CompTIA · Free Practice Questions · Last reviewed May 2026
24real exam-style questions organised by domain, each with the correct answer highlighted and a plain-English explanation of why it's right — and why the others are wrong.
A system administrator notices that an unauthorized user gained access to a server via SSH using a compromised user account. Which security measure should be implemented to prevent such attacks in the future?
Configure SSH to use key-based authentication only
Key-based authentication is more secure and prevents password attacks.
Disable SSH and use Telnet
Enforce a complex password policy
Allow all users to use sudo without passwords
A Linux administrator needs to ensure that only the root user can run commands in the /usr/local/bin/scripts directory. Which command should be used to set the appropriate permissions?
chmod 750 /usr/local/bin/scripts
chmod 700 /usr/local/bin/scripts
Owner (root) gets rwx; group and others have no access.
chmod 755 /usr/local/bin/scripts
chmod 770 /usr/local/bin/scripts
A security audit reveals that the /etc/shadow file has permissions 777. Which command should be used to correct this vulnerability?
chmod 660 /etc/shadow
chmod 600 /etc/shadow
Only root can read/write.
chmod 644 /etc/shadow
chmod 640 /etc/shadow
A Linux server is configured to allow SSH access for remote administration. The security team wants to limit SSH access to only users in the 'ssh-users' group. Which configuration should be added to /etc/ssh/sshd_config?
AllowUsers ssh-users
AllowGroups ssh-users
AllowGroups restricts SSH to group members.
DenyUsers root
PermitRootLogin yes
A Linux administrator is configuring a firewall using iptables to allow incoming HTTP and HTTPS traffic but block all other incoming traffic. Which set of rules should be applied?
iptables -P INPUT DROP; iptables -A INPUT -p tcp -j ACCEPT
iptables -P INPUT ACCEPT; iptables -A INPUT -p tcp --dport 80 -j ACCEPT; iptables -A INPUT -p tcp --dport 443 -j ACCEPT; iptables -A INPUT -j DROP
iptables -P INPUT DROP; iptables -A INPUT -p tcp --dport 80 -j ACCEPT; iptables -A INPUT -p tcp --dport 443 -j ACCEPT
Default DROP blocks all; allow only HTTP/HTTPS.
iptables -P INPUT ACCEPT; iptables -A INPUT -p tcp --dport 80 -j ACCEPT; iptables -A INPUT -p tcp --dport 443 -j ACCEPT
A Linux administrator is hardening a server. Which TWO actions are effective in preventing unauthorized access via SSH? (Select TWO.)
Set PermitRootLogin yes
Set PasswordAuthentication yes
Disable the SSH service
Set PermitRootLogin no in /etc/ssh/sshd_config
Prevents direct root login.
Set PasswordAuthentication no and use SSH keys
Eliminates password-based attacks.
Want more Security practice?
Practice this domainA system administrator notices that a service named 'myapp' fails to start on a Linux server. The command 'systemctl status myapp' shows 'Active: failed (Result: exit-code)'. Which of the following is the BEST first step to diagnose the issue?
Run 'journalctl -u myapp.service' to inspect the service logs.
journalctl with the unit flag shows logs for that specific service, revealing startup errors.
Run 'dmesg' to view kernel messages.
Run 'ps aux | grep myapp' to check if the process is running.
Edit the service file with 'systemctl edit myapp' and increase timeout values.
A user reports that they receive 'Permission denied' when trying to run a script located in their home directory. The script has permissions -rw-rw-r-- and is owned by the user. Which command should the user run to resolve the issue?
chmod g-w script.sh
sudo chown user:user script.sh
chmod u+x script.sh
Adds execute permission for the owner, allowing the script to run.
chmod a+x script.sh
A Linux administrator is troubleshooting network connectivity. The server can ping its own IP address but cannot ping the default gateway. The output of 'ip route show' is: 'default via 10.0.0.1 dev eth0 proto static metric 100'. The output of 'ping -c 1 10.0.0.1' fails with 'Destination Host Unreachable'. Which of the following is the MOST likely cause?
The eth0 interface is down.
The gateway is down or not responding.
The default gateway is not set.
The subnet mask on eth0 is incorrect, causing the gateway to be considered on a different network.
A wrong subnet mask can make the gateway appear on a different subnet, leading to 'unreachable'.
A Linux server is running low on disk space in the /var partition. The administrator runs 'du -sh /var/log/*' and finds that /var/log/syslog is 10 GB. Which of the following is the BEST long-term solution to prevent recurrence?
Manually truncate the syslog file with '> /var/log/syslog'.
Delete the syslog file and restart the syslog service.
Configure logrotate to rotate and compress the syslog file daily.
logrotate automates rotation, keeping log sizes manageable.
Increase the log rotation frequency in /etc/logrotate.conf to monthly.
