Every port, connector, RAM type, storage interface, Windows command, security threat, troubleshooting methodology, and key fact you need for the 220-1201 (Core 1) and 220-1202 (Core 2) exams — on one page.
The A+ exam tests port numbers in scenario questions — "a user can't send email" maps to ports 25/587. Know the port, protocol (TCP/UDP), and what breaks when it's blocked.
| Port | TCP/UDP | Service | Key fact |
|---|---|---|---|
| 20 | TCP | FTP Data | Active FTP data transfer |
| 21 | TCP | FTP Control | FTP commands — unencrypted, use SFTP instead |
| 22 | TCP | SSH / SFTP / SCP | Secure remote access and file transfer — replaces Telnet and FTP |
| 23 | TCP | Telnet | Unencrypted remote access — deprecated, sends credentials in plaintext |
| 25 | TCP | SMTP | Sends outgoing email — often blocked by ISPs to prevent spam |
| 53 | TCP/UDP | DNS | UDP for queries, TCP for zone transfers and large responses |
| 67 / 68 | UDP | DHCP | 67 = server listens, 68 = client listens — DORA process |
| 80 | TCP | HTTP | Unencrypted web — traffic visible to anyone on the network |
| 110 | TCP | POP3 | Downloads email to device, removes from server |
| 123 | UDP | NTP | Clock synchronisation — Kerberos fails if clocks drift 5+ min |
| 143 | TCP | IMAP | Email stays on server, synced across devices |
| 161 / 162 | UDP | SNMP | 161 = queries to agent, 162 = traps from agent |
| 389 | TCP/UDP | LDAP | Active Directory queries — unencrypted, use LDAPS (636) |
| 443 | TCP | HTTPS | Encrypted web — TLS. Always prefer over HTTP. |
| 445 | TCP | SMB | Windows file and printer sharing, Active Directory |
| 465 / 587 | TCP | SMTP Secure | 587 (STARTTLS) preferred for email submission — 465 = SMTPS |
| 636 | TCP | LDAPS | LDAP over TLS — encrypted directory queries |
| 993 | TCP | IMAPS | IMAP over TLS — encrypted email retrieval |
| 995 | TCP | POP3S | POP3 over TLS — encrypted email download |
| 3389 | TCP/UDP | RDP | Windows Remote Desktop — block at firewall, use VPN if needed externally |
Core 1 tests connector identification heavily — expect photos of connectors with multiple choice answers. Know the visual appearance, use case, and speed/standard for each.
| Connector | Type | Key facts |
|---|---|---|
| USB-A | USB | Rectangular — the classic USB. Host-side connector on PCs. |
| USB-B | USB | Square with bevelled corners — printers and older devices. |
| USB Mini-B | USB | Trapezoidal 5-pin — older cameras, MP3 players. |
| USB Micro-B | USB | Thin, asymmetric — older Android phones. |
| USB-C | USB | Oval, reversible — USB 3.1/3.2/4, Thunderbolt 3/4, up to 240W charging. Used by modern devices. |
| USB 2.0 | USB | 480 Mbps max. Black port colour coding. |
| USB 3.0 / 3.2 Gen 1 | USB | 5 Gbps. Blue port — backward compatible with USB 2.0. |
| USB 3.1 / 3.2 Gen 2 | USB | 10 Gbps. Teal/red port on some motherboards. |
| Thunderbolt 1/2 | Thunderbolt | Uses Mini DisplayPort physical connector. 10/20 Gbps. Lightning bolt icon. |
| Thunderbolt 3/4 | Thunderbolt | Uses USB-C physical connector. 40 Gbps. Supports PCIe, DisplayPort, power. |
| RJ-11 | Telephone | 6-position, 2-contact (6P2C) — telephone/modem. Smaller than RJ-45. |
| RJ-45 | Ethernet | 8-position, 8-contact (8P8C) — Ethernet networking. The standard LAN connector. |
| LC | Fibre optic | Small form-factor — most common in enterprise. Push-pull latch. |
| SC | Fibre optic | Square snap-in connector. Larger than LC. Common in older installs. |
| ST | Fibre optic | Bayonet-style — twist and lock. Legacy. |
| DB-9 / DE-9 | Serial | 9-pin D-sub — RS-232 serial. Console access to routers/switches. |
| DB-25 | Serial/Parallel | 25-pin D-sub — older parallel printer ports and serial interfaces. |
Cat 5: 100 Mbps @ 100m (Fast Ethernet). Cat 5e: 1 Gbps @ 100m — most common in homes. Cat 6: 1 Gbps @ 100m / 10 Gbps @ 55m. Cat 6a: 10 Gbps @ 100m — augmented, shielded. Cat 7: 10 Gbps @ 100m, fully shielded. Cat 8: 25–40 Gbps @ 30m — data centres.
