LAT: 0000
LON: 0000
DEP: 0000
LON: 0000
DEP: 0000
Windows First. Linux and macOS in Support. Flags, Output, and Tactical Practice.
Graphical interfaces made systems easier to navigate, but they never replaced the command line. In support work, the shell remains one of the fastest ways to inspect a machine, verify identity, gather network data, repair files, query policy, and move through a broken system when the GUI is slow, hidden, restricted, or unavailable.
That is why command-line work keeps showing up in technician training. A good tech does not memorize commands as trivia. They learn what each command reveals, what common flags change the result, and what output patterns matter during troubleshooting.
This module keeps Windows at the center because that is the most heavily tested side of the Core 2 objective set, but it also gives you enough Linux Bash and macOS Terminal context to avoid confusion when the shell changes around you.
The command line is not just a relic—it began in the 1960s when early terminals like the Teletype Model 33 provided interactive access to mainframes. Louis Pouzin coined the term shell in 1964 for the Multics project, and the concept matured with UNIX in the early 1970s, introducing piping and scripting. Microcomputers running CP/M and MS-DOS borrowed Unix-style syntax and features in the late 1970s and 1980s.
Graphical user interfaces emerged in the 1980s but did not displace the CLI. Even today, servers, embedded systems and automation tools rely on shells like bash, zsh, cmd.exe and PowerShell. Knowing where the shell came from helps you appreciate why it remains essential across platforms.
Reorder the following events to construct the correct chronology of command-line evolution. Drag each card into the correct position, then click Check Order to verify.
Before typing a single command, you must understand the environment interpreting it. A shell is the program that takes your typed text, translates it into operating system instructions, and returns the output. If you type a Windows command into a Linux shell, it fails. Knowing which shell you are in is step one of any troubleshooting scenario.
The foundational Windows shell. It traces its roots back to MS-DOS. This is the home of classic utilities like dir, cd, ipconfig, and ping. While older, it remains the primary syntax tested for basic network and OS troubleshooting in Core 2.
The modern, object-oriented administration shell for Windows. It processes structured data (objects) rather than just plain text. It is the tool of choice for automation, scripting, and enterprise management, using "cmdlets" like Get-Process.
The default environment for most Linux distributions and macOS (which uses zsh, a close relative). These shells treat everything as files and text streams, relying heavily on chaining commands together using "pipes" (|) for powerful text manipulation.
The support mission remains the same across platforms: you still need to check IP addresses, restart services, and verify file permissions. The exam tests your ability to recognize the OS context and reach for the correct syntax. A technician who accidentally types ipconfig on a Linux server reveals they don't know their environment.
The prompt changes, but the mission stays the same. Move through the file system, inspect the machine, manage permissions, control software, verify interfaces, review processes, edit configuration files, and gather proof before making changes. This chart maps the Linux-driven tools against their Windows equivalents.
| Linux Command / Task | Windows CMD / PowerShell Equivalent | Linux / macOS Terminal |
|---|---|---|
| List directory contents | dir |
ls |
| Show current working directory | cd |
pwd |
| Change directory | cd folder |
cd folder |
| Move or rename a file or directory | move / ren |
mv |
| Copy a file or directory | copy / xcopy / robocopy |
cp |
| Remove files or directories | del / rmdir |
rm |
| Change file or directory permissions | icacls / attrib* |
chmod |
| Change file ownership | takeown / icacls |
chown |
| Run as another user / elevated privileges | runas |
su / sudo |
| Manage software packages on Debian-based systems | N/A in CMD** | apt-get |
| Manage software packages on Red Hat-based systems | N/A in CMD** | yum |
| Manage network interfaces (modern) | ipconfig / netsh |
ip |
| Configure / inspect wired or wireless interfaces (legacy) | ipconfig / netsh wlan |
ifconfig / iwconfig*** |
| Show running processes | tasklist |
ps |
| Real-time process / resource monitor | taskmgr**** |
top |
| Search for text or patterns in files/output | find / findstr |
grep |
| Edit configuration files in terminal | notepad / edit* |
vi / nano*** |
| Report disk / file system free space | wmic logicaldisk get size,freespace,caption / fsutil volume diskfree |
df |
| Low-level copy / disk imaging / backup | No direct CMD equivalent | dd |
| Terminate a process | taskkill |
kill |
| Open built-in manual/help pages | help / [command] /? |
man |
| Display file contents | type |
cat |
* Windows does not map perfectly here. attrib changes file attributes, not Unix-style permissions, and edit is legacy / not standard on modern systems.
