Red Hat · Free Practice Questions · Last reviewed May 2026
54real exam-style questions organised by domain, each with the correct answer highlighted and a plain-English explanation of why it's right — and why the others are wrong.
A system administrator needs to ensure that a specific process continues to run even if it crashes. The process is started by a systemd service unit. Which approach ensures the process is automatically restarted by systemd, with a delay of 30 seconds after each crash, and does not count restarts towards the failure limit?
Restart=always, RestartSec=30, StartLimitIntervalSec=0, StartLimitBurst=0
These settings disable the restart rate limit and ensure the service restarts every 30 seconds regardless of crash behavior.
Restart=on-failure and RestartSec=30
Restart=always, RestartSec=30, StartLimitIntervalSec=0
Restart=always and RestartSec=30
Which TWO statements about systemd journal and rsyslog are correct?
rsyslog reads log messages directly from the journal files in /var/log/journal.
The command 'journalctl --list-boots' lists only the current boot's journal entries.
The command 'journalctl -u sshd.service' outputs the same as 'tail -f /var/log/messages' for SSH logs.
The journal stores logs in a structured binary format, allowing filtering by fields like _UID or _SYSTEMD_UNIT.
journald uses structured logging with various metadata fields.
The journal can forward log messages to rsyslog by setting ForwardToSyslog=yes in /etc/systemd/journald.conf.
This configuration enables forwarding from journald to syslog.
Refer to the exhibit. A security analyst reviews the journal output for sshd.service. Which of the following best describes the observed pattern of events?
The system is under a denial-of-service attack because the connections are being closed before authentication.
The SSH service is malfunctioning and dropping connections due to a configuration error.
Multiple hosts are attempting to connect to the SSH service simultaneously, causing connection errors.
The system experienced a brute-force attack on the root account originating from IP 192.168.1.100, which eventually succeeded.
The logs show multiple failed attempts followed by a successful login from the same IP.
Arrange the steps to configure a static IPv4 route in Red Hat Enterprise Linux.
Order the steps to configure a new user 'jdoe' with UID 2000, home directory /home/jdoe, and secondary group 'staff'.
Match each file system type to its description.
Want more Operate running systems practice?
Practice this domainA system administrator needs to add a new 10GB disk to an existing volume group 'vgdata' to extend logical volumes. Which of the following is the correct sequence of commands?
pvcreate /dev/sdb, vgextend vgdata /dev/sdb, lvextend
Correct order: pvcreate, vgextend, then lvextend.
vgextend vgdata /dev/sdb, pvcreate /dev/sdb, lvextend
pvcreate /dev/sdb, lvextend, vgextend vgdata /dev/sdb
lvextend, vgextend vgdata /dev/sdb, pvcreate /dev/sdb
An administrator has created a RAID 1 array using mdadm with two 1TB disks. After a disk failure, the array is in a degraded state. Which command should be used to replace the failed disk with a new one?
mdadm --add /dev/md0 /dev/sdc
mdadm --manage /dev/md0 --fail /dev/sdb --remove /dev/sdb --add /dev/sdc
Correct sequence: fail, remove, add.
mdadm --remove /dev/md0 /dev/sdb --add /dev/sdc
mdadm --replace /dev/md0 --with /dev/sdc
An administrator needs to ensure that a specific LVM logical volume is automatically mounted at boot with the 'noexec' option. Which configuration file and entry should be used?
/etc/fstab: /dev/vg/lv /mnt ext4 noexec 0 0
/etc/rc.d/rc.local: mount /dev/vg/lv /mnt -o noexec
/etc/fstab: /dev/vg/lv /mnt ext4 defaults,noexec 0 0
Correct fstab entry.
/etc/rc.local: mount -o noexec /dev/vg/lv /mnt
After creating a new partition on /dev/sdc, the administrator runs 'partprobe' to inform the kernel of the change. What is the primary purpose of partprobe?
To create a filesystem label
To repair a damaged partition table
To format the partition with a filesystem
To make the kernel re-read the partition table
Correct: partprobe updates kernel partition table.
