CompTIA Linux+ XK0-005 (XK0-005) — Questions 601675

981 questions total · 14pages · All types, answers revealed

Page 8

Page 9 of 14

Page 10
601
MCQmedium

An administrator uses Podman containers and wants them to start automatically when the host boots. Which method should be used?

A.podman auto-start on
B.podman generate systemd --new --files, then systemctl enable container-name
C.podman register-service container-name
D.Add a command to /etc/rc.local to start the container
AnswerB

This creates systemd unit files and enables them for automatic startup.

Why this answer

Option B is correct because Podman does not have a built-in auto-start mechanism; instead, it integrates with systemd by generating a systemd service unit file using `podman generate systemd --new --files`. This creates a service that manages the container as a transient unit, and then `systemctl enable` makes it start automatically at boot. This approach leverages systemd's dependency-based boot sequencing and ensures the container is restarted if it fails.

Exam trap

The trap here is that candidates may assume Podman has a simple built-in auto-start toggle like Docker's `--restart always` flag, but Podman requires explicit systemd integration for boot-time startup, and the exam tests knowledge of the correct command sequence (`generate systemd` followed by `systemctl enable`).

How to eliminate wrong answers

Option A is wrong because `podman auto-start on` is not a valid Podman command; Podman does not have a native auto-start feature. Option C is wrong because `podman register-service` is not a real Podman subcommand; Podman uses systemd integration, not a separate registration command. Option D is wrong because while `/etc/rc.local` can start containers, it is a legacy method that lacks systemd's dependency management, restart policies, and logging, making it unreliable for production container management.

602
MCQeasy

A Linux administrator needs to view all current IPv4 addresses assigned to network interfaces on a system. Which command should be used?

A.ip link show
B.ifconfig -a
C.hostname -I
D.ip addr
AnswerD

ip addr shows all IP addresses on interfaces.

Why this answer

The 'ip addr' command displays all IP addresses assigned to network interfaces. 'ifconfig' is deprecated, 'ip link' shows link-layer info, and 'hostname -I' only shows primary IPs.

603
MCQmedium

A container is running and a technician needs to execute an interactive shell inside it. The container was started with 'docker run -d --name myapp myimage'. Which command will achieve this?

A.docker exec -it myapp /bin/bash
B.docker attach myapp
C.docker run -it --name myapp myimage /bin/bash
D.docker logs -f myapp
AnswerA

exec runs a new command in the running container; -it makes it interactive.

Why this answer

docker exec -it myapp /bin/bash runs an interactive shell inside the running container.

604
MCQmedium

An administrator is hardening SSH and wants to disable root login and only allow users in the 'sshusers' group. Which two directives should be set in /etc/ssh/sshd_config?

A.DenyRootLogin yes and AllowGroups sshusers
B.PermitRootLogin prohibit-password and AllowGroups sshusers
C.PermitRootLogin no and AllowGroups sshusers
D.PermitRootLogin no and AllowUsers sshusers
AnswerC

Correct directives.

Why this answer

Option C is correct because the directive `PermitRootLogin no` explicitly disallows root login via SSH, and `AllowGroups sshusers` restricts SSH access to only members of the 'sshusers' group. This combination meets both requirements: disabling root login and limiting access to a specific group. The `AllowGroups` directive is group-based, unlike `AllowUsers`, which is user-based.

Exam trap

The trap here is confusing `AllowGroups` with `AllowUsers` — candidates often pick `AllowUsers sshusers` thinking it restricts to the group, but it actually restricts to a user named 'sshusers', not group membership.

How to eliminate wrong answers

Option A is wrong because `DenyRootLogin` is not a valid directive in sshd_config; the correct directive is `PermitRootLogin`. Option B is wrong because `PermitRootLogin prohibit-password` only disables password-based root login but still allows root login via public key authentication, which does not fully disable root login as required. Option D is wrong because `AllowUsers sshusers` would only allow a user literally named 'sshusers', not members of the 'sshusers' group; the correct group-based directive is `AllowGroups`.

605
Multi-Selecteasy

A Linux administrator wants to create a Docker image from a Dockerfile. Which TWO of the following commands are needed? (Select TWO).

Select 1 answer
A.docker run
B.docker push
C.docker tag
D.docker build
E.docker commit
AnswersD

Builds the image from the Dockerfile.

Why this answer

docker build builds the image; docker tag optionally tags it; docker push uploads to registry; docker run runs a container; docker commit creates image from container.

606
Multi-Selectmedium

A user wants to create a hard link to a file. Which three conditions must be true for a hard link to be created successfully? (Choose three.)

Select 3 answers
A.The source file must have the SUID bit set.
B.The link must have the same name as the source.
C.The source and link must be on the same filesystem.
D.The source file must be a regular file, not a directory.
E.The source file must exist.
AnswersC, D, E

Correct: hard links cannot cross filesystem boundaries.

Why this answer

Hard links cannot span filesystems, cannot link to directories (except by root with special options), and the target must exist. They share the same inode.

607
MCQmedium

A system administrator notices that an unauthorized user gained access to a server via SSH using a compromised user account. Which security measure should be implemented to prevent such attacks in the future?

A.Configure SSH to use key-based authentication only
B.Disable SSH and use Telnet
C.Enforce a complex password policy
D.Allow all users to use sudo without passwords
AnswerA

Key-based authentication is more secure and prevents password attacks.

Why this answer

Option A is correct because configuring SSH to use key-based authentication only eliminates the risk of password-based attacks, such as brute-force or credential theft. Since the compromised user account was accessed via SSH using a password, disabling password authentication and requiring a private key ensures that an attacker cannot log in even if they obtain the user's password hash. This aligns with the principle of least privilege and strong authentication, as SSH keys are cryptographically bound to the client and are not transmitted over the network.

Exam trap

CompTIA often tests the misconception that a strong password policy is sufficient to prevent unauthorized access, but the trap here is that password-based authentication is inherently vulnerable to credential reuse, phishing, and offline cracking, whereas key-based authentication provides cryptographic proof of identity that cannot be easily stolen or guessed.

How to eliminate wrong answers

Option B is wrong because disabling SSH and using Telnet would actually decrease security, as Telnet transmits all data, including credentials, in cleartext, making it trivial for attackers to intercept. Option C is wrong because while a complex password policy can make passwords harder to guess, it does not prevent attacks where the password is already compromised (e.g., via phishing or a data breach); SSH key-based authentication is a stronger, passwordless alternative. Option D is wrong because allowing all users to use sudo without passwords removes all authorization checks for privilege escalation, which would increase the attack surface and allow a compromised account to gain root access without any additional authentication.

608
MCQeasy

A user reports that they receive 'Permission denied' when trying to run a script located in their home directory. The script has permissions -rw-rw-r-- and is owned by the user. Which command should the user run to resolve the issue?

A.chmod g-w script.sh
B.sudo chown user:user script.sh
C.chmod u+x script.sh
D.chmod a+x script.sh
AnswerC

Adds execute permission for the owner, allowing the script to run.

Why this answer

The script has permissions -rw-rw-r--, meaning the owner (user) has read and write but not execute permission. To run it as a script, the execute bit must be set for the owner. The command chmod u+x script.sh adds execute permission for the user, allowing them to run the script directly.

Exam trap

The trap here is that candidates may think 'Permission denied' always means ownership or group issues, leading them to choose chown or group permission changes, when in fact the missing execute bit is the specific cause for script execution failures.

How to eliminate wrong answers

Option A is wrong because chmod g-w removes write permission from the group, which does not add execute permission and would not resolve the 'Permission denied' error. Option B is wrong because sudo chown user:user script.sh changes the owner and group to the user, but the script is already owned by the user, so this does nothing to add execute permission. Option D is wrong because chmod a+x adds execute permission for all (user, group, others), which would work but is overly permissive and not the minimal fix; the question asks which command the user should run, and the most appropriate and secure answer is to add execute only for the owner.

609
MCQmedium

A user is trying to log in to a Linux server via SSH but receives 'Permission denied (publickey,gssapi-keyex,gssapi-with-mic)'. The user's public key is in ~/.ssh/authorized_keys with proper permissions (600) and owned by the user. The server's sshd_config has 'PubkeyAuthentication yes' and 'PasswordAuthentication no'. What is the most likely additional cause?

A.The server's firewall is blocking port 22.
B.The user's home directory has incorrect permissions (e.g., group-writable).
C.SELinux is blocking the key authentication.
D.The SSH server is not running.
AnswerB

SSH enforces strict permissions on home directory; if group-writable, the key authentication is refused.

Why this answer

Option B is correct because SSH server's `StrictModes` (enabled by default) checks that the user's home directory is not group-writable or world-writable. If the home directory has group-write permission (e.g., 775), SSH refuses to trust `~/.ssh/authorized_keys` even if the file itself has 600 permissions. This is a security measure to prevent other group members from modifying the authorized_keys file indirectly.

