⚡ Why the Command Line Matters
The Windows command line is tested heavily on A+ Core 2 — not just "what does ipconfig do" but which specific switch solves the problem in the scenario. A user can't connect after moving to a new office (
ipconfig /release and /renew). A user's profile is corrupted (sfc /scannow). You need to find what's running on port 443 (netstat -an). Knowing the command is step one — knowing the right switch is what the exam actually tests.
Networking Commands
ipconfig
IP Configuration
Networking
Displays and manages IP configuration for all network adapters. The most-used network troubleshooting command — always run this first. Shows IP address, subnet mask, default gateway, and DNS servers. If you see 169.254.x.x, DHCP has failed (APIPA).
ipconfig; show IP config for all adapters
ipconfig /all; full detail — MAC address, DHCP server, DNS servers, lease info
ipconfig /release; release DHCP lease — sends DHCPRELEASE to server
ipconfig /renew; request new DHCP lease — runs full DORA process
ipconfig /flushdns; clear the local DNS resolver cache
ipconfig /displaydns; show cached DNS entries
Exam scenarios: "User can't get online after moving to a new network — run
/release then /renew." "User reaches wrong website despite URL being correct — run /flushdns to clear stale cached DNS entry." "169.254 address seen — DHCP failed, run /release /renew or check DHCP server."ping
Packet Internet Groper — Connectivity Test
Networking
Tests basic Layer 3 (IP) connectivity using ICMP echo requests. A ping response proves the network path to that host works. No response could mean the host is down, ICMP is blocked by a firewall, or the route doesn't exist. Ping the loopback first to confirm TCP/IP is installed.
ping 127.0.0.1; loopback — tests local TCP/IP stack (should always work)
ping 192.168.1.1; test default gateway reachability
ping 8.8.8.8; test internet connectivity by IP (bypasses DNS)
ping google.com; test DNS resolution + internet connectivity
ping -t 8.8.8.8; continuous ping until Ctrl+C (monitor stability)
ping -n 10 8.8.8.8; send 10 pings (default is 4)
Exam troubleshooting ladder: ping 127.0.0.1 (TCP/IP stack OK) → ping own IP (NIC OK) → ping default gateway (local network OK) → ping 8.8.8.8 (internet routing OK) → ping google.com (DNS OK). Failure at each step identifies the layer of the problem.
tracert
Trace Route — Path Analysis
Networking
Shows the hop-by-hop path packets take to a destination and the round-trip time for each hop. Uses ICMP with incrementing TTL values. Each hop is a router. High latency at a specific hop indicates congestion or routing problems at or near that router.
* * * means that router is not responding to ICMP — not necessarily a failure.tracert 8.8.8.8; trace path to Google DNS
tracert -d 8.8.8.8; skip reverse DNS lookups (faster output)
Exam scenarios: "A user has internet access but a specific website is slow — tracert identifies which hop is adding latency." "tracert fails at hop 3 — the router at that hop is unreachable or blocking ICMP." Linux/macOS equivalent:
traceroute.nslookup
Name Server Lookup — DNS Query Tool
Networking
Queries DNS servers to resolve names to IPs or look up specific DNS records. Indispensable for diagnosing DNS problems. Can query specific DNS servers (not just the default) and request specific record types (MX, CNAME, TXT etc.).
nslookup google.com; forward lookup — name to IP
nslookup 8.8.8.8; reverse lookup — IP to name (queries PTR record)
nslookup google.com 1.1.1.1; query specific DNS server (Cloudflare here)
nslookup -type=MX gmail.com; look up MX records for a domain
nslookup -type=TXT example.com; retrieve TXT records (SPF, DMARC etc.)
Exam scenarios: "A user can ping IPs but not hostnames — run nslookup to confirm DNS resolution is failing." "Email delivery is failing — run nslookup -type=MX to check MX records." "Check if DNS cache poisoning is occurring — query a trusted external DNS server to compare results."
netstat
Network Statistics — Active Connections
Networking
Displays active network connections, listening ports, and associated processes. Critical for identifying what's using which port, detecting unexpected outbound connections (potential malware C2 traffic), and confirming services are listening.
netstat -a; all connections and listening ports
netstat -n; show addresses as numbers (no DNS resolution, faster)
netstat -an; all connections with numeric addresses — most useful
netstat -b; show executable responsible for each connection (requires admin)
netstat -ano; all connections with PID — use with tasklist to map process
netstat -e; Ethernet statistics — bytes sent/received, errors
netstat -r; routing table (same as route print)
Exam scenarios: "Identify which process is using port 8080 — run
netstat -ano then find the PID in tasklist." "Suspected malware — run netstat -an to look for unexpected ESTABLISHED connections to external IPs."System Maintenance Commands
sfc
System File Checker
System
Scans and repairs corrupted or missing Windows system files. Compares protected system files against a cached copy stored in the WinSxS folder. Repairs any files that don't match. Must be run as Administrator. On Windows 10/11, run DISM first if sfc reports it cannot fix files.
