Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsXK0-005Exam Questions

CompTIA · Free Practice Questions · Last reviewed May 2026

XK0-005 Exam Questions and Answers

24real exam-style questions organised by domain, each with the correct answer highlighted and a plain-English explanation of why it's right — and why the others are wrong.

90 exam questions
90 min time limit
Pass: 720/1000 / 1000
4 exam domains
OverviewDomain BlueprintStudy GuideAll QuestionsSample by Domain
1. Security2. Troubleshooting3. Scripting, Containers and Automation4. System Management
1

Domain 1: Security

All Security questions
Q1
mediumFull explanation →

A system administrator notices that an unauthorized user gained access to a server via SSH using a compromised user account. Which security measure should be implemented to prevent such attacks in the future?

A

Configure SSH to use key-based authentication only

Key-based authentication is more secure and prevents password attacks.

B

Disable SSH and use Telnet

C

Enforce a complex password policy

D

Allow all users to use sudo without passwords

Why: Option A is correct because configuring SSH to use key-based authentication only eliminates the risk of password-based attacks, such as brute-force or credential theft. Since the compromised user account was accessed via SSH using a password, disabling password authentication and requiring a private key ensures that an attacker cannot log in even if they obtain the user's password hash. This aligns with the principle of least privilege and strong authentication, as SSH keys are cryptographically bound to the client and are not transmitted over the network.
Q2
hardFull explanation →

A Linux administrator needs to ensure that only the root user can run commands in the /usr/local/bin/scripts directory. Which command should be used to set the appropriate permissions?

A

chmod 750 /usr/local/bin/scripts

B

chmod 700 /usr/local/bin/scripts

Owner (root) gets rwx; group and others have no access.

C

chmod 755 /usr/local/bin/scripts

D

chmod 770 /usr/local/bin/scripts

Why: The requirement is that only the root user can run commands in the directory. Permission 700 (owner: rwx, group: ---, others: ---) grants full access exclusively to the owner (root), while denying all access to the group and others. This matches the requirement precisely.
Q3
easyFull explanation →

A security audit reveals that the /etc/shadow file has permissions 777. Which command should be used to correct this vulnerability?

A

chmod 660 /etc/shadow

B

chmod 600 /etc/shadow

Only root can read/write.

C

chmod 644 /etc/shadow

D

chmod 640 /etc/shadow

Why: The /etc/shadow file stores hashed user passwords and must be readable only by root to prevent unauthorized access. Permissions 777 allow any user to read, write, and execute the file, which is a critical security vulnerability. The correct command is `chmod 600 /etc/shadow`, which sets read and write permissions for the owner (root) only, denying all access to group and others.
Q4
mediumFull explanation →

A Linux server is configured to allow SSH access for remote administration. The security team wants to limit SSH access to only users in the 'ssh-users' group. Which configuration should be added to /etc/ssh/sshd_config?

A

AllowUsers ssh-users

B

AllowGroups ssh-users

AllowGroups restricts SSH to group members.

C

DenyUsers root

D

PermitRootLogin yes

Why: Option B is correct because the AllowGroups directive in /etc/ssh/sshd_config restricts SSH logins to only those users who are members of the specified group. By setting 'AllowGroups ssh-users', only users belonging to the 'ssh-users' group will be permitted to authenticate via SSH, directly fulfilling the security team's requirement.
Q5
hardFull explanation →

A Linux administrator is configuring a firewall using iptables to allow incoming HTTP and HTTPS traffic but block all other incoming traffic. Which set of rules should be applied?

A

iptables -P INPUT DROP; iptables -A INPUT -p tcp -j ACCEPT

B

iptables -P INPUT ACCEPT; iptables -A INPUT -p tcp --dport 80 -j ACCEPT; iptables -A INPUT -p tcp --dport 443 -j ACCEPT; iptables -A INPUT -j DROP

C

iptables -P INPUT DROP; iptables -A INPUT -p tcp --dport 80 -j ACCEPT; iptables -A INPUT -p tcp --dport 443 -j ACCEPT

Default DROP blocks all; allow only HTTP/HTTPS.

