Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Free Resources

Difficulty IndexLearn — Free ChaptersIT GlossaryFree Tools & LabsStudy GuidesCareer RoadmapsBrowse by VendorCisco Command ReferenceCCNA Scenarios

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsXK0-005DomainsSecurity
XK0-005Free — No Signup

Security

Practice XK0-005 Security questions with full explanations on every answer.

125questions

Start practicing

Security — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

XK0-005 Domains

SecurityTroubleshootingScripting, Containers, and AutomationSystem ManagementScripting, Containers and Automation

Practice Security questions

10Q20Q30Q50Q

All XK0-005 Security questions (125)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

A Linux administrator needs to add a new user named 'jdoe' with a home directory and a bash shell. Which command accomplishes this?

2

A security audit reveals that users can change their password without meeting complexity requirements. Which PAM module should be configured to enforce password complexity?

3

An administrator wants to allow the user 'ops' to run only the command '/usr/bin/systemctl restart httpd' via sudo on a specific host 'webserver'. Which /etc/sudoers entry is correct?

4

An administrator needs to allow incoming TCP traffic on port 8443 using firewalld. Which command should be used to make this change persistent?

5

A system is running SELinux in enforcing mode. A custom application needs to write to /var/log/app.log. The log file shows the correct context, but access is denied. What is the most likely cause?

6

Which command displays the current SELinux mode?

7

An administrator wants to audit all attempts to access the file /etc/shadow. Which auditctl command should be used?

8

An AppArmor profile for a web server is in complain mode. After testing, the administrator wants to enforce the profile. Which command accomplishes this?

9

An administrator is hardening SSH and wants to disable root login and only allow users in the 'sshusers' group. Which two directives should be set in /etc/ssh/sshd_config?

10

Which command displays the last successful login times for all users?

11

A technician needs to generate a self-signed certificate for an internal web server. Which OpenSSL command creates a new private key and a certificate signing request (CSR) in one step?

12

An administrator notices that a process is running with the context 'unconfined_u:unconfined_r:unconfined_t:s0'. What does this indicate about SELinux?

13

A security policy requires that user passwords must be changed every 60 days, and users should be warned 7 days before expiration. Which two chage commands set these requirements for user 'jsmith'? (Choose TWO.)

14

An administrator is configuring iptables on a server. The requirements are: allow incoming SSH (port 22) from the 192.168.1.0/24 network, drop all other incoming traffic, and allow all outgoing traffic. Which three iptables rules achieve this? (Choose THREE.)

15

A Linux administrator is troubleshooting a firewall issue using nftables. The ruleset is complex. Which two commands are useful for listing the current ruleset and adding a new rule? (Choose TWO.)

16

A Linux administrator needs to ensure that user passwords expire after 90 days. Which command should be used to enforce this policy?

17

A security auditor notices that a service account's password never expires. The company policy requires password rotation every 60 days. Which command will enforce this policy for the service account?

18

An administrator wants to restrict SSH access to only users in the 'sshusers' group. Which configuration directive should be added to /etc/ssh/sshd_config?

19

A system administrator needs to configure PAM to lock a user account after 5 failed login attempts for 15 minutes. Which two PAM modules and configuration lines are appropriate? (Select TWO.)

20

A security policy requires that all users must have passwords with at least one uppercase letter, one digit, and a minimum length of 12 characters. Which PAM configuration file and module should be used to enforce this?

21

A Linux technician is configuring a firewall with firewalld. The organization requires that SSH services be available only on the internal network zone (10.0.0.0/8). Which command should be used to add this rule permanently?

22

A server running nftables has a rule set that allows incoming SSH from the management network (192.168.1.0/24). An administrator needs to insert a rule to drop SSH from all other sources. Which nft command accomplishes this? Assume the input chain is 'input' and the table is 'inet filter'.

23

An administrator needs to configure SELinux to allow the Apache HTTP server to connect to a database server. Which SELinux boolean should be enabled?

24

A file named 'webapp.conf' is being served by Apache but users get a 'Permission denied' error. The SELinux context of the file is 'unconfined_u:object_r:admin_home_t:s0'. What is the most appropriate command to fix the SELinux context?

25

An administrator notices repeated failed login attempts in /var/log/secure. The company policy requires account lockout after 5 failed attempts within 15 minutes. Which PAM module and configuration can enforce this?

26

Which command displays the current SELinux mode?

27

A system administrator is hardening SSH and needs to disable root login and password authentication. Which two directives should be set in /etc/ssh/sshd_config?

28

A Linux administrator needs to configure auditing to monitor changes to the /etc/passwd file. Which auditctl command should be used?

