CompTIA Linux+ XK0-005 (XK0-005) — Questions 826900

981 questions total · 14pages · All types, answers revealed

Page 11

Page 12 of 14

Page 13
826
MCQhard

An application is being denied access to a file due to SELinux. Which command can be used to temporarily set the SELinux context of the file to match the expected type for the application?

A.chcon -t httpd_sys_content_t /var/www/html/index.html
B.setenforce 0
C.restorecon -v /var/www/html/index.html
D.semanage fcontext -a -t httpd_sys_content_t /var/www/html
AnswerA

Changes SELinux context to the specified type.

Why this answer

Option A is correct because the `chcon` command is used to temporarily change the SELinux context of a file without modifying the SELinux policy. By specifying `-t httpd_sys_content_t`, the file's type is set to the expected type for Apache (httpd) to access it, resolving the denial immediately. This change is not persistent across file system relabeling, making it ideal for temporary troubleshooting.

Exam trap

The trap here is that candidates confuse `chcon` (temporary, immediate change) with `restorecon` (reverts to policy default) or `semanage fcontext` (persistent policy rule that requires an extra step to apply), leading them to pick an option that either disables SELinux or does not immediately fix the file context.

How to eliminate wrong answers

Option B is wrong because `setenforce 0` disables SELinux entirely (sets it to permissive mode), which is a drastic measure that bypasses all SELinux protections rather than fixing the specific file context issue. Option C is wrong because `restorecon -v` restores the file's SELinux context to the default policy-defined type, which would only help if the current context is incorrect and the default matches the expected type; it does not set a custom type like `httpd_sys_content_t`. Option D is wrong because `semanage fcontext -a -t httpd_sys_content_t /var/www/html` adds a persistent rule to the SELinux policy for the file, but it does not immediately apply the context to the file; a subsequent `restorecon` or `touch` is required to activate the change, so it is not a temporary fix.

827
Multi-Selectmedium

A Linux administrator needs to configure sudo access for members of the 'wheel' group to run any command. Which two steps are required? (Choose TWO.)

Select 2 answers
A.Uncomment the line '%wheel ALL=(ALL) ALL' in /etc/sudoers using visudo
B.Set the setuid bit on /usr/bin/sudo
C.Run 'sudo visudo -c' to check syntax
D.Add users to the 'wheel' group using usermod -aG wheel username
E.Edit /etc/ssh/sshd_config to allow wheel group
AnswersA, D

Grants sudo access to wheel group members.

Why this answer

Option A is correct because the line '%wheel ALL=(ALL) ALL' in /etc/sudoers grants all members of the 'wheel' group permission to execute any command as any user. This line must be uncommented using visudo, which locks the file to prevent concurrent edits and performs syntax validation before saving. Option D is correct because users must be added to the 'wheel' group using 'usermod -aG wheel username' for the sudoers rule to apply to them.

Exam trap

The trap here is that candidates confuse the setuid bit on sudo (which is already set) with a configuration step, or think that editing SSH config or running syntax checks alone grants sudo access, when in fact both the sudoers rule and group membership are required.

828
MCQmedium

A system administrator wants to monitor changes to the /etc/passwd file using auditd. Which auditctl command sets up a watch on this file?

A.ausearch -f /etc/passwd
B.auditctl -a always,exit -F path=/etc/passwd -F perm=wa
C.aureport -f /etc/passwd
D.auditctl -w /etc/passwd -p rwxa
AnswerB

Correct: -a adds a rule, always,exit, path, perm=wa (write/attr).

Why this answer

auditctl -w /etc/passwd -p wa -k passwd_watch adds a watch for write and attribute changes.

829
MCQhard

An administrator configures Docker as shown in the exhibit. After starting a container, the warning about the 'user' directive appears. What is the most likely cause?

A.The storage driver overlay2 is not compatible with the systemd cgroup driver.
B.The cgroup driver configured in daemon.json does not match the actual driver in use.
C.The container is running with reduced privileges, and nginx cannot use the 'user' directive.
D.The log driver configuration is causing nginx to log warnings.
AnswerB

The daemon.json specifies systemd, but docker info shows cgroupfs, indicating a mismatch.

Why this answer

The warning about the 'user' directive indicates a mismatch between the cgroup driver configured in Docker's daemon.json and the cgroup driver actually in use by the system (e.g., systemd vs. cgroupfs). Docker expects the configured driver to match the system's init system; when they differ, Docker emits warnings because cgroup management may behave inconsistently, affecting resource limits and container isolation.

Exam trap

CompTIA often tests the subtle distinction between a configuration mismatch warning and an actual runtime failure, leading candidates to misinterpret the warning as a functional error in nginx or storage compatibility.

How to eliminate wrong answers

Option A is wrong because overlay2 is a storage driver and has no direct compatibility issue with the systemd cgroup driver; the warning is about cgroup driver mismatch, not storage. Option C is wrong because the 'user' directive in nginx is unrelated to container privilege reduction; the warning originates from Docker's cgroup driver check, not from nginx's runtime behavior. Option D is wrong because the log driver configuration does not cause warnings about the 'user' directive; log driver settings affect log output format and destination, not cgroup driver validation.

830
MCQhard

Refer to the exhibit. The development team is using Git to manage their project. A release candidate needs to include only the changes from the `feature/update` branch, but NOT the 'Add new module' commit. Which Git command sequence should be used to create a new release branch that contains only the feature branch?

A.git checkout feature/update && git rebase 1m2n3o4
B.git checkout -b release 1m2n3o4 && git cherry-pick 4d5e6f7 8f9g0h1
C.git checkout -b release master && git revert 2j3k4l5
D.git checkout -b release feature/update && git merge --no-ff master
AnswerB

Starting from the initial commit, cherry-picking the two feature branch commits includes only those changes, excluding 'Add new module'.

Why this answer

Option B is correct because it creates a new release branch starting from the commit before the 'Add new module' commit (1m2n3o4), then cherry-picks only the two commits from the `feature/update` branch (4d5e6f7 and 8f9g0h1) that represent the desired changes. This ensures the release branch contains exactly the feature branch changes without including the unwanted 'Add new module' commit.

Exam trap

The trap here is that candidates may think `git revert` removes a commit from history, when in fact it only creates a new inverse commit, leaving the original commit present in the branch's history.

How to eliminate wrong answers

Option A is wrong because `git rebase 1m2n3o4` while on `feature/update` would replay the feature branch commits onto commit 1m2n3o4, but this would still include the 'Add new module' commit if it is part of the feature branch history, and does not create a new release branch. Option C is wrong because `git revert 2j3k4l5` would create a new commit that undoes the 'Add new module' commit, but the release branch would still contain that commit in its history, which violates the requirement to not include it at all. Option D is wrong because merging `master` into a branch based on `feature/update` would bring in all commits from master, including the 'Add new module' commit, which is explicitly unwanted.

831
Multi-Selecthard

A security audit identified that the /tmp directory is world-writable. Which THREE steps should be taken to secure /tmp on a Linux system? (Select THREE.)

Select 3 answers
A.Set the sticky bit on /tmp
B.Remove world-writable permission from /tmp
C.Mount /tmp with the nosuid option
D.Mount /tmp with the noexec option
E.Mount /tmp with the exec option
AnswersA, C, D

Prevents users from deleting others' files.

Why this answer

Option A is correct because setting the sticky bit on /tmp prevents users from deleting or renaming files owned by other users, even though the directory is world-writable. This is a standard security hardening measure for shared temporary directories.

Exam trap

The trap here is that candidates may think removing world-writable permissions is the correct fix, but that would break system functionality; instead, the sticky bit and mount options are the proper hardening steps without breaking compatibility.

832
Multi-Selecthard

A Kubernetes administrator is creating a deployment YAML manifest. Which THREE fields are required in a Deployment spec? (Select THREE.)

Select 3 answers
A.replicas
B.spec
C.apiVersion
D.metadata
E.kind
AnswersC, D, E

Correct. Required to specify the API version.

Why this answer

A Deployment requires apiVersion, kind, and metadata. The other fields are part of the spec but not top-level required fields.

833
MCQeasy

A Linux administrator notices that the system clock is consistently 5 minutes behind the actual time. The administrator runs 'timedatectl' and sees 'NTP service: active'. Which of the following commands should be used to force an immediate time synchronization?

A.systemctl restart ntp
B.ntpdate -s time.google.com
C.systemctl restart chronyd
D.timedatectl set-ntp false && chronyd -q && timedatectl set-ntp true
AnswerD

Disabling NTP, forcing a one-time sync with chronyd -q, then re-enabling NTP is the correct procedure.

Why this answer

Option D is correct because it first disables NTP to stop the automatic synchronization, then runs chronyd in one-shot query mode (-q) to force an immediate sync with the configured NTP servers, and finally re-enables NTP to resume normal service. This approach works with chronyd, which is the default NTP implementation on modern RHEL/CentOS 8+ and many other distributions, and directly addresses the need for an immediate synchronization without waiting for the periodic polling interval.

Exam trap

The trap here is that candidates assume 'systemctl restart chronyd' (Option C) will immediately sync the clock, but it only restarts the daemon without forcing a poll, so the 5-minute lag remains until the next scheduled update; CompTIA often tests the distinction between restarting a service and triggering an immediate action.

