CCNA Linux Troubleshooting Questions

75 of 126 questions · Page 1/2 · Linux Troubleshooting topic · Answers revealed

1
MCQeasy

A junior administrator reports that users cannot connect to a file server running Samba. The server is reachable via ping. Logs from the Samba service show: 'smbd: error while loading shared libraries: libgnutls.so.30: cannot open shared object file: No such file or directory'. The administrator confirms the package 'libgnutls' is installed. Which of the following is the most likely cause and solution?

A.The library path is not set; run ldconfig.
B.The system libraries are out of sync; run apt-get update.
C.The Samba package is corrupted; reinstall Samba.
D.The Samba service is not running; restart it.
AnswerA

Correct: ldconfig updates the shared library cache, resolving the missing library error.

Why this answer

The error 'cannot open shared object file' indicates that the dynamic linker cannot find the libgnutls.so.30 library at runtime, even though the libgnutls package is installed. Running `ldconfig` updates the linker cache, which rebuilds the mapping of shared library names to their actual file paths, resolving the missing library reference for Samba.

Exam trap

The trap here is that candidates see 'package is installed' and assume the library is available, overlooking the need to update the linker cache with `ldconfig` after installation.

How to eliminate wrong answers

Option B is wrong because `apt-get update` only refreshes the package repository metadata, not the runtime linker cache; it does not fix missing shared library references. Option C is wrong because the error is a missing library dependency, not a corrupted Samba binary; reinstalling Samba would not resolve the underlying library path issue. Option D is wrong because the service is already failing to start due to the library error; restarting it without fixing the library path will produce the same error.

2
Multi-Selectmedium

A system administrator is troubleshooting a custom systemd service that fails to start. Which of the following commands should be used to diagnose the issue? (Choose two.)

Select 2 answers
A.systemctl daemon-reload
B.systemctl status myservice
C.systemctl enable myservice
D.systemctl list-units
E.journalctl -u myservice
AnswersB, E

Displays service status and recent log entries.

Why this answer

The `systemctl status myservice` command (B) is correct because it shows the current state of the service, including whether it is active, failed, or inactive, along with recent log entries and the exit code. The `journalctl -u myservice` command (E) is correct because it retrieves the full systemd journal logs specifically for that unit, which is essential for diagnosing why the service failed to start, such as missing dependencies or configuration errors.

Exam trap

The trap here is that candidates often pick `systemctl daemon-reload` (A) thinking it will fix the issue by reloading unit files, but it does not provide diagnostic output; the exam tests the distinction between reloading configuration and retrieving failure logs.

3
MCQmedium

After a power failure, a Linux server boots into emergency mode. The system logs indicate an unclean filesystem on /dev/sda2. Which command should the administrator run to repair the filesystem?

A.fsck -f /dev/sda2
B.badblocks /dev/sda2
C.xfs_repair /dev/sda2
D.mount -o remount,ro /
AnswerA

Correct: Forces filesystem check and repair.

Why this answer

After a power failure, the system logs indicate an unclean filesystem on /dev/sda2, meaning the filesystem was not properly unmounted and may contain inconsistencies. The `fsck -f /dev/sda2` command forces a filesystem check even if the filesystem appears clean, which is necessary to repair corruption on ext2/ext3/ext4 filesystems. This is the standard tool for checking and repairing such filesystems after an unclean shutdown.

Exam trap

The trap here is that candidates may confuse filesystem repair tools (fsck vs. xfs_repair) or mistake a disk surface scan (badblocks) for a filesystem consistency check, leading them to choose an inappropriate command for the specific filesystem type.

How to eliminate wrong answers

Option B is wrong because `badblocks` scans for physical bad sectors on the disk, not filesystem metadata corruption; it does not repair filesystem inconsistencies. Option C is wrong because `xfs_repair` is used for XFS filesystems, but /dev/sda2 is likely an ext4 filesystem (common on Linux) and the question does not specify XFS; using the wrong repair tool can cause further damage. Option D is wrong because `mount -o remount,ro /` only remounts the root filesystem as read-only to prevent further writes, but it does not repair the underlying filesystem corruption.

4
Multi-Selectmedium

A system administrator suspects a disk failure. Which TWO commands can be used to check disk health and identify bad sectors?

Select 2 answers
A.iostat -x
B.fsck /dev/sda
C.badblocks -v /dev/sda
D.smartctl -a /dev/sda
E.dd if=/dev/sda of=/dev/null
AnswersC, D

Correct: Scans for bad sectors.

Why this answer

The `badblocks` command (option C) directly scans a disk for defective sectors by performing read/write tests, making it a primary tool for identifying bad blocks. The `smartctl -a` command (option D) queries the disk's S.M.A.R.T. (Self-Monitoring, Analysis, and Reporting Technology) data, which includes attributes like reallocated sector count and pending sector errors, providing a proactive health assessment. Together, they cover both active scanning and passive monitoring of disk health.

Exam trap

The trap here is that candidates confuse filesystem repair tools like `fsck` with hardware diagnostic tools, or assume `iostat` or `dd` provide equivalent health checks, when only `badblocks` and `smartctl` directly assess physical disk integrity.

5
MCQmedium

A server shows /dev/sda1 mounted at / is 100% full in df -h, but du -sh / shows only 50% usage. What is the most likely explanation?

A.The filesystem is corrupted
B.Hidden files are not counted by du
C.A process is still holding a deleted file open
D.The disk has many hard links
AnswerC

Deleted files held open by processes continue to occupy space until the process releases them.

Why this answer

When a file is deleted but still held open by a running process, the file's inode remains allocated and its disk blocks are not freed until the process closes the file descriptor. The `df` command reports filesystem usage by querying the superblock for total and free blocks, so it still counts the space occupied by the deleted-but-open file. In contrast, `du` traverses the directory tree and sums the sizes of files reachable from the specified path; since the deleted file is no longer linked in the directory, `du` does not include it, leading to the discrepancy.

Exam trap

The trap here is that candidates assume `du` and `df` should always match, and they overlook the classic Linux behavior where a file deleted while still open consumes space invisible to `du` but visible to `df`.

How to eliminate wrong answers

Option A is wrong because filesystem corruption typically causes inconsistent or erroneous output from both `df` and `du`, not a consistent discrepancy where `df` shows 100% and `du` shows 50%; corruption would likely produce errors or unmountable filesystems. Option B is wrong because `du -sh /` by default counts all files, including hidden files (those starting with a dot), as it traverses the entire directory tree; hidden files are not excluded unless specific exclusions are used. Option D is wrong because hard links do not consume additional disk space beyond the original inode; `du` counts the file's size once per inode, and `df` reports total allocated blocks, so hard links would not cause a 50% discrepancy between the two commands.

6
MCQhard

A Linux system administrator is troubleshooting a server that runs a web application. Users report that the web application occasionally returns 503 Service Unavailable errors. The Apache web server appears to be running (systemctl status httpd shows active). The server has 8GB RAM and runs multiple applications. The administrator runs free -m and sees that swap usage is at 75% while available memory is very low. The top output shows that a process named 'databased' is consuming 40% of memory. The databased process is not a core application and is not needed for the web server. The administrator wants to resolve the issue without restarting the server. What should the administrator do?

A.Enable the OOM killer to handle memory pressure automatically
B.Increase swap space by adding a swap file
C.Kill the databased process using kill -9
D.Reduce Apache's MaxClients setting
AnswerC

Immediately frees the memory held by the databased process, alleviating memory pressure.

Why this answer

The immediate cause of the 503 errors is memory exhaustion: swap is at 75% and available RAM is critically low. The non-essential 'databased' process is consuming 40% of memory, starving Apache. Killing it with kill -9 frees that memory instantly, resolving the pressure without a restart.

This directly addresses the root cause—a rogue process hogging RAM—rather than treating symptoms.

Exam trap

The trap here is that candidates may think increasing swap (Option B) or reducing Apache workers (Option D) will fix the 503 errors, but they overlook that the real issue is a specific non-essential process consuming the memory that Apache needs, making direct termination the only efficient fix without restarting.

How to eliminate wrong answers

Option A is wrong because enabling the OOM killer does not proactively free memory; it only kills processes when the system is completely out of memory, which may kill Apache or other critical services unpredictably. Option B is wrong because increasing swap space would only mask the problem by moving more data to disk, worsening performance and not freeing RAM for Apache. Option D is wrong because reducing MaxClients limits Apache's concurrency but does not reclaim the 40% of memory consumed by 'databased'; the web server would still be starved for RAM.

7
Multi-Selecteasy

Which TWO commands can be used to check disk space usage on a Linux system?

Select 2 answers
A.mount
B.lsof
C.du
D.fdisk
E.df
AnswersC, E

Summarizes disk usage of files/directories.

Why this answer

The `du` (disk usage) command estimates file and directory space usage, allowing you to check disk space consumed by specific paths. The `df` (disk free) command reports the total, used, and available space on mounted filesystems. Both are standard tools for inspecting disk space on Linux systems.

Exam trap

The trap here is that candidates may confuse `du` and `df` with commands like `mount` or `fdisk`, which are related to filesystem management but do not directly report disk space usage.

8
MCQhard

A Linux server experiences a kernel panic during boot. You need to capture the panic message for analysis. Which kernel parameter should be added to the GRUB command line to ensure the panic message is displayed before the system halts?

A.panic=10
B.nomodeset
C.quiet
D.single
AnswerA

Adds a delay before rebooting after panic.

Why this answer

The `panic=<seconds>` kernel parameter instructs the kernel to wait the specified number of seconds after a kernel panic before automatically rebooting. By setting `panic=10`, the system pauses for 10 seconds, allowing the panic message to remain on the console for capture and analysis before the system halts or reboots. This is the correct parameter to ensure the panic output is visible.

Exam trap

The trap here is that candidates often confuse `panic=` with a boot-time delay or a recovery mode option, mistakenly thinking `single` or `quiet` will help display the panic message, when in fact `panic=` is the specific parameter that controls the post-panic behavior to keep the message visible.

How to eliminate wrong answers

Option B (`nomodeset`) is wrong because it disables kernel mode-setting for video drivers, which can help with display issues but does not affect the display or retention of kernel panic messages. Option C (`quiet`) is wrong because it suppresses most kernel log messages, including panic details, making it counterproductive for capturing panic output. Option D (`single`) is wrong because it boots the system into single-user mode (runlevel 1) for maintenance, which does not alter the behavior of kernel panic handling or message display.

9
MCQmedium

A process is consuming excessive CPU. The administrator wants to reduce its priority. Which command should be used?

A.renice +10 PID
B.taskset -c 0 PID
C.nice -n -20 PID
D.chrt -r 99 PID
AnswerA

Lowers priority of a running process.

Why this answer

The `renice` command is used to change the priority of an already running process. By specifying `+10`, the administrator increases the nice value, which lowers the process's scheduling priority and reduces its CPU consumption. This directly addresses the requirement to reduce the priority of a currently executing process.

Exam trap

The trap here is confusing `nice` (which starts a new process with a specified priority) with `renice` (which changes the priority of an existing process), leading candidates to choose option C even though it uses a negative value that increases priority.

How to eliminate wrong answers

Option B is wrong because `taskset -c 0 PID` binds the process to CPU core 0, which does not change its scheduling priority or reduce CPU consumption; it only restricts which CPU the process can run on. Option C is wrong because `nice -n -20 PID` would start a new process with a very high priority (low nice value), which is the opposite of what is needed and does not apply to an already running process. Option D is wrong because `chrt -r 99 PID` sets the process to real-time FIFO scheduling with the highest priority (99), which would increase its CPU priority, not reduce it.

10
MCQhard

A Linux system fails to boot and displays a kernel panic immediately after the GRUB menu. The administrator needs to boot into a rescue environment. Which GRUB boot parameter should the administrator add to the kernel line?

A.single
B.init=/bin/bash
C.systemd.unit=rescue.target
D.quiet splash
AnswerC

Boots into systemd rescue target.

Why this answer

Option C is correct because when a Linux system experiences a kernel panic immediately after GRUB, the administrator needs to boot into a minimal rescue environment that loads essential system services. The `systemd.unit=rescue.target` parameter tells systemd to start the rescue target, which mounts the root filesystem and starts only the most basic services, allowing the administrator to diagnose and repair the system. This is the proper GRUB kernel parameter for systemd-based distributions to enter a rescue shell without fully booting into the default multi-user or graphical target.

Exam trap

The trap here is that candidates confuse the legacy SysVinit `single` parameter or the direct `init=/bin/bash` shortcut with the correct systemd-based rescue target, not realizing that modern distributions require the `systemd.unit=` syntax to properly initialize the rescue environment with necessary services and filesystem mounts.

