Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Security practice sets

XK0-005 Security • Complete Question Bank

XK0-005 Security — All Questions With Answers

Complete XK0-005 Security question bank — all 0 questions with answers and detailed explanations.

96
Questions
Free
No signup
Certifications/XK0-005/Practice Test/Security/All Questions
Question 1mediummultiple choice
Read the full Security explanation →

A system administrator notices that an unauthorized user gained access to a server via SSH using a compromised user account. Which security measure should be implemented to prevent such attacks in the future?

Question 2hardmultiple choice
Read the full Security explanation →

A Linux administrator needs to ensure that only the root user can run commands in the /usr/local/bin/scripts directory. Which command should be used to set the appropriate permissions?

Question 3easymultiple choice
Read the full Security explanation →

A security audit reveals that the /etc/shadow file has permissions 777. Which command should be used to correct this vulnerability?

Question 4mediummultiple choice
Read the full Security explanation →

A Linux server is configured to allow SSH access for remote administration. The security team wants to limit SSH access to only users in the 'ssh-users' group. Which configuration should be added to /etc/ssh/sshd_config?

Question 5hardmultiple choice
Read the full Security explanation →

A Linux administrator is configuring a firewall using iptables to allow incoming HTTP and HTTPS traffic but block all other incoming traffic. Which set of rules should be applied?

Question 6mediummulti select
Read the full Security explanation →

A Linux administrator is hardening a server. Which TWO actions are effective in preventing unauthorized access via SSH? (Select TWO.)

Question 7hardmulti select
Read the full Security explanation →

A security audit identified that the /tmp directory is world-writable. Which THREE steps should be taken to secure /tmp on a Linux system? (Select THREE.)

Question 8mediummultiple choice
Read the full Security explanation →

Refer to the exhibit. The system administrator runs the command 'auditctl -l' and sees the above rules. What is the purpose of these audit rules?

Exhibit

Refer to the exhibit.

# auditctl -l
-w /etc/passwd -p wa -k passwd_changes
-w /etc/shadow -p wa -k shadow_changes
-w /etc/group -p wa -k group_changes
Question 9hardmultiple choice
Read the full Security explanation →

Refer to the exhibit. Alice is the owner of file.txt. Bob is a member of the staff group. What permissions does Bob have on file.txt?

Exhibit

Refer to the exhibit.

$ getfacl file.txt
# file: file.txt
# owner: alice
# group: staff
user::rw-
user:bob:r--
group::r--
mask::rw-
other::---
Question 10easymultiple choice
Read the full Security explanation →

A system administrator needs to restrict SSH access to a Linux server to only users in the 'sshusers' group. Which configuration change achieves this?

Question 11mediummultiple choice
Read the full Security explanation →

A security audit reveals that the /var/log directory has permissions 777. The administrator needs to ensure that only root can write to log files, while still allowing users to read system log files. Which command should the administrator run?

Question 12hardmultiple choice
Read the full Security explanation →

A company's security policy requires that all user passwords must expire every 90 days. The administrator runs 'chage -M 90 jdoe' for user jdoe. Which additional step ensures that the password expiration policy is enforced for all new users?

Question 13easymultiple choice
Read the full Security explanation →

A Linux administrator discovers that a user's home directory contains a file with setuid bit set, owned by root. The file is not part of any authorized software. What is the most appropriate immediate action?

Question 14mediummulti select
Read the full Security explanation →

Which TWO of the following are valid methods to enforce disk quota limits on a Linux filesystem? (Select TWO.)

Question 15hardmultiple choice
Read the full Security explanation →

Scenario: A financial services company runs a critical application on a Linux server that stores sensitive customer data. The server is configured with a firewall (iptables) that only allows SSH (port 22) and HTTPS (port 443) from the internal network (10.0.0.0/8). Recently, the security team detected unauthorized access attempts from an external IP address (203.0.113.5) targeting port 22. The administrator needs to block this specific IP while maintaining current access rules. The existing iptables rules are: - INPUT chain policy ACCEPT - Rule 1: -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT - Rule 2: -A INPUT -p tcp --dport 22 -s 10.0.0.0/8 -j ACCEPT - Rule 3: -A INPUT -p tcp --dport 443 -s 10.0.0.0/8 -j ACCEPT - Rule 4: -A INPUT -j DROP The administrator wants to block 203.0.113.5 from any access. Which command should be added?