** Windows handles software installs differently and does not have a direct CMD twin for apt-get or yum in the same exam sense.
*** ifconfig, iwconfig, and nano are common on Linux. macOS commonly supports ifconfig and vi, but not every Linux tool appears by default the same way on macOS.
**** taskmgr launches Task Manager rather than keeping the workflow fully inside the shell, but it is the closest Windows match for the exam-level purpose of top.
cd and dir help you find where you are and what is in front of you before you touch anything else.
ipconfig, ping, netstat, nslookup, net use, tracert, and pathping let you read the connection story.
chkdsk, format, diskpart, md, rmdir, and robocopy live where storage work gets serious.
hostname, net user, winver, whoami, gpupdate, gpresult, and sfc reveal who the system is and what state it is in.
This deck is Windows-first and maps to the command-line tooling students are expected to recognize for Core 2. But the goal is not just to memorize command names. A strong technician learns what job the command belongs to, what kind of evidence it produces, and why it would be the right choice for a given symptom.
Think of these commands as tactical tools. Some help you move through the system. Some help you inspect network status and reachability. Some help you repair storage or operating system issues. Others help you confirm identity, policy, or version information. When a learner connects the command to its mission, retention becomes much stronger.
That is also how these commands show up in the real world. A technician does not randomly type netstat or sfc. They choose them because they suspect a specific fault domain. The command is the tool. The symptom is the reason. The output is the evidence.
ipconfig is not just “the IP one.” It is the command you run when you need to inspect addressing, gateway logic, DNS assignment, or DHCP state. Attach the command to the job it performs.
A login issue, broken network path, damaged file system, and policy mismatch should not all lead to the same tool. The symptom should guide the command family you reach for first.
The plain command often gives only surface information. The right flag turns the tool into something more diagnostic, more specific, and more useful under pressure.
Typing the command is only step one. The real skill is reading the result and understanding what it confirms, what it rules out, and what should happen next.
Changes the current working directory.
Example:cd C:\Users\bb
Common Uses:cd .. moves up one folder level.cd \ jumps to the root of the current drive.cd /d changes both the drive and directory at the same time.
What to notice:
This command controls location. If you are in the wrong directory, later commands become confusing or fail.
Lists files and folders in the current location.
Example:dir /a
Common Flags:/a shows hidden and system items./o sorts the results./p pauses one screen at a time.
What to notice:
Use this to verify what is actually present before opening, copying, deleting, or troubleshooting files.
Shows IP configuration information for network adapters.
Example:ipconfig /all
Common Flags:/all shows full adapter details./release drops the current DHCP lease./renew requests a new lease./flushdns clears the local DNS resolver cache.
What to notice:
Pay attention to IPv4 address, subnet mask, default gateway, DNS servers, and DHCP status.
Tests basic network reachability to another host.
Example:ping 8.8.8.8
Common Flags:-n sets the number of echo requests.-t keeps ping running until stopped.-4 forces IPv4.
What to notice:
Look for successful replies, timeouts, latency, and whether a hostname resolved before the ping began.
Shows active connections, listening ports, and protocol statistics.
Example:netstat -a
Common Flags:-a shows all active connections and listeners.-n shows numeric IPs and ports only.-b shows the executable tied to the connection when permissions allow it.
What to notice:
Focus on states like LISTENING and ESTABLISHED.
Queries DNS to resolve names or inspect DNS answers.
Example:nslookup intranet
Common Uses:server queries a specific DNS server.set type=a focuses on IPv4 host records.exit leaves interactive mode.
What to notice:
Look at which DNS server answered and what address or failure result came back.
Maps, displays, or removes network share connections.
Example:net use Z: \\FILE01\Shared
Common Flags:/delete removes a mapped connection./persistent:yes reconnects at sign-in.* lets Windows choose the next available drive letter.
What to notice:
This command is about share access and mapped drives, not just generic networking.