How to eliminate wrong answers

Option A is wrong because `single` is a legacy SysVinit parameter that boots into single-user mode, but on modern systemd-based distributions, it is often mapped to `rescue.target`; however, it is not the correct GRUB kernel parameter for systemd rescue environments and may not work reliably with kernel panics. Option B is wrong because `init=/bin/bash` bypasses the init system entirely and drops directly into a Bash shell without mounting the root filesystem properly or starting any services, which can lead to a read-only root filesystem and lack of necessary tools for recovery. Option D is wrong because `quiet splash` are kernel parameters that suppress boot messages and show a splash screen; they do not change the boot target and will not prevent a kernel panic or provide a rescue environment.

11
MCQmedium

The system is experiencing slow disk I/O. Based on the exhibit, which step should the administrator take to improve performance?

A.Increase the filesystem block size
B.Enable write-back caching on the drive using hdparm
C.Add the 'noatime' mount option in /etc/fstab
D.Change the I/O scheduler to 'deadline'
AnswerC

Correct: Reduces disk writes by not updating access times.

Why this answer

The 'noatime' mount option disables updating the access time (atime) on every file read, which eliminates a significant source of metadata write operations. Since the exhibit indicates slow disk I/O, reducing unnecessary writes directly improves performance by freeing I/O bandwidth for actual data transfers. This is a standard, low-risk optimization for workloads where access timestamps are not required.

Exam trap

The trap here is that candidates often focus on I/O schedulers or caching mechanisms to fix slow I/O, overlooking the simple and effective filesystem mount option that reduces unnecessary write operations.

How to eliminate wrong answers

Option A is wrong because increasing the filesystem block size can improve throughput for large sequential I/O but may waste space and degrade performance for small random I/O; it does not address the root cause of slow disk I/O from excessive metadata writes. Option B is wrong because enabling write-back caching with hdparm on a drive that does not support it or without proper power-loss protection can cause data corruption; it is a risky hardware-level change, not a safe filesystem tuning step. Option D is wrong because changing the I/O scheduler to 'deadline' may help with latency for certain workloads, but it does not reduce the volume of I/O operations; the exhibit points to unnecessary metadata updates, which the scheduler cannot mitigate.

12
Matchingmedium

Match each Linux package manager to its distribution family.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Debian/Ubuntu

RHEL/CentOS 7

Fedora/RHEL 8+

openSUSE/SLES

Arch Linux

Why these pairings

Different distributions use different package managers.

13
MCQmedium

A user reports that a service fails to start with the error 'Permission denied'. The service runs under a non-root user. Which command should the administrator use to check if the service has the correct file permissions?

A.namei -l /path/to/service
B.ls -l /path/to/service
C.getfacl /path/to/service
D.stat /path/to/service
AnswerA

namei -l walks the entire path and shows permissions for each component, revealing any 'Permission denied' at intermediate steps.

Why this answer

The error 'Permission denied' when starting a service under a non-root user often involves not just the file's own permissions but also the permissions of each directory in the path leading to the service binary. The `namei -l` command recursively lists the permissions of every component in the path, revealing if any parent directory lacks execute (search) permission for the service user, which would block access even if the binary itself is correctly set. This makes it the most comprehensive tool for diagnosing path-based permission issues.

Exam trap

The trap here is that candidates assume `ls -l` or `stat` on the service binary alone is sufficient, overlooking that the 'Permission denied' error often originates from a missing execute bit on a parent directory in the path, which only `namei -l` can reveal by checking every component.

How to eliminate wrong answers

Option B is wrong because `ls -l` only shows the permissions of the final file or directory, not the intermediate directories in the path, so it cannot detect a missing execute permission on a parent directory that causes the 'Permission denied' error. Option C is wrong because `getfacl` displays only the ACL entries for a single file or directory, not the recursive path permissions, and ACLs are an extended permission mechanism that may not be the root cause if standard Unix permissions are misconfigured on a parent directory. Option D is wrong because `stat` provides detailed metadata (inode, timestamps, permissions) for a single file or directory but, like `ls -l`, does not traverse and display permissions for each component in the path, missing the common scenario where a parent directory lacks the execute bit.

14
MCQeasy

A user cannot access a file. The file has permissions 640 and is owned by root:root. The user is not root and not in the root group. Which command should the administrator use to allow the user to read the file?

A.chmod o+r file
B.chgrp user file
C.setfacl -m u:user:r file
D.chown user file
AnswerA

Correct: Adds read permission for others.

Why this answer

The file has permissions 640, which means the owner (root) has read/write, the group (root) has read, and others have no permissions. Since the user is not root and not in the root group, they fall into the 'others' category. The command `chmod o+r file` adds read permission for others, allowing the user to read the file without changing ownership or group membership.

Exam trap

The trap here is that candidates may overcomplicate the solution by choosing `setfacl` or `chown` when a simple `chmod` on the 'others' class is the correct and most efficient fix for a user who is neither the owner nor a group member.

How to eliminate wrong answers

Option B is wrong because `chgrp user file` changes the group owner of the file to the user's primary group, but the user may not be in that group (or the group may still not grant read access if the group permissions are insufficient). Option C is wrong because `setfacl -m u:user:r file` would work to grant read access via an ACL, but the question asks for a command to allow the user to read the file, and while this is technically valid, it is not the most direct or standard answer; the exam expects the simpler `chmod` solution. Option D is wrong because `chown user file` changes the file owner to the user, which would grant the user owner permissions (read/write), but this is overly permissive and unnecessary when only read access is needed; it also violates the principle of least privilege.

15
MCQmedium

The output of df -h shows the root filesystem at 100% capacity. Which of the following commands should the administrator run NEXT to identify the cause?

A.fdisk -l /dev/sda
B.fsck /dev/sda1
C.ls -la /
D.du -sh /*
AnswerD

Shows directory sizes to find space hogs.

Why this answer

The `du -sh /*` command calculates and displays the disk usage of each top-level directory in the root filesystem. When `df -h` shows 100% capacity, the next logical step is to identify which directories are consuming the most space, so the administrator can drill down further. This command is the standard tool for pinpointing space hogs before taking corrective action.

Exam trap

CompTIA often tests the distinction between listing files (`ls`) and measuring disk usage (`du`), trapping candidates who think `ls -la /` will reveal space consumption when it only shows metadata and not recursive sizes.

How to eliminate wrong answers

Option A is wrong because `fdisk -l /dev/sda` is used to list partition tables, not to identify which files or directories are consuming disk space; it provides no insight into filesystem usage. Option B is wrong because `fsck /dev/sda1` checks and repairs filesystem integrity, but running it on a mounted, full filesystem can cause data corruption and does not address the root cause of capacity exhaustion. Option C is wrong because `ls -la /` lists the contents of the root directory with metadata but does not aggregate sizes recursively, so it cannot show which subdirectories are using the most space.

16
Multi-Selecthard

A database server running on Linux is experiencing high load. The administrator runs 'strace -p <pid>' and sees many 'epoll_wait' and 'futex' calls. Which THREE of the following are possible causes of the high load? (Choose THREE.)

Select 3 answers
A.Disk I/O contention causing processes to wait.
B.A large number of concurrent connections.
C.CPU frequency scaling is set to powersave.
D.A memory leak in the database process.
E.Inefficient database queries causing high CPU usage.
AnswersA, B, E

Waiting on I/O increases load average as processes are in uninterruptible sleep.

Why this answer

Option A is correct because 'epoll_wait' indicates the process is waiting for I/O events, and 'futex' calls are used for synchronization. Disk I/O contention can cause the database process to block on these system calls, leading to high load as the kernel schedules other tasks while waiting for I/O to complete.

Exam trap

The trap here is that candidates may incorrectly associate 'futex' calls solely with memory issues or CPU scaling, rather than recognizing them as indicators of thread contention and I/O waiting under high concurrency.

17
Multi-Selectmedium

A Linux administrator suspects a memory leak in a process. Which TWO commands can be used to monitor memory usage over time for a specific process? (Choose two.)

Select 2 answers
A.top
B.vmstat
C.iostat
D.ps aux --sort=-%mem
E.free
AnswersA, D

top shows real-time memory usage per process in the RES and VIRT columns.

Why this answer

Option A (top) is correct because it provides a real-time, interactive view of system processes, including memory usage (RES, VIRT, %MEM) that updates by default every 3 seconds. You can filter by PID to monitor a specific process over time, making it ideal for detecting memory growth patterns indicative of a leak.

Exam trap

The trap here is that candidates may think vmstat or free can monitor per-process memory, but they only show aggregate system memory, while top and ps are the correct tools for per-process memory tracking over time.

18
MCQeasy

A company needs to verify that the Apache HTTP server is running and see its current status along with recent log entries. Which command should be used?

A.systemctl status httpd
B.service httpd status
C.journalctl -u httpd
D.systemctl list-units --type=service
AnswerA

Correct: Displays service status and recent log entries.

Why this answer

The `systemctl status httpd` command is correct because it provides a comprehensive view of the Apache HTTP server's current state (active/inactive), its process ID, memory usage, and the most recent log entries from the service's journal. This aligns with the question's requirement to both verify the service is running and see its status along with recent log entries, all in a single command output.

Exam trap

The trap here is that candidates often confuse `systemctl status` with `journalctl -u`, thinking both provide the same information, but `journalctl` lacks the live status and process details that `systemctl status` includes.

How to eliminate wrong answers

Option B is wrong because `service httpd status` is a legacy SysVinit command that only shows the service's running state (e.g., 'httpd is running') without displaying recent log entries or detailed status information. Option C is wrong because `journalctl -u httpd` shows only the log entries for the httpd unit but does not display the current running status or process details; it requires a separate command to verify if the service is active. Option D is wrong because `systemctl list-units --type=service` lists all loaded service units and their states but does not filter to httpd specifically, nor does it show recent log entries or detailed status for a single service.

19
Multi-Selecteasy

A technician is troubleshooting a user's inability to execute a script. The script has execute permissions for the user. Which of the following could be causing the issue? (Choose two.)

Select 2 answers
A.The user is not the owner
B.The script has a syntax error
C.The script is being blocked by a firewall
D.The script is in a directory without execute permission
E.The script's SELinux context is incorrect
AnswersD, E

Directories need execute permission for users to traverse.

Why this answer

Option D is correct because even if the script file itself has execute permissions, the user must also have execute permission on the directory containing the script. The directory's execute bit (often called the 'search' bit) is required to traverse the directory and access files within it. Without it, the kernel will deny access to any file in that directory, regardless of the file's own permissions.

Exam trap

The trap here is that candidates focus solely on the file's execute permission and overlook the directory's execute permission, or they confuse SELinux context errors with simple permission issues.

20
MCQeasy

A company uses a Linux server running a web application. Users report that they cannot access the website. The administrator checks the web server status and finds it is not running. Which command should the administrator use to view the reason for the service failure?

A.journalctl -xe
B.systemctl status httpd --full
C.tail -f /var/log/httpd/access_log
D.dmesg | grep httpd
AnswerA

Displays recent journal entries with explanations.

Why this answer

The `journalctl -xe` command displays the systemd journal log with the `-x` flag adding explanatory context and `-e` jumping to the end of the log, which is the most direct way to view the reason a systemd-managed service like httpd failed. Since the web server is managed by systemd, its failure reason (e.g., exit code, segfault, configuration error) is recorded in the journal, and this command retrieves that specific failure detail without requiring manual log file parsing.

Exam trap

The trap here is that candidates confuse the access log (option C) with the error log, or assume `systemctl status` shows the full failure reason when it only shows a truncated snippet, while `journalctl -xe` is the standard command for detailed failure diagnostics in systemd-based distributions.

How to eliminate wrong answers

Option B is wrong because `systemctl status httpd --full` shows the current status and recent log lines of the service, but it does not provide the detailed failure reason from the journal; it only truncates output lines to full width, not the cause. Option C is wrong because `tail -f /var/log/httpd/access_log` tails the HTTP access log, which records client requests, not service failure reasons; the relevant log for failures is typically `/var/log/httpd/error_log`. Option D is wrong because `dmesg | grep httpd` searches kernel ring buffer messages, which are for hardware/driver issues and kernel panics, not for user-space service failures like an httpd crash.

21
MCQhard

After a kernel update, the system boots but the network interface enp0s3 is not detected. The administrator verifies that the kernel module for the NIC is built for the new kernel. Which of the following should be done to ensure the module loads correctly?

A.Load the module with modprobe
B.Rebuild the initramfs
C.Update the udev rules
D.Reinstall the kernel package
AnswerB

Ensures the new kernel's module is available at boot.

