Reinforce 220-1202 concepts with active-recall study cards covering all 29 blueprint domains. Each card shows the question on the front and the correct answer with a full explanation on the back.
Flashcards work through active recall — the process of retrieving information from memory rather than passively re-reading it. Research consistently shows that active recall produces stronger, longer-lasting memory than re-reading study guides. For 220-1202 preparation, this means flashcards are one of the highest-return study tools available.
Attempt recall first
Read the 220-1202 question on each card, pause, and attempt to formulate the answer in your own words before revealing. This retrieval attempt — even if wrong — dramatically strengthens memory compared to immediately reading the answer.
Review wrong cards again
When you get a card wrong, note it and add it back to your review pile. Spaced repetition — seeing difficult cards more frequently — is the mechanism that makes flashcard study far more efficient than linear reading.
Study by domain
Group your 220-1202 flashcard sessions by domain for the first 3–4 weeks. Master one domain before moving to the next. In the final week, shuffle all cards together to test cross-domain recall — which is what the real 220-1202 exam requires.
Short sessions beat marathon reviews
20–30 flashcard cards per session, done daily, produces better retention than a single 200-card marathon session. Five short daily sessions per week over 4 weeks gives you over 400 total card reviews — enough to reliably pass 220-1202.
Sample cards from the 220-1202 flashcard bank. Read the question, think of the answer, then read the explanation below.
A user is unable to print to a network printer after a Windows update. Other users on the same network can print successfully. Which Windows tool should you use to view detailed error messages related to the print spooler service?
Event Viewer
Event Viewer (C) is the correct tool because it logs detailed error messages from the print spooler service (spoolsv.exe) under 'Windows Logs > System' or 'Applications and Services Logs > Microsoft > Windows > PrintService'. When a Windows update breaks printing for a single user, Event Viewer captures spooler errors such as access denied, driver conflicts, or RPC failures that are not shown in other tools.
A security incident occurred where an unauthorized user accessed a workstation. You need to review the event logs to determine when the breach happened. Which Control Panel applet would you use to launch the Event Viewer?
Administrative Tools
Administrative Tools is the Control Panel applet that provides access to advanced system tools, including Event Viewer. To investigate a security breach, you would open Administrative Tools and then launch Event Viewer to review security logs for unauthorized access events. This is the correct path because Event Viewer is not directly listed in the main Control Panel categories; it is nested within Administrative Tools.
A user reports that a specific application crashes immediately on launch. You want to verify the integrity of the application's core files without reinstalling. Which command-line tool can you use to scan and repair system files that the application depends on?
sfc /scannow
The `sfc /scannow` (System File Checker) command scans all protected system files and replaces corrupted versions with a cached copy located in the `%WinDir%\System32\dllcache` directory. Since the application crashes on launch, it likely depends on core Windows system files (e.g., DLLs, executables) that may be corrupted or missing. Running `sfc /scannow` verifies and repairs these system files without reinstalling the application itself, directly addressing the integrity of the dependencies.
A user reports that their Windows 10 PC is running slowly after they installed a new program. You need to identify which service or startup program is consuming the most CPU resources to troubleshoot the issue. Which administrative tool should you use?
Task Manager
Task Manager provides real-time performance monitoring, including CPU usage per process. This makes it the ideal tool for quickly identifying resource hogs. Other tools like Event Viewer or Services.msc are for different purposes.
A security incident has occurred: a user's Mac running macOS Ventura was infected with malware that modified system files. The technician needs to boot the Mac into a mode that loads only essential Apple-signed kernel extensions and prevents third-party software from loading, in order to safely remove the malware. Which startup mode should they use?
Safe Mode (Shift key during startup).
Safe Mode (Shift key during startup) is correct because it forces macOS to load only essential kernel extensions that are signed by Apple, disables all third-party startup items and login items, and runs a directory integrity check. This minimal environment prevents the malware from loading its own kernel extensions or other malicious code, allowing the technician to safely remove the infected files without interference.
A malicious script is suspected to have changed permissions on critical system files. The administrator needs to restore the /etc/passwd file to its default permissions, which are 644. The file is currently 777. Which command will set the correct permissions?
chmod 644 /etc/passwd
The correct answer is A because chmod 644 /etc/passwd sets the permissions to rw-r--r--, which is the standard for /etc/passwd. This removes the world-writable and executable bits.