How to eliminate wrong answers

Option A is wrong because 'systemctl restart ntp' targets the legacy 'ntpd' service, which is not the active NTP service when chronyd is in use; the output shows 'NTP service: active' but does not specify the daemon, and on modern systems chronyd is the default, so restarting ntpd would have no effect or could conflict. Option B is wrong because 'ntpdate' is deprecated and often not installed by default; it also bypasses the running NTP service and can cause clock stepping that may disrupt applications, and it does not integrate with the active chronyd or ntpd configuration. Option C is wrong because 'systemctl restart chronyd' restarts the daemon but does not force an immediate synchronization; chronyd will still wait for its next scheduled poll (typically 64–1024 seconds), so the 5-minute lag would persist until the next automatic update.

834
Multi-Selecthard

Which THREE tools are commonly used for configuration management?

Select 3 answers
A.Chef
B.Ansible
C.Puppet
D.Kubernetes
E.Docker
AnswersA, B, C

Chef is a configuration management tool.

Why this answer

Chef is a configuration management tool that uses a Ruby-based DSL to define system configurations as 'recipes' and 'cookbooks'. It follows a pull-based model where nodes run the Chef client to fetch and apply configurations from a Chef server, ensuring desired state compliance across infrastructure.

Exam trap

CompTIA often tests the distinction between configuration management (Chef, Ansible, Puppet) and container/orchestration tools (Docker, Kubernetes), leading candidates to mistakenly select Kubernetes or Docker as configuration management tools.

835
MCQhard

An administrator needs to generate a self-signed certificate and private key for an internal web server. Which OpenSSL command creates both in one step?

A.openssl ca -in req.pem -out cert.pem
B.openssl genrsa -out key.pem 2048 && openssl req -new -x509 -key key.pem -out cert.pem -days 365
C.openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes
D.openssl x509 -req -in req.pem -signkey key.pem -out cert.pem
AnswerC

Correct: -x509 for self-signed, -newkey generates key, -keyout and -out output files.

Why this answer

Option C is correct because the `openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes` command generates a new RSA private key and a self-signed X.509 certificate in a single step. The `-x509` flag outputs a self-signed certificate instead of a CSR, `-newkey` creates the key pair, and `-nodes` prevents encryption of the private key, which is typical for an internal web server that must start without manual passphrase entry.

Exam trap

The trap here is that candidates may think Option B is correct because it technically works, but the question explicitly asks for a command that creates both 'in one step', meaning a single OpenSSL command, not a shell pipeline of two separate commands.

How to eliminate wrong answers

Option A is wrong because `openssl ca` is used to sign a certificate request (CSR) with a CA certificate, not to generate a self-signed certificate and private key together; it requires an existing CA setup and a pre-generated CSR. Option B is wrong because while it does produce a self-signed certificate and key, it uses two separate commands (`genrsa` then `req`) chained with `&&`, which is not a single OpenSSL command as the question asks for 'one step'. Option D is wrong because `openssl x509 -req` signs a CSR using an existing key (`-signkey`), but it does not generate a new private key; it requires a pre-existing CSR and key file, so it cannot create both in one step.

836
MCQmedium

An administrator wants to find all files in the current directory tree that are larger than 100 MB and have the .log extension. Which find command will accomplish this?

A.find . -name '*.log' -size +100M
B.find . -name '*.log' -size +100MB
C.find . -name '*.log' -size -100M
D.find . -type f -size +100M
AnswerA

Correct: finds .log files larger than 100 MB.

Why this answer

-size +100M finds files larger than 100 MB; -name '*.log' matches .log extension. Option A uses -type f but missing -name. Option B has -size +100MB (should be M).

Option D uses -size -100M (smaller).

837
MCQhard

An administrator configures /etc/ssh/sshd_config with the following settings: PermitRootLogin no, PasswordAuthentication no, AllowUsers alice bob, MaxAuthTries 2. After restarting sshd, which of the following is true?

A.User charlie can log in using a public key.
B.User bob can log in using a public key.
C.User alice can log in using a password.
D.Root can log in using a valid password.
AnswerB

Correct. Password authentication is disabled, but public key is allowed, and bob is in AllowUsers.

Why this answer

PasswordAuthentication no disables password logins, so public key authentication is required. PermitRootLogin no prevents root login entirely. AllowUsers restricts to alice and bob only.

MaxAuthTries 2 limits authentication attempts. So root cannot log in even with keys, and alice/bob must use keys.

838
MCQhard

A technician runs the command `sudo lvdisplay /dev/vg_root/lv_root` and sees the output in the exhibit. The server fails to mount the root filesystem during boot. Which of the following should the technician do first?

A.Run `fsck /dev/vg_root/lv_root` to check the filesystem.
B.Run `lvchange -ay /dev/vg_root/lv_root` to activate the logical volume.
C.Run `vgchange -ay` to activate the volume group.
D.Run `mount /dev/vg_root/lv_root /mnt` to mount the volume.
AnswerB

Correct: The LV status is 'NOT available'; this command activates it for use.

Why this answer

The `lvdisplay` output shows the logical volume is present but its 'LV Status' is likely 'NOT available' (not shown in the exhibit but implied by the boot failure). The root filesystem cannot mount because the logical volume is inactive. The first corrective step is to activate it with `lvchange -ay /dev/vg_root/lv_root`, which makes the LV accessible to the kernel for mounting.

Exam trap

The trap here is that candidates assume a filesystem check (fsck) is always the first step for a mount failure, but LVM-specific issues like an inactive logical volume must be resolved before any filesystem-level operations can succeed.

How to eliminate wrong answers

Option A is wrong because running `fsck` on an inactive logical volume will fail or cause corruption; the filesystem must be active and accessible before checking. Option C is wrong because `vgchange -ay` activates all volume groups, which is unnecessary and could interfere with other LVM states; the issue is isolated to a single LV, so targeting it with `lvchange` is more precise. Option D is wrong because `mount` will fail if the logical volume is inactive; the LV must be activated first before any mount attempt.

839
MCQeasy

After writing a script, the administrator cannot execute it with './script.sh'. The permissions are '-rw-rw-r--'. Which command makes the script executable?

A.chmod u+x script.sh
B.chmod +x script.sh
C.chmod g-x script.sh
D.chmod a+rwx script.sh
AnswerA

Adds execute for the owner.

Why this answer

Option A is correct because the current permissions (`-rw-rw-r--`) show that the owner lacks execute permission. The command `chmod u+x script.sh` adds execute permission for the user (owner) only, which is the minimal and most secure way to make the script executable by the administrator who owns it. This directly addresses the requirement without granting unnecessary permissions to the group or others.

Exam trap

CompTIA often tests the distinction between `chmod +x` (which adds execute for all) and `chmod u+x` (which adds execute only for the owner), expecting candidates to recognize that the minimal permission change is the correct answer.

How to eliminate wrong answers

Option B is wrong because `chmod +x script.sh` adds execute permission for all three categories (user, group, others) by default when no target is specified, which is overly permissive and violates the principle of least privilege. Option C is wrong because `chmod g-x script.sh` removes execute permission from the group, which does not help make the script executable; it actually reduces permissions. Option D is wrong because `chmod a+rwx script.sh` grants read, write, and execute permissions to all users (user, group, others), which is excessively permissive and unnecessary for the administrator's goal.

840
MCQmedium

An administrator wants to audit all attempts to access the file /etc/shadow. Which auditctl command should be used?

A.auditctl -A exit,always -F path=/etc/shadow -k shadow
B.auditctl -w /etc/shadow -p rwxa -k shadow
C.auditctl -a always,exit -F path=/etc/shadow -F perm=wa -k shadow
D.ausearch -w /etc/shadow
AnswerC

This is the correct syntax using -a (add rule) with syscall.

Why this answer

Option C is correct because the auditctl command with `-a always,exit -F path=/etc/shadow -F perm=wa -k shadow` adds a rule to the audit system that records all attempts to write or attribute-change (wa) to the /etc/shadow file, which covers all access attempts that could modify the file. The `-a always,exit` appends the rule to the exit list, ensuring that every system call that accesses the file is audited, making it the proper syntax for auditing file access in Linux auditd.

Exam trap

The trap here is that candidates often confuse the watch-based syntax (`-w`) with the system call filter syntax (`-a`), and incorrectly assume that `-w /etc/shadow -p rwxa` is the correct way to audit all access, but the exam expects the precise `-a always,exit` with `-F perm=wa` for auditing file access attempts that involve modification.

How to eliminate wrong answers

Option A is wrong because `-A` is not a valid auditctl flag; the correct flag for appending a rule is `-a`, and the syntax `-A exit,always` is invalid and would cause an error. Option B is wrong because `-w /etc/shadow -p rwxa -k shadow` uses the watch flag `-w` with permissions `rwxa` (read, write, execute, attribute change), which audits all access types including read, but the question specifically asks to audit 'all attempts to access' the file, and while this might seem correct, the watch-based syntax is less precise for system call auditing and does not use the recommended `-a` approach for exit-based rules; more importantly, `-p rwxa` includes read (`r`), which is not necessary for auditing access attempts that modify the file, and the watch mode does not integrate as cleanly with the audit subsystem for exit-based filtering. Option D is wrong because `ausearch` is a search tool for querying audit logs, not a command to add audit rules; it cannot be used to configure auditing.

841
MCQmedium

A user reports that they cannot reach a website by name, but they can reach it by IP address. Which file should be checked first for possible misconfiguration?

A./etc/nsswitch.conf
B./etc/hosts
C./etc/resolv.conf
D./etc/sysconfig/network
AnswerC

Correct. DNS resolver configuration.

Why this answer

The /etc/resolv.conf file contains DNS resolver settings. If it is incorrect, name resolution will fail.

842
MCQeasy

Which command is used to display the contents of a compressed log file without decompressing it?

