Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsEX200Exam Questions

Red Hat · Free Practice Questions · Last reviewed May 2026

EX200 Exam Questions and Answers

54real exam-style questions organised by domain, each with the correct answer highlighted and a plain-English explanation of why it's right — and why the others are wrong.

180 min time limit
9 exam domains
OverviewDomain BlueprintStudy GuideAll QuestionsSample by Domain
1. Operate running systems2. Configure local storage3. Create and configure file systems4. Deploy, configure, and maintain systems5. Manage users and groups6. Manage security7. Manage containers8. Create simple shell scripts9. Essential Tools
1

Domain 1: Operate running systems

All Operate running systems questions
Q1
hardFull explanation →

A system administrator needs to ensure that a specific process continues to run even if it crashes. The process is started by a systemd service unit. Which approach ensures the process is automatically restarted by systemd, with a delay of 30 seconds after each crash, and does not count restarts towards the failure limit?

A

Restart=always, RestartSec=30, StartLimitIntervalSec=0, StartLimitBurst=0

These settings disable the restart rate limit and ensure the service restarts every 30 seconds regardless of crash behavior.

B

Restart=on-failure and RestartSec=30

C

Restart=always, RestartSec=30, StartLimitIntervalSec=0

D

Restart=always and RestartSec=30

Why: Option A is correct because it combines `Restart=always` to restart the process unconditionally, `RestartSec=30` to introduce a 30-second delay between restarts, and `StartLimitIntervalSec=0` with `StartLimitBurst=0` to disable the start rate limiting entirely. This ensures the service restarts indefinitely after each crash without ever being considered as having failed, which matches the requirement exactly.
Q2
mediumFull explanation →

Which TWO statements about systemd journal and rsyslog are correct?

A

rsyslog reads log messages directly from the journal files in /var/log/journal.

B

The command 'journalctl --list-boots' lists only the current boot's journal entries.

C

The command 'journalctl -u sshd.service' outputs the same as 'tail -f /var/log/messages' for SSH logs.

D

The journal stores logs in a structured binary format, allowing filtering by fields like _UID or _SYSTEMD_UNIT.

journald uses structured logging with various metadata fields.

E

The journal can forward log messages to rsyslog by setting ForwardToSyslog=yes in /etc/systemd/journald.conf.

This configuration enables forwarding from journald to syslog.

Why: Option D is correct because the systemd journal stores log data in a structured binary format (using the journald protocol), which allows filtering by specific fields such as _UID, _SYSTEMD_UNIT, or _COMM. This enables precise queries via journalctl, unlike plain-text log files.
Q3
easyFull explanation →

Refer to the exhibit. A security analyst reviews the journal output for sshd.service. Which of the following best describes the observed pattern of events?

A

The system is under a denial-of-service attack because the connections are being closed before authentication.

B

The SSH service is malfunctioning and dropping connections due to a configuration error.

C

Multiple hosts are attempting to connect to the SSH service simultaneously, causing connection errors.

D

The system experienced a brute-force attack on the root account originating from IP 192.168.1.100, which eventually succeeded.

The logs show multiple failed attempts followed by a successful login from the same IP.

Why: The journal output shows repeated failed authentication attempts for the root user from IP 192.168.1.100, followed by a successful login. This pattern is characteristic of a brute-force attack where an attacker tries many passwords until one works. The final 'Accepted password for root' line confirms the attack succeeded, making D correct.
Q4
mediumFull explanation →

Arrange the steps to configure a static IPv4 route in Red Hat Enterprise Linux.

Why: Static routes in RHEL are configured in interface configuration files by specifying GATEWAY and NETMASK, then restarting the network service.
Q5
mediumFull explanation →

Order the steps to configure a new user 'jdoe' with UID 2000, home directory /home/jdoe, and secondary group 'staff'.

Why: User creation involves optional group creation, useradd with options, password, and verification.
Q6
mediumFull explanation →

Match each file system type to its description.

Why: These are common file systems used in RHEL systems.

Want more Operate running systems practice?

Practice this domain
2

Domain 2: Configure local storage

All Configure local storage questions
Q1
easyFull explanation →

A system administrator needs to add a new 10GB disk to an existing volume group 'vgdata' to extend logical volumes. Which of the following is the correct sequence of commands?

A

pvcreate /dev/sdb, vgextend vgdata /dev/sdb, lvextend

Correct order: pvcreate, vgextend, then lvextend.

B

vgextend vgdata /dev/sdb, pvcreate /dev/sdb, lvextend

C

pvcreate /dev/sdb, lvextend, vgextend vgdata /dev/sdb

D

lvextend, vgextend vgdata /dev/sdb, pvcreate /dev/sdb

Why: Option A is correct because the proper sequence to add a new disk to an existing volume group is: first create a physical volume with `pvcreate /dev/sdb`, then extend the volume group with `vgextend vgdata /dev/sdb`, and finally extend the logical volume with `lvextend`. This order ensures the disk is initialized as a PV before it can be added to the VG, and the VG must have the new PV before the LV can be extended.
Q2
mediumFull explanation →

An administrator has created a RAID 1 array using mdadm with two 1TB disks. After a disk failure, the array is in a degraded state. Which command should be used to replace the failed disk with a new one?

A

mdadm --add /dev/md0 /dev/sdc

B

mdadm --manage /dev/md0 --fail /dev/sdb --remove /dev/sdb --add /dev/sdc

Correct sequence: fail, remove, add.