D

iptables -P INPUT ACCEPT; iptables -A INPUT -p tcp --dport 80 -j ACCEPT; iptables -A INPUT -p tcp --dport 443 -j ACCEPT

Why: Option C is correct because it sets the default policy for the INPUT chain to DROP, which blocks all incoming traffic by default, and then explicitly adds rules to ACCEPT TCP traffic on ports 80 (HTTP) and 443 (HTTPS). This implements a whitelist approach: only the specified services are allowed, and all other incoming packets are dropped by the default policy. The order is critical — the ACCEPT rules must be evaluated before the default DROP policy takes effect for unmatched traffic.
Q6
mediumFull explanation →

A Linux administrator is hardening a server. Which TWO actions are effective in preventing unauthorized access via SSH? (Select TWO.)

A

Set PermitRootLogin yes

B

Set PasswordAuthentication yes

C

Disable the SSH service

D

Set PermitRootLogin no in /etc/ssh/sshd_config

Prevents direct root login.

E

Set PasswordAuthentication no and use SSH keys

Eliminates password-based attacks.

Why: Option D is correct because setting `PermitRootLogin no` in `/etc/ssh/sshd_config` prevents direct root login via SSH, forcing administrators to log in as a regular user and then use `su` or `sudo` for privilege escalation. This reduces the attack surface by eliminating the ability to brute-force the root password directly over SSH.

Want more Security practice?

Practice this domain
2

Domain 2: Troubleshooting

All Troubleshooting questions
Q1
mediumFull explanation →

A system administrator notices that a service named 'myapp' fails to start on a Linux server. The command 'systemctl status myapp' shows 'Active: failed (Result: exit-code)'. Which of the following is the BEST first step to diagnose the issue?

A

Run 'journalctl -u myapp.service' to inspect the service logs.

journalctl with the unit flag shows logs for that specific service, revealing startup errors.

B

Run 'dmesg' to view kernel messages.

C

Run 'ps aux | grep myapp' to check if the process is running.

D

Edit the service file with 'systemctl edit myapp' and increase timeout values.

Why: The 'journalctl -u myapp.service' command retrieves the systemd journal logs specifically for the myapp service, which contain the service's stdout, stderr, and any error messages generated during its failed startup attempt. Since the service failed with an exit code, these logs are the most direct source of diagnostic information to identify why the process terminated abnormally.
Q2
easyFull explanation →

A user reports that they receive 'Permission denied' when trying to run a script located in their home directory. The script has permissions -rw-rw-r-- and is owned by the user. Which command should the user run to resolve the issue?

A

chmod g-w script.sh

B

sudo chown user:user script.sh

C

chmod u+x script.sh

Adds execute permission for the owner, allowing the script to run.

D

chmod a+x script.sh

Why: The script has permissions -rw-rw-r--, meaning the owner (user) has read and write but not execute permission. To run it as a script, the execute bit must be set for the owner. The command chmod u+x script.sh adds execute permission for the user, allowing them to run the script directly.
Q3
hardFull explanation →

A Linux administrator is troubleshooting network connectivity. The server can ping its own IP address but cannot ping the default gateway. The output of 'ip route show' is: 'default via 10.0.0.1 dev eth0 proto static metric 100'. The output of 'ping -c 1 10.0.0.1' fails with 'Destination Host Unreachable'. Which of the following is the MOST likely cause?

A

The eth0 interface is down.

B

The gateway is down or not responding.

C

The default gateway is not set.

D

The subnet mask on eth0 is incorrect, causing the gateway to be considered on a different network.

A wrong subnet mask can make the gateway appear on a different subnet, leading to 'unreachable'.