An administrator wants to extend an XFS filesystem that resides on an LVM logical volume. The volume group has free physical extents. Which is the correct sequence?
lvextend, then xfs_growfs
Correct: extend LV, then grow filesystem.
lvextend, then resize2fs
xfs_growfs, then lvextend
resize2fs, then lvextend
A server has a software RAID 5 array /dev/md0. One of its disks fails. The administrator wants to replace it without rebooting. Which command should be used to mark the disk as failed?
mdadm --fault /dev/md0 /dev/sdb
echo faulty > /sys/block/md0/md/dev-sdb/state
mdadm --set-faulty /dev/md0 /dev/sdb
mdadm --fail /dev/md0 /dev/sdb
Correct: mdadm --manage with --fail.
Want more Configure local storage practice?
Practice this domainA system administrator needs to create a new ext4 filesystem on /dev/sdb1 and mount it persistently at /data. Which set of commands should be used?
mkfs -t ext4 /dev/sdb1 && mkdir /data && mount /dev/sdb1 /data && echo '/dev/sdb1 /data ext4 defaults 0 0' >> /etc/fstab
Complete sequence.
mkfs.ext4 /dev/sdb1 && mount /dev/sdb1 /data
mkfs -t ext4 /dev/sdb1 && echo '/dev/sdb1 /data ext4 defaults 0 0' >> /etc/fstab && mount /data
mkfs.ext4 /dev/sdb1 && mkdir /data && mount /dev/sdb1 /data && blkid /dev/sdb1 >> /etc/fstab
A file server is experiencing slow write performance. The admin suspects the filesystem is nearly full. Which command should be used to check disk usage per partition?
df -h
Shows filesystem disk space usage.
df -i
du -h --max-depth=1 /
du -sh /
A technician attempts to mount an XFS filesystem from /dev/sdc1 to /mnt/backup but receives: 'mount: /mnt/backup: mount point does not exist.' The directory /mnt/backup does exist. What is the most likely cause?
SELinux context of /mnt/backup prevents mounting.
SELinux can block mount if context is wrong.
The directory /mnt/backup is not empty.
The device /dev/sdc1 does not exist.
The filesystem on /dev/sdc1 is not XFS.
An administrator needs to add a 1GB swap partition on /dev/sdd1. Which series of commands accomplishes this?
mkswap /dev/sdd1 && echo '/dev/sdd1 swap swap defaults 0 0' >> /etc/fstab
mkfs.swap /dev/sdd1 && swapon /dev/sdd1
mkswap /dev/sdd1 && swapon /dev/sdd1
fdisk /dev/sdd, create partition, then mkswap /dev/sdd1, swapon /dev/sdd1, and add to /etc/fstab.
Correct procedure.
A filesystem is reported as 'read-only' after a system crash. The admin runs fsck and sees 'clean' status. What is the most likely reason it remains read-only?
fsck cannot fix errors on ext4 filesystems.
The filesystem is still mounted; fsck cannot fix it while mounted.
The filesystem is XFS, and fsck does not repair XFS.
fsck detected errors but did not fix them automatically.
fsck -y or manual repair needed.
A system has two 500GB disks in a RAID1 (mirror) using mdadm. One disk fails. After replacement, what is the correct procedure to restore redundancy?
Run 'mdadm --manage /dev/md0 --add /dev/sdb'
Remove the failed disk with 'mdadm /dev/md0 --fail /dev/sdb1' then add new.
Run 'mdadm --assemble --scan' to rebuild the array automatically.
Use sfdisk to copy partition table from /dev/sda to /dev/sdb, then 'mdadm --manage /dev/md0 --add /dev/sdb1'
Correct steps.
Want more Create and configure file systems practice?
Practice this domainA system administrator needs to ensure that a specific kernel module 'usb_storage' is not loaded automatically during boot on a RHEL 9 system. Which configuration file should be modified to blacklist this module?
Add 'blacklist usb_storage' to /etc/modules-load.d/usb_storage.conf
Add 'install usb_storage /bin/false' to /etc/sysconfig/modules/
Add 'blacklist usb_storage' to /etc/modprobe.d/blacklist.conf
This is the standard location for blacklisting modules.