29

Which command can be used to generate an SSH key pair for user authentication?

30

A technician needs to create a self-signed certificate and private key for a web server. Which OpenSSL command should be used?

31

A security audit reveals that user accounts remain active after employees leave the company. Which TWO commands should be used to disable an account immediately?

32

An administrator is configuring AppArmor for a custom application. Which THREE commands are used to manage AppArmor profiles?

33

A Linux engineer needs to restrict resource usage for users in the 'developers' group. Which TWO files or commands can be used to set ulimit values?

34

Which THREE are valid SELinux modes?

35

An administrator needs to configure iptables to allow incoming SSH traffic only from the 10.0.0.0/8 network and drop all other incoming traffic except established connections. Which TWO rules are necessary?

36

An administrator needs to add a new user named 'jdoe' with a home directory and default group. Which command should be used?

37

Which file contains user password hashes and aging information on a Linux system?

38

A security analyst wants to ensure that users cannot change their password more than once every 7 days. Which command and option should be used to enforce this policy for user 'jsmith'?

39

An administrator notices that a non-root user 'alice' can run commands as root without being in the sudoers file. Which group membership could allow this?

40

A system administrator configures PAM to enforce account lockout after 3 failed login attempts. Which PAM module should be used?

41

To limit the number of processes a user can create, which file should be configured?

42

A firewall administrator wants to add a rule to allow incoming SSH traffic (port 22) using firewalld. Which command correctly adds this rule to the default zone permanently?

43

An administrator needs to view all current nftables rules. Which command should be used?

44

SELinux is currently in enforcing mode. A service is being blocked by SELinux. Which command can analyze the audit log and suggest the minimum policy changes to allow the service?

45

An administrator wants to set an SELinux boolean that allows Apache to connect to databases. After setting the boolean, which option ensures the change persists across reboots?

46

To harden SSH, an administrator needs to disable root login over SSH. Which directive should be set in /etc/ssh/sshd_config?

47

Which log file typically records authentication failures and successes on a Debian-based system?

48

An administrator wants to generate a self-signed certificate and private key for testing. Which command creates both in one step?

49

A security administrator is reviewing SSH configuration. Which TWO settings enhance security by limiting authentication attempts and preventing password-based logins? (Choose two.)

50

After configuring AppArmor, an administrator wants to verify the status of all profiles and switch a profile from complain to enforce mode. Which THREE commands are appropriate? (Choose three.)

51

A Linux administrator needs to prevent the root user from logging in via SSH. Which directive should be set in /etc/ssh/sshd_config to accomplish this?

52

A security auditor notices that users can set weak passwords on a Linux system. The administrator wants to enforce password complexity requiring a minimum of 12 characters, at least one uppercase letter, and at least one digit. Which PAM module should be configured in /etc/pam.d/common-password?

53

A system administrator is configuring firewalld on a Linux server. They want to allow incoming HTTPS traffic permanently for the public zone. Which command should be used?

54

A Linux administrator is troubleshooting a service that fails to start. The audit.log shows an AVC denial related to the httpd_t domain. The administrator wants to see the full denial message and generate a policy to allow the access. Which two commands should be used in conjunction?

55

An administrator wants to view the current SELinux mode on a system. Which command displays whether SELinux is enforcing, permissive, or disabled?

56

A user named 'jdoe' needs to run commands as root without being given the root password. The administrator wants to grant jdoe the ability to run any command as root, but only after entering their own password. Which entry in /etc/sudoers accomplishes this?

57

A Linux security administrator needs to generate a self-signed certificate for a web server. They want to create a private key and a certificate signing request (CSR) in one step. Which OpenSSL command should be used?

58

An administrator wants to enforce an account lockout policy after five failed login attempts on a Linux system. Which PAM module should be added to the authentication stack?

59

A system administrator needs to add an iptables rule to drop incoming TCP traffic on port 22 (SSH) from the IP address 10.0.0.100. Which command should be used?

60

An administrator is configuring log rotation for /var/log/auth.log. They want logs to be rotated weekly, compressed, and kept for 12 weeks. Which logrotate configuration directive achieves this?

61

A security analyst needs to see a list of failed login attempts on a Linux system. Which command displays this information from the /var/log/secure log?

62

An administrator wants to ensure that only users in the 'wheel' group can use the sudo command. Which directive in /etc/sudoers enables this?

63

A Linux administrator is hardening an SSH server. Which two of the following settings should be applied to /etc/ssh/sshd_config to improve security?