Straight-through: PC to switch/router. Crossover: PC to PC, switch to switch (modern switches use Auto-MDIX so crossover is rarely needed). Rollover/console: PC to router/switch console port.
Know the pin counts, speeds, and form factors — the exam will give you a scenario where you need to identify the correct module type for a given system.
| Type | Form factor | Pins (DIMM) | Pins (SO-DIMM) | Key facts |
|---|---|---|---|---|
| DDR3 | Desktop / Laptop | 240-pin | 204-pin | 1066–2133 MHz. Notch positioned differently from DDR4 — not interchangeable. |
| DDR4 | Desktop / Laptop | 288-pin | 260-pin | 2133–3200+ MHz. Most common in systems from ~2014–2022. Lower voltage than DDR3. |
| DDR5 | Desktop / Laptop | 288-pin | 262-pin | 4800+ MHz. Current standard. Not backward compatible with DDR4 slots. |
| ECC RAM | Server | Varies | — | Error Correcting Code — detects and fixes single-bit errors. Required in servers and workstations. Not compatible with standard consumer motherboards. |
| SO-DIMM | Laptop / Small form | — | Smaller module | Small Outline DIMM — used in laptops, mini-PCs. Same DDR generation as full DIMM but physically smaller. |
Dual-channel: Install matching pairs in correct slots (usually A1+B1 or A2+B2 — check motherboard manual) for double the memory bandwidth.
DIMM vs SO-DIMM: If the scenario mentions a laptop, the answer is SO-DIMM. Desktop = DIMM.
DDR generations are NOT backward compatible — a DDR4 stick will not fit in a DDR5 slot even if the pin count is the same. The notch position is different.
The A+ exam tests storage connectors, interfaces, and form factors. Know what connects to what and the speed difference between HDD, SATA SSD, and NVMe SSD.
| Interface | Max speed | Connector | Key facts |
|---|---|---|---|
| SATA III | 600 MB/s | 7-pin SATA data + 15-pin power | Standard for HDDs and 2.5" SSDs. Most common desktop/laptop interface. |
| M.2 SATA | 600 MB/s | M.2 slot (B+M keyed) | SATA speeds in M.2 form factor. Uses same SATA protocol — not faster than 2.5" SATA SSD. |
| NVMe (PCIe) | 3,500+ MB/s | M.2 slot (M keyed) or PCIe slot | NVMe = Non-Volatile Memory Express. Uses PCIe lanes directly — 5–7× faster than SATA. Current standard for SSDs. |
| PCIe 4.0 NVMe | 7,000 MB/s | M.2 (M keyed) | Double PCIe 3.0 NVMe speeds. Backward compatible — a PCIe 4 drive works in a PCIe 3 slot at reduced speed. |
| HDD (SATA) | ~150 MB/s | SATA | Mechanical spinning disk — 5400 or 7200 RPM. Much slower than SSD, used for high-capacity bulk storage. |
| eMMC | ~400 MB/s | Soldered to board | Embedded MultiMediaCard — soldered storage in budget laptops and tablets. Not replaceable. |
M.2 slots have physical keys (notch positions) that determine which drives are compatible. M key supports NVMe (PCIe) drives. B+M key supports SATA drives (and some NVMe). A drive that is M-keyed only will not fit in a B+M slot. Check the motherboard spec before purchasing an M.2 drive.
RAID basics: RAID 0 = striping (speed, no redundancy). RAID 1 = mirroring (redundancy, half capacity). RAID 5 = striping with parity (3+ drives, one drive fault tolerance). RAID 10 = mirroring + striping (4+ drives, best of both).