C

mdadm --remove /dev/md0 /dev/sdb --add /dev/sdc

D

mdadm --replace /dev/md0 --with /dev/sdc

Why: Option B is correct because it uses the `--manage` subcommand to first mark the failed disk (`/dev/sdb`) as failed with `--fail`, then remove it with `--remove`, and finally add the replacement disk (`/dev/sdc`) with `--add`. This is the proper sequence in mdadm to replace a failed disk in a RAID 1 array while the array is degraded.
Q3
hardFull explanation →

An administrator needs to ensure that a specific LVM logical volume is automatically mounted at boot with the 'noexec' option. Which configuration file and entry should be used?

A

/etc/fstab: /dev/vg/lv /mnt ext4 noexec 0 0

B

/etc/rc.d/rc.local: mount /dev/vg/lv /mnt -o noexec

C

/etc/fstab: /dev/vg/lv /mnt ext4 defaults,noexec 0 0

Correct fstab entry.

D

/etc/rc.local: mount -o noexec /dev/vg/lv /mnt

Why: Option C is correct because /etc/fstab is the standard configuration file for defining filesystem mount points and options that are applied automatically at boot. The entry specifies the logical volume device, mount point, filesystem type, and mount options including 'noexec' to prevent execution of binaries on that filesystem. The 'defaults' keyword ensures standard mount behavior is applied before the 'noexec' option overrides the exec permission.
Q4
easyFull explanation →

After creating a new partition on /dev/sdc, the administrator runs 'partprobe' to inform the kernel of the change. What is the primary purpose of partprobe?

A

To create a filesystem label

B

To repair a damaged partition table

C

To format the partition with a filesystem

D

To make the kernel re-read the partition table

Correct: partprobe updates kernel partition table.

Why: The `partprobe` command is used to inform the operating system kernel of changes to the partition table without requiring a system reboot. After creating a new partition on `/dev/sdc`, running `partprobe` makes the kernel re-read the partition table from the disk, ensuring the new partition is recognized and accessible. This is essential for the kernel to update its in-memory representation of the disk's partitions.
Q5
mediumFull explanation →

An administrator wants to extend an XFS filesystem that resides on an LVM logical volume. The volume group has free physical extents. Which is the correct sequence?

A

lvextend, then xfs_growfs

Correct: extend LV, then grow filesystem.

B

lvextend, then resize2fs

C

xfs_growfs, then lvextend

D

resize2fs, then lvextend

Why: To extend an XFS filesystem on an LVM logical volume, you must first extend the logical volume with `lvextend` to allocate additional physical extents from the volume group, then grow the XFS filesystem to use the new space with `xfs_growfs`. XFS does not support online shrinking and requires the filesystem to be mounted for `xfs_growfs` to work. This sequence ensures the block device has sufficient capacity before the filesystem is expanded.
Q6
hardFull explanation →

A server has a software RAID 5 array /dev/md0. One of its disks fails. The administrator wants to replace it without rebooting. Which command should be used to mark the disk as failed?

A

mdadm --fault /dev/md0 /dev/sdb

B

echo faulty > /sys/block/md0/md/dev-sdb/state

C

mdadm --set-faulty /dev/md0 /dev/sdb

D

mdadm --fail /dev/md0 /dev/sdb

Correct: mdadm --manage with --fail.

Why: The correct command to mark a disk as failed in a software RAID array without rebooting is `mdadm --fail /dev/md0 /dev/sdb`. This command tells the md driver to mark the specified disk as faulty, which triggers the RAID 5 array to degrade and allows the failed disk to be removed and replaced while the system remains online.

Want more Configure local storage practice?

Practice this domain
3

Domain 3: Create and configure file systems

All Create and configure file systems questions
Q1
easyFull explanation →

A system administrator needs to create a new ext4 filesystem on /dev/sdb1 and mount it persistently at /data. Which set of commands should be used?

A

mkfs -t ext4 /dev/sdb1 && mkdir /data && mount /dev/sdb1 /data && echo '/dev/sdb1 /data ext4 defaults 0 0' >> /etc/fstab

Complete sequence.

B

mkfs.ext4 /dev/sdb1 && mount /dev/sdb1 /data

C

mkfs -t ext4 /dev/sdb1 && echo '/dev/sdb1 /data ext4 defaults 0 0' >> /etc/fstab && mount /data

D

mkfs.ext4 /dev/sdb1 && mkdir /data && mount /dev/sdb1 /data && blkid /dev/sdb1 >> /etc/fstab

Why: Option A is correct because it creates the ext4 filesystem with `mkfs -t ext4 /dev/sdb1`, creates the mount point directory with `mkdir /data`, mounts the filesystem immediately with `mount /dev/sdb1 /data`, and then adds an entry to `/etc/fstab` using the correct format (device, mount point, filesystem type, options, dump, pass) to ensure the mount persists across reboots. The `&&` operator ensures each command only runs if the previous one succeeds, which is a safe practice for scripting this task.
Q2
mediumFull explanation →

A file server is experiencing slow write performance. The admin suspects the filesystem is nearly full. Which command should be used to check disk usage per partition?

A

df -h

Shows filesystem disk space usage.

B

df -i

C

du -h --max-depth=1 /

D

du -sh /

Why: The `df -h` command displays disk space usage for all mounted filesystems in human-readable format (e.g., GB, MB). This directly answers the admin's need to check per-partition usage and identify if a filesystem is nearly full, which can cause slow write performance due to lack of free space.
Q3
hardFull explanation →

A technician attempts to mount an XFS filesystem from /dev/sdc1 to /mnt/backup but receives: 'mount: /mnt/backup: mount point does not exist.' The directory /mnt/backup does exist. What is the most likely cause?

A

SELinux context of /mnt/backup prevents mounting.

SELinux can block mount if context is wrong.

B

The directory /mnt/backup is not empty.

C

The device /dev/sdc1 does not exist.

D

The filesystem on /dev/sdc1 is not XFS.

