Professor Messer's CompTIA 220-1102 Core 2 – Key Vocabulary

A comprehensive set of vocabulary flashcards summarizing essential terms, commands, features, and security concepts from Professor Messer’s CompTIA A+ 220-1102 Core 2 lecture notes.

Windows 10 Home

Consumer edition of Windows 10 that integrates a Microsoft account, OneDrive backup, Windows Defender, and Cortana but lacks business-class domain and BitLocker features.

Windows 10 Pro

Business-oriented Windows 10 edition that supports Remote Desktop host, BitLocker full-disk encryption, and domain join with Group Policy management.

Windows 10 Enterprise

Volume-licensed Windows 10 edition for large deployments; adds AppLocker, BranchCache, and granular UX control for kiosks and workstations.

Active Directory Domain Services (AD DS)

Microsoft directory service that stores user, computer, and resource information to provide centralized authentication and management across a network domain.

Windows Workgroup

Peer-to-peer logical grouping where each Windows device maintains its own accounts and settings without centralized authentication.

Windows Domain

Business network model with centralized authentication, policies, and resource access managed by domain controllers running Active Directory.

Remote Desktop Protocol (RDP)

Microsoft protocol that lets a client view and control a remote Windows desktop; server component available in Pro and Enterprise editions.

BitLocker

Windows feature that provides full-disk encryption (FDE) so every file—including the OS—is stored encrypted; unlocked with TPM or password.

Encrypting File System (EFS)

NTFS feature that encrypts individual files and folders using the user’s credentials rather than encrypting the entire drive.

Group Policy

Windows mechanism that applies centralized configuration settings to users and computers, either locally (gpedit.msc) or through Active Directory (gpmc.msc).

In-place upgrade

Windows installation method that keeps existing apps, files, and settings while replacing the operating system with a newer version.

Clean install

OS installation that wipes existing data, partitions, and applications before installing a fresh copy of Windows.

gpupdate

Command-line tool that forces an immediate update of Group Policy settings on a Windows computer.

gpresult

Windows command that displays the resultant set of policies (RSoP) applied to a user or computer.

ipconfig

CLI utility that shows and manages a Windows machine’s IP address, subnet mask, gateway, and DNS/DHCP information.

ping

ICMP-based tool that tests basic network reachability and round-trip time to another host.

netstat

Command that displays active TCP/UDP connections, listening ports, and routing statistics on a local computer.

nslookup

Diagnostic utility for querying DNS records such as A, AAAA, and MX to troubleshoot name-resolution issues.

net use

Windows command that maps or disconnects a network share to a local drive letter and can display user account info.

tracert

Windows utility that lists each router hop between a source and destination using ICMP Time-to-Live (TTL) values.

pathping

Hybrid Windows command that combines the functionality of ping and tracert, reporting latency and packet-loss statistics for every hop.

shutdown /s /t nn

Command that initiates a Windows shutdown after ‘nn’ seconds; /r restarts and /a aborts the countdown.

sfc /scannow

System File Checker command that verifies and repairs protected Windows system files.

chkdsk /f

Windows disk utility that fixes logical file-system errors; /r additionally locates and recovers bad sectors.

DiskPart

Powerful Windows CLI tool for advanced disk partitioning and volume management; misuse can erase data.

winver

Run-dialog command that opens the ‘About Windows’ box to display the exact OS version and build number.

Task Manager

Windows utility that shows real-time CPU, memory, disk, network, startup apps, and running processes; accessed with Ctrl-Shift-Esc.

Microsoft Management Console (MMC)

Framework (mmc.exe) that hosts administrative snap-ins such as Event Viewer, Device Manager, and Disk Management.

Event Viewer

MMC snap-in (eventvwr.msc) that records application, security, and system logs with error, warning, and information events.

Device Manager

Windows tool (devmgmt.msc) for viewing, updating, disabling, or uninstalling hardware drivers.

Disk Management

GUI utility (diskmgmt.msc) for creating, deleting, formatting, and resizing partitions and volumes.