Why this answer

After a kernel update, the initramfs (initial RAM filesystem) must be rebuilt to include the new kernel's modules. Even though the NIC module is built for the new kernel, the initramfs may still contain the old kernel's modules or lack the new module entirely, preventing it from being loaded during early boot. Running `dracut -f` (or `update-initramfs -u` on Debian-based systems) rebuilds the initramfs to match the current kernel, ensuring the NIC module is available at boot time.

Exam trap

The trap here is that candidates assume loading the module with modprobe (Option A) will fix the issue, but they overlook that the module must be available in the initramfs to be loaded during early boot before the root filesystem is accessible.

How to eliminate wrong answers

Option A is wrong because modprobe loads a module at runtime, but the issue occurs during boot before the root filesystem is mounted; the module must be present in the initramfs to be loaded early. Option C is wrong because udev rules handle device naming and permissions after the kernel has detected the hardware, but they do not cause the kernel to fail to detect the NIC; the problem is that the module is not loaded at all. Option D is wrong because reinstalling the kernel package would simply reapply the same kernel files; it does not rebuild the initramfs, which is the specific step needed to include the updated module.

22
MCQhard

An administrator is troubleshooting a web server that is not accessible from the internet. The server is running on port 80. Based on the iptables output, which of the following is the MOST likely reason?

A.The HTTP rule only allows traffic from the internal network.
B.The SSH rule is blocking HTTP traffic.
C.The loopback interface is not accepting traffic.
D.The default INPUT policy is DROP.
AnswerA

The rule for port 80 sources from 192.168.1.0/24, so internet traffic is blocked.

Why this answer

The iptables output shows an HTTP rule that explicitly matches traffic from the internal network (e.g., 192.168.1.0/24) and does not include a rule allowing HTTP traffic from external (internet) sources. Since the web server is running on port 80 but the only HTTP rule restricts source IPs to the internal subnet, traffic from the internet is not matched by any ACCEPT rule and will be subject to the default policy. This is the most likely reason the server is inaccessible from the internet.

Exam trap

CompTIA often tests the misconception that a default DROP policy is the primary cause of connectivity issues, when in fact a specific rule with an overly restrictive source or destination match is the actual problem.

How to eliminate wrong answers

Option B is wrong because SSH rules (typically port 22) do not block HTTP traffic; iptables rules are evaluated sequentially, and an SSH rule would only affect SSH packets, not HTTP packets on port 80. Option C is wrong because the loopback interface (lo) is used for local communication within the host, not for external internet traffic; its ACCEPT or DROP status does not affect inbound HTTP connections from the internet. Option D is wrong because the default INPUT policy being DROP would only apply to packets that do not match any existing rule; if the HTTP rule were correctly allowing all sources, the default policy would not block internet traffic, but here the HTTP rule itself restricts the source, so the issue is the rule's source limitation, not the default policy.

23
MCQhard

A user cannot delete a file owned by another user on a shared filesystem. The file's permissions are 644, and the directory has permissions 755 with the sticky bit set. Which action would allow the user to delete the file?

A.Change the directory's group to include the user
B.Remove the sticky bit from the directory
C.Add write permission for others on the file
D.Change the file's group to match the user's group
AnswerB

Sticky bit restricts deletion to file owners; removing it allows deletion by users with write access to the directory.

Why this answer

The sticky bit on a directory (chmod +t) restricts deletion so that only the file owner, directory owner, or root can delete files, regardless of directory write permissions. Since the user is not the file owner and the sticky bit is set, they cannot delete the file. Removing the sticky bit (chmod -t) allows any user with write permission on the directory to delete files within it, which the user already has because the directory's 755 permissions grant world execute and read, but the user needs write access on the directory to delete; however, with 755, the directory does not grant world write, so the user would also need write permission on the directory.

In this scenario, the directory permissions are 755 (owner write, group/other read+execute), so the user does not have write access to the directory. The correct action is to either add write permission for the user on the directory or remove the sticky bit, but the question implies the directory already has the necessary write for the user? Actually, 755 does not give others write; the user would need directory write. The only listed option that directly addresses the sticky bit restriction is removing it, but note that without directory write, deletion is still blocked.

The question likely assumes the user has directory write (e.g., via group membership) but the sticky bit prevents deletion. Thus, removing the sticky bit allows deletion if the user has directory write.

Exam trap

CompTIA often tests the misconception that file permissions (like write on the file) control deletion, when in reality deletion is governed by directory permissions and the sticky bit.

How to eliminate wrong answers

Option A is wrong because changing the directory's group to include the user does not grant the user write permission on the directory (755 gives group read+execute only) and does not override the sticky bit restriction; the user would still need directory write and the sticky bit would still block deletion. Option C is wrong because adding write permission for others on the file (chmod o+w) does not affect deletion; deletion is controlled by directory permissions and the sticky bit, not file permissions. Option D is wrong because changing the file's group to match the user's group does not give the user write permission on the directory or bypass the sticky bit; the user still cannot delete the file unless they own it or have directory write and the sticky bit is removed.

24
MCQhard

A Linux administrator is troubleshooting a server that is running slowly. The 'sar -q' command shows a run queue length of 12 and a load average of 8.5. The CPU utilization is 90% idle. Which of the following is the most likely cause of the performance issue?

A.The CPU is overloaded and needs to be upgraded.
B.The network interface is saturated.
C.The system is low on memory and swapping heavily.
D.The disk I/O subsystem is a bottleneck, causing processes to wait for I/O.
AnswerD

High run queue with idle CPU typically means I/O wait; processes are in 'D' state waiting for disk.

Why this answer

The 'sar -q' output shows a high run queue length (12) and load average (8.5) despite 90% CPU idle. This indicates that processes are in an uninterruptible sleep state (D state) waiting for I/O, not contending for CPU. A disk I/O bottleneck causes processes to queue for I/O completion, inflating the load average while CPU remains idle, making D the correct answer.

Exam trap

The trap here is that candidates see a high load average and assume CPU overload, but the 90% idle CPU reveals the load is from I/O-waiting processes, not CPU contention.

How to eliminate wrong answers

Option A is wrong because CPU utilization is 90% idle, meaning the CPU is not overloaded; upgrading the CPU would not resolve I/O-bound waits. Option B is wrong because network interface saturation would manifest as high network I/O wait or dropped packets, not as a high run queue with idle CPU; 'sar -q' does not measure network congestion. Option C is wrong because low memory and heavy swapping would show high %system or %iowait due to swap I/O, but the primary symptom here is a high load average with idle CPU, which is classic for disk I/O bottlenecks, not memory pressure alone.

25
MCQmedium

A system administrator notices that a service named 'myapp' fails to start on a Linux server. The command 'systemctl status myapp' shows 'Active: failed (Result: exit-code)'. Which of the following is the BEST first step to diagnose the issue?

A.Run 'journalctl -u myapp.service' to inspect the service logs.
B.Run 'dmesg' to view kernel messages.
C.Run 'ps aux | grep myapp' to check if the process is running.
D.Edit the service file with 'systemctl edit myapp' and increase timeout values.
AnswerA

journalctl with the unit flag shows logs for that specific service, revealing startup errors.

Why this answer

The 'journalctl -u myapp.service' command retrieves the systemd journal logs specifically for the myapp service, which contain the service's stdout, stderr, and any error messages generated during its failed startup attempt. Since the service failed with an exit code, these logs are the most direct source of diagnostic information to identify why the process terminated abnormally.

Exam trap

The trap here is that candidates often jump to checking running processes with 'ps' or kernel messages with 'dmesg', but the correct first step is always to consult the service-specific logs via 'journalctl' because systemd captures the exact failure reason from the service's own output.

How to eliminate wrong answers

Option B is wrong because 'dmesg' displays kernel ring buffer messages, which are primarily for hardware, driver, and kernel-level issues, not for application-level service failures like a process exiting with a non-zero code. Option C is wrong because 'ps aux | grep myapp' checks for currently running processes, but since the service has already failed and exited, this command will not show the failed process or provide any information about why it failed. Option D is wrong because editing the service file to increase timeout values is a premature corrective action taken without first diagnosing the root cause; the failure is due to an exit code, not a timeout, so this would not address the actual problem.

26
MCQmedium

A user runs the ping command and receives the output shown in the exhibit. Which of the following is the MOST likely cause of the issue?

A.The destination host is down.
B.The local system does not have a default gateway configured.
C.There is a routing loop causing packets to be dropped.
D.The TTL value in the ping packet is too low.
AnswerD

TTL exceeded indicates the packet's TTL reached zero before reaching the destination.

Why this answer

The output shows 'Request timed out' or similar, which can occur when the TTL (Time to Live) value in the ping packet expires before reaching the destination. A TTL that is too low causes routers to decrement the value to zero and drop the packet, sending an ICMP Time Exceeded message back to the sender, but if the sender does not receive a reply, it indicates the packet never reached the destination. This is the most likely cause because the ping command uses a default TTL (e.g., 128 on Windows, 64 on Linux), and if the path requires more hops, the packet is silently discarded.

Exam trap

The trap here is that candidates often assume 'Request timed out' always means the destination is down, but Cisco tests the nuance that a low TTL can cause silent packet drops without any ICMP error reaching the source, especially if the source does not process ICMP Time Exceeded messages or if the router is configured to drop rather than notify.

How to eliminate wrong answers

Option A is wrong because if the destination host were down, the local system would typically receive an ICMP Destination Unreachable (Host Unreachable) message from the last-hop router, not a simple timeout, unless the router also lacks a route. Option B is wrong because a missing default gateway would prevent any outbound traffic, causing all pings to fail with 'Destination host unreachable' at the local system, not a timeout after multiple hops. Option C is wrong because a routing loop causes packets to circulate indefinitely until TTL expires, which would generate ICMP Time Exceeded messages and potentially show varying TTL values in ping output, not consistent timeouts without any response.

27
MCQmedium

A Linux administrator receives reports that a web application hosted on the company's internal server is intermittently slow. The server runs CentOS 7 and hosts multiple virtual hosts. The administrator checks system resources and notices that the system's swap usage is high. Which of the following is the MOST likely cause of the performance issue?

A.Misconfigured virtual host causing memory leaks
B.Insufficient physical memory for the workload
C.Network congestion on the internal network
D.Excessive CPU load from a runaway process
AnswerB

Insufficient RAM forces the kernel to use swap, leading to high swap usage and performance degradation.

Why this answer

High swap usage indicates that the system is actively paging memory to disk because the available physical RAM is insufficient to hold the active working set. This causes significant latency because disk I/O is orders of magnitude slower than RAM, leading to intermittent slowdowns for the web application. The fact that multiple virtual hosts are running on CentOS 7 increases the memory demand, making insufficient physical memory the most likely root cause.

Exam trap

The trap here is that candidates often associate performance issues with CPU or network problems first, overlooking that high swap usage is a direct indicator of memory exhaustion, not a symptom of CPU load or network congestion.

How to eliminate wrong answers

Option A is wrong because a misconfigured virtual host causing memory leaks would manifest as steadily increasing memory consumption over time, not necessarily as high swap usage; while it could contribute, the direct symptom of high swap points to a physical memory shortage rather than a leak. Option C is wrong because network congestion would cause packet loss, retransmissions, or high latency on the network interface, not high swap usage in system memory statistics. Option D is wrong because excessive CPU load from a runaway process would be visible in CPU utilization metrics (e.g., via top or uptime), not directly in swap usage; high swap can occur with low CPU load if memory is the bottleneck.

28
MCQhard

An administrator runs 'mount -a' and receives the error shown in the exhibit. The /home partition was recently removed and replaced with a new disk. Which of the following steps should the administrator take to resolve the issue?

A.Run 'mount /dev/sda3 /home' to mount the partition manually.
B.Run 'fsck /dev/sda3' to check the filesystem.
C.Run 'mkfs.ext4 /dev/sda3' to create a new filesystem.
D.Run 'blkid /dev/sda3' to find the new UUID and update /etc/fstab.
AnswerD

blkid shows the new UUID, which can be used to replace the old UUID in fstab.

Why this answer

The error occurs because the /home partition was replaced with a new disk, so its UUID (or device identifier) in /etc/fstab no longer matches the actual disk. Running 'blkid /dev/sda3' retrieves the new UUID, which must then be updated in /etc/fstab so that 'mount -a' can mount the correct device automatically.

Exam trap

The trap here is that candidates may assume the filesystem is damaged or needs reformatting (options B or C), when in fact the error stems from a stale UUID reference in /etc/fstab after disk replacement.

