Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsEX200DomainsManage security
EX200Free — No Signup

Manage security

Practice EX200 Manage security questions with full explanations on every answer.

48questions

Start practicing

Manage security — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

EX200 Domains

Operate running systemsConfigure local storageCreate and configure file systemsDeploy, configure, and maintain systemsManage users and groupsManage securityManage containersCreate simple shell scriptsEssential Tools

Practice Manage security questions

10Q20Q30Q50Q

All EX200 Manage security questions (48)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

A junior admin needs to ensure that the 'apache' user (UID 48) cannot log in via SSH or console. Which command achieves this?

2

An administrator runs 'getenforce' and sees 'Enforcing'. They then run 'setenforce 0' but SELinux still denies access to a custom application. What is the most likely reason?

3

A system administrator wants to allow user 'jdoe' to execute any command as root via sudo without being prompted for a password, but only from the host 'client1.example.com'. Which sudoers rule achieves this?

4

A server's firewall is managed by firewalld. The admin adds a rule to allow HTTPS traffic to the public zone, but clients still cannot connect. What is the most likely cause?

5

Which TWO commands can be used to display SELinux contexts of files? (Choose two.)

6

Which THREE factors determine whether a local user can SSH into a Red Hat Enterprise Linux 9 system? (Choose three.)

7

Refer to the exhibit. A web server (httpd) is unable to serve files from a user's home directory. What is the most appropriate single command to resolve the issue?

8

You are the system administrator for a small company. A developer, Alice, needs to restart the web server (httpd.service) on server 'web1.example.com' without being prompted for a password. She should also be able to run any command as root on that server, but only from the server itself (not remotely). Currently, Alice can SSH into the server using her SSH key, but when she runs 'sudo systemctl restart httpd', she is prompted for her password. You have verified that Alice is in the 'wheel' group. The sudoers file currently has the line '%wheel ALL=(ALL) ALL'. You want to modify sudoers to satisfy the requirement with minimal privilege. Which action should you take?

9

A system administrator needs to configure a firewall using firewalld to allow incoming HTTPS traffic and deny incoming SSH traffic from a specific source IP 192.168.1.100. Which two commands should be run? (Choose two.)

10

A junior administrator is tasked with setting up SELinux contexts on a Red Hat Enterprise Linux 9 server to allow Apache HTTPD to read and write to a custom directory /var/www/customcontent. The directory already exists and contains several files. The administrator has confirmed that the httpd service is running and SELinux is in enforcing mode. After changing the context to httpd_sys_content_t using chcon, the web server can read files but cannot write to the directory. The administrator needs to fix this without disabling SELinux or changing the mode to permissive. Which of the following is the correct next step?

11

Order the steps to configure firewall rules to allow HTTP and HTTPS traffic using firewalld.

12

Match each networking term to its definition.

13

A sysadmin wants to allow user 'alice' to run all commands as root via sudo. Which line should be added to /etc/sudoers?

14

After configuring sudo, a user reports: 'sudo: unable to open /etc/sudoers: Permission denied'. The admin checks the file permissions and sees '-rw-r-----' owned by root:root. What is the most likely cause?

15

A server uses firewalld with the default zone set to 'drop'. SSH is allowed only for the 192.168.1.0/24 subnet via a rich rule in the 'internal' zone. After a reboot, SSH connections from that subnet are refused. What is the most likely cause?

16

Which command sets the password maximum age for user 'bob' to 30 days?

17

An administrator wants newly created files to be readable and writable only by the owner, and readable by group and others. Which umask value should be set?

18

A user reports that SSH key-based authentication fails, but password authentication works. The admin checks /etc/ssh/sshd_config: PubkeyAuthentication yes, PasswordAuthentication no (contrary to the report). Which is the most likely reason key-based auth fails?

19

Which file contains the hashed passwords for local user accounts?

20

A file has been assigned an incorrect SELinux context, preventing a service from accessing it. Which command restores the default SELinux context for that file?

21

An administrator needs to grant user 'dev' the ability to execute /usr/local/bin/deploy.sh as root without a password, but no other commands. Which sudoers entry accomplishes this?

22

Refer to the exhibit. What is the primary security concern with this sudo configuration?

23

Refer to the exhibit. A CGI script located at /var/www/cgi-bin/test.cgi fails to execute. What is the most likely cause?

24

Refer to the exhibit. An administrator wants to add the HTTP service (port 80) to the internal zone permanently. Which sequence of commands should be used?

25

Which TWO statements about the /etc/shadow file are true? (Select exactly two.)

26

Which THREE commands are used to manage SELinux file security contexts? (Select exactly three.)

27

Which TWO methods are considered best practices for securing SSH access to a server? (Select exactly two.)

28

A system administrator needs to allow members of the 'developers' group to run any command as root without being prompted for a password. Which sudoers configuration line should be added?

29

A web server is running in enforcing mode with SELinux, but Apache cannot read content in a custom directory /web. The directory has been labeled correctly with httpd_sys_content_t. However, access is still denied. What is the most likely cause?