Exam trap

CompTIA often tests the subtlety that SSH's `StrictModes` checks parent directory permissions, not just the key file, leading candidates to overlook home directory permissions when the key file itself appears correct.

How to eliminate wrong answers

Option A is wrong because a firewall blocking port 22 would cause a connection timeout or 'Connection refused' error, not the specific 'Permission denied (publickey,...)' message. Option C is wrong because SELinux blocking key authentication would typically produce AVC denial messages in audit logs and a different error (e.g., 'Permission denied (publickey)' without the GSSAPI methods), and the default SELinux policy allows SSH key-based login. Option D is wrong because if the SSH server were not running, the client would receive 'Connection refused' immediately, not an SSH authentication failure message.

610
Multi-Selectmedium

A technician needs to apply an access control list (ACL) to a file to grant read and write permissions to a specific user. Which two commands are used to manage ACLs? (Choose two.)

Select 2 answers
A.chmod
B.chown
C.umask
D.setfacl
E.getfacl
AnswersD, E

Sets ACL entries.

Why this answer

setfacl sets ACLs, getfacl retrieves them.

611
MCQhard

An administrator needs to find all files in /etc that have the SUID bit set. Which find command is correct?

A.find /etc -perm /4000
B.find /etc -exec ls -l {} \; | grep '^...s'
C.find /etc -perm -4000
D.find /etc -type f -perm 4000
AnswerA

Correct: /4000 matches files with SUID set.

Why this answer

The SUID bit is represented by the permission 4000. -perm /4000 checks if any of the bits in 4000 are set (SUID).

612
Multi-Selectmedium

A Linux administrator is troubleshooting a slow web server. They suspect high disk I/O. Which TWO commands can be used to monitor disk I/O statistics?

Select 2 answers
A.free -h
B.iostat -x 1
C.vmstat 1
D.lsof
E.sar -b 1
AnswersB, E

iostat provides disk I/O utilization and performance metrics.

Why this answer

iostat directly reports disk I/O stats; sar can collect and report I/O statistics historically.

613
MCQeasy

Which file contains user password hashes and aging information on a Linux system?

A./etc/shadow
B./etc/group
C./etc/passwd
D./etc/gshadow
AnswerA

/etc/shadow stores encrypted passwords and aging data.

Why this answer

The /etc/shadow file stores user password hashes along with password aging information, such as the last password change date, minimum and maximum password age, warning period, and inactivity lockout. This file is readable only by root (or privileged processes) to protect the hashed passwords from unauthorized access, unlike /etc/passwd which is world-readable.

Exam trap

The trap here is that candidates often confuse /etc/passwd with /etc/shadow, mistakenly thinking that /etc/passwd still stores password hashes, but modern Linux systems store them only in /etc/shadow for security.

How to eliminate wrong answers

Option B is wrong because /etc/group stores group membership information, not password hashes or aging data. Option C is wrong because /etc/passwd contains user account details (like UID, GID, home directory) and traditionally held password hashes, but on modern Linux systems it uses an 'x' placeholder and defers to /etc/shadow for security. Option D is wrong because /etc/gshadow stores group password hashes and group administrator information, not user password hashes or aging data.

614
Multi-Selectmedium

A security policy requires that user passwords must be changed every 60 days, and users should be warned 7 days before expiration. Which two chage commands set these requirements for user 'jsmith'? (Choose TWO.)

Select 2 answers
A.chage -M 60 jsmith
B.chage -E 60 jsmith
C.chage -W 7 jsmith
D.chage -m 60 jsmith
E.chage -I 7 jsmith
AnswersA, C

Sets maximum password age to 60 days.

Why this answer

chage -M 60 sets max days; chage -W 7 sets warning days.

615
Multi-Selectmedium

Which TWO options are valid ways to pass environment variables to a Docker container?

Select 2 answers
A.--var VAR=value
B.--env-file file
C.-e VAR=value
D.--variable VAR=value
E.-v VAR=value
AnswersB, C

This loads environment variables from a file.

Why this answer

Option B is correct because the `--env-file` flag allows you to pass a file containing environment variables to a Docker container, where each line in the file is in `KEY=value` format. Option C is correct because the `-e` (or `--env`) flag directly sets an environment variable inside the container, e.g., `-e VAR=value`. Both are standard Docker CLI methods for injecting environment variables at container runtime.

Exam trap

The trap here is that candidates confuse the `-v` flag (used for volumes) with environment variable flags, or assume `--var` or `--variable` are valid Docker options when they are not.

616
MCQmedium

A system administrator needs to create a Dockerfile for a Python application. The application should be installed in the container, and when the container starts, it should run the command 'python app.py'. Which Dockerfile instruction should be used to specify the default command?

A.ENTRYPOINT python app.py
B.RUN python app.py
C.CMD python app.py
D.STARTUP python app.py
AnswerC

Correct. CMD provides default command for container execution.

Why this answer

CMD specifies the default command to run when the container starts. ENTRYPOINT can also be used but is typically for executables that are not easily overridden.

617
MCQmedium

Refer to the exhibit. A user reports that the /var directory is not accessible. The system administrator checks the logical volumes and notices that the 'var' logical volume is not activated. Which command should be used to activate it?

A.lvextend -L+10g vg0/var
B.lvchange -ay vg0/var
C.lvscan
D.lvcreate -a y vg0/var
AnswerB

The -ay option activates the logical volume.

Why this answer

The `lvchange -ay vg0/var` command activates the specified logical volume by setting its activation flag to 'y' (yes). This is the correct way to bring an inactive LVM logical volume online so that it can be mounted and accessed.

Exam trap

CompTIA often tests the distinction between commands that modify LVM objects (like `lvextend`, `lvcreate`) versus commands that manage state (like `lvchange`), leading candidates to confuse activation with resizing or creation.

How to eliminate wrong answers

Option A is wrong because `lvextend` is used to increase the size of a logical volume, not to change its activation state. Option C is wrong because `lvscan` only scans and displays the status of all logical volumes; it does not modify their activation state. Option D is wrong because `lvcreate` is used to create a new logical volume, and the `-a y` flag would attempt to create a new volume named 'var' in volume group 'vg0' rather than activating an existing one.

618
Multi-Selecthard

A storage administrator is troubleshooting high disk I/O latency. Which THREE tools can provide detailed block I/O statistics at the device level? (Choose three.)

Select 3 answers
A.dd
B.iostat
C.iotop
D.fstrim
E.blktrace
AnswersB, C, E

Reports I/O statistics per device and partition.

Why this answer

B (iostat) is correct because it reports CPU utilization and device I/O statistics, including metrics like await, svctm, and %util, which are essential for diagnosing high disk I/O latency at the device level. It reads data from /proc/diskstats and provides per-device block I/O statistics.

Exam trap

Cisco often tests the distinction between tools that show I/O statistics (iostat, iotop, blktrace) versus tools that perform I/O operations (dd, fstrim), leading candidates to mistakenly select dd because it involves disk activity.

619
Multi-Selecteasy

Which TWO commands are used to view a file page by page?

Select 2 answers
A.tail
B.more
C.cat
D.head
E.less
AnswersB, E

more displays a file page by page.

Why this answer

The `more` and `less` commands are both pager utilities that display file contents one screen at a time, allowing the user to scroll forward (and in the case of `less`, backward) through the output. `more` is the traditional pager that pauses after each screenful, while `less` is a more feature-rich pager that supports backward navigation and searching. Both are correct for viewing a file page by page.

Exam trap

The trap here is that candidates may confuse `more` and `less` as being mutually exclusive or think only one is correct, but the question asks for TWO commands, and both are valid pagers; also, some might mistakenly think `cat` with a pipe to `more` or `less` counts, but the question asks for commands used directly to view a file page by page.

620
MCQmedium

Which shebang ensures maximum portability across systems for a Python script?

A.#!/usr/bin/env python3
B.#!/bin/python
C.#!/usr/bin/python
D.#!/usr/local/bin/python3
AnswerA

env uses PATH to locate python3, making it portable across different systems.

Why this answer

Option A is correct because `#!/usr/bin/env python3` uses the `env` utility to locate the `python3` interpreter in the user's `PATH`, making the script portable across different Unix-like systems where Python 3 may be installed in various directories (e.g., `/usr/bin/python3`, `/usr/local/bin/python3`). This shebang avoids hardcoding an absolute path, which is the key to maximum portability.

Exam trap

CompTIA often tests the misconception that hardcoding a common path like `/usr/bin/python` is safe, but the trap is that this path may point to Python 2 on many systems, while the question explicitly requires Python 3 and maximum portability.

How to eliminate wrong answers

Option B is wrong because `/bin/python` is a hardcoded path that often points to Python 2 on many systems, not Python 3, and may not exist at all on modern distributions that have moved Python 3 to `/usr/bin/python3`. Option C is wrong because `#!/usr/bin/python` is a hardcoded path that typically refers to Python 2 on many systems (e.g., RHEL/CentOS 7) and may not be present or may point to a different version, reducing portability. Option D is wrong because `#!/usr/local/bin/python3` is a hardcoded path that assumes Python 3 is installed in `/usr/local/bin`, which is not the default location on most Linux distributions (e.g., Debian/Ubuntu use `/usr/bin/python3`), breaking portability.

