Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Manage security practice sets

EX200 Manage security • Complete Question Bank

EX200 Manage security — All Questions With Answers

Complete EX200 Manage security question bank — all 0 questions with answers and detailed explanations.

48
Questions
Free
No signup
Certifications/EX200/Practice Test/Manage security/All Questions
Question 1easymultiple choice
Read the full Manage security explanation →

A junior admin needs to ensure that the 'apache' user (UID 48) cannot log in via SSH or console. Which command achieves this?

Question 2mediummultiple choice
Read the full Manage security explanation →

An administrator runs 'getenforce' and sees 'Enforcing'. They then run 'setenforce 0' but SELinux still denies access to a custom application. What is the most likely reason?

Question 3hardmultiple choice
Read the full Manage security explanation →

A system administrator wants to allow user 'jdoe' to execute any command as root via sudo without being prompted for a password, but only from the host 'client1.example.com'. Which sudoers rule achieves this?

Question 4mediummultiple choice
Read the full Manage security explanation →

A server's firewall is managed by firewalld. The admin adds a rule to allow HTTPS traffic to the public zone, but clients still cannot connect. What is the most likely cause?

Question 5easymulti select
Read the full Manage security explanation →

Which TWO commands can be used to display SELinux contexts of files? (Choose two.)

Question 6hardmulti select
Read the full Manage security explanation →

Which THREE factors determine whether a local user can SSH into a Red Hat Enterprise Linux 9 system? (Choose three.)

Question 7hardmultiple choice
Read the full Manage security explanation →

Refer to the exhibit. A web server (httpd) is unable to serve files from a user's home directory. What is the most appropriate single command to resolve the issue?

Exhibit

Refer to the exhibit.

```
# ausearch -m avc -ts recent
----
time->Thu Mar 14 10:15:22 2024
type=AVC msg=audit(1710418522.123:456): avc:  denied  { read } for  pid=1234 comm="httpd" name="index.html" dev=sda1 ino=5678 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file
```
Question 8mediummultiple choice
Read the full Manage security explanation →

You are the system administrator for a small company. A developer, Alice, needs to restart the web server (httpd.service) on server 'web1.example.com' without being prompted for a password. She should also be able to run any command as root on that server, but only from the server itself (not remotely). Currently, Alice can SSH into the server using her SSH key, but when she runs 'sudo systemctl restart httpd', she is prompted for her password. You have verified that Alice is in the 'wheel' group. The sudoers file currently has the line '%wheel ALL=(ALL) ALL'. You want to modify sudoers to satisfy the requirement with minimal privilege. Which action should you take?

Question 9mediummulti select
Read the full Manage security explanation →

A system administrator needs to configure a firewall using firewalld to allow incoming HTTPS traffic and deny incoming SSH traffic from a specific source IP 192.168.1.100. Which two commands should be run? (Choose two.)

Question 10easymultiple choice
Read the full Manage security explanation →

A junior administrator is tasked with setting up SELinux contexts on a Red Hat Enterprise Linux 9 server to allow Apache HTTPD to read and write to a custom directory /var/www/customcontent. The directory already exists and contains several files. The administrator has confirmed that the httpd service is running and SELinux is in enforcing mode. After changing the context to httpd_sys_content_t using chcon, the web server can read files but cannot write to the directory. The administrator needs to fix this without disabling SELinux or changing the mode to permissive. Which of the following is the correct next step?

Question 11mediumdrag order
Read the full Manage security explanation →

Order the steps to configure firewall rules to allow HTTP and HTTPS traffic using firewalld.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 12mediummatching
Read the full Manage security explanation →

Match each networking term to its definition.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Automatically assigns IP addresses to hosts

Resolves hostnames to IP addresses

Translates private IPs to public IPs

Combines multiple network interfaces for redundancy or throughput

Question 13easymultiple choice
Read the full Manage security explanation →

A sysadmin wants to allow user 'alice' to run all commands as root via sudo. Which line should be added to /etc/sudoers?

Question 14mediummultiple choice
Read the full Manage security explanation →

After configuring sudo, a user reports: 'sudo: unable to open /etc/sudoers: Permission denied'. The admin checks the file permissions and sees '-rw-r-----' owned by root:root. What is the most likely cause?

Question 15hardmultiple choice
Review the full subnetting walkthrough →

A server uses firewalld with the default zone set to 'drop'. SSH is allowed only for the 192.168.1.0/24 subnet via a rich rule in the 'internal' zone. After a reboot, SSH connections from that subnet are refused. What is the most likely cause?

Question 16easymultiple choice
Read the full Manage security explanation →

Which command sets the password maximum age for user 'bob' to 30 days?

Question 17mediummultiple choice
Read the full Manage security explanation →

An administrator wants newly created files to be readable and writable only by the owner, and readable by group and others. Which umask value should be set?