A.head
B.zcat
C.cat
D.less
AnswerB

zcat reads compressed files and outputs to stdout.

Why this answer

zcat is used to view compressed files; it is equivalent to gunzip -c.

843
Multi-Selecteasy

A user wants to view the contents of a text file one page at a time. Which two commands can be used? (Choose two.)

Select 2 answers
A.less
B.cat
C.tail
D.head
E.more
AnswersA, E

less is a pager with backward and forward navigation.

Why this answer

less and more are pagers that display content one screen at a time.

844
MCQmedium

A Linux administrator needs to find all files in /var/log that have been modified within the last 7 days and are larger than 10 MB. Which find command accomplishes this?

A.find /var/log -mtime -7 -size +10M
B.find /var/log -atime -7 -size +10M
C.find /var/log -mtime +7 -size -10M
D.find /var/log -mmin -10080 -size +10M
AnswerA

Correct: -mtime -7 for last 7 days, -size +10M for larger than 10 MB.

Why this answer

The -mtime -7 option matches files modified less than 7 days ago, and -size +10M matches files larger than 10 MB.

845
MCQmedium

A user reports that the /data directory is inaccessible. The Linux administrator runs the commands shown in the exhibit. Which of the following is the most likely cause of the issue?

A.The user does not have read permissions on /data.
B.The filesystem is full and has become corrupted.
C.The device /dev/sdb1 is not present.
D.The filesystem is mounted as read-only.
AnswerB

100% usage can lead to corruption; the I/O error indicates filesystem issues.

Why this answer

The 'Input/output error' when accessing /data, combined with the 'Structure needs cleaning' message from dmesg, indicates filesystem corruption on /dev/sdb1. This is a classic symptom of a full filesystem that has become corrupted, not a simple permission or mount issue. The administrator's inability to read or write to the directory, despite the mount appearing normal, points to underlying filesystem damage.

Exam trap

The trap here is that candidates see 'Input/output error' and assume a hardware failure or missing device, but the combination of the mount showing the device as present and the dmesg message pointing to filesystem corruption is the key diagnostic clue.

How to eliminate wrong answers

Option A is wrong because the error message is 'Input/output error', not 'Permission denied', and the user's lack of read permissions would produce a different error. Option C is wrong because the mount command shows /dev/sdb1 is present and mounted on /data, so the device exists. Option D is wrong because the mount output shows 'rw' (read-write) in the mount options, and a read-only mount would produce a 'Read-only file system' error, not an I/O error.

846
MCQhard

A senior administrator is troubleshooting a shell script that fails to execute properly. The script starts with #!/bin/bash and has execute permissions. Which of the following could cause the script to fail to run when invoked as ./script.sh?

A.The shebang line is not on the first line.
B.The script contains carriage return characters (\r).
C.The script uses #!/bin/sh instead of bash.
D.The script starts with a byte order mark (BOM).
AnswerB

Can cause 'No such file or directory'.

Why this answer

Option B is correct because carriage return characters (\r) are a common issue when scripts are edited on Windows and then transferred to Linux. The shebang line #!/bin/bash expects a Unix-style line ending (LF), but \r characters cause the shell to interpret the command interpreter as '/bin/bash\r', which is not a valid executable path. This results in a 'No such file or directory' error when the script is invoked as ./script.sh, even though permissions are correct.

Exam trap

The trap here is that candidates may think the shebang line must be on the first line (Option A) is the issue, but Cisco tests the subtle Windows line-ending problem (\r) that causes the interpreter path to be invalid, which is a common real-world pitfall when scripts are edited in Windows environments and transferred to Linux.

How to eliminate wrong answers

Option A is wrong because the shebang line must be on the first line of the script; if it is not, the script will still execute but will be interpreted by the default shell (usually /bin/sh) rather than bash, which may cause different behavior but not necessarily a failure to run. Option C is wrong because using #!/bin/sh instead of #!/bin/bash does not cause the script to fail to run; it simply invokes the system's default Bourne shell, which may lack some bash-specific features but will still execute the script if it is compatible. Option D is wrong because a byte order mark (BOM) at the start of the script is a Unicode encoding artifact that can cause the shebang line to be misinterpreted, but it is less common than carriage return issues and typically results in a 'bad interpreter' error similar to \r, but the question specifically tests the more frequent Windows-to-Linux line-ending problem.

847
Multi-Selecthard

Which THREE steps should be taken when diagnosing a network connectivity issue where a host cannot reach the internet but can ping the local gateway? (Select three.)

Select 3 answers
A.Examine the routing table with route -n
B.Review firewall rules with iptables -L
C.Check ARP cache for the gateway
D.Run traceroute to a known external IP
E.Check DNS resolution with nslookup
AnswersA, B, E

Check default route configuration.

Why this answer

Option A is correct because the `route -n` command displays the kernel routing table without resolving hostnames, allowing you to verify whether a default gateway route (0.0.0.0/0) exists. If the host can ping the local gateway but not the internet, a missing or incorrect default route is a common cause, as traffic to external networks would have no path to forward.

Exam trap

The trap here is that candidates assume a successful ping to the gateway proves Layer 3 routing is fully functional, but they overlook that the host may lack a default route, which is a distinct routing table entry separate from gateway reachability.

848
MCQmedium

A system administrator is troubleshooting a service that fails to start with the error 'Unit failed to load: Invalid argument'. The service file is located in /etc/systemd/system. What is the most likely cause?

A.The service binary is missing
B.The service file has a syntax error
C.The service requires a dependency that is not installed
D.The service is masked
AnswerB

Syntax errors in the unit file cause 'Invalid argument' error.

Why this answer

The error 'Unit failed to load: Invalid argument' in systemd indicates that the unit file parser encountered a directive or value it could not interpret. This is most commonly caused by a syntax error in the service file, such as a misspelled key, an invalid setting, or a malformed line. Systemd validates the file structure against its grammar; any deviation triggers this specific error.

Exam trap

The trap here is that candidates often confuse runtime errors (like missing binaries or dependencies) with parsing errors, but the specific 'Invalid argument' message points directly to a syntax or configuration issue within the unit file itself.

How to eliminate wrong answers

Option A is wrong because a missing service binary would cause a different error, such as 'Exec format error' or 'Unit not found' when trying to execute the binary, not a parsing failure. Option C is wrong because a missing dependency typically results in 'dependency failed' or 'unit not found' errors, not an 'Invalid argument' syntax error. Option D is wrong because a masked service produces 'Unit is masked' or 'Failed to start unit: Unit is masked' errors, not a syntax-level parsing failure.

849
MCQmedium

An administrator wants to allow user 'jane' to run all commands as root via sudo without a password. Which line should be added to /etc/sudoers?

A.jane ALL=NOPASSWD: ALL
B.jane ALL=(root) NOPASSWD: ALL
C.jane ALL=(ALL) ALL
D.jane ALL=(ALL) NOPASSWD: ALL
AnswerD

Correct syntax for passwordless sudo.

Why this answer

The format is 'username ALL=(ALL) NOPASSWD: ALL'. The other options either require a password, use incorrect syntax, or include unnecessary aliases.

850
Multi-Selecthard

Which TWO commands are used to manage SSH key-based authentication processes? (Choose exactly two.)

Select 2 answers
A.ssh-keygen
B.ssh-add
C.ssh-copy-id
D.ssh-keyscan
E.ssh-agent
AnswersA, C

Generates public/private key pairs for SSH.

Why this answer

The `ssh-keygen` command generates the public and private key pair used for SSH key-based authentication, while `ssh-copy-id` installs the public key on a remote server's `~/.ssh/authorized_keys` file, enabling passwordless login. Together, they form the core workflow for setting up SSH key authentication.

Exam trap

CompTIA often tests the distinction between key generation/distribution commands (`ssh-keygen`, `ssh-copy-id`) and agent management commands (`ssh-agent`, `ssh-add`), leading candidates to mistakenly select agent-related options for managing authentication processes.

851
MCQeasy

An administrator runs the command `ls -l /data/file.txt` and sees the output: `-rw-r-----+ 1 root project 1024 Mar 15 10:00 file.txt`. The administrator wants to view the current ACL entries on this file. Which command should be used?

A.getfacl /data/file.txt
B.chacl /data/file.txt
C.lsacl /data/file.txt
D.aclshow /data/file.txt
AnswerA

Correct command to view ACL entries.

Why this answer

The `+` at the end of the permission string (`-rw-r-----+`) indicates that the file has extended ACL (Access Control List) entries beyond the standard Unix permissions. The `getfacl` command is the standard Linux utility to display the current ACL entries for a file or directory, showing user, group, and mask entries along with any named user or group ACLs.

Exam trap

Cisco often tests the distinction between viewing and modifying ACLs, and the trap here is that candidates may confuse `chacl` (a less common command for changing ACLs) with `getfacl`, or assume a command like `lsacl` exists because of the pattern `ls` for listing, when in fact `getfacl` is the correct utility.

How to eliminate wrong answers

Option B (`chacl`) is wrong because `chacl` is used to change or set ACLs, not to view them; it requires an ACL specification as an argument and modifies the ACL rather than displaying it. Option C (`lsacl`) is wrong because there is no standard Linux command named `lsacl`; the correct command to list ACLs is `getfacl`, and `lsacl` is not a valid utility. Option D (`aclshow`) is wrong because `aclshow` is not a standard Linux command; it may be confused with `getfacl` or a command from a non-standard package, but it does not exist in typical Linux distributions.