sfc /scannow; scan and repair — most common usage, requires admin
sfc /verifyonly; scan only, no repairs
DISM /Online /Cleanup-Image /RestoreHealth; repair component store first if sfc fails
Exam scenarios: "A user reports random application crashes and missing DLL errors — run
sfc /scannow to repair corrupted system files." "sfc /scannow reports it could not repair some files — run DISM /RestoreHealth first, then re-run sfc."chkdsk
Check Disk — File System and Disk Integrity
Disk
Scans a disk for file system errors and bad sectors. Without switches, chkdsk runs read-only and reports errors but doesn't fix them. With
/f it fixes file system errors; with /r it locates bad sectors and attempts to recover data. On the system drive, chkdsk /f schedules the check to run at next boot (cannot check a drive that's in use).chkdsk C:; read-only scan of C: drive — reports errors, no fixes
chkdsk C: /f; fix file system errors (schedules on reboot for C:)
chkdsk C: /r; locate bad sectors + fix errors (implies /f, slower)
chkdsk D: /f /r; fix + bad sector scan on data drive D:
Exam scenarios: "A user reports files becoming corrupted and Windows showing disk errors — run
chkdsk /r to check for bad sectors." "/f vs /r: /f fixes file system logical errors; /r does everything /f does plus physical bad sector scan."tasklist / taskkill
Process Management
System
tasklist shows all running processes and their PIDs. taskkill terminates a process by PID or name. Used together to identify and kill unresponsive or suspicious processes from the command line (Task Manager alternative, useful in scripts or when the GUI is unresponsive).tasklist; list all running processes with PID and memory
tasklist | find "notepad"; filter output — find specific process
taskkill /PID 1234; graceful terminate by PID
taskkill /IM notepad.exe; terminate by image name
taskkill /PID 1234 /F; force kill — use when graceful fails
Exam scenarios: "From netstat -ano you found PID 4820 has an unexpected external connection — use tasklist to identify the process, then taskkill /PID 4820 /F to terminate it."
shutdown
Shutdown / Restart
System
Shuts down, restarts, or logs off local or remote systems from the command line. Useful for remote administration and scripted maintenance.
shutdown /s /t 0; shutdown immediately (/t 0 = 0 second delay)
shutdown /r /t 0; restart immediately
shutdown /s /m \\PCNAME /t 60; shutdown remote PC in 60 seconds
shutdown /a; abort a pending shutdown
Exam note:
/s = shutdown, /r = restart, /t = time delay in seconds, /m = remote machine. Remote shutdown requires admin rights on the target machine.User and Account Management Commands
net user
Local User Account Management
Accounts
Creates, modifies, and manages local user accounts from the command line. Also displays account details. Requires Administrator privileges for modifications.
net user; list all local user accounts
net user jsmith; show details for user jsmith (last logon, groups, password info)
net user jsmith /add; create new local account jsmith
net user jsmith NewPass1! ; reset password for jsmith
net user jsmith /active:no; disable account
net user jsmith /delete; delete account
net localgroup administrators jsmith /add; add user to local admins group
Exam scenarios: "An employee is on leave — disable their account:
net user jsmith /active:no." "New temp worker needs a local account — net user tempuser Pass1! /add."gpupdate / gpresult
Group Policy Management
Group Policy
gpupdate forces an immediate Group Policy refresh — instead of waiting for the background refresh interval (90 minutes ± 30 for computers, 90 minutes for users). gpresult shows which policies are actually applied to the current user and computer.gpupdate; refresh user and computer policies
gpupdate /force; re-apply all policies even if unchanged
gpresult /r; summary of applied policies for current user/computer
gpresult /h gp-report.html; full HTML report of all applied GPOs
Exam scenarios: "A new GPO was deployed but users aren't seeing the change — run
gpupdate /force on affected machines." "Verify which GPOs are applying to a user — run gpresult /r."File and Disk Commands
diskpart
Disk Partition Manager
Disk
Powerful command-line tool for managing disks, partitions, and volumes. Used when the GUI Disk Management tool won't work — particularly for pre-OS environments (Windows PE/recovery). Dangerous — changes are immediate and irreversible.