Display connector identification appears in Core 1 scenarios. Know the shape, pin count, and whether each carries audio.
| Connector | Pins / signal | Audio? | Key facts |
|---|---|---|---|
| VGA | 15-pin D-sub | No | Analogue only. Blue trapezoidal connector. Legacy — no longer supported by modern GPUs. |
| DVI-D | Digital only | No | All-digital. Single-link = 1080p. Dual-link = 2560×1600. White rectangular connector. |
| DVI-A | Analogue only | No | Analogue signal only — compatible with VGA via adapter. |
| DVI-I | Analogue + Digital | No | Integrated — supports both digital and analogue. Can adapt to VGA. |
| HDMI | 19-pin | Yes | Carries audio + video. Multiple versions — HDMI 2.1 supports 8K/120Hz. Most common consumer display connector. |
| DisplayPort | 20-pin | Yes | Higher bandwidth than HDMI for same generation. Supports daisy-chaining multiple monitors. Preferred for gaming monitors. |
| Mini DisplayPort | 20-pin (mini) | Yes | Physically smaller — used by Apple and some laptops. Same signal as full DisplayPort. |
| Thunderbolt 3/4 | USB-C physical | Yes | Supports DisplayPort signal over USB-C. Also carries PCIe and power simultaneously. |
A+ Core 1 covers networking fundamentals — IP addressing, subnet masks, DHCP, DNS, and troubleshooting connectivity. Know these cold.
Private IP ranges (not routable on internet): 10.0.0.0 – 10.255.255.255 /8 — Class A private 172.16.0.0 – 172.31.255.255 /12 — Class B private 192.168.0.0 – 192.168.255.255 /16 — Class C private (most home networks) Special addresses: 127.0.0.1 → Loopback / localhost — tests local TCP/IP stack 169.254.x.x → APIPA — self-assigned when DHCP fails (link-local only) 0.0.0.0 → Default route / unassigned address 255.255.255.255 → Broadcast — sends to all hosts on network Common subnet masks: /8 = 255.0.0.0 → 16,777,214 hosts /16 = 255.255.0.0 → 65,534 hosts /24 = 255.255.255.0 → 254 hosts (most common small network) /25 = 255.255.255.128 → 126 hosts /26 = 255.255.255.192 → 62 hosts /30 = 255.255.255.252 → 2 hosts (point-to-point links)
Know each 802.11 standard's frequency, maximum speed, and key distinguishing feature. The exam distinguishes between 2.4 GHz (range) and 5 GHz (speed).
| Standard | Common name | Frequency | Max speed | Key facts |
|---|---|---|---|---|
| 802.11a | Wi-Fi 1 | 5 GHz | 54 Mbps | 5 GHz only — less interference but shorter range. Older standard. |
| 802.11b | Wi-Fi 2 | 2.4 GHz | 11 Mbps | First widely adopted standard. 2.4 GHz only — susceptible to interference from microwaves and Bluetooth. |
| 802.11g | Wi-Fi 3 | 2.4 GHz | 54 Mbps | Backward compatible with 802.11b. 2.4 GHz — longer range than 5 GHz. |
| 802.11n | Wi-Fi 4 | 2.4 & 5 GHz | 600 Mbps | First dual-band standard. Introduced MIMO (Multiple Input Multiple Output). Still common. |
| 802.11ac | Wi-Fi 5 | 5 GHz only | 3.5 Gbps | MU-MIMO. Wave 2 added wider channels (160 MHz). Very common in home/enterprise. |
| 802.11ax | Wi-Fi 6 / 6E | 2.4, 5, 6 GHz | 9.6 Gbps | OFDMA improves performance in dense environments. Wi-Fi 6E adds 6 GHz band (6E only). |
| 802.11be | Wi-Fi 7 | 2.4, 5, 6 GHz | 46 Gbps | Multi-Link Operation (MLO) — uses multiple bands simultaneously. Newest standard. |
WEP — broken, never use. Static keys, RC4 encryption, crackable in minutes.