852
MCQmedium

SELinux is currently in enforcing mode. A service is being blocked by SELinux. Which command can analyze the audit log and suggest the minimum policy changes to allow the service?

A.ausearch
B.audit2allow
C.setsebool
D.restorecon
AnswerB

audit2allow creates policy from audit denials.

Why this answer

audit2allow reads audit messages and generates policy modules to allow the denied actions.

853
MCQhard

A technician needs to replace all occurrences of '192.168.1.' with '10.0.0.' in the file /etc/network/interfaces and save the changes. Which command accomplishes this?

A.awk '{gsub(/192.168.1./,"10.0.0.");print}' /etc/network/interfaces > tmp && mv tmp /etc/network/interfaces
B.sed -i 's/192\.168\.1/10.0.0/g' /etc/network/interfaces
C.sed 's/192.168.1./10.0.0./g' /etc/network/interfaces > /etc/network/interfaces
D.sed -i 's/192.168.1./10.0.0./g' /etc/network/interfaces
AnswerD

Correct use of -i for in-place substitution.

Why this answer

sed -i 's/192\.168\.1\./10.0.0./g' /etc/network/interfaces uses in-place editing with the substitute command globally.

854
MCQmedium

A system administrator is configuring centralized logging for a cluster of web servers. Each web server runs rsyslog and needs to forward its Apache access logs to a central log server at 192.168.1.100 over UDP port 514. The administrator adds the following line to /etc/rsyslog.conf on each web server: '*.* @192.168.1.100:514'. After restarting rsyslog, no logs appear on the central server. The administrator checks the network connectivity and finds that the central server is reachable and listening on UDP 514. Which additional configuration is most likely required on the web servers to forward the Apache logs?

A.Enable the 'imuxsock' module in rsyslog to listen on a Unix socket for Apache logs.
B.Create a configuration file in /etc/rsyslog.d/ with a more specific filter for Apache logs.
C.Configure Apache to send access logs to syslog using the 'syslog' facility in the LogFormat directive.
D.Change the forwarding protocol from UDP to TCP in both the sender and receiver.
AnswerC

By default Apache writes to files; to forward via syslog, it must use the syslog output.

Why this answer

The wildcard '*.*' forwards all logs, including Apache logs if they are sent to syslog. However, rsyslog by default only reads from its own sources; if Apache logs are written directly to a file and not via syslog, they won't be forwarded. The Apache module 'mod_log_config' can be configured to send logs to syslog using the 'syslog' facility.

Option B is correct. Option A (el8 conf includes) is a file but not for Apache. Option C adds modular configs but doesn't address Apache.

Option D (UDP vs TCP) might matter but the problem states UDP is used and listening.

855
MCQeasy

A user reports that their system fails to boot and displays a 'GRUB' prompt. Which command should be run first to attempt to load the operating system manually?

A.rescue
B.reboot
C.boot
D.exit
AnswerC

'boot' at the GRUB prompt loads the selected kernel.

Why this answer

When the system boots to a GRUB prompt, it means the bootloader has loaded but cannot find or automatically load the operating system. The `boot` command at the GRUB prompt instructs GRUB to attempt to boot the currently configured kernel and initramfs, which is the correct first step to manually load the OS.

Exam trap

The trap here is that candidates confuse the GRUB prompt with a system rescue shell and try to use system-level commands like `reboot` or `exit`, not realizing that GRUB has its own command set where `boot` is the correct action to load the OS.

How to eliminate wrong answers

Option A is wrong because `rescue` is not a valid GRUB command; it is a mode in systemd or anaconda, not used at the GRUB prompt. Option B is wrong because `reboot` is a system command, not a GRUB command; at the GRUB prompt, you would use `reboot` only after exiting GRUB or from the OS shell. Option D is wrong because `exit` in GRUB returns to the previous menu or the BIOS/UEFI boot selection, but does not attempt to load the operating system.

856
MCQmedium

A systems administrator creates a bash script that processes log files. The script uses a for loop to iterate over files in /var/log and runs a command on each. Which of the following would prevent the script from failing if no files match the pattern?

A.set -u
B.set -e
C.shopt -s failglob
D.shopt -s nullglob
AnswerD

Expands to nothing, preventing failure.

Why this answer

Option D is correct because `shopt -s nullglob` causes the shell to expand a glob pattern that matches no files into an empty string rather than leaving the pattern literal. Without this setting, if no files match the pattern in `/var/log`, the for loop receives the literal pattern string (e.g., `*.log`) and attempts to process it as a filename, which would cause the command to fail or produce unexpected results. Enabling nullglob ensures the loop body simply does not execute when no matches exist, preventing script failure.

Exam trap

The trap here is that candidates often confuse `nullglob` with `failglob` or assume that `set -e` or `set -u` can handle glob failures, when in fact only `nullglob` prevents the literal pattern string from being passed as an argument, thereby avoiding a command failure.

How to eliminate wrong answers

Option A is wrong because `set -u` treats unset variables as an error and causes the script to exit when referencing an undefined variable, but it does not affect how glob patterns are expanded when no files match. Option B is wrong because `set -e` causes the script to exit immediately if any command returns a non-zero exit status, but it does not change the behavior of glob expansion; a failed glob pattern would still be passed as a literal string, potentially causing a command failure that `set -e` would then propagate. Option C is wrong because `shopt -s failglob` causes the shell to print an error and exit if a glob pattern matches no files, which is the opposite of preventing script failure — it would actively cause the script to fail.

857
MCQmedium

A technician wants to check the disk I/O statistics, focusing on the average I/O wait time and utilization percentage. Which command provides this information?

A.sar -b
B.vmstat -d
C.free -h
D.iostat -x
AnswerD

Correct: iostat -x shows extended stats including %util and await.

Why this answer

iostat displays disk I/O statistics including %util (utilization) and await (average I/O wait time).

858
MCQeasy

Which command will run a container in detached mode with the name 'web' and map host port 8080 to container port 80, using the nginx image?

A.docker run -d --name web -p 8080:80 nginx
B.docker exec -d --name web -p 8080:80 nginx
C.docker start -d --name web -p 8080:80 nginx
D.docker run -it --name web -p 8080:80 nginx
AnswerA

Correct. This runs the nginx container in detached mode with the specified name and port mapping.

Why this answer

Option A is correct because `docker run` creates and starts a new container. The `-d` flag runs it in detached mode (background), `--name web` assigns the name 'web', `-p 8080:80` maps host port 8080 to container port 80, and `nginx` specifies the image to use. This is the standard syntax for deploying a container with port mapping and a custom name.

Exam trap

CompTIA often tests the distinction between `docker run` (create + start) and `docker start` (start existing container), and the requirement for `-d` versus `-it` to achieve detached mode, causing candidates to confuse the subcommands or flags.

How to eliminate wrong answers

Option B is wrong because `docker exec` is used to run a command inside an existing container, not to create or start a new container; it does not accept `-d` for detached mode in the same way, and `-p` is not a valid flag for `docker exec`. Option C is wrong because `docker start` is used to start an existing stopped container, not to create a new one; it does not accept `-p` for port mapping, and the `nginx` argument would be interpreted as a container name, not an image. Option D is wrong because `-it` runs the container in interactive mode with a TTY, not detached mode; the question specifically requires detached mode (`-d`).

859
Multi-Selectmedium

A technician is configuring a system to automatically mount an NFS share at boot. Which two files must be edited or created? (Choose two.)

Select 2 answers
A./etc/auto.master
B./etc/exports
C./etc/nfs.conf
D./etc/nfsmount.conf
E./etc/fstab
AnswersD, E

nfsmount.conf sets default NFS mount options.

Why this answer

Option D is correct because `/etc/nfsmount.conf` is the NFS configuration file that can be used to set default mount options for NFS shares, such as protocol version, read/write size, and timeouts. Option E is correct because `/etc/fstab` is the standard file system table that defines how block devices, remote filesystems, and swap partitions are mounted at boot, including NFS shares with the `nfs` or `nfs4` filesystem type.

Exam trap

The trap here is that candidates confuse the client-side NFS mount configuration file (`/etc/nfsmount.conf`) with the server-side configuration file (`/etc/nfs.conf`), or mistakenly think the automounter's `/etc/auto.master` is used for persistent boot-time mounts.

860
MCQeasy

Which directory in the Filesystem Hierarchy Standard (FHS) contains essential user commands available to all users, such as 'ls' and 'cp'?

A./sbin
B./opt
C./bin
D./usr/bin
AnswerC

Correct: /bin holds essential user commands.

Why this answer

/bin contains essential user binaries. /sbin is for system binaries (usually root). /usr/bin contains non-essential user binaries. /opt is for optional software.

861
MCQmedium

A technician needs to replace the string 'old_config' with 'new_config' in the file /etc/app.conf and save the changes in place. Which sed command accomplishes this?

A.sed -i 's/old_config/new_config/g' /etc/app.conf
B.sed 's/old_config/new_config/' /etc/app.conf
C.sed -n 's/old_config/new_config/p' /etc/app.conf
D.sed -i 's/old_config/new_config/' /etc/app.conf
AnswerA

Correct usage of in-place substitution globally.

Why this answer

The -i flag edits the file in place, and the s///g substitution replaces all occurrences.

862
MCQhard

An administrator wants to change the default systemd target to multi-user.target so the system boots to a text console. Which command should be used?

A.systemctl isolate multi-user.target
B.systemctl set-default multi-user.target
C.systemctl enable multi-user.target
D.systemctl mask multi-user.target
AnswerB

Correct command to set default target.