Shows the hop-by-hop route toward a destination.
Example:tracert -d 8.8.8.8
Common Flags:-d skips hostname resolution.-h sets maximum hop count.-4 forces IPv4.
What to notice:
The important clue is where the path slows, changes, or stops responding.
Combines route tracing with packet-loss analysis.
Example:pathping 8.8.8.8
Common Flags:-n prevents name resolution.-h sets max hops.-q controls how many queries are sent to each hop.
What to notice:
This command takes longer because it gathers deeper loss data across the path.
Checks a disk for logical file system errors and possible storage problems.
Example:chkdsk C: /f
Common Flags:/f fixes logical errors./r locates bad sectors and attempts recovery./x forces the volume to dismount first if needed.
What to notice:/r is more thorough and slower than /f.
Prepares a drive or volume with a file system.
Example:format E: /q /fs:NTFS
Common Flags:/q performs a quick format./fs:NTFS sets the file system./v assigns a volume label.
What to notice:
This command is powerful and destructive if used carelessly.
Launches the disk partition management shell.
Example:diskpart
Common Uses:list disk shows physical disks.list volume shows volumes.select disk 0 targets a specific disk for later actions.
What to notice:
This command opens its own shell environment rather than just printing one quick result.
Creates a new directory.
Example:md Reports
Common Use:
Follow the command with the folder name you want to create.
What to notice:
This builds folder structure, not files.
Removes a directory.
Example:rmdir /s TempLab
Common Flags:/s deletes the directory and everything inside it./q suppresses prompts in some cases.
What to notice:/s makes this much more destructive than deleting an empty folder.
Copies files and directory trees with more control than basic copy tools.
Example:robocopy C:\Data D:\Backup /e
Common Flags:/e copies all subdirectories including empty ones./mir mirrors source and destination including deletions./copyall preserves full file information such as attributes and permissions.
What to notice:/mir is useful, but risky if the learner does not understand that deletions can be mirrored too.
Displays the computer name.
Example:hostname
Common Use:
Usually run by itself without an important switch for normal hostname output.
What to notice:
Useful in remote sessions or multi-system work where identity mistakes happen.
Displays user account information or lists user accounts.
Example:net user bb
Common Flags:
Adding a username targets that account./domain works against domain accounts when applicable./active:no disables the specified account.
What to notice:
Understand whether the command is working locally or against domain context.
Opens the Windows version dialog.
Example:winver
Common Use:
Usually run by itself without meaningful flags for normal use.
What to notice:
This is a quick version-verification tool, not a deep reporting command.
Displays the current signed-in security context.
Example:whoami
Common Flags:/groups shows group memberships./priv shows assigned privileges.
What to notice:
This is especially useful when permissions or administrative context are in question.
Shows built-in help for many Windows commands.
Example:ipconfig /?
Common Use:/? displays syntax, switches, and usage guidance for the command placed before it.
What to notice:
This reinforces the idea that the shell often contains its own documentation.
Refreshes Group Policy settings.
Example:gpupdate /force
Common Flags:/force reapplies all policy settings./target:user refreshes only user policy./target:computer refreshes only computer policy.
What to notice:
This command refreshes policy. It does not report what applied.
Displays the Group Policy results currently applied.
Example:gpresult /r
Common Flags:/r shows a summary of applied policy./scope user limits the report to user policy./h report.html exports the result to an HTML report.
What to notice:
This command is about evidence and reporting, not refreshing settings.
Checks and repairs protected Windows system files.
Example:sfc /scannow
Common Flags:/scannow immediately scans and repairs protected files./verifyonly checks integrity without attempting repair.
What to notice:
This command is tied to operating system integrity, not general application troubleshooting.
Flags change how a command behaves. Sometimes they make the output more detailed. Sometimes they narrow the result, force a refresh, or tell the command to take corrective action. That is why flags matter so much in troubleshooting: the base command may identify the area of the problem, but the right switch often reveals the real cause.
A technician should never learn flags as random symbols. Each one should answer three questions: What does it change? Why would I use it? and What should I expect to see afterward? That turns syntax into decision-making.
What it does: Opens the built-in help page for many Windows commands.