Question 16mediummultiple choice
Read the full Security explanation →

Scenario: A cloud hosting company uses SELinux in enforcing mode on all Linux servers. A developer reports that a custom web application running under Apache (httpd) is unable to write log files to /var/log/myapp/. The directory /var/log/myapp/ has permissions 755 and is owned by root:root. The httpd process runs as the 'apache' user. The administrator checks SELinux context: /var/log/myapp is labeled with default_t type. The administrator wants to allow httpd to write to this directory while maintaining security. Which command should the administrator run?

Question 17mediummultiple choice
Read the full Security explanation →

A systems administrator needs to restrict SSH access to a Linux server so that only users in the 'sshusers' group can log in. Which configuration change should be made in /etc/ssh/sshd_config?

Question 18hardmulti select
Read the full Security explanation →

An administrator runs auditctl -l and ausearch -k auth_log -ts today as shown in the exhibit. The administrator expects to see audit events for /var/log/auth.log but gets no matches. Which TWO actions should the administrator take to resolve this issue?

Exhibit

Refer to the exhibit.

# auditctl -l
LIST_RULES: syscall=openat,open,creat,truncate,ftruncate key=file_monitor
-a always,exclude -F msgtype=CRED_DISP
-w /etc/passwd -p wa -k passwd_changes
-w /etc/shadow -p wa -k shadow_changes
-w /etc/group -p wa -k group_changes
-w /var/log/auth.log -p wa -k auth_log

# ausearch -k auth_log -ts today
<no matches>
Question 19easymultiple choice
Read the full Security explanation →

You are a systems administrator for a small company. The company uses a Linux server running Ubuntu 22.04 LTS that hosts a web application and a PostgreSQL database. The server has two network interfaces: eth0 (public IP) and eth1 (private IP). The web application listens on port 443 (HTTPS) on eth0, and the PostgreSQL database listens on port 5432 on eth1. The company security policy requires that only the web application should be accessible from the internet; all other ports must be blocked on the public interface. Additionally, SSH access should be allowed only from the internal network (192.168.1.0/24). The current iptables rules are as follows:

-P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT

There are no other rules. You need to implement the security policy using iptables. Which of the following sets of commands will achieve the required security policy?

Question 20mediumdrag order
Read the full Security explanation →

Drag and drop the steps to configure a static IP address using the command line in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 21mediumdrag order
Read the full Security explanation →

Drag and drop the steps to configure a firewall rule using iptables to allow SSH in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 22mediumdrag order
Read the full Security explanation →

Drag and drop the steps to recover a forgotten root password in single-user mode in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 23mediummatching
Read the full Security explanation →

Match each Linux runlevel to its standard systemd target.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

poweroff.target

rescue.target

multi-user.target

graphical.target

reboot.target

Question 24mediummatching
Read the full Security explanation →

Match each Linux networking command to its purpose.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Show/manipulate routing, devices, tunnels

Investigate sockets

Manage NetworkManager

Capture network packets

Network exploration/security scanning

Question 25mediummatching
Read the full Security explanation →

Match each Linux boot component to its role.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Bootloader

Initial RAM disk

Init system and service manager

Compressed Linux kernel

Tool to create initramfs

Question 26easymultiple choice
Read the full Security explanation →

A junior administrator accidentally modified the /etc/sudoers file and now users report not being able to use sudo. Which command should be used to safely edit the sudoers file?

Question 27mediummultiple choice
Read the full Security explanation →

A security policy requires that SSH root login be disabled, but key-based authentication for users should remain enabled. Which configuration line should be added to /etc/ssh/sshd_config?