Why this answer

systemctl set-default multi-user.target sets the default target. systemctl isolate changes the current target but not the default. enable and mask are for services, not targets.

863
MCQhard

An administrator wants to run a script on multiple remote servers using Ansible. The script requires a variable that differs per host. Where should the administrator define this variable to follow best practices?

A.In the playbook under vars:
B.In host_vars/<hostname>.yml
C.In the inventory file as a variable
D.In group_vars/all.yml
AnswerB

host_vars allows defining variables specific to a single host.

Why this answer

Host-specific variables should be defined in host_vars files, which are automatically loaded by Ansible when the host is targeted.

864
MCQhard

An administrator is troubleshooting a boot issue. The system boots to a console with limited functionality. Which systemd target should be used to bring up the system with network and multi-user support?

A.emergency.target
B.graphical.target
C.rescue.target
D.multi-user.target
AnswerD

Correct: multi-user.target boots to a text console with network.

Why this answer

multi-user.target provides a non-graphical multi-user system with network.

865
MCQhard

Refer to the exhibit. The administrator receives an email that a cron job failed. What is the most likely cause?

A.The script is not executable.
B.The script is missing a shebang line.
C.The cron daemon is not running.
D.The script has an unmatched if statement.
AnswerD

Correct: The error 'syntax error near unexpected token `fi'' suggests an if statement without a matching fi.

Why this answer

The cron job failed because the script contains an unmatched if statement, which causes a syntax error when the shell interprets the script. Cron jobs execute scripts in a non-interactive shell, and any syntax error will cause the script to exit with a non-zero status, triggering the failure email. The unmatched if statement prevents the script from completing execution, leading to the reported failure.

Exam trap

CompTIA often tests the distinction between script execution failures due to syntax errors versus permission or environment issues, and the trap here is that candidates may incorrectly attribute the failure to a missing shebang line or non-executable script, overlooking the specific syntax error message shown in the exhibit.

How to eliminate wrong answers

Option A is wrong because if the script were not executable, the cron job would fail with a 'Permission denied' error, but the cron daemon would still attempt to run it and send a failure notification; however, the exhibit shows a syntax error, not a permission issue. Option B is wrong because while a missing shebang line can cause the script to be interpreted by the default shell (often /bin/sh), which might still work, it would not directly cause an unmatched if statement error; the exhibit explicitly shows an 'unexpected end of file' error due to missing 'fi'. Option C is wrong because if the cron daemon were not running, no cron jobs would execute at all, and the administrator would not receive a failure email for a specific job; the email indicates the daemon is active and attempted the job.

866
Multi-Selectmedium

An administrator needs to grant read and write access to the 'developers' group on a directory while preserving existing permissions for the owner and others. Which TWO commands can be used to modify ACLs? (Choose two.)

Select 1 answer
A.chmod g+rw /dir
B.getfacl /dir
C.setfacl -m u:developers:rw /dir
D.setfacl -x g:developers /dir
E.setfacl -m g:developers:rw /dir
AnswersE

Correct: modifies ACL to grant rw to group.

Why this answer

setfacl -m g:developers:rw sets ACL entry. getfacl displays ACLs but does not modify. chmod changes standard permissions, not ACLs. setfacl -x removes ACLs. setfacl -b removes all ACLs.

867
MCQeasy

A team uses Ansible for configuration management. A playbook fails with the error 'ERROR! Syntax Error while loading YAML script'. Which of the following is the most likely cause?

A.Missing SSH key
B.Incorrect indentation in the YAML file
C.Invalid module name
D.Playbook not executable
AnswerB

YAML syntax errors are most commonly due to indentation mistakes.

Why this answer

The error 'Syntax Error while loading YAML script' indicates that Ansible's YAML parser encountered a structural problem in the playbook file. The most common cause in YAML is incorrect indentation, because YAML relies on consistent spacing (typically 2 spaces per level) to define the hierarchy of tasks, plays, and variables. A missing SSH key would produce a connection or authentication error, not a YAML syntax error.

Exam trap

The trap here is that candidates may confuse a YAML parsing error with a runtime execution error, such as an SSH key issue or an invalid module, because they all prevent the playbook from running successfully.

How to eliminate wrong answers

Option A is wrong because a missing SSH key causes an authentication failure (e.g., 'Permission denied (publickey)') during the connection phase, not a YAML syntax error during parsing. Option C is wrong because an invalid module name results in a module-specific error (e.g., 'ERROR! couldn't resolve module/action'), not a YAML syntax error. Option D is wrong because playbooks are not executed as standalone scripts; Ansible runs them via the `ansible-playbook` command, so the executable bit is irrelevant — the error would be a 'Permission denied' if the file were executed directly, not a YAML syntax error.

868
MCQmedium

A security policy requires that user passwords must expire every 90 days. Which command can enforce this policy for user 'jsmith'?

A.usermod -e 90 jsmith
B.chage -M 90 jsmith
C.passwd -x 90 jsmith
D.chfn -f 90 jsmith
AnswerB

Sets the maximum password age to 90 days.

Why this answer

The `chage -M 90 jsmith` command sets the maximum number of days a password is valid for user 'jsmith' to 90, which enforces the 90-day expiration policy. The `-M` option directly modifies the `PASS_MAX_DAYS` field in `/etc/shadow`, and `chage` is the standard tool for managing password aging on Linux systems.

Exam trap

The trap here is that candidates confuse `usermod -e` (account expiry) with `chage -M` (password expiry), or assume `passwd -x` works without the correct syntax, leading them to pick a command that either targets the wrong attribute or has an invalid option order.

How to eliminate wrong answers

Option A is wrong because `usermod -e` sets the account expiration date (in YYYY-MM-DD format), not the password aging interval; `-e 90` would be interpreted as a date offset from epoch, not a day count. Option C is wrong because `passwd -x 90` is not a valid syntax; the `passwd` command uses `-x` to set maximum password days, but it requires the username immediately after the option (e.g., `passwd -x 90 jsmith`), and even then it is less commonly used than `chage` for policy enforcement. Option D is wrong because `chfn -f 90` changes the user's full name (GECOS field), not password expiration; `-f` expects a string, not a numeric day value.

869
MCQeasy

A service fails to start and journalctl shows 'Permission denied'. What should the administrator check first?

A.Package integrity
B.DNS resolution
C.Firewall rules
D.SELinux contexts and file permissions
AnswerD

SELinux contexts are a common cause of permission denied errors for services.

Why this answer

The 'Permission denied' error in journalctl for a service failure typically indicates that the service process lacks the necessary permissions to access a file, directory, or resource. SELinux contexts and file permissions are the most common causes, as SELinux enforces mandatory access controls (MAC) that can block access even when standard Unix permissions are correct. Checking these first aligns with the troubleshooting principle of verifying access controls before other layers like network or package integrity.

Exam trap

The trap here is that candidates often jump to firewall rules or package integrity because they associate 'Permission denied' with network or installation issues, but the XK0-005 exam specifically tests SELinux and file permission troubleshooting for service startup failures.

How to eliminate wrong answers

Option A is wrong because package integrity issues (e.g., corrupted RPM database or missing files) would typically produce errors like 'File not found' or checksum mismatches, not 'Permission denied'. Option B is wrong because DNS resolution failures cause 'Name or service not known' or timeout errors, not permission-related denials. Option C is wrong because firewall rules block network traffic at the packet level, producing 'Connection refused' or 'No route to host' errors, not 'Permission denied' which is a local filesystem or security context issue.

870
MCQhard

A system administrator is tuning a server for a high-performance computing workload and needs to disable NUMA (Non-Uniform Memory Access) at boot to improve memory access latency. Which kernel boot parameter should be added to the GRUB_CMDLINE_LINUX line in /etc/default/grub?

A.maxcpus=1
B.numa=off
C.acpi=off
D.noapic
AnswerB

This parameter disables NUMA support in the kernel.

Why this answer

Option B is correct because the `numa=off` kernel boot parameter explicitly disables NUMA support in the Linux kernel, forcing memory to be treated as a single contiguous block (UMA). This eliminates the latency penalty of remote memory accesses, which is beneficial for high-performance computing workloads that require consistent, low-latency memory access across all CPUs.

Exam trap

The trap here is that candidates often confuse `numa=off` with other hardware-disabling parameters like `acpi=off` or `noapic`, assuming any 'disable hardware feature' parameter will fix memory latency, when only `numa=off` directly addresses NUMA memory access behavior.

How to eliminate wrong answers

Option A is wrong because `maxcpus=1` limits the system to a single CPU core, which severely reduces parallel processing capability and is counterproductive for high-performance computing workloads. Option C is wrong because `acpi=off` disables Advanced Configuration and Power Interface, which can cause loss of power management, thermal control, and hardware enumeration features, but does not directly affect NUMA behavior. Option D is wrong because `noapic` disables the Advanced Programmable Interrupt Controller, which may affect interrupt routing but has no impact on NUMA memory access or latency.

871
MCQhard

After modifying the network configuration on a RHEL 8 system, the administrator wants to bring up the interface without rebooting. Which command sequence should be used?

A.ip link set eth0 up
B.systemctl restart network && nmcli dev connect eth0
C.nmcli con up eth0
D.ifconfig eth0 up
AnswerC

nmcli con up brings up the connection associated with the interface.

Why this answer

nmcli con up ifcfg-eth0 activates the connection. If using legacy scripts, ifup eth0 would work, but nmcli is the modern method for NetworkManager.

872
MCQeasy

A user is unable to create new files in a directory. Which command can the administrator use to view the Access Control Lists (ACLs) associated with that directory?