64

A security administrator is reviewing file permissions on a Linux system. They want to ensure that the /etc/shadow file is only readable by the root user. Which two commands can be used to set the correct permissions?

65

An administrator is configuring auditd to monitor changes to the /etc/passwd file. Which three commands are part of the auditd toolset for setting up and reviewing audit rules?

66

A Linux administrator needs to configure a firewall to allow incoming SSH connections on the default port. Which firewalld command accomplishes this permanently?

67

A system administrator wants to enforce a password policy requiring a minimum length of 12 characters, at least one uppercase letter, and one digit. Which PAM module should be configured?

68

A security audit reveals that an SELinux boolean 'httpd_can_network_connect' is currently off, but a web application requires Apache to connect to a database server. Which command should the administrator use to enable this boolean persistently?

69

An administrator needs to prevent a specific user 'bob' from logging in via SSH while allowing other users. Which configuration directive should be added to /etc/ssh/sshd_config?

70

A Linux administrator wants to monitor changes to the /etc/passwd file for security auditing. Which auditctl command should be used?

71

Which command displays the current SELinux mode?

72

A user reports they cannot log in after three failed password attempts. The system uses PAM with pam_faillock. Which command can the administrator use to view the number of failed attempts for the user?

73

An administrator wants to ensure that the Apache web server can only listen on port 443 (HTTPS) and not on port 80, enforced by SELinux. Which SELinux boolean should be set to allow Apache to use port 443?

74

An administrator needs to generate a self-signed certificate and private key for a web server. Which openssl command accomplishes this?

75

Which file contains the hashed passwords and password aging information for user accounts?

76

A security policy requires that system logs be rotated weekly and kept for 4 weeks. Which configuration file should be modified to achieve this for /var/log/syslog?

77

An administrator is troubleshooting an AppArmor profile that is blocking a custom application. They want to set the profile to complain mode to gather violations without enforcing. Which command should they use?

78

A Linux administrator needs to configure sudo access for members of the 'wheel' group to run any command. Which two steps are required? (Choose TWO.)

79

An administrator wants to harden SSH access by implementing the following: disallow root login, disable password authentication, and limit the number of authentication attempts. Which three configuration directives should be set in /etc/ssh/sshd_config? (Choose THREE.)

80

A security audit reveals that a service is running with an incorrect SELinux context. Which two commands can be used to relabel the file or directory to the correct context? (Choose TWO.)

81

A Linux administrator needs to add a new user named 'jdoe' with a home directory and bash shell. Which command accomplishes this?

82

An administrator wants to force a password change for user 'alice' on next login. Which command is appropriate?

83

A system administrator needs to configure sudo so that members of the 'wheel' group can execute any command without a password. Which line should be added to /etc/sudoers (using visudo)?

84

A security analyst notices repeated failed login attempts on a Linux server. They want to lock the account after 3 failed attempts using PAM. Which PAM module should be configured in /etc/pam.d/sshd or /etc/pam.d/system-auth?

85

A web server running on port 8080 must be accessible from external networks. The system uses firewalld. Which command opens port 8080/tcp permanently in the default zone?

86

A Linux server has SELinux enforcing and a custom application needs to write to /var/log/app.log. The audit log shows 'avc: denied { write } for pid=1234'. After verifying that the application runs in the correct domain, which command should be used to allow the write access by generating a policy module?

87

An administrator needs to ensure that only users from the 'ops' group can SSH into a server. Which configuration in /etc/ssh/sshd_config accomplishes this?

88

A system administrator wants to monitor changes to the /etc/passwd file using auditd. Which auditctl command sets up a watch on this file?

89

A user reports being unable to log in because the password is locked. The administrator needs to unlock the account. Which command should be used?

90

Which command displays the current SELinux mode?

91

An administrator needs to generate a self-signed certificate and private key for an internal web server. Which OpenSSL command creates both in one step?

92

A system administrator wants to limit the number of simultaneous logins for a user to 2. Which file and parameter should be configured?

93

Which TWO commands can be used to lock a user account? (Choose two.)

94

An administrator needs to harden SSH access. Which TWO settings in /etc/ssh/sshd_config are recommended to improve security? (Choose two.)

95

A security audit reveals that a Linux system allows password-based SSH logins and has weak password policies. Which THREE actions should the administrator take to improve security? (Choose three.)

96

A Linux administrator wants to prevent users from reusing their last five passwords. Which PAM module should be configured?

97

A technician needs to ensure a service can listen on TCP port 8443 using firewalld. Which command permanently adds the port to the default zone?

98

A security audit reveals that the /etc/shadow file is readable by all users. What is the most appropriate immediate action?

