Skip to main content
Revy's Tech Journey, powered by Revtek
Back to Study
A+ Core 2 · CompTIA 220-1202 V15 · Objective C2-4.10

Explain basic concepts related to artificial intelligence (AI)

Drill flashcardsFocused quizBrowse all objectives (sidebar view)

Objective 4.10: Explain basic concepts related to artificial intelligence (AI)

Cert: CompTIA A+ Core 2 (220-1202) V15 Domain: 4.0 Operational Procedures Weight: Part of the 21% Operational Procedures domain (NEW in V15) Depth: Explain. The candidate must recognize AI application integration patterns, policy considerations, limitations, and the private-vs-public deployment distinction.

What this objective tests

You should recognize how AI integrates into business applications, the policy considerations around appropriate use and plagiarism, the inherent limitations of AI systems (bias, hallucinations, accuracy), and the difference between public and private AI deployments from a data-security perspective.

This is a NEW objective in V15 (220-1202), not present in V14 220-1102. Reflects the rapid AI adoption in 2023-2025 IT environments.

Key facts

Application integration (AI):

  • AI capabilities embedded in business apps: Microsoft Copilot, Google Duet/Gemini for Workspace, Salesforce Einstein, ChatGPT plugins, Adobe Firefly, etc.
  • Patterns: copilot/assistant in productivity apps, AI-driven search, content generation, summarization, image generation, automated workflows.

Appropriate use policy (AI):

  • Organizational policy on when and how employees can use AI tools.
  • Common elements: approved tools list, data classification rules (what data can go into AI), human review requirements, attribution rules, prohibited uses.
  • Example clauses: "Do not enter customer PII into public AI tools." "AI-generated content must be reviewed and validated by a human before publication."

Plagiarism (AI):

  • Concerns about AI generating content that copies (verbatim or in pattern) from training data.
  • Academic and professional integrity: AI-generated content represented as original work is generally considered misconduct.
  • Many institutions require disclosure when AI assists in content creation.

Limitations of AI - Bias:

  • Models trained on historical data inherit biases in that data.
  • Examples: hiring tools that prefer candidates matching historical hires (reinforcing historical exclusion); image generation defaulting to stereotypes for occupations.
  • Mitigation: diverse training data, ongoing bias audits, human review for high-stakes decisions.

Hallucinations:

  • AI generates outputs that are confidently stated but factually incorrect.
  • Particularly common with large language models. They predict plausible-sounding text, not necessarily true text.
  • Examples: invented citations, made-up product features, fabricated legal precedents.
  • Mitigation: source-grounded prompting (RAG), verification against authoritative sources, human review.

Accuracy:

  • AI outputs aren't guaranteed to be correct. Accuracy varies by task type, training data quality, and how the prompt is constructed.
  • High-stakes outputs (medical, legal, financial) require human validation regardless of AI confidence.

Public AI (public deployment):

  • AI service hosted by a public vendor, accessed via API or web interface.
  • Examples: ChatGPT, Claude.ai, Gemini, Perplexity, public Microsoft Copilot.
  • Data sent to the service may be used for model training (depending on the vendor's policy). Enterprise tiers usually disable training but read each agreement.

Private AI (private deployment):

  • AI deployed within organizational boundaries, often on private cloud or on-premises infrastructure.
  • Examples: Azure OpenAI Service (private endpoint), self-hosted Llama models, vendor-deployed Copilot in your Microsoft 365 tenant.
  • Data stays within organizational boundaries. Higher cost; needed for regulated data.

Data security (AI):

  • Sensitive data sent to AI services may be processed in unknown ways.
  • Public AI: assume data may be retained, logged, or used for training (unless contract says otherwise).
  • Private AI: contractual and technical controls keep data within boundaries.

Data source (AI):

  • What did the AI train on? What does it have access to during inference?
  • Training data: usually large public corpora (web, books, code repositories). Some AI offers "your data" fine-tuning.
  • Inference data: documents/databases/files the AI can read during a query (RAG: retrieval-augmented generation).
  • Both have privacy/security implications.

Data privacy (AI):

  • Regulations apply: GDPR, CCPA, HIPAA all extend to AI-processed data.
  • Consent for using personal data in AI processing.
  • Right to deletion / explanation when AI is used in decisions affecting individuals (GDPR Article 22).
  • Sensitive categories (health, biometric, children) trigger heightened obligations.

Common gotchas

  • Pasting customer data into public ChatGPT. Violates most enterprise data handling policies. The vendor may retain, log, or train on the data.
  • AI-generated code committed without review. May include security vulnerabilities (hallucinated APIs, unsafe patterns) or licensing issues (similar to GPL code in training data).
  • Trusting an AI citation without verifying. Many AI citations are fabricated. Always verify with source.
  • "AI said it was correct." AI confidence is not the same as correctness. Don't outsource judgment.
  • AI hiring screen biased against minority candidates. Years of historical data baked in bias; vendor must demonstrate ongoing fairness testing.
  • Customer support chatbot leaking confidential info. Prompt injection or RAG misconfiguration leaking other customers' data. Test red-team scenarios.

Real-world context

For a business adopting AI tools in 2025:

  • Pick a tier. Public consumer AI for non-sensitive use. Enterprise tier with training-opt-out for general business. Private deployment for regulated/sensitive data.
  • Write an AI use policy. Approved tools, data classification rules, attribution requirements, human-review thresholds for high-stakes outputs.
  • Train users. What can/can't go into AI. How to verify output. How to disclose AI assistance.
  • Audit usage. What tools are people actually using? Are unapproved tools in active use?
  • Build review processes. AI output gets human review for anything customer-facing, legally binding, or factually important.

For IT specifically, AI use cases that are working in production:

  • Code assistance (GitHub Copilot, Cursor) with code review.
  • Email/document drafting in Microsoft Copilot, Google Duet.
  • Meeting summaries and action items from recordings.
  • Help-desk triage assisting first-line response.
  • Documentation generation from code, configs, transcripts.
  • Image/asset generation for marketing or internal materials with creative oversight.

Avoid letting AI:

  • Make irreversible decisions without human review (account closures, terminations, large transactions).
  • Handle data the vendor's contract doesn't cover.
  • Replace human judgment in trust-sensitive interactions.

Sources

  • [CompTIA A+ 220-1202 Exam Objectives Version 4.0, Section 4.10](../../../../../../30-RevyTechJourney/CompTIA%20A%2B%20220-1202%20Exam%20Objectives%20%284.0%29.pdf)
  • [NIST AI Risk Management Framework](https://www.nist.gov/itl/ai-risk-management-framework)
  • [Microsoft: Responsible AI principles](https://www.microsoft.com/en-us/ai/responsible-ai)
  • [Google: AI Principles](https://ai.google/principles/)
  • [EU AI Act overview](https://artificialintelligenceact.eu/)
  • [OWASP: Top 10 for LLM Applications](https://owasp.org/www-project-top-10-for-large-language-model-applications/)