Question 28hardmultiple choice
Read the full Security explanation →

An administrator needs to audit all write operations to the /etc/shadow file. Which audit rule should be added to /etc/audit/rules.d/audit.rules?

Question 29easymultiple choice
Read the full Security explanation →

A shared directory requires that any new files created within it are automatically writable by the group. What umask value should be set for users working in this directory?

Question 30mediummultiple choice
Review the full subnetting walkthrough →

A security policy requires that SSH access be allowed only from the internal management subnet 10.10.10.0/24. Which firewalld rich rule should be added?

Question 31hardmultiple choice
Read the full Security explanation →

An Apache web server (httpd) is serving content from a custom directory /webapps/company. The root directory is labeled with the default_t context, causing httpd to be denied access. Which command should the administrator use to persistently relabel the directory for httpd access?

Question 32mediummultiple choice
Read the full Security explanation →

The company password policy requires minimum length, complexity, and that passwords cannot be based on dictionary words. Which file should be edited to configure these settings via pam_pwquality?

Question 33easymultiple choice
Read the full NAT/PAT explanation →

A security engineer needs to verify the authenticity of a downloaded file using its detached GPG signature (file.sig). Which command should be used?

Question 34hardmultiple choice
Read the full Security explanation →

An application running under an AppArmor profile is being denied access to log files. The administrator wants to troubleshoot by allowing all actions and logging denials. Which command will switch the profile to complain mode?

Question 35easymulti select
Read the full Security explanation →

Which TWO commands can be used to change the group ownership of a file? (Choose exactly two.)

Question 36mediummulti select
Read the full Security explanation →

Which THREE are best practices for securing a Linux server? (Choose exactly three.)

Question 37hardmulti select
Read the full Security explanation →

Which TWO commands are used to manage SSH key-based authentication processes? (Choose exactly two.)

Question 38mediummultiple choice
Read the full Security explanation →

A user on a workstation with IP 192.168.1.100 reports being unable to SSH to the server with IP 10.0.0.5. Based on the exhibit, what is the most likely cause?

Network Topology
0 0 ACCEPT alllo * 0.0.0.0/020 1200 ACCEPT all5 300 ACCEPT tcp0 0 LOG all1000 50000 DROP all* * 0.0.0.0/0Refer to the exhibit.
Question 39easymultiple choice
Read the full Security explanation →

A security audit reveals a misconfiguration. Which file has insecure permissions that could allow unauthorized users to read password hashes?

Network Topology
-rw-rr-rw-rw-rRefer to the exhibit.$ ls -la /etc/shadow$ ls -la /etc/passwd
Question 40hardmultiple choice
Read the full Security explanation →

Based on the exhibit, what is the purpose of the audit rule?

Exhibit

Refer to the exhibit.

# auditctl -l
LIST_RULES: exit,always auid>=1000 auid!=4294967295 (0xffffffff) syscall=open key=user-open

# ausearch -k user-open
----
time->Thu Jan  1 12:00:00 2025
type=SYSCALL msg=audit(1735689600.123:456): arch=c000003e syscall=2 success=yes exit=3 a0=7ffe... a1=0 a2=1c a3=7f... items=1 ppid=1234 pid=5678 auid=1001 uid=1001 gid=1001 euid=1001 suid=1001 fsuid=1001 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=1 comm="cat" exe="/usr/bin/cat" key="user-open"
Question 41easymultiple choice
Read the full Security explanation →

A system administrator needs to ensure that only specific users can execute the 'sudo' command. Which configuration file should be modified?

Question 42easymultiple choice
Read the full Security explanation →

Which tool is used for encrypting files with public-key cryptography on Linux systems?

Question 43easymultiple choice
Read the full Security explanation →

Which command can be used to display the current user's effective user ID and group memberships?

Question 44mediummultiple choice
Read the full Security explanation →

A security policy requires that user passwords must expire every 90 days. Which command can enforce this policy for user 'jsmith'?

