This chapter covers the essential Windows command line tools that every CompTIA A+ technician must know. These tools are used for system configuration, troubleshooting, and automation. On the 220-1102 exam, approximately 15-20% of questions in the Operating Systems domain (Objective 1.2) involve command line tools, either directly or as part of a troubleshooting scenario. Mastering these commands is critical because they often provide the fastest and most accurate way to diagnose and resolve issues.
Jump to a section
Imagine you are a technician troubleshooting a car. The GUI (Graphical User Interface) is like the car's dashboard—you can see warning lights, fuel level, and speed, but you cannot directly adjust the engine timing or test individual sensors. To perform detailed diagnostics, you need a specialized tool like an OBD-II scanner. In Windows, the command line tools are that scanner. They give you direct, low-level access to the operating system's internals. For example, just as a mechanic uses a multimeter to measure voltage at a specific pin, you use ping to test network connectivity to a specific host. Similarly, ipconfig is like reading the VIN and tire pressure—it gives you precise configuration details. The command line is not just a faster way to do GUI tasks; it can perform operations that have no GUI equivalent, such as scripting repetitive tasks or accessing system information that is hidden. This analogy helps you understand that mastering command line tools is essential for deep troubleshooting and automation, which is exactly what CompTIA A+ expects from a certified professional.
What Are Windows Command Line Tools?
Windows command line tools are executable programs that run in a text-based interface, such as Command Prompt (cmd.exe) or PowerShell. They allow users to perform system administration tasks, manage files, configure network settings, and troubleshoot hardware and software issues. Unlike GUI tools, command line tools can be scripted and automated, making them essential for efficient IT support.
Why They Exist
The command line interface (CLI) predates GUIs and remains crucial because it provides direct access to the operating system's core functions. Many advanced diagnostic and configuration tasks are only possible via CLI. For the CompTIA A+ exam, you need to know the most common commands and their switches.
How They Work Internally
When you type a command and press Enter, the command interpreter (cmd.exe or PowerShell) parses the input, locates the executable (either an internal command built into the interpreter or an external .exe file in a directory listed in the PATH environment variable), and executes it. The command then interacts with the Windows API or directly with hardware drivers to perform the requested operation. Output is displayed in the console window.
Key Commands for 220-1102
#### ipconfig
- Purpose: Displays IP configuration for all network interfaces.
- Key switches:
- /all – Shows detailed info including MAC address, DHCP server, lease times.
- /release – Releases DHCP lease.
- /renew – Renews DHCP lease.
- /flushdns – Clears DNS resolver cache.
- /registerdns – Refreshes DHCP lease and re-registers DNS names.
- Default lease time: 8 days for typical DHCP servers.
- Exam tip: ipconfig /flushdns is used when DNS resolution issues occur; ipconfig /renew is used after releasing an IP.
#### ping
- Purpose: Tests reachability of a host by sending ICMP Echo Request packets.
- Default behavior: Sends 4 packets (on Windows) and waits for Echo Replies.
- Key switches:
- -t – Pings continuously until stopped (Ctrl+C).
- -n <count> – Specifies number of echo requests.
- -l <size> – Sets packet size (default 32 bytes).
- -a – Resolves IP address to hostname.
- Exam tip: ping 127.0.0.1 tests the TCP/IP stack; ping with -t is used for extended testing.
#### tracert (or tracert)
- Purpose: Traces the route packets take to a destination.
- How it works: Uses ICMP Time Exceeded messages. Increments TTL starting at 1, each hop replies with a Time Exceeded message, revealing the router's IP.
- Key switches:
- -h <hops> – Maximum hops to search (default 30).
- -d – Do not resolve addresses to hostnames (faster).
- Exam tip: Use tracert when a user can reach some sites but not others; the trace shows where packets stop.
#### nslookup
- Purpose: Queries DNS servers for DNS records.
- Interactive mode: Type nslookup and then enter queries.
- Non-interactive: nslookup <hostname> returns IP address.
- Key switches:
- -type=<recordtype> – e.g., -type=MX for mail exchange records.
- Exam tip: Use nslookup to verify DNS resolution; a failure may indicate DNS server issues.
#### netstat
- Purpose: Displays active network connections, listening ports, and routing tables.
- Key switches:
- -a – Shows all connections and listening ports.
- -n – Displays addresses and ports in numerical form (faster).
- -o – Shows the owning process ID (PID).
- -b – (admin) Shows the executable name involved in creating the connection.
- Exam tip: netstat -an shows all connections without DNS resolution; netstat -b requires admin rights and shows which program is using a port.
#### net command
- Purpose: Manages network resources, user accounts, and services.
- Common uses:
- net use – Maps network drives.
- net user – Manages user accounts.