A.getfacl
B.ls -l
C.setfacl
D.chmod
AnswerA

getfacl retrieves ACL entries.

Why this answer

The `getfacl` command displays the Access Control Lists (ACLs) for a file or directory, showing both the standard POSIX permissions and any additional ACL entries (e.g., specific users or groups). Since the user cannot create new files, ACLs may be restricting write access beyond the basic mode bits, making `getfacl` the correct tool to inspect these extended permissions.

Exam trap

The trap here is that candidates often confuse `ls -l` with ACL viewing, assuming the standard permission string (e.g., `drwxr-xr-x`) fully represents access rights, when in fact ACLs can override or extend those bits without changing the mode display.

How to eliminate wrong answers

Option B is wrong because `ls -l` shows only the traditional Unix permission bits (owner, group, other) and cannot display extended ACL entries that might be blocking file creation. Option C is wrong because `setfacl` is used to modify or set ACLs, not to view them; using it without the `-g` or `-m` options would not show current ACLs. Option D is wrong because `chmod` changes the basic permission mode bits and cannot read or display ACL entries.

873
MCQhard

Refer to the exhibit. An administrator has configured audit rules but notices that 'auditctl -l' returns 'No rules'. What is the most likely issue?

A.The audit rules have not been loaded into the kernel.
B.The audit system is disabled.
C.The audit rules file has incorrect syntax.
D.The audit daemon is not running.
AnswerA

Rules from the file must be loaded with auditctl -R or by restarting auditd.

Why this answer

The audit rules file is present but not loaded. The rules need to be loaded using 'auditctl -R /etc/audit/audit.rules' or by restarting auditd. The 'auditctl -l' shows no rules because they haven't been loaded.

874
MCQhard

An administrator needs to capture network traffic on interface eth0, filtering only packets from host 192.168.1.1, and write the output to a file for later analysis. Which command accomplishes this?

A.tcpdump -i eth0 src 192.168.1.1 -w capture.pcap
B.tcpdump -i eth0 dst 192.168.1.1 > capture.pcap
C.tcpdump -i eth0 host 192.168.1.1 -w capture.pcap
D.tcpdump -n -i eth0 host 192.168.1.1 > capture.pcap
AnswerC

Correct: host captures both directions.

Why this answer

tcpdump -i eth0 host 192.168.1.1 -w capture.pcap captures packets from the specified host on eth0 and writes to a file.

875
MCQhard

A technician needs to create a new ext4 filesystem on /dev/sdb1 and mount it persistently at /mnt/data. Which set of commands accomplishes this?

A.mkfs -t ext4 /dev/sdb1; mount /dev/sdb1 /mnt/data; echo '/dev/sdb1 /mnt/data ext4 defaults 0 2' >> /etc/fstab
B.mkfs.ext4 /dev/sdb1; echo '/dev/sdb1 /mnt/data ext4 defaults 0 2' >> /etc/fstab; mount -a
C.mkfs.ext4 /dev/sdb1; mount /dev/sdb1 /mnt/data
D.echo '/dev/sdb1 /mnt/data ext4 defaults 0 2' >> /etc/fstab; mount -a
E.fdisk /dev/sdb1; mount /dev/sdb1 /mnt/data; echo '/dev/sdb1 /mnt/data ext4 defaults 0 2' >> /etc/fstab
AnswerB

Correct sequence.

Why this answer

mkfs.ext4 /dev/sdb1 creates the filesystem. Adding an entry to /etc/fstab ensures persistent mount. mount -a mounts all filesystems in fstab.

876
Multi-Selectmedium

A Linux administrator is configuring secure remote access to a server. Which three of the following are recommended best practices for securing SSH? (Choose three.)

Select 3 answers
A.Enable public key authentication.
B.Use password authentication only.
C.Disable root login via SSH.
D.Change the default SSH port to a non-standard port.
E.Allow only specific users or groups.
AnswersA, C, E

Key-based authentication is more secure than passwords.

Why this answer

Public key authentication (Option A) is a recommended best practice because it uses asymmetric cryptography (RSA, ECDSA, or Ed25519) to authenticate users without transmitting passwords over the network. This eliminates the risk of password interception via man-in-the-middle attacks or brute-force attempts, as the private key never leaves the client and the server verifies only the corresponding public key.

Exam trap

The trap here is that candidates often mistake changing the default SSH port (Option D) for a genuine security control, when it is merely obscurity and not a recommended best practice in the XK0-005 exam objectives.

877
MCQeasy

Which Kubernetes resource is used to store non-sensitive configuration data as key-value pairs that can be consumed by pods?

A.Deployment
B.Secret
C.Namespace
D.ConfigMap
AnswerD

Correct. ConfigMaps store non-sensitive configuration data.

Why this answer

ConfigMaps are used for non-sensitive configuration data. Secrets are for sensitive data like passwords. Deployments manage replicas of pods.

Namespaces isolate resources.

878
Multi-Selecteasy

An administrator needs to create a hard link to an existing file. Which two statements are true about hard links? (Choose two.)

Select 2 answers
A.Hard links can be created for directories
B.Hard links can be created across different filesystems
C.Hard links are indistinguishable from the original file
D.Hard links share the same inode number
E.Deleting the original file removes the hard link
AnswersC, D

They are additional directory entries pointing to the same data.

Why this answer

Hard links share the same inode and cannot span filesystems. They cannot link to directories.

879
MCQmedium

A DevOps engineer is writing a unit file for a systemd service that should start after the network-online.target. Which directive should be added to the [Unit] section?

A.Requires=network-online.target
B.Wants=network-online.target
C.BindsTo=network-online.target
D.After=network-online.target
AnswerD

Correct. The After directive ensures the service starts after the specified target is reached.

Why this answer

The 'After=' directive in the [Unit] section of a systemd unit file specifies the ordering relationship, ensuring that the current service starts only after the named unit (network-online.target) has reached the 'active' state. This is the correct directive for controlling startup order without creating a dependency that would force the target to start if it is not already enabled.

Exam trap

The trap here is that candidates confuse ordering directives ('After=', 'Before=') with dependency directives ('Requires=', 'Wants=', 'BindsTo='), assuming that 'Requires=' or 'Wants=' also imply ordering, which they do not without an explicit 'After='.

How to eliminate wrong answers

Option A is wrong because 'Requires=' creates a hard dependency that will cause the service to fail if network-online.target is not started, but it does not enforce ordering; the service could start before the target unless 'After=' is also used. Option B is wrong because 'Wants=' creates a soft dependency that attempts to start network-online.target but does not enforce ordering; the service may start before the target completes. Option C is wrong because 'BindsTo=' creates a stronger dependency than 'Requires=' where the service will stop if network-online.target stops, and it also does not imply ordering; it is used for tightly coupled services, not for simple startup sequencing.

880
MCQeasy

An administrator wants to find all files larger than 100MB in the /var directory. Which command should be used?

A.find /var -size +100kb
B.find /var -type f -size +100M
C.ls -l /var | grep 100M
D.du -sh /var/* | grep M
AnswerB

This command finds files larger than 100MB.

Why this answer

The find command with -size +100M correctly locates files larger than 100MB.

881
MCQmedium

A system is experiencing high memory usage. The administrator wants to see a brief summary of memory usage in human-readable format, including buffers and cache. Which command is most appropriate?

A.free -h
B.iostat -m
C.cat /proc/meminfo
D.vmstat -s
AnswerA

Correct: free -h shows memory usage with buffers and cache.

Why this answer

free -h displays memory usage in human-readable format, including buffers and cache.

882
MCQhard

A user reports that their home directory is missing after a system reboot. The /home partition is listed in /etc/fstab with an incorrect UUID. What is the most likely outcome?

A.The system will boot normally and mount /home using the device name
B.The system will prompt the user to enter the correct UUID
C.The system will boot but fail to mount /home
D.The system will fail to boot entirely
AnswerD

Incorrect root UUID would cause boot failure; for /home, boot continues.

Why this answer

When /etc/fstab contains an incorrect UUID for the /home partition, the systemd-based boot process (or traditional init) will attempt to mount the partition using that UUID. If the UUID does not match any block device, the mount fails. Because /home is not listed with the 'nofail' option in fstab, the boot process treats this as a critical failure and drops into an emergency shell or fails to complete boot, preventing normal login.

Option D is correct because an incorrect UUID for a required filesystem causes a boot failure, not a partial mount or a prompt.

Exam trap

CompTIA often tests the misconception that a missing or incorrect UUID only affects the specific mount point, leading candidates to choose 'boot but fail to mount /home' (Option C), when in fact the default behavior is to halt the boot process entirely for required filesystems.

How to eliminate wrong answers

Option A is wrong because the system does not fall back to mounting by device name; fstab entries with UUID= take precedence, and if the UUID is invalid, the mount fails outright. Option B is wrong because Linux does not prompt for a UUID during boot; the boot process either succeeds or fails based on fstab, with no interactive correction mechanism. Option C is wrong because while the system may boot partially, the missing /home mount is considered a critical failure (unless 'nofail' is set), causing the boot to halt or drop to emergency mode, not simply continue without mounting.

883
MCQeasy

A bash script uses a for loop to iterate over files in a directory. Which of the following correctly assigns each filename to the variable FILE?

A.for FILE in $(ls *.txt); do
B.for FILE in *.txt; do
C.for FILE in 'ls *.txt'; do
D.for FILE = *.txt; do
AnswerB

Uses glob expansion correctly, handling all filenames safely.