Question 45mediummultiple choice
Read the full Security explanation →

An administrator needs to ensure that the SSH service only allows key-based authentication and disables password authentication. Which configuration file and directive should be modified?

Question 46mediummultiple choice
Read the full Security explanation →

A security audit reveals that the /var/log directory has permissions 777. Which command should restore secure permissions, assuming the owner is root and group is adm?

Question 47hardmultiple choice
Read the full Security explanation →

A company is implementing a security policy that requires all files created in a shared directory /data to be owned by the group 'engineers' and have group read/write permissions, regardless of the user's umask. Which approach should be used?

Question 48hardmultiple choice
Read the full Security explanation →

An administrator is configuring a Linux firewall to allow incoming SSH (port 22) and HTTPS (port 443) traffic while denying all other incoming traffic. Using iptables, which set of commands achieves this?

Question 49hardmultiple choice
Read the full Security explanation →

A security policy requires auditing of all file access attempts. Which Linux kernel feature should be used?

Question 50easymulti select
Read the full Security explanation →

A system administrator wants to restrict SSH access to a specific group of users. Which two methods can achieve this? (Select TWO.)

Question 51mediummulti select
Read the full Security explanation →

A security audit identifies that the system's /etc/passwd file is world-readable. Which three security issues does this pose? (Select THREE.)

Question 52hardmulti select
Read the full Security explanation →

An administrator notices that a user's crontab file is not executing. Which two commands can the administrator use to verify the user's crontab configuration? (Select TWO.)

Question 53mediummultiple choice
Read the full Security explanation →

An Apache web server hosted on a Linux system is unable to connect to a backend database server on port 3306. Based on the exhibit, which action should the administrator take to resolve the issue?

Network Topology
-rw-rrRefer to the exhibit.$ getenforceEnforcinghttpd_can_network_connect offhttpd_enable_home_dirs offhttpd_use_nfs off$ ls -Z /var/www/html/
Question 54hardmultiple choice
Read the full Security explanation →

A security policy requires that user passwords must expire after 90 days. The output in the exhibit shows the current configuration for the root user. Which command should the administrator run to enforce the policy for root?

Exhibit

Refer to the exhibit.

$ cat /etc/shadow
root:$6$xyz...:18000:0:99999:7:::
$ sudo passwd -S root
root P 08/15/2024 0 99999 7 -1
$ sudo chage -l root
Last password change                                    : Aug 15, 2024
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7
Question 55easymultiple choice
Read the full Security explanation →

A user can access a web server on this Linux system via HTTPS but cannot connect via SSH. Based on the exhibit, what is the most likely cause?

Exhibit

Refer to the exhibit.

$ sudo iptables -L -n -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination
  10   540 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443
Question 56easymultiple choice
Read the full Security explanation →

A system administrator is tasked with ensuring that users cannot delete files owned by other users in a shared directory. Which permission should be set on the directory?

Question 57easymultiple choice
Read the full Security explanation →

An administrator needs to allow a user to run all commands as root without a password. Which sudoers entry accomplishes this?

Question 58easymultiple choice
Read the full Security explanation →

A Linux server is configured to use Pluggable Authentication Modules (PAM). Which file is used to define the authentication order for the 'sshd' service?

Question 59mediummultiple choice
Read the full Security explanation →

A security policy requires that all SUID files be identified and reviewed. Which command can recursively find SUID files?

Question 60mediummultiple choice
Read the full Security explanation →

An administrator wants to restrict SSH access to only users in the 'sshusers' group. Which configuration should be added to /etc/ssh/sshd_config?

Question 61mediummultiple choice
Read the full Security explanation →

A technician notices that a user can execute a binary with elevated privileges even though the user is not in the sudoers file. The binary has the SUID bit set. Which command would remove the SUID bit from the binary?

Question 62hardmultiple choice
Read the full Security explanation →

A security audit reveals that a server's /etc/shadow file is readable by all users. Which command would correctly fix the permissions?

