Practice XK0-005 Security questions with full explanations on every answer.
Start practicing
Security — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
A Linux administrator needs to add a new user named 'jdoe' with a home directory and a bash shell. Which command accomplishes this?
2A security audit reveals that users can change their password without meeting complexity requirements. Which PAM module should be configured to enforce password complexity?
3An administrator wants to allow the user 'ops' to run only the command '/usr/bin/systemctl restart httpd' via sudo on a specific host 'webserver'. Which /etc/sudoers entry is correct?
4An administrator needs to allow incoming TCP traffic on port 8443 using firewalld. Which command should be used to make this change persistent?
5A system is running SELinux in enforcing mode. A custom application needs to write to /var/log/app.log. The log file shows the correct context, but access is denied. What is the most likely cause?
6Which command displays the current SELinux mode?
7An administrator wants to audit all attempts to access the file /etc/shadow. Which auditctl command should be used?
8An AppArmor profile for a web server is in complain mode. After testing, the administrator wants to enforce the profile. Which command accomplishes this?
9An administrator is hardening SSH and wants to disable root login and only allow users in the 'sshusers' group. Which two directives should be set in /etc/ssh/sshd_config?
10Which command displays the last successful login times for all users?
11A technician needs to generate a self-signed certificate for an internal web server. Which OpenSSL command creates a new private key and a certificate signing request (CSR) in one step?
12An administrator notices that a process is running with the context 'unconfined_u:unconfined_r:unconfined_t:s0'. What does this indicate about SELinux?
13A security policy requires that user passwords must be changed every 60 days, and users should be warned 7 days before expiration. Which two chage commands set these requirements for user 'jsmith'? (Choose TWO.)
14An administrator is configuring iptables on a server. The requirements are: allow incoming SSH (port 22) from the 192.168.1.0/24 network, drop all other incoming traffic, and allow all outgoing traffic. Which three iptables rules achieve this? (Choose THREE.)
15A Linux administrator is troubleshooting a firewall issue using nftables. The ruleset is complex. Which two commands are useful for listing the current ruleset and adding a new rule? (Choose TWO.)
16A Linux administrator needs to ensure that user passwords expire after 90 days. Which command should be used to enforce this policy?
17A security auditor notices that a service account's password never expires. The company policy requires password rotation every 60 days. Which command will enforce this policy for the service account?
18An administrator wants to restrict SSH access to only users in the 'sshusers' group. Which configuration directive should be added to /etc/ssh/sshd_config?
19A system administrator needs to configure PAM to lock a user account after 5 failed login attempts for 15 minutes. Which two PAM modules and configuration lines are appropriate? (Select TWO.)
20A security policy requires that all users must have passwords with at least one uppercase letter, one digit, and a minimum length of 12 characters. Which PAM configuration file and module should be used to enforce this?
21A Linux technician is configuring a firewall with firewalld. The organization requires that SSH services be available only on the internal network zone (10.0.0.0/8). Which command should be used to add this rule permanently?
22A server running nftables has a rule set that allows incoming SSH from the management network (192.168.1.0/24). An administrator needs to insert a rule to drop SSH from all other sources. Which nft command accomplishes this? Assume the input chain is 'input' and the table is 'inet filter'.
23An administrator needs to configure SELinux to allow the Apache HTTP server to connect to a database server. Which SELinux boolean should be enabled?
24A file named 'webapp.conf' is being served by Apache but users get a 'Permission denied' error. The SELinux context of the file is 'unconfined_u:object_r:admin_home_t:s0'. What is the most appropriate command to fix the SELinux context?
25An administrator notices repeated failed login attempts in /var/log/secure. The company policy requires account lockout after 5 failed attempts within 15 minutes. Which PAM module and configuration can enforce this?
26Which command displays the current SELinux mode?
27A system administrator is hardening SSH and needs to disable root login and password authentication. Which two directives should be set in /etc/ssh/sshd_config?
28A Linux administrator needs to configure auditing to monitor changes to the /etc/passwd file. Which auditctl command should be used?
29Which command can be used to generate an SSH key pair for user authentication?
30A technician needs to create a self-signed certificate and private key for a web server. Which OpenSSL command should be used?
31A security audit reveals that user accounts remain active after employees leave the company. Which TWO commands should be used to disable an account immediately?