Why: The server can ping its own IP address, confirming that the local network stack and the eth0 interface are operational. However, the 'Destination Host Unreachable' error when pinging the default gateway (10.0.0.1) indicates that the host does not have a valid route to that destination. Since the default route exists, the most likely cause is an incorrect subnet mask on eth0, which causes the kernel to treat the gateway as being on a different network, thus failing to send ARP requests or forward packets to it.
Q4
mediumFull explanation →

A Linux server is running low on disk space in the /var partition. The administrator runs 'du -sh /var/log/*' and finds that /var/log/syslog is 10 GB. Which of the following is the BEST long-term solution to prevent recurrence?

A

Manually truncate the syslog file with '> /var/log/syslog'.

B

Delete the syslog file and restart the syslog service.

C

Configure logrotate to rotate and compress the syslog file daily.

logrotate automates rotation, keeping log sizes manageable.

D

Increase the log rotation frequency in /etc/logrotate.conf to monthly.

Why: Option C is correct because logrotate is the standard Linux utility for managing log file growth. By configuring logrotate to rotate and compress /var/log/syslog daily, the system automatically archives old logs and prevents a single file from consuming excessive disk space, addressing the root cause without manual intervention.
Q5
easyFull explanation →

A user cannot access a directory '/data/projects' even though they are in the 'projects' group. The directory permissions are 'drwxr-x---' and the group owner is 'projects'. Which command should the administrator run to grant the group write permission?

A

chmod g+w /data/projects

Adds write permission for the group.

B

chmod o+w /data/projects

C

chmod u+w /data/projects

D

chown :projects /data/projects

Why: The directory '/data/projects' has permissions 'drwxr-x---', meaning the group owner 'projects' currently has read and execute (r-x) but not write (w) access. Since the user is a member of the 'projects' group, the administrator needs to add write permission for the group using 'chmod g+w /data/projects'. This directly modifies the group permission bits to grant write access without affecting other permissions.
Q6
mediumFull explanation →

Which TWO commands can be used to display the amount of free and used memory on a Linux system?

A

df -h

B

du -sh

C

free -h

free displays memory usage in human-readable format.

D

cat /proc/meminfo

/proc/meminfo contains detailed memory information.

E

iostat

Why: The `free -h` command displays the total, used, and free physical memory (RAM) and swap space in a human-readable format. The `cat /proc/meminfo` command reads the kernel's memory statistics directly from the virtual filesystem, providing detailed information about memory usage, including free, available, buffered, and cached memory. Both commands are standard tools for inspecting memory utilization on a Linux system.

Want more Troubleshooting practice?

Practice this domain
3

Domain 3: Scripting, Containers and Automation

All Scripting, Containers and Automation questions
Q1
mediumFull explanation →

A DevOps engineer needs to ensure that a containerized web application always restarts automatically if the container exits unexpectedly. Which Docker run option should be used?

A

--restart=on-failure

B

--restart=unless-stopped

C

--restart=no

D

--restart=always

Always restarts regardless of exit status.

Why: The `--restart=always` policy ensures that the container restarts regardless of the exit code or reason for termination, including unexpected crashes. This is the correct choice for a containerized web application that must maintain high availability by automatically recovering from any unexpected exit.
Q2
easyFull explanation →

A system administrator wants to create a new user and set a password in a single command as part of a provisioning script. Which command accomplishes this?

A

passwd user1 password

B

echo 'user1:password' | chpasswd

correctly reads from stdin.

C

useradd -m -p password user1

D

usermod -p password user1

Why: Option B is correct because the `chpasswd` command reads username:password pairs from standard input, allowing a single command to create or update a user's password. When combined with `echo`, it sets the password for a new or existing user in one line, which is ideal for provisioning scripts. The `-p` option in `useradd` expects an already-hashed password, not a plaintext one, and `passwd` does not accept the password as an argument for security reasons.
Q3
hardFull explanation →

A Linux server that hosts a critical database application has been experiencing occasional kernel panics. The administrator wants to ensure the system automatically reboots after a panic and logs the crash dump. Which sysctl parameter should be set?

A

kernel.panic_on_warn = 10

B

kernel.panic_on_oops = 10

C

kernel.panic_print = 10

D

kernel.panic = 10

Sets seconds before reboot after panic.