- net localgroup – Manages local groups.
- net stop/start <service> – Stops/starts a service.
- net share – Lists shared folders.
- Exam tip: net use X: \\server\share maps drive X; net user username password /add creates a user.
#### tasklist and taskkill
- Purpose: Lists running processes and terminates them.
- `tasklist`: Shows processes with PID and memory usage.
- /svc – Shows services hosted in each process.
- /v – Verbose output.
- `taskkill`: Ends a process by PID or name.
- /pid <PID> – Kills by PID.
- /im <imagename> – Kills by image name (e.g., notepad.exe).
- /f – Forcefully terminates.
- Exam tip: Use tasklist to find a PID, then taskkill /pid <PID> to end a hung program.
#### shutdown
- Purpose: Shuts down or restarts a local or remote computer.
- Key switches:
- /s – Shutdown.
- /r – Restart.
- /t <seconds> – Time before shutdown (default 30).
- /a – Abort shutdown.
- /m \\computername – Remote shutdown.
- Exam tip: shutdown /r /t 0 immediately restarts; /a cancels a pending shutdown.
#### sfc (System File Checker)
- Purpose: Scans and repairs protected system files.
- Command: sfc /scannow – Scans all protected files and replaces corrupted ones from a cached copy.
- Note: Requires administrator privileges.
- Exam tip: Run sfc /scannow in a Command Prompt as Administrator when system files are corrupted (e.g., missing DLL errors).
#### chkdsk (Check Disk)
- Purpose: Checks file system integrity and fixes errors.
- Key switches:
- /f – Fixes errors on disk.
- /r – Locates bad sectors and recovers readable info (implies /f).
- /x – Forces volume dismount before scan.
- Note: Often requires a reboot to run on system drive.
- Exam tip: chkdsk /f C: fixes file system errors; chkdsk /r also checks for physical errors.
#### diskpart
- Purpose: Disk partition management tool.
- Interactive: Type diskpart to enter its shell.
- Common commands:
- list disk – Shows disks.
- select disk <n> – Selects a disk.
- list partition – Shows partitions.
- create partition primary – Creates a primary partition.
- format fs=ntfs quick – Formats partition as NTFS.
- assign letter=<letter> – Assigns a drive letter.
- Exam tip: Use diskpart to partition a new disk; be careful as it can erase data.
#### gpupdate and gpresult
- Purpose: Refreshes Group Policy settings and displays policy results.
- `gpupdate /force`: Forces a reapplication of policies.
- `gpresult /r`: Shows applied policies for the current user and computer.
- Exam tip: After changing a Group Policy, run gpupdate /force to apply changes without rebooting.
#### format
- Purpose: Formats a disk with a file system.
- Syntax: format X: /fs:NTFS /q – Quick format drive X as NTFS.
- Key switches:
- /fs:<filesystem> – FAT, FAT32, exFAT, NTFS, ReFS.
- /q – Quick format.
- Exam tip: Quick format only clears the file table, not the data; full format checks for bad sectors.
#### copy, xcopy, and robocopy
- Purpose: Copy files and directories.
- `copy`: Basic file copy, cannot copy subdirectories.
- `xcopy`: Extended copy with switches like /s (subdirectories), /e (empty directories), /c (continue on error).
- `robocopy`: Robust copy with advanced features like multi-threading, retry on error, and mirroring.
- /mir – Mirrors a directory tree (deletes files in destination that are not in source).
- /r:<n> – Number of retries (default 1 million).
- /w:<n> – Wait time between retries (default 30 seconds).
- Exam tip: robocopy is the preferred tool for large or network copies; xcopy is simpler but deprecated.
#### md and rd
- Purpose: Create and remove directories.
- `md <dirname>`: Creates a directory.
- `rd /s <dirname>`: Removes a directory tree (with /s for subdirectories).
- Exam tip: rd without /s only removes empty directories.
Summary of Command Categories
Network: ipconfig, ping, tracert, nslookup, netstat, net
Process Management: tasklist, taskkill
System Configuration: shutdown, sfc, chkdsk, diskpart, gpupdate, gpresult
File Management: copy, xcopy, robocopy, md, rd, format
How They Interact with Other Technologies
Command line tools often work in conjunction with other Windows features. For example, ipconfig /flushdns clears the DNS resolver cache, which interacts with the DNS Client service. sfc relies on the Windows Resource Protection (WRP) feature. chkdsk interacts with the file system driver (NTFS.sys). Understanding these interactions helps you choose the right tool for a given symptom.
Identify the Problem
Begin by gathering information from the user. Determine the exact error message, what the user was doing, and when the issue started. For example, if a user cannot access a website, note the URL and error. This step sets the direction for which command line tool to use. A common mistake is jumping to a tool without understanding the symptom.