How to eliminate wrong answers

Option A is wrong because manually mounting with 'mount /dev/sda3 /home' would work temporarily but does not fix the underlying fstab misconfiguration, so the error would persist on reboot. Option B is wrong because 'fsck' checks and repairs filesystem integrity, but the error here is a missing or mismatched device identifier, not a corrupt filesystem. Option C is wrong because 'mkfs.ext4' creates a new filesystem, which would destroy existing data and is unnecessary if the filesystem is already intact; the problem is purely a UUID mismatch in fstab.

29
MCQeasy

A user runs a command and receives the error 'bash: myapp: command not found'. The administrator confirms the binary exists in /usr/local/bin. Which environment variable should be checked?

A.HOME
B.SHELL
C.LD_LIBRARY_PATH
D.PATH
AnswerA

Not relevant; PATH is the correct variable.

Why this answer

The PATH environment variable defines the directories the shell searches for executables when a command is typed. Even though the binary exists in /usr/local/bin, if that directory is not listed in PATH, the shell will not find it and will return 'command not found'. Checking and correcting PATH resolves this issue.

Exam trap

The trap here is that candidates may confuse PATH with LD_LIBRARY_PATH or assume the binary's existence alone guarantees it can be run, overlooking the shell's directory search mechanism.

How to eliminate wrong answers

Option A (HOME) is incorrect because HOME specifies the user's home directory, not the search path for executables. Option B (SHELL) is incorrect because SHELL indicates the default shell program (e.g., /bin/bash), not the directory search order. Option C (LD_LIBRARY_PATH) is incorrect because it controls the search path for shared libraries at runtime, not for executable commands.

30
MCQmedium

A cron job runs a script that fails because the command 'myapp' is not found. The script works when run manually by the same user. What is the most likely cause?

A.The user does not have a home directory
B.The cron daemon is not running
C.The script has syntax errors
D.The PATH environment variable is different
AnswerD

Cron uses a restricted PATH; the full path to 'myapp' should be specified in the crontab or script.

Why this answer

When a cron job runs, it executes with a minimal environment, typically inheriting only a limited PATH (often just /usr/bin:/bin). The 'myapp' command is not found because its location (e.g., /usr/local/bin) is not in cron's PATH. When the same user runs the script manually, their interactive shell sources profile files (like .bash_profile or .bashrc) that set a more complete PATH, including the directory containing 'myapp'.

This discrepancy is the most common cause of such failures.

Exam trap

The trap here is that candidates may assume the script has a syntax error or that the cron daemon is failing, when the real issue is the stripped-down environment (especially PATH) that cron provides, which differs from the interactive shell environment.

How to eliminate wrong answers

Option A is wrong because a missing home directory would cause other issues (e.g., cron job output not being mailed, or environment variable failures), but it does not directly prevent command resolution; cron jobs can run without a home directory. Option B is wrong because if the cron daemon were not running, the job would not execute at all, not fail with a 'command not found' error. Option C is wrong because syntax errors would cause the script to fail regardless of whether it is run manually or by cron, and the script works when run manually, ruling out syntax issues.

31
MCQhard

A Linux server experiences intermittent network connectivity issues. The administrator suspects a duplex mismatch. Which tool can best confirm duplex and speed settings on a network interface?

A.mii-tool eth0
B.dmesg | grep eth0
C.ip link show eth0
D.ethtool eth0
AnswerD

ethtool shows detailed NIC settings including negotiated speed and duplex.

Why this answer

Option D is correct because `ethtool eth0` is the standard Linux utility for querying and controlling network interface driver and hardware settings, including negotiated speed and duplex mode. It directly displays the current link status, speed (e.g., 1000Mb/s), and duplex (full/half), making it the best tool to confirm a duplex mismatch.

Exam trap

The trap here is that candidates confuse `ip link show` (which shows link state but not speed/duplex) with `ethtool` (which provides the actual negotiated parameters), leading them to pick option C because they think 'ip' is the modern replacement for all interface queries.

How to eliminate wrong answers

Option A is wrong because `mii-tool` is a legacy utility for MII-capable interfaces and does not support modern Ethernet hardware (e.g., 1GbE or higher), often failing or returning inaccurate results on contemporary NICs. Option B is wrong because `dmesg | grep eth0` shows kernel ring buffer messages, which may include driver initialization logs but does not provide real-time, dynamic link speed or duplex information. Option C is wrong because `ip link show eth0` displays administrative and operational state (UP/DOWN) and basic flags, but it does not report negotiated speed or duplex settings; it lacks the detailed PHY-level information that `ethtool` provides.

32
MCQmedium

A system administrator notices that the /var partition is full, causing log services to malfunction. Which command should be used to quickly reclaim space by removing compressed old log files?

A.journalctl --vacuum-size=100M
B.find /var/log -type f -name '*.gz' -delete
C.rm -rf /var/log/*.gz
D.logrotate -f
AnswerB

Safely finds and deletes .gz files, reclaiming space efficiently.

Why this answer

Option B is correct because it uses `find` to locate all files ending in `.gz` under `/var/log` and deletes them with `-delete`. Compressed old log files are typically archived with gzip, so removing them directly reclaims disk space without affecting active logs or requiring additional tools.

Exam trap

The trap here is that candidates may choose `logrotate -f` thinking it cleans up old logs, but it actually triggers rotation and compression, which can fill the partition further instead of freeing space.

How to eliminate wrong answers

Option A is wrong because `journalctl --vacuum-size=100M` only affects the systemd journal logs, not compressed old log files in `/var/log`; it reduces journal size but does not remove `.gz` files. Option C is wrong because `rm -rf /var/log/*.gz` uses a glob pattern that may fail if the file list is too long (argument list overflow) and does not handle subdirectories recursively, unlike `find`. Option D is wrong because `logrotate -f` forces a log rotation cycle, which compresses or archives current logs but does not remove already compressed old log files; it may even create new compressed files, worsening the space issue.

33
MCQeasy

A Linux system fails to boot after a disk replacement. The administrator examines /etc/fstab and sees the above. What is the most likely result of this configuration?

A.The system will boot into an emergency shell
B.The system will boot normally using the device name
C.The system will ignore the incorrect UUID and try next entry
D.The system will prompt for manual fsck
AnswerA

Root mount failure causes emergency mode.

Why this answer

The /etc/fstab entry contains an incorrect UUID for the root filesystem. During boot, systemd reads fstab and attempts to mount the root partition using the specified UUID. When the UUID does not match any available block device, the mount fails, and because the root filesystem is critical, the system drops into an emergency shell to allow manual intervention.

Exam trap

The trap here is that candidates assume the system will fall back to the device name or skip the entry, but Linux strictly requires the exact UUID for mounting and will drop to an emergency shell on failure.

How to eliminate wrong answers

Option B is wrong because the system does not fall back to using the device name; if the UUID is wrong, the mount fails regardless of whether a device name is also present. Option C is wrong because fstab entries are processed sequentially, but a failed mount for a critical filesystem (like /) halts the boot process; the system does not skip to the next entry. Option D is wrong because the system does not prompt for manual fsck; fsck is triggered only if a filesystem check is required, not for a missing or incorrect UUID.

34
Multi-Selectmedium

Which TWO of the following are common causes of a system failing to boot? (Select two.)

Select 2 answers
A.A full hard drive
B.An incorrect system time zone
C.A corrupted kernel image
D.A misconfigured GRUB configuration file
E.An incorrect IP address in /etc/network/interfaces
AnswersC, D

Causes failure to boot.

Why this answer

A corrupted kernel image prevents the bootloader from loading the kernel into memory, causing the boot process to fail at the stage where the kernel is executed. Without a valid kernel, the system cannot initialize hardware or start the init process, resulting in a kernel panic or a hang.

Exam trap

CompTIA often tests the distinction between boot-time failures (kernel/GRUB issues) and post-boot configuration errors (time zone, IP address), so the trap here is that candidates mistakenly think a full hard drive or incorrect IP address can prevent booting, when in reality those only affect functionality after the OS is running.

35
MCQhard

During a security audit, a Linux administrator finds that an unauthorized service is listening on TCP port 4444. The service is not managed by systemd. Which of the following commands should the administrator use to identify the process and disable it?

A.Run 'ss -tlnp | grep :4444' to find the PID, then use 'kill' to terminate the process.
B.Run 'fuser 4444/tcp' to find the PID and then use 'systemctl stop' to stop the service.
C.Run 'lsof -i :4444' to find the PID, then use 'systemctl disable' to disable the service.
D.Run 'systemctl status' to find the service name, then use 'systemctl stop' to stop it.
AnswerA

ss -tlnp shows listening sockets with PIDs; kill can then stop the process.

Why this answer

Option A is correct because 'ss -tlnp' lists TCP listening sockets with numeric addresses and the associated process PID. Piping the output through 'grep :4444' isolates the unauthorized service, and the PID can then be used with 'kill' to terminate the process. Since the service is not managed by systemd, systemctl commands are irrelevant, making 'kill' the appropriate method to stop the process.

Exam trap

The trap here is that candidates assume all services are managed by systemd and reach for 'systemctl stop' or 'systemctl disable', but the question explicitly states the service is not managed by systemd, so only process-level commands like 'kill' are valid.

How to eliminate wrong answers

Option B is wrong because 'fuser 4444/tcp' requires the port to be specified in a different syntax (e.g., 'fuser 4444/tcp' is invalid; the correct syntax is 'fuser 4444/tcp' but it returns a PID, not a service name, and then using 'systemctl stop' is incorrect because the service is not managed by systemd. Option C is wrong because while 'lsof -i :4444' can find the PID, 'systemctl disable' is used to prevent a systemd service from starting at boot, not to stop a running process, and it cannot disable a non-systemd service. Option D is wrong because 'systemctl status' requires a known service name and only works with systemd-managed services; the unauthorized service is not managed by systemd, so this command cannot identify it.

36
MCQmedium

After editing the network configuration file /etc/sysconfig/network-scripts/ifcfg-ens33 on a CentOS system, the network service fails to restart with an error message. Which command should be used to display detailed error messages from the network service?

A.ip link
B.systemctl status network
C.journalctl -u network
D.ifconfig
AnswerB

Shows service status and recent log entries.

Why this answer

The `systemctl status network` command is the correct tool to display detailed error messages from the network service because it shows the current status, recent log entries, and any failure messages from the systemd unit managing the network service. On CentOS, network services are controlled by systemd, and `systemctl status` directly queries the unit's state and journal for errors, making it the most straightforward diagnostic command after a restart failure.

Exam trap

The trap here is that candidates often choose `journalctl -u network` (Option C) because they know it shows logs, but they overlook that `systemctl status network` is the more direct and concise command for viewing the immediate failure reason and service state, as specified in the XK0-005 objectives for troubleshooting systemd services.

How to eliminate wrong answers

Option A is wrong because `ip link` only displays and manages network interface link-layer states (e.g., up/down, MAC addresses) and does not retrieve service-level error messages or logs from the network service. Option C is wrong because `journalctl -u network` displays the full journal log for the network unit, which can show errors, but it is not the primary command to display detailed error messages immediately after a restart failure; `systemctl status` provides a concise summary including the last few log lines and the exact failure reason. Option D is wrong because `ifconfig` is a deprecated command for configuring network interfaces and does not interact with systemd or the network service's error reporting at all.

37
MCQhard

The system is a web server running Apache and MySQL. Based on the exhibit, which of the following is the most likely cause of the full disk?

A.A user has filled their home directory
B.Apache access and error logs are growing unchecked
C.The /tmp directory is not being cleaned
D.The MySQL database has grown too large
AnswerB

Correct: Web server logs commonly fill root partitions.

Why this answer

Apache access and error logs are a common cause of full disks on web servers because they can grow unchecked, consuming all available space. By default, Apache logs are stored in /var/log/httpd/ or /var/log/apache2/ and are not rotated unless logrotate is configured. The exhibit likely shows a high percentage of disk usage in /var/log, confirming that log files are the culprit.

Exam trap

CompTIA often tests the candidate's ability to distinguish between common disk-filling causes (logs, databases, user files) by presenting a scenario where the exhibit shows a specific directory (like /var/log) as full, leading candidates to overlook the log rotation misconfiguration and instead blame MySQL or user home directories.

How to eliminate wrong answers

Option A is wrong because a user's home directory filling up would typically affect /home, not the system partition where Apache logs reside, and the exhibit likely shows /var/log as the full partition. Option C is wrong because /tmp is usually on a separate filesystem or cleaned on reboot, and its growth would not typically cause a full disk on a production web server without other symptoms. Option D is wrong because MySQL database growth would be reflected in /var/lib/mysql, not in /var/log, and the exhibit points to log files as the issue.