Why: Option D is correct because setting `kernel.panic = 10` instructs the Linux kernel to wait 10 seconds after a kernel panic before automatically rebooting. This ensures the system recovers without manual intervention, and combined with a configured crash dump mechanism (e.g., kdump), the crash dump is captured before the reboot.
Q4
easyFull explanation →

A developer wants to run a container with a specific command that overrides the default entrypoint. Which Docker command should be used?

A

docker run myimage /bin/bash

B

docker exec myimage /bin/bash

C

docker run --entrypoint /bin/bash myimage

Overrides ENTRYPOINT.

D

docker start myimage /bin/bash

Why: Option C is correct because the `--entrypoint` flag in `docker run` allows you to override the default entrypoint defined in the Docker image. By specifying `--entrypoint /bin/bash`, the container will start with `/bin/bash` as its entrypoint, ignoring any `ENTRYPOINT` or `CMD` instructions in the Dockerfile. This is the standard Docker syntax for replacing the entrypoint at runtime.
Q5
hardFull explanation →

A senior administrator is troubleshooting a shell script that fails to execute properly. The script starts with #!/bin/bash and has execute permissions. Which of the following could cause the script to fail to run when invoked as ./script.sh?

A

The shebang line is not on the first line.

B

The script contains carriage return characters (\r).

Can cause 'No such file or directory'.

C

The script uses #!/bin/sh instead of bash.

D

The script starts with a byte order mark (BOM).

Why: Option B is correct because carriage return characters (\r) are a common issue when scripts are edited on Windows and then transferred to Linux. The shebang line #!/bin/bash expects a Unix-style line ending (LF), but \r characters cause the shell to interpret the command interpreter as '/bin/bash\r', which is not a valid executable path. This results in a 'No such file or directory' error when the script is invoked as ./script.sh, even though permissions are correct.
Q6
mediumFull explanation →

A cloud engineer needs to automate the deployment of a new virtual machine with a specific configuration using Ansible. Which file format is typically used for Ansible playbooks?

A

JSON

B

YAML

Standard for playbooks.

C

XML

D

INI

Why: Ansible playbooks are written in YAML (YAML Ain't Markup Language) because it is human-readable, supports complex data structures like lists and dictionaries, and is designed for configuration management. YAML's indentation-based syntax aligns with Ansible's declarative approach, allowing tasks, variables, and handlers to be defined cleanly without the overhead of brackets or tags.

Want more Scripting, Containers and Automation practice?

Practice this domain
4

Domain 4: System Management

All System Management questions
Q1
easyFull explanation →

A system administrator needs to determine which process is using the most memory on a Linux server. Which command should be used to display processes sorted by memory usage?

A

top -o %MEM

B

vmstat 1 5

C

ps aux --sort=-%mem

Correctly sorts processes by memory usage descending.

D

free -m

Why: Option C is correct because `ps aux --sort=-%mem` lists all processes with detailed information and sorts them by memory usage in descending order, showing the most memory-intensive process first. The `-%mem` flag specifies sorting by the %MEM column (resident set size as a percentage of total physical memory) in reverse order, which directly answers the requirement to determine which process is using the most memory.
Q2
mediumFull explanation →

A Linux system is experiencing high CPU load. The administrator runs 'top' and sees that the 'kworker' processes are consuming significant CPU time. What is the most likely cause?

A

A kernel module memory leak

B

A hardware interrupt storm caused by a failing disk controller

kworker handles workqueues; hardware issues cause interrupts.

C

A user process stuck in an infinite loop

D

Insufficient memory causing swapping

Why: The 'kworker' processes in the 'top' output indicate kernel workqueue threads that handle deferred work. High CPU usage by kworker is typically caused by a hardware interrupt storm, often from a failing disk controller or other faulty hardware generating excessive interrupts that the kernel must service. This forces the workqueue to constantly process interrupt-related tasks, consuming significant CPU time.
Q3
hardFull explanation →

A company requires that all systems be configured to log all authentication attempts, both successful and failed. Which configuration file and directive should be used to ensure all auth messages are logged to /var/log/secure?