Why: The error message 'mount: /mnt/backup: mount point does not exist' is misleading because the directory does exist. The most likely cause is that SELinux is blocking the mount due to a missing or incorrect context on the mount point. SELinux requires the mount point directory to have a specific context (e.g., `default_t` or a context matching the filesystem type) for the mount to succeed; if the context is wrong or missing, the kernel may treat the directory as nonexistent for the mount operation.
Q4
easyFull explanation →

An administrator needs to add a 1GB swap partition on /dev/sdd1. Which series of commands accomplishes this?

A

mkswap /dev/sdd1 && echo '/dev/sdd1 swap swap defaults 0 0' >> /etc/fstab

B

mkfs.swap /dev/sdd1 && swapon /dev/sdd1

C

mkswap /dev/sdd1 && swapon /dev/sdd1

D

fdisk /dev/sdd, create partition, then mkswap /dev/sdd1, swapon /dev/sdd1, and add to /etc/fstab.

Correct procedure.

Why: Option D is correct because it includes all necessary steps: first create the partition with fdisk (since /dev/sdd1 does not exist yet), then format it as swap with mkswap, activate it with swapon, and finally add an entry to /etc/fstab to ensure persistence across reboots. The other options omit the critical partition creation step or fail to make the swap permanent.
Q5
mediumFull explanation →

A filesystem is reported as 'read-only' after a system crash. The admin runs fsck and sees 'clean' status. What is the most likely reason it remains read-only?

A

fsck cannot fix errors on ext4 filesystems.

B

The filesystem is still mounted; fsck cannot fix it while mounted.

C

The filesystem is XFS, and fsck does not repair XFS.

D

fsck detected errors but did not fix them automatically.

fsck -y or manual repair needed.

Why: Option D is correct because when fsck reports a filesystem as 'clean' but the system still shows it as read-only, it typically means fsck detected errors during the check but did not automatically repair them. By default, fsck runs in non-interactive mode on boot and may require the '-y' flag or manual intervention to apply fixes. The 'clean' status can be misleading if the journal indicates no corruption, but underlying metadata inconsistencies remain unaddressed.
Q6
hardFull explanation →

A system has two 500GB disks in a RAID1 (mirror) using mdadm. One disk fails. After replacement, what is the correct procedure to restore redundancy?

A

Run 'mdadm --manage /dev/md0 --add /dev/sdb'

B

Remove the failed disk with 'mdadm /dev/md0 --fail /dev/sdb1' then add new.

C

Run 'mdadm --assemble --scan' to rebuild the array automatically.

D

Use sfdisk to copy partition table from /dev/sda to /dev/sdb, then 'mdadm --manage /dev/md0 --add /dev/sdb1'

Correct steps.

Why: Option D is correct because when replacing a failed disk in a RAID1 array managed by mdadm, the new disk must have a partition table that matches the surviving disk. Using sfdisk to copy the partition table from /dev/sda to /dev/sdb ensures that the partition layout (e.g., partition type 0xFD for Linux RAID autodetect) is identical, which is required before adding the partition (e.g., /dev/sdb1) to the array with mdadm --manage --add. Simply adding the raw disk without a proper partition table would fail because mdadm expects a partition with the correct RAID superblock and partition type.

Want more Create and configure file systems practice?

Practice this domain
4

Domain 4: Deploy, configure, and maintain systems

All Deploy, configure, and maintain systems questions
Q1
mediumFull explanation →

A system administrator needs to ensure that a specific kernel module 'usb_storage' is not loaded automatically during boot on a RHEL 9 system. Which configuration file should be modified to blacklist this module?

A

Add 'blacklist usb_storage' to /etc/modules-load.d/usb_storage.conf

B

Add 'install usb_storage /bin/false' to /etc/sysconfig/modules/

C

Add 'blacklist usb_storage' to /etc/modprobe.d/blacklist.conf

This is the standard location for blacklisting modules.

D

Add 'blacklist usb_storage' to /etc/init.d/rc.local

Why: Option C is correct because on RHEL 9, the recommended way to prevent a kernel module from loading automatically is to add a 'blacklist' directive in a file under /etc/modprobe.d/. The file /etc/modprobe.d/blacklist.conf is a conventional location for such blacklist entries. When modprobe processes this file, it will ignore the specified module during boot and when loading modules manually, effectively preventing usb_storage from being loaded.
Q2
hardFull explanation →

A Red Hat Enterprise Linux 9 system has a logical volume 'lv_data' in the volume group 'vg_data' that needs to be resized from 10G to 15G. The underlying physical volumes have enough free space. Which sequence of commands correctly resizes the logical volume and the ext4 filesystem?

A

lvextend -L 15G /dev/vg_data/lv_data; resize2fs /dev/vg_data/lv_data

This is the correct order for ext4.

B

resize2fs /dev/vg_data/lv_data; lvextend -L 15G /dev/vg_data/lv_data

C

lvextend -L 15G /dev/vg_data/lv_data; xfs_growfs /dev/vg_data/lv_data

D

lvreduce -L 15G /dev/vg_data/lv_data; resize2fs /dev/vg_data/lv_data

Why: Option A is correct because to resize an ext4 filesystem on a logical volume, you must first extend the logical volume with `lvextend -L 15G /dev/vg_data/lv_data` to allocate the additional 5G from the volume group, then use `resize2fs /dev/vg_data/lv_data` to grow the filesystem to fill the enlarged block device. This order ensures the underlying block device has sufficient capacity before the filesystem resize operation.
Q3
easyFull explanation →

A technician needs to configure a static IPv4 address on a RHEL 9 network interface 'enp1s0' using NetworkManager. Which command should be used to set the IP address?

A

nmcli connection modify enp1s0 ipv4.addresses 192.168.1.100/24

This makes a persistent change via NetworkManager.