Add 'blacklist usb_storage' to /etc/init.d/rc.local
A Red Hat Enterprise Linux 9 system has a logical volume 'lv_data' in the volume group 'vg_data' that needs to be resized from 10G to 15G. The underlying physical volumes have enough free space. Which sequence of commands correctly resizes the logical volume and the ext4 filesystem?
lvextend -L 15G /dev/vg_data/lv_data; resize2fs /dev/vg_data/lv_data
This is the correct order for ext4.
resize2fs /dev/vg_data/lv_data; lvextend -L 15G /dev/vg_data/lv_data
lvextend -L 15G /dev/vg_data/lv_data; xfs_growfs /dev/vg_data/lv_data
lvreduce -L 15G /dev/vg_data/lv_data; resize2fs /dev/vg_data/lv_data
A technician needs to configure a static IPv4 address on a RHEL 9 network interface 'enp1s0' using NetworkManager. Which command should be used to set the IP address?
nmcli connection modify enp1s0 ipv4.addresses 192.168.1.100/24
This makes a persistent change via NetworkManager.
nmtui edit enp1s0 --ipv4 192.168.1.100/24
ip addr add 192.168.1.100/24 dev enp1s0
ifconfig enp1s0 192.168.1.100 netmask 255.255.255.0
A system administrator is tasked with configuring a RHEL 9 system to automatically mount an NFS share from 192.168.1.10:/export/data on /mnt/data at boot. Which entry in /etc/fstab is correct?
192.168.1.10 /export/data /mnt/data nfs4 defaults 0 0
/mnt/data 192.168.1.10:/export/data nfs4 defaults 0 0
192.168.1.10:/export/data /mnt/data nfs4 defaults 0 0
Correct syntax for NFSv4 mount.
192.168.1.10:/export/data /mnt/data nfs defaults 0 0
A system administrator notices that a RHEL 9 server's /var/log/messages is filling up the /var partition. The administrator wants to ensure log rotation runs daily and keeps 4 weeks of logs. Which configuration file should be modified?
/etc/systemd/journald.conf
/etc/logrotate.d/syslog
This is the logrotate config for syslog files.
/etc/rsyslog.conf
/etc/cron.daily/logrotate
A user reports that they cannot log in to a RHEL 9 system. The administrator checks /etc/passwd and finds the user's shell is set to /sbin/nologin. What is the most likely cause?
The SSH service is not running.
The user account has been locked by pam_tally2.
The user's password has expired.
The user account is intentionally disabled for login.
/sbin/nologin prevents interactive login.
Want more Deploy, configure, and maintain systems practice?
Practice this domainA system administrator needs to ensure that a user named 'bob' can access a shared directory '/data' owned by group 'developers'. The directory has permissions 2775 and is owned by root:developers. Bob is a member of the 'developers' group. However, when Bob tries to create a file in '/data', it fails with 'Permission denied'. What is the most likely cause?
The directory has incorrect SELinux context
SELinux contexts can prevent access even when standard permissions allow it. The default context for /data might be different, causing denial.
Bob's umask is set to 0077
The setgid bit is not set
Bob's primary group is not developers
A company policy requires that when a user is deleted, all files owned by that user in /home should be reassigned to a 'guest' account. Which command accomplishes this?
usermod -l guest olduser
find /home -user olduser -exec chown guest {} +
This finds all files owned by olduser under /home and changes ownership to guest.
userdel -r olduser
rsync -a /home/olduser/ /home/guest/
An administrator wants to add the user 'jane' to the supplementary groups 'wheel' and 'docker' without removing her from other groups. Which command should be used?
groupmems -a jane -g wheel,docker
usermod -aG wheel,docker jane
The -aG option appends the specified groups to the user's existing supplementary groups.
usermod -a -G wheel,docker jane
usermod -G wheel,docker jane
A server has a requirement that all users in the 'finance' group must have a password aging policy that forces password change every 90 days. Which approach best achieves this for existing users?
Set PASS_MAX_DAYS 90 in /etc/login.defs
Edit /etc/shadow and change the fifth field for all users
Configure pam_pwquality.so to enforce password age
Write a script to run 'chage -M 90' for each user in the finance group
This directly sets the maximum password age for each existing user in the group.