Question 63hardmultiple choice
Read the full Security explanation →

A server is secured with SELinux in enforcing mode. A custom web application needs to write logs to /var/log/webapp. The SELinux type for httpd is httpd_t. Which command sets the correct context for the log directory?

Question 64hardmultiple choice
Read the full Security explanation →

An administrator is configuring a chroot jail for an SFTP user. Which directive in /etc/ssh/sshd_config is used for this purpose?

Question 65mediummulti select
Read the full Security explanation →

A security policy requires that user passwords must expire every 60 days and users should be warned 7 days before expiration. Which two commands can be used to set these policies? (Select TWO).

Question 66mediummulti select
Read the full Security explanation →

A system administrator wants to encrypt a large directory of files using GPG with a symmetric cipher. Which two steps are necessary? (Select TWO).

Question 67hardmulti select
Read the full Security explanation →

An administrator is hardening a Linux server. Which three of the following actions reduce the attack surface? (Select THREE).

Question 68easymultiple choice
Read the full Security explanation →

Based on the exhibit, what best describes the security implication?

Exhibit

Refer to the exhibit.
ls -la /usr/bin/passwd
-rwsr-xr-x 1 root root 68208 Apr  1  2024 /usr/bin/passwd
Question 69mediummultiple choice
Read the full Security explanation →

What is the effect of the firewall rules shown?

Network Topology
0 0 ACCEPT alllo * 0.0.0.0/00 0 ACCEPT tcp0 0 ACCEPT icmpRefer to the exhibit.iptables -L INPUT -v -n
Question 70hardmultiple choice
Read the full Security explanation →

An administrator notices that new SSH sessions fail for all users. Which line in the exhibit is most likely causing the failure?

Exhibit

Refer to the exhibit.
/etc/pam.d/sshd:
auth       required     pam_sepermit.so
auth       substack     password-auth
auth       include      postlogin
account    required     pam_nologin.so
account    include      password-auth
password   include      password-auth
session    required     pam_selinux.so close
session    required     pam_loginuid.so
session    required     pam_selinux.so open
session    required     pam_namespace.so
session    optional     pam_keyinit.so force revoke
session    include      password-auth
session    include      postlogin
Question 71easymultiple choice
Read the full Security explanation →

A security policy requires that user home directories have permissions set so that only the owner has access. A new user 'john' has a home directory with permissions 755. Which command should the administrator run to enforce the policy?

Question 72easymultiple choice
Read the full Security explanation →

After a security audit, it is recommended to disable SSH password authentication in favor of key-based authentication. Which configuration line should be set in /etc/ssh/sshd_config?

Question 73easymultiple choice
Read the full Security explanation →

A system administrator wants to ensure that the /tmp directory is mounted with noexec to prevent code execution from temporary files. Which file should be modified to persist this across reboots?

Question 74mediummultiple choice
Read the full Security explanation →

A web server on RHEL 8 is serving content from a non-default directory /data/web. The SELinux context is set to default_t for the directory, causing access denials. Which command should be used to set the correct context for web content?

Question 75mediummultiple choice
Review the full subnetting walkthrough →

A Linux administrator needs to configure a firewall to allow incoming SSH connections only from the 192.168.1.0/24 subnet. The current iptables INPUT policy is ACCEPT. Which set of rules should be added?

Question 76mediummultiple choice
Read the full Security explanation →

A Linux administrator is troubleshooting login issues. Users can log in using SSH but not through the local console or graphical display manager. The /etc/pam.d/system-auth file was recently modified. Which PAM module is likely misconfigured?

Question 77hardmultiple choice
Read the full Security explanation →

An administrator is investigating a system that may have been compromised. The 'aide' database was created six months ago. After running 'aide --check', many files in /usr/bin are reported as changed. Which action should the administrator take first to identify the cause?

Question 78hardmultiple choice
Read the full Security explanation →

A server running Ubuntu 22.04 has AppArmor enabled. After installing a new application, the application is denied access to certain files even though the permissions are correct. The administrator checks the AppArmor profile and finds it is in enforce mode. Which command can be used to temporarily set the profile to complain mode to generate log entries for needed accesses?

