidential client data on traditional HDDs. The company's data disposal policy requires that the data be completely unrecoverable. Which method should the technician use to achieve this?
Physically shred the hard drive platters
Physical destruction, such as shredding the hard drive platters, ensures that data cannot be recovered by any means. Quick formatting only removes the file system index. Single-pass overwriting can sometimes be reversed with advanced tools. Degaussing may not be effective on modern high-coercivity drives and does not physically destroy the media.
A company requires all changes to production systems to be approved by the Change Advisory Board (CAB). A technician receives an urgent request from a manager to apply a critical security patch that fixes a zero-day vulnerability. The patch requires a reboot, and the server is currently in use. The CAB is not scheduled to meet for another week. Which of the following is the BEST course of action?
Request an emergency change approval from the CAB chair or a designated authority
In an emergency situation where a critical vulnerability exists, change management best practices allow for an emergency change process. This typically involves obtaining approval from the CAB chair or a designated emergency authority (such as a senior manager) outside the regular meeting schedule. Applying the patch immediately without any approval violates policy. Waiting for the next scheduled meeting is too slow for a zero-day vulnerability. Scheduling the patch without approval also bypasses governance.
A company's security policy mandates that all workstations must have full disk encryption. Which Windows feature provides full disk encryption?
BitLocker
BitLocker Drive Encryption is a full disk encryption feature included in Windows Pro and Enterprise editions. It encrypts the entire volume, protecting data at rest even if the drive is removed from the computer.
A company policy requires that all data on laptops be encrypted so that if a laptop is stolen, the data cannot be read even if the hard drive is removed. Which Windows 10 feature provides this?
BitLocker
BitLocker Drive Encryption provides full-disk encryption at the volume level. When enabled, the entire drive is encrypted, and the data cannot be read without the decryption key. EFS (Encrypting File System) encrypts individual files and folders, not the whole drive. User Account Control manages permissions. Windows Defender is an antivirus/antimalware solution.
A company has a standard operating procedure (SOP) for handling password reset requests. Why is it MOST important for help desk technicians to follow this SOP?
A
Following an SOP ensures that tasks are performed consistently and correctly, reducing errors and security risks. Consistency also improves efficiency and makes training easier. While following an SOP may save time in the long run, the primary purpose is to achieve uniform and reliable results. Management impression and training reduction are secondary benefits.
220-1102 flashcards by domain
The 220-1102 flashcard bank covers all 4 official blueprint domains published by CompTIA. Cards are distributed proportionally, so domains with higher exam weight have more cards.
Domain Coverage
Operating Systems
Security
Software Troubleshooting
Operational Procedures
Flashcards vs practice tests: which is better for 220-1102?
Both flashcards and practice questions are evidence-based study tools. The difference is in what they train:
Flashcards — concept retention
Best for memorising definitions, acronyms, protocol behaviours, command syntax, and conceptual distinctions. Use flashcards to build the foundational vocabulary that 220-1102 questions assume you know.
Best in: weeks 1–3
Practice tests — application
Best for applying concepts to realistic scenarios, eliminating distractors, and building exam stamina.220-1102 questions test scenario reasoning — not just recall — so practice tests are essential.
Best in: weeks 3–6
The most effective 220-1102 study plan combines both: use flashcards for the first 2–3 weeks to build conceptual foundations, then shift to practice tests and mock exams in the final 2–3 weeks to apply and benchmark that knowledge. Most candidates who pass on their first attempt use both tools.
220-1102 flashcards — frequently asked questions
Are the 220-1102 flashcards free?
Yes — all 220-1102 flashcards on Courseiva are completely free, no account required. Every card includes the question, correct answer, and a full explanation. Create a free account to track which cards you have studied and get spaced repetition recommendations.
How many 220-1102 flashcards are on Courseiva?
Courseiva has 1000+ original 220-1102 flashcards across all 4 exam blueprint domains. New cards are added regularly as the question bank grows. All cards are written by certified engineers against the official CompTIA exam objectives.
How are Courseiva flashcards different from Anki or Quizlet?
Courseiva flashcards are purpose-built for IT certification exams. Unlike generic flashcard platforms where content quality varies, every Courseiva card is mapped to the official 220-1102 exam blueprint, written by engineers who hold the certification, and includes a full explanation of the correct answer and why the distractors are wrong. This explanation quality is what separates genuine learning from rote memorisation.
Can I use 220-1102 flashcards offline?
Courseiva is a web platform — an internet connection is required. For offline study, we recommend creating free Courseiva account, using the platform in your browser, and using your device's offline capabilities if your browser supports offline web apps.
Track your 220-1102 flashcard progress
Save your results, see which domains need more work, and get spaced repetition recommendations — all free.
Sign Up FreeFree forever · Every certification included