CompTIA Linux+ XK0-005 (XK0-005) — Questions 526600

981 questions total · 14pages · All types, answers revealed

Page 7

Page 8 of 14

Page 9
526
MCQmedium

In a Bash script, a variable is assigned the output of a command using: result=$(ls -l). What is the purpose of the $() syntax?

A.It runs the command and assigns its output to the variable
B.It expands the variable result
C.It checks if the command exists
D.It runs the command in a subshell and discards output
AnswerA

Correct. Command substitution runs the command and returns its stdout.

Why this answer

The $() syntax is command substitution, which captures the output of a command and stores it in a variable.

527
MCQeasy

A systems administrator writes a Bash script named 'backup.sh' and wants it to run with the Bash shell. Which line should appear first in the script?

A.# This is a bash script
B.#!/bin/bash
C.#/bin/bash
D.#!/bin/sh
AnswerB

Correct shebang for Bash.

Why this answer

The shebang line `#!/bin/bash` is required as the first line to instruct the operating system to execute the script using the Bash shell interpreter located at `/bin/bash`. Without this line, the script may be run by a different shell (e.g., `/bin/sh`), leading to syntax or behavior differences. The shebang must start with `#!` followed by the absolute path to the interpreter.

Exam trap

CompTIA often tests the distinction between a shebang (`#!`) and a comment (`#`), and the trap here is that candidates may confuse `#!/bin/sh` as equivalent to `#!/bin/bash` or forget the exclamation mark entirely, leading them to choose option C or D.

How to eliminate wrong answers

Option A is wrong because `# This is a bash script` is a comment, not a shebang; the kernel ignores it and may fall back to the default shell, which is not guaranteed to be Bash. Option C is wrong because `#/bin/bash` lacks the exclamation mark (`!`), so it is treated as a regular comment and does not invoke the Bash interpreter. Option D is wrong because `#!/bin/sh` points to the POSIX shell, which may be Dash or another shell on many Linux distributions, not Bash; Bash-specific features (e.g., `[[ ]]`, arrays) would fail.

528
MCQeasy

A technician has just performed system maintenance and wants to verify that the server has been running continuously for the past 30 days. Which command should the technician use?

A.uptime
B.systemctl status rsyslog
C.ps aux
D.date
AnswerA

Displays the system uptime and load averages.

Why this answer

The `uptime` command displays how long the system has been running since the last boot, including the current time, number of logged-in users, and load averages. By checking the output, the technician can verify if the server has been running continuously for the past 30 days (e.g., 'up 30 days'). This directly answers the question without querying logs or processes.

Exam trap

The trap here is that candidates might confuse `uptime` with commands that show service status (`systemctl`) or process lists (`ps`), thinking they can infer system uptime indirectly, but only `uptime` provides the exact boot-to-present duration.

How to eliminate wrong answers

Option B is wrong because `systemctl status rsyslog` shows the status of the rsyslog service (logging daemon), not the system's uptime; it only indicates if the service is running, not how long the server has been up. Option C is wrong because `ps aux` lists all running processes with their CPU/memory usage and start times, but it does not provide a single, consolidated uptime value for the entire system. Option D is wrong because `date` simply prints the current system date and time, offering no historical information about how long the server has been running.

529
MCQmedium

A Linux administrator is troubleshooting login issues. Users can log in using SSH but not through the local console or graphical display manager. The /etc/pam.d/system-auth file was recently modified. Which PAM module is likely misconfigured?

A.pam_limits.so
B.pam_securetty.so
C.pam_deny.so
D.pam_unix.so
AnswerB

Controls which TTYs root may log in; if misconfigured, console login can be blocked.

Why this answer

The pam_securetty.so module restricts root login to terminals listed in /etc/securetty. If this file was misconfigured or the module is incorrectly set to 'required' for all users, local console and graphical display manager logins (which use virtual terminals like tty1) would be denied, while SSH (which uses pseudo-terminals like pts/0) would still succeed because pam_securetty.so typically does not apply to SSH sessions.

Exam trap

The trap here is that candidates confuse pam_securetty.so with pam_access.so or assume SSH is also blocked, but pam_securetty.so specifically targets local TTYs and does not affect SSH pseudo-terminals by default.

How to eliminate wrong answers

Option A is wrong because pam_limits.so enforces resource limits (e.g., ulimit) and does not control terminal-based login access; misconfiguring it would cause resource denial, not login failure at the console. Option C is wrong because pam_deny.so is a simple module that always returns failure; if it were misconfigured, it would block all authentication methods (including SSH), not selectively allow SSH. Option D is wrong because pam_unix.so handles traditional Unix password authentication and account management; a misconfiguration there would affect all login methods equally, not just local console and graphical display manager.

530
MCQmedium

A system administrator needs to update a configuration file on multiple servers using Ansible. The playbook must ensure the line 'MaxAuthTries 3' is present in /etc/ssh/sshd_config. Which Ansible module is most appropriate?

A.template
B.shell
C.copy
D.lineinfile
AnswerD

lineinfile is designed to manage lines in text files.

Why this answer

The lineinfile module ensures a specific line is present in a file, ideal for configuration management.

531
MCQmedium

An administrator needs to create a shell script that will be executed by a non-login shell. The script requires access to environment variables set in the user's profile. Which file should the script source to ensure these variables are available?

A.~/.bashrc
B./etc/profile
C.~/.profile
D.~/.bash_profile
AnswerA

Correct. The .bashrc file is executed for non-login interactive shells and often contains environment variables.

Why this answer

Option A is correct because ~/.bashrc is the file sourced by non-login interactive shells in Bash. When a script is executed by a non-login shell, it does not read ~/.bash_profile or ~/.profile; instead, it reads ~/.bashrc. By sourcing ~/.bashrc within the script, the administrator ensures that environment variables defined there (e.g., PATH, custom aliases) are available to the script.

Exam trap

The trap here is that candidates often confuse ~/.bash_profile and ~/.bashrc, assuming that any user-specific profile file is sourced by all shells, but the key distinction is that non-login shells only source ~/.bashrc, not the login-specific profile files.

How to eliminate wrong answers

Option B is wrong because /etc/profile is a system-wide profile file sourced only by login shells, not by non-login shells. Option C is wrong because ~/.profile is a login shell initialization file (used by Bourne-compatible shells) and is not read by non-login shells. Option D is wrong because ~/.bash_profile is also a login shell initialization file for Bash; non-login shells do not source it.

532
MCQhard

Refer to the exhibit. Alice is the owner of file.txt. Bob is a member of the staff group. What permissions does Bob have on file.txt?

A.Read only
B.Read and write
C.No access
D.Write only
AnswerA

The ACL entry 'user:bob:r--' gives read permission.

Why this answer

Bob is a member of the staff group, and the file.txt permissions are shown as -rw-r-----. The group permissions are r--, meaning members of the staff group (including Bob) have read-only access. The owner (Alice) has read and write, but group permissions do not include write, so Bob cannot modify the file.

Exam trap

CompTIA often tests the misconception that being a member of a group automatically grants the same permissions as the owner, but the trap here is that group permissions are independent and must be examined separately from owner permissions.

How to eliminate wrong answers

Option B is wrong because the group permissions are r--, not rw-, so Bob does not have write access. Option C is wrong because Bob has read access via the group permissions, so he does have access. Option D is wrong because the group permissions include read (r) but not write (w), so Bob cannot write only; he can read only.

533
MCQhard

Which command will show the environment variables for a specific process?

A.cat /proc/$PID/environ
B.set
C.printenv
D.env
AnswerA

Reading /proc/<pid>/environ displays the environment variables of that specific process.

Why this answer

The `/proc/[PID]/environ` file contains the environment variables that were set when the process was started. Reading this file with `cat` displays the exact environment of a specific process, which is not possible with shell built-ins or user-level commands that only show the current shell's environment.

Exam trap

CompTIA often tests the distinction between commands that show the current shell's environment (`set`, `printenv`, `env`) versus the `/proc` filesystem method that targets a specific process, leading candidates to pick a shell command instead of the process-specific file.

How to eliminate wrong answers

Option B is wrong because `set` displays all shell variables (including environment and local variables) for the current shell session, not for a specific process. Option C is wrong because `printenv` prints the environment variables of the current shell, not of an arbitrary process. Option D is wrong because `env` lists or modifies the environment of the current shell, and cannot target a specific process by PID.

534
Multi-Selecthard

A Linux server is not accepting SSH connections. The administrator wants to troubleshoot the issue. Which THREE actions should be taken?

Select 3 answers
A.Reboot the server
B.Check /etc/ssh/sshd_config for configuration errors
C.Check if sshd service is running (systemctl status sshd)
D.Reinstall the SSH package (apt reinstall openssh-server)
E.Check firewall rules (iptables -L or ufw status)
AnswersB, C, E

Correct: Misconfiguration can prevent connections.

Why this answer

B is correct because /etc/ssh/sshd_config is the primary configuration file for the OpenSSH server. Syntax errors, incorrect directives (e.g., PermitRootLogin no, Port 22 commented out), or misconfigured authentication settings can prevent SSH from accepting connections. Checking this file is a fundamental step in troubleshooting SSH issues.

Exam trap

CompTIA often tests the misconception that reinstalling a package or rebooting is a valid first troubleshooting step, when in reality, checking configuration files, service status, and firewall rules are the precise, targeted actions required.

535
MCQmedium

An administrator runs 'systemctl list-units' and sees that httpd.service is in a failed state. To quickly see the error message that caused the failure, which command should be used?