621
Multi-Selecthard

A DevOps team is designing a containerized application using Docker Compose. They need to ensure that the database container is started before the application container. Which of the following Docker Compose directives can be used to control startup order? (Choose TWO.)

Select 2 answers
A.volumes
B.links
C.environment
D.depends_on
E.healthcheck
AnswersD, E

It specifies dependencies between services.

Why this answer

depends_on ensures that the specified services are started first. healthcheck can be used to wait for a service to be healthy before starting dependent services.

622
MCQeasy

A Linux administrator wants to run a container that stops automatically after the main process exits. Which Docker run flag should be used?

A.--stop-timeout
B.--restart=always
C.--rm
D.-d
AnswerC

Correct. --rm removes the container once it stops.

Why this answer

The --rm flag automatically removes the container when it exits, which is appropriate when the container should stop and be cleaned up after its main process finishes.

623
MCQmedium

A system administrator is investigating high disk I/O on a server. Which command can provide disk utilization statistics, including average wait time (await) and percentage of CPU time during which I/O requests were issued (%util)?

A.free -h
B.sar -b 1 5
C.iostat -x 1
D.vmstat 1 5
AnswerC

iostat -x provides extended disk stats including await and %util.

Why this answer

The `iostat` command reports disk I/O statistics including await and %util.

624
MCQmedium

Based on the exhibit, why does the mv command fail?

A.The user has exceeded the disk quota on the /etc partition.
B.The /etc filesystem is mounted read-only.
C.SELinux is preventing the move due to file context mismatch.
D.The /etc directory does not have write permissions for root.
AnswerC

SELinux enforcing mode and context mismatch cause denial.

Why this answer

Option C is correct because SELinux enforces mandatory access controls that can prevent file operations even when standard Linux permissions (DAC) allow them. When moving a file from one directory to another, SELinux checks the file context of the source and the target directory; if the context of the file does not match the expected type for the target directory (e.g., moving a file with `unconfined_u:object_r:user_home_t` into `/etc` which expects `etc_t`), the move is denied. The `mv` command fails with a 'Permission denied' error, and the denial is logged in `/var/log/audit/audit.log`.

Exam trap

CompTIA often tests the distinction between DAC (standard Linux permissions) and MAC (SELinux) by presenting a scenario where root appears to have permission but the command still fails, leading candidates to overlook SELinux and incorrectly blame filesystem mount options or directory permissions.

How to eliminate wrong answers

Option A is wrong because disk quotas are enforced per filesystem and user, but `/etc` is a system partition that typically does not have user quotas enabled; moreover, the error message from a quota violation would be 'Disk quota exceeded', not 'Permission denied'. Option B is wrong because if `/etc` were mounted read-only, the `mv` command would fail for all users, including root, and the error would be 'Read-only file system', not a permission denial specific to the user. Option D is wrong because the root user (UID 0) always has write permission to `/etc` regardless of the directory's permission bits, as root bypasses DAC checks; the failure is due to SELinux, not standard Unix permissions.

625
MCQmedium

A user reports that a specific process is consuming too much CPU. The administrator needs to change the priority of the process to a lower value (nicer). Which command sequence is appropriate?

A.nice -n -10 <PID>
B.kill -15 <PID>
C.chrt --idle <PID>
D.renice +10 -p <PID>
AnswerD

Correct: renice +10 increases niceness (lower priority).

Why this answer

renice changes the priority of an already running process by PID.

626
Multi-Selecthard

A Linux system is experiencing kernel panics after a recent update. The administrator wants to boot into a previous kernel version to restore functionality. Which three steps are required to achieve this? (Select THREE).

Select 3 answers
A.After booting, edit /etc/default/grub and set GRUB_DEFAULT to the saved entry, then run update-grub
B.At the GRUB menu, press 'e' to edit the boot entry
C.Run 'yum reinstall kernel' to revert to the previous version
D.Edit /etc/fstab to change root filesystem parameters
E.Select the old kernel from the 'Advanced options for Ubuntu' submenu
AnswersA, B, E

Makes the old kernel the default for future boots.

Why this answer

Option A is correct because after booting into a working kernel, editing /etc/default/grub to set GRUB_DEFAULT to 'saved' and running update-grub (or grub-mkconfig) ensures that the GRUB bootloader will remember and default to the last successfully booted kernel, which can be the previous version. This step is necessary to make the temporary fix persistent across reboots.

Exam trap

CompTIA often tests the distinction between temporary boot fixes (editing GRUB entries at boot time) and permanent configuration changes (editing /etc/default/grub and running update-grub), and candidates may mistakenly think that reinstalling the kernel package reverts to a previous version.

627
MCQmedium

A server running Ubuntu 20.04 has a custom application that is started as a systemd service. The service often fails to start after a system reboot, although it can be started manually with 'systemctl start myapp' without errors. The administrator checks the service status after boot and sees 'Failed to start myapp.service: Unit is not loaded properly: Invalid argument'. Which of the following is the most likely cause of this issue?

A.The service binary does not exist at the specified path.
B.The ExecStart line in the unit file contains an invalid parameter or malformed path.
C.The service uses a Type=oneshot but no RemainAfterExit=yes is set.
D.The service file has a missing [Install] section.
AnswerB

Invalid arguments in ExecStart cause 'Invalid argument' error during loading.

Why this answer

The error 'Invalid argument' typically indicates a syntax error or invalid directive in the unit file. The most common cause is an incorrect path or syntax in the ExecStart line. Option A is correct.

Option B would show a 'not found' error. Option C could be a cause but would produce a different error like 'unrecognized option'. Option D might cause a 'timeout' error.

628
MCQmedium

An administrator notices that a non-root user 'alice' can run commands as root without being in the sudoers file. Which group membership could allow this?

A.admin
B.wheel
C.root
D.sudo
AnswerB

Members of wheel group often have sudo privileges.

Why this answer

Option B is correct because on many Linux distributions, membership in the 'wheel' group is a standard mechanism that allows non-root users to execute commands with root privileges via the 'su' command, even if they are not listed in the sudoers file. The 'wheel' group is traditionally used to control access to the 'su' utility, and by default, PAM (Pluggable Authentication Modules) configuration often permits members of the 'wheel' group to switch to the root user without additional sudo configuration.

Exam trap

The trap here is that candidates often focus solely on sudo and the 'sudo' group, overlooking the alternative privilege escalation path through the 'wheel' group and the 'su' command, which is a common misconfiguration in Linux security audits.

How to eliminate wrong answers

Option A is wrong because the 'admin' group is not a standard Linux group for privilege escalation; on some older Ubuntu systems, 'admin' was used for sudo access, but it is not a default mechanism for 'su' and has been replaced by the 'sudo' group. Option C is wrong because the 'root' group is the primary group of the root user itself, and membership in it does not grant a non-root user the ability to run commands as root; it only provides group-level file access permissions. Option D is wrong because the 'sudo' group is used to grant sudo privileges via the sudoers file, but the question specifies that the user is NOT in the sudoers file, so membership in the 'sudo' group alone would not allow root command execution without a corresponding sudoers entry.

629
Multi-Selectmedium

An administrator needs to check the status of NetworkManager connections and devices. Which TWO commands provide this information?

Select 2 answers
A.nmcli device show
B.nmcli dev status
C.nmcli con show
D.ifconfig -a
E.ip link show
AnswersB, C

Shows device status (connected, disconnected, etc.).

Why this answer

The `nmcli dev status` command (option B) displays a summary of all NetworkManager-managed devices and their connection states, such as 'connected' or 'disconnected'. The `nmcli con show` command (option C) lists all configured connections (profiles) and their current status, including whether they are active. Together, these two commands provide the administrator with both device-level and connection-level status information required by the question.

Exam trap

The trap here is that candidates often confuse `nmcli device show` (detailed device info) with `nmcli dev status` (summary status), or assume that legacy commands like `ifconfig` or `ip link show` can report NetworkManager-specific connection states, which they cannot.

630
MCQhard

An administrator is configuring a chroot jail for an SFTP user. Which directive in /etc/ssh/sshd_config is used for this purpose?

A.ChrootDirectory /home/%u
B.Subsystem sftp internal-sftp
C.ForceCommand internal-sftp
D.Match Group sftpusers
AnswerA

This sets the chroot directory for the user.

Why this answer

The ChrootDirectory directive in /etc/ssh/sshd_config specifies the path to the directory that will be used as a chroot jail for the user. When set to /home/%u, %u is replaced by the username, confining the SFTP user to their home directory. This is the standard way to restrict an SFTP user's file system access to a specific directory tree.