30

A company requires that SSH access from the external network (10.0.1.0/24) only be allowed to port 2222, and all other incoming traffic on the firewall should be dropped. Which firewalld rule should be applied to the external zone?

31

To enforce that user passwords expire every 90 days and users are warned 7 days before expiration, which command sets these policies for user 'john'?

32

An administrator wants to allow user 'alice' to SSH into the server using key-based authentication only. Which configuration change is required?

33

Refer to the exhibit. A web server is serving content from /var/www/html. SELinux is in enforcing mode. The web client reports 'Forbidden'. What is the most likely cause?

34

To allow a user to run a specific program with root privileges without providing the root password, which configuration file should be modified?

35

Refer to the exhibit. A host in the 192.168.1.0/24 network is unable to access a web service running on this server on port 8080. What is the most likely reason?

36

An auditor requires that all failed SSH login attempts be logged to a separate file /var/log/ssh_failures. Which configuration is needed in /etc/rsyslog.conf or /etc/rsyslog.d/?

37

A security policy requires that all files in /home have the default SELinux context for user home directories. Which command recursively restores the default context?

38

Which command checks if a user's password has expired and forces a password change at next login?

39

Which two statements about SELinux modes are correct? (Choose two.)

40

Which three statements about firewalld zones are correct? (Choose three.)

41

Which three actions enhance security for user accounts on a Red Hat Enterprise Linux system? (Choose three.)

42

A company runs a web application on a Red Hat Enterprise Linux 8 server. The application is served by Apache HTTPD, and it requires read/write access to a custom directory /var/www/app_data. The SELinux context for the directory is set to httpd_sys_rw_content_t. Apache runs in enforcing mode. Recently, a new feature was added that requires Apache to connect to a database on the same server via a Unix socket. The database serves on /var/run/mysqld/mysqld.sock. After the feature deployment, the web application fails to connect to the database. The error logs show permission denied on the socket file. The socket file has permissions 660 and is owned by mysql:mysql. SELinux audit logs show AVC denials for httpd_t trying to connect to mysqld_var_run_t. Which of the following solutions should the administrator implement to allow Apache to read the database socket while maintaining security?

43

Which TWO of the following are valid methods to enforce password complexity requirements on a Red Hat Enterprise Linux 9 system?

44

A system administrator is managing a Red Hat Enterprise Linux 9 web server running Apache httpd. The server hosts a custom application that stores its files in /var/www/custom. The administrator has set ownership to apache:apache and file permissions to 755. However, when users access the web application, they receive a 'Forbidden' error. The httpd service is running, and SELinux is in enforcing mode. The administrator checks the SELinux context of the /var/www/custom directory and sees 'unconfined_u:object_r:default_t:s0'. What should the administrator do to resolve the issue without disabling SELinux?

45

A Red Hat Enterprise Linux 9 system is configured as a router between an internal network (10.0.1.0/24) and a DMZ network (10.0.2.0/24). IP forwarding is enabled, and firewalld is active. The internal interface (eth0) is assigned to the 'internal' firewall zone, and the DMZ interface (eth1) is assigned to the 'dmz' zone. The requirement is that hosts on the internal network should be able to initiate connections to hosts in the DMZ, but the DMZ should not be able to initiate connections to the internal network. The administrator finds that traffic from internal to DMZ is being blocked. The internal zone has 'masquerade' enabled, and the dmz zone has no special settings. What is the most likely cause of the blocked traffic?

46

A systems administrator needs to list all currently defined firewall rules in firewalld, including rules for all zones. Which TWO commands can be used to accomplish this? (Choose exactly two.)

47

A user reports that the Apache web server cannot serve the file /var/www/html/index.html on a RHEL 9 system when SELinux is in enforcing mode. Given the exhibit output, what is the most likely cause?

48

A systems administrator is managing a RHEL 9 server that hosts a custom web application on Apache. The application writes log files to /var/log/myapp/ and runs as the apache user. The administrator has set the directory permissions to 755 and ownership to apache:apache. SELinux is in enforcing mode. Despite these settings, the application fails to write logs. The audit log contains multiple AVC denials with the message 'avc: denied { write } for pid=1234 comm="httpd" name="myapp.log" dev="dm-0" ino=5678 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file'. The administrator has verified that the file exists and that SElinux booleans related to httpd are at their default values. Which of the following steps should the administrator take to resolve the issue while maintaining security?

Practice all 48 Manage security questions

Other EX200 exam domains

Operate running systemsConfigure local storageCreate and configure file systemsDeploy, configure, and maintain systemsManage users and groupsManage containersCreate simple shell scriptsEssential Tools

Frequently asked questions

What does the Manage security domain cover on the EX200 exam?

The Manage security domain covers the key concepts tested in this area of the EX200 exam blueprint published by Red Hat. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all EX200 domains — no account required.

How many Manage security questions are in the EX200 question bank?

The Courseiva EX200 question bank contains 48 questions in the Manage security domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice Manage security for EX200?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only Manage security questions for EX200?

Yes — the session launcher on this page draws questions exclusively from the Manage security domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your EX200 domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide

Related Exams

EX294XK0-005LFCSLPIC-1