Six weeks, about 10-12 hours a week. That's the shape of an A+ Core 2 study plan that actually works for most people who pass on their first try. Not eight weeks. Not twelve. Not a frantic two-week cram. Six weeks of steady work.
I'm going to lay out how to spend those weeks, but first a quick warning about the part of this exam that ambushes candidates.
The PBQs are the thing people don't prepare for
Core 2 is 90 questions in 90 minutes, and most of those are straightforward multiple choice. Passing is 700 out of 900, which works out to around 78%. Fine. But sprinkled through that exam are performance-based questions — PBQs — where you're dropped into a simulated interface and told to actually do something. Change a firewall rule. Find the right Control Panel applet. Navigate a terminal. Match commands to outputs.
Candidates who study exclusively from flashcards and multiple-choice question banks sometimes score 85% on the MCQs and still fail, because the PBQs count for a disproportionate share of your total score and you can't guess your way through them. If you've never opened PowerShell, you're going to freeze when asked to use it under a timer.
Build hands-on time into every week of this plan. A spare laptop, a Windows VM, or even a free Linux VM will pay for itself in PBQ points.
Exam structure at a glance
- Exam code: 220-1102
- Questions: Up to 90 (MCQs + PBQs)
- Time: 90 minutes
- Passing score: 700/900
And the four domains, by weight:
| Domain | % of exam |
|---|---|
| Operating Systems | 31% |
| Security | 25% |
| Software Troubleshooting | 22% |
| Operational Procedures | 22% |
Week 1 — Windows (and this week matters more than the others)
Windows is nearly a third of the exam by itself, and it's the domain where PBQs love to show up. If you're going to be disproportionately strong anywhere, make it this week.
Spend the first two days on editions and installation. Know the difference between Home, Pro, Enterprise, and Education. Know which features only exist in Pro and above (BitLocker, Group Policy, domain join, Remote Desktop host, Hyper-V). This gets tested directly, and candidates who shrug this off usually lose two or three easy points.
Days three and four are command-line. This is where most people skimp and it's a mistake. You need to know what ipconfig, ping, tracert, nslookup, netstat, systeminfo, tasklist, taskkill, chkdsk, sfc /scannow, dism, gpupdate, and diskpart actually do — not just recognize them in a list. Open a command prompt and run them. Read the output. For PowerShell, at minimum know the verb-noun structure and a handful of cmdlets (Get-Process, Get-Service, Stop-Service, Get-ChildItem). The exam likes to mix cmd and PowerShell syntax into trap answers.
A pattern I've seen repeatedly: people memorize that chkdsk /f fixes errors and chkdsk /r locates bad sectors, but they can't actually tell you which one takes longer and why. Then a scenario question asks which to run when a drive is throwing SMART errors, and they guess. Run the commands. Watch what they do. It sticks.
Days five and six: Control Panel versus Settings. This sounds trivial. It isn't. A common PBQ drops you into a Windows 10 or 11 simulation and tells you to change something — configure a static IP, enable Remote Desktop, change UAC level — and you have to know exactly where to click. Reading a book won't get you there. Open both, navigate around, get your reflexes in.
Day seven, 40-50 practice questions on Windows. Treat wrong answers like gold — they're showing you the shape of your blind spots.
Week 2 — macOS, Linux, Chrome OS
These are smaller slices. You need functional knowledge, not mastery.
For macOS, know the basics: APFS, Time Machine, Keychain, System Settings (which replaced System Preferences in Ventura and later), Spotlight, Mission Control, Gatekeeper, FileVault. Know Terminal exists and uses the same POSIX commands Linux does.
For Linux, the command-line is the whole game: ls, cd, pwd, mkdir, rm, cp, mv, cat, grep, find, chmod, chown, sudo, ps, kill, apt/yum, tar, nano/vi. Permissions (read/write/execute, owner/group/other, numeric notation) show up in PBQs. Know chmod 755 cold.
Chrome OS gets maybe an hour. It's lightweight, cloud-first, uses powerwash for factory reset. Done.
File systems: NTFS, FAT32, exFAT, APFS, HFS+, ext3/ext4. Know which OS uses which and why it matters (file size limits, journaling, permissions support).
Spend day seven on 30-40 questions mixing all three OSes. If you're scoring under 70% here it's usually Linux commands — just drill them.
Week 3 — Security
Security is 25% of the exam and it's dense. Don't try to cover it in three days; you need all seven.
Start with malware categories — viruses, worms, trojans, ransomware, spyware, rootkits, keyloggers, cryptominers, botnets, PUPs, fileless malware. The exam often gives you a scenario ("a program encrypts files and demands payment") and asks you to name the type. This is mostly memorization, but doing it in the context of "what would I actually see as a tech" makes it stickier.
Move to social engineering: phishing, spear phishing, whaling, vishing, smishing, pretexting, tailgating/piggybacking, shoulder surfing, dumpster diving, evil twin, watering hole. The naming gets picky — know the specific differences.
Then Windows security features. BitLocker (and BitLocker To Go — that distinction matters), EFS, Windows Defender Firewall, UAC, SmartScreen, Secure Boot, TPM. NTFS permissions versus share permissions is a classic trap: the most restrictive wins when they're combined, and candidates get this wrong constantly because they've never actually configured it.
Authentication and access control: password complexity rules, account lockout, MFA factors (something you know/have/are), Kerberos at a high level, Active Directory groups and Group Policy basics, privileged vs. standard accounts, SSO, biometrics.