Exam trap

The trap here is that candidates confuse the directive that enables SFTP (Subsystem or ForceCommand) with the directive that actually creates the chroot jail (ChrootDirectory), leading them to select a functional but incomplete option.

How to eliminate wrong answers

Option B is wrong because Subsystem sftp internal-sftp enables the built-in SFTP subsystem but does not itself enforce a chroot jail; it must be combined with ChrootDirectory or other restrictions. Option C is wrong because ForceCommand internal-sftp forces the user to use only SFTP (not SSH shell), but it does not confine the user to a specific directory; chroot requires ChrootDirectory. Option D is wrong because Match Group sftpusers is a conditional block that applies settings to a group, but it is not a directive that sets the chroot path; ChrootDirectory must be placed inside or outside the Match block to actually define the jail.

631
MCQeasy

A Linux administrator needs to implement file integrity monitoring to detect unauthorized changes to critical system binaries. The administrator decides to use the 'aide' tool. After installing AIDE and initializing the database with 'aide --init', the database is placed at /var/lib/aide/aide.db.new.gz. The administrator then runs 'aide --check' and receives several warnings about files in /tmp being modified. However, the administrator is not concerned about /tmp. What is the simplest way to exclude the /tmp directory from future checks?

A.Run 'aide --update' to update the database with current state of /tmp
B.Move the database to a different location so /tmp is not included
C.Run 'aide --check --verbose' to see more details and manually ignore /tmp messages
D.Edit /etc/aide.conf to add a '!/tmp' directive to exclude /tmp from checking, then run 'aide --init' to rebuild the database
AnswerD

The exclamation mark in aide.conf excludes a directory from monitoring.

Why this answer

Option D is correct because AIDE uses a configuration file (/etc/aide.conf) to define which directories and files to monitor. Adding '!/tmp' to this file tells AIDE to exclude the /tmp directory from all future checks. After editing the configuration, running 'aide --init' rebuilds the database based on the new rules, ensuring /tmp is no longer tracked.

Exam trap

The trap here is that candidates may think '--update' or moving the database will exclude directories, when in fact only the configuration file controls which paths are monitored.

How to eliminate wrong answers

Option A is wrong because 'aide --update' updates the database to reflect the current state of /tmp, which would record the modified files as the new baseline, not exclude /tmp from future checks. Option B is wrong because moving the database does not change the configuration; AIDE still checks the paths defined in /etc/aide.conf, and /tmp would remain included. Option C is wrong because '--check --verbose' only provides more detailed output but does not suppress warnings or alter the configuration; the administrator would still see warnings about /tmp in every subsequent check.

632
MCQeasy

A Linux administrator needs to view the last 10 lines of a log file named 'syslog'. Which command should be used?

A.cat syslog
B.head -10 syslog
C.less syslog
D.tail -10 syslog
AnswerD

Tail -10 shows the last 10 lines of the file.

Why this answer

The 'tail' command outputs the last lines of a file; by default it shows 10 lines.

633
MCQhard

A Linux engineer is troubleshooting a boot issue. The system boots to a command-line interface but does not start the graphical interface. Which systemd target should be set as default to boot into a graphical environment?

A.emergency.target
B.rescue.target
C.graphical.target
D.multi-user.target
AnswerC

This target boots into a graphical environment.

Why this answer

graphical.target is the systemd target for a graphical user interface.

634
MCQhard

A server running Ubuntu 22.04 has AppArmor enabled. After installing a new application, the application is denied access to certain files even though the permissions are correct. The administrator checks the AppArmor profile and finds it is in enforce mode. Which command can be used to temporarily set the profile to complain mode to generate log entries for needed accesses?

A.systemctl restart apparmor
B.aa-enforce /usr/bin/application
C.aa-complain /usr/bin/application
D.apparmor_parser -r /etc/apparmor.d/usr.bin.application
AnswerC

Sets profile to complain mode, logging denials.

Why this answer

Option C, `aa-complain /usr/bin/application`, is correct because it sets the specified AppArmor profile to complain mode, which logs policy violations without blocking access. This allows the administrator to identify which accesses the application needs by reviewing the generated log entries, typically in `/var/log/syslog` or via `ausearch`, while the application continues to run.

Exam trap

The trap here is that candidates confuse `aa-complain` with `aa-enforce` or think that restarting the AppArmor service or reloading the profile will change the mode, when in fact only `aa-complain` or `aa-enforce` directly alter the profile's operational mode.

How to eliminate wrong answers

Option A is wrong because `systemctl restart apparmor` restarts the entire AppArmor service, which does not change the mode of an individual profile to complain mode; it only reloads all profiles in their current state. Option B is wrong because `aa-enforce /usr/bin/application` sets the profile to enforce mode, which is the opposite of what is needed—it would continue blocking access rather than logging. Option D is wrong because `apparmor_parser -r /etc/apparmor.d/usr.bin.application` reloads the profile from disk but does not change its mode; the profile remains in enforce mode if that is how it was defined.

635
MCQmedium

A systems administrator wants to build a custom Docker image from a Dockerfile located in the current directory. Which command should be used?

A.docker create .
B.docker commit .
C.docker build .
D.docker image build .
AnswerC

Builds from Dockerfile.

Why this answer

The `docker build .` command reads the Dockerfile from the current directory and builds a custom Docker image from its instructions. This is the standard command for building an image from a Dockerfile, where the dot represents the build context (the current directory).

Exam trap

The trap here is that candidates may confuse `docker build` with the deprecated `docker image build` syntax or mistakenly think `docker commit` can build from a Dockerfile, when it actually captures container state changes.

How to eliminate wrong answers

Option A is wrong because `docker create .` creates a new container from an existing image, not from a Dockerfile; it expects an image name, not a path. Option B is wrong because `docker commit .` creates a new image from a container's changes, not from a Dockerfile; it requires a container ID or name, not a directory. Option D is wrong because `docker image build .` is not a valid Docker command; the correct subcommand is `docker build`, not `docker image build`.

636
Multi-Selectmedium

A Linux administrator is writing a Bash script that must handle errors gracefully. Which TWO of the following techniques ensure the script exits on error and provides debugging information? (Select TWO.)

Select 2 answers
A.set -u
B.trap 'echo error' ERR
C.set -x
D.set -e
E.set -o pipefail
AnswersC, D

Prints commands and arguments for debugging.

Why this answer

set -e makes the script exit on any command failure. set -x prints commands as they are executed, aiding debugging. Together they ensure error exit and debugging output.

637
MCQmedium

A Linux administrator wants to search for all occurrences of the word 'ERROR' in log files under /var/log, ignoring case, and also print the line numbers. Which command should be used?

A.grep -vi 'ERROR' /var/log
B.grep -rin 'ERROR' /var/log
C.grep -rn 'ERROR' /var/log
D.find /var/log -name '*ERROR*'
AnswerB

Correct: -r recursive, -i ignore case, -n line numbers.

Why this answer

grep -rin 'ERROR' /var/log searches recursively, ignores case, and prints line numbers. -i for case-insensitive, -n for line numbers, -r for recursive.

638
MCQhard

Refer to the exhibit. A system administrator notices that the SSH service has failed. What is the most likely cause?

A.The SSH configuration file has a syntax error.
B.Another process is already using port 22.
C.The firewall is blocking port 22.
D.The SSH service is not enabled to start on boot.
AnswerB

The error 'Address already in use' indicates port conflict.

Why this answer

The error message indicates that the address is already in use, meaning another process is already listening on port 22.

639
MCQhard

A Linux server has SELinux enforcing and a custom application needs to write to /var/log/app.log. The audit log shows 'avc: denied { write } for pid=1234'. After verifying that the application runs in the correct domain, which command should be used to allow the write access by generating a policy module?

A.ausearch -m avc | audit2allow -M myapp
B.chcon -t var_log_t /var/log/app.log
C.setsebool -P httpd_unified 1
D.restorecon -v /var/log/app.log
AnswerA

Correct: ausearch retrieves AVC messages, audit2allow creates policy module.

Why this answer

audit2allow reads audit messages and generates SELinux policy allow rules. ausearch can retrieve the specific denial, then audit2allow creates the module.

640
MCQhard

A system administrator is using Ansible to deploy a web application across multiple servers. The playbook uses a variable `app_version` defined in a group_vars file for the `webservers` group. The playbook fails with the error: 'ERROR! 'app_version' is undefined'. The administrator confirms that the variable is correctly spelled and defined in `/etc/ansible/group_vars/webservers`. The playbook runs successfully on the Ansible control node but fails on all managed nodes. What is the most likely cause of this error?

A.The variable `app_version` is misspelled in the task.
B.The group_vars file is not being loaded because the inventory path is not correctly specified.
C.The playbook uses `loop` keyword incorrectly.
D.The playbook is missing a `vars_files` directive to include the variable file.
AnswerB

Ansible loads group_vars relative to the inventory; incorrect path causes undefined variables.