32An administrator is configuring AppArmor for a custom application. Which THREE commands are used to manage AppArmor profiles?
33A Linux engineer needs to restrict resource usage for users in the 'developers' group. Which TWO files or commands can be used to set ulimit values?
34Which THREE are valid SELinux modes?
35An administrator needs to configure iptables to allow incoming SSH traffic only from the 10.0.0.0/8 network and drop all other incoming traffic except established connections. Which TWO rules are necessary?
36An administrator needs to add a new user named 'jdoe' with a home directory and default group. Which command should be used?
37Which file contains user password hashes and aging information on a Linux system?
38A security analyst wants to ensure that users cannot change their password more than once every 7 days. Which command and option should be used to enforce this policy for user 'jsmith'?
39An administrator notices that a non-root user 'alice' can run commands as root without being in the sudoers file. Which group membership could allow this?
40A system administrator configures PAM to enforce account lockout after 3 failed login attempts. Which PAM module should be used?
41To limit the number of processes a user can create, which file should be configured?
42A firewall administrator wants to add a rule to allow incoming SSH traffic (port 22) using firewalld. Which command correctly adds this rule to the default zone permanently?
43An administrator needs to view all current nftables rules. Which command should be used?
44SELinux is currently in enforcing mode. A service is being blocked by SELinux. Which command can analyze the audit log and suggest the minimum policy changes to allow the service?
45An administrator wants to set an SELinux boolean that allows Apache to connect to databases. After setting the boolean, which option ensures the change persists across reboots?
46To harden SSH, an administrator needs to disable root login over SSH. Which directive should be set in /etc/ssh/sshd_config?
47Which log file typically records authentication failures and successes on a Debian-based system?
48An administrator wants to generate a self-signed certificate and private key for testing. Which command creates both in one step?
49A security administrator is reviewing SSH configuration. Which TWO settings enhance security by limiting authentication attempts and preventing password-based logins? (Choose two.)
50After configuring AppArmor, an administrator wants to verify the status of all profiles and switch a profile from complain to enforce mode. Which THREE commands are appropriate? (Choose three.)
51A Linux administrator needs to prevent the root user from logging in via SSH. Which directive should be set in /etc/ssh/sshd_config to accomplish this?
52A security auditor notices that users can set weak passwords on a Linux system. The administrator wants to enforce password complexity requiring a minimum of 12 characters, at least one uppercase letter, and at least one digit. Which PAM module should be configured in /etc/pam.d/common-password?
53A system administrator is configuring firewalld on a Linux server. They want to allow incoming HTTPS traffic permanently for the public zone. Which command should be used?
54A Linux administrator is troubleshooting a service that fails to start. The audit.log shows an AVC denial related to the httpd_t domain. The administrator wants to see the full denial message and generate a policy to allow the access. Which two commands should be used in conjunction?
55An administrator wants to view the current SELinux mode on a system. Which command displays whether SELinux is enforcing, permissive, or disabled?
56A user named 'jdoe' needs to run commands as root without being given the root password. The administrator wants to grant jdoe the ability to run any command as root, but only after entering their own password. Which entry in /etc/sudoers accomplishes this?
57A Linux security administrator needs to generate a self-signed certificate for a web server. They want to create a private key and a certificate signing request (CSR) in one step. Which OpenSSL command should be used?
58An administrator wants to enforce an account lockout policy after five failed login attempts on a Linux system. Which PAM module should be added to the authentication stack?
59A system administrator needs to add an iptables rule to drop incoming TCP traffic on port 22 (SSH) from the IP address 10.0.0.100. Which command should be used?
60An administrator is configuring log rotation for /var/log/auth.log. They want logs to be rotated weekly, compressed, and kept for 12 weeks. Which logrotate configuration directive achieves this?
61A security analyst needs to see a list of failed login attempts on a Linux system. Which command displays this information from the /var/log/secure log?
62An administrator wants to ensure that only users in the 'wheel' group can use the sudo command. Which directive in /etc/sudoers enables this?
63A Linux administrator is hardening an SSH server. Which two of the following settings should be applied to /etc/ssh/sshd_config to improve security?