Task Scheduler

Component (taskschd.msc) that automates running applications or scripts at predefined times or system events.

Resource Monitor

Advanced real-time monitoring tool (resmon.exe) that breaks down CPU, memory, disk, and network usage by process.

System Configuration (msconfig)

Utility to manage boot parameters, startup items, and Windows services for troubleshooting.

regedit

Registry Editor that lets administrators view and modify Windows Registry keys; mistakes can disable a system.

Windows Defender Firewall

Built-in Windows firewall that filters inbound and outbound traffic per network profile with customizable rules.

Dynamic Host Configuration Protocol (DHCP)

Service that automatically assigns IP addresses, subnet masks, gateways, and DNS servers to network clients.

Automatic Private IP Addressing (APIPA)

Fallback mechanism that self-assigns a 169.254.x.x address when DHCP is unavailable, allowing only local communication.

Loopback address

Special IPv4 address 127.0.0.1 used to test the local TCP/IP stack; always reachable.

Virtual Private Network (VPN)

Technology that creates an encrypted tunnel across a public network to securely connect remote users or sites.

Proxy Server

Intermediary device or software that forwards client requests, enforces policies, caches data, and can mask client IPs.

Shared Printer

Local printer configured in Windows to be accessible to other network users via SMB printing.

Universal Plug and Play (UPnP)

Protocol that allows devices to automatically discover and configure port-forwarding on routers; disabling increases security.

Screened Subnet (DMZ)

Isolated network segment that hosts public-facing services, providing an extra security layer between Internet and LAN.

Service Set Identifier (SSID)

Name assigned to a Wi-Fi network, broadcast in beacon frames so clients can identify and connect.

WPA3

Latest Wi-Fi security standard using GCMP encryption and SAE authentication to mitigate brute-force attacks.

Simultaneous Authentication of Equals (SAE)

WPA3 key-exchange protocol—aka the dragonfly handshake—that resists PSK brute-force by generating unique session keys.

Remote Authentication Dial-in User Service (RADIUS)

AAA protocol that centralizes user authentication, authorization, and accounting for network devices and VPNs.

TACACS+

Cisco-developed AAA protocol that separates authentication, authorization, and accounting and encrypts the entire payload.

Kerberos

Ticket-based network authentication protocol providing SSO and mutual authentication; core to Windows domains.

Multi-factor Authentication (MFA)

Login process requiring two or more of: something you know, have, are, do, or somewhere you are.

Malware

Umbrella term for malicious software like viruses, worms, Trojans, ransomware, spyware, and cryptominers.

Trojan Horse

Malware disguised as legitimate software to bypass security and deliver a payload without self-replication.

Rootkit

Stealth malware that modifies core OS files or kernel modules to hide processes and evade antivirus detection.

Ransomware

Malware that encrypts user data and demands payment, usually in cryptocurrency, for the decryption key.

Cryptominer

Malicious or gray-ware software that hijacks CPU/GPU resources to perform cryptocurrency mining without user consent.

Boot Sector Virus

Malware that infects the master boot record, loading before the OS and persisting across reinstalls unless eradicated.

Spyware

Software that secretly gathers user information, browsing habits, or credentials, often including keyloggers.

Keylogger

Program or hardware that records every keystroke to capture sensitive information such as passwords.

Windows Recovery Environment (WinRE)

Bootable troubleshooting environment providing tools like Startup Repair, Command Prompt, and System Restore.

Quarantine (Malware)

Isolation of infected files or systems to prevent malware spread during analysis and remediation.

System Restore

Windows feature that rolls system files and settings back to a previous restore point without affecting user data.

Incremental Backup

Backup type that copies only data changed since the last backup of any kind, requiring multiple sets to restore.

Differential Backup

Backup that stores all changes since the last full backup, requiring two sets (full + latest differential) to restore.

Grandfather-Father-Son (GFS)

Backup rotation scheme using daily (son), weekly (father), and monthly (grandfather) archives for long-term retention.