A.systemctl show httpd.service -p ExecMainStatus
B.journalctl -p err -u httpd.service
C.systemctl status httpd.service
D.systemd-analyze blame
AnswerC

systemctl status shows the unit status along with the last few log entries that led to the failure.

Why this answer

The `systemctl status httpd.service` command displays the current state of the service, including the most recent log entries from the journal that show the error messages causing the failure. This is the quickest way to see the failure reason without filtering or additional options, as it directly outputs the relevant error lines from the service's unit.

Exam trap

The trap here is that candidates often confuse `systemctl status` with `journalctl -u` or `systemctl show`, thinking they need a separate log-viewing command, but `systemctl status` already provides the most recent error output directly, making it the fastest diagnostic tool for a failed service.

How to eliminate wrong answers

Option A is wrong because `systemctl show httpd.service -p ExecMainStatus` only outputs the numeric exit code or signal of the main process (e.g., 0 for success, 1 for generic error), not the descriptive error message or log output that caused the failure. Option B is wrong because `journalctl -p err -u httpd.service` filters journal entries to only those with priority 'err' (error) for the httpd unit, which may miss critical failure messages logged at a different priority (e.g., 'crit' or 'alert') and requires an extra command compared to `systemctl status`. Option D is wrong because `systemd-analyze blame` shows the time each unit took to start during boot, not the error messages or failure reasons for a currently failed service.

536
MCQmedium

A script uses 'set -e' and then calls a function that returns a non-zero exit status. The script exits unexpectedly. Which of the following should be added to the function to prevent the script from exiting?

A.return 0 after the command
B.set +e inside the function
C.exit 0
D.trap '' ERR
AnswerB

Disables exit-on-error for the function, allowing non-zero exit codes without terminating.

Why this answer

The `set -e` directive causes the shell to exit immediately if any command returns a non-zero exit status. When a function called from such a script returns a non-zero status, the script exits. Adding `set +e` inside the function disables this behavior for the function's scope, allowing the function to handle errors internally without terminating the entire script.

Exam trap

The trap here is that candidates often think `return 0` or `exit 0` will override the non-zero exit status, but they fail to realize that `set -e` causes the script to exit immediately when the command fails, before any subsequent `return` or `exit` statement is executed.

How to eliminate wrong answers

Option A is wrong because `return 0` after the command would only succeed if the command itself does not cause an exit before the return statement; if the command fails and `set -e` is active, the script exits before reaching the `return 0`. Option C is wrong because `exit 0` would immediately terminate the script with a success code, which defeats the purpose of preventing an unexpected exit and does not allow the function to continue or return control to the caller. Option D is wrong because `trap '' ERR` prevents the ERR trap from running but does not disable the `set -e` behavior; the script will still exit on a non-zero exit status from any command.

537
Multi-Selecthard

An administrator is hardening a Linux server. Which three of the following actions reduce the attack surface? (Select THREE).

Select 3 answers
A.Setting default umask to 022
B.Disabling unnecessary services
C.Enabling USB mass storage kernel module
D.Using a host-based firewall
E.Enforcing strong password policies
AnswersB, D, E

Reduces potential entry points for attackers.

Why this answer

Disabling unnecessary services reduces the attack surface by eliminating potential entry points for attackers. Each running service exposes network ports, system resources, and code paths that could contain vulnerabilities. By stopping and masking services not required for the server's role (e.g., using systemctl disable and mask), the administrator minimizes the number of exploitable components.

Exam trap

CompTIA often tests the misconception that setting a restrictive umask or enabling USB storage is a hardening action, when in fact umask 022 is the default and permissive, and enabling USB storage expands the attack surface rather than reducing it.

538
MCQmedium

A database server is experiencing slow queries. The administrator wants to analyze system memory usage. Which command shows memory usage in megabytes and includes information about buffers and cache?

A.free -m
B.top -b
C.cat /proc/meminfo
D.vmstat
AnswerA

Correct: Displays memory in MB with buffers/cache.

Why this answer

The 'free -m' command displays system memory usage in megabytes, explicitly showing separate columns for buffers and cache, which are critical for diagnosing slow queries caused by memory pressure. This makes it the correct choice for the administrator's need to analyze memory usage with buffer/cache details in MB.

Exam trap

CompTIA often tests the distinction between commands that show memory in raw kernel units (like /proc/meminfo in kB) versus those that offer user-friendly output with specific columns (like free -m), leading candidates to choose /proc/meminfo for its detail while missing the explicit requirement for megabytes and buffer/cache breakdown.

How to eliminate wrong answers

Option B is wrong because 'top -b' runs top in batch mode, which shows real-time process-level memory and CPU usage but does not display memory in megabytes by default and lacks the dedicated buffers/cache breakdown that 'free -m' provides. Option C is wrong because 'cat /proc/meminfo' outputs raw memory statistics in kilobytes, not megabytes, and requires manual calculation to convert to MB, making it less convenient for the specified requirement. Option D is wrong because 'vmstat' reports virtual memory statistics including swap, I/O, and system events, but it does not show memory usage in megabytes and does not include explicit buffers and cache columns in its default output.

539
MCQhard

A Kubernetes pod has a container that fails with CrashLoopBackOff. The administrator runs 'kubectl logs pod-name' but sees no output. What is the most likely cause?

A.The container exited before writing to stdout, and logs need to be retrieved with 'kubectl logs --previous'.
B.The container has no logging driver configured.
C.The log file is rotated and deleted.
D.The pod is not scheduled on any node.
AnswerA

Correct: use --previous to see previous container logs.

Why this answer

When a container enters CrashLoopBackOff, it restarts repeatedly. If 'kubectl logs pod-name' shows no output, it means the current (restarted) container has not written anything to stdout yet. The previous instance of the container may have written logs before crashing, and those logs are accessible using 'kubectl logs --previous' to retrieve the output from the terminated container.

Exam trap

The trap here is that candidates assume 'no output' means logs are missing or misconfigured, when in fact the current container simply hasn't written anything yet, and the previous container's logs are still available via --previous.

How to eliminate wrong answers

Option B is wrong because Kubernetes does not require a separate logging driver configuration; it captures container stdout/stderr by default via the container runtime interface (CRI). Option C is wrong because log rotation and deletion would not cause an empty log output on a freshly restarted container; the current container simply hasn't produced logs yet. Option D is wrong because if the pod were not scheduled on any node, 'kubectl logs' would return an error like 'Error from server: pod is not scheduled', not an empty output.

540
MCQhard

In a bash script, a variable is set as follows: myvar='Hello World'. Which of the following correctly prints the first 5 characters of the variable?

A.echo ${myvar#?????}
B.echo ${myvar:0:5}
C.echo ${myvar:0-5}
D.echo ${myvar:5}
AnswerB

Correct. Extracts substring of length 5 from start.

Why this answer

Parameter expansion ${myvar:0:5} extracts a substring starting at position 0 of length 5. The other options are incorrect syntax.

541
MCQhard

A Docker container using port 8080 fails to start with the error 'port is already allocated'. Which command should the administrator use to identify the process using that port?

A.ss -tan
B.ss -tln
C.ss -tlnp
D.ss -r
AnswerC

Shows listening TCP ports with PID.

Why this answer

Option C is correct because the `ss -tlnp` command lists TCP listening sockets (`-l`) with numeric addresses (`-n`) and shows the process identifier (PID) and process name (`-p`) that owns each socket. This directly identifies which process has bound port 8080, allowing the administrator to resolve the 'port is already allocated' error.

Exam trap

The trap here is that candidates may choose `ss -tln` (option B) because it shows listening ports, but they forget the `-p` flag is required to identify the process, leading to incomplete troubleshooting.

How to eliminate wrong answers

Option A is wrong because `ss -tan` lists all TCP sockets (including non-listening ones) without showing process ownership, so it cannot identify the process using port 8080. Option B is wrong because `ss -tln` lists TCP listening sockets but omits the `-p` flag, so it does not display the PID or process name, leaving the process unidentified. Option D is wrong because `ss -r` attempts to resolve hostnames and is not a valid flag combination for socket statistics; it does not list sockets or processes.

542
MCQhard

Refer to the exhibit. A system administrator checks the status of the SSH service and sees the output shown. What is the most likely cause of the failure?

A.The SSH service is disabled and needs to be enabled.
B.The SSH service is masked and cannot start.
C.The SSH configuration file has a syntax error.
D.Another process is already listening on port 22.
AnswerD

The error 'Address already in use' indicates port 22 is occupied.

543
Multi-Selecthard

An administrator is debugging a Docker container that exits immediately after starting. Which THREE commands can help diagnose the issue? (Select THREE).

Select 3 answers
A.docker run --rm -it <image> sh
B.docker logs <container>
C.docker inspect <container>
D.docker exec -it <container> sh
E.docker ps
AnswersA, B, C

Starts a new container interactively with a shell to test manually.

Why this answer

docker logs shows the container's output; docker exec -it can run commands inside a running container (but if it exits, you may need to start it interactively); docker inspect shows low-level config and state; docker ps shows running containers, not helpful for exited ones.

544
MCQhard

An administrator needs to determine why a service failed to start due to an unresponsive network filesystem. Which systemd unit dependency directive should be added to ensure the service starts only after the remote filesystem is mounted?

A.Wants
B.After
C.BindsTo
D.Requires
AnswerD

Requires creates a strong dependency; the mount must be active for the service to start.

Why this answer

The Requires directive creates a strong dependency where the service unit will fail to start if the specified remote filesystem unit is not active. This ensures the service only starts after the remote filesystem is mounted, as systemd will attempt to start the required unit and fail the service if it cannot be activated.