64A security administrator is reviewing file permissions on a Linux system. They want to ensure that the /etc/shadow file is only readable by the root user. Which two commands can be used to set the correct permissions?
65An administrator is configuring auditd to monitor changes to the /etc/passwd file. Which three commands are part of the auditd toolset for setting up and reviewing audit rules?
66A Linux administrator needs to configure a firewall to allow incoming SSH connections on the default port. Which firewalld command accomplishes this permanently?
67A system administrator wants to enforce a password policy requiring a minimum length of 12 characters, at least one uppercase letter, and one digit. Which PAM module should be configured?
68A security audit reveals that an SELinux boolean 'httpd_can_network_connect' is currently off, but a web application requires Apache to connect to a database server. Which command should the administrator use to enable this boolean persistently?
69An administrator needs to prevent a specific user 'bob' from logging in via SSH while allowing other users. Which configuration directive should be added to /etc/ssh/sshd_config?
70A Linux administrator wants to monitor changes to the /etc/passwd file for security auditing. Which auditctl command should be used?
71Which command displays the current SELinux mode?
72A user reports they cannot log in after three failed password attempts. The system uses PAM with pam_faillock. Which command can the administrator use to view the number of failed attempts for the user?
73An administrator wants to ensure that the Apache web server can only listen on port 443 (HTTPS) and not on port 80, enforced by SELinux. Which SELinux boolean should be set to allow Apache to use port 443?
74An administrator needs to generate a self-signed certificate and private key for a web server. Which openssl command accomplishes this?
75Which file contains the hashed passwords and password aging information for user accounts?
76A security policy requires that system logs be rotated weekly and kept for 4 weeks. Which configuration file should be modified to achieve this for /var/log/syslog?
77An administrator is troubleshooting an AppArmor profile that is blocking a custom application. They want to set the profile to complain mode to gather violations without enforcing. Which command should they use?
78A Linux administrator needs to configure sudo access for members of the 'wheel' group to run any command. Which two steps are required? (Choose TWO.)
79An administrator wants to harden SSH access by implementing the following: disallow root login, disable password authentication, and limit the number of authentication attempts. Which three configuration directives should be set in /etc/ssh/sshd_config? (Choose THREE.)
80A security audit reveals that a service is running with an incorrect SELinux context. Which two commands can be used to relabel the file or directory to the correct context? (Choose TWO.)
81A Linux administrator needs to add a new user named 'jdoe' with a home directory and bash shell. Which command accomplishes this?
82An administrator wants to force a password change for user 'alice' on next login. Which command is appropriate?
83A system administrator needs to configure sudo so that members of the 'wheel' group can execute any command without a password. Which line should be added to /etc/sudoers (using visudo)?
84A security analyst notices repeated failed login attempts on a Linux server. They want to lock the account after 3 failed attempts using PAM. Which PAM module should be configured in /etc/pam.d/sshd or /etc/pam.d/system-auth?
85A web server running on port 8080 must be accessible from external networks. The system uses firewalld. Which command opens port 8080/tcp permanently in the default zone?
86A Linux server has SELinux enforcing and a custom application needs to write to /var/log/app.log. The audit log shows 'avc: denied { write } for pid=1234'. After verifying that the application runs in the correct domain, which command should be used to allow the write access by generating a policy module?
87An administrator needs to ensure that only users from the 'ops' group can SSH into a server. Which configuration in /etc/ssh/sshd_config accomplishes this?
88A system administrator wants to monitor changes to the /etc/passwd file using auditd. Which auditctl command sets up a watch on this file?
89A user reports being unable to log in because the password is locked. The administrator needs to unlock the account. Which command should be used?
90Which command displays the current SELinux mode?
91An administrator needs to generate a self-signed certificate and private key for an internal web server. Which OpenSSL command creates both in one step?
92A system administrator wants to limit the number of simultaneous logins for a user to 2. Which file and parameter should be configured?
93Which TWO commands can be used to lock a user account? (Choose two.)
94An administrator needs to harden SSH access. Which TWO settings in /etc/ssh/sshd_config are recommended to improve security? (Choose two.)
95A security audit reveals that a Linux system allows password-based SSH logins and has weak password policies. Which THREE actions should the administrator take to improve security? (Choose three.)
96A Linux administrator wants to prevent users from reusing their last five passwords. Which PAM module should be configured?