Why it matters: Shows supported syntax, available switches, and usage examples when unsure of formatting.
Example:ipconfig /?
What it does: Expands normal ipconfig output to show full adapter configuration.
Why it matters: Needed when searching for DHCP status, MAC address, DNS servers, lease info, and adapter names.
Example:ipconfig /all
What they do: Drops the current DHCP-assigned IPv4 address, then requests a new lease.
Why they matter: Common recovery steps when a client has bad lease info or needs fresh network addressing.
Example:ipconfig /release
What it does: Clears the local DNS resolver cache on the Windows machine.
Why it matters: Useful when the device holds stale or incorrect name-resolution information.
Example:ipconfig /flushdns
What it does: Shows all active connections and listening ports.
Why it matters: Helps see what services are waiting for traffic and what sessions are established.
Example:netstat -a
What it does: Displays addresses and ports numerically instead of resolving them into names.
Why it matters: Faster output, less name-resolution delay, and clearer visibility for IP/port matching.
Example:netstat -n
What it does: Prevents tracert from resolving hostnames for each hop.
Why it matters: Keeps the route display fast and focused on the IP path itself.
Example:tracert -d 8.8.8.8
What it does: Copies all subdirectories, including empty ones.
Why it matters: Preserves entire folder structures instead of just copying populated directories.
Example:robocopy C:\Data D:\Backup /e
What it does: Tells Check Disk to fix logical file system errors it finds.
Why it matters: Important when disk structure is suspected to be inconsistent or damaged.
Example:chkdsk C: /f
What it does: Locates bad sectors and attempts recovery of readable information.
Why it matters: More thorough than /f and more tied to physical media problems.
Example:chkdsk C: /r
What it does: Scans protected Windows system files and repairs them if possible.
Why it matters: A recognizable command for suspected OS corruption.
Example:sfc /scannow
What it does: Forces Group Policy settings to refresh again from policy sources.
Why it matters: Useful to test whether refreshed policy resolves an issue, ignoring standard refresh intervals.
Example:gpupdate /force
This deck builds on the Core 2 command-line set and adds tools that are more closely tied to network analysis, neighbor discovery, routing visibility, and interface troubleshooting. These are not replacements for the Core 2 commands. They are additional tools that become more important as networking depth increases.
Think of this deck as the next layer up. Core 2 commands help a technician confirm addressing, reachability, and identity. Network+ commands push further into ARP behavior, routing tables, interface state, DNS detail, and path visibility. The goal is not just to know the command exists. The goal is to know what network question it answers.
These commands are especially useful when basic tests like ping and ipconfig are no longer enough. At that point, the technician needs to understand how the host sees nearby devices, where traffic is supposed to go next, and what the protocol tables actually contain.
Commands like arp help reveal which IP addresses have been resolved to local MAC addresses on the segment.
Commands like route help explain why traffic takes a certain path and what the host believes about available networks.
Commands that inspect interfaces, caches, or protocol behavior are valuable when the problem is deeper than simple reachability.
Displays and manages the ARP cache, which maps IPv4 addresses to MAC addresses on the local network.
Example:arp -a
Common Flags:-a displays the current ARP table.-d deletes an ARP entry.-s creates a static ARP entry.
What to notice:
This command helps show whether the host has already resolved a nearby device’s IP address into a hardware address.
Displays and manages the local routing table used to decide where outbound traffic should go.
Example:route print
Common Uses:print displays the routing table.add creates a route.delete removes a route.
What to notice:
This is the command to read when you want to understand default routes, directly connected networks, and why traffic leaves through a certain gateway.
Provides a command-line shell for viewing and changing network configuration settings.
Example:netsh interface ip show config
Common Uses:wlan show profiles shows saved wireless profiles.wlan show interfaces shows wireless interface status.
What to notice:
This command family is broad. It is often used when a technician needs more direct control over adapters, wireless settings, or interface-level network configuration.
Queries DNS in detail and is especially common in Linux and advanced cross-platform troubleshooting.
Example:dig example.com MX
Common Uses:
Query specific record types such as A, MX, or NS.
Use @server to query a specific DNS server.
What to notice:
This is less Windows-native than nslookup, but it is valuable for Network+ thinking because it makes DNS interrogation more explicit.