Why this answer

The error 'app_version' is undefined despite the variable being correctly defined in `/etc/ansible/group_vars/webservers` indicates that Ansible is not loading that group_vars file. This typically happens when the inventory path specified in the ansible.cfg or command line does not point to the directory containing the group_vars folder. Ansible automatically loads group_vars only from the directory where the inventory file resides, not from a hardcoded path like `/etc/ansible/group_vars/` unless the inventory is also located there.

Exam trap

The trap here is that candidates assume group_vars files are always loaded from a global path like `/etc/ansible/group_vars/`, but Ansible only loads them relative to the inventory location, not from an absolute path unless the inventory itself is in that directory.

How to eliminate wrong answers

Option A is wrong because the administrator confirmed the variable is correctly spelled in the task, so a misspelling is not the issue. Option C is wrong because the error message is about an undefined variable, not a loop syntax error; an incorrect `loop` keyword would produce a different error like 'ERROR! 'loop' is not a valid attribute'. Option D is wrong because group_vars files are automatically loaded by Ansible based on the inventory group name; a `vars_files` directive is not required for group_vars, only for custom variable files not following the group_vars naming convention.

641
MCQmedium

A company policy requires that only the root user can schedule cron jobs. Which configuration ensures this?

A.Create /etc/cron.allow with only 'root'
B.Add 'root' to /etc/crontab
C.Set /usr/bin/crontab permissions to 700
D.Add all non-root users to /etc/cron.deny
AnswerA

If /etc/cron.allow exists, only users listed can use crontab. Listing only root restricts it to root.

Why this answer

Option A is correct because the /etc/cron.allow file explicitly lists users who are permitted to schedule cron jobs. When this file exists, only users listed in it can use crontab, and all others are denied — even if /etc/cron.deny exists. By placing only 'root' in /etc/cron.allow, the policy that only root can schedule cron jobs is enforced.

Exam trap

The trap here is that candidates often think modifying file permissions on the crontab binary (Option C) is the correct way to restrict cron access, when the actual Linux standard is to use the /etc/cron.allow and /etc/cron.deny files for user-level access control.

How to eliminate wrong answers

Option B is wrong because /etc/crontab is the system-wide cron table used for system maintenance tasks, not a configuration file that restricts which users can schedule cron jobs; adding 'root' to it does nothing to prevent other users from using crontab. Option C is wrong because setting /usr/bin/crontab permissions to 700 would prevent all non-root users from executing the crontab command, but this is a blunt, non-standard approach that breaks expected behavior (e.g., cron jobs for system services) and is not the intended mechanism for user-based access control. Option D is wrong because adding all non-root users to /etc/cron.deny would deny them only if /etc/cron.allow does not exist; if /etc/cron.allow exists, it takes precedence and /etc/cron.deny is ignored — so this does not reliably ensure that only root can schedule cron jobs.

642
Multi-Selecthard

A system is running slowly and the administrator suspects a memory leak. Which THREE commands or tools can be used to analyze memory usage and identify processes consuming excessive memory? (Choose three.)

Select 3 answers
A.strace -p PID
B.ps aux --sort=-%mem
C.iostat -x
D.vmstat 1
E.free -h
AnswersB, D, E

ps lists processes sorted by memory usage.

Why this answer

free shows overall memory. ps can sort by RSS. vmstat shows memory stats. iostat is disk I/O. strace traces system calls, not memory usage directly.

643
MCQhard

A system administrator is investigating why a particular process is not responding. They run strace on the process but get no output. What could be the most likely reason?

A.The process is already being traced by another strace instance.
B.The administrator does not have permission to trace that process.
C.The process is a kernel thread.
D.The process is a zombie process.
AnswerB

Non-root users need CAP_SYS_PTRACE or same UID. If not, strace attaches but gets no events, or fails silently depending on configuration.

Why this answer

The most likely reason strace produces no output is that the administrator lacks the necessary permissions to trace the process. By default, strace uses the ptrace system call, which requires either root privileges or the same user ID as the target process, and the process must not have the `dumpable` attribute set to 0 (e.g., via prctl(PR_SET_DUMPABLE, 0)). Without proper permissions, strace fails silently or returns an error like 'Operation not permitted' depending on the output configuration.

Exam trap

CompTIA often tests the misconception that strace always produces output or that permission issues result in a clear error message, when in fact strace may produce no output if stderr is not captured or if the process is non-dumpable.

How to eliminate wrong answers

Option A is wrong because if the process were already being traced by another strace instance, strace would typically report an error such as 'ptrace: Operation not permitted' or 'ptrace: Device or resource busy', not produce no output. Option C is wrong because kernel threads are not user-space processes and cannot be traced with strace; attempting to attach would result in an immediate error, not silent no output. Option D is wrong because a zombie process has already terminated and has no executable code to trace; strace would fail to attach with an error like 'No such process' or 'ESRCH'.

644
MCQmedium

An Ansible playbook includes the following task: 'ansible.builtin.service: name=nginx state=restarted'. However, the playbook fails with 'module not found'. What is the most likely cause?

A.The playbook is not in the correct directory.
B.The module name uses the wrong FQCN. The correct module is 'ansible.builtin.systemd_service'.
C.The target host does not have nginx installed.
D.The control node does not have Python installed.
AnswerB

The module 'service' has been replaced by 'systemd_service' in newer Ansible.

Why this answer

The error 'module not found' indicates that Ansible cannot locate the module specified in the task. The correct fully qualified collection name (FQCN) for the service module in the `ansible.builtin` collection is `ansible.builtin.service`, not `ansible.builtin.systemd_service`. The `systemd_service` module does not exist in the `ansible.builtin` collection; the correct module for managing systemd services is `ansible.builtin.systemd`, but the standard service module (`ansible.builtin.service`) works across init systems and is the appropriate choice here.

Exam trap

The trap here is that candidates may assume a systemd-specific module name exists (like `systemd_service`) because of the `state=restarted` parameter, but the correct module is simply `ansible.builtin.service`, which handles restarts across all init systems.

How to eliminate wrong answers

Option A is wrong because the playbook's directory location does not affect module resolution; Ansible searches for modules in its configured library paths and collections, not the playbook's directory. Option C is wrong because the error is 'module not found', not a failure related to nginx not being installed; if nginx were missing, the error would be about package or service state, not module resolution. Option D is wrong because the control node's Python installation is not the direct cause of a 'module not found' error; Python is required for module execution, but the error here is about the module name not being recognized by Ansible's module loader.

645
MCQmedium

A Linux administrator needs to remove a package installed via RPM and all its configuration files. Which command should the administrator use?

A.rpm -e package
B.rpm -V package
C.rpm -e --allmatches package
D.rpm -e --nodeps package
AnswerA

Correct: rpm -e removes the package and its configuration files.

Why this answer

rpm -e --nodeps removes the package but ignores dependencies; rpm -e --allmatches removes all versions; rpm -e package removes the package but leaves config files; rpm -V verifies package. To remove config files, use -e with --nodeps may still leave config. Actually, rpm -e removes the package and config files by default.

But among options, only rpm -e package is the correct removal; the other options are either verification or incorrect. However, the question asks to remove and all config files. rpm -e does that. Option A is rpm -V (verify).

Option B is rpm -e --nodeps (ignores dependencies, still removes config). Option C is rpm -e --allmatches (removes all versions). Option D is rpm -e package (standard removal).

All three removal options remove config? Actually rpm -e removes config files. So the best answer: rpm -e package. But note: --nodeps might be used if dependencies are a problem, but the question doesn't mention dependencies.

So the most straightforward is rpm -e package.

646
MCQeasy

An administrator wants to test SMTP connectivity to a mail server without actually delivering an email. Which curl command is most appropriate?

A.curl --resolve mail.example.com:25:10.0.0.1 smtp://mail.example.com
B.curl -v smtp://mail.example.com:25
C.curl -o /dev/null smtp://mail.example.com
D.curl -I smtp://mail.example.com
AnswerB

curl can handle smtp:// and shows verbose output.

Why this answer

curl -v smtp://mail.example.com:25 connects to SMTP and shows handshake. -I sends HEAD, not SMTP. --resolve is for DNS override.

647
MCQhard

Refer to the exhibit. A remote user is unable to SSH to the server. Based on the journalctl output, what is the most likely cause?

A.The user is entering the wrong password
B.The SSH service is not running
C.The user's IP address is in the hosts.deny file
D.The SSH port is blocked by a firewall
AnswerA

Failed password attempt is logged.

Why this answer

The journalctl output shows 'Failed password for user' followed by 'Connection closed by authenticating user', which indicates that the SSH authentication process was attempted but failed due to an incorrect password. This log entry is generated by the SSH daemon (sshd) when a password authentication attempt fails, and the connection is subsequently closed. No other errors (e.g., connection refused, timeout, or denied by hosts.deny) are present, making incorrect password the most likely cause.