Mobile device security — MDM, remote wipe, screen locks, device encryption, app permissions, jailbreaking/rooting risks. SOHO network security — WPA2 vs WPA3, disabling WPS, changing default credentials, guest networks, MAC filtering (and why it's not real security).
Day seven, 50+ security questions, weighted toward scenarios. Security MCQs on this exam tend to read as small stories — "a user reports pop-ups advertising products they searched for yesterday" — and you have to map the symptom to the cause.
Week 4 — Operational procedures, and your first full practice exam
Operational procedures is 22% of the exam and it's the domain people most often underestimate. It's not technical. It's change management, ticketing, documentation, backup strategies, scripting basics, safety, environmental stuff, communication, and ethics. Candidates skim it because it feels boring, then lose 15% of the exam.
Hit the major topics over four or five days: change management (RFC, approval, rollback plans, test environments), documentation standards, ticketing workflows, backup types (full, incremental, differential, synthetic), 3-2-1 backup strategy, RTO vs RPO, disaster recovery plans. Understand basic scripting — not how to write scripts, but what file types are what (.bat, .ps1, .sh, .py, .vbs, .js) and what each is used for. Know the risks of running scripts (unintended consequences, malware injection, resource exhaustion, mishandling credentials).
Professionalism — communication style, avoiding jargon with end users, privacy, setting expectations, dealing with difficult users, chain of custody for forensic situations. This stuff shows up more than you'd expect.
Save day six or seven for your first full-length practice exam. 90 questions, 90 minutes, no pausing. Wherever you score — 65%, 72%, 78% — that's your real baseline. Don't panic if it's lower than you hoped. You're not done yet.
Review every missed question. Not "oh I knew that one." Actually write down why you got it wrong: didn't know the material, misread the question, second-guessed, ran out of time. Those categories need different fixes.
Week 5 — Software troubleshooting
This domain is where theory meets practice, and there's one piece of it that shows up on nearly every exam: the 7-step malware removal process. CompTIA wants this memorized in order.
- Investigate and verify malware symptoms
- Quarantine infected systems
- Disable System Restore (in Windows)
- Remediate infected systems (update anti-malware, scan and remove)
- Schedule scans and run updates
- Enable System Restore and create a restore point (in Windows)
- Educate the end user
People trip on steps 3 and 6 because disabling System Restore before cleaning — and re-enabling it after — feels counterintuitive. The logic: restore points can re-infect the machine after cleanup. Memorize the order. The exam will give you scenarios where four of the steps are right and one is in the wrong position.
Beyond that, work through OS troubleshooting: boot issues (missing bootloader, BSOD stop codes, slow performance, services won't start, time drift, low memory errors), recovery options (Safe Mode, startup repair, sfc, dism, bootrec, reset/reinstall), Event Viewer basics.
Then browser problems — cert errors, redirects, hijacked search, slow performance, pop-ups, saved passwords compromised. Mobile app issues — crashes, slow response, battery drain, connectivity problems, update failures, permission issues.
The last thing, and it applies across the whole domain: CompTIA's troubleshooting methodology. Identify the problem, establish a theory, test the theory, establish a plan, implement, verify, document. Know the order. It comes up as its own question type.
One pattern worth flagging: candidates who score well on the first practice exam but still fail troubleshooting scenarios usually don't have the methodology memorized. They jump to solutions that "feel right" instead of following the steps. The exam knows this and punishes it.
Day seven, 40-50 troubleshooting questions with an emphasis on PBQs if your question bank has them.
Week 6 — Final review and two more practice exams
You've covered everything. This week is about pattern recognition and stamina.
Early in the week, look at your practice exam results and pick your two weakest domains. Spend two or three focused days on those. Don't re-read everything — just the areas where you're still missing questions.
Mid-week, take a second full-length practice exam. You should be hitting 75-80% by now. If you're still at 70% or below, you're probably not ready to schedule the real exam yet. Better to push back a week than to pay $246 for a reality check.
End of the week, a third full-length practice exam. Aim for consistent 80%+ across multiple attempts. Once you're there, you're genuinely ready.
Day before the exam: light review of weak spots, nothing new. Confirm your test center logistics, ID, arrival time. Sleep. Eat something. Show up.
Adjusting this A+ Core 2 study plan to your life
Six weeks at 10-12 hours assumes you have that time. If you're working full-time with a family, you might be closer to 5-7 hours a week, and your A+ Core 2 study schedule probably needs to stretch to 8-10 weeks rather than compress. If you already have six months of help-desk experience, you can often compress Week 2 into Week 1 and finish in five.
Another pattern I've noticed: people who "don't have time for practice exams" often have time for another hour of flashcards. That's almost always the wrong trade. Full-length practice exams are the single best predictor of exam-day performance — skipping them to squeeze in more passive review is how people end up surprised on test day.
What trips people up on Core 2
A short list, ranked by how often I see it:
- Treating operational procedures as filler. It's 22%. If you skip it you're capping your score at 78%.
- Ignoring PBQs until the last week. Hands-on reflexes take time to build. Start in Week 1.
- Memorizing the 7-step malware process as concepts rather than a strict order.
- Confusing NTFS permissions with share permissions.
- Studying from one resource and expecting that to be enough. The exam draws from wider ground than any single course covers.
Ready when you are
This plan works, but only if you know where you're starting. Someone with IT experience can skim Week 1 in three days. Someone brand new to Windows administration probably needs two weeks on it. The only way to tell which you are is to actually take a diagnostic.
LearnZapp's free A+ diagnostic gives you a per-domain breakdown — no signup, around 20 minutes — and once you see it, you can redistribute the weeks in this plan to match where your gaps actually are. That's usually a better use of an hour than another pass through flashcards.