Combines aspects of ping and traceroute into a more continuous path-analysis tool, often seen in Linux environments.
Example:mtr 8.8.8.8
Common Use:
Used to observe packet loss and latency across multiple hops over time instead of a single one-time trace.
What to notice:
This helps learners understand that path analysis can be continuous and diagnostic, not just one snapshot.
These are common Linux commands for viewing and managing interface information.
Example:ip addr show
Common Uses:ifconfig is older and still often seen in study materials.ip addr shows addressing.ip route shows routing information.
What to notice:
This is included as Network+ context, not to replace the Windows-first structure.
The exam may ask what command to run, but real support work also depends on reading what came back. These simulated terminal captures train that recognition layer by showing the output patterns a technician should learn to recognize quickly.
A technician is not finished after typing the command. The real skill is recognizing the output, spotting what matters, and connecting it back to the symptom.
Many questions are really asking whether you can identify what a command result means. Learn the visual pattern of the output, not just the name of the command.
What to notice: This is where you verify the host identity, adapter description, MAC address, DHCP state, IPv4 address, subnet mask, gateway, DHCP server, and DNS servers. In real troubleshooting, this output often tells you whether the machine is configured correctly before you test anything else.
What to notice: Look for replies, packet loss, and round-trip timing. This proves IP reachability to the destination, but it does not prove name resolution unless you used a hostname instead of an IP address.
What to notice: Focus on the state column. LISTENING suggests a service is waiting for inbound traffic. ESTABLISHED shows an active session. Entries like TIME_WAIT do not automatically mean something is broken.
This is the main practice shell. It is not a full operating system. It is a guided Windows-style simulator built to reward the commands and flags a technician is most likely to use during training and troubleshooting, with a few deeper Network+ additions layered in.
TRY COMMANDS: help | dir | dir /a | hostname | whoami | ipconfig /all | ping 8.8.8.8 | netstat -a | nslookup intranet | tracert 8.8.8.8 | net use | gpresult /r | gpupdate /force | sfc /scannow | arp -a | route print
Run a supported command in the emulator on the left, and this panel will explain what the command does, why a technician would use it, and what you should notice in the output.
A strong technician does not just know commands. They know which command fits the symptom. This drill uses typed responses, forcing you to recall the command instead of guessing from a short option list.
Current challenge: A user says websites will not load by name, but pinging an IP still works.
Type the best command for the symptom. Use the base command name unless the scenario clearly needs a specific switch.
The command line is powerful because it gives direct visibility and direct control. That also means sloppy command use can create risk. Good technicians verify context first, choose read-only commands when possible, and understand what a command will change before they press Enter.
Commands like whoami, hostname, ipconfig, netstat, and route print reveal state without changing it. That makes them ideal first steps in live troubleshooting.
Many failures are not syntax failures. They are context failures: wrong shell, wrong path, wrong working directory, or insufficient privilege. Always identify who you are and where you are first.
Do not run five commands because you are nervous. Run the one that best answers the next question: identity, connectivity, naming, routes, service exposure, or file integrity.
Current task: You want rich object-based admin automation across many Windows systems.
Choose the shell that fits the task best.
No technician memorizes every flag for every command. The real-world skill is knowing how to find the right documentation fast and applying it correctly to your environment.
Official documentation gives you the strict syntax and parameter rules. Use Microsoft's docs to verify exact capabilities. Video walk-throughs provide context—watching someone else chain commands together helps the logic click faster than reading text alone.
The official A-Z reference for CMD syntax, usage, and parameters.
The authoritative source for cmdlets, scripts, and object-oriented Windows admin workflows.
Video reinforcement focused strictly on the command-line tools you need for the exam.
Command-line skill is not about looking advanced. It is about getting to the answer faster with less ambiguity. Windows is the primary exam terrain here, so that is where your memory should be strongest: what the command does, what flags matter, and what output proves or disproves your theory.
Master this order: identify the problem category, pick the right command family, add the flag that gives better evidence, read the output carefully, and only then decide on a repair action. That sequence turns the command line from memorization into technician judgment.
This content is reserved for Elite Operatives. Please sign up or log in to gain access.
Sign Up Now