38
MCQmedium

A CentOS 7 web server experienced an abrupt power loss. Upon reboot, the httpd service fails to start. The administrator runs `systemctl status httpd` and sees 'Active: failed (Result: exit-code)'. The journal displays 'Permission denied: "/var/www/html/index.html"'. The file `/var/www/html/index.html` has permissions `-rw-r--r--` and is owned by `apache:apache`. SELinux is in enforcing mode. Which action should the administrator take to resolve the issue?

A.Disable SELinux temporarily with setenforce 0.
B.Change the file ownership to root:root using chown.
C.Execute restorecon -R /var/www/html to restore SELinux contexts.
D.Set the SELinux boolean httpd_can_network_connect to on.
AnswerC

Restores default SELinux labels, which may have been corrupted during power loss.

Why this answer

The httpd service fails because SELinux is in enforcing mode and the file /var/www/html/index.html has an incorrect SELinux context, likely httpd_sys_content_t. The restorecon -R /var/www/html command restores the default SELinux security contexts for the directory and its contents, allowing Apache to read the file. This is the standard fix when SELinux contexts are lost or corrupted, such as after a power loss or file restoration.

Exam trap

The trap here is that candidates may confuse file permissions (rw-r--r--) with SELinux contexts, or assume ownership changes are needed, when the real issue is a missing or incorrect SELinux label that restorecon fixes.

How to eliminate wrong answers

Option A is wrong because disabling SELinux with setenforce 0 temporarily bypasses security but is not a proper fix; it weakens system security and does not address the underlying context issue. Option B is wrong because changing ownership to root:root would prevent the Apache user (apache) from accessing the file, worsening the problem. Option D is wrong because the httpd_can_network_connect boolean controls network connections from httpd, not file access permissions; it is irrelevant to the 'Permission denied' error on a local file.

39
MCQhard

Given the journalctl output for the httpd service, which of the following is the most likely cause?

A.The /var/www directory is missing the execute (x) permission for the Apache user
B.The file /var/www/html/index.html has incorrect SELinux context
C.The Apache service is running under the wrong user
D.The file /var/www/html/index.html is missing read permission for the Apache user
AnswerA

Directories need execute permission to traverse.

Why this answer

The error explicitly states missing search permissions on a component of the path, which typically means a directory in the path lacks execute permission. The most common cause is the /var/www directory lacking execute permission for the Apache user.

40
MCQeasy

A technician needs to troubleshoot a system that is not booting. Which of the following is the most appropriate first step when using a rescue environment?

A.Mount the root filesystem to /mnt/sysimage.
B.Check the system logs in /var/log/messages.
C.Run fsck on all partitions.
D.Reinstall the bootloader immediately.
AnswerA

This is the standard procedure to access the installed system from the rescue environment.

Why this answer

When using a rescue environment, the first priority is to gain access to the system's configuration and log files by mounting the root filesystem. Mounting to /mnt/sysimage (a conventional mount point in Red Hat-based rescue modes) allows the technician to chroot into the environment and treat it as the running system, enabling further troubleshooting steps like checking logs or repairing the bootloader. This step is foundational because without the root filesystem mounted, commands like checking logs or running fsck cannot operate on the actual system data.

Exam trap

The trap here is that candidates often jump to checking logs or running fsck first, not realizing that without mounting the root filesystem, those actions are either impossible or operate on the rescue environment's own filesystem rather than the broken system's data.

How to eliminate wrong answers

Option B is wrong because checking system logs in /var/log/messages requires the root filesystem to be mounted first; without mounting, the logs are inaccessible from the rescue environment. Option C is wrong because running fsck on all partitions prematurely can cause data corruption if filesystems are already mounted or if the root filesystem is not yet accessible; fsck should be run after mounting and only on unmounted or read-only partitions as needed. Option D is wrong because reinstalling the bootloader immediately is a drastic step that should only be taken after diagnosing the actual cause of the boot failure, such as a corrupted bootloader configuration or missing kernel; doing so without mounting the root filesystem may overwrite critical boot data without understanding the underlying issue.

41
MCQmedium

A user is able to ping the Linux server but cannot connect via SSH. The SSH service is running and listening. Which configuration file should the administrator review FIRST?

A./etc/pam.d/login
B./etc/ssh/sshd_config
C./etc/nsswitch.conf
D./etc/hosts.allow
AnswerB

Contains authentication methods and other critical settings.

Why this answer

The correct answer is B because the SSH service is running and listening, but the user cannot connect. This points to a configuration issue within the SSH daemon itself. The `/etc/ssh/sshd_config` file controls SSH server settings such as allowed authentication methods, port numbers, and user access restrictions (e.g., `AllowUsers`, `DenyUsers`, `PermitRootLogin`).

Reviewing this file first is the logical step to identify why connections are being rejected despite the service being active.

Exam trap

The trap here is that candidates often jump to `/etc/hosts.allow` or PAM files because they associate 'cannot connect' with access control or authentication, but the question specifies the service is running and listening, which narrows the issue to SSH-specific configuration in `sshd_config`.

How to eliminate wrong answers

Option A is wrong because `/etc/pam.d/login` is used for local console login authentication via PAM, not for SSH connections; SSH uses its own PAM service file (e.g., `/etc/pam.d/sshd`) if PAM is enabled. Option C is wrong because `/etc/nsswitch.conf` controls name service resolution order (e.g., files, DNS, LDAP) and does not affect SSH connectivity or authentication. Option D is wrong because `/etc/hosts.allow` is part of the TCP Wrappers system (libwrap), which is deprecated and not used by modern SSH daemons; SSH typically does not consult this file unless explicitly compiled with libwrap support, which is rare in current distributions.

42
MCQmedium

A user reports that a recently installed application fails to start. The application was installed via a shell script that added a repository and installed the package. The user runs 'ldd /usr/bin/app' and sees several 'not found' libraries. Which of the following is the MOST likely cause?

A.The installation script did not install all required dependencies.
B.The kernel version is outdated.
C.SELinux is blocking the application.
D.The file system is corrupted.
AnswerA

The 'not found' libraries indicate missing dependencies, which can occur if the script failed to install all required packages.

Why this answer

The `ldd` command lists shared library dependencies for a binary. When it reports 'not found' libraries, it means the dynamic linker cannot locate the required `.so` files. Since the application was installed via a shell script that added a repository and installed the package, the most likely cause is that the script failed to install all required dependencies, leaving the binary unable to resolve its shared library links.

Exam trap

The trap here is that candidates may confuse library resolution failures with permission or security issues (like SELinux), but `ldd` output directly points to missing files, not access control.

How to eliminate wrong answers

Option B is wrong because an outdated kernel version would not cause specific shared libraries to be missing; it might cause system call incompatibilities, but `ldd` would still find the libraries if they were installed. Option C is wrong because SELinux blocks access based on security contexts, not by making libraries disappear from the filesystem; `ldd` would still resolve the libraries, though execution might be denied. Option D is wrong because file system corruption would likely cause broader system issues or error messages beyond just missing libraries in `ldd` output, and `ldd` would typically report I/O errors or file not found for the binary itself, not specific library dependencies.

43
MCQeasy

A Linux administrator needs to find large log files that may be consuming disk space. Which command should be used to locate files larger than 100MB in the /var/log directory?

A.df -h
B.ls -lR /var/log
C.find /var/log -type f -size +100M
D.du -sh /var/log/*
AnswerC

Correct: Finds files larger than 100MB.

Why this answer

The `find` command with `-type f` (regular files) and `-size +100M` (files larger than 100 megabytes) is the correct tool to locate large log files in /var/log. This directly meets the requirement to find files by size, unlike other commands that only show disk usage or directory listings without size filtering.

Exam trap

The trap here is that candidates often confuse `du` (disk usage of directories) or `df` (filesystem free space) with `find`'s file-size filtering, leading them to choose options that show aggregate usage rather than locating individual large files.

How to eliminate wrong answers

Option A is wrong because `df -h` reports filesystem-level disk usage (e.g., total, used, available space on mounted partitions), not individual file sizes. Option B is wrong because `ls -lR /var/log` recursively lists all files and directories with details but does not filter by size, requiring manual inspection to find large files. Option D is wrong because `du -sh /var/log/*` shows the total disk usage of each top-level item in /var/log, but it does not filter for files larger than 100MB and may miss files nested deeper in subdirectories.

44
MCQeasy

Refer to the exhibit. A Linux administrator runs the netstat command to check listening services. The output shows that services are listening on ports 22, 80, and 443. Which of the following conclusions is correct based on the exhibit?

A.The Apache HTTP server is running and listening on both port 80 and port 443
B.The HTTP server is only listening on the loopback interface
C.A firewall is blocking incoming connections to port 443
D.The SSH daemon is configured to listen on a non-standard port
AnswerA

The exhibit shows httpd (Apache) listening on ports 80 and 443.

Why this answer

The netstat output shows services listening on ports 80 and 443, which are the standard ports for HTTP and HTTPS respectively. Apache HTTP server is the most common service that listens on both these ports simultaneously. The fact that both ports are listed as listening indicates that Apache (or another web server) is bound to these ports and ready to accept connections.

Exam trap

CompTIA often tests the distinction between a service listening on a port and a firewall blocking traffic to that port; candidates mistakenly think a listening service means traffic is reaching it, but netstat only shows the socket state, not firewall rules.

How to eliminate wrong answers

Option B is wrong because the netstat output does not show the listening address as 127.0.0.1 or ::1; it shows 0.0.0.0 or a specific IP, meaning it listens on all interfaces, not just loopback. Option C is wrong because netstat shows the service as listening on port 443; a firewall blocking incoming connections would not prevent the service from listening, it would only block inbound packets from reaching the listening socket. Option D is wrong because SSH daemon (sshd) by default listens on port 22, which is the standard port, not a non-standard one.

45
MCQhard

A developer reports that a Docker container on a CentOS 7 host cannot connect to the internet. The host itself can access the internet. The container is started with default bridge network. The administrator checks iptables and sees the FORWARD policy is DROP. What is the most likely cause and solution?

A.The container needs to be run with --network host.
B.The container's DNS configuration is incorrect.
C.Add iptables rules to allow forwarding and enable masquerading.
D.AppArmor is blocking outbound connections.
AnswerC

Docker manages iptables, but if the FORWARD policy is DROP without proper rules, container traffic is blocked. Adding rules or restarting Docker restores connectivity.

Why this answer

The default Docker bridge network relies on iptables NAT (masquerading) and FORWARD rules to allow containers to reach external networks. When the FORWARD policy is set to DROP, the host drops all forwarded packets from the container, blocking outbound internet access. Adding iptables rules to allow forwarding (e.g., `-A FORWARD -i docker0 -j ACCEPT`) and enabling masquerading (e.g., `-t nat -A POSTROUTING -s 172.17.0.0/16 -o eth0 -j MASQUERADE`) restores connectivity.

Exam trap

The trap here is that candidates may assume DNS or network mode is the issue, but the explicit mention of the FORWARD policy being DROP directly points to a missing iptables forwarding rule, which is a classic Linux networking troubleshooting scenario.

How to eliminate wrong answers

Option A is wrong because `--network host` bypasses Docker's network isolation and uses the host's network stack directly, which is unnecessary and reduces security; the issue is specifically with the default bridge and iptables forwarding, not the network mode. Option B is wrong because DNS configuration affects name resolution, not raw IP connectivity; the container cannot reach any external IP, indicating a packet forwarding problem rather than a DNS issue. Option D is wrong because AppArmor is a Linux Security Module (LSM) that confines programs via profiles, but it does not manage network forwarding or iptables policies; CentOS 7 uses SELinux by default, not AppArmor, and the symptom points to iptables, not mandatory access control.

46
MCQhard

A company runs a critical web application on a Linux server. The server has 16GB RAM and 4 CPU cores. Recently, users have reported intermittent timeouts and slow response times. The administrator logs in and runs 'top', which shows the web server process using 200% CPU (multi-threaded) and 2GB RAM. Free memory is 12GB, and swap usage is 0. The load average is 3.5, 4.0, 4.2. The administrator checks 'dmesg' and sees no OOM or hardware errors. The web server logs show many 'connection refused' errors during peak times. The application is configured to handle up to 500 concurrent connections. The administrator suspects the issue is related to the number of worker processes or threads. Which of the following is the BEST course of action to resolve the issue?

A.Increase the number of worker processes or threads in the web server configuration.
B.Add more CPU cores by migrating to a larger instance.
C.Decrease the number of worker processes to reduce CPU load.
D.Add more RAM to the server.
AnswerA

This directly addresses the connection refused errors by allowing more concurrent connections.