Which TWO commands can change the primary group of an existing user?
usermod -aG
The -aG option appends the user to specified supplementary groups.
gpasswd -a
gpasswd -a adds a user to a group.
vigr
groupmems -a
useradd -G
Given the exhibit, which statement is true about the file /project/report.txt?
Any user can read report.txt
Alice can write to report.txt
Alice is a member of the staff group, which has read and write permissions on the file.
The file's group is wheel
Alice cannot write to report.txt because she is not the owner
Want more Manage users and groups practice?
Practice this domainA junior admin needs to ensure that the 'apache' user (UID 48) cannot log in via SSH or console. Which command achieves this?
usermod -s /sbin/nologin apache
Sets shell to nologin, blocking interactive login.
passwd -l apache
chage -l apache
usermod -e 1 apache
An administrator runs 'getenforce' and sees 'Enforcing'. They then run 'setenforce 0' but SELinux still denies access to a custom application. What is the most likely reason?
SELinux is in enforcing mode and the policy is misconfigured.
The application's SELinux context is incorrect and needs relabeling.
The issue is due to file permissions or ACLs, not SELinux.
In permissive mode, SELinux does not deny; thus the denial is from DAC.
The change requires a reboot to take effect.
A system administrator wants to allow user 'jdoe' to execute any command as root via sudo without being prompted for a password, but only from the host 'client1.example.com'. Which sudoers rule achieves this?
jdoe client1.example.com=(root) NOPASSWD: ALL
Correct syntax: user host_list=(runas) TAG: command.
jdoe client1.example.com=(root) ALL
jdoe ALL=(root) NOPASSWD: ALL
jdoe ALL=(root) ALL
A server's firewall is managed by firewalld. The admin adds a rule to allow HTTPS traffic to the public zone, but clients still cannot connect. What is the most likely cause?
The rule was added with --permanent but firewall-cmd --reload was not run.
Permanent rules do not affect runtime until reload.
The rule must be added as a rich rule, not a simple service.
The default zone is not set to public.
firewalld is just a wrapper for iptables, so iptables rules must be cleared.
Which TWO commands can be used to display SELinux contexts of files? (Choose two.)
stat -c %C
Displays SELinux context with %C format.
chcon -l
id -Z
ls -Z
Shows SELinux context of files.
getenforce
Which THREE factors determine whether a local user can SSH into a Red Hat Enterprise Linux 9 system? (Choose three.)
The /etc/nologin file exists.
The user has sudo privileges.
The user's shell is listed in /etc/shells.
sshd checks if shell is valid; non-shell like /sbin/nologin prevents login.
The user's ~/.ssh/authorized_keys file exists and has correct permissions.
Required for public key authentication.
The /etc/ssh/sshd_config file allows password or key authentication.
Configuration directives control allowed methods.
Want more Manage security practice?
Practice this domainA developer reports that a container running a custom web application is failing to start on a Red Hat Enterprise Linux 8 host. The container image is built from a Dockerfile that uses 'EXPOSE 8080'. The host firewall is enabled. Which action is most likely required to allow external access to the application?
Start the container with the '-p 8080:8080' option to publish the port.
Publishing the container port with '-p' makes it accessible through the host.
Open port 8080 in the host firewall using firewall-cmd.
Disable the host firewall to allow all incoming traffic.
Ensure the container image includes an EXPOSE instruction for port 8080.
An administrator needs to ensure that a container always runs with a specific SELinux context for security reasons. The container uses a volume mount from the host. Which command should be used to start the container?
podman run --label selinux_context=container_t -v /host/data:/data myimage
podman run --privileged -v /host/data:/data myimage
podman run --selinux-context container_t -v /host/data:/data myimage
podman run --security-opt label=type:container_t -v /host/data:/data myimage
'--security-opt label=type:container_t' correctly sets the SELinux context for the container.
A system administrator wants to run a container that uses the rootless mode available in Podman. Which requirement must be met for rootless containers to work correctly?
The container must be run with the '--privileged' flag.
The user must have entries in /etc/subuid and /etc/subgid for user namespace mapping.
Subuid/subgid mappings are required for rootless containers to allocate UIDs/GIDs.
The system must have cgroups v2 enabled.