WPA — TKIP encryption. Better than WEP but still has vulnerabilities.
WPA2 — AES/CCMP encryption. Current minimum standard. Personal (PSK) vs Enterprise (802.1X/RADIUS).
WPA3 — Strongest. SAE replaces PSK (eliminates offline dictionary attacks). Forward secrecy. Mandatory for Wi-Fi 6 certified devices.
Exam scenario: "Which wireless security protocol uses AES encryption?" → WPA2 or WPA3. "Which is the most secure?" → WPA3.
Core 2 tests command-line tools heavily — expect to be given a task ("check what ports are listening") and choose the correct command. Know what each does and when to use it.
ipconfig → Shows IP, subnet mask, default gateway ipconfig /all → Full details including MAC address, DNS servers, DHCP lease info ipconfig /release → Releases DHCP-assigned IP address ipconfig /renew → Requests a new IP from DHCP server ipconfig /flushdns → Clears DNS resolver cache — fixes stale DNS entries ping → Tests basic connectivity — sends ICMP echo requests tracert → Shows each hop to destination — identifies where traffic fails nslookup → Queries DNS — tests name resolution for a hostname netstat → Shows active TCP/UDP connections and listening ports netstat -a → All connections and listening ports netstat -b → Shows which executable is using each connection arp -a → Displays ARP cache — IP to MAC address mappings net use → Maps a network drive (net use Z: \\server\share)
sfc /scannow → System File Checker — repairs corrupted Windows system files DISM /Online /Cleanup-Image /RestoreHealth → Repairs Windows image when sfc fails chkdsk → Check Disk — scans for file system and physical disk errors chkdsk /f /r → /f fixes errors, /r locates bad sectors (requires reboot) diskpart → Disk partitioning utility — create, format, delete partitions format → Formats a drive with a filesystem (NTFS, FAT32, exFAT) defrag → Defragments HDD — do NOT use on SSDs robocopy → Robust file copy — preserves permissions, restarts on failure xcopy → Extended copy — copies files and directory trees
tasklist → Lists all running processes (like Task Manager in CLI) taskkill /PID xxxx → Kills a process by its Process ID msconfig → System Configuration — manage startup items, boot options regedit → Registry Editor — edit Windows registry (use with caution) gpedit.msc → Group Policy Editor — local security and config policies lusrmgr.msc → Local Users and Groups manager services.msc → Windows Services management console eventvwr.msc → Event Viewer — system, application, and security logs mmc → Microsoft Management Console — add snap-ins gpupdate /force → Forces immediate Group Policy refresh shutdown /r /t 0 → Immediate restart (/s for shutdown, /t 0 = no delay)
Core 2 has a heavy security focus. Know each threat type by name — the exam describes a scenario and you identify the attack.
| Threat | What it is | Key indicator |
|---|---|---|
| Phishing | Fraudulent emails impersonating trusted organisations to steal credentials or install malware | Urgent email asking you to click a link and log in |
| Spear phishing | Targeted phishing using personal details to appear more convincing — aimed at a specific person | Email that uses your name, role, or refers to a real project |
| Whaling | Spear phishing targeting executives (CEO, CFO) | Email impersonating a CEO requesting a wire transfer |
| Vishing | Voice phishing — fraudulent phone calls impersonating IT support, banks, or government | Caller asks for your password or to install remote access software |
| Smishing | SMS phishing — fraudulent text messages with malicious links | Text claiming your package is held, click to reschedule |
| Ransomware | Malware that encrypts files and demands payment for the decryption key | Files have strange extensions, ransom note appears on screen |
| Trojan horse | Malware disguised as legitimate software — appears harmless, installs malicious payload | Free software download that behaves oddly after install |
| Rootkit | Malware that hides itself and other malware from the OS — runs with elevated privileges | Antivirus can't find it but symptoms persist — requires bootable scanner |
| Keylogger | Records keystrokes to capture passwords and sensitive data | Credentials compromised despite strong password practices |
| Spyware | Monitors user activity and sends data to a third party without consent | Browser redirects, slow performance, unexpected pop-ups |
| Adware | Displays unwanted advertisements — often bundled with free software | Pop-up ads in browser, homepage changed without permission |
| Man-in-the-Middle | Attacker intercepts and potentially alters communication between two parties | ARP poisoning, rogue Wi-Fi hotspot — certificate errors can indicate MITM |
| Social engineering | Manipulating people into revealing information or taking insecure actions — exploits trust | Someone calling claiming to be IT support needing your password |
| Tailgating / piggybacking | Physically following an authorised person through a secure door | Person closely following you into a badge-access area |
| Shoulder surfing | Watching someone enter credentials or view sensitive information in person | Someone standing behind you at an ATM or in a coffee shop |
| Dumpster diving | Searching discarded materials for sensitive information — documents, drives | Shredded documents, wiped drives mitigate this |
CompTIA's 7-step troubleshooting methodology is tested directly on both Core 1 and Core 2. Memorise the steps and order — scenario questions will ask which step comes next.
