CompTIA A+ Security Domain: Everything You Need to Know for Core 2 (220-1202)

Why the Security Domain Can Make or Break Your Core 2 Score

The CompTIA A+ Security domain is the second-largest section of the Core 2 exam (220-1202), accounting for 26% of your total score. That means roughly one in four questions you’ll see on exam day comes from this domain — and with a passing score of 700 out of 900, you simply can’t afford to leave it underprepared. Whether you’re just starting your A+ journey or doing a final review before test day, understanding what this domain actually covers will save you from nasty surprises. Let’s break it down.

What the A+ Security Domain Actually Tests

The Security domain on Core 2 isn’t just about defining terms. CompTIA expects you to apply security concepts to real technician scenarios — identifying threats, selecting appropriate controls, and understanding why certain technologies work the way they do. Here’s what you need to have locked down:

Malware Types and Their Behaviors

The exam tests whether you can identify different malware categories by their characteristics, not just their names. Know the distinction between:

• Viruses — require user action to spread by attaching to legitimate files
• Worms — self-replicate across networks without user interaction
• Ransomware — encrypts user data and demands payment for decryption
• Trojans — disguise themselves as legitimate software to gain system access
• Spyware and keyloggers — silently collect user data or keystrokes
• Rootkits — hide at the OS or firmware level to maintain persistent access

One concept that trips up many candidates: botnets. A botnet is a network of compromised computers that an attacker controls remotely, often without the victims’ knowledge. These zombie machines are weaponized for distributed denial-of-service (DDoS) attacks, spam campaigns, or credential theft. If you see a question about a machine behaving strangely, sending unusual traffic, or receiving commands from an unknown remote source — botnet is almost certainly in the answer choices.

Social Engineering Attacks

CompTIA A+ covers the human side of security, and these questions are more common than many candidates expect. You’ll need to recognize:

• Phishing — broad, deceptive emails designed to steal credentials
• Spear phishing — targeted phishing aimed at a specific individual or organization
• Vishing — voice-based phishing over the phone
• Tailgating/piggybacking — physically following authorized personnel into a restricted area
• Shoulder surfing — visually observing someone entering sensitive information

The exam often presents these as scenario questions —