A

In /etc/rsyslog.conf: *.info /var/log/secure

B

In /etc/rsyslog.conf: auth.* /var/log/secure

C

In /etc/rsyslog.conf: authpriv.* /var/log/secure

Correct facility and action.

D

In /etc/rsyslog.conf: kern.* /var/log/secure

Why: In rsyslog, the `authpriv` facility covers authentication and authorization messages, including both successful and failed login attempts. The directive `authpriv.* /var/log/secure` directs all messages from this facility to `/var/log/secure`, which is the standard secure log file on RHEL/CentOS systems. This meets the requirement to log all authentication attempts.
Q4
easyFull explanation →

An administrator needs to update the system time using an NTP server immediately without waiting for the next scheduled sync. Which command should be used?

A

timedatectl set-ntp true

B

systemctl start ntpd

C

ntpq -p

D

ntpdate pool.ntp.org

Forces immediate time sync.

Why: The `ntpdate` command is used to immediately synchronize the system clock with an NTP server, bypassing the daemon-based scheduled sync. Option D runs `ntpdate pool.ntp.org`, which performs a one-time query and sets the time instantly, making it the correct choice for an immediate update.
Q5
mediumFull explanation →

A Linux server runs a web application that frequently runs out of file descriptors. Which configuration change would permanently increase the maximum number of open files for all users?

A

Set 'fs.file-max = 65536' in /etc/sysctl.conf

B

Add 'session required pam_limits.so' to /etc/pam.d/login

C

Run 'ulimit -n 65536' in a startup script

D

Edit /etc/security/limits.conf and add 'soft nofile 65536' and 'hard nofile 65536'

Correct file and syntax.

Why: Option D is correct because editing /etc/security/limits.conf with both 'soft nofile' and 'hard nofile' entries permanently raises the per-user limit on open file descriptors for all users (or specified users/groups) at login. The soft limit is the current working limit, while the hard limit is the maximum ceiling; setting both ensures the user can reach the desired value without needing to run ulimit with root privileges.
Q6
mediumFull explanation →

A system administrator needs to configure a cron job to run a script every Monday at 3:00 AM. Which two cron expressions are correct? (Select TWO).

A

0 3 * * 0

B

0 3 1 * 1

C

0 3 * * 1

Correct: minute 0, hour 3, any day, any month, Monday.

D

0 3 * * 1-5

E

0 3 * * Mon

Correct: uses weekday name.

Why: Option C is correct because the cron expression `0 3 * * 1` schedules the script to run at minute 0, hour 3 (3:00 AM), every day of the month (`*`), every month (`*`), and on Monday (day-of-week 1, where 0=Sunday, 1=Monday). Option E is correct because cron also accepts three-letter abbreviations for days of the week, so `Mon` is equivalent to `1`.

Want more System Management practice?

Practice this domain

Frequently asked questions

How many questions are on the XK0-005 exam?

The XK0-005 exam has 90 questions and must be completed in 90 minutes. The passing score is 720/1000.

What types of questions appear on the XK0-005 exam?

Multiple-choice and performance-based questions on Linux system administration, scripting, security, storage, and virtualisation. Some questions are performance-based (PBQs), asking you to complete tasks in a simulated environment.

How are XK0-005 questions organised by domain?

The exam covers 4 domains: Security, Troubleshooting, Scripting, Containers and Automation, System Management. Questions are weighted by domain — higher-weight domains appear more on your actual exam.

Are these the actual XK0-005 exam questions?

No. These are original exam-style practice questions written against the official CompTIA XK0-005 exam objectives. They are not copied from the real exam. Courseiva focuses on genuine understanding, not memorisation of braindumps.

Ready to practice all 90 XK0-005 questions?

Courseiva tracks your accuracy per domain and routes you toward weak areas automatically. Free, no account required.

Browse all XK0-005 questionsTake a timed practice test