B

nmtui edit enp1s0 --ipv4 192.168.1.100/24

C

ip addr add 192.168.1.100/24 dev enp1s0

D

ifconfig enp1s0 192.168.1.100 netmask 255.255.255.0

Why: Option A is correct because `nmcli connection modify enp1s0 ipv4.addresses 192.168.1.100/24` is the proper NetworkManager command to set a static IPv4 address on a RHEL 9 interface. This command modifies the connection profile for 'enp1s0' by setting the `ipv4.addresses` property to the specified address and prefix length, which is the standard method for persistent static IP configuration via NetworkManager.
Q4
mediumFull explanation →

A system administrator is tasked with configuring a RHEL 9 system to automatically mount an NFS share from 192.168.1.10:/export/data on /mnt/data at boot. Which entry in /etc/fstab is correct?

A

192.168.1.10 /export/data /mnt/data nfs4 defaults 0 0

B

/mnt/data 192.168.1.10:/export/data nfs4 defaults 0 0

C

192.168.1.10:/export/data /mnt/data nfs4 defaults 0 0

Correct syntax for NFSv4 mount.

D

192.168.1.10:/export/data /mnt/data nfs defaults 0 0

Why: Option C is correct because the /etc/fstab entry for an NFS mount requires the remote server and export path in the format server:/export, followed by the local mount point, the filesystem type (nfs4 for NFSv4), mount options, dump flag, and fsck order. This matches the standard NFS fstab syntax for automatic mounting at boot.
Q5
hardFull explanation →

A system administrator notices that a RHEL 9 server's /var/log/messages is filling up the /var partition. The administrator wants to ensure log rotation runs daily and keeps 4 weeks of logs. Which configuration file should be modified?

A

/etc/systemd/journald.conf

B

/etc/logrotate.d/syslog

This is the logrotate config for syslog files.

C

/etc/rsyslog.conf

D

/etc/cron.daily/logrotate

Why: Option B is correct because /etc/logrotate.d/syslog is the configuration file that controls log rotation for system log files such as /var/log/messages. By modifying this file, the administrator can set the rotation frequency to daily and specify the number of weeks (e.g., rotate 28 for 4 weeks) to retain logs, directly addressing the requirement.
Q6
easyFull explanation →

A user reports that they cannot log in to a RHEL 9 system. The administrator checks /etc/passwd and finds the user's shell is set to /sbin/nologin. What is the most likely cause?

A

The SSH service is not running.

B

The user account has been locked by pam_tally2.

C

The user's password has expired.

D

The user account is intentionally disabled for login.

/sbin/nologin prevents interactive login.

Why: The /sbin/nologin shell is a valid shell entry that, when set as a user's login shell, prevents interactive login by immediately exiting with a message that the account is not available. This is a standard method for disabling login for system accounts (e.g., daemon, bin) or intentionally disabling a user account while keeping the account and its files intact. Option D correctly identifies that the user account is intentionally disabled for login.

Want more Deploy, configure, and maintain systems practice?

Practice this domain
5

Domain 5: Manage users and groups

All Manage users and groups questions
Q1
hardFull explanation →

A system administrator needs to ensure that a user named 'bob' can access a shared directory '/data' owned by group 'developers'. The directory has permissions 2775 and is owned by root:developers. Bob is a member of the 'developers' group. However, when Bob tries to create a file in '/data', it fails with 'Permission denied'. What is the most likely cause?

A

The directory has incorrect SELinux context

SELinux contexts can prevent access even when standard permissions allow it. The default context for /data might be different, causing denial.

B

Bob's umask is set to 0077

C

The setgid bit is not set

D

Bob's primary group is not developers

Why: The directory '/data' has permissions 2775, which grants read, write, and execute to the group 'developers'. Bob is a member of 'developers', so standard Unix permissions should allow him to create files. However, the failure with 'Permission denied' despite correct group membership and permissions strongly indicates that SELinux is enforcing a policy that denies Bob write access. The most likely cause is that the directory lacks the correct SELinux context (e.g., `default_t` instead of a type like `public_content_rw_t` or a context that allows write operations).
Q2
mediumFull explanation →

A company policy requires that when a user is deleted, all files owned by that user in /home should be reassigned to a 'guest' account. Which command accomplishes this?

A

usermod -l guest olduser

B

find /home -user olduser -exec chown guest {} +

This finds all files owned by olduser under /home and changes ownership to guest.

C

userdel -r olduser

D

rsync -a /home/olduser/ /home/guest/

Why: Option B uses `find` to locate all files owned by `olduser` under `/home` and then executes `chown guest` on them, which reassigns ownership to the `guest` account. This directly satisfies the policy requirement without affecting the user account itself or copying files.
Q3
easyFull explanation →

An administrator wants to add the user 'jane' to the supplementary groups 'wheel' and 'docker' without removing her from other groups. Which command should be used?

A

groupmems -a jane -g wheel,docker

B

usermod -aG wheel,docker jane

The -aG option appends the specified groups to the user's existing supplementary groups.

C

usermod -a -G wheel,docker jane

D

usermod -G wheel,docker jane

Why: Option B is correct because the `usermod -aG` command appends the user 'jane' to the supplementary groups 'wheel' and 'docker' without removing her from any existing supplementary groups. The `-a` (append) flag must be used with `-G` to avoid overwriting the current group membership list, which is the default behavior of `-G` alone.
Q4
hardFull explanation →

A server has a requirement that all users in the 'finance' group must have a password aging policy that forces password change every 90 days. Which approach best achieves this for existing users?