Question 79hardmultiple choice
Read the full Security explanation →

A Red Hat Enterprise Linux 8 system is configured with SELinux in enforcing mode. A custom application needs to write to a file in /var/log. The audit log shows an AVC denial for httpd_t attempting to write to var_log_t. Which of the following is the most appropriate persistent solution?

Question 80easymulti select
Read the full Security explanation →

Which TWO of the following are best practices for securing the GRUB boot loader?

Question 81mediummulti select
Read the full Security explanation →

Which THREE of the following actions can help prevent unauthorized access to a Linux server via SSH?

Question 82hardmulti select
Read the full Security explanation →

Which TWO tools are specifically designed to detect rootkits on a Linux system?

Question 83easymultiple choice
Read the full Security explanation →

Refer to the exhibit. After adding a firewall rule, the web server becomes unreachable from the internal network 192.168.1.0/24. Which line is the cause?

Network Topology
-A INPUT -p tcpdport 80 -j DROPRefer to the exhibit.```*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [0:0]COMMIT
Question 84mediummultiple choice
Read the full Security explanation →

Refer to the exhibit. A web application running under Apache cannot write to /var/log/app.log. The file has permissions 664 and is owned by apache. What is the correct action to allow writes while maintaining SELinux policies?

Exhibit

Refer to the exhibit.
```
type=AVC msg=audit(1234567890.123:45): avc: denied { write } for pid=1234 comm="httpd" name="app.log" dev=sda1 ino=56789 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:var_log_t:s0 tclass=file
```
Question 85hardmultiple choice
Read the full NAT/PAT explanation →

A company uses a Linux server running Ubuntu 22.04 LTS as a file server to share documents via Samba. The server has been in operation for over a year without issues. Following a routine system update that included kernel patches and updated Samba packages, users began reporting that they could no longer access any shared folders. The administrator verifies that the smbd and nmbd services are running and have not failed. The Samba configuration has not been changed recently. The server uses ufw as its firewall. When the administrator runs 'ufw status', the output shows that only SSH (port 22) is allowed. The administrator checks for SELinux but finds it is not installed; however, AppArmor is active and the smbd profile is in enforce mode. The administrator examines the AppArmor logs and finds no denials related to smbd. Which of the following is the most likely reason for the connectivity failure?

Question 86mediummultiple choice
Read the full Security explanation →

A systems administrator notices that users can successfully authenticate via SSH using their password, but cannot log in via the console. The /etc/securetty file exists and contains only the default entries. Which configuration change is most likely to resolve the issue?

Question 87hardmultiple choice
Read the full Security explanation →

An administrator needs to ensure that /var/log/secure is only readable by members of the 'adm' group and is not accessible by any other user. Additionally, new files created in /var/log should inherit the group ownership 'adm'. Which set of commands achieves this?

Question 88easymulti select
Read the full Security explanation →

A security team wants to implement mandatory access control (MAC) on a Linux server to confine a potentially vulnerable daemon. Which TWO of the following technologies can be used for this purpose?

Question 89mediummulti select
Read the full Security explanation →

An administrator needs to restrict SSH access to the server so that only a specific IP range (192.168.1.0/24) can connect, and password authentication is disabled. Which THREE steps must be taken?

Question 90hardmultiple choice
Read the full Security explanation →

A company's web server running Apache on CentOS 7 has been compromised. The attacker exploited a vulnerability in the web application and gained access to the system as the 'apache' user. The administrator wants to prevent similar attacks in the future by hardening the server. Currently, the Apache process runs as the 'apache' user and can execute arbitrary code. The administrator considers enabling SELinux with targeted policy to confine the httpd daemon. However, after setting SELinux to enforcing and installing the 'httpd' SELinux package, the web server fails to serve pages over HTTPS. The administrator checks the audit log (/var/log/audit/audit.log) and sees denials related to port binding. What is the most likely cause of the issue?