diskpart; launch interactive diskpart prompt
list disk; show all physical disks
select disk 1; target disk 1 for operations
list partition; show partitions on selected disk
clean; wipe all partition data from selected disk
Exam scenarios: "Preparing a new drive for Windows installation — use diskpart to create and format partitions." "A drive shows as RAW — diskpart can reformat (after data backup)."
robocopy / xcopy
File Copy with Advanced Options
Files
robocopy (Robust File Copy) is the modern standard for copying files and folder trees with reliability features — retries on failure, preserves permissions and timestamps, mirrors directories, and can run as a sync job. xcopy is the older alternative, still tested on A+.robocopy C:\Source D:\Dest /E; copy all files + subdirectories including empty ones
robocopy C:\Source D:\Dest /MIR; mirror — exact copy, deletes files in dest not in source
xcopy C:\Source D:\Dest /E /H /Y; copy all files, hidden files, no prompt to overwrite
Exam note: robocopy is preferred over xcopy for A+ Core 2 — it's more reliable, handles long paths, and has better error handling. /MIR is used for backup sync jobs.
Command Quick Reference
| Command | Primary Use | Key Switch |
|---|---|---|
| ipconfig /all | Show full IP config inc. MAC, DHCP server | /release + /renew = fix DHCP. /flushdns = clear DNS cache |
| ping | Test Layer 3 connectivity hop by hop | -t = continuous. -n 10 = 10 packets |
| tracert | Show path and latency to destination | -d = skip DNS lookups (faster) |
| nslookup | Query DNS records | -type=MX, -type=TXT for specific records |
| netstat -ano | Show active connections with PID | -b = show process name (admin only) |
| sfc /scannow | Repair corrupted system files | Run as admin. Run DISM first if it fails. |
| chkdsk /r | Check disk for errors + bad sectors | /f = fix errors only. /r = fix + bad sectors |
| tasklist | List running processes | Pipe to find "name" to filter |
| taskkill /F | Force-kill process by PID or name | /PID = by ID. /IM = by name |
| net user | Manage local user accounts | /add, /delete, /active:no |
| gpupdate /force | Force Group Policy refresh | /force re-applies all policies |
| gpresult /r | Show applied Group Policy objects | /h file.html = full report |
| shutdown /r /t 0 | Immediate restart | /s = shutdown. /m \\PC = remote |
| diskpart | Disk and partition management | Interactive — list disk, select, clean |
| robocopy /MIR | Mirror copy / backup sync | /E = include empty subdirs |
Opening the command prompt correctly
Standard CMD: Win+R → cmd → Enter. Limited privileges — cannot run commands that require admin.
Elevated CMD (Run as Administrator): Search "cmd" → right-click → "Run as administrator." Required for sfc, chkdsk /f, net user changes, and most system commands. Many A+ exam scenarios specifically note that admin privileges are needed.
PowerShell vs CMD: PowerShell is the modern shell and can run all CMD commands plus its own cmdlets. The A+ Core 2 exam tests CMD commands specifically — know both exist but focus on CMD syntax for the exam.
Exam Scenarios
💬 "A user moved to a new building and cannot get an IP address. Their adapter shows 169.254.x.x. Which commands should the technician run?" →
ipconfig /release followed by ipconfig /renew — releases the failed APIPA address and requests a new DHCP lease on the new network.💬 "A user can ping 8.8.8.8 but cannot reach google.com by name. Which command diagnoses the DNS problem?" →
nslookup google.com — confirms DNS resolution is failing. Also run ipconfig /flushdns to clear any stale cached entries.💬 "A technician suspects a process is making unexpected connections to an external IP. Which commands identify the process?" →
netstat -ano to see the connection and its PID, then tasklist | find "PID" to identify the process name.💬 "A user reports application crashes and missing DLL errors after a Windows update. Which command should be run first?" →
sfc /scannow (as Administrator) — scans and repairs corrupted Windows system files. If it fails, run DISM /RestoreHealth first.💬 "A drive is showing file system errors after an improper shutdown. Which command with which switches fixes this?" →
chkdsk C: /f — /f fixes file system errors. Add /r if you also want to check for bad sectors (slower but more thorough).💬 "An IT admin deployed a new Group Policy restricting USB drives, but users are still able to use USB drives. What should the admin run on the affected machines?" →
gpupdate /force — forces immediate re-application of all Group Policy objects without waiting for the background refresh interval.💬 "Which command shows the route packets take across the internet and identifies where latency is being introduced?" →
tracert — traces the hop-by-hop path and shows round-trip time for each router, identifying where delays occur.Studying for A+ Core 2?
See the best study guides and practice exams for the 220-1202 exam.