Exam trap

The trap here is that candidates confuse ordering directives (After) with dependency directives (Requires), mistakenly thinking that ordering alone ensures the service will not start if the filesystem is unavailable.

How to eliminate wrong answers

Option A is wrong because Wants creates a weaker dependency: the service will start even if the remote filesystem fails to mount, which does not prevent the service from starting when the filesystem is unresponsive. Option B is wrong because After only orders the startup sequence but does not enforce a dependency; the service could still start before the filesystem is mounted if the filesystem unit fails. Option C is wrong because BindsTo creates a stronger lifecycle binding where the service stops if the filesystem unit stops, but it does not guarantee the service waits for the filesystem to be mounted before starting; it is typically used for shared mount points, not for ensuring startup order.

545
MCQeasy

A junior administrator needs to check the disk usage of the /var filesystem to ensure it does not exceed 80% capacity. Which command should be used?

A.df -h /var
B.fdisk -l /var
C.du -sh /var
D.lsblk /var
AnswerA

df -h shows filesystem disk space usage in human-readable format.

Why this answer

The `df -h /var` command displays disk usage for the `/var` filesystem in human-readable format (e.g., GB, MB). This is the correct tool to check filesystem capacity and usage percentage, which directly answers whether usage exceeds 80%.

Exam trap

The trap here is that candidates confuse `du` (directory usage) with `df` (filesystem usage), leading them to pick `du -sh /var` when they need to check overall filesystem capacity, not just the size of the directory contents.

How to eliminate wrong answers

Option B is wrong because `fdisk -l` lists partition tables on block devices, not filesystem usage; it cannot show capacity percentages for a mounted filesystem like `/var`. Option C is wrong because `du -sh /var` shows the total size of the `/var` directory tree, not the filesystem's total capacity or usage percentage; it is used for directory-level disk usage, not filesystem-level capacity checks. Option D is wrong because `lsblk` lists block devices (e.g., disks, partitions) and their mount points, but does not report filesystem usage or capacity percentages.

546
Multi-Selecthard

A developer is writing a shell script that needs to handle errors. Which THREE of the following are best practices for robust script error handling?

Select 3 answers
A.Ignore errors to simplify the script
B.Check the exit code of commands using $?
C.Use set +e to allow the script to continue on error
D.Use set -e to exit on any command failure
E.Use trap to catch signals and clean up
AnswersB, D, E

Allows conditional handling.

Why this answer

Option B is correct because checking the exit code of commands using `$?` allows the script to conditionally handle failures based on the specific return value of each command. This is a fundamental error-handling technique in shell scripting, as every command returns an exit code (0 for success, non-zero for failure), and inspecting `$?` immediately after a command lets the developer decide how to respond to that specific error.

Exam trap

CompTIA often tests the distinction between `set -e` and `set +e` and the proper use of `$?` versus relying solely on `set -e`, where candidates may incorrectly think that `set +e` is a best practice for error handling when it actually disables automatic exit on error.

547
MCQhard

A Linux administrator is troubleshooting a Bash script that unexpectedly terminates when a command fails. The script uses `#!/bin/bash`. Which of the following commands, if placed at the beginning of the script, would cause it to exit on any command failure?

A.set -u
B.trap 'exit 1' ERR
C.set -e
D.set -o pipefail
AnswerC

set -e exits the script on any command failure.

Why this answer

The `set -e` option makes the shell exit immediately if a command exits with a non-zero status.

548
MCQhard

A developer creates a hard link to a file and then deletes the original file. What happens to the hard link?

A.The hard link is broken and cannot be accessed.
B.The hard link still contains the data and is accessible.
C.The hard link is automatically converted to a copy of the file.
D.The hard link becomes a symbolic link.
AnswerB

Correct: The hard link still points to the same inode, so the data remains.

Why this answer

Hard links share the same inode; deleting the original file removes one link, but the data remains accessible via the hard link until all links are removed.

549
Multi-Selectmedium

A user is unable to resolve hostnames on a Linux system. Which three configuration files should be checked? (Select THREE).

Select 3 answers
A./etc/hosts
B./etc/nsswitch.conf
C./etc/resolv.conf
D./etc/hostname
E./etc/sysconfig/network
AnswersA, B, C

Static mapping of hostnames to IP addresses.

Why this answer

The /etc/hosts file is a static table mapping hostnames to IP addresses, used for local name resolution before or instead of DNS queries. If a user cannot resolve hostnames, this file may be misconfigured or missing entries for the target hostnames, causing resolution failures.

Exam trap

CompTIA often tests the misconception that /etc/hostname or /etc/sysconfig/network are involved in hostname resolution, when in fact they only affect the local system's identity, not the resolution of external hostnames.

550
MCQhard

A storage administrator needs to automate the expansion of an LVM volume group when free space drops below 10%. The script must add a new physical volume from a spare disk. Which of the following commands should be used in the script to add the new disk to the volume group?

A.pvcreate /dev/sdb1 && vgextend vg01 /dev/sdb1
B.vgcreate vg01 /dev/sdb
C.vgextend vg01 /dev/sdb1
D.lvresize -L +100G vg01
AnswerA

Initializes the partition as a PV and adds it to the VG.

Why this answer

Option A is correct because it first uses `pvcreate` to initialize the spare disk partition `/dev/sdb1` as a physical volume, which is a prerequisite for adding it to an LVM volume group. Then `vgextend vg01 /dev/sdb1` adds that initialized physical volume to the existing volume group `vg01`, expanding its total capacity. This two-step process ensures the disk is properly prepared for LVM management before being incorporated into the volume group.

Exam trap

The trap here is that candidates often think `vgextend` alone is sufficient, forgetting that LVM requires the device to be initialized as a physical volume with `pvcreate` before it can be added to a volume group.

How to eliminate wrong answers

Option B is wrong because `vgcreate` creates a new volume group, but the requirement is to add a disk to an existing volume group, not create a new one. Option C is wrong because `vgextend` alone will fail if `/dev/sdb1` has not been initialized as a physical volume with `pvcreate` first; LVM requires the device to be marked as a PV before it can be added to a VG. Option D is wrong because `lvresize` resizes a logical volume, not a volume group, and the task is to expand the volume group by adding a new physical volume, not to resize a logical volume.

551
MCQmedium

A system is running SELinux in enforcing mode. A custom application needs to write to /var/log/app.log. The log file shows the correct context, but access is denied. What is the most likely cause?

A.The file context is incorrect.
B.The application is running in an unconfined domain.
C.The SELinux boolean for the application is disabled.
D.SELinux is in permissive mode.
AnswerC

Many applications require a boolean to be enabled.

Why this answer

SELinux policy may not allow the application's domain to write to that file; audit2allow can generate a policy. But the question implies a boolean or context issue. However, typical cause is missing policy rule.

But among options, 'The application is running in an unconfined domain' is plausible but not best. Actually, the most common cause is that the file context is wrong. But given the file has correct context, the issue is likely a boolean or policy.

However, the best answer is 'A transition to the wrong domain'? I'll go with 'The SELinux boolean for the application is disabled'.

552
MCQeasy

A user cannot access a directory '/data/projects' even though they are in the 'projects' group. The directory permissions are 'drwxr-x---' and the group owner is 'projects'. Which command should the administrator run to grant the group write permission?

A.chmod g+w /data/projects
B.chmod o+w /data/projects
C.chmod u+w /data/projects
D.chown :projects /data/projects
AnswerA

Adds write permission for the group.

Why this answer

The directory '/data/projects' has permissions 'drwxr-x---', meaning the group owner 'projects' currently has read and execute (r-x) but not write (w) access. Since the user is a member of the 'projects' group, the administrator needs to add write permission for the group using 'chmod g+w /data/projects'. This directly modifies the group permission bits to grant write access without affecting other permissions.

Exam trap

CompTIA often tests the distinction between changing ownership (chown) and changing permissions (chmod), and candidates mistakenly think that setting the group owner again will grant write access, when in fact only chmod modifies the permission bits.

How to eliminate wrong answers

Option B is wrong because 'chmod o+w' adds write permission for 'others' (users not the owner and not in the group), which is unnecessary and would over-permit the directory, violating the principle of least privilege. Option C is wrong because 'chmod u+w' adds write permission for the user owner, not the group; the user owner is typically 'root' or another user, not the 'projects' group. Option D is wrong because 'chown :projects /data/projects' changes the group owner to 'projects', but the group already owns the directory, so this command does nothing to change permissions; it does not grant write access.

553
MCQhard

An administrator wants to list all files in the current directory that are larger than 1 MB. Which find command is correct?

A.find . -type f -size +1M
B.find . -type f -size 1M
C.find . -type f -size +1MB
D.find . -size +1M -type f
AnswerA, D

This correctly finds files larger than 1 megabyte.

Why this answer

find . -type f -size +1M finds files larger than 1 megabyte.

554
Multi-Selectmedium

A Linux administrator is troubleshooting a server that has become unresponsive. The administrator connects via IPMI and runs 'top' but the process list does not show any obvious CPU or memory hog. Which TWO commands could be used to identify I/O wait issues or disk bottlenecks? (Choose TWO.)

Select 2 answers
A.iostat -x 1
B.iotop -o
C.vmstat 1
D.sar -b 1
E.dstat --disk-util
AnswersA, B

iostat -x shows extended I/O statistics per device.