Why this answer

The web server is using 200% CPU (multi-threaded) and has 12GB free RAM with no swap usage, indicating CPU is the bottleneck, not memory. The load average (3.5–4.2) exceeds the 4 CPU cores, meaning the system is overloaded with processes/threads. The 'connection refused' errors during peak times suggest the server is hitting its connection limit (500 concurrent connections) and rejecting new ones.

Increasing worker processes/threads allows the server to handle more concurrent connections, utilizing the available CPU cores more efficiently to reduce timeouts and refusals.

Exam trap

CompTIA often tests the misconception that high CPU usage always means the server needs fewer workers or more hardware, but the real issue here is that the server is rejecting connections because it has too few workers to handle the configured 500 concurrent connections, not because the CPU is overloaded by existing workers.

How to eliminate wrong answers

Option B is wrong because adding more CPU cores does not address the root cause—the web server is already CPU-bound with 200% usage, but the issue is insufficient worker processes to handle peak connections, not a lack of cores; migrating to a larger instance is an expensive and unnecessary overprovisioning. Option C is wrong because decreasing worker processes would reduce the number of concurrent connections the server can handle, worsening the 'connection refused' errors and increasing timeouts. Option D is wrong because 12GB of free RAM and 0 swap usage indicate memory is not a constraint; adding RAM does not resolve the CPU-bound connection handling limit.

47
MCQmedium

After a system update, a custom application no longer runs due to a shared library error. The library exists on the system but is in a non-standard path. Which environment variable should be checked or set to resolve this?

A.LD_PRELOAD
B.PATH
C.LD_LIBRARY_PATH
D.LD_RUN_PATH
AnswerC

This environment variable tells the dynamic linker where to find libraries.

Why this answer

Option C is correct because the LD_LIBRARY_PATH environment variable tells the dynamic linker (ld.so) where to search for shared libraries before the standard system paths. When a custom application fails with a shared library error after an update, and the library exists in a non-standard path, setting LD_LIBRARY_PATH to include that path resolves the issue by allowing the linker to find the library at runtime.

Exam trap

CompTIA often tests the distinction between LD_LIBRARY_PATH (runtime library search path) and LD_RUN_PATH (link-time RPATH embedding), causing candidates to confuse the two when the question explicitly mentions a runtime error after an update.

How to eliminate wrong answers

Option A is wrong because LD_PRELOAD is used to force the loading of a specific shared library before all others, typically for overriding functions or debugging, not for adding a search path for missing libraries. Option B is wrong because PATH controls the search path for executable binaries, not for shared libraries; it is used by the shell to find commands, not by the dynamic linker. Option D is wrong because LD_RUN_PATH is used at link time (when building the application) to embed a library search path into the binary's RPATH, not at runtime to resolve a missing library after the system update.

48
Multi-Selecteasy

A system administrator needs to identify which processes are consuming the most memory on a Linux server. Which two commands can be used? (Select TWO).

Select 2 answers
A.vmstat
B.ps -aux
C.free -m
D.top
E.df -h
AnswersB, D

Can be sorted by memory usage using --sort=-%mem.

Why this answer

The `ps -aux` command displays all running processes with detailed information, including memory usage (%MEM and RSS). The `top` command provides a real-time, interactive view of processes sorted by memory consumption by default. Both commands directly show per-process memory usage, making them suitable for identifying the most memory-intensive processes.

Exam trap

The trap here is that candidates confuse system-wide memory reporting commands (like `free` or `vmstat`) with per-process memory analysis tools, leading them to select options that show total memory usage rather than identifying which specific processes are consuming it.

49
MCQeasy

A user cannot start the Apache web service. The command 'systemctl start httpd' returns 'Failed to start httpd.service: Unit not found.' What is the most likely cause?

A.Network configuration is incorrect
B.Incorrect file permissions on /etc/httpd/
C.The httpd package is not installed
D.Disk space is full
AnswerC

Unit not found typically means the service is not installed.

Why this answer

The error 'Failed to start httpd.service: Unit not found' indicates that systemd cannot locate a service unit file for httpd. This most commonly occurs when the httpd package (Apache HTTP Server) is not installed on the system. Without the package, no service unit file exists under /usr/lib/systemd/system/, so systemctl cannot start the service.

Exam trap

The trap here is that candidates may confuse a missing package with a service that is installed but not enabled or has configuration issues, leading them to select options like incorrect permissions or network configuration instead of recognizing the fundamental absence of the service unit.

How to eliminate wrong answers

Option A is wrong because an incorrect network configuration would not cause systemd to report 'Unit not found'; it would typically result in a different error such as a timeout or failure to bind to an address. Option B is wrong because incorrect file permissions on /etc/httpd/ would not prevent systemd from finding the service unit; the unit file is located in /usr/lib/systemd/system/, not in /etc/httpd/. Option D is wrong because a full disk would produce a different error, such as 'No space left on device' or a failure to write logs, not a 'Unit not found' message from systemd.

50
MCQhard

Refer to the exhibit. A user cannot access a web server, but another host on the same subnet can. What is the most likely cause?

A.The network router is blocking the user's traffic.
B.The web server is down.
C.DNS is resolving to the wrong IP for the user.
D.The user's workstation has a local firewall blocking outbound HTTPS.
AnswerD

The iptables output shows no rules, but the user's workstation gets 'Connection refused' while another host succeeds, indicating the issue is local to the workstation. A local firewall (e.g., software firewall) might be blocking outbound 443.

51
MCQhard

A server is unable to resolve hostnames via DNS. The /etc/resolv.conf file appears correct. Which command can be used to test DNS resolution and display the full query path?

A.nslookup example.com
B.host example.com
C.resolvectl query example.com
D.dig +trace example.com
AnswerD

Correct: Traces the full DNS resolution path.

Why this answer

The `dig +trace example.com` command performs a full iterative DNS resolution from the root nameservers down to the authoritative nameservers for the queried domain, displaying each step of the query path. This is the correct choice because the question specifically asks to 'display the full query path,' which `+trace` provides by following referrals step by step, unlike simpler queries that only show the final answer.

Exam trap

The trap here is that candidates often confuse simple DNS lookup tools (like `nslookup` or `host`) with the `dig +trace` option, assuming any DNS query tool can show the full resolution path, but only `dig +trace` explicitly performs and displays each iterative step.

How to eliminate wrong answers

Option A is wrong because `nslookup example.com` performs a recursive query to the configured DNS resolver and only returns the final answer (or an error), not the full query path. Option B is wrong because `host example.com` similarly performs a simple forward lookup and does not trace the iterative resolution steps. Option C is wrong because `resolvectl query example.com` is a systemd-resolved command that queries the local resolver cache or stub resolver, not performing a full trace of the DNS hierarchy.

52
MCQhard

A system administrator is troubleshooting a network issue on a Linux server running CentOS 7. The server is unable to connect to the internet, but internal network connections work fine. The administrator checks the network configuration: the server has a static IP 192.168.1.100/24, default gateway 192.168.1.1, and DNS server 8.8.8.8. The administrator can ping the gateway but cannot ping 8.8.8.8. From the server, a traceroute to 8.8.8.8 stops at the gateway. The administrator also notices that the route table shows a default route via 192.168.1.1. What is the most likely cause?

A.The router is not performing NAT correctly
B.The DNS server is not responding
C.The default gateway is not reachable
D.The subnet mask is incorrectly configured
AnswerA

The traceroute stopping at the gateway suggests the router is not forwarding packets to the internet, likely due to NAT misconfiguration.

Why this answer

The server can ping the gateway (192.168.1.1) but cannot reach 8.8.8.8, and traceroute stops at the gateway. This indicates that the server’s default route is correctly configured and the gateway is reachable, but the router is not forwarding traffic beyond the local subnet. Since internal connections work, the most likely cause is that the router is not performing Network Address Translation (NAT) correctly, which is required to translate private IP addresses (192.168.x.x) to a public IP for internet access.

Exam trap

The trap here is that candidates may think a reachable gateway and a default route guarantee internet connectivity, but they overlook the necessity of NAT for private-to-public IP translation in a typical SOHO or enterprise network.

How to eliminate wrong answers

Option B is wrong because the DNS server (8.8.8.8) is being tested via ICMP ping, not DNS resolution; a non-responding DNS server would not prevent a ping to that IP. Option C is wrong because the administrator can successfully ping the default gateway (192.168.1.1), confirming it is reachable. Option D is wrong because the subnet mask /24 is correct for the 192.168.1.0/24 network, and internal connections work, so there is no subnet mismatch.

53
MCQmedium

After updating the kernel, the system fails to boot and displays 'Error 15: File not found' from GRUB. What is the most likely cause?

A.The GRUB configuration file is missing
B.The kernel image is missing or the path in grub.cfg is incorrect
C.The initramfs image is missing
D.The hard drive has failed
AnswerB

Correct: Error 15 means file not found, likely kernel.

Why this answer

GRUB error 15 indicates that the specified file path in the GRUB configuration (grub.cfg) cannot be found. Since the error occurs after a kernel update, the most likely cause is that the new kernel image file is missing from the boot partition or the path in grub.cfg does not match the actual file location, preventing GRUB from loading the kernel.

Exam trap

The trap here is that candidates often confuse GRUB error 15 with a missing initramfs, but error 15 occurs specifically when the kernel image path is invalid, while a missing initramfs causes a kernel panic after the kernel starts loading.

How to eliminate wrong answers

Option A is wrong because if the GRUB configuration file itself were missing, GRUB would typically drop to a rescue shell or display a different error (e.g., 'file not found' for /boot/grub/grub.cfg), not error 15 specifically. Option C is wrong because a missing initramfs image would cause a kernel panic during boot after the kernel loads, not a GRUB error 15, which occurs before the kernel is executed. Option D is wrong because a hard drive failure would likely produce hardware-related errors (e.g., 'disk read error' or 'drive not ready') rather than a specific GRUB 'file not found' error, and the system would not reach the GRUB menu stage.

54
MCQeasy

A system administrator notices that a Linux server is running low on disk space. Which command should be used to identify which directories are consuming the most space?

A.ls -laR
B.find / -size +100M
C.df -h
D.du -h /path | sort -rh
AnswerD

du with -h and sort -rh lists directories with human-readable sizes sorted largest first.

Why this answer

Option D is correct because the `du -h /path | sort -rh` command recursively calculates disk usage for each directory under the specified path, displays sizes in human-readable format (`-h`), and then sorts the output in reverse numerical order (`-rh`), showing the largest directories first. This directly identifies which directories are consuming the most space, which is exactly what the system administrator needs.

Exam trap

The trap here is that candidates often pick `df -h` (Option C) because it shows disk space usage, but it only reports filesystem-level totals, not per-directory breakdowns, which fails to identify the specific directories consuming space.

How to eliminate wrong answers

Option A is wrong because `ls -laR` lists all files and directories recursively with details, but it does not sum or sort disk usage; it only shows file sizes individually, making it impractical for identifying the largest directories. Option B is wrong because `find / -size +100M` finds files larger than 100 MB, not directories, and it does not aggregate disk usage per directory; it also may miss smaller files that collectively consume significant space. Option C is wrong because `df -h` reports free and used disk space on mounted filesystems, not per-directory usage; it cannot show which directories are consuming space within a filesystem.

55
Multi-Selecteasy

A user cannot log in to a Linux system via SSH, but the SSH service is running and network connectivity is fine. Which TWO commands should the administrator use to troubleshoot the issue? (Choose TWO.)

Select 2 answers
A.journalctl -u sshd -n 20
B.cat /etc/ssh/sshd_config
C.passwd -S username
D.ss -tlnp | grep :22
E.grep '^username:' /etc/passwd
AnswersA, E

View recent SSH daemon logs for authentication errors.

Why this answer

Option A is correct because `journalctl -u sshd -n 20` displays the last 20 log entries for the SSH daemon (sshd). This allows the administrator to see authentication failures, configuration errors, or other SSH-specific issues that prevent login, even when the service is running and network connectivity is fine.

Exam trap

The trap here is that candidates often choose `ss -tlnp | grep :22` (Option D) because they think verifying the port is listening is the first step, but the question explicitly states the service is running and network is fine, making this command redundant and not a troubleshooting step for the user-specific login failure.

56
MCQhard

A Linux system is using systemd and a service fails to start. The administrator checks the service journal and sees: 'Failed to start service: Unit not found'. However, the service file exists in /etc/systemd/system/. What is the most likely cause?

A.The service is masked
B.systemd has not been reloaded (systemctl daemon-reload)
C.The service file has incorrect permissions
D.The service is enabled but not started
AnswerB

Correct: Requires daemon-reload to recognize new unit.