Exam trap

CompTIA often tests the distinction between authentication failures (password/keys) and connectivity failures (service down, firewall, hosts.deny) — the trap here is that candidates see 'Connection closed' and assume a firewall or hosts.deny block, but the 'Failed password' line clearly pinpoints the authentication phase.

How to eliminate wrong answers

Option B is wrong because if the SSH service were not running, the journalctl output would show 'Connection refused' or 'sshd[pid]: fatal: Cannot bind any address' errors, not a failed password attempt. Option C is wrong because if the user's IP were in hosts.deny, the log would show 'Connection closed by [IP]' with a 'refused connect' or 'denied by tcp_wrappers' message, not a password failure. Option D is wrong because a firewall blocking the SSH port would prevent any TCP connection to port 22, resulting in a 'Connection timed out' or 'No route to host' error from the client, not a failed password log on the server.

648
MCQmedium

A newly configured DNS server is unable to resolve any queries from clients. The server is running and network connectivity is verified. What should the administrator check first?

A.Check /etc/resolv.conf on clients
B.Check if DNS service is bound to the loopback address
C.Check if the DNS service is listening on UDP port 53
D.Reboot the DNS server
AnswerC

If the service is not listening, queries cannot be answered.

Why this answer

The most common reason a DNS server fails to resolve queries despite being running and having network connectivity is that the DNS service is not listening on UDP port 53, which is the default port for DNS queries per RFC 1035. Checking this with a command like `ss -ulpn | grep :53` or `netstat -uan | grep :53` directly verifies whether the service is actually accepting incoming queries. This is the first logical step before investigating client-side configurations or rebooting.

Exam trap

The trap here is that candidates often jump to checking client-side resolv.conf or rebooting the server, overlooking the simple verification of whether the DNS service is actually listening on the correct port and protocol (UDP 53) as the first logical troubleshooting step.

How to eliminate wrong answers

Option A is wrong because /etc/resolv.conf on clients defines which DNS servers to query, but the issue is that the server itself cannot resolve queries, not that clients are misconfigured. Option B is wrong because checking if the DNS service is bound to the loopback address (127.0.0.1) would only matter if the server were meant to serve only localhost; the problem is about external queries failing, and binding to loopback would prevent external access, but the more fundamental check is whether the service is listening at all on the correct port. Option D is wrong because rebooting the server is a brute-force, non-diagnostic step that should only be considered after verifying service configuration and port availability; it does not identify the root cause.

649
MCQeasy

A technician needs to find out which port the SSH daemon is listening on. Which command will show this information?

A.lsof -i :22
B.nmap -p 22 localhost
C.netstat -i
D.ss -tlnp
AnswerD

Lists all listening TCP sockets with port numbers and process info.

Why this answer

The `ss -tlnp` command displays listening TCP sockets with numeric addresses and the associated process information. The `-t` flag filters for TCP, `-l` shows only listening sockets, `-n` prevents DNS resolution, and `-p` reveals the PID and program name. Since SSH daemon (sshd) listens on TCP port 22 by default, this command will show the listening port and the sshd process.

Exam trap

The trap here is that candidates often choose `lsof -i :22` because it shows port 22 activity, but they overlook that it does not specifically filter for listening sockets and may require elevated privileges, whereas `ss -tlnp` is the precise tool for listing listening daemons.

How to eliminate wrong answers

Option A is wrong because `lsof -i :22` shows all open files related to port 22, including established connections, not just the listening daemon; it also requires root privileges to see all processes and may not be installed by default. Option B is wrong because `nmap -p 22 localhost` performs a port scan, which tests connectivity to port 22 but does not show which process is listening or the daemon's configuration; it is a scanning tool, not a process inspection tool. Option C is wrong because `netstat -i` displays interface statistics (packets, errors, etc.), not listening ports or socket information; it is unrelated to finding the SSH daemon's listening port.

650
MCQeasy

A system administrator needs to ensure that only specific users can execute the 'sudo' command. Which configuration file should be modified?

A./etc/sudoers
B./etc/shadow
C./etc/passwd
D./etc/group
AnswerA

This file specifies which users or groups can run sudo and which commands.

Why this answer

The /etc/sudoers file controls which users and groups can execute commands with elevated privileges via the sudo utility. It uses a specific syntax to define user privileges, such as 'username ALL=(ALL) ALL', and must be edited with the visudo command to prevent syntax errors that could lock out administrative access. Modifying this file is the standard method for granting or restricting sudo access on Linux systems.

Exam trap

CompTIA often tests the misconception that /etc/group or /etc/passwd controls sudo privileges, but only /etc/sudoers (or files in /etc/sudoers.d/) defines sudo access, and it must be edited with visudo to enforce syntax checking.

How to eliminate wrong answers

Option B is wrong because /etc/shadow stores encrypted user passwords and password aging information, not sudo permissions. Option C is wrong because /etc/passwd contains basic user account information (username, UID, GID, home directory, shell) but does not control sudo access. Option D is wrong because /etc/group defines user group memberships, but sudo privileges are not managed through this file; while groups can be referenced in /etc/sudoers, the file itself is not the configuration file for sudo permissions.

651
Multi-Selectmedium

An administrator needs to permanently disable a systemd service from starting at boot. Which two commands can achieve this? (Choose two.)

Select 2 answers
A.systemctl stop servicename
B.systemctl kill servicename
C.systemctl disable servicename
D.systemctl unmask servicename
E.systemctl mask servicename
AnswersC, E

Removes symlinks to prevent startup at boot.

Why this answer

systemctl disable and systemctl mask both prevent a service from starting at boot, but mask also prevents manual start.

652
Multi-Selectmedium

A Linux administrator wants to search for the pattern 'ERROR' in all files under /var/log, ignoring case, and display line numbers. Which THREE options should be used with the grep command? (Select THREE).

Select 3 answers
A.-c
B.-i
C.-v
D.-n
E.-r
AnswersB, D, E

Ignores case distinctions.

Why this answer

grep -r for recursive, -i for case-insensitive, -n for line numbers.

653
MCQhard

A process is running with a nice value of 5. The system administrator wants to increase its priority (lower the nice value) to -5 but is not the owner of the process. What must the administrator do first to achieve this?

A.Use renice -n +10
B.Use the nice command with -n -5
C.Use renice with root privileges via sudo
D.Use kill -SIGSTOP to stop the process then restart
AnswerC

Correct: renice requires root to change priority of another user's process.

Why this answer

Only root can increase priority (lower nice value) of another user's process. The administrator must use sudo or become root to run renice. Option A is incorrect because nice command starts a new process.

Option C is correct: run renice with sudo. Option D is incorrect because renice -n +10 would lower priority (increase nice).

654
MCQeasy

A DevOps engineer needs to run a Docker container in the background with port mapping from host port 8080 to container port 80, and name the container 'webapp'. Which command accomplishes this?

A.docker start -d -p 8080:80 --name webapp nginx
B.docker create -d -p 8080:80 --name webapp nginx
C.docker run -d -p 8080:80 --name webapp nginx
D.docker compose up -d -p 8080:80 --name webapp nginx
AnswerC

Correct. -d runs detached, -p maps ports, --name assigns a name.

Why this answer

The docker run command with -d (detach), -p (port mapping), and --name options is the correct way to run a container in the background with port mapping and a name.

655
MCQhard

A script needs to iterate over all .txt files in a directory. Which loop structure correctly implements this?

A.while read line; do
B.select option; do
C.until condition; do
D.for f in *.txt; do
AnswerD

This bash loop iterates over each .txt file in the current directory.

Why this answer

The `for f in *.txt; do` loop is correct because it uses shell globbing to expand `*.txt` into a list of all .txt filenames in the current directory, then iterates over each filename. This is the standard and most efficient way to process a set of files matching a pattern in Bash and POSIX shell scripting.

Exam trap

The trap here is that candidates may confuse `while read` (which processes lines of text) with iterating over files, or think `select` is a general-purpose loop, when in fact only `for` with a glob pattern directly matches the requirement of iterating over all .txt files.

How to eliminate wrong answers

Option A is wrong because `while read line; do` reads lines from stdin or a file, not filenames matching a pattern, and would require piping `ls *.txt` or similar, which is fragile and not the intended loop for file iteration. Option B is wrong because `select option; do` is used to present a menu of choices to the user for interactive selection, not for iterating over files. Option C is wrong because `until condition; do` runs the loop until a condition becomes true, and does not inherently iterate over a list of files; it would need an explicit counter or file list to work.

656
MCQmedium

A technician needs to replace the string 'oldhost' with 'newhost' in the file /etc/hostname. Which sed command will perform this change in-place?

A.sed -i '/oldhost/d' /etc/hostname
B.sed 'y/oldhost/newhost/' /etc/hostname
C.sed -i 's/oldhost/newhost/g' /etc/hostname
D.sed 's/oldhost/newhost/g' /etc/hostname
AnswerC

Correct: -i for in-place, s/oldhost/newhost/g for substitution.

Why this answer

sed -i with s/pattern/replacement/ does an in-place substitution.