A

Set PASS_MAX_DAYS 90 in /etc/login.defs

B

Edit /etc/shadow and change the fifth field for all users

C

Configure pam_pwquality.so to enforce password age

D

Write a script to run 'chage -M 90' for each user in the finance group

This directly sets the maximum password age for each existing user in the group.

Why: Option D is correct because `chage -M 90` sets the maximum password age for a specific user, and by scripting it to apply to all members of the 'finance' group, you directly enforce the 90-day policy on existing users. This approach works regardless of the default settings in `/etc/login.defs`, which only affect new users, and avoids the manual and error-prone editing of `/etc/shadow`.
Q5
mediumFull explanation →

Which TWO commands can change the primary group of an existing user?

A

usermod -aG

The -aG option appends the user to specified supplementary groups.

B

gpasswd -a

gpasswd -a adds a user to a group.

C

vigr

D

groupmems -a

E

useradd -G

Why: The `usermod -g` command (not `-aG`, which adds supplementary groups) changes the primary group of an existing user. The `gpasswd -a` command adds a user to a group, but it does not change the primary group; it only affects supplementary group membership. Therefore, neither option A nor B is correct for changing the primary group. The correct commands are `usermod -g` (to set the primary group) and `usermod -G` (to set supplementary groups, but not the primary).
Q6
mediumFull explanation →

Given the exhibit, which statement is true about the file /project/report.txt?

A

Any user can read report.txt

B

Alice can write to report.txt

Alice is a member of the staff group, which has read and write permissions on the file.

C

The file's group is wheel

D

Alice cannot write to report.txt because she is not the owner

Why: The exhibit shows that the file /project/report.txt has permissions -rw-rw-r--, owner alice, and group project. Alice is the owner, so she has the owner permissions (rw-), which include write access. Therefore, option B is correct because Alice can write to the file.

Want more Manage users and groups practice?

Practice this domain
6

Domain 6: Manage security

All Manage security questions
Q1
easyFull explanation →

A junior admin needs to ensure that the 'apache' user (UID 48) cannot log in via SSH or console. Which command achieves this?

A

usermod -s /sbin/nologin apache

Sets shell to nologin, blocking interactive login.

B

passwd -l apache

C

chage -l apache

D

usermod -e 1 apache

Why: Option A is correct because setting the user's login shell to `/sbin/nologin` prevents the user from obtaining an interactive shell via SSH or console login. When the user attempts to log in, the system executes `/sbin/nologin`, which prints a polite message and exits immediately, effectively denying shell access while leaving other services (e.g., Apache) functional.
Q2
mediumFull explanation →

An administrator runs 'getenforce' and sees 'Enforcing'. They then run 'setenforce 0' but SELinux still denies access to a custom application. What is the most likely reason?

A

SELinux is in enforcing mode and the policy is misconfigured.

B

The application's SELinux context is incorrect and needs relabeling.

C

The issue is due to file permissions or ACLs, not SELinux.

In permissive mode, SELinux does not deny; thus the denial is from DAC.

D

The change requires a reboot to take effect.

Why: Option C is correct because `setenforce 0` switches SELinux to permissive mode, which logs but does not enforce denials. If access is still denied after this command, the issue is not caused by SELinux enforcement but by traditional Linux file permissions (DAC) or ACLs. The administrator should check `ls -l` and `getfacl` to verify the file's ownership and permissions.
Q3
hardFull explanation →

A system administrator wants to allow user 'jdoe' to execute any command as root via sudo without being prompted for a password, but only from the host 'client1.example.com'. Which sudoers rule achieves this?

A

jdoe client1.example.com=(root) NOPASSWD: ALL

Correct syntax: user host_list=(runas) TAG: command.

B

jdoe client1.example.com=(root) ALL

C

jdoe ALL=(root) NOPASSWD: ALL

D

jdoe ALL=(root) ALL

Why: Option A is correct because the sudoers rule 'jdoe client1.example.com=(root) NOPASSWD: ALL' specifies the user 'jdoe', the host 'client1.example.com' as the source host from which the command is run, the target user '(root)', the NOPASSWD tag to skip password authentication, and the command 'ALL' to allow any command. This matches the requirement exactly: passwordless root access restricted to a specific client host.
Q4
mediumFull explanation →

A server's firewall is managed by firewalld. The admin adds a rule to allow HTTPS traffic to the public zone, but clients still cannot connect. What is the most likely cause?

A

The rule was added with --permanent but firewall-cmd --reload was not run.

Permanent rules do not affect runtime until reload.

B

The rule must be added as a rich rule, not a simple service.

C

The default zone is not set to public.

D

firewalld is just a wrapper for iptables, so iptables rules must be cleared.

Why: Option A is correct because when a rule is added with the `--permanent` flag in firewalld, it is written to the configuration files but not applied to the runtime firewall. Until `firewall-cmd --reload` is executed, the runtime configuration remains unchanged, so the new rule allowing HTTPS traffic is not active. Clients cannot connect because the firewall is still blocking HTTPS based on the old runtime rules.
Q5
easyFull explanation →

Which TWO commands can be used to display SELinux contexts of files? (Choose two.)

A

stat -c %C

Displays SELinux context with %C format.

B

chcon -l

C

id -Z

D

ls -Z

Shows SELinux context of files.

E

getenforce

Why: The `stat -c %C` command displays the SELinux security context of a file by using the `%C` format specifier, which outputs the security context string. The `ls -Z` command also shows SELinux contexts for files in a directory listing, with the `-Z` flag specifically requesting security context information. Both commands are standard tools for viewing SELinux labels on files.
Q6
hardFull explanation →

Which THREE factors determine whether a local user can SSH into a Red Hat Enterprise Linux 9 system? (Choose three.)

A

The /etc/nologin file exists.

B

The user has sudo privileges.