A user cannot access a directory '/data/projects' even though they are in the 'projects' group. The directory permissions are 'drwxr-x---' and the group owner is 'projects'. Which command should the administrator run to grant the group write permission?
chmod g+w /data/projects
Adds write permission for the group.
chmod o+w /data/projects
chmod u+w /data/projects
chown :projects /data/projects
Which TWO commands can be used to display the amount of free and used memory on a Linux system?
df -h
du -sh
free -h
free displays memory usage in human-readable format.
cat /proc/meminfo
/proc/meminfo contains detailed memory information.
iostat
Want more Troubleshooting practice?
Practice this domainA DevOps engineer needs to ensure that a containerized web application always restarts automatically if the container exits unexpectedly. Which Docker run option should be used?
--restart=on-failure
--restart=unless-stopped
--restart=no
--restart=always
Always restarts regardless of exit status.
A system administrator wants to create a new user and set a password in a single command as part of a provisioning script. Which command accomplishes this?
passwd user1 password
echo 'user1:password' | chpasswd
correctly reads from stdin.
useradd -m -p password user1
usermod -p password user1
A Linux server that hosts a critical database application has been experiencing occasional kernel panics. The administrator wants to ensure the system automatically reboots after a panic and logs the crash dump. Which sysctl parameter should be set?
kernel.panic_on_warn = 10
kernel.panic_on_oops = 10
kernel.panic_print = 10
kernel.panic = 10
Sets seconds before reboot after panic.
A developer wants to run a container with a specific command that overrides the default entrypoint. Which Docker command should be used?
docker run myimage /bin/bash
docker exec myimage /bin/bash
docker run --entrypoint /bin/bash myimage
Overrides ENTRYPOINT.
docker start myimage /bin/bash
A senior administrator is troubleshooting a shell script that fails to execute properly. The script starts with #!/bin/bash and has execute permissions. Which of the following could cause the script to fail to run when invoked as ./script.sh?
The shebang line is not on the first line.
The script contains carriage return characters (\r).
Can cause 'No such file or directory'.
The script uses #!/bin/sh instead of bash.
The script starts with a byte order mark (BOM).
A cloud engineer needs to automate the deployment of a new virtual machine with a specific configuration using Ansible. Which file format is typically used for Ansible playbooks?
JSON
YAML
Standard for playbooks.
XML
INI
Want more Scripting, Containers and Automation practice?
Practice this domainA system administrator needs to determine which process is using the most memory on a Linux server. Which command should be used to display processes sorted by memory usage?
top -o %MEM
vmstat 1 5
ps aux --sort=-%mem
Correctly sorts processes by memory usage descending.
free -m
A Linux system is experiencing high CPU load. The administrator runs 'top' and sees that the 'kworker' processes are consuming significant CPU time. What is the most likely cause?
A kernel module memory leak
A hardware interrupt storm caused by a failing disk controller
kworker handles workqueues; hardware issues cause interrupts.
A user process stuck in an infinite loop
Insufficient memory causing swapping
A company requires that all systems be configured to log all authentication attempts, both successful and failed. Which configuration file and directive should be used to ensure all auth messages are logged to /var/log/secure?
In /etc/rsyslog.conf: *.info /var/log/secure
In /etc/rsyslog.conf: auth.* /var/log/secure
In /etc/rsyslog.conf: authpriv.* /var/log/secure
Correct facility and action.
In /etc/rsyslog.conf: kern.* /var/log/secure
An administrator needs to update the system time using an NTP server immediately without waiting for the next scheduled sync. Which command should be used?
timedatectl set-ntp true
systemctl start ntpd
ntpq -p
ntpdate pool.ntp.org
Forces immediate time sync.
A Linux server runs a web application that frequently runs out of file descriptors. Which configuration change would permanently increase the maximum number of open files for all users?
Set 'fs.file-max = 65536' in /etc/sysctl.conf
Add 'session required pam_limits.so' to /etc/pam.d/login
Run 'ulimit -n 65536' in a startup script
Edit /etc/security/limits.conf and add 'soft nofile 65536' and 'hard nofile 65536'
Correct file and syntax.
A system administrator needs to configure a cron job to run a script every Monday at 3:00 AM. Which two cron expressions are correct? (Select TWO).
0 3 * * 0
0 3 1 * 1
0 3 * * 1
Correct: minute 0, hour 3, any day, any month, Monday.
0 3 * * 1-5
0 3 * * Mon
Correct: uses weekday name.
Want more System Management practice?
Practice this domainThe XK0-005 exam has 90 questions and must be completed in 90 minutes. The passing score is 720/1000.
Multiple-choice and performance-based questions on Linux system administration, scripting, security, storage, and virtualisation. Some questions are performance-based (PBQs), asking you to complete tasks in a simulated environment.
The exam covers 4 domains: Security, Troubleshooting, Scripting, Containers and Automation, System Management. Questions are weighted by domain — higher-weight domains appear more on your actual exam.
No. These are original exam-style practice questions written against the official CompTIA XK0-005 exam objectives. They are not copied from the real exam. Courseiva focuses on genuine understanding, not memorisation of braindumps.
Courseiva tracks your accuracy per domain and routes you toward weak areas automatically. Free, no account required.