Question 18hardmultiple choice
Read the full Manage security explanation →

A user reports that SSH key-based authentication fails, but password authentication works. The admin checks /etc/ssh/sshd_config: PubkeyAuthentication yes, PasswordAuthentication no (contrary to the report). Which is the most likely reason key-based auth fails?

Question 19easymultiple choice
Read the full Manage security explanation →

Which file contains the hashed passwords for local user accounts?

Question 20mediummultiple choice
Read the full Manage security explanation →

A file has been assigned an incorrect SELinux context, preventing a service from accessing it. Which command restores the default SELinux context for that file?

Question 21hardmultiple choice
Read the full Manage security explanation →

An administrator needs to grant user 'dev' the ability to execute /usr/local/bin/deploy.sh as root without a password, but no other commands. Which sudoers entry accomplishes this?

Question 22mediummultiple choice
Read the full Manage security explanation →

Refer to the exhibit. What is the primary security concern with this sudo configuration?

Exhibit

User jane may run the following commands on this host:
    (ALL) NOPASSWD: /usr/bin/less
Question 23hardmultiple choice
Read the full Manage security explanation →

Refer to the exhibit. A CGI script located at /var/www/cgi-bin/test.cgi fails to execute. What is the most likely cause?

Exhibit

$ ls -Z /var/www/cgi-bin/test.cgi
system_u:object_r:httpd_sys_content_t:s0
Question 24mediummultiple choice
Read the full Manage security explanation →

Refer to the exhibit. An administrator wants to add the HTTP service (port 80) to the internal zone permanently. Which sequence of commands should be used?

Network Topology
$ sudo firewall-cmdlist-allzone=internalinternal (active)target: defaultinterfaces: eth0services: ssh dhcpv6-clientports:protocols:masquerade: noforward-ports:source-ports:icmp-blocks:rich rules:
Question 25easymulti select
Read the full Manage security explanation →

Which TWO statements about the /etc/shadow file are true? (Select exactly two.)

Question 26mediummulti select
Read the full Manage security explanation →

Which THREE commands are used to manage SELinux file security contexts? (Select exactly three.)

Question 27hardmulti select
Read the full Manage security explanation →

Which TWO methods are considered best practices for securing SSH access to a server? (Select exactly two.)

Question 28easymultiple choice
Read the full Manage security explanation →

A system administrator needs to allow members of the 'developers' group to run any command as root without being prompted for a password. Which sudoers configuration line should be added?

Question 29mediummultiple choice
Read the full Manage security explanation →

A web server is running in enforcing mode with SELinux, but Apache cannot read content in a custom directory /web. The directory has been labeled correctly with httpd_sys_content_t. However, access is still denied. What is the most likely cause?

Question 30hardmultiple choice
Read the full Manage security explanation →

A company requires that SSH access from the external network (10.0.1.0/24) only be allowed to port 2222, and all other incoming traffic on the firewall should be dropped. Which firewalld rule should be applied to the external zone?

Question 31easymultiple choice
Read the full Manage security explanation →

To enforce that user passwords expire every 90 days and users are warned 7 days before expiration, which command sets these policies for user 'john'?

Question 32mediummultiple choice
Read the full Manage security explanation →

An administrator wants to allow user 'alice' to SSH into the server using key-based authentication only. Which configuration change is required?

Question 33hardmultiple choice
Read the full Manage security explanation →

Refer to the exhibit. A web server is serving content from /var/www/html. SELinux is in enforcing mode. The web client reports 'Forbidden'. What is the most likely cause?

Network Topology
-rw-rrls -Z /var/www/html/index.html output:
Question 34easymultiple choice
Read the full Manage security explanation →

To allow a user to run a specific program with root privileges without providing the root password, which configuration file should be modified?

Question 35mediummultiple choice
Read the full Manage security explanation →

Refer to the exhibit. A host in the 192.168.1.0/24 network is unable to access a web service running on this server on port 8080. What is the most likely reason?

Network Topology
firewall-cmdzone=internallist-all output:internal (active)target: defaulticmp-block-inversion: nointerfaces: eth1sources:services: dhcpv6-client sshports:protocols:masquerade: noforward-ports:source-ports:icmp-blocks:rich rules:
Question 36hardmultiple choice
Read the full network assurance explanation →

An auditor requires that all failed SSH login attempts be logged to a separate file /var/log/ssh_failures. Which configuration is needed in /etc/rsyslog.conf or /etc/rsyslog.d/?

Question 37easymultiple choice
Read the full Manage security explanation →

A security policy requires that all files in /home have the default SELinux context for user home directories. Which command recursively restores the default context?

Question 38mediummultiple choice
Read the full Manage security explanation →

Which command checks if a user's password has expired and forces a password change at next login?

Question 39easymulti select
Read the full Manage security explanation →

Which two statements about SELinux modes are correct? (Choose two.)