C

The user's shell is listed in /etc/shells.

sshd checks if shell is valid; non-shell like /sbin/nologin prevents login.

D

The user's ~/.ssh/authorized_keys file exists and has correct permissions.

Required for public key authentication.

E

The /etc/ssh/sshd_config file allows password or key authentication.

Configuration directives control allowed methods.

Why: Option C is correct because SSHd validates that the user's login shell is listed in /etc/shells before allowing authentication. If the shell is not present in /etc/shells (e.g., /sbin/nologin or a custom script), SSHd will deny the connection, even if the user has valid credentials. This check is controlled by the 'AllowUsers' and 'DenyUsers' directives but is a fundamental security measure to prevent users with non-standard shells from gaining interactive access.

Want more Manage security practice?

Practice this domain
7

Domain 7: Manage containers

All Manage containers questions
Q1
mediumFull explanation →

A developer reports that a container running a custom web application is failing to start on a Red Hat Enterprise Linux 8 host. The container image is built from a Dockerfile that uses 'EXPOSE 8080'. The host firewall is enabled. Which action is most likely required to allow external access to the application?

A

Start the container with the '-p 8080:8080' option to publish the port.

Publishing the container port with '-p' makes it accessible through the host.

B

Open port 8080 in the host firewall using firewall-cmd.

C

Disable the host firewall to allow all incoming traffic.

D

Ensure the container image includes an EXPOSE instruction for port 8080.

Why: The container image's EXPOSE 8080 instruction is metadata that documents the intended port but does not actually publish it. To make the container's port 8080 accessible from the host's network, you must use the '-p 8080:8080' option when starting the container with 'podman run' or 'docker run'. This creates a port mapping from the host's port 8080 to the container's port 8080, allowing external traffic to reach the application.
Q2
hardFull explanation →

An administrator needs to ensure that a container always runs with a specific SELinux context for security reasons. The container uses a volume mount from the host. Which command should be used to start the container?

A

podman run --label selinux_context=container_t -v /host/data:/data myimage

B

podman run --privileged -v /host/data:/data myimage

C

podman run --selinux-context container_t -v /host/data:/data myimage

D

podman run --security-opt label=type:container_t -v /host/data:/data myimage

'--security-opt label=type:container_t' correctly sets the SELinux context for the container.

Why: Option D is correct because `--security-opt label=type:container_t` explicitly sets the SELinux type for the container process to `container_t`, ensuring the container runs with the required SELinux context. This is the proper way to assign a specific SELinux type when using `podman run`, especially when volume mounts are involved, as it avoids permission conflicts with the host's SELinux policy.
Q3
easyFull explanation →

A system administrator wants to run a container that uses the rootless mode available in Podman. Which requirement must be met for rootless containers to work correctly?

A

The container must be run with the '--privileged' flag.

B

The user must have entries in /etc/subuid and /etc/subgid for user namespace mapping.

Subuid/subgid mappings are required for rootless containers to allocate UIDs/GIDs.

C

The system must have cgroups v2 enabled.

D

The user must have root privileges to run the container.

Why: Rootless Podman containers require user namespace mapping to assign subordinate UIDs and GIDs from the host to the container. Without entries in /etc/subuid and /etc/subgid for the user, Podman cannot allocate the necessary ID ranges, and the container will fail to run in rootless mode.
Q4
hardFull explanation →

A container running a database service needs to persist data across restarts. The administrator decides to use a named volume. Which command creates a named volume and mounts it correctly?

A

podman run -v /var/lib/mysql:/var/lib/mysql mydb

B

podman volume create dbdata && podman run -v dbdata:/var/lib/mysql mydb

Creates a named volume and mounts it correctly.

C

podman run --mount type=bind,src=dbdata,dst=/var/lib/mysql mydb

D

podman run --mount type=tmpfs,dst=/var/lib/mysql mydb

Why: Option B is correct because it first creates a named volume with `podman volume create dbdata`, then mounts that named volume to the container's `/var/lib/mysql` directory using the `-v` flag. Named volumes are managed by Podman and persist data independently of the container lifecycle, ensuring data survives container restarts or removal.
Q5
mediumFull explanation →

Which TWO statements are true regarding container images and containers in Podman?

A

A container can only be created from an image that is stored locally.

B

A container is a running or stopped instance of an image with a writable layer.

Correct: containers have a writable layer on top of the image.

C

A container image is a read-only template used to create containers.

Correct: images are read-only.

D

When a container is stopped, its writable layer is automatically removed.

E

A container image must be built using a Dockerfile.

Why: Option B is correct because a container in Podman is an instantiation of an image that adds a writable layer on top of the image's read-only layers. This writable layer persists changes made during the container's runtime, even after the container is stopped, unless explicitly removed.
Q6
hardFull explanation →

Which THREE actions are required to enable a non-root user to run containers using Podman on Red Hat Enterprise Linux 8?

A

Ensure the user has a running systemd user instance (loginctl enable-linger).

Enables systemd --user for managing containers.

B

Configure subordinate UID and GID ranges for the user in /etc/subuid and /etc/subgid.

Required for user namespace mapping.

C

Add the user to the 'docker' group to access the Docker socket.

D

Enable user namespaces in the kernel if not already enabled.

User namespaces are typically enabled, but must be checked.

E

Grant the user sudo privileges to run podman commands.

Why: Option A is correct because `loginctl enable-linger` ensures that the user's systemd user instance starts at boot and remains running after the user logs out. This is required for Podman to manage containers using systemd user services, such as auto-starting containers with `podman generate systemd`.

Want more Manage containers practice?

Practice this domain
8

Domain 8: Create simple shell scripts

All Create simple shell scripts questions
Q1
mediumFull explanation →

A system administrator needs to create a shell script that checks if the user 'jdoe' exists in the system and, if not, creates the user with a home directory. The script should also verify that the creation was successful. Which of the following script snippets correctly implements this logic?