The user must have root privileges to run the container.
A container running a database service needs to persist data across restarts. The administrator decides to use a named volume. Which command creates a named volume and mounts it correctly?
podman run -v /var/lib/mysql:/var/lib/mysql mydb
podman volume create dbdata && podman run -v dbdata:/var/lib/mysql mydb
Creates a named volume and mounts it correctly.
podman run --mount type=bind,src=dbdata,dst=/var/lib/mysql mydb
podman run --mount type=tmpfs,dst=/var/lib/mysql mydb
Which TWO statements are true regarding container images and containers in Podman?
A container can only be created from an image that is stored locally.
A container is a running or stopped instance of an image with a writable layer.
Correct: containers have a writable layer on top of the image.
A container image is a read-only template used to create containers.
Correct: images are read-only.
When a container is stopped, its writable layer is automatically removed.
A container image must be built using a Dockerfile.
Which THREE actions are required to enable a non-root user to run containers using Podman on Red Hat Enterprise Linux 8?
Ensure the user has a running systemd user instance (loginctl enable-linger).
Enables systemd --user for managing containers.
Configure subordinate UID and GID ranges for the user in /etc/subuid and /etc/subgid.
Required for user namespace mapping.
Add the user to the 'docker' group to access the Docker socket.
Enable user namespaces in the kernel if not already enabled.
User namespaces are typically enabled, but must be checked.
Grant the user sudo privileges to run podman commands.
Want more Manage containers practice?
Practice this domainA system administrator needs to create a shell script that checks if the user 'jdoe' exists in the system and, if not, creates the user with a home directory. The script should also verify that the creation was successful. Which of the following script snippets correctly implements this logic?
if grep -q '^jdoe:' /etc/passwd; then echo 'Exists'; else useradd 'jdoe' && echo 'Created'; fi
if id 'jdoe' &>/dev/null; then echo 'Exists'; else useradd -m 'jdoe' && echo 'Created' || echo 'Failed'; fi
Correctly checks existence, creates with home dir, and verifies.
if ! id 'jdoe' &>/dev/null; then useradd -m 'jdoe'; else echo 'Exists'; fi
[ -z $(id 'jdoe' 2>/dev/null) ] && useradd -m 'jdoe' && echo 'Created'
A developer wrote a shell script that is intended to back up log files by copying all .log files from /var/log/myapp to /backup/logs. The script runs daily via cron but the backup folder is empty. The script contains the following line: `cp /var/log/myapp/*.log /backup/logs/`. What is the most likely reason the backup fails?
The PATH variable in cron is not set, so cp cannot be found.
The script does not have execute permission for the user running cron.
No .log files exist in /var/log/myapp at the time of script execution, causing the glob to match nothing.
If no files match, cp receives the literal '*' and fails silently if no error handling.
The cron job is not enabled because the crontab syntax is incorrect.
Which THREE of the following practices are recommended when creating simple shell scripts in a Red Hat Enterprise Linux environment to ensure reliability, security, and maintainability?
Use #!/bin/sh for compatibility, even if bash-specific features are needed.
Quote variables when used in commands, e.g., "$file" instead of $file.
Prevents unintended word splitting and pathname expansion.
Start the script with a shebang line, e.g., #!/bin/bash.
Specifies the interpreter explicitly.
Include set -e at the beginning of the script to exit on any error.
Improves reliability by stopping on failures.
Always run scripts by invoking the interpreter directly (e.g., bash script.sh) instead of making them executable.
Refer to the exhibit. A junior admin runs this script as root, but it always prints 'httpd is running' even when httpd is stopped. What is the most likely cause?
The script is not executable and is run with `sh script.sh`, causing the shebang to be ignored.
The variable SERVICE is misspelled as "HTTPD" in the condition.
The `systemctl` command requires root privileges, and the script is run as a non-root user.
The script uses the test command `[` instead of directly using the command as the condition, causing the condition to always be true.
`[ systemctl ... ]` always evaluates to true because it tests the string.