Test Network Connectivity with ping
Use `ping` to test basic connectivity. Start with `ping 127.0.0.1` to verify the TCP/IP stack works. Then ping the default gateway (obtained from `ipconfig`). If that fails, the issue is local. Then ping a remote server like 8.8.8.8. If that succeeds but DNS fails, the issue is name resolution. The `ping` command sends ICMP Echo Requests and waits for Echo Replies. Default timeout is 4000 ms on Windows.
Check IP Configuration with ipconfig
Run `ipconfig /all` to view IP address, subnet mask, default gateway, and DNS servers. Look for an APIPA address (169.254.x.x) indicating DHCP failure. Check if the IP is in the correct subnet. Also note the DHCP lease expiration time. If the IP is incorrect, use `ipconfig /release` then `ipconfig /renew` to obtain a new lease.
Trace the Route with tracert
If ping to a remote host fails, use `tracert <destination>` to see where packets stop. Each hop shows the router's IP and response time. If packets stop at a specific hop, that router may be misconfigured or blocking traffic. The default max hops is 30. Use `-d` to avoid DNS lookups and speed up the trace.
Verify DNS Resolution with nslookup
If ping works to IP but not to hostname, use `nslookup <hostname>` to check DNS. If it returns an error, the DNS server may be unreachable or the record missing. Use `nslookup <hostname> <DNS server IP>` to query a specific DNS server. This isolates whether the problem is with the DNS server or the local resolver.
Scenario 1: Network Outage in a Small Office
A user reports they cannot access the internet. The technician first runs ipconfig and sees an APIPA address (169.254.1.5). This indicates the DHCP server is unreachable. The technician checks the physical connection and then runs ipconfig /release followed by ipconfig /renew. If renewal fails, they check the DHCP server (often a router). They use ping to test connectivity to the router's IP (192.168.1.1). If ping fails, they suspect a bad cable or switch port. They use tracert to see if the router itself is reachable. In this scenario, the problem was a faulty Ethernet cable. The technician replaced it and ran ipconfig /renew to get a valid IP. This example shows how command line tools quickly isolate the issue.
Scenario 2: DNS Resolution Failure in a Corporate Environment
A user cannot access internal resources like intranet.domain.com but can access external sites by IP. The technician runs nslookup intranet.domain.com and gets a 'server failed' error. They then run nslookup with a different DNS server (e.g., 8.8.8.8) and it resolves, indicating the corporate DNS server is misconfigured. They check the DNS server's event logs and find a zone transfer failure. They fix the zone transfer and run ipconfig /flushdns on the client to clear the negative cache. The issue is resolved. This scenario demonstrates how nslookup and ipconfig work together to diagnose DNS issues.
Scenario 3: Application Crashing Due to Corrupted System Files
A user reports that a critical application crashes on startup. The technician runs sfc /scannow from an elevated command prompt. The scan finds corrupted system files and replaces them from the cache. After a reboot, the application works. If sfc cannot repair the files, the technician might use DISM /Online /Cleanup-Image /RestoreHealth to repair the component store. This scenario shows the importance of sfc in maintaining system integrity.
What the 220-1102 Exam Tests
The exam objectives for 220-1102 (Objective 1.2) specifically list the following command line tools: ipconfig, ping, tracert, nslookup, netstat, net, tasklist, taskkill, shutdown, sfc, chkdsk, diskpart, gpupdate, gpresult, format, copy, xcopy, robocopy, md, rd. The exam tests your ability to choose the correct tool for a given scenario and to use the correct syntax (especially switches).
Common Wrong Answers
Using `ipconfig /release` without `/renew`: Candidates often think releasing the IP alone fixes connectivity. The correct sequence is release then renew.
Confusing `ping -t` with `tracert`: ping -t pings continuously; tracert traces the route. The exam might describe a scenario where a user can reach some sites but not others, and the correct tool is tracert, not ping.
Thinking `sfc` repairs all file issues: sfc only repairs protected system files. For other files, use different tools.
Using `format` without specifying file system: The default file system on Windows 10/11 for large drives is NTFS, but the exam expects you to know the /fs: switch.
Specific Numbers and Values
ping default count: 4 packets.
tracert default max hops: 30.
shutdown default timeout: 30 seconds.
robocopy default retries: 1 million.
robocopy default wait: 30 seconds.
APIPA address range: 169.254.0.0/16.
DHCP lease default: 8 days.
Edge Cases
`sfc /scannow` requires administrator privileges – the exam will test that you must run Command Prompt as Administrator.
`chkdsk` on system drive requires a reboot – the exam may ask about scheduling a scan at next reboot.
