Agentic Architecture
The execution model that distinguishes Cowork from standard Claude Chat. Rather than a prompt-response cycle where you ask a question and get an answer, Cowork operates as an autonomous agent that plans, decomposes, and executes multi-step tasks on your behalf. You describe the desired outcome; Claude determines the steps.
Exam context: Questions test whether you can identify when agentic architecture is the correct choice versus conversational chat. Look for scenarios involving file manipulation, batch processing, or multi-step workflows.
See also: 1.1 What Cowork Is and How It Differs from Chat
Sandboxed Virtual Machine (VM)
The isolated execution environment where Cowork runs on your local machine. The VM acts as a secure container — Claude can read, write, and manipulate files within it, but cannot access anything outside the folders you explicitly grant. If Claude runs bad code or makes an error, the damage stays inside the sandbox.
Exam context: A frequently tested concept. Know that the VM runs locally (not in the cloud), that closing the app or sleeping the computer stops execution immediately, and that Computer Use operates outside the VM boundary.
See also: 1.3 The Sandbox & Security Model
Execution Pipeline
The five-stage process Cowork follows for every task: (1) analyse the request and available resources, (2) create a visible execution plan, (3) decompose complex work into subtasks, (4) execute in the sandboxed VM with potential parallel sub-agents, (5) deliver outputs to your file system. This structured pipeline is what makes Cowork an agent rather than a chatbot.
Exam context: Questions may describe a scenario and ask which stage of the pipeline is relevant, or test whether you understand the order of operations.
See also: 1.2 How Cowork Executes Tasks
Execution Plan
The transparent to-do list that Cowork shows you before taking any action. The plan details every read, write, move, and delete operation Claude intends to perform. Reviewing the plan is your primary safety mechanism — it takes 30 seconds and has prevented accidental data loss for many users.
Exam context: Know that the plan appears before execution, that you must click "Allow" to proceed, and that skipping plan review is one of the most common mistakes new users make — especially with parallel execution, where errors multiply across sub-agents.
See also: 1.2 How Cowork Executes Tasks
Sub-Agent
A temporary parallel worker that Claude creates to handle a piece of a larger task simultaneously. Instead of processing 20 files one at a time, Claude can spin up multiple sub-agents that each handle a batch concurrently. Tasks that took 30 minutes in early testing now complete in 4-5 minutes.
Exam context: Know that sub-agents trigger automatically from natural language ("for each one", "analyse all"), that they consume more tokens (not fewer) due to separate reasoning streams, and that they cannot communicate with each other mid-process.
See also: 1.4 Sub-Agents & Parallel Execution
Directory Scoping
The primary security mechanism in Cowork. When you start a session, you select which folder Claude can access. Claude operates only within that folder and its subfolders — it cannot traverse upward to parent directories, access your Desktop, or read files elsewhere, even if you type the full file path in your prompt.
Exam context: This is the single most important security concept in Domain 1. Questions test whether you know that scoping is per-session, that it cannot be bypassed via prompt instructions, and that broad folder grants (like your entire Documents folder) are a security anti-pattern.
See also: 1.3 The Sandbox & Security Model
Deletion Protection
A system-level permission prompt that fires whenever Claude attempts to permanently remove a file from disk. Claude cannot bypass this prompt — you must explicitly click "Allow" before any deletion occurs. However, deletion protection does not cover edits, overwrites, or renames, which happen without a prompt.
Exam context: A classic exam trap. Many candidates assume deletion protection covers all modifications. It does not. Claude can freely overwrite file contents, rename files, and move them between folders without any permission prompt. Only permanent deletion triggers the safeguard.
See also: 1.3 The Sandbox & Security Model
Task Delegation
The practice of describing a desired outcome to Cowork rather than specifying individual steps. Effective delegation means telling Claude what "done" looks like — the output format, naming conventions, folder structure, and quality criteria — and letting it plan the route. This is the opposite of step-by-step micromanaging, which often produces worse results.