Why this answer

Option B is correct because the shell expands the wildcard pattern `*.txt` into a list of matching filenames before the `for` loop executes, and each filename is assigned to the variable `FILE` in turn. This approach is safe and efficient because it avoids parsing the output of `ls`, which can break with filenames containing spaces or special characters.

Exam trap

The trap here is that candidates often choose `$(ls *.txt)` (Option A) because they think they need to explicitly list files with `ls`, not realizing that the shell's built-in globbing is safer and more efficient, and that `ls` output parsing is fragile.

How to eliminate wrong answers

Option A is wrong because `$(ls *.txt)` uses command substitution to run `ls`, which parses its output and can break on filenames with spaces, newlines, or glob characters; it also forks an unnecessary subshell. Option C is wrong because `'ls *.txt'` is a literal string (single quotes prevent expansion), so the loop would iterate over the single string `ls *.txt` instead of actual filenames. Option D is wrong because the syntax `for FILE = *.txt` uses an equals sign instead of the required `in` keyword, which is a syntax error in bash.

884
MCQhard

A company is implementing a security policy that requires all files created in a shared directory /data to be owned by the group 'engineers' and have group read/write permissions, regardless of the user's umask. Which approach should be used?

A.Set the setgid bit only on /data
B.Set the sticky bit on /data
C.Configure ACL default permissions only on /data
D.Set the setgid bit and configure ACL default permissions on /data
AnswerD

Setgid forces group inheritance, and ACL defaults set the desired permissions on new files.

Why this answer

Setting the setgid bit on /data ensures that new files inherit the group ownership of the directory (engineers), but it does not override the user's umask for permissions. Configuring ACL default permissions on /data explicitly sets the group read/write permissions for new files, overriding the umask. Together, they guarantee both correct group ownership and group rw permissions regardless of the user's umask.

Exam trap

The trap here is that candidates often assume the setgid bit alone is sufficient for both ownership and permissions, overlooking that it does not override the umask for permission bits.

How to eliminate wrong answers

Option A is wrong because the setgid bit alone only forces group ownership inheritance; it does not control the permissions applied to new files, which are still subject to the user's umask. Option B is wrong because the sticky bit restricts file deletion to owners or root; it does not affect ownership or permissions of new files. Option C is wrong because ACL default permissions alone set the permissions for new files but do not enforce group ownership inheritance; without the setgid bit, new files may be owned by the user's primary group, not 'engineers'.

885
MCQhard

A system administrator is troubleshooting a service that fails to start at boot. The system uses systemd. Which of the following commands would the administrator use to check the service's status and view its recent log entries?

A.journalctl -u service -n 50 && systemctl is-active service
B.systemctl status service && journalctl -n 50
C.systemctl list-units --state=failed && journalctl -p err
D.systemctl is-active service && journalctl -n 50
AnswerB

Correct: status shows service state and recent logs; journalctl -n 50 shows last 50 lines.

Why this answer

systemctl status service shows current status, and journalctl -u service -n 50 shows the last 50 log lines for that unit. Option A uses systemctl is-active which only reports active/inactive. Option B uses journalctl without -u, showing all logs.

Option D uses systemctl list-units which lists all units without filtering.

886
MCQeasy

A Linux server with the IP address 192.168.1.100 is unable to communicate with other hosts on the same subnet 192.168.1.0/24. The administrator can ping the loopback address, but pinging 192.168.1.1 (the default gateway) fails. The output of `ip a` shows the eth0 interface has the correct IP and netmask. Which troubleshooting step should be performed next?

A.Check the ARP cache with arp -a.
B.Replace the network cable.
C.Restart the network service.
D.Check the routing table with ip route.
AnswerD

The routing table will show if a default gateway is configured; missing gateway causes failure to reach local gateway.

Why this answer

Since the server has the correct IP and netmask on eth0 but cannot ping the default gateway (192.168.1.1), the issue likely lies in the routing configuration. The `ip route` command displays the kernel routing table, including the default gateway entry; if the default route is missing or incorrect, traffic cannot reach the gateway. Checking the routing table is the logical next step before assuming physical or ARP-level problems.

Exam trap

CompTIA often tests the misconception that a correct IP and netmask guarantee connectivity, leading candidates to jump to ARP or physical-layer checks, when the real issue is a missing or incorrect default route in the routing table.

How to eliminate wrong answers

Option A is wrong because checking the ARP cache (`arp -a`) would only be useful if the server had a valid route to the gateway but the MAC address resolution failed; here, the ping fails entirely, indicating a routing or connectivity issue, not an ARP resolution problem. Option B is wrong because replacing the network cable is a physical-layer troubleshooting step that should be performed only after verifying that the interface is up and has a link (e.g., via `ip link` or `ethtool`); the question states the interface has the correct IP, suggesting the link is likely up. Option C is wrong because restarting the network service is a disruptive, shotgun approach that may temporarily reset configurations but does not diagnose the root cause; it should be reserved for cases where configuration changes have been made or the service is misbehaving, not as a first diagnostic step.

887
Multi-Selectmedium

An administrator wants to ensure that a web service starts after the database service has fully initialized. Which TWO methods can be used to achieve this ordering dependency in systemd?

Select 2 answers
A.Add Requires=db.service in the [Unit] section
B.Add After=db.service in the [Unit] section of web.service
C.Add BindsTo=db.service in the [Unit] section
D.Add Wants=db.service in the [Unit] section
E.Add PartOf=db.service in the [Unit] section
AnswersA, B

Makes db.service a required dependency; together with After, it ensures ordering.

Why this answer

Option A is correct because `Requires=db.service` in the `[Unit]` section declares a strong dependency: if `db.service` fails to start, `web.service` will not be started. Option B is correct because `After=db.service` in the `[Unit]` section of `web.service` ensures that `web.service` starts only after `db.service` has reached the 'active' state, enforcing the required ordering. Together, these two directives guarantee both dependency and sequencing.

Exam trap

The trap here is that candidates often pick only `After=` (option B) thinking it alone enforces the dependency, forgetting that `After=` only orders startup and does not prevent the web service from starting if the database fails — the exam expects the combination of `Requires=` and `After=` to fully satisfy the 'starts after and depends on' requirement.

888
MCQmedium

A process is consuming excessive CPU and needs to be terminated immediately. The PID is 1234. Which command will terminate the process with the most forceful signal?

A.kill -15 1234
B.kill -1 1234
C.kill -9 1234
D.kill -19 1234
AnswerC

Correct: SIGKILL immediately terminates.

Why this answer

kill -9 (SIGKILL) forcibly terminates the process. SIGTERM (15) is graceful; SIGHUP (1) reloads config; SIGSTOP (19) suspends.

889
Multi-Selectmedium

A system administrator needs to monitor real-time process information and system resource usage. Which two commands can be used for this purpose? (Choose two.)

Select 2 answers
A.kill
B.top
C.htop
D.jobs
E.ps aux
AnswersB, C

top shows real-time process list and resource usage.

Why this answer

top and htop are interactive process viewers that show real-time updates.

890
MCQmedium

An administrator needs to generate a self-signed certificate and private key for a web server. Which openssl command accomplishes this?

A.openssl genrsa -out key.pem 2048 && openssl req -new -x509 -key key.pem -out cert.pem -days 365
B.openssl req -new -key key.pem -out csr.pem
C.openssl ca -in csr.pem -out cert.pem
D.openssl x509 -req -in csr.pem -signkey key.pem -out cert.pem
AnswerA

Generates key and then self-signed cert.

Why this answer

Option A is correct because it first generates a 2048-bit RSA private key using `openssl genrsa`, then uses `openssl req -new -x509` to create a self-signed X.509 certificate directly from that key, bypassing the need for a Certificate Signing Request (CSR). The `-x509` flag tells OpenSSL to output a self-signed certificate instead of a CSR, and `-days 365` sets the validity period. This two-step process produces both the private key (`key.pem`) and the self-signed certificate (`cert.pem`) required for a web server.

Exam trap

The trap here is that candidates may confuse the `openssl req -new -x509` command with the CSR-only `openssl req -new` command, or think that a CSR is required for self-signed certificates, when in fact the `-x509` flag directly outputs a self-signed certificate without needing a separate CSR step.

How to eliminate wrong answers

Option B is wrong because `openssl req -new -key key.pem -out csr.pem` only generates a Certificate Signing Request (CSR), not a self-signed certificate; it requires a CA to sign the CSR to produce a certificate. Option C is wrong because `openssl ca -in csr.pem -out cert.pem` assumes a CA infrastructure is already set up and configured, and it signs an existing CSR using the CA's own key and certificate, which is not a self-signed certificate generation process. Option D is wrong because `openssl x509 -req -in csr.pem -signkey key.pem -out cert.pem` creates a self-signed certificate from a CSR, but it requires a CSR to already exist (generated by a separate command), making it a two-step process that is less direct than Option A; more importantly, it does not generate the private key, so it is incomplete for the stated requirement.

891
MCQeasy

Which command is used to display the current process hierarchy in a tree format?

A.pstree
B.lsproc
C.ps aux
D.top
AnswerA

pstree displays processes in a tree hierarchy.

Why this answer

ps aux shows all processes with details, but pstree shows them in a tree format, which is useful for visualizing parent-child relationships.

892
Multi-Selecthard

A Linux server is experiencing intermittent connectivity issues. The administrator reviews the system logs and finds the following messages: 'NETDEV WATCHDOG: eth0: transmit queue 0 timed out'. Which THREE actions are likely to resolve this issue? (Choose three.)