99

An administrator wants to allow user 'jane' to run all commands as root via sudo without a password. Which line should be added to /etc/sudoers?

100

A file on an SELinux-enabled system has the security context 'unconfined_u:object_r:httpd_sys_content_t:s0'. A web server needs to read it, but it is being denied. Which command changes the context to allow access?

101

A system administrator needs to monitor file access attempts to /etc/shadow using auditd. Which auditctl command sets up the watch?

102

After modifying a PAM configuration file for sshd, a user reports they cannot log in. Which command can be used to verify the syntax of the PAM configuration without affecting running services?

103

An administrator needs to generate a self-signed certificate valid for 365 days with a 2048-bit RSA key. Which OpenSSL command correctly creates both the private key and certificate in one step?

104

Which file contains the password aging information such as minimum and maximum days between password changes?

105

A security team wants to restrict SSH access to only users in the 'sshusers' group. Which configuration line in /etc/ssh/sshd_config achieves this?

106

An administrator notices that an AppArmor profile is in complain mode for a service that should be enforcing. Which command changes the profile to enforce mode?

107

Which command displays the current SELinux mode?

108

A security audit has identified that several users have excessive sudo privileges. The administrator needs to review and modify sudo access. Which two files or commands would be used? (Choose TWO.)

109

An administrator is configuring a firewall using iptables to block all incoming traffic except SSH on port 22. Which three rules correctly implement this? (Choose THREE.)

110

A Linux administrator needs to implement password complexity rules requiring at least one uppercase letter, one digit, and a minimum length of 10 characters. Which two PAM configuration entries would be used? (Choose TWO.)

111

A Linux administrator needs to add a new user named 'jdoe' with a home directory and default shell /bin/bash. Which command should be used?

112

A security policy requires that users cannot reuse any of their last 5 passwords. Which PAM module and configuration directive enforces this?

113

An administrator notices that a custom application uses port 8443/TCP. To allow external access, which firewalld command permanently opens this port in the default zone?

114

A Linux server fails to boot after an administrator edits /etc/selinux/config and sets SELINUX=disabled. What is the most likely reason for the boot failure?

115

A system administrator needs to ensure that the Apache web server can read files in /var/www/html, which has the SELinux context httpd_sys_content_t. However, Apache is unable to access the files. What command should be used to apply the correct context to the directory and its contents?

116

Which of the following correctly describes the purpose of the /etc/shadow file?

117

An administrator configures /etc/ssh/sshd_config with the following settings: PermitRootLogin no, PasswordAuthentication no, AllowUsers alice bob, MaxAuthTries 2. After restarting sshd, which of the following is true?

118

A security audit reveals that the system's PAM configuration does not enforce password complexity. Which PAM module and configuration line should be added to /etc/pam.d/common-password to require at least one uppercase letter, one digit, and a minimum length of 12 characters?

119

Which command displays the current SELinux mode (e.g., enforcing, permissive, disabled)?

120

An administrator runs 'auditctl -w /etc/passwd -p wa -k passwd_changes' to monitor changes to /etc/passwd. Which command should be used to search the audit log for all events related to this watch?

121

A Linux engineer needs to harden SSH access. Which TWO of the following settings should be configured in /etc/ssh/sshd_config to enhance security? (Select TWO.)

122

A system administrator is configuring PAM to lock out users after 3 failed login attempts for 15 minutes. Which TWO PAM modules can be used together to achieve this? (Select TWO.)

123

Which THREE of the following commands are used to manage iptables rules? (Select THREE.)

124

A security analyst is investigating a potential breach and needs to examine user login history. Which THREE commands or log files provide information about user logins? (Select THREE.)

125

An administrator is configuring sudo access for a group of developers. They should be able to run any command as root, but only after authenticating with their own password. Which TWO configuration lines in /etc/sudoers would achieve this? (Select TWO.)

Practice all 125 Security questions

Other XK0-005 exam domains

TroubleshootingScripting, Containers, and AutomationSystem ManagementScripting, Containers and Automation

Frequently asked questions

What does the Security domain cover on the XK0-005 exam?

The Security domain covers the key concepts tested in this area of the XK0-005 exam blueprint published by CompTIA. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all XK0-005 domains — no account required.

How many Security questions are in the XK0-005 question bank?

The Courseiva XK0-005 question bank contains 125 questions in the Security domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice Security for XK0-005?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only Security questions for XK0-005?

Yes — the session launcher on this page draws questions exclusively from the Security domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your XK0-005 domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide

Related Exams

220-1101N10-009LFCSEX200