Question 40mediummulti select
Read the full Manage security explanation →

Which three statements about firewalld zones are correct? (Choose three.)

Question 41hardmulti select
Read the full Manage security explanation →

Which three actions enhance security for user accounts on a Red Hat Enterprise Linux system? (Choose three.)

Question 42hardmultiple choice
Read the full Manage security explanation →

A company runs a web application on a Red Hat Enterprise Linux 8 server. The application is served by Apache HTTPD, and it requires read/write access to a custom directory /var/www/app_data. The SELinux context for the directory is set to httpd_sys_rw_content_t. Apache runs in enforcing mode. Recently, a new feature was added that requires Apache to connect to a database on the same server via a Unix socket. The database serves on /var/run/mysqld/mysqld.sock. After the feature deployment, the web application fails to connect to the database. The error logs show permission denied on the socket file. The socket file has permissions 660 and is owned by mysql:mysql. SELinux audit logs show AVC denials for httpd_t trying to connect to mysqld_var_run_t. Which of the following solutions should the administrator implement to allow Apache to read the database socket while maintaining security?

Question 43easymulti select
Read the full Manage security explanation →

Which TWO of the following are valid methods to enforce password complexity requirements on a Red Hat Enterprise Linux 9 system?

Question 44mediummultiple choice
Read the full Manage security explanation →

A system administrator is managing a Red Hat Enterprise Linux 9 web server running Apache httpd. The server hosts a custom application that stores its files in /var/www/custom. The administrator has set ownership to apache:apache and file permissions to 755. However, when users access the web application, they receive a 'Forbidden' error. The httpd service is running, and SELinux is in enforcing mode. The administrator checks the SELinux context of the /var/www/custom directory and sees 'unconfined_u:object_r:default_t:s0'. What should the administrator do to resolve the issue without disabling SELinux?

Question 45hardmultiple choice
Review the full routing breakdown →

A Red Hat Enterprise Linux 9 system is configured as a router between an internal network (10.0.1.0/24) and a DMZ network (10.0.2.0/24). IP forwarding is enabled, and firewalld is active. The internal interface (eth0) is assigned to the 'internal' firewall zone, and the DMZ interface (eth1) is assigned to the 'dmz' zone. The requirement is that hosts on the internal network should be able to initiate connections to hosts in the DMZ, but the DMZ should not be able to initiate connections to the internal network. The administrator finds that traffic from internal to DMZ is being blocked. The internal zone has 'masquerade' enabled, and the dmz zone has no special settings. What is the most likely cause of the blocked traffic?

Question 46easymulti select
Read the full Manage security explanation →

A systems administrator needs to list all currently defined firewall rules in firewalld, including rules for all zones. Which TWO commands can be used to accomplish this? (Choose exactly two.)

Question 47mediummultiple choice
Read the full Manage security explanation →

A user reports that the Apache web server cannot serve the file /var/www/html/index.html on a RHEL 9 system when SELinux is in enforcing mode. Given the exhibit output, what is the most likely cause?

Network Topology
-rw-rrRefer to the exhibit.# ls -lZ /var/www/html/index.html
Question 48hardmultiple choice
Read the full Manage security explanation →

A systems administrator is managing a RHEL 9 server that hosts a custom web application on Apache. The application writes log files to /var/log/myapp/ and runs as the apache user. The administrator has set the directory permissions to 755 and ownership to apache:apache. SELinux is in enforcing mode. Despite these settings, the application fails to write logs. The audit log contains multiple AVC denials with the message 'avc: denied { write } for pid=1234 comm="httpd" name="myapp.log" dev="dm-0" ino=5678 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file'. The administrator has verified that the file exists and that SElinux booleans related to httpd are at their default values. Which of the following steps should the administrator take to resolve the issue while maintaining security?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

EX200 Practice Test 1 — 10 Questions→EX200 Practice Test 2 — 10 Questions→EX200 Practice Test 3 — 10 Questions→EX200 Practice Test 4 — 10 Questions→EX200 Practice Test 5 — 10 Questions→EX200 Practice Exam 1 — 20 Questions→EX200 Practice Exam 2 — 20 Questions→EX200 Practice Exam 3 — 20 Questions→EX200 Practice Exam 4 — 20 Questions→Free EX200 Practice Test 1 — 30 Questions→Free EX200 Practice Test 2 — 30 Questions→Free EX200 Practice Test 3 — 30 Questions→EX200 Practice Questions 1 — 50 Questions→EX200 Practice Questions 2 — 50 Questions→EX200 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Operate running systemsConfigure local storageCreate and configure file systemsDeploy, configure, and maintain systemsManage users and groupsManage securityManage containersCreate simple shell scriptsEssential Tools

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Manage security setsAll Manage security questionsEX200 Practice Hub