Question 91easymultiple choice
Read the full Security explanation →

A junior administrator is tasked with setting up a file server using NFS on a Linux server. The /etc/exports file currently contains: /srv/nfs *(rw,sync,no_subtree_check). The administrator wants to restrict access to only the 192.168.10.0/24 network and require clients to use a privileged port (less than 1024) for added security. Additionally, the administrator wants to prevent root users on the client from having root access to the NFS share. Which exports configuration meets these requirements?

Question 92mediummultiple choice
Read the full Security explanation →

An administrator is auditing user accounts on a Linux system and finds that several users have accounts that are no longer needed. Instead of deleting the accounts immediately, the administrator wants to lock the accounts and expire the passwords so that the users cannot log in, but the home directories and files are preserved. The administrator then wants to generate a report of all locked accounts and their last login time. Which commands and steps should the administrator use?

Question 93hardmultiple choice
Read the full Security explanation →

A Linux server in a DMZ is experiencing intermittent SSH lockouts. The /var/log/secure shows repeated failed login attempts from multiple IP addresses, but then suddenly the administrator cannot SSH in even with correct credentials. The administrator suspects a brute-force protection mechanism. The server uses PAM with pam_tally2 for login counting. The administrator checks /etc/pam.d/sshd and sees: auth required pam_tally2.so deny=3 unlock_time=300 onerr=succeed file=/var/log/tallylog. What is the most likely reason the administrator is locked out even after 5 minutes?

Question 94easymultiple choice
Read the full Security explanation →

A Linux administrator needs to implement file integrity monitoring to detect unauthorized changes to critical system binaries. The administrator decides to use the 'aide' tool. After installing AIDE and initializing the database with 'aide --init', the database is placed at /var/lib/aide/aide.db.new.gz. The administrator then runs 'aide --check' and receives several warnings about files in /tmp being modified. However, the administrator is not concerned about /tmp. What is the simplest way to exclude the /tmp directory from future checks?

Question 95mediummultiple choice
Read the full Security explanation →

A security audit reveals that the /etc/shadow file has permissions 0644 and is owned by root:shadow. The auditor states that this is a security risk because any local user can read password hashes. The administrator wants to fix the permissions to ensure that only root and the shadow group can read the file, and no one else can read it. Additionally, the administrator wants to set the immutable attribute on the file to prevent accidental modification. Which set of commands achieves the desired state?

Question 96mediummultiple choice
Read the full Security explanation →

A web server is running on the system but clients cannot connect to port 8080. Based on the exhibit, which command should the administrator run to allow traffic on port 8080?

Network Topology
$ sudo firewall-cmdlist-allRefer to the exhibit.public (active)target: defaulticmp-block-inversion: nointerfaces: eth0sources:services: dhcpv6-client sshports: 80/tcp 443/tcpprotocols:masquerade: noforward-ports:source-ports:icmp-blocks:rich rules:

Practice tests

Scored 10-question sessions with instant feedback and explanations.

XK0-005 Practice Test 1 — 10 Questions→XK0-005 Practice Test 2 — 10 Questions→XK0-005 Practice Test 3 — 10 Questions→XK0-005 Practice Test 4 — 10 Questions→XK0-005 Practice Test 5 — 10 Questions→XK0-005 Practice Exam 1 — 20 Questions→XK0-005 Practice Exam 2 — 20 Questions→XK0-005 Practice Exam 3 — 20 Questions→XK0-005 Practice Exam 4 — 20 Questions→Free XK0-005 Practice Test 1 — 30 Questions→Free XK0-005 Practice Test 2 — 30 Questions→Free XK0-005 Practice Test 3 — 30 Questions→XK0-005 Practice Questions 1 — 50 Questions→XK0-005 Practice Questions 2 — 50 Questions→XK0-005 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

SecurityTroubleshootingScripting, Containers and AutomationSystem Management

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Security setsAll Security questionsXK0-005 Practice Hub