Why this answer

`iostat -x 1` provides extended disk I/O statistics, including `%util` (percentage of time the device was busy servicing requests) and `await` (average time for I/O operations). These metrics directly indicate disk bottlenecks and I/O wait issues. `iotop -o` displays only processes that are currently performing I/O operations, allowing the administrator to identify which specific processes are causing disk contention.

Exam trap

The trap here is that candidates often choose `vmstat 1` because it shows the `wa` column, but they overlook that it does not provide per-disk or per-process granularity needed to identify the specific source of I/O wait.

555
MCQhard

A sysadmin needs to set a default gateway for a network interface. Which command(s) accomplish this?

A.netstat -rn
B.route add default gw 192.168.1.1
C.ip route add default via 192.168.1.1
D.Both A and B
AnswerD

Both route and ip can be used to add a default gateway.

Why this answer

Option D is correct because both `route add default gw 192.168.1.1` (option B) and `ip route add default via 192.168.1.1` (option C) can set a default gateway on Linux. The `route` command is legacy but still functional, while `ip route` is the modern net-tools replacement. Option A (`netstat -rn`) only displays the routing table and does not add a gateway, so it alone cannot accomplish the task.

Exam trap

The trap here is that candidates may think only the modern `ip route` command works, forgetting that the legacy `route` command is still accepted on many Linux distributions, or they may mistakenly believe `netstat -rn` can set a route because it displays routing information.

How to eliminate wrong answers

Option A is wrong because `netstat -rn` is a read-only command that displays the kernel routing table; it does not modify or set a default gateway. Option B is wrong because `route add default gw 192.168.1.1` is a valid legacy command that does set a default gateway, so it is not incorrect. Option C is wrong because `ip route add default via 192.168.1.1` is also a valid modern command that sets a default gateway, so it is not incorrect.

The question asks which command(s) accomplish the task, and both B and C work, making D the correct answer.

556
MCQmedium

A DevOps engineer wants to run a Docker container with a bind mount to make a host directory /data available at /mnt/data inside the container. Which command is correct?

A.docker run -v /data:/mnt/data:bind ubuntu
B.docker run -v /data:/mnt/data ubuntu
C.docker run --mount type=bind,source=/data,target=/mnt/data ubuntu
D.docker run --mount type=volume,source=/data,target=/mnt/data ubuntu
AnswerC

Correct. The --mount syntax explicitly defines a bind mount.

Why this answer

Option C is correct because the `--mount` flag with `type=bind` explicitly creates a bind mount, mapping the host directory `/data` to the container path `/mnt/data`. This syntax is more explicit and less error-prone than the older `-v` flag, especially when dealing with bind mounts on directories that do not exist yet or when additional mount options are needed.

Exam trap

The trap here is that candidates often assume the `-v` flag always creates a bind mount, but Docker's `-v` syntax can create either a bind mount or a volume depending on whether the source is an absolute path (bind) or a name (volume), and the `--mount` flag with explicit `type=bind` is the unambiguous, recommended method for bind mounts.

How to eliminate wrong answers

Option A is wrong because the `:bind` suffix is not a valid mount option in the `-v` syntax; the `-v` flag uses a colon-separated list of host-path:container-path[:options], and while `:ro` or `:z` are valid, `:bind` is not recognized. Option B is wrong because while `-v /data:/mnt/data` does create a bind mount by default when the source is an absolute path, it is ambiguous and can be confused with a volume mount; the `--mount` syntax is the recommended modern approach for clarity. Option D is wrong because `type=volume` creates a named Docker volume, not a bind mount; using `source=/data` with a volume type would treat `/data` as a volume name rather than a host directory path, which is not what the question asks.

557
Multi-Selectmedium

Which THREE methods are valid for setting the default systemd target (runlevel) to multi-user mode? (Choose three.)

Select 3 answers
A.Run telinit 3
B.systemctl set-default multi-user.target
C.Create a symlink /etc/systemd/system/default.target -> /lib/systemd/system/multi-user.target
D.Edit /etc/inittab
E.Modify /etc/systemd/system/default.target
AnswersB, C, E

This is the standard command to set default target.

Why this answer

Option B is correct because `systemctl set-default multi-user.target` is the standard systemd command to permanently change the default boot target to multi-user mode (runlevel 3). This command updates the symlink at `/etc/systemd/system/default.target` to point to `/lib/systemd/system/multi-user.target`, ensuring the system boots into a non-graphical, multi-user state.

Exam trap

The trap here is that candidates confuse runtime runlevel changes (via `telinit` or `init`) with persistent default target changes, or they mistakenly think editing `/etc/inittab` still works on modern systemd-based systems.

558
MCQhard

After a kernel update, loading a proprietary kernel module fails with 'Invalid module format'. The module was built from source against the previous kernel. What is the most likely cause?

A.Module is not signed while Secure Boot is enabled
B.Module file permissions are incorrect
C.SELinux is blocking the module load
D.Module was not rebuilt for the new kernel version
AnswerD

Kernel modules are tied to a specific kernel version; they must be recompiled after a kernel update.

Why this answer

The 'Invalid module format' error occurs when a kernel module's version magic string does not match the running kernel's version. Since the module was built against the previous kernel, it contains version information for that older kernel, and the new kernel rejects it as incompatible. Rebuilding the module against the new kernel's headers resolves this mismatch.

Exam trap

The trap here is that candidates confuse the 'Invalid module format' error with Secure Boot signing issues, but Secure Boot produces a different error message related to key verification, not format mismatch.

How to eliminate wrong answers

Option A is wrong because Secure Boot with unsigned modules typically produces a 'Required key not available' or 'Module verification failed' error, not 'Invalid module format'. Option B is wrong because incorrect file permissions would cause a 'Permission denied' error when trying to insmod, not a format error. Option C is wrong because SELinux denials generate AVC denial messages in the audit log and would prevent loading due to policy restrictions, not an 'Invalid module format' error.

559
MCQmedium

A Linux administrator notices that the system’s disk I/O performance has degraded significantly. Running 'iostat -x 1' shows high %util values on /dev/sda, but low await. Which of the following is the most likely issue?

A.The filesystem is nearly full.
B.The disk cable is loose or faulty.
C.There are many concurrent I/O requests (high queue depth).
D.The disk is failing and needs replacement.
AnswerC

Parallel I/O keeps the device busy (%util high) but each request is serviced quickly (low await).

Why this answer

High %util with low await indicates that the device is busy processing many concurrent I/O requests, but each request completes quickly. This is characteristic of a high queue depth where the disk is saturated with parallel requests, not that individual requests are slow. The low await confirms that the disk itself is responding fast, so the bottleneck is the volume of simultaneous I/O, not latency per request.

Exam trap

CompTIA often tests the misconception that high %util always means slow I/O, but the trap here is that %util measures busy time, not latency; candidates overlook the low await and incorrectly assume hardware failure or cable issues.

How to eliminate wrong answers

Option A is wrong because a nearly full filesystem affects metadata operations and may cause fragmentation, but it does not directly cause high %util with low await; it would more likely increase await due to slower allocation. Option B is wrong because a loose or faulty disk cable typically causes intermittent errors, timeouts, or complete disconnection, which would manifest as high await and possibly errors in iostat, not high %util with low await. Option D is wrong because a failing disk usually produces high await, increased error counts, and reallocated sectors, not a scenario where requests complete quickly (low await) while the device is busy.

560
MCQhard

A security policy requires that user passwords must expire after 90 days. The output in the exhibit shows the current configuration for the root user. Which command should the administrator run to enforce the policy for root?

A.sudo passwd -x 90 root
B.sudo chage -M 90 root
C.sudo chage -E 90 root
D.sudo usermod -e 90 root
AnswerB

Sets the maximum number of days a password remains valid.

Why this answer

The `chage -M 90 root` command sets the maximum number of days a password is valid for the root user to 90 days, which directly enforces the password expiration policy. The `-M` option modifies the `max_days` field in `/etc/shadow`, causing the password to expire after the specified period. This is the correct method to apply aging rules to the root account.

Exam trap

The trap here is that candidates confuse the `chage -M` (maximum password age) with `chage -E` (account expiration) or `usermod -e` (account expiration), leading them to select options that set account expiry instead of password expiry, which does not enforce the 90-day password change requirement.

How to eliminate wrong answers

Option A is wrong because `passwd -x 90 root` is not a valid syntax; the `passwd` command uses `-x` to set maximum password days but requires the option before the username (e.g., `passwd -x 90 root`), and even then it only works if the user is not root or if run as root without `sudo`; however, the primary issue is that the question asks for the command to enforce the policy, and `chage` is the standard tool for password aging policies. Option C is wrong because `chage -E 90 root` sets the account expiration date to a specific date (interpreted as days since epoch or a date string), not the password maximum age; `-E` controls account expiry, not password expiry. Option D is wrong because `usermod -e 90 root` sets the account expiration date (in YYYY-MM-DD format or days since epoch), not the password maximum age; `-e` is for account expiry, while `-f` or `-L` would be unrelated, and password aging is managed via `chage` or `passwd`.

561
MCQmedium

A user on a workstation with IP 192.168.1.100 reports being unable to SSH to the server with IP 10.0.0.5. Based on the exhibit, what is the most likely cause?

A.The default INPUT policy is DROP and there is no SSH rule.
B.The SSH rule appears after a LOG rule, causing it to be unreachable.
C.The SSH rule only accepts connections from the 10.0.0.0/8 subnet.
D.The SSH port is not allowed in any rule.
AnswerC

The fifth line shows SSH accepted only from source 10.0.0.0/8; the user's IP is not in that range.