A user's iPhone is running iOS 15 and they are unable to install a new app from the App Store. The error message says 'Unable to Download App. This app requires iOS 16 or later.' However, the user's iPhone model supports iOS 16. Which built-in iOS feature should the technician use to resolve this?
Update iOS via Settings > General > Software Update.
The error message explicitly states that the app requires iOS 16 or later, and the user's iPhone model supports iOS 16. The correct resolution is to update the device's operating system via Settings > General > Software Update, which is the built-in mechanism for installing iOS updates. This directly addresses the compatibility requirement by upgrading the OS to a version that meets the app's minimum deployment target.
A small business wants to migrate its on-premises file server to the cloud to reduce hardware maintenance costs. They need low-latency access for local employees and want to avoid egress fees for large data transfers. Which cloud deployment model best meets these requirements?
Hybrid cloud
The hybrid cloud model allows the business to keep sensitive or frequently accessed data on-premises (or in a local edge location) for low-latency access, while leveraging the public cloud for scalability and backup. By using a hybrid architecture, egress fees for large data transfers are avoided because bulk data can be processed locally and only metadata or less critical data is sent to the cloud. This directly addresses the need to reduce hardware maintenance costs while maintaining performance and controlling data transfer costs.
A customer reports that their laptop was stolen from their desk over the weekend. The laptop contained sensitive client data. Which physical security control should have been implemented to prevent this theft?
Cable lock
A cable lock is a physical security control that physically secures the laptop to a desk or immovable object, preventing unauthorized removal. In this scenario, the laptop was stolen from the desk, so a cable lock would have directly prevented the theft by tethering the device in place.
A technician is setting up a new wireless network for a small office. They want to ensure that only company-issued devices can connect, and that data transmitted over the air is encrypted. Which combination of settings should they use?
WPA3 with AES encryption and MAC address filtering.
Option B is correct because WPA3 with AES encryption provides the strongest wireless security standard, ensuring robust data confidentiality and integrity. MAC address filtering adds an additional layer of access control, allowing only company-issued devices (with pre-approved MAC addresses) to connect, which aligns with the requirement to restrict access to authorized devices.
A company's IT policy requires that all wireless traffic be encrypted using the strongest available protocol. A technician is configuring a new access point that supports WPA3-SAE, WPA2-PSK with AES, and WPA2-PSK with TKIP. Which configuration meets the policy?
WPA3-SAE.
WPA3-SAE (Simultaneous Authentication of Equals) is the strongest available wireless encryption protocol among the options, as it replaces the pre-shared key (PSK) model with a more secure handshake that provides forward secrecy and is resistant to offline dictionary attacks. The IT policy requires the strongest available protocol, and WPA3-SAE is superior to both WPA2-PSK variants, making option C the correct choice.
During a routine security audit, a technician discovers that a user's workstation has a program that records keystrokes and periodically sends the data to an external server. The user denies installing any software recently. Which type of malware is this?
Keylogger
The program described records keystrokes and exfiltrates them to an external server, which is the defining behavior of a keylogger. This type of malware captures user input, such as usernames and passwords, and sends the data to an attacker. The user's denial of installing software suggests the keylogger may have been delivered stealthily, often via a Trojan horse or drive-by download, but the core functionality is keylogging.
An employee finds a USB drive labeled 'Employee Salary Info Q4' in the parking lot. Out of curiosity, they plug it into their work computer to see the contents. What type of social engineering attack is this an example of?
Baiting
Option C is correct because baiting is a social engineering attack that exploits human curiosity or greed by offering something enticing, such as a USB drive labeled 'Employee Salary Info Q4.' When the employee plugs the USB into their work computer, they may inadvertently install malware (e.g., a keylogger or backdoor) that compromises the system. This attack relies on physical media as the delivery vector, distinguishing it from other social engineering methods.
After a security incident, a forensic analyst needs to review the event logs on a Windows 10 system to determine when a specific user account was created. The logs are intact. Which Windows security setting must be enabled to ensure that account creation events are recorded?
Enable 'Audit Account Management' in Advanced Audit Policy.
Option B is correct because user account creation is an account management event, not a logon event. In Windows 10, the 'Audit Account Management' policy under Advanced Audit Policy Configuration must be enabled to record Security Event ID 4720 (a user account was created). This setting logs all changes to user and group accounts, including creation, modification, and deletion.
A technician is troubleshooting a Windows 10 computer where the user cannot install a legitimate browser extension because the browser displays a warning that extensions from this source are not allowed. What setting is likely blocking the installation?
The computer is running Windows 10 in S mode.