Step 1 — Identify the problem Gather information, question the user, identify symptoms Check for recent changes — "what changed right before this started?" Step 2 — Establish a theory of probable cause Question the obvious first — is it plugged in? Is the service running? Consider multiple possible causes before acting Step 3 — Test the theory to determine cause Confirm or deny your theory If theory is confirmed → move to step 4 If theory is NOT confirmed → return to step 2 with a new theory Step 4 — Establish a plan of action to resolve the problem Consider effects of the fix on the rest of the system Notify affected users of planned downtime if applicable Step 5 — Implement the solution or escalate as necessary Apply the fix — if beyond your expertise, escalate to senior tech Step 6 — Verify full system functionality Confirm the original problem is resolved Implement preventive measures to stop recurrence Step 7 — Document findings, actions, and outcomes Record what the problem was, what caused it, and what fixed it Update knowledge base — helps the whole team next time
The A+ exam uses acronyms constantly — both in questions and answer choices. If you hesitate on an acronym you lose time. Know every expansion below cold.
| Acronym | Stands for | One-line description |
|---|---|---|
| APIPA | Automatic Private IP Addressing | 169.254.x.x — self-assigned when DHCP fails |
| BIOS | Basic Input/Output System | Firmware that initialises hardware at boot — legacy, replaced by UEFI |
| UEFI | Unified Extensible Firmware Interface | Modern replacement for BIOS — supports GPT, Secure Boot, GUI |
| GPT | GUID Partition Table | Modern partition scheme — supports 128 partitions, drives over 2 TB |
| MBR | Master Boot Record | Legacy partition scheme — max 4 primary partitions, max 2 TB drive |
| NTFS | New Technology File System | Windows default file system — supports permissions, encryption, large files |
| FAT32 | File Allocation Table 32 | Cross-platform — max 4 GB per file. Used on USB drives for compatibility. |
| exFAT | Extended FAT | Modern FAT — no file size limit. Used on large USB drives and SD cards. |
| RAID | Redundant Array of Independent Disks | Combines multiple drives for speed and/or redundancy |
| UPS | Uninterruptible Power Supply | Battery backup that keeps systems running during brief power outages |
| KVM | Keyboard, Video, Mouse switch | Allows one keyboard/monitor/mouse to control multiple computers |
| VDI | Virtual Desktop Infrastructure | Hosts desktop OS instances on a centralised server — thin clients connect |
| IaaS | Infrastructure as a Service | Cloud provides VMs, storage, networking — you manage OS and apps (AWS EC2) |
| PaaS | Platform as a Service | Cloud provides runtime environment — you manage only the application code |
| SaaS | Software as a Service | Cloud provides the full application — you just use it (Microsoft 365, Salesforce) |
| MDM | Mobile Device Management | Centrally manages mobile devices — enforces policies, remote wipe |
| MFA | Multi-Factor Authentication | Requires two or more factors — something you know, have, or are |
| ACL | Access Control List | List of rules defining who can access what resource |
| TPM | Trusted Platform Module | Hardware chip that stores encryption keys — required for BitLocker and Windows 11 |
| BitLocker | — | Windows full-disk encryption — uses TPM to store key. Protects data if drive is removed. |
The best study guides, video courses, and practice exams for 220-1201 and 220-1202.