3-2-1 Backup Rule

Best practice of keeping 3 data copies on 2 different media with 1 copy stored offsite.

Uninterruptible Power Supply (UPS)

Device that provides temporary battery power and surge protection to keep equipment running during power interruptions.

Surge Suppressor

Protective device that diverts voltage spikes to ground, rated in joules and clamping voltage.

Material Safety Data Sheet (MSDS/SDS)

Document detailing handling, hazards, and disposal procedures for chemicals like toner, batteries, and solvents.

Chain of Custody

Documentation that tracks evidence handling to ensure integrity for legal or forensic purposes.

Payment Card Industry Data Security Standard (PCI DSS)

Mandatory security framework for organizations that process, store, or transmit credit-card information.

General Data Protection Regulation (GDPR)

EU law that grants individuals control over personal data and imposes strict privacy requirements on organizations.

Protected Health Information (PHI)

Individually identifiable medical data protected under regulations like HIPAA.

Acceptable Use Policy (AUP)

Document that defines how employees may use company assets such as networks, computers, and Internet access.

Change Management

Structured process for requesting, approving, testing, and documenting modifications to IT systems to minimize risk.

Sandbox Testing

Isolated environment where updates or software are evaluated without affecting production systems.

Rollback Plan

Predefined procedure to revert systems to their prior state if a change fails or causes issues.

Ticketing System

Help-desk tool for documenting, prioritizing, assigning, and tracking support requests from creation through resolution.

Asset Management

Process of inventorying and tracking hardware, software, and related details (location, warranty, owner).

Batch File (.bat)

Windows script containing command-line instructions executed sequentially by the Command Prompt interpreter.

PowerShell

Windows automation framework using cmdlets and scripts (.ps1) for advanced administration tasks.

Secure Shell (SSH)

Encrypted remote-console protocol operating on TCP port 22, replacing insecure Telnet connections.

Remote Monitoring and Management (RMM)

Platform used by MSPs to remotely monitor, patch, and control client systems and networks.

Microsoft Remote Assistance / Quick Assist

Built-in Windows tools that let a user invite a trusted technician to view or control their desktop over the Internet.

SSID Broadcasting

Access-point feature that announces the network name; disabling hides the SSID but does not secure the network.

Universal Plug and Play (UPnP)

Protocol letting internal devices automatically open ports on a router; best disabled to prevent unwanted exposure.

Screen Lock

Mobile or desktop security feature requiring PIN, password, biometrics, or pattern before granting access after idle.

Locator Application

Service (e.g., Find My) that uses GPS and network data to track, ring, or remotely wipe lost mobile devices.

Full-Device Encryption

Security setting that encrypts all storage (e.g., iOS default, Android’s File-Based Encryption) to protect data at rest.

Zero-day Attack

Exploit targeting a previously unknown vulnerability that has no official patch or public awareness.

On-Path Attack (Man-in-the-Middle)

Threat actor secretly intercepts and possibly alters traffic between two parties, e.g., via ARP poisoning.

Dictionary Attack

Password-cracking method that tries a list of common words and variants instead of exhaustive brute-force.

SQL Injection

Attack that inserts malicious SQL into input fields to manipulate or exfiltrate data from a database.

Cross-Site Scripting (XSS)

Web-app vulnerability allowing attackers to run malicious scripts in a user’s browser, either stored or reflected.

Ticket Escalation

Process of forwarding a support request to higher-tier or specialized staff when initial troubleshooting is insufficient.

User Account Control (UAC)

Windows security feature that prompts for elevated privileges when a task requires administrator rights.

BitLocker To Go

Extension of BitLocker that encrypts removable USB flash drives to protect portable data.

Quarantine (Security)

Isolation of a compromised user, device, or file to prevent a threat from spreading during investigation.

USB Endpoint Resources

Buffer allocations on a USB controller; exceeding available endpoints triggers “not enough controller resources” warnings.

Grandfather-Father-Son Rotation

Backup strategy retaining daily, weekly, and monthly archives to balance storage with restore points.