Windows 10 in S mode enforces a security policy that restricts application installations exclusively to the Microsoft Store. This includes browser extensions, which are blocked unless they are obtained from the Store. The browser warning directly reflects this OS-level restriction, not a browser-specific setting.
A small business is retiring 20 old desktop PCs that contain sensitive customer data. The IT manager wants to ensure the data is unrecoverable before donating the computers to a local school. Which method should be used?
Use a degausser on each hard drive.
A degausser generates a strong magnetic field that disrupts the magnetic domains on a hard drive's platters, rendering all stored data permanently unrecoverable. This is the only method listed that meets the requirement for complete data destruction before donating the computers, as it physically alters the storage medium.
A user is trying to install a legacy application on Windows 10, but the installer fails with a message about 'incompatible version'. The application is known to work on Windows 7. Which compatibility settings should you try first to allow the installation to proceed?
Right-click the installer, go to Properties > Compatibility, and check 'Run this program in compatibility mode for: Windows 7'.
Windows 10 includes compatibility modes that emulate older versions of Windows. Running the installer in compatibility mode for Windows 7 can often resolve version-check errors, as it tricks the application into thinking it is running on a compatible OS.
A user calls the help desk saying they cannot log into their Windows 10 workstation because a message claims their files are encrypted and they must pay a ransom. What is the most effective remediation approach?
Disconnect from the network and restore files from a verified backup
Option C is correct because ransomware encrypts files with a key known only to the attacker, making decryption without the key impossible. Disconnecting from the network prevents the ransomware from spreading to other systems, and restoring from a verified backup is the only reliable way to recover the original files without paying the ransom.
The 220-1202 flashcard bank covers all 29 official blueprint domains published by CompTIA. Cards are distributed proportionally, so domains with higher exam weight have more cards.
Domain Coverage
Windows OS Features and Tools
Windows Settings and Control Panel
Windows Command-Line Tools
Windows Administrative Tools
macOS Features and Tools
Linux Commands and File Permissions
Mobile OS Features and Tools
Virtualization and Cloud Technologies
Physical Security Controls
Logical Security Concepts
Wireless Security Protocols
Malware Types and Removal
Social Engineering Attacks
Windows Security Settings
Browser and Application Security
Data Destruction and Disposal
Windows OS Troubleshooting
PC Security Issue Remediation
Mobile OS and App Troubleshooting
Safety Procedures and Compliance
Environmental Awareness and Impact
Documentation and Change Management
Remote Access Technologies
Scripting Basics
Communication and Professionalism
Operating Systems
Security
Software Troubleshooting
Operational Procedures
Both flashcards and practice questions are evidence-based study tools. The difference is in what they train:
Flashcards — concept retention
Best for memorising definitions, acronyms, protocol behaviours, command syntax, and conceptual distinctions. Use flashcards to build the foundational vocabulary that 220-1202 questions assume you know.
Best in: weeks 1–3
Practice tests — application
Best for applying concepts to realistic scenarios, eliminating distractors, and building exam stamina.220-1202 questions test scenario reasoning — not just recall — so practice tests are essential.
Best in: weeks 3–6
The most effective 220-1202 study plan combines both: use flashcards for the first 2–3 weeks to build conceptual foundations, then shift to practice tests and mock exams in the final 2–3 weeks to apply and benchmark that knowledge. Most candidates who pass on their first attempt use both tools.
Yes. Courseiva provides free 220-1202 flashcards across all official exam domains. Every card includes the correct answer and a full explanation of why it is right and why the distractors are wrong. The platform also includes topic-based practice, mock exams, and readiness tracking — no account required.
Courseiva has 750+ original 220-1202 flashcards across all 29 exam blueprint domains. New cards are added regularly as the question bank grows. All cards are written by certified engineers against the official CompTIA exam objectives.
Courseiva flashcards are purpose-built for IT certification exams. Unlike generic flashcard platforms where content quality varies, every Courseiva card is mapped to the official 220-1202 exam blueprint, written by engineers who hold the certification, and includes a full explanation of the correct answer and why the distractors are wrong. This explanation quality is what separates genuine learning from rote memorisation.
Courseiva is a web platform — an internet connection is required. For offline study, we recommend creating free Courseiva account, using the platform in your browser, and using your device's offline capabilities if your browser supports offline web apps.
Save your results, see which domains need more work, and get spaced repetition recommendations — all free.
Sign Up FreeFree forever · Every certification included