A

if grep -q '^jdoe:' /etc/passwd; then echo 'Exists'; else useradd 'jdoe' && echo 'Created'; fi

B

if id 'jdoe' &>/dev/null; then echo 'Exists'; else useradd -m 'jdoe' && echo 'Created' || echo 'Failed'; fi

Correctly checks existence, creates with home dir, and verifies.

C

if ! id 'jdoe' &>/dev/null; then useradd -m 'jdoe'; else echo 'Exists'; fi

D

[ -z $(id 'jdoe' 2>/dev/null) ] && useradd -m 'jdoe' && echo 'Created'

Why: Option B is correct because it uses `id` to check for the user's existence (redirecting output to /dev/null to suppress messages), then uses `useradd -m` to create the user with a home directory. The `&&` and `||` operators ensure that success or failure of the creation is explicitly reported, fulfilling the requirement to verify successful creation.
Q2
easyFull explanation →

A developer wrote a shell script that is intended to back up log files by copying all .log files from /var/log/myapp to /backup/logs. The script runs daily via cron but the backup folder is empty. The script contains the following line: `cp /var/log/myapp/*.log /backup/logs/`. What is the most likely reason the backup fails?

A

The PATH variable in cron is not set, so cp cannot be found.

B

The script does not have execute permission for the user running cron.

C

No .log files exist in /var/log/myapp at the time of script execution, causing the glob to match nothing.

If no files match, cp receives the literal '*' and fails silently if no error handling.

D

The cron job is not enabled because the crontab syntax is incorrect.

Why: Option C is correct because the glob pattern `*.log` in the `cp` command is expanded by the shell at the time the script runs. If no `.log` files exist in `/var/log/myapp` when the cron job executes, the shell passes the literal string `*.log` to `cp`, which then fails with a 'No such file or directory' error (or, depending on shell settings, may silently do nothing). This is a common issue when log rotation or cleanup removes files before the backup runs.
Q3
hardFull explanation →

Which THREE of the following practices are recommended when creating simple shell scripts in a Red Hat Enterprise Linux environment to ensure reliability, security, and maintainability?

A

Use #!/bin/sh for compatibility, even if bash-specific features are needed.

B

Quote variables when used in commands, e.g., "$file" instead of $file.

Prevents unintended word splitting and pathname expansion.

C

Start the script with a shebang line, e.g., #!/bin/bash.

Specifies the interpreter explicitly.

D

Include set -e at the beginning of the script to exit on any error.

Improves reliability by stopping on failures.

E

Always run scripts by invoking the interpreter directly (e.g., bash script.sh) instead of making them executable.

Why: Option B is correct because quoting variables (e.g., "$file") prevents word splitting and glob expansion, which can cause commands to operate on unexpected arguments or filenames with spaces. This is a fundamental shell scripting best practice that directly improves reliability and security by preserving the intended value of the variable.
Q4
mediumFull explanation →

Refer to the exhibit. A junior admin runs this script as root, but it always prints 'httpd is running' even when httpd is stopped. What is the most likely cause?

A

The script is not executable and is run with `sh script.sh`, causing the shebang to be ignored.

B

The variable SERVICE is misspelled as "HTTPD" in the condition.

C

The `systemctl` command requires root privileges, and the script is run as a non-root user.

D

The script uses the test command `[` instead of directly using the command as the condition, causing the condition to always be true.

`[ systemctl ... ]` always evaluates to true because it tests the string.

Why: Option D is correct because when a command is used as a condition inside `[ ]`, the `test` builtin evaluates the exit status of the command inside the brackets, not the command itself. In this script, `[ systemctl is-active httpd ]` always returns true (exit code 0) because `[` treats the string "systemctl" as a non-empty string, which is always true. The correct syntax is to use the command directly as the condition: `if systemctl is-active httpd; then`.
Q5
hardFull explanation →

You are a system administrator for a medium-sized company running Red Hat Enterprise Linux 8 on all servers. The development team has created a shell script that is supposed to be run nightly via cron to synchronize configuration files from a master server to multiple web servers. The script is located at /opt/scripts/sync_configs.sh and is owned by root. It uses rsync over SSH with key-based authentication. The script works perfectly when run manually by root, but when it runs via cron, the synchronization fails with the error 'Host key verification failed.' The script does not explicitly specify any SSH options. The cron job is configured in /etc/crontab as: `0 2 * * * root /opt/scripts/sync_configs.sh`. The SSH keys are stored in /root/.ssh/id_rsa and the known_hosts file contains the correct host key for the master server. What is the most likely cause of the failure, and what is the best course of action to resolve it?

A

The PATH variable in cron does not include /usr/bin/rsync. Add a full path to rsync in the script or set PATH in the crontab.

B

The script does not have execute permission for the root user. Run `chmod +x /opt/scripts/sync_configs.sh`.

C

The known_hosts file in /root/.ssh/ contains an incorrect host key for the master server. Remove the entry and reconnect manually to update it.

D

The cron environment lacks the SSH agent or the key is not loaded. Modify the script to use `ssh -i /root/.ssh/id_rsa -o StrictHostKeyChecking=no` or add a line to load the key via `ssh-add`.

Cron does not have access to the SSH agent; explicitly specifying the private key and disabling strict host key checking (or adding the host key to known_hosts via script) resolves the issue.

