CompTIA Linux+ XK0-005 (XK0-005) — Questions 976981

981 questions total · 14pages · All types, answers revealed

Page 13

Page 14 of 14

976
Multi-Selectmedium

A Linux engineer needs to restrict resource usage for users in the 'developers' group. Which TWO files or commands can be used to set ulimit values?

Select 2 answers
A.sysctl command
B./etc/security/limits.conf
C./etc/pam.d/login with pam_limits.so
D./etc/ulimit.conf
E.ulimit command
AnswersB, E

This file specifies limits for users and groups.

Why this answer

Option B is correct because /etc/security/limits.conf is the standard configuration file used by the pam_limits.so PAM module to set per-user or per-group resource limits (ulimits) such as max number of open files, max processes, etc. This file allows system administrators to define hard and soft limits persistently across logins for users or groups, including the 'developers' group.

Exam trap

The trap here is that candidates often confuse the configuration file (/etc/security/limits.conf) with the PAM module file (/etc/pam.d/login) or think the ulimit command alone can set persistent limits for a group, when in fact ulimit only affects the current shell session and is not persistent across logins for all group members.

977
MCQmedium

Refer to the exhibit. A web application running under Apache cannot write to /var/log/app.log. The file has permissions 664 and is owned by apache. What is the correct action to allow writes while maintaining SELinux policies?

A.Change the ownership to root.
B.Change the SELinux context of the file to httpd_log_t.
C.Set the httpd_can_network_connect boolean.
D.Disable SELinux for the httpd daemon.
AnswerB

Allows httpd_t to write to that file type.

Why this answer

The file /var/log/app.log has permissions 664 and is owned by apache, so the web server should be able to write to it. However, SELinux is blocking the write because the file's SELinux context does not match the type expected for files that Apache (httpd) is allowed to write to. Changing the SELinux context to httpd_log_t tells SELinux that this file is a log file that httpd can write to, which resolves the denial while keeping SELinux enforcing.

Exam trap

The trap here is that candidates see the file is owned by apache with 664 permissions and assume the issue is file ownership or permissions, overlooking that SELinux enforces its own access controls independent of standard Linux permissions.

How to eliminate wrong answers

Option A is wrong because changing ownership to root would actually prevent the apache user from writing to the file (since root owns it and the file has 664 permissions, the apache user is in the 'others' category and can only read). Option C is wrong because the httpd_can_network_connect boolean controls whether httpd can initiate outbound network connections, not file write permissions. Option D is wrong because disabling SELinux for the httpd daemon would weaken security unnecessarily; the correct approach is to apply the proper SELinux file context rather than bypassing the policy entirely.

978
MCQmedium

A system administrator needs to monitor file access attempts to /etc/shadow using auditd. Which auditctl command sets up the watch?

A.auditctl -a always,exit -F path=/etc/shadow -F perm=wa -k shadow_watch
B.auditctl -W /etc/shadow -p rwxa -k shadow_watch
C.auditctl -w /etc/shadow -k shadow_watch
D.auditctl -w /etc/shadow -p wa -k shadow_watch
AnswerD

Correct use of -w to watch file with write and attribute permissions.

Why this answer

The correct syntax is 'auditctl -w /etc/shadow -p wa -k shadow_watch'. The -w specifies the file, -p wa watches for write and attribute changes (access is implied), but the -k is for a key. The other options have incorrect flags or order.

979
MCQmedium

A system administrator wants to limit the CPU and memory usage of a specific service to prevent it from affecting other processes. Which Linux feature should be used?

A.ulimit
B.renice
C.cgroups
D.nice
AnswerC

cgroups can limit CPU, memory, I/O for process groups.

Why this answer

C is correct because cgroups (control groups) is the Linux kernel feature designed to limit, account for, and isolate resource usage (CPU, memory, disk I/O, etc.) of process groups. Unlike simple priority adjustments, cgroups enforce hard limits on resource consumption, making them ideal for preventing a specific service from starving other processes.

Exam trap

The trap here is that candidates confuse process priority tools (nice/renice) with resource limiting tools, not realizing that nice only affects CPU scheduling order, not hard caps on CPU or memory usage.

How to eliminate wrong answers

Option A is wrong because ulimit sets per-process resource limits (e.g., file size, number of open files) for a user session, not for a service as a whole, and it cannot limit CPU usage as a percentage or memory usage in a hierarchical manner. Option B is wrong because renice adjusts the scheduling priority (nice value) of a running process, which affects CPU time allocation but does not impose hard limits on CPU or memory usage. Option D is wrong because nice sets the initial scheduling priority of a process, influencing how the kernel allocates CPU time, but it cannot limit memory usage or enforce absolute resource caps.

980
MCQmedium

An administrator needs to add an ACL entry to a file that grants the user 'john' read and write permissions. The file currently has no ACLs. Which command should the administrator use?

A.chmod u+rw file
B.setfacl -x u:john file
C.setfacl -m u:john:rw file
D.getfacl -m u:john:rw file
AnswerC

Correctly adds or modifies ACL entry for user john with rw.

Why this answer

setfacl -m u:john:rw file adds or modifies an ACL for user john with read and write. Option B uses setfacl -x which removes an ACL. Option C uses chmod which does not handle ACLs.

Option D uses getfacl which displays ACLs.

981
Multi-Selecteasy

Which TWO of the following are valid methods for debugging a Bash script? (Choose TWO.)

Select 2 answers
A.Add 'set -r' to restrict shell
B.Run the script with 'bash -x script.sh'
C.Add 'set -x' at the start of the script
D.Run the script with 'bash -d script.sh'
E.Add 'set -n' to check syntax
AnswersB, C

Traces each command before execution.

Why this answer

Option B is correct because running 'bash -x script.sh' enables an execution trace that prints each command and its arguments to stderr before executing it, which is a standard debugging method for Bash scripts. Option C is correct because adding 'set -x' at the start of the script achieves the same trace output, but from within the script itself, allowing granular control over which sections are traced.

Exam trap

Cisco often tests the distinction between syntax checking ('set -n' or 'bash -n') and runtime tracing ('set -x' or 'bash -x'), and candidates may mistakenly choose 'set -n' as a debugging method because they confuse syntax validation with execution debugging.

Page 13

Page 14 of 14