Select 3 answers
A.Disable NIC offloading features using 'ethtool -K eth0 tx off sg off'.
B.Update the network interface card (NIC) driver to the latest version.
C.Increase the transmit queue length using 'ifconfig eth0 txqueuelen 10000'.
D.Change the MTU on the interface to 9000.
E.Replace the NIC with a known good one.
AnswersA, B, E

Offloading can cause driver bugs; disabling it may stabilize the interface.

Why this answer

Option A is correct because the 'NETDEV WATCHDOG: eth0: transmit queue 0 timed out' error often indicates that the NIC's hardware offloading features (such as TCP segmentation offload, scatter-gather) are causing the driver to hang or fail to complete transmissions. Disabling these offloads with 'ethtool -K eth0 tx off sg off' forces the CPU to handle packet segmentation and reduces the load on the NIC, which can resolve the timeout.

Exam trap

The trap here is that candidates may confuse transmit queue timeout with a simple buffer exhaustion issue and incorrectly choose to increase the transmit queue length (option C), when the real cause is a driver or hardware fault that requires disabling offloads, updating the driver, or replacing the NIC.

893
MCQeasy

A user cannot write to a directory that has permissions 755. The user is not the owner but belongs to the group. Which command would allow the user to write?

A.chmod 770 /directory
B.chmod 755 /directory
C.chmod 777 /directory
D.chmod 700 /directory
AnswerA

770 adds write permission for the group, allowing the user to write.

Why this answer

The directory currently has permissions 755, meaning the owner has rwx (7), the group has r-x (5), and others have r-x (5). Since the user belongs to the group but is not the owner, they need group write permission. The chmod 770 command sets the group permission to rwx (7), granting the user write access while preserving owner and group ownership semantics.

Exam trap

The trap here is that candidates may choose chmod 777 thinking it is the only way to grant write access, overlooking that the user is already in the group and only group write permission is needed.

How to eliminate wrong answers

Option B is wrong because chmod 755 sets group permission to r-x (5), which does not include write permission, so the user still cannot write. Option C is wrong because chmod 777 grants write permission to everyone (owner, group, and others), which is overly permissive and violates the principle of least privilege; it would work but is not the minimal correct solution. Option D is wrong because chmod 700 sets group permission to --- (0), removing all group access, which would prevent the user from even reading or executing the directory.

894
MCQeasy

A security audit reveals that the /etc/shadow file has permissions 777. Which command should be used to correct this vulnerability?

A.chmod 660 /etc/shadow
B.chmod 600 /etc/shadow
C.chmod 644 /etc/shadow
D.chmod 640 /etc/shadow
AnswerB

Only root can read/write.

Why this answer

The /etc/shadow file stores hashed user passwords and must be readable only by root to prevent unauthorized access. Permissions 777 allow any user to read, write, and execute the file, which is a critical security vulnerability. The correct command is `chmod 600 /etc/shadow`, which sets read and write permissions for the owner (root) only, denying all access to group and others.

Exam trap

The trap here is that candidates often confuse the required permissions for /etc/shadow with those for /etc/passwd (which is 644), leading them to choose 644 or 640 instead of the more restrictive 600.

How to eliminate wrong answers

Option A is wrong because 660 grants read and write to both owner and group, which would allow members of the group (often 'shadow') to read password hashes, violating the principle of least privilege. Option C is wrong because 644 grants read access to everyone, exposing password hashes to all users on the system. Option D is wrong because 640 grants read access to the group, which is still too permissive for a file containing sensitive password data.

895
MCQhard

An administrator needs to ensure that /var/log/secure is only readable by members of the 'adm' group and is not accessible by any other user. Additionally, new files created in /var/log should inherit the group ownership 'adm'. Which set of commands achieves this?

A.setfacl -m u::rwx,g::rwx,o::--- /var/log/secure; chmod g+s /var/log
B.chgrp adm /var/log; chmod g+s /var/log; setfacl -m g:adm:rx /var/log/secure
C.chown :adm /var/log/secure; chmod 640 /var/log/secure
D.usermod -aG adm $(whoami); chmod 640 /var/log/secure
AnswerB

Sets group ownership, sgid on directory, and ACLs to make /var/log/secure readable by adm group only.

Why this answer

Option B correctly sets the group ownership of /var/log to 'adm' with `chgrp adm /var/log`, enables the setgid bit on the directory with `chmod g+s /var/log` so new files inherit the 'adm' group, and uses `setfacl -m g:adm:rx /var/log/secure` to grant only the 'adm' group read and execute access to the secure log file, while removing permissions for others via the default ACL mask.

Exam trap

CompTIA often tests the distinction between setting group ownership on a file versus a directory, and the requirement to use the setgid bit for inheritance, which candidates frequently overlook by only changing permissions on the file itself.

How to eliminate wrong answers

Option A is wrong because `setfacl -m u::rwx,g::rwx,o::---` sets permissions for the file owner and group owner (not the 'adm' group) and does not change group ownership or set the setgid bit on the directory; it also grants execute to the group, which is unnecessary for a log file. Option C is wrong because `chown :adm /var/log/secure` changes only the group of the file, but `chmod 640` gives read to the owner and group, and does not restrict access exclusively to the 'adm' group (the file's group is 'adm', but other users have no access, which is correct for the file, but it fails to ensure new files in /var/log inherit the 'adm' group because it does not set the setgid bit on /var/log). Option D is wrong because `usermod -aG adm $(whoami)` adds the current user to the 'adm' group but does not change the group ownership of /var/log/secure or /var/log, and `chmod 640` does not enforce inheritance for new files; it also does not restrict access to only the 'adm' group if the file's group is not 'adm'.

896
MCQeasy

Which log file typically records authentication failures and successes on a Debian-based system?

A./var/log/auth.log
B./var/log/messages
C./var/log/syslog
D./var/log/secure
AnswerA

Records authentication logs on Debian.

Why this answer

On Debian/Ubuntu, /var/log/auth.log records authentication events. On RHEL/CentOS, it's /var/log/secure.

897
Multi-Selectmedium

An Ansible playbook is being written to manage web servers. Which TWO modules can be used to ensure a package is installed? (Select TWO.)

Select 2 answers
A.copy
B.service
C.apt
D.yum
E.template
AnswersC, D

Correct. Manages packages on Debian/Ubuntu.

Why this answer

The apt module is for Debian-based systems, and yum is for Red Hat-based systems. Both manage packages.

898
MCQeasy

Which command displays the current SELinux mode?

A.selinuxenabled
B.getsebool -a
C.chcon
D.sestatus
AnswerD

sestatus shows SELinux status including mode.

Why this answer

getenforce returns Enforcing, Permissive, or Disabled.

899
MCQeasy

A junior administrator is tasked with setting up a file server using NFS on a Linux server. The /etc/exports file currently contains: /srv/nfs *(rw,sync,no_subtree_check). The administrator wants to restrict access to only the 192.168.10.0/24 network and require clients to use a privileged port (less than 1024) for added security. Additionally, the administrator wants to prevent root users on the client from having root access to the NFS share. Which exports configuration meets these requirements?

A./srv/nfs 192.168.10.0/24(rw,sync,no_subtree_check,no_all_squash)
B./srv/nfs 192.168.10.0/24(rw,sync,no_subtree_check,insecure,root_squash)
C./srv/nfs 192.168.10.0/24(rw,sync,no_subtree_check,secure,root_squash)
D./srv/nfs 192.168.10.0/24(rw,sync,no_subtree_check,secure,no_root_squash)
AnswerC

secure restricts to privileged ports, root_squash maps root to nobody.

Why this answer

Option C is correct because it restricts access to the 192.168.10.0/24 network, uses the 'secure' option to require client connections from a privileged port (less than 1024), and applies 'root_squash' to map root users on the client to the anonymous 'nobody' user, preventing root-level access to the NFS share.

Exam trap

The trap here is that candidates often confuse 'secure' with 'insecure' — the 'secure' option requires privileged ports, while 'insecure' allows any port, and many mistakenly think 'insecure' is needed for security or that 'no_root_squash' is the default safe behavior.

How to eliminate wrong answers

Option A is wrong because 'no_all_squash' does not prevent root access; it actually preserves the UID mapping, including root, which is the opposite of what is required. Option B is wrong because 'insecure' allows clients to connect from non-privileged ports (1024 or higher), violating the requirement to use a privileged port. Option D is wrong because 'no_root_squash' allows root users on the client to retain root access to the share, directly contradicting the requirement to prevent that.

900
MCQmedium

Which command will display the disk usage of each directory in the current directory, in human-readable format?

A.du -h
B.fdisk -l
C.ls -lh
D.df -h
AnswerA

Correct: du -h displays disk usage for directories in human-readable format.

Why this answer

The `du -h` command displays disk usage for each directory in the current directory, with the `-h` flag converting sizes into human-readable formats (e.g., K, M, G). This is the correct tool for per-directory disk usage reporting.

Exam trap

The trap here is that candidates confuse `df -h` (filesystem-level usage) with `du -h` (directory-level usage), often picking `df -h` because it also shows human-readable output.

How to eliminate wrong answers

Option B is wrong because `fdisk -l` lists partition tables on block devices, not directory-level disk usage. Option C is wrong because `ls -lh` lists file and directory names with sizes, but it does not compute recursive disk usage for directories. Option D is wrong because `df -h` shows filesystem-level free and used space, not per-directory usage.

Page 11

Page 12 of 14

Page 13
CompTIA Linux+ XK0-005 XK0-005 Questions 826–900 | Page 12/14 | Courseiva