657
Multi-Selecthard

An administrator suspects that a malicious process is running and wants to list all processes, including those without a controlling terminal, and see their full command line. Which two commands can provide this information? (Select TWO.)

Select 2 answers
A.lsof
B.ps -eo pid,cmd
C.ps aux
D.ps -ef
E.top -b -n 1
AnswersC, D

Shows all processes with full command line.

Why this answer

ps aux shows all users, all processes, including those without tty, and includes the full command line. ps -ef also shows full listing with command line.

658
MCQeasy

A user reports that a script in /home/user/script.sh fails to execute. The output of 'ls -l script.sh' is '-rw-r--r-- 1 user user 1024 Apr 1 10:00 script.sh'. Which command should be used to make the script executable for all users?

A.chmod 644 script.sh
B.chmod a+x script.sh
C.chmod u+x script.sh
D.chmod 755 script.sh
AnswerB

Correct: a+x adds execute permission for all users (owner, group, others).

Why this answer

The file is currently not executable (rw-r--r--). To add execute permission for all users, use chmod a+x or chmod +x.

659
MCQhard

An administrator is troubleshooting a web server that is running under SELinux enforcing mode. The web content is located in a non-standard directory /webfiles. Using the standard SELinux context 'httpd_sys_content_t', the files are still inaccessible. Which command will properly set the context recursively and persist across relabels?

A.semanage fcontext -a -t httpd_sys_content_t '/webfiles(/.*)?' ; restorecon -Rv /webfiles
B.chcon -R -t httpd_sys_content_t /webfiles
C.setenforce 0
D.restorecon -Rv /webfiles
AnswerA

semanage adds the context rule to the policy, and restorecon applies it recursively. This persists across relabels.

Why this answer

Option A is correct because `semanage fcontext -a -t httpd_sys_content_t '/webfiles(/.*)?'` adds a file-context mapping to the SELinux policy database, ensuring the context survives a `restorecon` or filesystem relabel. The subsequent `restorecon -Rv /webfiles` applies that context recursively to the directory. Without the `semanage` entry, `restorecon` alone would revert to the default context (often `default_t`), which is not accessible by httpd.

Exam trap

The trap here is that candidates often think `restorecon` alone is sufficient to set a custom context, forgetting that it only applies the default policy mapping; without a prior `semanage fcontext` entry, the context will not persist across relabels.

How to eliminate wrong answers

Option B is wrong because `chcon -R -t httpd_sys_content_t /webfiles` sets the context temporarily in the extended attributes, but it does not persist across a `restorecon` or a full filesystem relabel (e.g., after `fixfiles` or `touch /.autorelabel`). Option C is wrong because `setenforce 0` disables SELinux entirely, which bypasses the problem rather than solving it, and is not a proper configuration for a production system requiring enforcing mode. Option D is wrong because `restorecon -Rv /webfiles` alone only resets the context to the default policy mapping; since `/webfiles` is non-standard and has no `semanage` entry, it would set the context to `default_t` (or `unlabeled_t`), which httpd cannot access.

660
MCQhard

A sysadmin is tasked with creating a script that will run only on weekdays at 9:00 AM using cron. The script should not run on holidays. Which approach best achieves this requirement?

A.Use systemd timers with a calendar specification that excludes holidays
B.Use cron to run at 9:00 on weekdays, and include a test in the script that checks a holiday list
C.Use cron to run at 9:00 every day, and include conditional logic to abort on weekends
D.Use `at` to schedule the job individually each weekday morning
AnswerB

This ensures the script runs on weekdays but can skip holidays by checking within the script.

Why this answer

Option B is correct because cron can schedule the script to run at 9:00 AM on weekdays using the day-of-week field (e.g., `0 9 * * 1-5`), and the script itself can check a holiday list (e.g., a file or API) to exit early on holidays. This approach cleanly separates scheduling from holiday logic, avoiding cron's lack of built-in holiday awareness.

Exam trap

CompTIA often tests the misconception that cron can directly handle holidays, when in fact cron has no concept of holidays and requires external logic (like a script check) to skip them.

How to eliminate wrong answers

Option A is wrong because systemd timers do not natively support excluding arbitrary holidays; they use calendar expressions that can only exclude fixed patterns (e.g., specific dates), not dynamic holiday lists. Option C is wrong because running the script every day and aborting on weekends wastes resources and adds unnecessary complexity; cron's weekday field already handles weekends efficiently. Option D is wrong because using `at` requires manual or scripted scheduling each morning, which is impractical for a recurring weekday job and lacks the built-in weekday filtering that cron provides.

661
MCQeasy

Sarah is a Linux systems administrator for a company that runs a web application inside a Podman container. The container is launched using a systemd service file on a Red Hat Enterprise Linux 8 server. The service file is located at /etc/systemd/system/webapp.service and includes an ExecStart directive that runs `podman run -d --name webapp -p 80:80 nginx`. The server was recently rebooted for kernel updates. After the reboot, the web application is not responding. Sarah logs in and runs `systemctl status webapp.service`, which shows the service is 'disabled' and 'inactive'. She wants to ensure that the container starts automatically after every future reboot. What should Sarah do?

A.Add the line `@reboot /usr/bin/podman start webapp` to root's crontab.
B.Modify the container image to include a restart policy of 'always'.
C.Run `systemctl enable webapp.service` and then start the service.
D.Run `podman generate systemd --new --name webapp` to create a new systemd unit.
AnswerC

Correct: Enabling the systemd service ensures it starts on boot.

Why this answer

Option C is correct because `systemctl enable webapp.service` creates the necessary symlinks to start the service automatically at boot, and `systemctl start webapp.service` immediately starts the container. Since the service is currently disabled and inactive, enabling it ensures the systemd unit is triggered on future reboots, which will execute the `ExecStart` command to run the Podman container.

Exam trap

The trap here is that candidates confuse enabling a systemd service with setting a container's restart policy, thinking that `--restart=always` in the Podman command will survive a reboot, when in fact systemd must be enabled to launch the service after boot.

How to eliminate wrong answers

Option A is wrong because adding a `@reboot` cron job to start the container is a workaround that bypasses systemd's native boot management, leading to potential race conditions and lack of proper dependency handling. Option B is wrong because modifying the container image's restart policy (e.g., `--restart=always`) only affects the container's behavior within Podman, not the systemd service's enablement; after a reboot, the systemd service must be enabled to launch the container. Option D is wrong because `podman generate systemd --new --name webapp` creates a new systemd unit file, but the existing service file at `/etc/systemd/system/webapp.service` already exists and is correctly configured; generating a new unit would be redundant and does not address the need to enable the existing service.

662
MCQhard

A Linux administrator is troubleshooting network connectivity. The server can ping its own IP address but cannot ping the default gateway. The output of 'ip route show' is: 'default via 10.0.0.1 dev eth0 proto static metric 100'. The output of 'ping -c 1 10.0.0.1' fails with 'Destination Host Unreachable'. Which of the following is the MOST likely cause?

A.The eth0 interface is down.
B.The gateway is down or not responding.
C.The default gateway is not set.
D.The subnet mask on eth0 is incorrect, causing the gateway to be considered on a different network.
AnswerD

A wrong subnet mask can make the gateway appear on a different subnet, leading to 'unreachable'.

Why this answer

The server can ping its own IP address, confirming that the local network stack and the eth0 interface are operational. However, the 'Destination Host Unreachable' error when pinging the default gateway (10.0.0.1) indicates that the host does not have a valid route to that destination. Since the default route exists, the most likely cause is an incorrect subnet mask on eth0, which causes the kernel to treat the gateway as being on a different network, thus failing to send ARP requests or forward packets to it.

Exam trap

The trap here is that candidates often assume 'Destination Host Unreachable' always means the gateway is down, but in Linux this error specifically indicates the local host cannot find a layer-2 path to the destination, typically due to a subnet mask mismatch or missing ARP entry.

How to eliminate wrong answers

Option A is wrong because if eth0 were down, the server would not be able to ping its own IP address (127.0.0.1 or the interface IP) successfully, and 'ip route show' would not display a route via eth0. Option B is wrong because the error 'Destination Host Unreachable' is generated by the local host's kernel, not by the remote gateway; if the gateway were down or not responding, the error would be 'Request Timed Out' after ARP resolution succeeds. Option C is wrong because the output of 'ip route show' explicitly shows a default route via 10.0.0.1, so the default gateway is set.

663
MCQhard

A technician suspects a process is leaking file descriptors. Which command can be used to list open files associated with a specific PID?

A.top -p PID
B.strace -p PID
C.ltrace -p PID
D.lsof -p PID
AnswerD

lsof -p lists open files for the process.

Why this answer

lsof -p PID lists open files for that process. strace traces system calls, ltrace library calls, and top shows resource usage.

664
MCQeasy

A Linux service fails to start. Which command should the administrator use to examine recent system logs for error messages related to the service?