Why this answer

The exhibit shows an iptables ruleset where the SSH rule (port 22) explicitly matches the source address 10.0.0.0/8. The workstation has IP 192.168.1.100, which does not fall within the 10.0.0.0/8 range, so the SSH rule will not match. Since no other rule allows SSH, the packet will be evaluated against the default INPUT policy, which is ACCEPT (not shown as DROP), but the SSH rule itself restricts the source, making it unreachable for this client.

Exam trap

The trap here is that candidates assume any rule with 'ACCEPT' for SSH is sufficient, overlooking the source address restriction, and they may also mistakenly think a LOG rule blocks subsequent rules, when in fact LOG is non-terminating.

How to eliminate wrong answers

Option A is wrong because the default INPUT policy is ACCEPT (as indicated by the policy ACCEPT line in the exhibit), not DROP, so packets not matching any rule would be accepted by default. Option B is wrong because iptables processes rules sequentially; a LOG rule does not terminate the chain (it is a non-terminating target), so subsequent rules, including the SSH rule, are still reachable. Option D is wrong because the SSH port (22) is explicitly allowed in the rule that matches source 10.0.0.0/8; the issue is the source restriction, not the port being absent.

562
Multi-Selecthard

A system administrator is investigating a slow website. The web server is responding but pages load slowly. Which THREE commands can help identify network latency or packet loss?

Select 3 answers
A.dig example.com
B.mtr example.com
C.ping -c 10 example.com
D.ss -tlnp
E.traceroute example.com
AnswersB, C, E

mtr shows per-hop loss and latency.

Why this answer

B is correct because `mtr` (My TraceRoute) combines the functionality of `ping` and `traceroute` into a single diagnostic tool. It continuously sends ICMP packets to each hop along the path to the target, displaying per-hop latency and packet loss statistics in real time. This makes it ideal for identifying where network latency or packet loss is occurring between the server and the client, which directly addresses the symptom of a slow website.

Exam trap

Cisco often tests the distinction between `traceroute` (which shows a single snapshot of path latency) and `mtr` (which provides ongoing, aggregated statistics including packet loss per hop), leading candidates to overlook `mtr` as a superior tool for diagnosing intermittent or persistent network issues.

563
Multi-Selecteasy

An administrator is troubleshooting a server that is experiencing intermittent high load. The administrator wants to identify processes that are using excessive CPU. Which two of the following commands can provide real-time CPU usage per process? (Choose two.)

Select 2 answers
A.htop
B.top
C.iostat
D.ps -aux
E.vmstat
AnswersA, B

htop also provides real-time process monitoring.

Why this answer

A is correct because `htop` is an interactive process viewer that displays real-time CPU usage per process, with a color-coded interface and the ability to sort by CPU consumption. B is correct because `top` is the standard real-time system monitor that shows a dynamic list of processes and their current CPU utilization, updating every few seconds by default.

Exam trap

Cisco often tests the distinction between real-time monitoring commands and static snapshot commands; the trap here is that `ps -aux` shows CPU usage but only at the instant of execution, leading candidates to mistakenly think it provides real-time updates like `top` or `htop`.

564
MCQhard

A Linux administrator needs to ensure that only the root user can run commands in the /usr/local/bin/scripts directory. Which command should be used to set the appropriate permissions?

A.chmod 750 /usr/local/bin/scripts
B.chmod 700 /usr/local/bin/scripts
C.chmod 755 /usr/local/bin/scripts
D.chmod 770 /usr/local/bin/scripts
AnswerB

Owner (root) gets rwx; group and others have no access.

Why this answer

The requirement is that only the root user can run commands in the directory. Permission 700 (owner: rwx, group: ---, others: ---) grants full access exclusively to the owner (root), while denying all access to the group and others. This matches the requirement precisely.

Exam trap

The trap here is that candidates often choose 755 or 750 as 'standard' permissions for directories, forgetting that the requirement explicitly restricts access to only root, not to any group or other users.

How to eliminate wrong answers

Option A (750) is wrong because it grants read and execute permissions to the group, allowing group members (other than root) to list and run scripts, which violates the 'only root' requirement. Option C (755) is wrong because it grants read and execute to both group and others, allowing any user on the system to list and execute scripts. Option D (770) is wrong because it grants full read, write, and execute to the group, allowing group members to modify and run scripts, which again violates the restriction to root only.

565
MCQhard

During peak hours, a web server experiences timeouts. The kernel log shows 'possible SYN flooding'. Which kernel parameter should be increased to mitigate this?

A.net.ipv4.tcp_syncookies
B.net.core.somaxconn
C.net.ipv4.tcp_max_syn_backlog
D.net.core.rmem_default
AnswerC

Increasing this value allows more half-open connections, reducing SYN flooding issues.

Why this answer

The kernel log message 'possible SYN flooding' indicates that the system's SYN backlog queue is full, causing new connection requests to be dropped. Increasing `net.ipv4.tcp_max_syn_backlog` expands the maximum number of SYN requests that can be queued before the kernel starts dropping them, directly mitigating the issue.

Exam trap

The trap here is confusing the SYN backlog queue (`tcp_max_syn_backlog`) with the completed connection backlog (`somaxconn`), leading candidates to choose `net.core.somaxconn` even though it only affects fully established connections, not the SYN flood protection mechanism.

How to eliminate wrong answers

Option A is wrong because `net.ipv4.tcp_syncookies` enables SYN cookies as a defense against SYN flood attacks, but it does not increase the queue size; it bypasses the backlog entirely, which can degrade performance for legitimate traffic. Option B is wrong because `net.core.somaxconn` limits the maximum number of connections that can be queued for a listening socket after the three-way handshake is complete, not the SYN backlog queue for half-open connections. Option D is wrong because `net.core.rmem_default` sets the default receive socket buffer size for data transfer, which has no effect on the SYN backlog or connection establishment.

566
Multi-Selecthard

A DevOps engineer is writing a Bash script to automate deployment of a containerized application. The script must: (1) exit immediately if any command fails, (2) build a Docker image with tag 'myapp:latest' from the current directory, (3) run a container from that image in detached mode with port mapping 8080:80, (4) set environment variable ENV=production inside the container, and (5) bind mount a host directory /data to /app/data inside the container. Which TWO of the following snippets should be included in the script to meet these requirements? (Choose TWO.)

Select 2 answers
A.docker run -d -p 8080:80 -e ENV=production -v /data:/app/data myapp:latest
B.set -e
C.docker build -t myapp:latest .
D.docker build --tag myapp:latest .
E.docker run -d -p 8080:80 -eENV=production -v /data:/app/data myapp:latest
AnswersA, B

Correctly runs the container detached with port mapping, environment variable, and bind mount.

Why this answer

Option A (set -e) is needed to exit on error. Option E (docker run -d -p 8080:80 -e ENV=production -v /data:/app/data myapp:latest) correctly runs the container detached with port mapping, environment variable, and bind mount. Option B omits -e, Option C has syntax error (missing quotes), Option D repeats --tag but is incomplete.

567
MCQmedium

A Linux server is running low on disk space in the /var partition. The administrator runs 'du -sh /var/log/*' and finds that /var/log/syslog is 10 GB. Which of the following is the BEST long-term solution to prevent recurrence?

A.Manually truncate the syslog file with '> /var/log/syslog'.
B.Delete the syslog file and restart the syslog service.
C.Configure logrotate to rotate and compress the syslog file daily.
D.Increase the log rotation frequency in /etc/logrotate.conf to monthly.
AnswerC

logrotate automates rotation, keeping log sizes manageable.

Why this answer

Option C is correct because logrotate is the standard Linux utility for managing log file growth. By configuring logrotate to rotate and compress /var/log/syslog daily, the system automatically archives old logs and prevents a single file from consuming excessive disk space, addressing the root cause without manual intervention.

Exam trap

The trap here is that candidates may confuse 'increasing rotation frequency' with 'reducing log size,' but increasing the interval (e.g., to monthly) actually worsens the problem, while daily rotation with compression is the correct long-term solution.

How to eliminate wrong answers

Option A is wrong because manually truncating the file with '> /var/log/syslog' only frees space temporarily; the syslog daemon will continue writing to the same file, and the problem will recur without any automated management. Option B is wrong because deleting the syslog file and restarting the service is disruptive, may cause loss of log data, and does not implement any automated rotation or retention policy. Option D is wrong because increasing the log rotation frequency to monthly would actually reduce rotation frequency, making the problem worse by allowing the syslog file to grow even larger between rotations.

568
MCQeasy

A Linux administrator writes a script that uses bash-specific features like arrays and process substitution. Which shebang should be used?

A.#!/bin/bash
B.#!/bin/sh
C.#!/usr/bin/python3
D.#!/bin/ksh
AnswerA

Bash supports advanced features like arrays and process substitution.

Why this answer

The correct shebang is #!/bin/bash because the script uses bash-specific features such as arrays and process substitution. The shebang line tells the system to execute the script with the specified interpreter; /bin/bash is the Bourne Again SHell, which supports these features, while /bin/sh may be a POSIX shell that lacks them.

Exam trap

The trap here is that candidates often assume /bin/sh is always bash or that any shell can run bash-specific syntax, but on many Linux distributions /bin/sh is a different shell (e.g., dash) that lacks these extensions.

How to eliminate wrong answers

Option B is wrong because /bin/sh is often a POSIX-compliant shell (like dash on Debian) that does not support bash-specific features such as arrays and process substitution, causing the script to fail. Option C is wrong because /usr/bin/python3 is the Python 3 interpreter, which cannot execute bash syntax. Option D is wrong because /bin/ksh is the Korn shell, which has its own syntax and may not support bash-specific features like process substitution in the same way.