You are a system administrator for a medium-sized company running Red Hat Enterprise Linux 8 on all servers. The development team has created a shell script that is supposed to be run nightly via cron to synchronize configuration files from a master server to multiple web servers. The script is located at /opt/scripts/sync_configs.sh and is owned by root. It uses rsync over SSH with key-based authentication. The script works perfectly when run manually by root, but when it runs via cron, the synchronization fails with the error 'Host key verification failed.' The script does not explicitly specify any SSH options. The cron job is configured in /etc/crontab as: `0 2 * * * root /opt/scripts/sync_configs.sh`. The SSH keys are stored in /root/.ssh/id_rsa and the known_hosts file contains the correct host key for the master server. What is the most likely cause of the failure, and what is the best course of action to resolve it?
The PATH variable in cron does not include /usr/bin/rsync. Add a full path to rsync in the script or set PATH in the crontab.
The script does not have execute permission for the root user. Run `chmod +x /opt/scripts/sync_configs.sh`.
The known_hosts file in /root/.ssh/ contains an incorrect host key for the master server. Remove the entry and reconnect manually to update it.
The cron environment lacks the SSH agent or the key is not loaded. Modify the script to use `ssh -i /root/.ssh/id_rsa -o StrictHostKeyChecking=no` or add a line to load the key via `ssh-add`.
Cron does not have access to the SSH agent; explicitly specifying the private key and disabling strict host key checking (or adding the host key to known_hosts via script) resolves the issue.
Which TWO of the following are true about creating simple shell scripts in Red Hat Enterprise Linux?
The shebang line (e.g., #!/bin/bash) is used to specify the interpreter.
The shebang line tells the system which interpreter to use.
Scripts must be stored in /usr/local/bin to be found by the shell.
The script file must have execute permission (chmod +x) to be run directly.
Execute permission is necessary to run the script as a command.
A script must be compiled before it can be run.
A script must have a .sh file extension to be executable.
Want more Create simple shell scripts practice?
Practice this domainA system administrator needs to find all files in /var/log that have been modified in the last 2 hours. Which command should be used?
find /var/log -mmin -120
Correctly finds files modified in the last 120 minutes.
find /var/log -amin -120
find /var/log -mtime -0.08
find /var/log -cmin -120
A user complains that the 'ls' command no longer outputs colors. The administrator suspects a change in environment variables. Which command would help diagnose the issue?
set
declare
env
Lists environment variables including LS_COLORS.
alias
During a security audit, an administrator needs to list all TCP ports on which the system is listening, showing only the port numbers and the associated process names. Which command best achieves this?
netstat -tulpn
nmap -sT localhost
sudo ss -tlnp
Modern tool; shows listening TCP ports with process info.
lsof -i TCP:1-65535
A new Linux administrator needs to read the manual page for the 'ls' command but also wants to search for the word 'color' within the manual. Which command accomplishes this?
man -k color
man ls and then type /color
Within man, / searches for the string.
man ls | grep color
man color
An administrator needs to terminate a hung process with PID 3456 that does not respond to 'kill -15 3456'. Which signal should be used next?
kill -9 3456
Forceful kill; cannot be caught.
kill -15 3456
kill -19 3456
kill -1 3456
A backup script uses tar to create an archive, but the administrator wants to exclude the /tmp directory from the backup. Which tar option should be added?
--exclude=/tmp
Excludes the /tmp directory.
--ignore-failed-read
--exclude-from=/tmp
-X /tmp
Want more Essential Tools practice?
Practice this domainThe EX200 exam is performance-based — there are no multiple-choice questions. It is a hands-on lab exam completed within 180 minutes. You complete practical tasks in a live or simulated environment. Courseiva practice questions cover the underlying concepts.
Hands-on Linux administration tasks completed in a live RHEL environment.
The exam covers 9 domains: Operate running systems, Configure local storage, Create and configure file systems, Deploy, configure, and maintain systems, Manage users and groups, Manage security, Manage containers, Create simple shell scripts, Essential Tools. Questions are weighted by domain — higher-weight domains appear more on your actual exam.
No. These are original exam-style practice questions written against the official Red Hat EX200 exam objectives. They are not copied from the real exam. Courseiva focuses on genuine understanding, not memorisation of braindumps.
Courseiva tracks your accuracy per domain and routes you toward weak areas automatically. Free, no account required.