A.journalctl -xe
B.systemctl list-units
C.tail -f /var/log/messages
D.dmesg -T
AnswerA

Shows recent journal entries with explanations.

Why this answer

The `journalctl -xe` command is correct because it displays the systemd journal with the `-x` flag adding explanatory context to log entries and the `-e` flag jumping to the end of the log, showing the most recent messages. This is the standard way to examine recent system logs for error messages related to a failing service in a systemd-based Linux distribution.

Exam trap

The trap here is that candidates may choose `tail -f /var/log/messages` out of habit from older SysVinit systems, not realizing that systemd-based distributions (which the XK0-005 exam focuses on) use journald as the default logging system, making `journalctl` the correct tool for service-specific log examination.

How to eliminate wrong answers

Option B is wrong because `systemctl list-units` only lists active units and their states, not log messages or error details. Option C is wrong because `tail -f /var/log/messages` follows the traditional syslog file, but many modern distributions (e.g., RHEL 7+, Ubuntu 15.04+) use journald as the primary logging system, so this file may not contain the most recent or complete service logs. Option D is wrong because `dmesg -T` displays kernel ring buffer messages with human-readable timestamps, which are primarily for kernel and hardware-related events, not user-space service errors.

665
MCQhard

A DevOps team wants to automatically run tests before every commit in a local Git repository. Which Git hook should be used?

A.post-receive
B.pre-commit
C.post-commit
D.pre-push
AnswerB

This hook is triggered before the commit is recorded, allowing tests to prevent a failing commit.

Why this answer

The pre-commit hook runs before a commit is created, making it the correct choice for automatically running tests before every commit in a local Git repository. This hook can validate code quality, run unit tests, or check for syntax errors, and if it exits with a non-zero status, the commit is aborted.

Exam trap

The trap here is confusing the timing of Git hooks: candidates often pick pre-push because they think of 'testing before pushing,' but the question explicitly asks about 'before every commit,' which requires the pre-commit hook.

How to eliminate wrong answers

Option A is wrong because post-receive is a server-side hook that runs after updates are pushed to a remote repository, not before a local commit. Option C is wrong because post-commit runs after the commit has already been created, so it cannot prevent a commit from being made. Option D is wrong because pre-push runs before a push to a remote repository, not before a local commit, and it would not catch issues at the commit stage.

666
MCQeasy

Which command displays the last successful login times for all users?

A.who /var/log/wtmp
B.lastb
C.last
D.lastlog
AnswerD

Correct.

Why this answer

lastlog displays the last login for each user.

667
MCQmedium

Refer to the exhibit. Users report they cannot SSH to the server. Based on the logs, what is the most likely cause?

A.Firewall is blocking port 22.
B.Host keys are missing or corrupted.
C.The SSH service is not running.
D.SSH configuration has incorrect permissions.
AnswerB

The error explicitly states 'Could not load host key' for multiple key files, leading to fatal error.

668
MCQhard

Refer to the exhibit. A security analyst notices repeated failed SSH login attempts from multiple IP addresses. Which two actions would best mitigate this brute-force attack? (Choose two.)

A.Set PermitRootLogin to no in /etc/ssh/sshd_config to prevent root login.
B.Change the SSH port to a non-standard port to evade automated attacks.
C.Disable password authentication and force key-based authentication only.
D.Increase MaxAuthTries to allow more retries before disconnection.
E.Install and configure fail2ban to block IPs after multiple failed attempts.
AnswerA, E

Disabling root login eliminates direct SSH access to the root account, a common target.

Why this answer

The logs show failed password attempts for root and invalid users from different IPs, indicating a brute-force attack. Using fail2ban can automatically block IPs after repeated failures. Disabling root login over SSH eliminates a common target.

Option B (changing the port) is security through obscurity and not a robust mitigation. Option C (disabling password authentication) might break legitimate users and is excessive without key-based auth. Option E (increasing MaxAuthTries) would make the attack easier.

669
Multi-Selectmedium

A cloud engineer is using Ansible to manage configuration across multiple servers. The engineer needs to store variable data that is specific to each host and sensitive database passwords. Which two Ansible features should be used for these purposes? (Choose two.)

Select 2 answers
A.group_vars
B.ansible_facts
C.roles
D.Ansible Vault
E.host_vars
AnswersD, E

Correct. Vault encrypts sensitive data such as passwords.

Why this answer

host_vars are used for host-specific variables, and Ansible Vault encrypts sensitive data like passwords.

670
MCQmedium

A security policy requires that users cannot reuse any of their last 5 passwords. Which PAM module and configuration directive enforces this?

A.pam_faillock with deny=5
B.pam_pwhistory with remember=5
C.pam_tally2 with deny=5
D.pam_pwquality with remember=5
AnswerB

Correct. pam_pwhistory with remember=N prevents reuse of last N passwords.

Why this answer

The pam_pwhistory module with the remember directive tracks password history and prevents reuse. pam_pwquality enforces complexity, pam_faillock handles lockout, and pam_tally2 is an older lockout module.

671
MCQeasy

A technician wants to check the current IP address and subnet mask of the eth0 interface. Which command should they use?

A.nmcli dev show eth0
B.ip route show
C.ifconfig eth0
D.ip addr show dev eth0
AnswerD

Correct: ip addr shows IPv4/IPv6 addresses and masks.

Why this answer

The `ip addr show dev eth0` (or `ip addr`) displays IP addresses and subnet masks.

672
MCQmedium

An administrator runs the command `ls -l file.txt` and sees the permissions `-rwsr-xr-x`. What special permission is set on this file?

A.SGID
B.Sticky bit
C.No special permission
D.SUID
AnswerD

The 's' in owner execute indicates SUID.

Why this answer

The 's' in the owner execute position indicates the SUID (Set User ID) permission is set.

673
Multi-Selecthard

An administrator wants to view the contents of a compressed log file /var/log/syslog.2.gz without decompressing it to disk. Which two commands can be used to display the file contents? (Select TWO).

Select 2 answers
A.gzcat /var/log/syslog.2.gz
B.zcat /var/log/syslog.2.gz
C.less /var/log/syslog.2.gz
D.gunzip -c /var/log/syslog.2.gz
E.cat /var/log/syslog.2.gz
AnswersB, D

Correct: zcat decompresses and outputs to stdout.

Why this answer

zcat and gzcat (if available) decompress to stdout; some systems use zcat or gzip -dc.

674
MCQhard

An administrator needs to ensure that a script runs once at system initialization, before any network services start. Which systemd target should the script be associated with?

A.multi-user.target
B.basic.target
C.sysinit.target
D.network.target
AnswerC

Sysinit.target is intended for early system initialization tasks.

Why this answer

The sysinit.target is the correct target because it is designed for early system initialization tasks that must complete before any network or multi-user services start. Scripts associated with this target run during the boot process, after the basic system is initialized but before network services are brought up, ensuring the script executes once at system initialization.

Exam trap

The trap here is that candidates often confuse sysinit.target with basic.target or multi-user.target, mistakenly thinking that 'basic' or 'multi-user' implies early execution, when in fact sysinit.target is the correct target for pre-network initialization tasks.

How to eliminate wrong answers

Option A is wrong because multi-user.target is the target for normal multi-user operation, which starts after network services and other system services are already running, not before them. Option B is wrong because basic.target is a synchronization point that pulls in mount points and sockets, but it does not guarantee execution before network services; it runs after sysinit.target but before multi-user.target. Option D is wrong because network.target is a passive target that indicates network services are available, but it does not define a specific execution order for scripts; scripts associated with it would run after network services start, not before.

675
MCQmedium

A cron job that runs a backup script at 2 AM has not been executing. The syslog shows no errors from cron. What is the most likely reason the job is not running?

A.The system time zone is incorrect
B.The filesystem is full
C.The cron daemon (crond) is not running
D.The script has incorrect permissions
AnswerC

Cron jobs require the daemon to be active.

Why this answer

The most likely reason is that the cron daemon (crond) is not running. Cron jobs are executed by the cron daemon, which must be active in the background to read the crontab files and launch scheduled tasks. If crond is stopped or not started, no cron jobs will run, and syslog may not show cron-related errors because the daemon is not logging activity.

Exam trap

The trap here is that candidates assume cron errors must appear in syslog if a job fails, but if the daemon itself is not running, there is no process to generate logs, making the absence of errors a key clue.

How to eliminate wrong answers

Option A is wrong because an incorrect system time zone would cause the job to run at the wrong local time, not prevent execution entirely; cron uses the system's configured time zone. Option B is wrong because a full filesystem would typically cause the script to fail with disk write errors, not prevent the cron daemon from attempting to execute the job. Option D is wrong because incorrect script permissions would cause the script to fail when executed, but cron would still attempt to run it and log an error in syslog or mail to the user.

Page 8

Page 9 of 14

Page 10
CompTIA Linux+ XK0-005 XK0-005 Questions 601–675 | Page 9/14 | Courseiva