569
MCQhard

An administrator notices that new SSH sessions fail for all users. Which line in the exhibit is most likely causing the failure?

A.account required pam_nologin.so
B.session include password-auth
C.auth required pam_sepermit.so
D.session required pam_loginuid.so
AnswerA

If /etc/nologin exists, this module denies login to all non-root users.

Why this answer

The line 'account required pam_nologin.so' causes new SSH sessions to fail because the pam_nologin module checks for the existence of /etc/nologin. If that file exists, it denies login to all non-root users. This is commonly used during maintenance to prevent new logins, and since the question states 'all users' (including root if root is not explicitly exempted), this PAM module is the direct cause of the failure.

Exam trap

The trap here is that candidates often confuse the 'account' stack with the 'auth' or 'session' stacks, mistakenly thinking a missing authentication module (like pam_sepermit.so) or a session module (like pam_loginuid.so) is the cause, when in fact the account-level pam_nologin.so is specifically designed to block new logins system-wide.

How to eliminate wrong answers

Option B is wrong because 'session include password-auth' is a session management line that handles post-authentication tasks like logging and does not prevent new SSH sessions from being established. Option C is wrong because 'auth required pam_sepermit.so' is an authentication module that enforces SELinux user mapping; it would cause authentication failures for specific users, not block all new SSH sessions globally. Option D is wrong because 'session required pam_loginuid.so' ensures a unique loginuid is set for auditing purposes; failure of this module would cause session setup to fail only if the loginuid cannot be set, but it does not block all new SSH sessions by default.

570
Multi-Selectmedium

A system administrator wants to automate server configuration and management across multiple Linux hosts. Which TWO tools are configuration management solutions designed for this purpose? (Choose two.)

Select 2 answers
A.Docker
B.Nagios
C.Kubernetes
D.Puppet
E.Ansible
AnswersD, E

Puppet is a configuration management tool.

Why this answer

Puppet is a mature configuration management tool that uses a declarative language (Puppet DSL) to define desired system states and enforces them via a client-server (agent-master) architecture over HTTPS. It automates server configuration across multiple hosts by applying manifests that specify packages, services, files, and users, ensuring consistency without manual intervention.

Exam trap

The trap here is that candidates confuse containerization (Docker) or orchestration (Kubernetes) with configuration management, or mistake monitoring (Nagios) for a tool that configures systems, when the question specifically asks for tools that automate server configuration and management across multiple hosts.

571
MCQmedium

Scenario: A cloud hosting company uses SELinux in enforcing mode on all Linux servers. A developer reports that a custom web application running under Apache (httpd) is unable to write log files to /var/log/myapp/. The directory /var/log/myapp/ has permissions 755 and is owned by root:root. The httpd process runs as the 'apache' user. The administrator checks SELinux context: /var/log/myapp is labeled with default_t type. The administrator wants to allow httpd to write to this directory while maintaining security. Which command should the administrator run?

A.Change ownership with 'chown apache:apache /var/log/myapp'
B.Run 'setenforce 0' to disable SELinux
C.Run 'chcon -t httpd_log_t /var/log/myapp'
D.Run 'semanage fcontext -a -t httpd_log_t "/var/log/myapp(/.*)?"' and then 'restorecon -Rv /var/log/myapp'
AnswerD

This permanently sets the context to httpd_log_t, allowing httpd to write.

Why this answer

Option D is correct because it permanently relabels the directory with the httpd_log_t SELinux type, which is specifically designed to allow Apache (httpd) to write log files. The semanage fcontext command adds a file context mapping to the SELinux policy database, and restorecon applies that mapping to the filesystem. This approach maintains SELinux enforcing mode and does not rely on temporary changes like chcon or insecure workarounds like disabling SELinux.

Exam trap

The trap here is that candidates often choose chcon (Option C) because it works immediately, but they overlook that it is not persistent and will be overwritten by restorecon or policy updates, whereas semanage fcontext followed by restorecon is the correct persistent method.

How to eliminate wrong answers

Option A is wrong because changing ownership to apache:apache does not address SELinux type enforcement; the httpd process is still blocked by the default_t type on the directory, regardless of Unix permissions. Option B is wrong because running 'setenforce 0' disables SELinux entirely, which violates the company's security policy of running in enforcing mode and exposes the server to potential threats. Option C is wrong because 'chcon -t httpd_log_t /var/log/myapp' only makes a temporary label change that will be reverted on the next filesystem relabel (e.g., after a policy update or restorecon run), and it does not persist in the SELinux policy database.

572
MCQmedium

An administrator needs to check the kernel ring buffer for hardware error messages after a system crash. Which command should be used?

A.dmesg
B.journalctl -k
C.tail -f /var/log/messages
D.strace -e trace=open
AnswerA

dmesg displays kernel ring buffer messages.

Why this answer

dmesg shows kernel ring buffer messages including hardware errors. journalctl -k shows kernel messages from systemd journal, but dmesg is the direct command for the ring buffer.

573
Multi-Selectmedium

A Linux server is experiencing high CPU usage. Which TWO commands can be used to identify which processes are consuming the most CPU? (Choose two.)

Select 2 answers
A.ps aux --sort=-%cpu
B.top
C.iostat
D.vmstat
E.free
AnswersA, B

ps with sorting shows processes by CPU usage.

Why this answer

top and ps are standard process monitoring tools that show CPU usage.

574
Multi-Selectmedium

A security audit identifies that the system's /etc/passwd file is world-readable. Which three security issues does this pose? (Select THREE.)

Select 3 answers
A.Attackers can read the encrypted passwords.
B.Attackers can obtain usernames easily.
C.Attackers can see home directory paths.
D.Attackers can see user ID mappings.
E.Attackers can read password hashes.
AnswersB, C, D

/etc/passwd lists all local usernames.

Why this answer

Option B is correct because the /etc/passwd file contains a list of all system usernames. Since the file is world-readable, any user or attacker can easily read this file to enumerate valid usernames, which is a common first step in password guessing or brute-force attacks. Usernames are stored in the first colon-delimited field of each line, making them trivially extractable.

Exam trap

The trap here is that candidates often confuse the legacy practice of storing password hashes in /etc/passwd with the modern shadow password suite, and mistakenly select options A or E, not realizing that /etc/shadow is the actual hash store.

575
MCQeasy

Which command displays the current routing table on a Linux system?

A.ip neigh
B.ip addr
C.ip link
D.ip route
AnswerD

Correct.

Why this answer

ip route shows the routing table. The older route command is deprecated.

576
MCQhard

A web server is not responding on port 443. Using tcpdump to capture traffic on the server, which filter would capture only HTTPS packets?

A.tcpdump -i any port https
B.tcpdump -i any tcp port 443
C.tcpdump -i any host 443
D.tcpdump -i any udp port 443
AnswerB

Correct filter: tcp port 443 captures TCP traffic on port 443.

Why this answer

Port 443 is HTTPS. The filter 'port 443' captures traffic on that port.

577
MCQeasy

A Linux administrator needs to add a new user named 'jdoe' with a home directory and bash shell. Which command accomplishes this?

A.groupadd -u jdoe -s /bin/bash
B.useradd -m -s /bin/bash jdoe
C.adduser -h /home/jdoe -s bash jdoe
D.usermod -m -s /bin/bash jdoe
AnswerB

Correct: -m creates home directory, -s sets shell.

Why this answer

The useradd command creates a new user, and the -m flag creates the home directory, -s sets the shell. useradd -m -s /bin/bash jdoe is correct.

578
MCQmedium

A developer is writing a Bash script that needs to test whether a file exists and is readable. Which of the following conditionals correctly performs this check?

A.if test -f $file || test -r $file; then
B.if [ -f $file -a -r $file ]; then
C.if [[ -f $file && -r $file ]]; then
D.if [ -f $file -o -r $file ]; then
AnswerC

Double brackets are preferred and allow && for logical AND.

Why this answer

The -f test checks for a regular file, and -r checks if it is readable. Both must be true, so they are combined with &&.

579
MCQhard

An administrator modified kernel parameters in /etc/sysctl.conf. Which command applies the changes without rebooting?

A.sysctl -p
B.sysctl -w
C.sysctl -r
D.sysctl -a
AnswerA

The -p option loads settings from the specified file, defaulting to /etc/sysctl.conf.

Why this answer

The `sysctl -p` command reads the settings from `/etc/sysctl.conf` and applies them immediately to the running kernel without requiring a reboot. This is the standard method for reloading persistent kernel parameter changes on Linux systems.

Exam trap

The trap here is that candidates confuse `sysctl -p` (apply from file) with `sysctl -w` (set a single value), or assume a reboot is required, leading them to choose an incorrect option like `sysctl -w` or a non-existent flag.

How to eliminate wrong answers

Option B is wrong because `sysctl -w` is used to temporarily set a single kernel parameter at runtime, not to load changes from a configuration file. Option C is wrong because `sysctl -r` is not a valid sysctl option; the correct flag for reloading from a file is `-p`. Option D is wrong because `sysctl -a` displays all current kernel parameters and their values, but does not apply or reload any configuration changes.

580
Multi-Selectmedium

A Linux administrator is troubleshooting a service that fails to start. Which TWO commands can be used to view the last 20 lines of the systemd journal for the sshd unit?