Why this answer

When a service file is added or modified in /etc/systemd/system/, systemd does not automatically re-read the unit files. The administrator must run 'systemctl daemon-reload' to instruct systemd to scan for new or changed unit files. Without this reload, systemd still references its cached list of units, resulting in 'Unit not found' even though the file exists on disk.

Exam trap

The trap here is that candidates assume systemd automatically detects new unit files in the filesystem, when in fact it requires an explicit 'daemon-reload' to refresh its unit cache.

How to eliminate wrong answers

Option A is wrong because a masked service would produce a different error message, such as 'Unit is masked', not 'Unit not found'. Option C is wrong because systemd unit files with incorrect permissions (e.g., not readable by root) would typically cause a 'Permission denied' error or a failure to load the unit, not a 'Unit not found' message. Option D is wrong because 'enabled but not started' describes a service that is configured to start at boot but is currently stopped; this would not cause a 'Unit not found' error when attempting to start it manually.

57
MCQeasy

A technician needs to troubleshoot a network connectivity issue on a Linux server. The server can ping its own IP address but cannot ping the default gateway. Which of the following is the most likely cause?

A.The default gateway is misconfigured in the routing table.
B.The DNS resolver is not configured correctly.
C.The iptables firewall is blocking outgoing ICMP traffic.
D.The Ethernet cable is disconnected or the switch port is down.
AnswerD

Local ping works (loopback or local IP) but external fails, indicating a layer 1/2 issue.

Why this answer

Option D is correct because the server can ping its own IP address (loopback or local interface), confirming that the network stack is functioning and the interface is up. However, the inability to ping the default gateway indicates a Layer 1 or Layer 2 issue, such as a disconnected Ethernet cable or a switch port that is administratively down, which prevents any traffic from leaving the local subnet.

Exam trap

The trap here is that candidates often assume a routing or firewall issue (options A or C) because they focus on Layer 3, but the ability to ping the local IP proves the stack is healthy, pointing instead to a physical or data-link layer problem that prevents any off-subnet communication.

How to eliminate wrong answers

Option A is wrong because a misconfigured default gateway in the routing table would still allow the server to send ARP requests for the gateway's IP; if the gateway is reachable at Layer 2, the ping would fail only if the gateway itself is unreachable, but the symptom here is a complete lack of connectivity to the gateway, which is more consistent with a physical or link-layer problem. Option B is wrong because the DNS resolver is used for name resolution, not for basic IP-level ping connectivity; the ping command uses an IP address, not a hostname, so DNS configuration is irrelevant to this issue. Option C is wrong because iptables firewall rules blocking outgoing ICMP traffic would prevent the server from sending echo requests to any destination, including its own IP; since the server can ping its own IP, the firewall is not blocking ICMP locally, and a rule blocking only outgoing traffic to the gateway would be an unusual and unlikely configuration.

58
MCQmedium

Refer to the exhibit. An administrator is troubleshooting an issue where services cannot write log files. Based on the output, which filesystem is most likely the cause?

A./dev/sda3 (/home)
B.Swap partition
C./dev/sda2 (/var)
D./dev/sda1 (/)
AnswerD

Root at 95% is nearly full.

Why this answer

The output shows that the root filesystem /dev/sda1 mounted on / is at 100% usage. Since log files are typically written under /var/log, which resides on the root partition unless /var is a separate mount point, a full root filesystem prevents services from writing log files. The correct answer is D because the root filesystem is full, causing the write failures.

Exam trap

CompTIA often tests the misconception that log files always reside on a separate /var partition, but in many default configurations, /var is part of the root filesystem, so a full root partition directly impacts log writes.

How to eliminate wrong answers

Option A is wrong because /dev/sda3 (/home) is used for user home directories, not for system log files, and its usage is not indicated as full. Option B is wrong because the swap partition is used for virtual memory, not for storing log files, and swap usage does not affect filesystem write capacity. Option C is wrong because /dev/sda2 (/var) is a separate partition that is not shown as full in the exhibit; the issue is with the root partition, not /var.

59
MCQeasy

A system fails to boot after installing a new SATA disk. The BIOS recognizes the disk. What is the most likely cause?

A.GRUB configuration is corrupted
B.Boot order is incorrect
C.The new disk is not formatted
D.The new disk is not partitioned
AnswerB

The system might try to boot from the new disk, which has no bootloader.

Why this answer

The most likely cause is an incorrect boot order because the BIOS recognizes the new SATA disk but the system still fails to boot. When a new disk is installed, the BIOS may default to booting from it if it appears earlier in the boot sequence than the original boot device, and if the new disk lacks a bootable operating system, the system will hang or fail to boot. This is a common scenario where the BIOS sees the disk but the boot priority is misconfigured, not a corruption of GRUB or a lack of formatting/partitioning.

Exam trap

The trap here is that candidates often assume a new disk must be partitioned and formatted before it can cause boot issues, but the BIOS boot order is independent of filesystem state, and a blank disk can still be selected as the first boot device, leading to a 'No bootable device' error.

How to eliminate wrong answers

Option A is wrong because a corrupted GRUB configuration would typically produce a specific error message (e.g., 'GRUB rescue' or 'file not found') and would not be caused simply by installing a new disk; the BIOS would still attempt to boot from the original disk. Option C is wrong because a disk does not need to be formatted to be recognized by the BIOS or to affect boot order; formatting is a filesystem operation that occurs after partitioning and does not prevent the BIOS from listing the disk. Option D is wrong because an unpartitioned disk is still recognized by the BIOS and can be selected in the boot order; the lack of partitions does not cause a boot failure unless the system tries to boot from that disk, which is a boot order issue, not a partitioning issue.

60
MCQeasy

The administrator wants to block the IP address shown in the exhibit. Which command should be used?

A.fail2ban
B.echo '192.168.1.100' >> /etc/hosts.deny
C.iptables -A INPUT -s 192.168.1.100 -j DROP
D.firewall-cmd --add-source=192.168.1.100 --permanent
AnswerC

Correct: Drops all packets from that IP.

Why this answer

Option C is correct because `iptables -A INPUT -s 192.168.1.100 -j DROP` appends a rule to the INPUT chain that drops all incoming packets from the source IP 192.168.1.100. This is the standard Linux firewall command for blocking traffic at the network layer using netfilter, and it works immediately without requiring a service restart.

Exam trap

The trap here is that candidates confuse `hosts.deny` with a network-level firewall, not realizing it only controls access to specific services using TCP wrappers and requires a daemon:client format, while `iptables` operates at the kernel level on all IP traffic.

How to eliminate wrong answers

Option A is wrong because `fail2ban` is a log-parsing intrusion prevention tool that dynamically blocks IPs based on repeated authentication failures, not a direct command to statically block a single IP address. Option B is wrong because `/etc/hosts.deny` is used by the TCP wrappers library (hosts_access) to control access to services compiled with libwrap, not to block IP traffic at the network layer; it only affects specific daemons like sshd or vsftpd, and the syntax requires a daemon name (e.g., `ALL: 192.168.1.100`). Option D is wrong because `firewall-cmd --add-source=192.168.1.100 --permanent` adds a source address to the default zone, which typically allows traffic from that source rather than blocking it; to block, you would need to use `--add-rich-rule` with a `reject` or `drop` action.

61
MCQeasy

A user reports that their system is unable to boot after a recent kernel update. The system displays a 'kernel panic' message. Which of the following is the MOST efficient way to boot into a previous kernel version?

A.Select an older kernel from the GRUB menu
B.Use the systemd rescue mode
C.Reinstall the operating system
D.Boot from a live CD and chroot
AnswerA

GRUB typically lists older kernel entries, allowing quick selection of a working kernel.

Why this answer

The GRUB bootloader stores multiple kernel versions after an update, allowing you to select a previous kernel from its menu at boot time. Choosing an older kernel bypasses the faulty new kernel without requiring additional tools or recovery media, making it the most efficient method to resolve a kernel panic caused by a recent update.

Exam trap

The trap here is that candidates may overcomplicate the solution by choosing systemd rescue mode or chroot, not realizing that GRUB's menu provides the simplest and fastest way to revert to a working kernel without any additional recovery steps.

How to eliminate wrong answers

Option B is wrong because systemd rescue mode (or emergency mode) boots into a minimal environment but still uses the default (new) kernel, which will likely trigger the same kernel panic. Option C is wrong because reinstalling the operating system is a drastic, time-consuming step that is unnecessary when a previous kernel is available in GRUB. Option D is wrong because booting from a live CD and chrooting is a valid recovery method, but it is far less efficient than simply selecting an older kernel from the GRUB menu, as it requires external media and manual chroot steps.

62
MCQhard

A SysAdmin is investigating a server that has become unresponsive. The server was working fine, but after a recent update, it hangs during boot, showing 'A start job is running for /dev/mapper/rootvg-rootlv (xxs / no limit)'. This indicates a filesystem check is taking long. What is the most efficient way to skip the fsck and boot quickly?

A.At boot, press Ctrl+D to continue.
B.Boot into single-user mode and run fsck.
C.Use the kernel parameter 'fsck.mode=skip'.
D.Edit /etc/fstab to set the sixth field to 0 for the root filesystem.
AnswerC

This parameter temporarily skips all filesystem checks for the current boot.

Why this answer

Option C is correct because the kernel parameter 'fsck.mode=skip' instructs systemd to skip all filesystem checks during boot, allowing the server to bypass the stuck fsck job and start quickly. This is the most efficient method for a one-time skip without permanently altering configuration files.

Exam trap

The trap here is that candidates may confuse the permanent /etc/fstab sixth field (which controls fsck frequency) with the temporary kernel parameter, or incorrectly think that Ctrl+D or single-user mode will skip the check, when in fact they do not bypass the stuck job.

How to eliminate wrong answers

Option A is wrong because pressing Ctrl+D at the 'A start job is running' prompt does not skip the fsck; it typically sends an EOF signal that may abort the current job or continue waiting, but does not reliably bypass the filesystem check. Option B is wrong because booting into single-user mode and running fsck would perform the check, which is the opposite of skipping it and would not achieve a quick boot. Option D is wrong because editing /etc/fstab to set the sixth field to 0 disables fsck for that filesystem permanently, which is not the most efficient one-time skip and may mask future filesystem issues.

63
Multi-Selecthard

A Linux engineer is troubleshooting a server that fails to boot. The server displays a message indicating 'Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(0,0)'. Which TWO actions should the engineer take to resolve this issue? (Choose TWO.)

Select 2 answers
A.Reinstall GRUB to the Master Boot Record
B.Boot from a rescue disk and rebuild the initramfs with the necessary filesystem modules
C.Run fsck on the root partition to check for filesystem corruption
D.Check the kernel command line in the bootloader configuration for the correct root= parameter
E.Disable SELinux by adding selinux=0 to the kernel command line
AnswersB, D

Rebuilding initramfs includes required modules for root filesystem access.

Why this answer

The error 'Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(0,0)' indicates the kernel cannot locate or mount the root filesystem. Option B is correct because rebuilding the initramfs from a rescue disk ensures the necessary filesystem drivers (e.g., ext4, xfs) are included, which may have been missing or corrupted. Option D is correct because the root= parameter in the bootloader configuration (e.g., GRUB) tells the kernel which device/partition to mount as root; a typo or incorrect value (e.g., wrong UUID or device name) will cause this exact panic.

Exam trap

The trap here is that candidates confuse a kernel panic about root filesystem mounting with a bootloader or filesystem corruption issue, leading them to choose GRUB reinstallation (A) or fsck (C) instead of addressing the initramfs or kernel command line.

64
Drag & Dropmedium

Drag and drop the steps to troubleshoot a network connectivity issue using common commands in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Troubleshooting should start from local configuration and progress outward.

65
Multi-Selecteasy

A web server is experiencing high load. The administrator wants to identify the processes consuming the most CPU. Which TWO commands can be used to display real-time process CPU usage?

Select 2 answers
A.lsof
B.iostat
C.vmstat
D.top
E.ps aux --sort=-%cpu
AnswersD, E

Correct: Real-time process viewer with CPU usage.

Why this answer

Option D (top) is correct because it provides a real-time, dynamic view of system processes, including CPU usage, and updates continuously by default. Option E (ps aux --sort=-%cpu) is also correct because it lists all processes sorted by CPU usage in descending order, though it is a snapshot rather than continuous; however, the question asks for commands that can be used to display real-time process CPU usage, and ps with the --sort flag can be run repeatedly to approximate real-time monitoring.

Exam trap

CompTIA often tests the distinction between system-wide monitoring tools (iostat, vmstat) and per-process tools (top, ps), leading candidates to mistakenly choose iostat or vmstat when the question explicitly asks for processes consuming the most CPU.