Exam context: Questions test whether you can distinguish outcome-oriented prompts from step-by-step instructions. Look for the prompt that describes the end-state rather than prescribing every action.
See also: 1.5 Effective Task Delegation
Network Egress Controls
Allowlist settings that restrict which domains Cowork can contact online. However, the built-in web search tool operates independently of these egress settings and can access the broader internet. This is a critical security nuance — your network restrictions have a built-in exception.
Exam context: Know that egress controls exist but have a bypass via web search. This distinction appears in security-focused questions about enterprise deployment.
See also: 1.3 The Sandbox & Security Model
Local History Storage
Cowork conversation history is stored on your device, not on Anthropic's servers. This means Cowork activity is excluded from Enterprise Audit Logs, the Compliance API, and data exports. Critically, this makes Cowork unsuitable for regulated workloads (HIPAA, financial services) until Anthropic addresses the gap.
Exam context: Questions test whether you understand the compliance implications. Know that the audit gap exists on every plan tier — including Enterprise — and is not a configuration issue but an architectural limitation.
See also: 1.3 The Sandbox & Security Model
Parallel Execution
The ability for Cowork to process multiple independent tasks simultaneously using sub-agents. Parallelism works best for batch file processing, multi-document research, and data extraction from many sources. It fails when tasks have sequential dependencies — when Step 2 requires the completed output of Step 1.
Exam context: Questions test whether you can identify genuinely independent tasks suitable for parallelism versus tasks with sequential dependencies that must run in order.
See also: 1.4 Sub-Agents & Parallel Execution
Outcome-Oriented Prompting
A delegation style where you describe the desired end-state rather than the individual steps. For example, "Organise all files in this directory into subfolders by year and month" rather than "First open file A, then look for X, then copy it to Y." Cowork is designed to figure out the path — you describe the destination.
Exam context: Virtually every prompt-comparison question in Domain 1 tests this concept. The correct answer is almost always the prompt that describes what "done" looks like rather than prescribing a sequence of actions.
See also: 1.5 Effective Task Delegation
Context Files
Markdown files (such as about-me.md, brand-voice.md, or working-preferences.md) placed in a Cowork working folder that Claude reads at the start of every session. They function like an employee onboarding binder — providing persistent role definitions, preferences, and behavioural guardrails so you never have to re-explain yourself.
Exam context: Know that context files transform Claude "from an intern into a colleague" and that skipping context setup is a common mistake that degrades output quality across every session.
See also: 1.5 Effective Task Delegation
Model Selection
The practice of choosing the appropriate Claude model (Haiku, Sonnet, or Opus) based on task complexity. Haiku handles quick, mechanical tasks efficiently. Sonnet covers the majority of daily work. Opus is reserved for deep reasoning and complex analysis. Using the most powerful model for every task wastes your rate limit without quality improvement.
Exam context: Questions present a task scenario and ask which model is most appropriate. The correct answer matches model capability to task complexity — not "always use the most powerful model."
See also: 1.5 Effective Task Delegation
Human-in-the-Loop
A pattern where Cowork pauses before taking significant or irreversible actions and requires your explicit approval. This includes file deletions, accessing new applications via Computer Use, and changes that could be destructive. You can also intervene mid-task to course-correct or provide additional direction.
Exam context: Know the difference between actions that require approval (deletions, new app access) and actions that do not (edits, overwrites, renames within the scoped folder).
See also: 1.2 How Cowork Executes Tasks
Computer Use Boundary
The distinction between tasks running inside the sandboxed VM (file processing, data analysis) and tasks running outside it via Computer Use (screen interaction, mouse/keyboard control). Computer Use operates on your actual desktop with direct access to applications, representing a fundamentally different risk level that requires separate per-application permissions.
Exam context: This boundary is tested in security questions. Know that most Cowork tasks run inside the VM, but Computer Use steps outside it — and that this changes the threat surface entirely.
See also: 1.3 The Sandbox & Security Model