Select 2 answers
A.journalctl -u sshd -n 20
B.journalctl -u sshd | tail -20
C.journalctl -k -n 20
D.journalctl -u sshd -p err
E.journalctl -b -u sshd
AnswersA, B

Correct: -u for unit, -n for number of lines.

Why this answer

journalctl -u sshd -n 20 shows last 20 lines for the unit. journalctl -u sshd | tail -20 also works. The others use wrong options or units.

581
MCQmedium

An administrator wants to start a long-running script in the background so that it continues running even after logging out. Which command should be used?

A.script.sh &
B.nohup script.sh &
C.nohup script.sh
D.bg script.sh
AnswerB

Correct: nohup allows process to survive logout; & runs in background.

Why this answer

nohup prevents the process from receiving SIGHUP when the terminal closes. & runs it in background.

582
MCQeasy

Refer to the exhibit. A user wants to execute the script 'script.sh' but receives a 'Permission denied' error. Which action should be taken to allow execution?

A.Add execute permission with chmod +x script.sh
B.Change the owner to the user with chown
C.Change the group to the user's primary group
D.Set the permissions to 644 with chmod
AnswerA

Adds execute permission to the file.

Why this answer

The 'Permission denied' error indicates the script lacks the execute permission for the user. The `chmod +x script.sh` command adds the execute permission bit to the file's mode, allowing the user to run it as a program. This is the direct and correct fix for the issue.

Exam trap

CompTIA often tests the misconception that changing ownership or group alone resolves permission errors, when in fact the execute permission bit must be explicitly set for the file to be run as a script.

How to eliminate wrong answers

Option B is wrong because changing the owner with `chown` does not grant execute permission; it only changes file ownership, and the new owner still needs execute permission to run the script. Option C is wrong because changing the group to the user's primary group does not add execute permission; the group must have the execute bit set in the file's permissions for this to work. Option D is wrong because setting permissions to 644 (rw-r--r--) removes any execute bits, which would still prevent execution and is the opposite of what is needed.

583
MCQmedium

A Linux system fails to boot, displaying a 'kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(0,0)' error. Which of the following is the most likely cause?

A.Corrupted initramfs
B.Incorrect /etc/fstab entry
C.Full disk on /boot
D.Misconfigured GRUB timeout
AnswerA

A missing or corrupted initramfs can prevent the root filesystem from being mounted.

Why this answer

This error indicates the kernel cannot find the root filesystem, often due to a missing driver or incorrect root= parameter in the boot configuration.

584
MCQhard

A developer writes a Dockerfile that installs multiple packages. To reduce the final image size, which of the following practices is most effective?

A.Use a multi-stage build.
B.Combine multiple RUN commands into a single RUN instruction.
C.Use apt-get clean after each installation.
D.Use a minimal base image like alpine.
AnswerB

Reduces number of layers, decreasing image size.

Why this answer

Combining multiple RUN commands into a single RUN instruction reduces the number of layers created in the Docker image. Each RUN instruction creates a new layer, and by merging them, you avoid storing intermediate files (e.g., package cache) across separate layers, which significantly shrinks the final image size. This is a direct and effective method for minimizing image footprint when installing multiple packages.

Exam trap

CompTIA often tests the misconception that using a minimal base image or cleaning up in separate steps is sufficient, when in fact the layer persistence model means only combining RUN commands (and cleaning within the same layer) truly eliminates intermediate file bloat.

How to eliminate wrong answers

Option A is wrong because multi-stage builds primarily reduce image size by separating build-time dependencies from the final runtime image, but they do not directly address the layer overhead from multiple RUN instructions during package installation. Option C is wrong because apt-get clean only removes cached package files within a single layer; if used in separate RUN instructions, the cache is already stored in a previous layer and cannot be reclaimed, making it ineffective for reducing final image size. Option D is wrong because while using a minimal base image like Alpine reduces the base layer size, it does not mitigate the layer bloat caused by multiple RUN instructions; the question specifically asks about the practice for reducing image size when installing multiple packages, and combining RUN commands is more directly impactful.

585
MCQmedium

An administrator wants to change the priority of a running process with PID 1234 to a lower priority (nicer). The current nice value is 0. Which command will set the nice value to 10?

A.renice 10 -p 1234
B.nice -n 10 kill 1234
C.chrt -p 10 1234
D.kill -10 1234
AnswerA

Correct: renice sets the nice value for the process.

Why this answer

The `renice` command is used to alter the scheduling priority of an already running process. By default, a process starts with a nice value of 0. Running `renice 10 -p 1234` sets the nice value to 10, which is a lower priority (more 'nice') because the kernel adds this value to the dynamic priority calculation, giving the process less CPU time.

Exam trap

Cisco often tests the distinction between `renice` (for running processes) and `nice` (for launching a new process with a modified priority), and candidates may confuse `renice` with `nice` or think `kill` can change priority via signal numbers.

How to eliminate wrong answers

Option B is wrong because `nice -n 10 kill 1234` attempts to run the `kill` command with a nice value of 10, but `kill` does not change the priority of an existing process; it sends signals. Option C is wrong because `chrt -p 10 1234` sets the real-time scheduling policy and priority (via the `-p` flag with a priority value), not the nice value; `chrt` manipulates the SCHED_FIFO or SCHED_RR policy, not the conventional nice/renice mechanism. Option D is wrong because `kill -10 1234` sends signal 10 (SIGUSR1 by default on Linux) to the process, which has no effect on its nice value or scheduling priority.

586
MCQmedium

A Linux administrator is writing a bash script that accepts command-line options: -a for all, -f for file, and -o for output. Which of the following correctly uses getopts to parse these options?

A.while getopts "-a -f -o" opt; do ... done
B.while getopts "a:f:o" opt; do case $opt in a) ...;; f) ...;; o) ...;; esac; done
C.getopts "afo" opt; case $opt in a) ...;; f) ...;; o) ...;; esac
D.while getopts "afo" opt; do case $opt in a) ...;; f) ...;; o) ...;; esac; done
AnswerD

Correct. The option string 'afo' defines three boolean options without arguments.

Why this answer

getopts uses a string of option characters; a colon after an option indicates it requires an argument. The correct usage is 'a:f:o' where a and f require arguments, but the stem doesn't specify arguments. Assuming -a and -f don't require arguments, the string should be 'afo'.

587
MCQmedium

A DevOps engineer is designing a CI/CD pipeline for a microservices application. The pipeline should build a Docker image, run unit tests, and if successful, push the image to a private registry. Which tool is best suited for orchestrating this pipeline?

A.Git
B.cron
C.Jenkins
D.Ansible
AnswerC

Jenkins is designed for building, testing, and deploying software continuously.

Why this answer

Jenkins is a widely adopted CI/CD automation server that excels at orchestrating complex pipelines, including building Docker images, running unit tests, and pushing images to a private registry. Its pipeline-as-code feature (Jenkinsfile) allows defining stages, triggers, and post-build actions, making it the best fit for this microservices CI/CD workflow.

Exam trap

CompTIA often tests the distinction between CI/CD orchestration tools and general automation or scheduling tools; the trap here is that candidates may confuse Ansible's automation capabilities with CI/CD pipeline orchestration, or think cron can handle complex multi-step workflows with conditional logic.

How to eliminate wrong answers

Option A is wrong because Git is a distributed version control system used for source code management, not for orchestrating CI/CD pipelines or executing build/test/deploy steps. Option B is wrong because cron is a time-based job scheduler in Unix/Linux that can only run simple scripts at fixed intervals; it lacks pipeline logic, dependency management, and integration with Docker registries or test frameworks. Option D is wrong because Ansible is a configuration management and automation tool primarily used for provisioning and infrastructure as code, not for continuous integration pipeline orchestration; it does not natively support event-driven CI/CD triggers or pipeline stages.

588
Multi-Selecthard

A technician is troubleshooting a service that fails to start. The service file is located in /usr/lib/systemd/system. Which THREE commands can be used to investigate the service's status and logs? (Choose three.)

Select 3 answers
A.systemctl enable servicename
B.journalctl -u servicename
C.systemctl status servicename
D.systemctl start servicename
E.journalctl -f
AnswersB, C, E

Shows logs for the service.

Why this answer

systemctl status shows service status; journalctl -u shows logs for the unit; journalctl -f follows new log entries. systemctl start attempts to start but not investigate; systemctl enable enables at boot.

589
MCQeasy

A Linux administrator wants to view all listening TCP ports and the associated processes on a system. Which command should be used?

A.lsof -i TCP
B.netstat -tulpn
C.ss -tlnp
D.nmap -sT localhost
AnswerC

Correct command.

Why this answer

The `ss -tlnp` command is correct because it displays all TCP listening sockets (`-t` for TCP, `-l` for listening) with numeric addresses (`-n`) and shows the associated process information (`-p`). This is the modern replacement for `netstat` and is the recommended tool on current Linux distributions for socket statistics.

Exam trap

The trap here is that candidates may choose `netstat -tulpn` (Option B) because it is historically familiar, but the XK0-005 exam emphasizes modern tools like `ss` over deprecated commands.

How to eliminate wrong answers

Option A is wrong because `lsof -i TCP` lists all open files associated with TCP connections, including non-listening sockets, and does not filter to only listening ports without additional flags. Option B is wrong because `netstat -tulpn` is a legacy command that may not be installed by default on modern systems and is deprecated in favor of `ss`; while it would show listening TCP ports, it is not the best or recommended command. Option D is wrong because `nmap -sT localhost` performs a TCP connect scan against the local host, which is a network scanning tool used for security auditing, not a standard system administration command to view listening ports and processes.