66
Multi-Selecthard

A Linux server is not accepting SSH connections. The administrator wants to troubleshoot the issue. Which THREE actions should be taken?

Select 3 answers
A.Reboot the server
B.Check /etc/ssh/sshd_config for configuration errors
C.Check if sshd service is running (systemctl status sshd)
D.Reinstall the SSH package (apt reinstall openssh-server)
E.Check firewall rules (iptables -L or ufw status)
AnswersB, C, E

Correct: Misconfiguration can prevent connections.

Why this answer

B is correct because /etc/ssh/sshd_config is the primary configuration file for the OpenSSH server. Syntax errors, incorrect directives (e.g., PermitRootLogin no, Port 22 commented out), or misconfigured authentication settings can prevent SSH from accepting connections. Checking this file is a fundamental step in troubleshooting SSH issues.

Exam trap

CompTIA often tests the misconception that reinstalling a package or rebooting is a valid first troubleshooting step, when in reality, checking configuration files, service status, and firewall rules are the precise, targeted actions required.

67
MCQmedium

A database server is experiencing slow queries. The administrator wants to analyze system memory usage. Which command shows memory usage in megabytes and includes information about buffers and cache?

A.free -m
B.top -b
C.cat /proc/meminfo
D.vmstat
AnswerA

Correct: Displays memory in MB with buffers/cache.

Why this answer

The 'free -m' command displays system memory usage in megabytes, explicitly showing separate columns for buffers and cache, which are critical for diagnosing slow queries caused by memory pressure. This makes it the correct choice for the administrator's need to analyze memory usage with buffer/cache details in MB.

Exam trap

CompTIA often tests the distinction between commands that show memory in raw kernel units (like /proc/meminfo in kB) versus those that offer user-friendly output with specific columns (like free -m), leading candidates to choose /proc/meminfo for its detail while missing the explicit requirement for megabytes and buffer/cache breakdown.

How to eliminate wrong answers

Option B is wrong because 'top -b' runs top in batch mode, which shows real-time process-level memory and CPU usage but does not display memory in megabytes by default and lacks the dedicated buffers/cache breakdown that 'free -m' provides. Option C is wrong because 'cat /proc/meminfo' outputs raw memory statistics in kilobytes, not megabytes, and requires manual calculation to convert to MB, making it less convenient for the specified requirement. Option D is wrong because 'vmstat' reports virtual memory statistics including swap, I/O, and system events, but it does not show memory usage in megabytes and does not include explicit buffers and cache columns in its default output.

68
Multi-Selectmedium

A user is unable to resolve hostnames on a Linux system. Which three configuration files should be checked? (Select THREE).

Select 3 answers
A./etc/hosts
B./etc/nsswitch.conf
C./etc/resolv.conf
D./etc/hostname
E./etc/sysconfig/network
AnswersA, B, C

Static mapping of hostnames to IP addresses.

Why this answer

The /etc/hosts file is a static table mapping hostnames to IP addresses, used for local name resolution before or instead of DNS queries. If a user cannot resolve hostnames, this file may be misconfigured or missing entries for the target hostnames, causing resolution failures.

Exam trap

CompTIA often tests the misconception that /etc/hostname or /etc/sysconfig/network are involved in hostname resolution, when in fact they only affect the local system's identity, not the resolution of external hostnames.

69
MCQeasy

A user cannot access a directory '/data/projects' even though they are in the 'projects' group. The directory permissions are 'drwxr-x---' and the group owner is 'projects'. Which command should the administrator run to grant the group write permission?

A.chmod g+w /data/projects
B.chmod o+w /data/projects
C.chmod u+w /data/projects
D.chown :projects /data/projects
AnswerA

Adds write permission for the group.

Why this answer

The directory '/data/projects' has permissions 'drwxr-x---', meaning the group owner 'projects' currently has read and execute (r-x) but not write (w) access. Since the user is a member of the 'projects' group, the administrator needs to add write permission for the group using 'chmod g+w /data/projects'. This directly modifies the group permission bits to grant write access without affecting other permissions.

Exam trap

CompTIA often tests the distinction between changing ownership (chown) and changing permissions (chmod), and candidates mistakenly think that setting the group owner again will grant write access, when in fact only chmod modifies the permission bits.

How to eliminate wrong answers

Option B is wrong because 'chmod o+w' adds write permission for 'others' (users not the owner and not in the group), which is unnecessary and would over-permit the directory, violating the principle of least privilege. Option C is wrong because 'chmod u+w' adds write permission for the user owner, not the group; the user owner is typically 'root' or another user, not the 'projects' group. Option D is wrong because 'chown :projects /data/projects' changes the group owner to 'projects', but the group already owns the directory, so this command does nothing to change permissions; it does not grant write access.

70
Multi-Selectmedium

A Linux administrator is troubleshooting a server that has become unresponsive. The administrator connects via IPMI and runs 'top' but the process list does not show any obvious CPU or memory hog. Which TWO commands could be used to identify I/O wait issues or disk bottlenecks? (Choose TWO.)

Select 2 answers
A.iostat -x 1
B.iotop -o
C.vmstat 1
D.sar -b 1
E.dstat --disk-util
AnswersA, B

iostat -x shows extended I/O statistics per device.

Why this answer

`iostat -x 1` provides extended disk I/O statistics, including `%util` (percentage of time the device was busy servicing requests) and `await` (average time for I/O operations). These metrics directly indicate disk bottlenecks and I/O wait issues. `iotop -o` displays only processes that are currently performing I/O operations, allowing the administrator to identify which specific processes are causing disk contention.

Exam trap

The trap here is that candidates often choose `vmstat 1` because it shows the `wa` column, but they overlook that it does not provide per-disk or per-process granularity needed to identify the specific source of I/O wait.

71
MCQhard

After a kernel update, loading a proprietary kernel module fails with 'Invalid module format'. The module was built from source against the previous kernel. What is the most likely cause?

A.Module is not signed while Secure Boot is enabled
B.Module file permissions are incorrect
C.SELinux is blocking the module load
D.Module was not rebuilt for the new kernel version
AnswerD

Kernel modules are tied to a specific kernel version; they must be recompiled after a kernel update.

Why this answer

The 'Invalid module format' error occurs when a kernel module's version magic string does not match the running kernel's version. Since the module was built against the previous kernel, it contains version information for that older kernel, and the new kernel rejects it as incompatible. Rebuilding the module against the new kernel's headers resolves this mismatch.

Exam trap

The trap here is that candidates confuse the 'Invalid module format' error with Secure Boot signing issues, but Secure Boot produces a different error message related to key verification, not format mismatch.

How to eliminate wrong answers

Option A is wrong because Secure Boot with unsigned modules typically produces a 'Required key not available' or 'Module verification failed' error, not 'Invalid module format'. Option B is wrong because incorrect file permissions would cause a 'Permission denied' error when trying to insmod, not a format error. Option C is wrong because SELinux denials generate AVC denial messages in the audit log and would prevent loading due to policy restrictions, not an 'Invalid module format' error.

72
MCQmedium

A Linux administrator notices that the system’s disk I/O performance has degraded significantly. Running 'iostat -x 1' shows high %util values on /dev/sda, but low await. Which of the following is the most likely issue?

A.The filesystem is nearly full.
B.The disk cable is loose or faulty.
C.There are many concurrent I/O requests (high queue depth).
D.The disk is failing and needs replacement.
AnswerC

Parallel I/O keeps the device busy (%util high) but each request is serviced quickly (low await).

Why this answer

High %util with low await indicates that the device is busy processing many concurrent I/O requests, but each request completes quickly. This is characteristic of a high queue depth where the disk is saturated with parallel requests, not that individual requests are slow. The low await confirms that the disk itself is responding fast, so the bottleneck is the volume of simultaneous I/O, not latency per request.

Exam trap

CompTIA often tests the misconception that high %util always means slow I/O, but the trap here is that %util measures busy time, not latency; candidates overlook the low await and incorrectly assume hardware failure or cable issues.

How to eliminate wrong answers

Option A is wrong because a nearly full filesystem affects metadata operations and may cause fragmentation, but it does not directly cause high %util with low await; it would more likely increase await due to slower allocation. Option B is wrong because a loose or faulty disk cable typically causes intermittent errors, timeouts, or complete disconnection, which would manifest as high await and possibly errors in iostat, not high %util with low await. Option D is wrong because a failing disk usually produces high await, increased error counts, and reallocated sectors, not a scenario where requests complete quickly (low await) while the device is busy.

73
MCQhard

During peak hours, a web server experiences timeouts. The kernel log shows 'possible SYN flooding'. Which kernel parameter should be increased to mitigate this?

A.net.ipv4.tcp_syncookies
B.net.core.somaxconn
C.net.ipv4.tcp_max_syn_backlog
D.net.core.rmem_default
AnswerC

Increasing this value allows more half-open connections, reducing SYN flooding issues.

Why this answer

The kernel log message 'possible SYN flooding' indicates that the system's SYN backlog queue is full, causing new connection requests to be dropped. Increasing `net.ipv4.tcp_max_syn_backlog` expands the maximum number of SYN requests that can be queued before the kernel starts dropping them, directly mitigating the issue.

Exam trap

The trap here is confusing the SYN backlog queue (`tcp_max_syn_backlog`) with the completed connection backlog (`somaxconn`), leading candidates to choose `net.core.somaxconn` even though it only affects fully established connections, not the SYN flood protection mechanism.

How to eliminate wrong answers

Option A is wrong because `net.ipv4.tcp_syncookies` enables SYN cookies as a defense against SYN flood attacks, but it does not increase the queue size; it bypasses the backlog entirely, which can degrade performance for legitimate traffic. Option B is wrong because `net.core.somaxconn` limits the maximum number of connections that can be queued for a listening socket after the three-way handshake is complete, not the SYN backlog queue for half-open connections. Option D is wrong because `net.core.rmem_default` sets the default receive socket buffer size for data transfer, which has no effect on the SYN backlog or connection establishment.

74
MCQmedium

A Linux server is running low on disk space in the /var partition. The administrator runs 'du -sh /var/log/*' and finds that /var/log/syslog is 10 GB. Which of the following is the BEST long-term solution to prevent recurrence?

A.Manually truncate the syslog file with '> /var/log/syslog'.
B.Delete the syslog file and restart the syslog service.
C.Configure logrotate to rotate and compress the syslog file daily.
D.Increase the log rotation frequency in /etc/logrotate.conf to monthly.
AnswerC

logrotate automates rotation, keeping log sizes manageable.

Why this answer

Option C is correct because logrotate is the standard Linux utility for managing log file growth. By configuring logrotate to rotate and compress /var/log/syslog daily, the system automatically archives old logs and prevents a single file from consuming excessive disk space, addressing the root cause without manual intervention.

Exam trap

The trap here is that candidates may confuse 'increasing rotation frequency' with 'reducing log size,' but increasing the interval (e.g., to monthly) actually worsens the problem, while daily rotation with compression is the correct long-term solution.

How to eliminate wrong answers

Option A is wrong because manually truncating the file with '> /var/log/syslog' only frees space temporarily; the syslog daemon will continue writing to the same file, and the problem will recur without any automated management. Option B is wrong because deleting the syslog file and restarting the service is disruptive, may cause loss of log data, and does not implement any automated rotation or retention policy. Option D is wrong because increasing the log rotation frequency to monthly would actually reduce rotation frequency, making the problem worse by allowing the syslog file to grow even larger between rotations.

75
MCQeasy

Refer to the exhibit. A user wants to execute the script 'script.sh' but receives a 'Permission denied' error. Which action should be taken to allow execution?

A.Add execute permission with chmod +x script.sh
B.Change the owner to the user with chown
C.Change the group to the user's primary group
D.Set the permissions to 644 with chmod
AnswerA

Adds execute permission to the file.

Why this answer

The 'Permission denied' error indicates the script lacks the execute permission for the user. The `chmod +x script.sh` command adds the execute permission bit to the file's mode, allowing the user to run it as a program. This is the direct and correct fix for the issue.

Exam trap

CompTIA often tests the misconception that changing ownership or group alone resolves permission errors, when in fact the execute permission bit must be explicitly set for the file to be run as a script.

How to eliminate wrong answers

Option B is wrong because changing the owner with `chown` does not grant execute permission; it only changes file ownership, and the new owner still needs execute permission to run the script. Option C is wrong because changing the group to the user's primary group does not add execute permission; the group must have the execute bit set in the file's permissions for this to work. Option D is wrong because setting permissions to 644 (rw-r--r--) removes any execute bits, which would still prevent execution and is the opposite of what is needed.

Page 1 of 2 · 126 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Linux Troubleshooting questions.