Why: D is correct because cron runs in a minimal environment that does not automatically load the SSH agent or add keys to it. When the script runs manually as root, the SSH agent is typically running and the key is loaded, but cron does not have access to the agent's socket. The error 'Host key verification failed' is misleading; the actual issue is that SSH cannot authenticate because the private key is not available to the agent, not that the host key is unknown. Adding `ssh -i /root/.ssh/id_rsa` explicitly specifies the key file, bypassing the need for an agent, or using `ssh-add` in the script loads the key into an agent for the cron session.
Q6
easyFull explanation →

Which TWO of the following are true about creating simple shell scripts in Red Hat Enterprise Linux?

A

The shebang line (e.g., #!/bin/bash) is used to specify the interpreter.

The shebang line tells the system which interpreter to use.

B

Scripts must be stored in /usr/local/bin to be found by the shell.

C

The script file must have execute permission (chmod +x) to be run directly.

Execute permission is necessary to run the script as a command.

D

A script must be compiled before it can be run.

E

A script must have a .sh file extension to be executable.

Why: Option A is correct because the shebang line (e.g., #!/bin/bash) tells the kernel which interpreter to use when executing the script. Without it, the shell may fall back to the default interpreter (often /bin/sh) or fail to run the script correctly. This is a fundamental requirement for any interpreted script in Linux.

Want more Create simple shell scripts practice?

Practice this domain
9

Domain 9: Essential Tools

All Essential Tools questions
Q1
easyFull explanation →

A system administrator needs to find all files in /var/log that have been modified in the last 2 hours. Which command should be used?

A

find /var/log -mmin -120

Correctly finds files modified in the last 120 minutes.

B

find /var/log -amin -120

C

find /var/log -mtime -0.08

D

find /var/log -cmin -120

Why: Option A is correct because the `find` command with `-mmin -120` searches for files whose data was modified (changed content) within the last 120 minutes. This directly matches the requirement to find files modified in the last 2 hours in /var/log.
Q2
mediumFull explanation →

A user complains that the 'ls' command no longer outputs colors. The administrator suspects a change in environment variables. Which command would help diagnose the issue?

A

set

B

declare

C

env

Lists environment variables including LS_COLORS.

D

alias

Why: Option C is correct because the `env` command displays all current environment variables, which directly affect the behavior of commands like `ls`. The `ls` command uses the `LS_COLORS` environment variable to determine color output; if this variable is missing or altered, colors will not appear. Running `env` allows the administrator to inspect the current environment and identify if `LS_COLORS` has been changed or unset.
Q3
hardFull explanation →

During a security audit, an administrator needs to list all TCP ports on which the system is listening, showing only the port numbers and the associated process names. Which command best achieves this?

A

netstat -tulpn

B

nmap -sT localhost

C

sudo ss -tlnp

Modern tool; shows listening TCP ports with process info.

D

lsof -i TCP:1-65535

Why: Option C is correct because `sudo ss -tlnp` lists TCP listening sockets with numeric port numbers and process names. The `-t` flag filters for TCP, `-l` shows only listening sockets, `-n` displays numeric addresses/ports (avoiding DNS resolution), and `-p` reveals the process name. This command requires root privileges to see process information, hence `sudo`.
Q4
easyFull explanation →

A new Linux administrator needs to read the manual page for the 'ls' command but also wants to search for the word 'color' within the manual. Which command accomplishes this?

A

man -k color

B

man ls and then type /color

Within man, / searches for the string.

C

man ls | grep color

D

man color

Why: Option B is correct because the man command opens the manual page for 'ls', and typing '/color' within the pager (usually less) performs an interactive forward search for the string 'color'. This allows the administrator to read the manual and search for the term in one session.
Q5
mediumFull explanation →

An administrator needs to terminate a hung process with PID 3456 that does not respond to 'kill -15 3456'. Which signal should be used next?

A

kill -9 3456

Forceful kill; cannot be caught.

B

kill -15 3456

C

kill -19 3456

D

kill -1 3456

Why: Option A is correct because kill -9 (SIGKILL) is the signal of last resort for a process that does not respond to SIGTERM (kill -15). SIGKILL cannot be caught, blocked, or ignored by the process; it forces immediate termination by the kernel. Since the process is hung and unresponsive to SIGTERM, SIGKILL is the appropriate next step.
Q6
hardFull explanation →

A backup script uses tar to create an archive, but the administrator wants to exclude the /tmp directory from the backup. Which tar option should be added?

A

--exclude=/tmp

Excludes the /tmp directory.

B

--ignore-failed-read

C

--exclude-from=/tmp

D

-X /tmp

Why: Option A is correct because the `--exclude=PATTERN` option in tar tells the command to skip files or directories matching the given pattern. By specifying `--exclude=/tmp`, the tar archive will omit the /tmp directory and all its contents, which is exactly what the administrator needs for the backup script.

Want more Essential Tools practice?

Practice this domain

Frequently asked questions

How many questions are on the EX200 exam?

The EX200 exam is performance-based — there are no multiple-choice questions. It is a hands-on lab exam completed within 180 minutes. You complete practical tasks in a live or simulated environment. Courseiva practice questions cover the underlying concepts.

What types of questions appear on the EX200 exam?

Hands-on Linux administration tasks completed in a live RHEL environment.

How are EX200 questions organised by domain?

The exam covers 9 domains: Operate running systems, Configure local storage, Create and configure file systems, Deploy, configure, and maintain systems, Manage users and groups, Manage security, Manage containers, Create simple shell scripts, Essential Tools. Questions are weighted by domain — higher-weight domains appear more on your actual exam.

Are these the actual EX200 exam questions?

No. These are original exam-style practice questions written against the official Red Hat EX200 exam objectives. They are not copied from the real exam. Courseiva focuses on genuine understanding, not memorisation of braindumps.

Ready to practice EX200?

Courseiva tracks your accuracy per domain and routes you toward weak areas automatically. Free, no account required.

Browse all EX200 questionsTake a timed practice test