590
MCQmedium

A Linux administrator needs to locate all files in the /var directory that have been modified within the last 30 minutes and are larger than 10MB. Which command accomplishes this task?

A.find /var -mmin 30 -size +10M
B.find /var -mmin -30 -size +10M
C.locate /var -mmin -30 -size +10M
D.find /var -mtime -30 -size +10M
AnswerB

Correct: -mmin -30 matches files modified less than 30 minutes ago, and -size +10M matches files larger than 10MB.

Why this answer

The find command with -mmin and -size options can locate files based on modification time and size. -mmin -30 finds files modified less than 30 minutes ago, and -size +10M finds files larger than 10MB.

591
MCQhard

A server is experiencing intermittent network connectivity issues. The administrator wants to run a continuous test that combines ping and traceroute to monitor the path and packet loss to a target host. Which command should be used?

A.mtr target
B.tcpdump -i any host target
C.ping -f target
D.traceroute -n target
AnswerA

mtr continuously displays the route and packet loss per hop.

Why this answer

mtr combines ping and traceroute functionality, continuously showing each hop and packet loss statistics.

592
MCQhard

A Linux administrator needs to configure auditing to monitor changes to the /etc/passwd file. Which auditctl command should be used?

A.auditctl -w /etc/passwd -p rwxa -k passwd_changes
B.auditctl -w /etc/passwd -p wa -k passwd_changes
C.auditctl -a exit,always -S unlink -S rename -F path=/etc/passwd
D.auditctl -a always,exit -F path=/etc/passwd -F perm=wa -k passwd_changes
AnswerB

This adds a watch on the file for write and attribute changes.

Why this answer

auditctl -w /etc/passwd -p wa -k passwd_changes adds a watch on the file for write and attribute changes, with a key for easier searching.

593
Multi-Selectmedium

A Linux administrator is troubleshooting a DNS resolution issue. The system uses /etc/resolv.conf. Which two of the following directives are commonly found in this file? (Choose two.)

Select 2 answers
A.domain localdomain
B.options timeout:2
C.hosts: files dns
D.nameserver 8.8.8.8
E.search example.com
AnswersD, E

nameserver specifies a DNS server.

Why this answer

/etc/resolv.conf typically contains nameserver entries and optionally search and domain directives.

594
Multi-Selecteasy

Which three directories are required by the FHS to be present on a Linux system? (Select THREE.)

Select 3 answers
A./bin
B./proc
C./dev
D./etc
E./opt
AnswersA, C, D

Essential user binaries.

Why this answer

/bin, /etc, and /dev are essential FHS directories. /opt is optional, /proc is a virtual filesystem, /mnt is for temporary mounts but not always present.

595
Multi-Selectmedium

A Linux administrator needs to locate all files in the /etc directory that have been modified in the last 24 hours and are not owned by root. Which two commands can be combined to achieve this? (Select TWO.)

Select 2 answers
A.find /etc -mtime 0 -not -user root
B.find /etc -ctime 0 -not -group root
C.find /etc -mmin -1440 -not -user root
D.find /etc -mtime 0 -uid 0
E.find /etc -atime 0 -not -user root
AnswersA, C

Correct: finds files modified in last 24 hours not owned by root.

Why this answer

find with -mtime 0 finds files modified in the last 24 hours; -not -user root excludes root-owned files. The -exec option executes ls -l to list details.

596
MCQmedium

An administrator adds a new disk /dev/sdc1 and wants it mounted at /mnt/backup at every boot. Based on the exhibit, which line should be added to /etc/fstab?

A.UUID=xyz789 /backup ext4 defaults 0 0
B.UUID=xyz789 /mnt/backup ext4 nofail 0 0
C./dev/sdc1 /mnt/backup ext4 defaults 0 2
D./dev/sdc1 /mnt/backup ext4 defaults 0 0
E.UUID=xyz789 /mnt/backup ext4 defaults 0 0
AnswerE

Correct format with UUID.

Why this answer

Option E is correct because /etc/fstab entries should use UUIDs for persistent device identification, and the mount point must exactly match the intended directory /mnt/backup. The 'defaults' option and '0 0' (no dump, no fsck) are appropriate for a non-root filesystem that does not require boot-time checking.

Exam trap

Cisco often tests the requirement to use UUIDs in /etc/fstab for persistent mounts, and the trap here is that candidates may incorrectly choose a device path option (like /dev/sdc1) or a wrong mount point, overlooking the need for exact directory matching and proper fsck values.

How to eliminate wrong answers

Option A is wrong because the mount point is listed as '/backup' instead of '/mnt/backup', which does not match the requirement. Option B is wrong because it uses 'nofail' instead of 'defaults', which is not a standard fstab option and would not ensure the filesystem is mounted at boot. Option C is wrong because it uses the device path '/dev/sdc1' instead of a UUID, which can change between reboots, and the fsck pass value '2' is unnecessary for a non-root filesystem.

Option D is wrong because it uses the device path '/dev/sdc1' instead of a UUID, risking mount failures if the device name changes.

597
MCQhard

A server is secured with SELinux in enforcing mode. A custom web application needs to write logs to /var/log/webapp. The SELinux type for httpd is httpd_t. Which command sets the correct context for the log directory?

A.semanage fcontext -a -t httpd_log_t "/var/log/webapp(/.*)?" && restorecon -Rv /var/log/webapp
B.chcon -t httpd_sys_content_t /var/log/webapp
C.setsebool -P httpd_enable_homedirs on
D.chcon -t httpd_t /var/log/webapp
AnswerA

This adds a persistent rule and applies the correct type for log files.

Why this answer

Option A is correct because it uses `semanage fcontext` to add a persistent file context rule that assigns the `httpd_log_t` type to the `/var/log/webapp` directory and its contents, then applies it with `restorecon`. The `httpd_log_t` type is specifically designed for log files written by the httpd process, allowing Apache (running as `httpd_t`) to write logs while maintaining SELinux enforcement.

Exam trap

The trap here is that candidates confuse process domains (like `httpd_t`) with file types (like `httpd_log_t`) or mistakenly use `chcon` for a permanent context change, not realizing that `semanage fcontext` with `restorecon` is required for persistent labeling in enforcing mode.

How to eliminate wrong answers

Option B is wrong because `httpd_sys_content_t` is intended for static web content (e.g., HTML, scripts) served by httpd, not for log files; using it would not grant the necessary write permissions for logging and could cause AVC denials. Option C is wrong because `httpd_enable_homedirs` is a boolean that controls access to user home directories, not log directory labeling; it does not set any file context. Option D is wrong because `httpd_t` is a process domain type, not a file type; assigning a process type to a directory would break SELinux labeling and prevent proper access.

598
MCQmedium

The company password policy requires minimum length, complexity, and that passwords cannot be based on dictionary words. Which file should be edited to configure these settings via pam_pwquality?

A./etc/security/pwquality.conf
B./etc/login.defs
C./etc/pam.d/system-auth
D./etc/pam.d/password-auth
AnswerA

This file contains the pam_pwquality parameters such as minlen, dcredit, ucredit, ocredit, and lcredit.

Why this answer

The pam_pwquality module enforces password quality rules such as minimum length, complexity, and dictionary checks. Its configuration file is /etc/security/pwquality.conf, where parameters like minlen, dcredit, ucredit, lcredit, ocredit, and dictcheck are set. Editing this file directly controls the PAM module's behavior without modifying PAM service files.

Exam trap

The trap here is that candidates confuse the PAM service file (which invokes the module) with the module's configuration file, leading them to choose /etc/pam.d/system-auth or /etc/pam.d/password-auth instead of /etc/security/pwquality.conf.

How to eliminate wrong answers

Option B is wrong because /etc/login.defs controls shadow password suite parameters (e.g., PASS_MAX_DAYS, PASS_MIN_LEN) but does not configure pam_pwquality settings. Option C is wrong because /etc/pam.d/system-auth is a PAM service file that includes pam_pwquality via a 'password requisite pam_pwquality.so' line, but it does not contain the configuration parameters themselves. Option D is wrong because /etc/pam.d/password-auth is another PAM service file (often used for non-system logins) that similarly invokes pam_pwquality but is not the configuration file for its settings.

599
Multi-Selecthard

Which TWO are standard methods to boot into rescue mode in a systemd-based Linux distribution?

Select 2 answers
A.Run systemctl rescue
B.Add 'emergency' to kernel command line
C.Append init=/bin/bash to kernel command line
D.Run grub2-mkconfig
E.Set default target to rescue.target and reboot
AnswersA, E

Immediately switches the system to rescue.target.

Why this answer

Option A is correct because `systemctl rescue` directly activates the `rescue.target`, which is the standard systemd mechanism to boot into a single-user, minimal rescue environment. This target mounts essential filesystems and starts basic services, providing a shell for troubleshooting without a full multi-user boot.

Exam trap

The trap here is that candidates confuse 'rescue mode' with 'emergency mode' or legacy `init=/bin/bash` methods, failing to recognize that systemd defines `rescue.target` as the standard, service-aware rescue environment.

600
MCQeasy

Which command displays real-time information about running processes, including CPU and memory usage, and updates the display dynamically?

A.htop
B.ps aux
C.jobs
D.top
AnswerD

top provides real-time dynamic process information.

Why this answer

top displays a dynamic real-time view of running processes and system resource usage.

Page 7

Page 8 of 14

Page 9
CompTIA Linux+ XK0-005 XK0-005 Questions 526–600 | Page 8/14 | Courseiva