97A technician needs to ensure a service can listen on TCP port 8443 using firewalld. Which command permanently adds the port to the default zone?
98A security audit reveals that the /etc/shadow file is readable by all users. What is the most appropriate immediate action?
99An administrator wants to allow user 'jane' to run all commands as root via sudo without a password. Which line should be added to /etc/sudoers?
100A file on an SELinux-enabled system has the security context 'unconfined_u:object_r:httpd_sys_content_t:s0'. A web server needs to read it, but it is being denied. Which command changes the context to allow access?
101A system administrator needs to monitor file access attempts to /etc/shadow using auditd. Which auditctl command sets up the watch?
102After modifying a PAM configuration file for sshd, a user reports they cannot log in. Which command can be used to verify the syntax of the PAM configuration without affecting running services?
103An administrator needs to generate a self-signed certificate valid for 365 days with a 2048-bit RSA key. Which OpenSSL command correctly creates both the private key and certificate in one step?
104Which file contains the password aging information such as minimum and maximum days between password changes?
105A security team wants to restrict SSH access to only users in the 'sshusers' group. Which configuration line in /etc/ssh/sshd_config achieves this?
106An administrator notices that an AppArmor profile is in complain mode for a service that should be enforcing. Which command changes the profile to enforce mode?
107Which command displays the current SELinux mode?
108A security audit has identified that several users have excessive sudo privileges. The administrator needs to review and modify sudo access. Which two files or commands would be used? (Choose TWO.)
109An administrator is configuring a firewall using iptables to block all incoming traffic except SSH on port 22. Which three rules correctly implement this? (Choose THREE.)
110A Linux administrator needs to implement password complexity rules requiring at least one uppercase letter, one digit, and a minimum length of 10 characters. Which two PAM configuration entries would be used? (Choose TWO.)
111A Linux administrator needs to add a new user named 'jdoe' with a home directory and default shell /bin/bash. Which command should be used?
112A security policy requires that users cannot reuse any of their last 5 passwords. Which PAM module and configuration directive enforces this?
113An administrator notices that a custom application uses port 8443/TCP. To allow external access, which firewalld command permanently opens this port in the default zone?
114A Linux server fails to boot after an administrator edits /etc/selinux/config and sets SELINUX=disabled. What is the most likely reason for the boot failure?
115A system administrator needs to ensure that the Apache web server can read files in /var/www/html, which has the SELinux context httpd_sys_content_t. However, Apache is unable to access the files. What command should be used to apply the correct context to the directory and its contents?
116Which of the following correctly describes the purpose of the /etc/shadow file?
117An administrator configures /etc/ssh/sshd_config with the following settings: PermitRootLogin no, PasswordAuthentication no, AllowUsers alice bob, MaxAuthTries 2. After restarting sshd, which of the following is true?
118A security audit reveals that the system's PAM configuration does not enforce password complexity. Which PAM module and configuration line should be added to /etc/pam.d/common-password to require at least one uppercase letter, one digit, and a minimum length of 12 characters?
119Which command displays the current SELinux mode (e.g., enforcing, permissive, disabled)?
120An administrator runs 'auditctl -w /etc/passwd -p wa -k passwd_changes' to monitor changes to /etc/passwd. Which command should be used to search the audit log for all events related to this watch?
121A Linux engineer needs to harden SSH access. Which TWO of the following settings should be configured in /etc/ssh/sshd_config to enhance security? (Select TWO.)
122A system administrator is configuring PAM to lock out users after 3 failed login attempts for 15 minutes. Which TWO PAM modules can be used together to achieve this? (Select TWO.)
123Which THREE of the following commands are used to manage iptables rules? (Select THREE.)
124A security analyst is investigating a potential breach and needs to examine user login history. Which THREE commands or log files provide information about user logins? (Select THREE.)
125An administrator is configuring sudo access for a group of developers. They should be able to run any command as root, but only after authenticating with their own password. Which TWO configuration lines in /etc/sudoers would achieve this? (Select TWO.)
The Security domain covers the key concepts tested in this area of the XK0-005 exam blueprint published by CompTIA. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all XK0-005 domains — no account required.
The Courseiva XK0-005 question bank contains 125 questions in the Security domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the Security domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included