`diskpart` can be destructive – the exam tests that you must select the correct disk before creating partitions.
`gpupdate /force` forces a foreground refresh – the exam may contrast it with gpupdate without /force.
How to Eliminate Wrong Answers
If the scenario involves DNS, eliminate tools like ping (unless testing IP connectivity) and focus on nslookup or ipconfig /flushdns.
If the scenario involves a hung application, use tasklist then taskkill, not shutdown.
If the scenario involves disk errors, use chkdsk, not sfc.
If the scenario involves file copy with many files, choose robocopy over copy or xcopy.
`ipconfig /flushdns` clears the local DNS cache; use after DNS changes.
`ping -t` pings continuously until stopped with Ctrl+C; use for extended testing.
`tracert` shows the path packets take; default max hops is 30.
`nslookup` queries DNS servers; use `nslookup <host> <DNS server>` to test specific DNS.
`netstat -an` shows all active connections and listening ports in numerical form.
`taskkill /f /im <process.exe>` forcefully terminates a process by name.
`sfc /scannow` scans and repairs protected system files; must run as admin.
`chkdsk /r` locates bad sectors and recovers readable data; implies `/f`.
`robocopy /mir` mirrors a directory; deletes files in destination not in source.
`gpupdate /force` reapplies all Group Policy settings; no reboot required.
These come up on the exam all the time. Here's how to tell them apart.
Command Prompt (cmd.exe)
Uses legacy commands like `ipconfig`, `ping`.
Output is plain text; scripting is batch (.bat).
No object-oriented output; text parsing required.
Commands are case-insensitive but not consistent.
Limited remote management capabilities.
PowerShell
Uses cmdlets like `Get-NetIPAddress` (but also supports legacy commands).
Output is objects; scripting is .ps1.
Object-oriented piping; easier to manipulate data.
Consistent verb-noun naming (Get-*, Set-*).
Built-in remoting via WinRM (Enter-PSSession).
Mistake
`ping 127.0.0.1` tests network adapter hardware.
Correct
`ping 127.0.0.1` only tests the TCP/IP stack (loopback). It does not test the network adapter or cable. A successful ping to 127.0.0.1 means the TCP/IP protocol is installed and working, but the adapter could still be faulty.
Mistake
`ipconfig /flushdns` clears all DNS caches on the network.
Correct
`ipconfig /flushdns` only clears the local DNS resolver cache on the client machine. It does not clear DNS caches on routers, servers, or other computers.
Mistake
`tracert` uses ICMP Echo Requests by default on Windows.
Correct
`tracert` on Windows uses ICMP Echo Requests with varying TTL. On Linux/Unix, `traceroute` uses UDP packets by default. This difference is important for firewalls that block ICMP.
Mistake
`sfc /scannow` can repair any corrupted file.
Correct
`sfc` only repairs protected system files that are cached in the `%WinDir%\System32\dllcache` folder. It cannot repair non-system files or files not in the cache. For component store corruption, use `DISM` first.
Mistake
`chkdsk /f` fixes bad sectors.
Correct
`chkdsk /f` only fixes file system errors (e.g., cross-linked files). To locate and recover data from bad sectors, use `chkdsk /r`. The `/r` switch includes the functionality of `/f` and also scans for physical errors.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
Open Command Prompt and type `ipconfig`. Look for the IPv4 Address under your active network adapter. For more details, use `ipconfig /all` to see MAC address, DHCP server, and lease times.
It sends ICMP Echo Requests to the loopback address (127.0.0.1), which tests the TCP/IP stack of your computer. It does not test your network adapter or cable. Success indicates that TCP/IP is installed and working correctly.
Run `ipconfig /flushdns` in an elevated Command Prompt (Run as Administrator). This clears the local DNS resolver cache. After flushing, DNS queries will be resolved from scratch.
`ping` tests reachability and measures round-trip time to a host. `tracert` traces the route packets take, showing each hop (router) along the path. Use `ping` for basic connectivity; use `tracert` to identify where packets are lost.
Run `sfc /scannow` in an elevated Command Prompt. It scans all protected system files and replaces corrupted ones from a cached copy. If `sfc` fails, run `DISM /Online /Cleanup-Image /RestoreHealth` to repair the component store, then run `sfc` again.
First, find the process ID (PID) using `tasklist`. Then use `taskkill /pid <PID> /f` to forcefully terminate it. Alternatively, use `taskkill /im <processname.exe> /f` to kill by image name.
`net use` maps a network drive to a shared folder. Example: `net use X: \\server\share` maps drive X to the share. Use `net use * /delete` to remove all mapped drives.
You've just covered Windows Command Line Tools — now see how well it sticks with free 220-1102 practice questions. Full explanations included, no account needed.
Done with this chapter?