XK0-005 · topic practice

Security practice questions

Practise CompTIA Linux+ XK0-005 Security practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Security

What the exam tests

What to know about Security

Security questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Security exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Security questions

20 questions · select your answer, then reveal the explanation

Question 1mediummultiple choice
Read the full Security explanation →

A system administrator notices that an unauthorized user gained access to a server via SSH using a compromised user account. Which security measure should be implemented to prevent such attacks in the future?

Question 2hardmultiple choice
Read the full Security explanation →

A Linux administrator needs to ensure that only the root user can run commands in the /usr/local/bin/scripts directory. Which command should be used to set the appropriate permissions?

Question 3easymultiple choice
Read the full Security explanation →

A security audit reveals that the /etc/shadow file has permissions 777. Which command should be used to correct this vulnerability?

Question 4mediummultiple choice
Read the full Security explanation →

A Linux server is configured to allow SSH access for remote administration. The security team wants to limit SSH access to only users in the 'ssh-users' group. Which configuration should be added to /etc/ssh/sshd_config?

Question 5hardmultiple choice
Read the full Security explanation →

A Linux administrator is configuring a firewall using iptables to allow incoming HTTP and HTTPS traffic but block all other incoming traffic. Which set of rules should be applied?

Question 6mediummulti select
Read the full Security explanation →

A Linux administrator is hardening a server. Which TWO actions are effective in preventing unauthorized access via SSH? (Select TWO.)

Question 7hardmulti select
Read the full Security explanation →

A security audit identified that the /tmp directory is world-writable. Which THREE steps should be taken to secure /tmp on a Linux system? (Select THREE.)

Question 8mediummultiple choice
Read the full Security explanation →

Refer to the exhibit. The system administrator runs the command 'auditctl -l' and sees the above rules. What is the purpose of these audit rules?

Exhibit

Refer to the exhibit.

# auditctl -l
-w /etc/passwd -p wa -k passwd_changes
-w /etc/shadow -p wa -k shadow_changes
-w /etc/group -p wa -k group_changes
Question 9hardmultiple choice
Read the full Security explanation →

Refer to the exhibit. Alice is the owner of file.txt. Bob is a member of the staff group. What permissions does Bob have on file.txt?

Exhibit

Refer to the exhibit.

$ getfacl file.txt
# file: file.txt
# owner: alice
# group: staff
user::rw-
user:bob:r--
group::r--
mask::rw-
other::---
Question 10easymultiple choice
Read the full Security explanation →

A system administrator needs to restrict SSH access to a Linux server to only users in the 'sshusers' group. Which configuration change achieves this?

Question 11mediummultiple choice
Read the full Security explanation →

A security audit reveals that the /var/log directory has permissions 777. The administrator needs to ensure that only root can write to log files, while still allowing users to read system log files. Which command should the administrator run?

Question 12hardmultiple choice
Read the full Security explanation →

A company's security policy requires that all user passwords must expire every 90 days. The administrator runs 'chage -M 90 jdoe' for user jdoe. Which additional step ensures that the password expiration policy is enforced for all new users?

Question 13easymultiple choice
Read the full Security explanation →

A Linux administrator discovers that a user's home directory contains a file with setuid bit set, owned by root. The file is not part of any authorized software. What is the most appropriate immediate action?

Question 14mediummulti select
Read the full Security explanation →

Which TWO of the following are valid methods to enforce disk quota limits on a Linux filesystem? (Select TWO.)

Question 15hardmultiple choice
Read the full Security explanation →

Scenario: A financial services company runs a critical application on a Linux server that stores sensitive customer data. The server is configured with a firewall (iptables) that only allows SSH (port 22) and HTTPS (port 443) from the internal network (10.0.0.0/8). Recently, the security team detected unauthorized access attempts from an external IP address (203.0.113.5) targeting port 22. The administrator needs to block this specific IP while maintaining current access rules. The existing iptables rules are: - INPUT chain policy ACCEPT - Rule 1: -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT - Rule 2: -A INPUT -p tcp --dport 22 -s 10.0.0.0/8 -j ACCEPT - Rule 3: -A INPUT -p tcp --dport 443 -s 10.0.0.0/8 -j ACCEPT - Rule 4: -A INPUT -j DROP The administrator wants to block 203.0.113.5 from any access. Which command should be added?

Question 16mediummultiple choice
Read the full Security explanation →

Scenario: A cloud hosting company uses SELinux in enforcing mode on all Linux servers. A developer reports that a custom web application running under Apache (httpd) is unable to write log files to /var/log/myapp/. The directory /var/log/myapp/ has permissions 755 and is owned by root:root. The httpd process runs as the 'apache' user. The administrator checks SELinux context: /var/log/myapp is labeled with default_t type. The administrator wants to allow httpd to write to this directory while maintaining security. Which command should the administrator run?

Question 17mediummultiple choice
Read the full Security explanation →

A systems administrator needs to restrict SSH access to a Linux server so that only users in the 'sshusers' group can log in. Which configuration change should be made in /etc/ssh/sshd_config?

Question 18hardmulti select
Read the full Security explanation →

An administrator runs auditctl -l and ausearch -k auth_log -ts today as shown in the exhibit. The administrator expects to see audit events for /var/log/auth.log but gets no matches. Which TWO actions should the administrator take to resolve this issue?

Exhibit

Refer to the exhibit.

# auditctl -l
LIST_RULES: syscall=openat,open,creat,truncate,ftruncate key=file_monitor
-a always,exclude -F msgtype=CRED_DISP
-w /etc/passwd -p wa -k passwd_changes
-w /etc/shadow -p wa -k shadow_changes
-w /etc/group -p wa -k group_changes
-w /var/log/auth.log -p wa -k auth_log

# ausearch -k auth_log -ts today
<no matches>
Question 19easymultiple choice
Read the full Security explanation →

You are a systems administrator for a small company. The company uses a Linux server running Ubuntu 22.04 LTS that hosts a web application and a PostgreSQL database. The server has two network interfaces: eth0 (public IP) and eth1 (private IP). The web application listens on port 443 (HTTPS) on eth0, and the PostgreSQL database listens on port 5432 on eth1. The company security policy requires that only the web application should be accessible from the internet; all other ports must be blocked on the public interface. Additionally, SSH access should be allowed only from the internal network (192.168.1.0/24). The current iptables rules are as follows:

-P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT

There are no other rules. You need to implement the security policy using iptables. Which of the following sets of commands will achieve the required security policy?

Question 20mediumdrag order
Read the full Security explanation →

Drag and drop the steps to configure a static IP address using the command line in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Security sessions

Start a Security only practice session

Every question in these sessions is drawn from the Security domain — nothing else.

Related practice questions

Related XK0-005 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the XK0-005 exam test about Security?
Security questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Security questions in a focused session?
Yes — the session launcher on this page draws every question from the Security domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other XK0-005 topics?
Use the topic links above to move to related areas, or go back to the XK0-005 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the XK0-005 exam covers. They are not copied from any real exam or dump site.